diff --git a/go.mod b/go.mod
index b61160015..f5a016be3 100644
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,7 @@ go 1.20
 
 require (
 	cloud.google.com/go/compute/metadata v0.2.3
-	cloud.google.com/go/kms v1.6.0
+	cloud.google.com/go/kms v1.12.1
 	github.com/GoogleCloudPlatform/k8s-cloud-provider v1.18.0
 	github.com/container-storage-interface/spec v1.6.0
 	github.com/google/uuid v1.3.0
@@ -12,12 +12,12 @@ require (
 	github.com/kubernetes-csi/csi-test/v4 v4.4.0
 	github.com/onsi/ginkgo/v2 v2.7.1
 	github.com/onsi/gomega v1.25.0
-	golang.org/x/oauth2 v0.5.0
+	golang.org/x/oauth2 v0.10.0
 	golang.org/x/sys v0.13.0
-	google.golang.org/api v0.111.0
-	google.golang.org/genproto v0.0.0-20230223222841-637eb2293923
-	google.golang.org/grpc v1.53.0
-	google.golang.org/protobuf v1.28.1
+	google.golang.org/api v0.134.0
+	google.golang.org/genproto v0.0.0-20230706204954-ccb25ca9f130
+	google.golang.org/grpc v1.56.3
+	google.golang.org/protobuf v1.31.0
 	gopkg.in/gcfg.v1 v1.2.3
 	k8s.io/apimachinery v0.24.1
 	k8s.io/client-go v11.0.1-0.20190805182717-6502b5e7b1b5+incompatible
@@ -31,8 +31,8 @@ require (
 )
 
 require (
-	cloud.google.com/go/compute v1.18.0 // indirect
-	cloud.google.com/go/iam v0.11.0 // indirect
+	cloud.google.com/go/compute v1.20.1 // indirect
+	cloud.google.com/go/iam v1.1.0 // indirect
 	github.com/Microsoft/go-winio v0.4.17 // indirect
 	github.com/PuerkitoBio/purell v1.1.1 // indirect
 	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
@@ -48,12 +48,13 @@ require (
 	github.com/go-openapi/swag v0.21.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/gnostic v0.5.7-v3refs // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/gofuzz v1.2.1-0.20210504230335-f78f29fc09ea // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
-	github.com/googleapis/gax-go/v2 v2.7.0 // indirect
+	github.com/google/s2a-go v0.1.4 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
 	github.com/hashicorp/errwrap v1.0.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.0 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
@@ -75,11 +76,14 @@ require (
 	github.com/spf13/pflag v1.0.5 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go4.org v0.0.0-20201209231011-d4a079459e60 // indirect
+	golang.org/x/crypto v0.14.0 // indirect
 	golang.org/x/net v0.17.0 // indirect
 	golang.org/x/term v0.13.0 // indirect
 	golang.org/x/text v0.13.0 // indirect
 	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230720185612-659f7aaaa771 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
diff --git a/go.sum b/go.sum
index f0dee3620..7f1ddebf4 100644
--- a/go.sum
+++ b/go.sum
@@ -38,26 +38,25 @@ cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aD
 cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
 cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4=
 cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
-cloud.google.com/go v0.107.0 h1:qkj22L7bgkl6vIeZDlOY2po43Mx/TIa2Wsa7VR+PEww=
+cloud.google.com/go v0.110.4 h1:1JYyxKMN9hd5dR2MYTPWkGUgcoxVVhg0LKNKEo0qvmk=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
 cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
 cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/compute v1.18.0 h1:FEigFqoDbys2cvFkZ9Fjq4gnHBP55anJ0yQyau2f9oY=
-cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs=
+cloud.google.com/go/compute v1.20.1 h1:6aKEtlUiwEpJzM001l0yFkpXmUVXaN8W+fbkb2AZNbg=
+cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
-cloud.google.com/go/iam v0.11.0 h1:kwCWfKwB6ePZoZnGLwrd3B6Ru/agoHANTUBWpVNIdnM=
-cloud.google.com/go/iam v0.11.0/go.mod h1:9PiLDanza5D+oWFZiH1uG+RnRCfEGKoyl6yo4cgWZGY=
-cloud.google.com/go/kms v1.6.0 h1:OWRZzrPmOZUzurjI2FBGtgY2mB1WaJkqhw6oIwSj0Yg=
-cloud.google.com/go/kms v1.6.0/go.mod h1:Jjy850yySiasBUDi6KFUwUv2n1+o7QZFyuUJg6OgjA0=
+cloud.google.com/go/iam v1.1.0 h1:67gSqaPukx7O8WLLHMa0PNs3EBGd2eE4d+psbO/CO94=
+cloud.google.com/go/iam v1.1.0/go.mod h1:nxdHjaKfCr7fNYx/HJMM8LgiMugmveWlkatear5gVyk=
+cloud.google.com/go/kms v1.12.1 h1:xZmZuwy2cwzsocmKDOPu4BL7umg8QXagQx6fKVmf45U=
+cloud.google.com/go/kms v1.12.1/go.mod h1:c9J991h5DTl+kg7gi3MYomh12YEENGrf48ee/N/2CDM=
 cloud.google.com/go/logging v1.0.0/go.mod h1:V1cc3ogwobYzQq5f2R7DS/GvRIrI4FKj01Gs5glwAls=
-cloud.google.com/go/longrunning v0.3.0 h1:NjljC+FYPV3uh5/OwWT6pVU+doBqMg2x/rZlE+CamDs=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
@@ -325,6 +324,7 @@ github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnht
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
 github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
@@ -442,6 +442,7 @@ github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5y
 github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
+github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
 github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5/go.mod h1:a2zkGnVExMxdzMo3M0Hi/3sEU+cWnZpSni0O6/Yb/P0=
@@ -726,8 +727,9 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
-github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
@@ -828,6 +830,8 @@ github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/rpmpack v0.0.0-20191226140753-aa36bfddb3a0/go.mod h1:RaTPr0KUf2K7fnZYLNDrr8rxAamWs3iNywJLtQ2AzBg=
+github.com/google/s2a-go v0.1.4 h1:1kZ/sQM3srePvKs3tXAvQzo66XfcReoqFpIpIccE7Oc=
+github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
 github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -839,16 +843,16 @@ github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/wire v0.3.0/go.mod h1:i1DMg/Lu8Sz5yYl25iOdmc5CT5qusaa+zmRWs16741s=
 github.com/google/wire v0.4.0/go.mod h1:ngWDr9Qvq3yZA10YrxfyGELY/AFWGVpy9c1LTRi1EoU=
-github.com/googleapis/enterprise-certificate-proxy v0.2.3 h1:yk9/cqRKtT9wXZSsRH9aurXEpJX+U6FLtpYTdC3R06k=
-github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
+github.com/googleapis/enterprise-certificate-proxy v0.2.5 h1:UR4rDjcgpgEnqpIEvkiqTYKBCKLNmlge2eVjoZfySzM=
+github.com/googleapis/enterprise-certificate-proxy v0.2.5/go.mod h1:RxW0N9901Cko1VOCW3SXCpWP+mlIEkk2tP7jnHy9a3w=
 github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY=
 github.com/googleapis/gax-go v2.0.2+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
 github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM=
-github.com/googleapis/gax-go/v2 v2.7.0 h1:IcsPKeInNvYi7eqSaDjiZqDDKu5rsmunY0Y1YupQSSQ=
-github.com/googleapis/gax-go/v2 v2.7.0/go.mod h1:TEop28CZZQ2y+c0VxMUmu1lV+fQx57QpBWsYpwqHJx8=
+github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
+github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU=
 github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
 github.com/googleapis/gnostic v0.2.2/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
 github.com/googleapis/gnostic v0.3.1/go.mod h1:on+2t9HRStVgn95RSsFWFz+6Q0Snyqv1awfrALZdbtU=
@@ -1524,6 +1528,7 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs=
 github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
@@ -1640,6 +1645,9 @@ golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWP
 golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
 golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -1689,6 +1697,7 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1760,6 +1769,7 @@ golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
 golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/oauth2 v0.0.0-20180724155351-3d292e4d0cdc/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -1785,8 +1795,8 @@ golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.5.0 h1:HuArIo48skDwlrvM3sEdHXElYslAMsf3KwRkkW4MC4s=
-golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I=
+golang.org/x/oauth2 v0.10.0 h1:zHCpF2Khkwy4mMB4bv0U37YtJdTGW8jI0glAApi0Kh8=
+golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1799,6 +1809,8 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
 golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1917,6 +1929,8 @@ golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
@@ -1934,6 +1948,7 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -2060,6 +2075,7 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -2118,8 +2134,8 @@ google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqiv
 google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
 google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
 google.golang.org/api v0.60.0/go.mod h1:d7rl65NZAkEQ90JFzqBjcRq1TVeG5ZoGV3sSpEnnVb4=
-google.golang.org/api v0.111.0 h1:bwKi+z2BsdwYFRKrqwutM+axAlYLz83gt5pDSXCJT+0=
-google.golang.org/api v0.111.0/go.mod h1:qtFHvU9mhgTJegR31csQ+rwxyUTHOKFqCKWp1J0fdw0=
+google.golang.org/api v0.134.0 h1:ktL4Goua+UBgoP1eL1/60LwZJqa1sIzkLmvoR3hR6Gw=
+google.golang.org/api v0.134.0/go.mod h1:sjRL3UnjTx5UqNQS9EWr9N8p7xbHpy1k0XGRLCf3Spk=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -2218,8 +2234,12 @@ google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEc
 google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20230223222841-637eb2293923 h1:znp6mq/drrY+6khTAlJUDNFFcDGV2ENLYKpMq8SyCds=
-google.golang.org/genproto v0.0.0-20230223222841-637eb2293923/go.mod h1:3Dl5ZL0q0isWJt+FVcfpQyirqemEuLAK/iFvg1UP1Hw=
+google.golang.org/genproto v0.0.0-20230706204954-ccb25ca9f130 h1:Au6te5hbKUV8pIYWHqOUZ1pva5qK/rwbIhoXEUB9Lu8=
+google.golang.org/genproto v0.0.0-20230706204954-ccb25ca9f130/go.mod h1:O9kGHb51iE/nOGvQaDUuadVYqovW56s5emA88lQnj6Y=
+google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130 h1:XVeBY8d/FaK4848myy41HBqnDwvxeV3zMZhwN1TvAMU=
+google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130/go.mod h1:mPBs5jNgx2GuQGvFwUvVKqtn6HsUw9nP64BedgvqEsQ=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230720185612-659f7aaaa771 h1:Z8qdAF9GFsmcUuWQ5KVYIpP3PCKydn/YKORnghIalu4=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230720185612-659f7aaaa771/go.mod h1:TUfxEVdsvPg18p6AslUXFoLdpED4oBnGwyqk3dV1XzM=
 google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.15.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio=
@@ -2257,9 +2277,10 @@ google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQ
 google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
 google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
+google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
 google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
-google.golang.org/grpc v1.53.0 h1:LAv2ds7cmFV/XTS3XG1NneeENYrXGmorPxsBbptIjNc=
-google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw=
+google.golang.org/grpc v1.56.3 h1:8I4C0Yq1EjstUzUJzpcRVbuYA2mODtEmpWiQoN/b2nc=
+google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
@@ -2274,8 +2295,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
-google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
+google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
diff --git a/vendor/cloud.google.com/go/compute/internal/version.go b/vendor/cloud.google.com/go/compute/internal/version.go
index ddddbd21f..e939b9f5e 100644
--- a/vendor/cloud.google.com/go/compute/internal/version.go
+++ b/vendor/cloud.google.com/go/compute/internal/version.go
@@ -15,4 +15,4 @@
 package internal
 
 // Version is the current tagged release of the library.
-const Version = "1.18.0"
+const Version = "1.20.1"
diff --git a/vendor/cloud.google.com/go/iam/CHANGES.md b/vendor/cloud.google.com/go/iam/CHANGES.md
index 5a8a0270f..d18a339ae 100644
--- a/vendor/cloud.google.com/go/iam/CHANGES.md
+++ b/vendor/cloud.google.com/go/iam/CHANGES.md
@@ -1,5 +1,41 @@
 # Changes
 
+
+## [1.1.0](https://github.com/googleapis/google-cloud-go/compare/iam/v1.0.1...iam/v1.1.0) (2023-05-30)
+
+
+### Features
+
+* **iam:** Update all direct dependencies ([b340d03](https://github.com/googleapis/google-cloud-go/commit/b340d030f2b52a4ce48846ce63984b28583abde6))
+
+## [1.0.1](https://github.com/googleapis/google-cloud-go/compare/iam/v1.0.0...iam/v1.0.1) (2023-05-08)
+
+
+### Bug Fixes
+
+* **iam:** Update grpc to v1.55.0 ([1147ce0](https://github.com/googleapis/google-cloud-go/commit/1147ce02a990276ca4f8ab7a1ab65c14da4450ef))
+
+## [1.0.0](https://github.com/googleapis/google-cloud-go/compare/iam/v0.13.0...iam/v1.0.0) (2023-04-04)
+
+
+### Features
+
+* **iam:** Promote to GA ([#7627](https://github.com/googleapis/google-cloud-go/issues/7627)) ([b351906](https://github.com/googleapis/google-cloud-go/commit/b351906a10e17a02d7f7e2551bc1585fd9dc3742))
+
+## [0.13.0](https://github.com/googleapis/google-cloud-go/compare/iam/v0.12.0...iam/v0.13.0) (2023-03-15)
+
+
+### Features
+
+* **iam:** Update iam and longrunning deps ([91a1f78](https://github.com/googleapis/google-cloud-go/commit/91a1f784a109da70f63b96414bba8a9b4254cddd))
+
+## [0.12.0](https://github.com/googleapis/google-cloud-go/compare/iam/v0.11.0...iam/v0.12.0) (2023-02-17)
+
+
+### Features
+
+* **iam:** Migrate to new stubs ([a61ddcd](https://github.com/googleapis/google-cloud-go/commit/a61ddcd3041c7af4a15109dc4431f9b327c497fb))
+
 ## [0.11.0](https://github.com/googleapis/google-cloud-go/compare/iam/v0.10.0...iam/v0.11.0) (2023-02-16)
 
 
diff --git a/vendor/cloud.google.com/go/iam/apiv1/iampb/iam_policy.pb.go b/vendor/cloud.google.com/go/iam/apiv1/iampb/iam_policy.pb.go
index 9ef7373d2..fdcca8a52 100644
--- a/vendor/cloud.google.com/go/iam/apiv1/iampb/iam_policy.pb.go
+++ b/vendor/cloud.google.com/go/iam/apiv1/iampb/iam_policy.pb.go
@@ -14,8 +14,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.26.0
-// 	protoc        v3.21.12
+// 	protoc-gen-go v1.30.0
+// 	protoc        v4.23.1
 // source: google/iam/v1/iam_policy.proto
 
 package iampb
@@ -342,37 +342,37 @@ var file_google_iam_v1_iam_policy_proto_rawDesc = []byte{
 	0x53, 0x65, 0x74, 0x49, 0x61, 0x6d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x65, 0x71, 0x75,
 	0x65, 0x73, 0x74, 0x1a, 0x15, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x69, 0x61, 0x6d,
 	0x2e, 0x76, 0x31, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, 0x29, 0x82, 0xd3, 0xe4, 0x93,
-	0x02, 0x23, 0x22, 0x1e, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
-	0x65, 0x3d, 0x2a, 0x2a, 0x7d, 0x3a, 0x73, 0x65, 0x74, 0x49, 0x61, 0x6d, 0x50, 0x6f, 0x6c, 0x69,
-	0x63, 0x79, 0x3a, 0x01, 0x2a, 0x12, 0x74, 0x0a, 0x0c, 0x47, 0x65, 0x74, 0x49, 0x61, 0x6d, 0x50,
+	0x02, 0x23, 0x3a, 0x01, 0x2a, 0x22, 0x1e, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x72, 0x65, 0x73, 0x6f,
+	0x75, 0x72, 0x63, 0x65, 0x3d, 0x2a, 0x2a, 0x7d, 0x3a, 0x73, 0x65, 0x74, 0x49, 0x61, 0x6d, 0x50,
+	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x74, 0x0a, 0x0c, 0x47, 0x65, 0x74, 0x49, 0x61, 0x6d, 0x50,
 	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x69,
 	0x61, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x49, 0x61, 0x6d, 0x50, 0x6f, 0x6c, 0x69,
 	0x63, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x15, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
 	0x6c, 0x65, 0x2e, 0x69, 0x61, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
-	0x22, 0x29, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x23, 0x22, 0x1e, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x72,
-	0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x3d, 0x2a, 0x2a, 0x7d, 0x3a, 0x67, 0x65, 0x74, 0x49,
-	0x61, 0x6d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x3a, 0x01, 0x2a, 0x12, 0x9a, 0x01, 0x0a, 0x12,
+	0x22, 0x29, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x23, 0x3a, 0x01, 0x2a, 0x22, 0x1e, 0x2f, 0x76, 0x31,
+	0x2f, 0x7b, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x3d, 0x2a, 0x2a, 0x7d, 0x3a, 0x67,
+	0x65, 0x74, 0x49, 0x61, 0x6d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x9a, 0x01, 0x0a, 0x12,
 	0x54, 0x65, 0x73, 0x74, 0x49, 0x61, 0x6d, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f,
 	0x6e, 0x73, 0x12, 0x28, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x69, 0x61, 0x6d, 0x2e,
 	0x76, 0x31, 0x2e, 0x54, 0x65, 0x73, 0x74, 0x49, 0x61, 0x6d, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73,
 	0x73, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x29, 0x2e, 0x67,
 	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x69, 0x61, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x65, 0x73,
 	0x74, 0x49, 0x61, 0x6d, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x2f, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x29, 0x22,
-	0x24, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x3d, 0x2a,
-	0x2a, 0x7d, 0x3a, 0x74, 0x65, 0x73, 0x74, 0x49, 0x61, 0x6d, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73,
-	0x73, 0x69, 0x6f, 0x6e, 0x73, 0x3a, 0x01, 0x2a, 0x1a, 0x1e, 0xca, 0x41, 0x1b, 0x69, 0x61, 0x6d,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x2f, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x29, 0x3a,
+	0x01, 0x2a, 0x22, 0x24, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
+	0x65, 0x3d, 0x2a, 0x2a, 0x7d, 0x3a, 0x74, 0x65, 0x73, 0x74, 0x49, 0x61, 0x6d, 0x50, 0x65, 0x72,
+	0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0x1e, 0xca, 0x41, 0x1b, 0x69, 0x61, 0x6d,
 	0x2d, 0x6d, 0x65, 0x74, 0x61, 0x2d, 0x61, 0x70, 0x69, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x42, 0x86, 0x01, 0x0a, 0x11, 0x63, 0x6f, 0x6d,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x69, 0x61, 0x6d, 0x2e, 0x76, 0x31, 0x42, 0x0e,
-	0x49, 0x61, 0x6d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01,
-	0x5a, 0x30, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e,
-	0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x69, 0x61, 0x6d, 0x2f, 0x76, 0x31, 0x3b, 0x69,
-	0x61, 0x6d, 0xf8, 0x01, 0x01, 0xaa, 0x02, 0x13, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x43,
-	0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x49, 0x61, 0x6d, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x13, 0x47, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x5c, 0x43, 0x6c, 0x6f, 0x75, 0x64, 0x5c, 0x49, 0x61, 0x6d, 0x5c, 0x56,
-	0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x42, 0x7f, 0x0a, 0x11, 0x63, 0x6f, 0x6d, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x69, 0x61, 0x6d, 0x2e, 0x76, 0x31, 0x42, 0x0e, 0x49,
+	0x61, 0x6d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a,
+	0x29, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f,
+	0x6d, 0x2f, 0x67, 0x6f, 0x2f, 0x69, 0x61, 0x6d, 0x2f, 0x61, 0x70, 0x69, 0x76, 0x31, 0x2f, 0x69,
+	0x61, 0x6d, 0x70, 0x62, 0x3b, 0x69, 0x61, 0x6d, 0x70, 0x62, 0xf8, 0x01, 0x01, 0xaa, 0x02, 0x13,
+	0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x43, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x49, 0x61, 0x6d,
+	0x2e, 0x56, 0x31, 0xca, 0x02, 0x13, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x5c, 0x43, 0x6c, 0x6f,
+	0x75, 0x64, 0x5c, 0x49, 0x61, 0x6d, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x33,
 }
 
 var (
diff --git a/vendor/cloud.google.com/go/iam/apiv1/iampb/options.pb.go b/vendor/cloud.google.com/go/iam/apiv1/iampb/options.pb.go
index 026c115c2..7c91cc59a 100644
--- a/vendor/cloud.google.com/go/iam/apiv1/iampb/options.pb.go
+++ b/vendor/cloud.google.com/go/iam/apiv1/iampb/options.pb.go
@@ -14,8 +14,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.26.0
-// 	protoc        v3.21.12
+// 	protoc-gen-go v1.30.0
+// 	protoc        v4.23.1
 // source: google/iam/v1/options.proto
 
 package iampb
@@ -111,16 +111,16 @@ var file_google_iam_v1_options_proto_rawDesc = []byte{
 	0x12, 0x38, 0x0a, 0x18, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x70, 0x6f,
 	0x6c, 0x69, 0x63, 0x79, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01,
 	0x28, 0x05, 0x52, 0x16, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x64, 0x50, 0x6f, 0x6c,
-	0x69, 0x63, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x42, 0x84, 0x01, 0x0a, 0x11, 0x63,
-	0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x69, 0x61, 0x6d, 0x2e, 0x76, 0x31,
-	0x42, 0x0c, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01,
-	0x5a, 0x30, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e,
-	0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x69, 0x61, 0x6d, 0x2f, 0x76, 0x31, 0x3b, 0x69,
-	0x61, 0x6d, 0xf8, 0x01, 0x01, 0xaa, 0x02, 0x13, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x43,
-	0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x49, 0x61, 0x6d, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x13, 0x47, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x5c, 0x43, 0x6c, 0x6f, 0x75, 0x64, 0x5c, 0x49, 0x61, 0x6d, 0x5c, 0x56,
-	0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x69, 0x63, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x42, 0x7d, 0x0a, 0x11, 0x63, 0x6f,
+	0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x69, 0x61, 0x6d, 0x2e, 0x76, 0x31, 0x42,
+	0x0c, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a,
+	0x29, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f,
+	0x6d, 0x2f, 0x67, 0x6f, 0x2f, 0x69, 0x61, 0x6d, 0x2f, 0x61, 0x70, 0x69, 0x76, 0x31, 0x2f, 0x69,
+	0x61, 0x6d, 0x70, 0x62, 0x3b, 0x69, 0x61, 0x6d, 0x70, 0x62, 0xf8, 0x01, 0x01, 0xaa, 0x02, 0x13,
+	0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x43, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x49, 0x61, 0x6d,
+	0x2e, 0x56, 0x31, 0xca, 0x02, 0x13, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x5c, 0x43, 0x6c, 0x6f,
+	0x75, 0x64, 0x5c, 0x49, 0x61, 0x6d, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x33,
 }
 
 var (
diff --git a/vendor/cloud.google.com/go/iam/apiv1/iampb/policy.pb.go b/vendor/cloud.google.com/go/iam/apiv1/iampb/policy.pb.go
index 16bed436c..8b82b0f58 100644
--- a/vendor/cloud.google.com/go/iam/apiv1/iampb/policy.pb.go
+++ b/vendor/cloud.google.com/go/iam/apiv1/iampb/policy.pb.go
@@ -14,8 +14,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.26.0
-// 	protoc        v3.21.12
+// 	protoc-gen-go v1.30.0
+// 	protoc        v4.23.1
 // source: google/iam/v1/policy.proto
 
 package iampb
@@ -214,7 +214,8 @@ func (AuditConfigDelta_Action) EnumDescriptor() ([]byte, []int) {
 // only if the expression evaluates to `true`. A condition can add constraints
 // based on attributes of the request, the resource, or both. To learn which
 // resources support conditions in their IAM policies, see the
-// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+// [IAM
+// documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
 //
 // **JSON example:**
 //
@@ -237,7 +238,8 @@ func (AuditConfigDelta_Action) EnumDescriptor() ([]byte, []int) {
 //	      "condition": {
 //	        "title": "expirable access",
 //	        "description": "Does not grant access after Sep 2020",
-//	        "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",
+//	        "expression": "request.time <
+//	        timestamp('2020-10-01T00:00:00.000Z')",
 //	      }
 //	    }
 //	  ],
@@ -279,11 +281,11 @@ type Policy struct {
 	// Any operation that affects conditional role bindings must specify version
 	// `3`. This requirement applies to the following operations:
 	//
-	//   - Getting a policy that includes a conditional role binding
-	//   - Adding a conditional role binding to a policy
-	//   - Changing a conditional role binding in a policy
-	//   - Removing any role binding, with or without a condition, from a policy
-	//     that includes conditions
+	// * Getting a policy that includes a conditional role binding
+	// * Adding a conditional role binding to a policy
+	// * Changing a conditional role binding in a policy
+	// * Removing any role binding, with or without a condition, from a policy
+	//   that includes conditions
 	//
 	// **Important:** If you use IAM Conditions, you must include the `etag` field
 	// whenever you call `setIamPolicy`. If you omit this field, then IAM allows
@@ -294,7 +296,8 @@ type Policy struct {
 	// specify any valid version or leave the field unset.
 	//
 	// To learn which resources support conditions in their IAM policies, see the
-	// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+	// [IAM
+	// documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
 	Version int32 `protobuf:"varint,1,opt,name=version,proto3" json:"version,omitempty"`
 	// Associates a list of `members`, or principals, with a `role`. Optionally,
 	// may specify a `condition` that determines how and when the `bindings` are
@@ -396,43 +399,47 @@ type Binding struct {
 	// Specifies the principals requesting access for a Cloud Platform resource.
 	// `members` can have the following values:
 	//
-	//   - `allUsers`: A special identifier that represents anyone who is
-	//     on the internet; with or without a Google account.
+	// * `allUsers`: A special identifier that represents anyone who is
+	//    on the internet; with or without a Google account.
+	//
+	// * `allAuthenticatedUsers`: A special identifier that represents anyone
+	//    who is authenticated with a Google account or a service account.
+	//
+	// * `user:{emailid}`: An email address that represents a specific Google
+	//    account. For example, `alice@example.com` .
+	//
+	//
+	// * `serviceAccount:{emailid}`: An email address that represents a service
+	//    account. For example, `my-other-app@appspot.gserviceaccount.com`.
 	//
-	//   - `allAuthenticatedUsers`: A special identifier that represents anyone
-	//     who is authenticated with a Google account or a service account.
+	// * `group:{emailid}`: An email address that represents a Google group.
+	//    For example, `admins@example.com`.
 	//
-	//   - `user:{emailid}`: An email address that represents a specific Google
-	//     account. For example, `alice@example.com` .
+	// * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
+	//    identifier) representing a user that has been recently deleted. For
+	//    example, `alice@example.com?uid=123456789012345678901`. If the user is
+	//    recovered, this value reverts to `user:{emailid}` and the recovered user
+	//    retains the role in the binding.
 	//
-	//   - `serviceAccount:{emailid}`: An email address that represents a service
-	//     account. For example, `my-other-app@appspot.gserviceaccount.com`.
+	// * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
+	//    unique identifier) representing a service account that has been recently
+	//    deleted. For example,
+	//    `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
+	//    If the service account is undeleted, this value reverts to
+	//    `serviceAccount:{emailid}` and the undeleted service account retains the
+	//    role in the binding.
 	//
-	//   - `group:{emailid}`: An email address that represents a Google group.
-	//     For example, `admins@example.com`.
+	// * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
+	//    identifier) representing a Google group that has been recently
+	//    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
+	//    the group is recovered, this value reverts to `group:{emailid}` and the
+	//    recovered group retains the role in the binding.
 	//
-	//   - `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
-	//     identifier) representing a user that has been recently deleted. For
-	//     example, `alice@example.com?uid=123456789012345678901`. If the user is
-	//     recovered, this value reverts to `user:{emailid}` and the recovered user
-	//     retains the role in the binding.
 	//
-	//   - `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
-	//     unique identifier) representing a service account that has been recently
-	//     deleted. For example,
-	//     `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
-	//     If the service account is undeleted, this value reverts to
-	//     `serviceAccount:{emailid}` and the undeleted service account retains the
-	//     role in the binding.
+	// * `domain:{domain}`: The G Suite domain (primary) that represents all the
+	//    users of that domain. For example, `google.com` or `example.com`.
 	//
-	//   - `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
-	//     identifier) representing a Google group that has been recently
-	//     deleted. For example, `admins@example.com?uid=123456789012345678901`. If
-	//     the group is recovered, this value reverts to `group:{emailid}` and the
-	//     recovered group retains the role in the binding.
 	//
-	//   - `domain:{domain}`: The G Suite domain (primary) that represents all the
-	//     users of that domain. For example, `google.com` or `example.com`.
 	Members []string `protobuf:"bytes,2,rep,name=members,proto3" json:"members,omitempty"`
 	// The condition that is associated with this binding.
 	//
@@ -640,7 +647,8 @@ type AuditLogConfig struct {
 	LogType AuditLogConfig_LogType `protobuf:"varint,1,opt,name=log_type,json=logType,proto3,enum=google.iam.v1.AuditLogConfig_LogType" json:"log_type,omitempty"`
 	// Specifies the identities that do not cause logging for this type of
 	// permission.
-	// Follows the same format of [Binding.members][google.iam.v1.Binding.members].
+	// Follows the same format of
+	// [Binding.members][google.iam.v1.Binding.members].
 	ExemptedMembers []string `protobuf:"bytes,2,rep,name=exempted_members,json=exemptedMembers,proto3" json:"exempted_members,omitempty"`
 }
 
@@ -999,16 +1007,15 @@ var file_google_iam_v1_policy_proto_rawDesc = []byte{
 	0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x12, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e,
 	0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x07,
 	0x0a, 0x03, 0x41, 0x44, 0x44, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x52, 0x45, 0x4d, 0x4f, 0x56,
-	0x45, 0x10, 0x02, 0x42, 0x83, 0x01, 0x0a, 0x11, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x69, 0x61, 0x6d, 0x2e, 0x76, 0x31, 0x42, 0x0b, 0x50, 0x6f, 0x6c, 0x69, 0x63,
-	0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x30, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f,
-	0x69, 0x61, 0x6d, 0x2f, 0x76, 0x31, 0x3b, 0x69, 0x61, 0x6d, 0xf8, 0x01, 0x01, 0xaa, 0x02, 0x13,
-	0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x43, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x49, 0x61, 0x6d,
-	0x2e, 0x56, 0x31, 0xca, 0x02, 0x13, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x5c, 0x43, 0x6c, 0x6f,
-	0x75, 0x64, 0x5c, 0x49, 0x61, 0x6d, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x33,
+	0x45, 0x10, 0x02, 0x42, 0x7c, 0x0a, 0x11, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x69, 0x61, 0x6d, 0x2e, 0x76, 0x31, 0x42, 0x0b, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
+	0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x29, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x2f, 0x69, 0x61, 0x6d,
+	0x2f, 0x61, 0x70, 0x69, 0x76, 0x31, 0x2f, 0x69, 0x61, 0x6d, 0x70, 0x62, 0x3b, 0x69, 0x61, 0x6d,
+	0x70, 0x62, 0xf8, 0x01, 0x01, 0xaa, 0x02, 0x13, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x43,
+	0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x49, 0x61, 0x6d, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x13, 0x47, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x5c, 0x43, 0x6c, 0x6f, 0x75, 0x64, 0x5c, 0x49, 0x61, 0x6d, 0x5c, 0x56,
+	0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
diff --git a/vendor/cloud.google.com/go/kms/apiv1/doc.go b/vendor/cloud.google.com/go/kms/apiv1/doc.go
index 53d50e6a5..e701dab3f 100644
--- a/vendor/cloud.google.com/go/kms/apiv1/doc.go
+++ b/vendor/cloud.google.com/go/kms/apiv1/doc.go
@@ -1,4 +1,4 @@
-// Copyright 2022 Google LLC
+// Copyright 2023 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -20,6 +20,11 @@
 // Manages keys and performs cryptographic operations in a central cloud
 // service, for direct use by other cloud resources and applications.
 //
+// # General documentation
+//
+// For information about setting deadlines, reusing contexts, and more
+// please visit https://pkg.go.dev/cloud.google.com/go.
+//
 // # Example usage
 //
 // To get started with this package, create a client.
@@ -73,6 +78,11 @@
 //		_ = resp
 //	}
 //
+// # Inspecting errors
+//
+// To see examples of how to inspect errors returned by this package please reference
+// [Inspecting errors](https://pkg.go.dev/cloud.google.com/go#hdr-Inspecting_errors).
+//
 // # Use of Context
 //
 // The ctx passed to NewEkmClient is used for authentication requests and
@@ -80,18 +90,11 @@
 // Individual methods on the client use the ctx given to them.
 //
 // To close the open connection, use the Close() method.
-//
-// For information about setting deadlines, reusing contexts, and more
-// please visit https://pkg.go.dev/cloud.google.com/go.
 package kms // import "cloud.google.com/go/kms/apiv1"
 
 import (
 	"context"
-	"os"
-	"runtime"
-	"strconv"
-	"strings"
-	"unicode"
+	"net/http"
 
 	"google.golang.org/api/option"
 	"google.golang.org/grpc/metadata"
@@ -122,16 +125,6 @@ func insertMetadata(ctx context.Context, mds ...metadata.MD) context.Context {
 	return metadata.NewOutgoingContext(ctx, out)
 }
 
-func checkDisableDeadlines() (bool, error) {
-	raw, ok := os.LookupEnv("GOOGLE_API_GO_EXPERIMENTAL_DISABLE_DEFAULT_DEADLINE")
-	if !ok {
-		return false, nil
-	}
-
-	b, err := strconv.ParseBool(raw)
-	return b, err
-}
-
 // DefaultAuthScopes reports the default set of authentication scopes to use with this package.
 func DefaultAuthScopes() []string {
 	return []string{
@@ -140,39 +133,12 @@ func DefaultAuthScopes() []string {
 	}
 }
 
-// versionGo returns the Go runtime version. The returned string
-// has no whitespace, suitable for reporting in header.
-func versionGo() string {
-	const develPrefix = "devel +"
-
-	s := runtime.Version()
-	if strings.HasPrefix(s, develPrefix) {
-		s = s[len(develPrefix):]
-		if p := strings.IndexFunc(s, unicode.IsSpace); p >= 0 {
-			s = s[:p]
-		}
-		return s
-	}
-
-	notSemverRune := func(r rune) bool {
-		return !strings.ContainsRune("0123456789.", r)
-	}
-
-	if strings.HasPrefix(s, "go1") {
-		s = s[2:]
-		var prerelease string
-		if p := strings.IndexFunc(s, notSemverRune); p >= 0 {
-			s, prerelease = s[:p], s[p:]
-		}
-		if strings.HasSuffix(s, ".") {
-			s += "0"
-		} else if strings.Count(s, ".") < 2 {
-			s += ".0"
-		}
-		if prerelease != "" {
-			s += "-" + prerelease
-		}
-		return s
+// buildHeaders extracts metadata from the outgoing context, joins it with any other
+// given metadata, and converts them into a http.Header.
+func buildHeaders(ctx context.Context, mds ...metadata.MD) http.Header {
+	if cmd, ok := metadata.FromOutgoingContext(ctx); ok {
+		mds = append(mds, cmd)
 	}
-	return "UNKNOWN"
+	md := metadata.Join(mds...)
+	return http.Header(md)
 }
diff --git a/vendor/cloud.google.com/go/kms/apiv1/ekm_client.go b/vendor/cloud.google.com/go/kms/apiv1/ekm_client.go
index e4f37f767..fb8de9254 100644
--- a/vendor/cloud.google.com/go/kms/apiv1/ekm_client.go
+++ b/vendor/cloud.google.com/go/kms/apiv1/ekm_client.go
@@ -1,4 +1,4 @@
-// Copyright 2022 Google LLC
+// Copyright 2023 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -17,23 +17,29 @@
 package kms
 
 import (
+	"bytes"
 	"context"
 	"fmt"
+	"io"
 	"math"
+	"net/http"
 	"net/url"
 	"time"
 
+	iampb "cloud.google.com/go/iam/apiv1/iampb"
 	kmspb "cloud.google.com/go/kms/apiv1/kmspb"
 	gax "github.com/googleapis/gax-go/v2"
+	"google.golang.org/api/googleapi"
 	"google.golang.org/api/iterator"
 	"google.golang.org/api/option"
 	"google.golang.org/api/option/internaloption"
 	gtransport "google.golang.org/api/transport/grpc"
+	httptransport "google.golang.org/api/transport/http"
 	locationpb "google.golang.org/genproto/googleapis/cloud/location"
-	iampb "google.golang.org/genproto/googleapis/iam/v1"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/metadata"
+	"google.golang.org/protobuf/encoding/protojson"
 	"google.golang.org/protobuf/proto"
 )
 
@@ -45,6 +51,9 @@ type EkmCallOptions struct {
 	GetEkmConnection    []gax.CallOption
 	CreateEkmConnection []gax.CallOption
 	UpdateEkmConnection []gax.CallOption
+	GetEkmConfig        []gax.CallOption
+	UpdateEkmConfig     []gax.CallOption
+	VerifyConnectivity  []gax.CallOption
 	GetLocation         []gax.CallOption
 	ListLocations       []gax.CallOption
 	GetIamPolicy        []gax.CallOption
@@ -67,6 +76,7 @@ func defaultEkmGRPCClientOptions() []option.ClientOption {
 func defaultEkmCallOptions() *EkmCallOptions {
 	return &EkmCallOptions{
 		ListEkmConnections: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -79,6 +89,7 @@ func defaultEkmCallOptions() *EkmCallOptions {
 			}),
 		},
 		GetEkmConnection: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -91,6 +102,7 @@ func defaultEkmCallOptions() *EkmCallOptions {
 			}),
 		},
 		CreateEkmConnection: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -103,6 +115,7 @@ func defaultEkmCallOptions() *EkmCallOptions {
 			}),
 		},
 		UpdateEkmConnection: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -114,6 +127,70 @@ func defaultEkmCallOptions() *EkmCallOptions {
 				})
 			}),
 		},
+		GetEkmConfig:       []gax.CallOption{},
+		UpdateEkmConfig:    []gax.CallOption{},
+		VerifyConnectivity: []gax.CallOption{},
+		GetLocation:        []gax.CallOption{},
+		ListLocations:      []gax.CallOption{},
+		GetIamPolicy:       []gax.CallOption{},
+		SetIamPolicy:       []gax.CallOption{},
+		TestIamPermissions: []gax.CallOption{},
+	}
+}
+
+func defaultEkmRESTCallOptions() *EkmCallOptions {
+	return &EkmCallOptions{
+		ListEkmConnections: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		GetEkmConnection: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		CreateEkmConnection: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		UpdateEkmConnection: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		GetEkmConfig:       []gax.CallOption{},
+		UpdateEkmConfig:    []gax.CallOption{},
+		VerifyConnectivity: []gax.CallOption{},
 		GetLocation:        []gax.CallOption{},
 		ListLocations:      []gax.CallOption{},
 		GetIamPolicy:       []gax.CallOption{},
@@ -131,6 +208,9 @@ type internalEkmClient interface {
 	GetEkmConnection(context.Context, *kmspb.GetEkmConnectionRequest, ...gax.CallOption) (*kmspb.EkmConnection, error)
 	CreateEkmConnection(context.Context, *kmspb.CreateEkmConnectionRequest, ...gax.CallOption) (*kmspb.EkmConnection, error)
 	UpdateEkmConnection(context.Context, *kmspb.UpdateEkmConnectionRequest, ...gax.CallOption) (*kmspb.EkmConnection, error)
+	GetEkmConfig(context.Context, *kmspb.GetEkmConfigRequest, ...gax.CallOption) (*kmspb.EkmConfig, error)
+	UpdateEkmConfig(context.Context, *kmspb.UpdateEkmConfigRequest, ...gax.CallOption) (*kmspb.EkmConfig, error)
+	VerifyConnectivity(context.Context, *kmspb.VerifyConnectivityRequest, ...gax.CallOption) (*kmspb.VerifyConnectivityResponse, error)
 	GetLocation(context.Context, *locationpb.GetLocationRequest, ...gax.CallOption) (*locationpb.Location, error)
 	ListLocations(context.Context, *locationpb.ListLocationsRequest, ...gax.CallOption) *LocationIterator
 	GetIamPolicy(context.Context, *iampb.GetIamPolicyRequest, ...gax.CallOption) (*iampb.Policy, error)
@@ -200,6 +280,27 @@ func (c *EkmClient) UpdateEkmConnection(ctx context.Context, req *kmspb.UpdateEk
 	return c.internalClient.UpdateEkmConnection(ctx, req, opts...)
 }
 
+// GetEkmConfig returns the EkmConfig singleton resource
+// for a given project and location.
+func (c *EkmClient) GetEkmConfig(ctx context.Context, req *kmspb.GetEkmConfigRequest, opts ...gax.CallOption) (*kmspb.EkmConfig, error) {
+	return c.internalClient.GetEkmConfig(ctx, req, opts...)
+}
+
+// UpdateEkmConfig updates the EkmConfig singleton resource
+// for a given project and location.
+func (c *EkmClient) UpdateEkmConfig(ctx context.Context, req *kmspb.UpdateEkmConfigRequest, opts ...gax.CallOption) (*kmspb.EkmConfig, error) {
+	return c.internalClient.UpdateEkmConfig(ctx, req, opts...)
+}
+
+// VerifyConnectivity verifies that Cloud KMS can successfully connect to the external key
+// manager specified by an EkmConnection.
+// If there is an error connecting to the EKM, this method returns a
+// FAILED_PRECONDITION status containing structured information as described
+// at https://cloud.google.com/kms/docs/reference/ekm_errors (at https://cloud.google.com/kms/docs/reference/ekm_errors).
+func (c *EkmClient) VerifyConnectivity(ctx context.Context, req *kmspb.VerifyConnectivityRequest, opts ...gax.CallOption) (*kmspb.VerifyConnectivityResponse, error) {
+	return c.internalClient.VerifyConnectivity(ctx, req, opts...)
+}
+
 // GetLocation gets information about a location.
 func (c *EkmClient) GetLocation(ctx context.Context, req *locationpb.GetLocationRequest, opts ...gax.CallOption) (*locationpb.Location, error) {
 	return c.internalClient.GetLocation(ctx, req, opts...)
@@ -243,9 +344,6 @@ type ekmGRPCClient struct {
 	// Connection pool of gRPC connections to the service.
 	connPool gtransport.ConnPool
 
-	// flag to opt out of default deadlines via GOOGLE_API_GO_EXPERIMENTAL_DISABLE_DEFAULT_DEADLINE
-	disableDeadlines bool
-
 	// Points back to the CallOptions field of the containing EkmClient
 	CallOptions **EkmCallOptions
 
@@ -279,11 +377,6 @@ func NewEkmClient(ctx context.Context, opts ...option.ClientOption) (*EkmClient,
 		clientOpts = append(clientOpts, hookOpts...)
 	}
 
-	disableDeadlines, err := checkDisableDeadlines()
-	if err != nil {
-		return nil, err
-	}
-
 	connPool, err := gtransport.DialPool(ctx, append(clientOpts, opts...)...)
 	if err != nil {
 		return nil, err
@@ -291,12 +384,11 @@ func NewEkmClient(ctx context.Context, opts ...option.ClientOption) (*EkmClient,
 	client := EkmClient{CallOptions: defaultEkmCallOptions()}
 
 	c := &ekmGRPCClient{
-		connPool:         connPool,
-		disableDeadlines: disableDeadlines,
-		ekmClient:        kmspb.NewEkmServiceClient(connPool),
-		CallOptions:      &client.CallOptions,
-		iamPolicyClient:  iampb.NewIAMPolicyClient(connPool),
-		locationsClient:  locationpb.NewLocationsClient(connPool),
+		connPool:        connPool,
+		ekmClient:       kmspb.NewEkmServiceClient(connPool),
+		CallOptions:     &client.CallOptions,
+		iamPolicyClient: iampb.NewIAMPolicyClient(connPool),
+		locationsClient: locationpb.NewLocationsClient(connPool),
 	}
 	c.setGoogleClientInfo()
 
@@ -317,7 +409,7 @@ func (c *ekmGRPCClient) Connection() *grpc.ClientConn {
 // the `x-goog-api-client` header passed on each request. Intended for
 // use by Google-written clients.
 func (c *ekmGRPCClient) setGoogleClientInfo(keyval ...string) {
-	kv := append([]string{"gl-go", versionGo()}, keyval...)
+	kv := append([]string{"gl-go", gax.GoVersion}, keyval...)
 	kv = append(kv, "gapic", getVersionClient(), "gax", gax.Version, "grpc", grpc.Version)
 	c.xGoogMetadata = metadata.Pairs("x-goog-api-client", gax.XGoogHeader(kv...))
 }
@@ -328,6 +420,79 @@ func (c *ekmGRPCClient) Close() error {
 	return c.connPool.Close()
 }
 
+// Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
+type ekmRESTClient struct {
+	// The http endpoint to connect to.
+	endpoint string
+
+	// The http client.
+	httpClient *http.Client
+
+	// The x-goog-* metadata to be sent with each request.
+	xGoogMetadata metadata.MD
+
+	// Points back to the CallOptions field of the containing EkmClient
+	CallOptions **EkmCallOptions
+}
+
+// NewEkmRESTClient creates a new ekm service rest client.
+//
+// # Google Cloud Key Management EKM Service
+//
+// Manages external cryptographic keys and operations using those keys.
+// Implements a REST model with the following objects:
+//
+//	EkmConnection
+func NewEkmRESTClient(ctx context.Context, opts ...option.ClientOption) (*EkmClient, error) {
+	clientOpts := append(defaultEkmRESTClientOptions(), opts...)
+	httpClient, endpoint, err := httptransport.NewClient(ctx, clientOpts...)
+	if err != nil {
+		return nil, err
+	}
+
+	callOpts := defaultEkmRESTCallOptions()
+	c := &ekmRESTClient{
+		endpoint:    endpoint,
+		httpClient:  httpClient,
+		CallOptions: &callOpts,
+	}
+	c.setGoogleClientInfo()
+
+	return &EkmClient{internalClient: c, CallOptions: callOpts}, nil
+}
+
+func defaultEkmRESTClientOptions() []option.ClientOption {
+	return []option.ClientOption{
+		internaloption.WithDefaultEndpoint("https://cloudkms.googleapis.com"),
+		internaloption.WithDefaultMTLSEndpoint("https://cloudkms.mtls.googleapis.com"),
+		internaloption.WithDefaultAudience("https://cloudkms.googleapis.com/"),
+		internaloption.WithDefaultScopes(DefaultAuthScopes()...),
+	}
+}
+
+// setGoogleClientInfo sets the name and version of the application in
+// the `x-goog-api-client` header passed on each request. Intended for
+// use by Google-written clients.
+func (c *ekmRESTClient) setGoogleClientInfo(keyval ...string) {
+	kv := append([]string{"gl-go", gax.GoVersion}, keyval...)
+	kv = append(kv, "gapic", getVersionClient(), "gax", gax.Version, "rest", "UNKNOWN")
+	c.xGoogMetadata = metadata.Pairs("x-goog-api-client", gax.XGoogHeader(kv...))
+}
+
+// Close closes the connection to the API service. The user should invoke this when
+// the client is no longer required.
+func (c *ekmRESTClient) Close() error {
+	// Replace httpClient with nil to force cleanup.
+	c.httpClient = nil
+	return nil
+}
+
+// Connection returns a connection to the API service.
+//
+// Deprecated: This method always returns nil.
+func (c *ekmRESTClient) Connection() *grpc.ClientConn {
+	return nil
+}
 func (c *ekmGRPCClient) ListEkmConnections(ctx context.Context, req *kmspb.ListEkmConnectionsRequest, opts ...gax.CallOption) *EkmConnectionIterator {
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
 
@@ -374,11 +539,6 @@ func (c *ekmGRPCClient) ListEkmConnections(ctx context.Context, req *kmspb.ListE
 }
 
 func (c *ekmGRPCClient) GetEkmConnection(ctx context.Context, req *kmspb.GetEkmConnectionRequest, opts ...gax.CallOption) (*kmspb.EkmConnection, error) {
-	if _, ok := ctx.Deadline(); !ok && !c.disableDeadlines {
-		cctx, cancel := context.WithTimeout(ctx, 60000*time.Millisecond)
-		defer cancel()
-		ctx = cctx
-	}
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
 
 	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
@@ -396,11 +556,6 @@ func (c *ekmGRPCClient) GetEkmConnection(ctx context.Context, req *kmspb.GetEkmC
 }
 
 func (c *ekmGRPCClient) CreateEkmConnection(ctx context.Context, req *kmspb.CreateEkmConnectionRequest, opts ...gax.CallOption) (*kmspb.EkmConnection, error) {
-	if _, ok := ctx.Deadline(); !ok && !c.disableDeadlines {
-		cctx, cancel := context.WithTimeout(ctx, 60000*time.Millisecond)
-		defer cancel()
-		ctx = cctx
-	}
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
 
 	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
@@ -418,11 +573,6 @@ func (c *ekmGRPCClient) CreateEkmConnection(ctx context.Context, req *kmspb.Crea
 }
 
 func (c *ekmGRPCClient) UpdateEkmConnection(ctx context.Context, req *kmspb.UpdateEkmConnectionRequest, opts ...gax.CallOption) (*kmspb.EkmConnection, error) {
-	if _, ok := ctx.Deadline(); !ok && !c.disableDeadlines {
-		cctx, cancel := context.WithTimeout(ctx, 60000*time.Millisecond)
-		defer cancel()
-		ctx = cctx
-	}
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "ekm_connection.name", url.QueryEscape(req.GetEkmConnection().GetName())))
 
 	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
@@ -439,6 +589,57 @@ func (c *ekmGRPCClient) UpdateEkmConnection(ctx context.Context, req *kmspb.Upda
 	return resp, nil
 }
 
+func (c *ekmGRPCClient) GetEkmConfig(ctx context.Context, req *kmspb.GetEkmConfigRequest, opts ...gax.CallOption) (*kmspb.EkmConfig, error) {
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+
+	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	opts = append((*c.CallOptions).GetEkmConfig[0:len((*c.CallOptions).GetEkmConfig):len((*c.CallOptions).GetEkmConfig)], opts...)
+	var resp *kmspb.EkmConfig
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.ekmClient.GetEkmConfig(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+func (c *ekmGRPCClient) UpdateEkmConfig(ctx context.Context, req *kmspb.UpdateEkmConfigRequest, opts ...gax.CallOption) (*kmspb.EkmConfig, error) {
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "ekm_config.name", url.QueryEscape(req.GetEkmConfig().GetName())))
+
+	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	opts = append((*c.CallOptions).UpdateEkmConfig[0:len((*c.CallOptions).UpdateEkmConfig):len((*c.CallOptions).UpdateEkmConfig)], opts...)
+	var resp *kmspb.EkmConfig
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.ekmClient.UpdateEkmConfig(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+func (c *ekmGRPCClient) VerifyConnectivity(ctx context.Context, req *kmspb.VerifyConnectivityRequest, opts ...gax.CallOption) (*kmspb.VerifyConnectivityResponse, error) {
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+
+	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	opts = append((*c.CallOptions).VerifyConnectivity[0:len((*c.CallOptions).VerifyConnectivity):len((*c.CallOptions).VerifyConnectivity)], opts...)
+	var resp *kmspb.VerifyConnectivityResponse
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.ekmClient.VerifyConnectivity(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
 func (c *ekmGRPCClient) GetLocation(ctx context.Context, req *locationpb.GetLocationRequest, opts ...gax.CallOption) (*locationpb.Location, error) {
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
 
@@ -552,6 +753,841 @@ func (c *ekmGRPCClient) TestIamPermissions(ctx context.Context, req *iampb.TestI
 	return resp, nil
 }
 
+// ListEkmConnections lists EkmConnections.
+func (c *ekmRESTClient) ListEkmConnections(ctx context.Context, req *kmspb.ListEkmConnectionsRequest, opts ...gax.CallOption) *EkmConnectionIterator {
+	it := &EkmConnectionIterator{}
+	req = proto.Clone(req).(*kmspb.ListEkmConnectionsRequest)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	it.InternalFetch = func(pageSize int, pageToken string) ([]*kmspb.EkmConnection, string, error) {
+		resp := &kmspb.ListEkmConnectionsResponse{}
+		if pageToken != "" {
+			req.PageToken = pageToken
+		}
+		if pageSize > math.MaxInt32 {
+			req.PageSize = math.MaxInt32
+		} else if pageSize != 0 {
+			req.PageSize = int32(pageSize)
+		}
+		baseUrl, err := url.Parse(c.endpoint)
+		if err != nil {
+			return nil, "", err
+		}
+		baseUrl.Path += fmt.Sprintf("/v1/%v/ekmConnections", req.GetParent())
+
+		params := url.Values{}
+		params.Add("$alt", "json;enum-encoding=int")
+		if req.GetFilter() != "" {
+			params.Add("filter", fmt.Sprintf("%v", req.GetFilter()))
+		}
+		if req.GetOrderBy() != "" {
+			params.Add("orderBy", fmt.Sprintf("%v", req.GetOrderBy()))
+		}
+		if req.GetPageSize() != 0 {
+			params.Add("pageSize", fmt.Sprintf("%v", req.GetPageSize()))
+		}
+		if req.GetPageToken() != "" {
+			params.Add("pageToken", fmt.Sprintf("%v", req.GetPageToken()))
+		}
+
+		baseUrl.RawQuery = params.Encode()
+
+		// Build HTTP headers from client and context metadata.
+		headers := buildHeaders(ctx, c.xGoogMetadata, metadata.Pairs("Content-Type", "application/json"))
+		e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+			if settings.Path != "" {
+				baseUrl.Path = settings.Path
+			}
+			httpReq, err := http.NewRequest("GET", baseUrl.String(), nil)
+			if err != nil {
+				return err
+			}
+			httpReq.Header = headers
+
+			httpRsp, err := c.httpClient.Do(httpReq)
+			if err != nil {
+				return err
+			}
+			defer httpRsp.Body.Close()
+
+			if err = googleapi.CheckResponse(httpRsp); err != nil {
+				return err
+			}
+
+			buf, err := io.ReadAll(httpRsp.Body)
+			if err != nil {
+				return err
+			}
+
+			if err := unm.Unmarshal(buf, resp); err != nil {
+				return err
+			}
+
+			return nil
+		}, opts...)
+		if e != nil {
+			return nil, "", e
+		}
+		it.Response = resp
+		return resp.GetEkmConnections(), resp.GetNextPageToken(), nil
+	}
+
+	fetch := func(pageSize int, pageToken string) (string, error) {
+		items, nextPageToken, err := it.InternalFetch(pageSize, pageToken)
+		if err != nil {
+			return "", err
+		}
+		it.items = append(it.items, items...)
+		return nextPageToken, nil
+	}
+
+	it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf)
+	it.pageInfo.MaxSize = int(req.GetPageSize())
+	it.pageInfo.Token = req.GetPageToken()
+
+	return it
+}
+
+// GetEkmConnection returns metadata for a given
+// EkmConnection.
+func (c *ekmRESTClient) GetEkmConnection(ctx context.Context, req *kmspb.GetEkmConnectionRequest, opts ...gax.CallOption) (*kmspb.EkmConnection, error) {
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v", req.GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).GetEkmConnection[0:len((*c.CallOptions).GetEkmConnection):len((*c.CallOptions).GetEkmConnection)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.EkmConnection{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("GET", baseUrl.String(), nil)
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// CreateEkmConnection creates a new EkmConnection in a given
+// Project and Location.
+func (c *ekmRESTClient) CreateEkmConnection(ctx context.Context, req *kmspb.CreateEkmConnectionRequest, opts ...gax.CallOption) (*kmspb.EkmConnection, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	body := req.GetEkmConnection()
+	jsonReq, err := m.Marshal(body)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v/ekmConnections", req.GetParent())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+	params.Add("ekmConnectionId", fmt.Sprintf("%v", req.GetEkmConnectionId()))
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).CreateEkmConnection[0:len((*c.CallOptions).CreateEkmConnection):len((*c.CallOptions).CreateEkmConnection)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.EkmConnection{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// UpdateEkmConnection updates an EkmConnection's metadata.
+func (c *ekmRESTClient) UpdateEkmConnection(ctx context.Context, req *kmspb.UpdateEkmConnectionRequest, opts ...gax.CallOption) (*kmspb.EkmConnection, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	body := req.GetEkmConnection()
+	jsonReq, err := m.Marshal(body)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v", req.GetEkmConnection().GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+	if req.GetUpdateMask() != nil {
+		updateMask, err := protojson.Marshal(req.GetUpdateMask())
+		if err != nil {
+			return nil, err
+		}
+		params.Add("updateMask", string(updateMask[1:len(updateMask)-1]))
+	}
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "ekm_connection.name", url.QueryEscape(req.GetEkmConnection().GetName())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).UpdateEkmConnection[0:len((*c.CallOptions).UpdateEkmConnection):len((*c.CallOptions).UpdateEkmConnection)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.EkmConnection{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("PATCH", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// GetEkmConfig returns the EkmConfig singleton resource
+// for a given project and location.
+func (c *ekmRESTClient) GetEkmConfig(ctx context.Context, req *kmspb.GetEkmConfigRequest, opts ...gax.CallOption) (*kmspb.EkmConfig, error) {
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v", req.GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).GetEkmConfig[0:len((*c.CallOptions).GetEkmConfig):len((*c.CallOptions).GetEkmConfig)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.EkmConfig{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("GET", baseUrl.String(), nil)
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// UpdateEkmConfig updates the EkmConfig singleton resource
+// for a given project and location.
+func (c *ekmRESTClient) UpdateEkmConfig(ctx context.Context, req *kmspb.UpdateEkmConfigRequest, opts ...gax.CallOption) (*kmspb.EkmConfig, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	body := req.GetEkmConfig()
+	jsonReq, err := m.Marshal(body)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v", req.GetEkmConfig().GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+	if req.GetUpdateMask() != nil {
+		updateMask, err := protojson.Marshal(req.GetUpdateMask())
+		if err != nil {
+			return nil, err
+		}
+		params.Add("updateMask", string(updateMask[1:len(updateMask)-1]))
+	}
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "ekm_config.name", url.QueryEscape(req.GetEkmConfig().GetName())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).UpdateEkmConfig[0:len((*c.CallOptions).UpdateEkmConfig):len((*c.CallOptions).UpdateEkmConfig)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.EkmConfig{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("PATCH", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// VerifyConnectivity verifies that Cloud KMS can successfully connect to the external key
+// manager specified by an EkmConnection.
+// If there is an error connecting to the EKM, this method returns a
+// FAILED_PRECONDITION status containing structured information as described
+// at https://cloud.google.com/kms/docs/reference/ekm_errors (at https://cloud.google.com/kms/docs/reference/ekm_errors).
+func (c *ekmRESTClient) VerifyConnectivity(ctx context.Context, req *kmspb.VerifyConnectivityRequest, opts ...gax.CallOption) (*kmspb.VerifyConnectivityResponse, error) {
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v:verifyConnectivity", req.GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).VerifyConnectivity[0:len((*c.CallOptions).VerifyConnectivity):len((*c.CallOptions).VerifyConnectivity)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.VerifyConnectivityResponse{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("GET", baseUrl.String(), nil)
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// GetLocation gets information about a location.
+func (c *ekmRESTClient) GetLocation(ctx context.Context, req *locationpb.GetLocationRequest, opts ...gax.CallOption) (*locationpb.Location, error) {
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v", req.GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).GetLocation[0:len((*c.CallOptions).GetLocation):len((*c.CallOptions).GetLocation)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &locationpb.Location{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("GET", baseUrl.String(), nil)
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// ListLocations lists information about the supported locations for this service.
+func (c *ekmRESTClient) ListLocations(ctx context.Context, req *locationpb.ListLocationsRequest, opts ...gax.CallOption) *LocationIterator {
+	it := &LocationIterator{}
+	req = proto.Clone(req).(*locationpb.ListLocationsRequest)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	it.InternalFetch = func(pageSize int, pageToken string) ([]*locationpb.Location, string, error) {
+		resp := &locationpb.ListLocationsResponse{}
+		if pageToken != "" {
+			req.PageToken = pageToken
+		}
+		if pageSize > math.MaxInt32 {
+			req.PageSize = math.MaxInt32
+		} else if pageSize != 0 {
+			req.PageSize = int32(pageSize)
+		}
+		baseUrl, err := url.Parse(c.endpoint)
+		if err != nil {
+			return nil, "", err
+		}
+		baseUrl.Path += fmt.Sprintf("/v1/%v/locations", req.GetName())
+
+		params := url.Values{}
+		params.Add("$alt", "json;enum-encoding=int")
+		if req.GetFilter() != "" {
+			params.Add("filter", fmt.Sprintf("%v", req.GetFilter()))
+		}
+		if req.GetPageSize() != 0 {
+			params.Add("pageSize", fmt.Sprintf("%v", req.GetPageSize()))
+		}
+		if req.GetPageToken() != "" {
+			params.Add("pageToken", fmt.Sprintf("%v", req.GetPageToken()))
+		}
+
+		baseUrl.RawQuery = params.Encode()
+
+		// Build HTTP headers from client and context metadata.
+		headers := buildHeaders(ctx, c.xGoogMetadata, metadata.Pairs("Content-Type", "application/json"))
+		e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+			if settings.Path != "" {
+				baseUrl.Path = settings.Path
+			}
+			httpReq, err := http.NewRequest("GET", baseUrl.String(), nil)
+			if err != nil {
+				return err
+			}
+			httpReq.Header = headers
+
+			httpRsp, err := c.httpClient.Do(httpReq)
+			if err != nil {
+				return err
+			}
+			defer httpRsp.Body.Close()
+
+			if err = googleapi.CheckResponse(httpRsp); err != nil {
+				return err
+			}
+
+			buf, err := io.ReadAll(httpRsp.Body)
+			if err != nil {
+				return err
+			}
+
+			if err := unm.Unmarshal(buf, resp); err != nil {
+				return err
+			}
+
+			return nil
+		}, opts...)
+		if e != nil {
+			return nil, "", e
+		}
+		it.Response = resp
+		return resp.GetLocations(), resp.GetNextPageToken(), nil
+	}
+
+	fetch := func(pageSize int, pageToken string) (string, error) {
+		items, nextPageToken, err := it.InternalFetch(pageSize, pageToken)
+		if err != nil {
+			return "", err
+		}
+		it.items = append(it.items, items...)
+		return nextPageToken, nil
+	}
+
+	it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf)
+	it.pageInfo.MaxSize = int(req.GetPageSize())
+	it.pageInfo.Token = req.GetPageToken()
+
+	return it
+}
+
+// GetIamPolicy gets the access control policy for a resource. Returns an empty policy
+// if the resource exists and does not have a policy set.
+func (c *ekmRESTClient) GetIamPolicy(ctx context.Context, req *iampb.GetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy, error) {
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v:getIamPolicy", req.GetResource())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+	if req.GetOptions().GetRequestedPolicyVersion() != 0 {
+		params.Add("options.requestedPolicyVersion", fmt.Sprintf("%v", req.GetOptions().GetRequestedPolicyVersion()))
+	}
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).GetIamPolicy[0:len((*c.CallOptions).GetIamPolicy):len((*c.CallOptions).GetIamPolicy)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &iampb.Policy{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("GET", baseUrl.String(), nil)
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// SetIamPolicy sets the access control policy on the specified resource. Replaces
+// any existing policy.
+//
+// Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED
+// errors.
+func (c *ekmRESTClient) SetIamPolicy(ctx context.Context, req *iampb.SetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	jsonReq, err := m.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v:setIamPolicy", req.GetResource())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).SetIamPolicy[0:len((*c.CallOptions).SetIamPolicy):len((*c.CallOptions).SetIamPolicy)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &iampb.Policy{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// TestIamPermissions returns permissions that a caller has on the specified resource. If the
+// resource does not exist, this will return an empty set of
+// permissions, not a NOT_FOUND error.
+//
+// Note: This operation is designed to be used for building
+// permission-aware UIs and command-line tools, not for authorization
+// checking. This operation may “fail open” without warning.
+func (c *ekmRESTClient) TestIamPermissions(ctx context.Context, req *iampb.TestIamPermissionsRequest, opts ...gax.CallOption) (*iampb.TestIamPermissionsResponse, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	jsonReq, err := m.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v:testIamPermissions", req.GetResource())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).TestIamPermissions[0:len((*c.CallOptions).TestIamPermissions):len((*c.CallOptions).TestIamPermissions)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &iampb.TestIamPermissionsResponse{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
 // EkmConnectionIterator manages a stream of *kmspb.EkmConnection.
 type EkmConnectionIterator struct {
 	items    []*kmspb.EkmConnection
diff --git a/vendor/cloud.google.com/go/kms/apiv1/gapic_metadata.json b/vendor/cloud.google.com/go/kms/apiv1/gapic_metadata.json
deleted file mode 100644
index 5b9024e71..000000000
--- a/vendor/cloud.google.com/go/kms/apiv1/gapic_metadata.json
+++ /dev/null
@@ -1,227 +0,0 @@
-{
-  "schema": "1.0",
-  "comment": "This file maps proto services/RPCs to the corresponding library clients/methods.",
-  "language": "go",
-  "protoPackage": "google.cloud.kms.v1",
-  "libraryPackage": "cloud.google.com/go/kms/apiv1",
-  "services": {
-    "EkmService": {
-      "clients": {
-        "grpc": {
-          "libraryClient": "EkmClient",
-          "rpcs": {
-            "CreateEkmConnection": {
-              "methods": [
-                "CreateEkmConnection"
-              ]
-            },
-            "GetEkmConnection": {
-              "methods": [
-                "GetEkmConnection"
-              ]
-            },
-            "GetIamPolicy": {
-              "methods": [
-                "GetIamPolicy"
-              ]
-            },
-            "GetLocation": {
-              "methods": [
-                "GetLocation"
-              ]
-            },
-            "ListEkmConnections": {
-              "methods": [
-                "ListEkmConnections"
-              ]
-            },
-            "ListLocations": {
-              "methods": [
-                "ListLocations"
-              ]
-            },
-            "SetIamPolicy": {
-              "methods": [
-                "SetIamPolicy"
-              ]
-            },
-            "TestIamPermissions": {
-              "methods": [
-                "TestIamPermissions"
-              ]
-            },
-            "UpdateEkmConnection": {
-              "methods": [
-                "UpdateEkmConnection"
-              ]
-            }
-          }
-        }
-      }
-    },
-    "KeyManagementService": {
-      "clients": {
-        "grpc": {
-          "libraryClient": "KeyManagementClient",
-          "rpcs": {
-            "AsymmetricDecrypt": {
-              "methods": [
-                "AsymmetricDecrypt"
-              ]
-            },
-            "AsymmetricSign": {
-              "methods": [
-                "AsymmetricSign"
-              ]
-            },
-            "CreateCryptoKey": {
-              "methods": [
-                "CreateCryptoKey"
-              ]
-            },
-            "CreateCryptoKeyVersion": {
-              "methods": [
-                "CreateCryptoKeyVersion"
-              ]
-            },
-            "CreateImportJob": {
-              "methods": [
-                "CreateImportJob"
-              ]
-            },
-            "CreateKeyRing": {
-              "methods": [
-                "CreateKeyRing"
-              ]
-            },
-            "Decrypt": {
-              "methods": [
-                "Decrypt"
-              ]
-            },
-            "DestroyCryptoKeyVersion": {
-              "methods": [
-                "DestroyCryptoKeyVersion"
-              ]
-            },
-            "Encrypt": {
-              "methods": [
-                "Encrypt"
-              ]
-            },
-            "GenerateRandomBytes": {
-              "methods": [
-                "GenerateRandomBytes"
-              ]
-            },
-            "GetCryptoKey": {
-              "methods": [
-                "GetCryptoKey"
-              ]
-            },
-            "GetCryptoKeyVersion": {
-              "methods": [
-                "GetCryptoKeyVersion"
-              ]
-            },
-            "GetIamPolicy": {
-              "methods": [
-                "GetIamPolicy"
-              ]
-            },
-            "GetImportJob": {
-              "methods": [
-                "GetImportJob"
-              ]
-            },
-            "GetKeyRing": {
-              "methods": [
-                "GetKeyRing"
-              ]
-            },
-            "GetLocation": {
-              "methods": [
-                "GetLocation"
-              ]
-            },
-            "GetPublicKey": {
-              "methods": [
-                "GetPublicKey"
-              ]
-            },
-            "ImportCryptoKeyVersion": {
-              "methods": [
-                "ImportCryptoKeyVersion"
-              ]
-            },
-            "ListCryptoKeyVersions": {
-              "methods": [
-                "ListCryptoKeyVersions"
-              ]
-            },
-            "ListCryptoKeys": {
-              "methods": [
-                "ListCryptoKeys"
-              ]
-            },
-            "ListImportJobs": {
-              "methods": [
-                "ListImportJobs"
-              ]
-            },
-            "ListKeyRings": {
-              "methods": [
-                "ListKeyRings"
-              ]
-            },
-            "ListLocations": {
-              "methods": [
-                "ListLocations"
-              ]
-            },
-            "MacSign": {
-              "methods": [
-                "MacSign"
-              ]
-            },
-            "MacVerify": {
-              "methods": [
-                "MacVerify"
-              ]
-            },
-            "RestoreCryptoKeyVersion": {
-              "methods": [
-                "RestoreCryptoKeyVersion"
-              ]
-            },
-            "SetIamPolicy": {
-              "methods": [
-                "SetIamPolicy"
-              ]
-            },
-            "TestIamPermissions": {
-              "methods": [
-                "TestIamPermissions"
-              ]
-            },
-            "UpdateCryptoKey": {
-              "methods": [
-                "UpdateCryptoKey"
-              ]
-            },
-            "UpdateCryptoKeyPrimaryVersion": {
-              "methods": [
-                "UpdateCryptoKeyPrimaryVersion"
-              ]
-            },
-            "UpdateCryptoKeyVersion": {
-              "methods": [
-                "UpdateCryptoKeyVersion"
-              ]
-            }
-          }
-        }
-      }
-    }
-  }
-}
diff --git a/vendor/cloud.google.com/go/kms/apiv1/iam.go b/vendor/cloud.google.com/go/kms/apiv1/iam.go
index 9fb2a6ab3..a86b08a6c 100644
--- a/vendor/cloud.google.com/go/kms/apiv1/iam.go
+++ b/vendor/cloud.google.com/go/kms/apiv1/iam.go
@@ -16,7 +16,7 @@ package kms
 
 import (
 	"cloud.google.com/go/iam"
-	kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1"
+	"cloud.google.com/go/kms/apiv1/kmspb"
 )
 
 // KeyRingIAM returns a handle to inspect and change permissions of a KeyRing.
diff --git a/vendor/cloud.google.com/go/kms/apiv1/key_management_client.go b/vendor/cloud.google.com/go/kms/apiv1/key_management_client.go
index 358188797..56e2ac94e 100644
--- a/vendor/cloud.google.com/go/kms/apiv1/key_management_client.go
+++ b/vendor/cloud.google.com/go/kms/apiv1/key_management_client.go
@@ -1,4 +1,4 @@
-// Copyright 2022 Google LLC
+// Copyright 2023 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -17,23 +17,29 @@
 package kms
 
 import (
+	"bytes"
 	"context"
 	"fmt"
+	"io"
 	"math"
+	"net/http"
 	"net/url"
 	"time"
 
+	iampb "cloud.google.com/go/iam/apiv1/iampb"
 	kmspb "cloud.google.com/go/kms/apiv1/kmspb"
 	gax "github.com/googleapis/gax-go/v2"
+	"google.golang.org/api/googleapi"
 	"google.golang.org/api/iterator"
 	"google.golang.org/api/option"
 	"google.golang.org/api/option/internaloption"
 	gtransport "google.golang.org/api/transport/grpc"
+	httptransport "google.golang.org/api/transport/http"
 	locationpb "google.golang.org/genproto/googleapis/cloud/location"
-	iampb "google.golang.org/genproto/googleapis/iam/v1"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/metadata"
+	"google.golang.org/protobuf/encoding/protojson"
 	"google.golang.org/protobuf/proto"
 )
 
@@ -89,6 +95,7 @@ func defaultKeyManagementGRPCClientOptions() []option.ClientOption {
 func defaultKeyManagementCallOptions() *KeyManagementCallOptions {
 	return &KeyManagementCallOptions{
 		ListKeyRings: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -101,6 +108,7 @@ func defaultKeyManagementCallOptions() *KeyManagementCallOptions {
 			}),
 		},
 		ListCryptoKeys: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -113,6 +121,7 @@ func defaultKeyManagementCallOptions() *KeyManagementCallOptions {
 			}),
 		},
 		ListCryptoKeyVersions: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -125,6 +134,7 @@ func defaultKeyManagementCallOptions() *KeyManagementCallOptions {
 			}),
 		},
 		ListImportJobs: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -137,6 +147,7 @@ func defaultKeyManagementCallOptions() *KeyManagementCallOptions {
 			}),
 		},
 		GetKeyRing: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -149,6 +160,7 @@ func defaultKeyManagementCallOptions() *KeyManagementCallOptions {
 			}),
 		},
 		GetCryptoKey: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -161,6 +173,7 @@ func defaultKeyManagementCallOptions() *KeyManagementCallOptions {
 			}),
 		},
 		GetCryptoKeyVersion: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -173,6 +186,7 @@ func defaultKeyManagementCallOptions() *KeyManagementCallOptions {
 			}),
 		},
 		GetPublicKey: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -185,6 +199,7 @@ func defaultKeyManagementCallOptions() *KeyManagementCallOptions {
 			}),
 		},
 		GetImportJob: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -197,6 +212,7 @@ func defaultKeyManagementCallOptions() *KeyManagementCallOptions {
 			}),
 		},
 		CreateKeyRing: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -209,6 +225,7 @@ func defaultKeyManagementCallOptions() *KeyManagementCallOptions {
 			}),
 		},
 		CreateCryptoKey: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -220,9 +237,14 @@ func defaultKeyManagementCallOptions() *KeyManagementCallOptions {
 				})
 			}),
 		},
-		CreateCryptoKeyVersion: []gax.CallOption{},
-		ImportCryptoKeyVersion: []gax.CallOption{},
+		CreateCryptoKeyVersion: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+		},
+		ImportCryptoKeyVersion: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+		},
 		CreateImportJob: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -235,6 +257,7 @@ func defaultKeyManagementCallOptions() *KeyManagementCallOptions {
 			}),
 		},
 		UpdateCryptoKey: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -247,6 +270,7 @@ func defaultKeyManagementCallOptions() *KeyManagementCallOptions {
 			}),
 		},
 		UpdateCryptoKeyVersion: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -259,6 +283,7 @@ func defaultKeyManagementCallOptions() *KeyManagementCallOptions {
 			}),
 		},
 		UpdateCryptoKeyPrimaryVersion: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -271,6 +296,7 @@ func defaultKeyManagementCallOptions() *KeyManagementCallOptions {
 			}),
 		},
 		DestroyCryptoKeyVersion: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -283,6 +309,7 @@ func defaultKeyManagementCallOptions() *KeyManagementCallOptions {
 			}),
 		},
 		RestoreCryptoKeyVersion: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -295,6 +322,7 @@ func defaultKeyManagementCallOptions() *KeyManagementCallOptions {
 			}),
 		},
 		Encrypt: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -307,6 +335,7 @@ func defaultKeyManagementCallOptions() *KeyManagementCallOptions {
 			}),
 		},
 		Decrypt: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -319,6 +348,7 @@ func defaultKeyManagementCallOptions() *KeyManagementCallOptions {
 			}),
 		},
 		AsymmetricSign: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -331,6 +361,7 @@ func defaultKeyManagementCallOptions() *KeyManagementCallOptions {
 			}),
 		},
 		AsymmetricDecrypt: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -343,6 +374,7 @@ func defaultKeyManagementCallOptions() *KeyManagementCallOptions {
 			}),
 		},
 		MacSign: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -355,6 +387,7 @@ func defaultKeyManagementCallOptions() *KeyManagementCallOptions {
 			}),
 		},
 		MacVerify: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -367,6 +400,7 @@ func defaultKeyManagementCallOptions() *KeyManagementCallOptions {
 			}),
 		},
 		GenerateRandomBytes: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
 			gax.WithRetry(func() gax.Retryer {
 				return gax.OnCodes([]codes.Code{
 					codes.Unavailable,
@@ -386,6 +420,310 @@ func defaultKeyManagementCallOptions() *KeyManagementCallOptions {
 	}
 }
 
+func defaultKeyManagementRESTCallOptions() *KeyManagementCallOptions {
+	return &KeyManagementCallOptions{
+		ListKeyRings: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		ListCryptoKeys: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		ListCryptoKeyVersions: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		ListImportJobs: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		GetKeyRing: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		GetCryptoKey: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		GetCryptoKeyVersion: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		GetPublicKey: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		GetImportJob: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		CreateKeyRing: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		CreateCryptoKey: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		CreateCryptoKeyVersion: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+		},
+		ImportCryptoKeyVersion: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+		},
+		CreateImportJob: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		UpdateCryptoKey: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		UpdateCryptoKeyVersion: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		UpdateCryptoKeyPrimaryVersion: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		DestroyCryptoKeyVersion: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		RestoreCryptoKeyVersion: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		Encrypt: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		Decrypt: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		AsymmetricSign: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		AsymmetricDecrypt: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		MacSign: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		MacVerify: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		GenerateRandomBytes: []gax.CallOption{
+			gax.WithTimeout(60000 * time.Millisecond),
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnHTTPCodes(gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.30,
+				},
+					http.StatusServiceUnavailable,
+					http.StatusGatewayTimeout)
+			}),
+		},
+		GetLocation:        []gax.CallOption{},
+		ListLocations:      []gax.CallOption{},
+		GetIamPolicy:       []gax.CallOption{},
+		SetIamPolicy:       []gax.CallOption{},
+		TestIamPermissions: []gax.CallOption{},
+	}
+}
+
 // internalKeyManagementClient is an interface that defines the methods available from Cloud Key Management Service (KMS) API.
 type internalKeyManagementClient interface {
 	Close() error
@@ -740,9 +1078,6 @@ type keyManagementGRPCClient struct {
 	// Connection pool of gRPC connections to the service.
 	connPool gtransport.ConnPool
 
-	// flag to opt out of default deadlines via GOOGLE_API_GO_EXPERIMENTAL_DISABLE_DEFAULT_DEADLINE
-	disableDeadlines bool
-
 	// Points back to the CallOptions field of the containing KeyManagementClient
 	CallOptions **KeyManagementCallOptions
 
@@ -785,11 +1120,6 @@ func NewKeyManagementClient(ctx context.Context, opts ...option.ClientOption) (*
 		clientOpts = append(clientOpts, hookOpts...)
 	}
 
-	disableDeadlines, err := checkDisableDeadlines()
-	if err != nil {
-		return nil, err
-	}
-
 	connPool, err := gtransport.DialPool(ctx, append(clientOpts, opts...)...)
 	if err != nil {
 		return nil, err
@@ -798,7 +1128,6 @@ func NewKeyManagementClient(ctx context.Context, opts ...option.ClientOption) (*
 
 	c := &keyManagementGRPCClient{
 		connPool:            connPool,
-		disableDeadlines:    disableDeadlines,
 		keyManagementClient: kmspb.NewKeyManagementServiceClient(connPool),
 		CallOptions:         &client.CallOptions,
 		iamPolicyClient:     iampb.NewIAMPolicyClient(connPool),
@@ -823,7 +1152,7 @@ func (c *keyManagementGRPCClient) Connection() *grpc.ClientConn {
 // the `x-goog-api-client` header passed on each request. Intended for
 // use by Google-written clients.
 func (c *keyManagementGRPCClient) setGoogleClientInfo(keyval ...string) {
-	kv := append([]string{"gl-go", versionGo()}, keyval...)
+	kv := append([]string{"gl-go", gax.GoVersion}, keyval...)
 	kv = append(kv, "gapic", getVersionClient(), "gax", gax.Version, "grpc", grpc.Version)
 	c.xGoogMetadata = metadata.Pairs("x-goog-api-client", gax.XGoogHeader(kv...))
 }
@@ -834,6 +1163,88 @@ func (c *keyManagementGRPCClient) Close() error {
 	return c.connPool.Close()
 }
 
+// Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
+type keyManagementRESTClient struct {
+	// The http endpoint to connect to.
+	endpoint string
+
+	// The http client.
+	httpClient *http.Client
+
+	// The x-goog-* metadata to be sent with each request.
+	xGoogMetadata metadata.MD
+
+	// Points back to the CallOptions field of the containing KeyManagementClient
+	CallOptions **KeyManagementCallOptions
+}
+
+// NewKeyManagementRESTClient creates a new key management service rest client.
+//
+// # Google Cloud Key Management Service
+//
+// Manages cryptographic keys and operations using those keys. Implements a REST
+// model with the following objects:
+//
+//	KeyRing
+//
+//	CryptoKey
+//
+//	CryptoKeyVersion
+//
+//	ImportJob
+//
+// If you are using manual gRPC libraries, see
+// Using gRPC with Cloud KMS (at https://cloud.google.com/kms/docs/grpc).
+func NewKeyManagementRESTClient(ctx context.Context, opts ...option.ClientOption) (*KeyManagementClient, error) {
+	clientOpts := append(defaultKeyManagementRESTClientOptions(), opts...)
+	httpClient, endpoint, err := httptransport.NewClient(ctx, clientOpts...)
+	if err != nil {
+		return nil, err
+	}
+
+	callOpts := defaultKeyManagementRESTCallOptions()
+	c := &keyManagementRESTClient{
+		endpoint:    endpoint,
+		httpClient:  httpClient,
+		CallOptions: &callOpts,
+	}
+	c.setGoogleClientInfo()
+
+	return &KeyManagementClient{internalClient: c, CallOptions: callOpts}, nil
+}
+
+func defaultKeyManagementRESTClientOptions() []option.ClientOption {
+	return []option.ClientOption{
+		internaloption.WithDefaultEndpoint("https://cloudkms.googleapis.com"),
+		internaloption.WithDefaultMTLSEndpoint("https://cloudkms.mtls.googleapis.com"),
+		internaloption.WithDefaultAudience("https://cloudkms.googleapis.com/"),
+		internaloption.WithDefaultScopes(DefaultAuthScopes()...),
+	}
+}
+
+// setGoogleClientInfo sets the name and version of the application in
+// the `x-goog-api-client` header passed on each request. Intended for
+// use by Google-written clients.
+func (c *keyManagementRESTClient) setGoogleClientInfo(keyval ...string) {
+	kv := append([]string{"gl-go", gax.GoVersion}, keyval...)
+	kv = append(kv, "gapic", getVersionClient(), "gax", gax.Version, "rest", "UNKNOWN")
+	c.xGoogMetadata = metadata.Pairs("x-goog-api-client", gax.XGoogHeader(kv...))
+}
+
+// Close closes the connection to the API service. The user should invoke this when
+// the client is no longer required.
+func (c *keyManagementRESTClient) Close() error {
+	// Replace httpClient with nil to force cleanup.
+	c.httpClient = nil
+	return nil
+}
+
+// Connection returns a connection to the API service.
+//
+// Deprecated: This method always returns nil.
+func (c *keyManagementRESTClient) Connection() *grpc.ClientConn {
+	return nil
+}
 func (c *keyManagementGRPCClient) ListKeyRings(ctx context.Context, req *kmspb.ListKeyRingsRequest, opts ...gax.CallOption) *KeyRingIterator {
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
 
@@ -1015,11 +1426,6 @@ func (c *keyManagementGRPCClient) ListImportJobs(ctx context.Context, req *kmspb
 }
 
 func (c *keyManagementGRPCClient) GetKeyRing(ctx context.Context, req *kmspb.GetKeyRingRequest, opts ...gax.CallOption) (*kmspb.KeyRing, error) {
-	if _, ok := ctx.Deadline(); !ok && !c.disableDeadlines {
-		cctx, cancel := context.WithTimeout(ctx, 60000*time.Millisecond)
-		defer cancel()
-		ctx = cctx
-	}
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
 
 	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
@@ -1037,11 +1443,6 @@ func (c *keyManagementGRPCClient) GetKeyRing(ctx context.Context, req *kmspb.Get
 }
 
 func (c *keyManagementGRPCClient) GetCryptoKey(ctx context.Context, req *kmspb.GetCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error) {
-	if _, ok := ctx.Deadline(); !ok && !c.disableDeadlines {
-		cctx, cancel := context.WithTimeout(ctx, 60000*time.Millisecond)
-		defer cancel()
-		ctx = cctx
-	}
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
 
 	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
@@ -1059,11 +1460,6 @@ func (c *keyManagementGRPCClient) GetCryptoKey(ctx context.Context, req *kmspb.G
 }
 
 func (c *keyManagementGRPCClient) GetCryptoKeyVersion(ctx context.Context, req *kmspb.GetCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) {
-	if _, ok := ctx.Deadline(); !ok && !c.disableDeadlines {
-		cctx, cancel := context.WithTimeout(ctx, 60000*time.Millisecond)
-		defer cancel()
-		ctx = cctx
-	}
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
 
 	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
@@ -1081,11 +1477,6 @@ func (c *keyManagementGRPCClient) GetCryptoKeyVersion(ctx context.Context, req *
 }
 
 func (c *keyManagementGRPCClient) GetPublicKey(ctx context.Context, req *kmspb.GetPublicKeyRequest, opts ...gax.CallOption) (*kmspb.PublicKey, error) {
-	if _, ok := ctx.Deadline(); !ok && !c.disableDeadlines {
-		cctx, cancel := context.WithTimeout(ctx, 60000*time.Millisecond)
-		defer cancel()
-		ctx = cctx
-	}
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
 
 	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
@@ -1103,11 +1494,6 @@ func (c *keyManagementGRPCClient) GetPublicKey(ctx context.Context, req *kmspb.G
 }
 
 func (c *keyManagementGRPCClient) GetImportJob(ctx context.Context, req *kmspb.GetImportJobRequest, opts ...gax.CallOption) (*kmspb.ImportJob, error) {
-	if _, ok := ctx.Deadline(); !ok && !c.disableDeadlines {
-		cctx, cancel := context.WithTimeout(ctx, 60000*time.Millisecond)
-		defer cancel()
-		ctx = cctx
-	}
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
 
 	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
@@ -1125,11 +1511,6 @@ func (c *keyManagementGRPCClient) GetImportJob(ctx context.Context, req *kmspb.G
 }
 
 func (c *keyManagementGRPCClient) CreateKeyRing(ctx context.Context, req *kmspb.CreateKeyRingRequest, opts ...gax.CallOption) (*kmspb.KeyRing, error) {
-	if _, ok := ctx.Deadline(); !ok && !c.disableDeadlines {
-		cctx, cancel := context.WithTimeout(ctx, 60000*time.Millisecond)
-		defer cancel()
-		ctx = cctx
-	}
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
 
 	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
@@ -1147,11 +1528,6 @@ func (c *keyManagementGRPCClient) CreateKeyRing(ctx context.Context, req *kmspb.
 }
 
 func (c *keyManagementGRPCClient) CreateCryptoKey(ctx context.Context, req *kmspb.CreateCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error) {
-	if _, ok := ctx.Deadline(); !ok && !c.disableDeadlines {
-		cctx, cancel := context.WithTimeout(ctx, 60000*time.Millisecond)
-		defer cancel()
-		ctx = cctx
-	}
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
 
 	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
@@ -1169,11 +1545,6 @@ func (c *keyManagementGRPCClient) CreateCryptoKey(ctx context.Context, req *kmsp
 }
 
 func (c *keyManagementGRPCClient) CreateCryptoKeyVersion(ctx context.Context, req *kmspb.CreateCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) {
-	if _, ok := ctx.Deadline(); !ok && !c.disableDeadlines {
-		cctx, cancel := context.WithTimeout(ctx, 60000*time.Millisecond)
-		defer cancel()
-		ctx = cctx
-	}
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
 
 	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
@@ -1191,11 +1562,6 @@ func (c *keyManagementGRPCClient) CreateCryptoKeyVersion(ctx context.Context, re
 }
 
 func (c *keyManagementGRPCClient) ImportCryptoKeyVersion(ctx context.Context, req *kmspb.ImportCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) {
-	if _, ok := ctx.Deadline(); !ok && !c.disableDeadlines {
-		cctx, cancel := context.WithTimeout(ctx, 60000*time.Millisecond)
-		defer cancel()
-		ctx = cctx
-	}
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
 
 	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
@@ -1213,11 +1579,6 @@ func (c *keyManagementGRPCClient) ImportCryptoKeyVersion(ctx context.Context, re
 }
 
 func (c *keyManagementGRPCClient) CreateImportJob(ctx context.Context, req *kmspb.CreateImportJobRequest, opts ...gax.CallOption) (*kmspb.ImportJob, error) {
-	if _, ok := ctx.Deadline(); !ok && !c.disableDeadlines {
-		cctx, cancel := context.WithTimeout(ctx, 60000*time.Millisecond)
-		defer cancel()
-		ctx = cctx
-	}
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
 
 	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
@@ -1235,11 +1596,6 @@ func (c *keyManagementGRPCClient) CreateImportJob(ctx context.Context, req *kmsp
 }
 
 func (c *keyManagementGRPCClient) UpdateCryptoKey(ctx context.Context, req *kmspb.UpdateCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error) {
-	if _, ok := ctx.Deadline(); !ok && !c.disableDeadlines {
-		cctx, cancel := context.WithTimeout(ctx, 60000*time.Millisecond)
-		defer cancel()
-		ctx = cctx
-	}
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "crypto_key.name", url.QueryEscape(req.GetCryptoKey().GetName())))
 
 	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
@@ -1257,11 +1613,6 @@ func (c *keyManagementGRPCClient) UpdateCryptoKey(ctx context.Context, req *kmsp
 }
 
 func (c *keyManagementGRPCClient) UpdateCryptoKeyVersion(ctx context.Context, req *kmspb.UpdateCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) {
-	if _, ok := ctx.Deadline(); !ok && !c.disableDeadlines {
-		cctx, cancel := context.WithTimeout(ctx, 60000*time.Millisecond)
-		defer cancel()
-		ctx = cctx
-	}
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "crypto_key_version.name", url.QueryEscape(req.GetCryptoKeyVersion().GetName())))
 
 	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
@@ -1279,11 +1630,6 @@ func (c *keyManagementGRPCClient) UpdateCryptoKeyVersion(ctx context.Context, re
 }
 
 func (c *keyManagementGRPCClient) UpdateCryptoKeyPrimaryVersion(ctx context.Context, req *kmspb.UpdateCryptoKeyPrimaryVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error) {
-	if _, ok := ctx.Deadline(); !ok && !c.disableDeadlines {
-		cctx, cancel := context.WithTimeout(ctx, 60000*time.Millisecond)
-		defer cancel()
-		ctx = cctx
-	}
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
 
 	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
@@ -1301,11 +1647,6 @@ func (c *keyManagementGRPCClient) UpdateCryptoKeyPrimaryVersion(ctx context.Cont
 }
 
 func (c *keyManagementGRPCClient) DestroyCryptoKeyVersion(ctx context.Context, req *kmspb.DestroyCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) {
-	if _, ok := ctx.Deadline(); !ok && !c.disableDeadlines {
-		cctx, cancel := context.WithTimeout(ctx, 60000*time.Millisecond)
-		defer cancel()
-		ctx = cctx
-	}
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
 
 	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
@@ -1323,11 +1664,6 @@ func (c *keyManagementGRPCClient) DestroyCryptoKeyVersion(ctx context.Context, r
 }
 
 func (c *keyManagementGRPCClient) RestoreCryptoKeyVersion(ctx context.Context, req *kmspb.RestoreCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) {
-	if _, ok := ctx.Deadline(); !ok && !c.disableDeadlines {
-		cctx, cancel := context.WithTimeout(ctx, 60000*time.Millisecond)
-		defer cancel()
-		ctx = cctx
-	}
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
 
 	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
@@ -1345,11 +1681,6 @@ func (c *keyManagementGRPCClient) RestoreCryptoKeyVersion(ctx context.Context, r
 }
 
 func (c *keyManagementGRPCClient) Encrypt(ctx context.Context, req *kmspb.EncryptRequest, opts ...gax.CallOption) (*kmspb.EncryptResponse, error) {
-	if _, ok := ctx.Deadline(); !ok && !c.disableDeadlines {
-		cctx, cancel := context.WithTimeout(ctx, 60000*time.Millisecond)
-		defer cancel()
-		ctx = cctx
-	}
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
 
 	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
@@ -1367,11 +1698,6 @@ func (c *keyManagementGRPCClient) Encrypt(ctx context.Context, req *kmspb.Encryp
 }
 
 func (c *keyManagementGRPCClient) Decrypt(ctx context.Context, req *kmspb.DecryptRequest, opts ...gax.CallOption) (*kmspb.DecryptResponse, error) {
-	if _, ok := ctx.Deadline(); !ok && !c.disableDeadlines {
-		cctx, cancel := context.WithTimeout(ctx, 60000*time.Millisecond)
-		defer cancel()
-		ctx = cctx
-	}
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
 
 	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
@@ -1389,11 +1715,6 @@ func (c *keyManagementGRPCClient) Decrypt(ctx context.Context, req *kmspb.Decryp
 }
 
 func (c *keyManagementGRPCClient) AsymmetricSign(ctx context.Context, req *kmspb.AsymmetricSignRequest, opts ...gax.CallOption) (*kmspb.AsymmetricSignResponse, error) {
-	if _, ok := ctx.Deadline(); !ok && !c.disableDeadlines {
-		cctx, cancel := context.WithTimeout(ctx, 60000*time.Millisecond)
-		defer cancel()
-		ctx = cctx
-	}
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
 
 	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
@@ -1411,11 +1732,6 @@ func (c *keyManagementGRPCClient) AsymmetricSign(ctx context.Context, req *kmspb
 }
 
 func (c *keyManagementGRPCClient) AsymmetricDecrypt(ctx context.Context, req *kmspb.AsymmetricDecryptRequest, opts ...gax.CallOption) (*kmspb.AsymmetricDecryptResponse, error) {
-	if _, ok := ctx.Deadline(); !ok && !c.disableDeadlines {
-		cctx, cancel := context.WithTimeout(ctx, 60000*time.Millisecond)
-		defer cancel()
-		ctx = cctx
-	}
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
 
 	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
@@ -1433,11 +1749,6 @@ func (c *keyManagementGRPCClient) AsymmetricDecrypt(ctx context.Context, req *km
 }
 
 func (c *keyManagementGRPCClient) MacSign(ctx context.Context, req *kmspb.MacSignRequest, opts ...gax.CallOption) (*kmspb.MacSignResponse, error) {
-	if _, ok := ctx.Deadline(); !ok && !c.disableDeadlines {
-		cctx, cancel := context.WithTimeout(ctx, 60000*time.Millisecond)
-		defer cancel()
-		ctx = cctx
-	}
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
 
 	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
@@ -1455,11 +1766,6 @@ func (c *keyManagementGRPCClient) MacSign(ctx context.Context, req *kmspb.MacSig
 }
 
 func (c *keyManagementGRPCClient) MacVerify(ctx context.Context, req *kmspb.MacVerifyRequest, opts ...gax.CallOption) (*kmspb.MacVerifyResponse, error) {
-	if _, ok := ctx.Deadline(); !ok && !c.disableDeadlines {
-		cctx, cancel := context.WithTimeout(ctx, 60000*time.Millisecond)
-		defer cancel()
-		ctx = cctx
-	}
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
 
 	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
@@ -1477,11 +1783,6 @@ func (c *keyManagementGRPCClient) MacVerify(ctx context.Context, req *kmspb.MacV
 }
 
 func (c *keyManagementGRPCClient) GenerateRandomBytes(ctx context.Context, req *kmspb.GenerateRandomBytesRequest, opts ...gax.CallOption) (*kmspb.GenerateRandomBytesResponse, error) {
-	if _, ok := ctx.Deadline(); !ok && !c.disableDeadlines {
-		cctx, cancel := context.WithTimeout(ctx, 60000*time.Millisecond)
-		defer cancel()
-		ctx = cctx
-	}
 	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "location", url.QueryEscape(req.GetLocation())))
 
 	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
@@ -1611,6 +1912,2235 @@ func (c *keyManagementGRPCClient) TestIamPermissions(ctx context.Context, req *i
 	return resp, nil
 }
 
+// ListKeyRings lists KeyRings.
+func (c *keyManagementRESTClient) ListKeyRings(ctx context.Context, req *kmspb.ListKeyRingsRequest, opts ...gax.CallOption) *KeyRingIterator {
+	it := &KeyRingIterator{}
+	req = proto.Clone(req).(*kmspb.ListKeyRingsRequest)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	it.InternalFetch = func(pageSize int, pageToken string) ([]*kmspb.KeyRing, string, error) {
+		resp := &kmspb.ListKeyRingsResponse{}
+		if pageToken != "" {
+			req.PageToken = pageToken
+		}
+		if pageSize > math.MaxInt32 {
+			req.PageSize = math.MaxInt32
+		} else if pageSize != 0 {
+			req.PageSize = int32(pageSize)
+		}
+		baseUrl, err := url.Parse(c.endpoint)
+		if err != nil {
+			return nil, "", err
+		}
+		baseUrl.Path += fmt.Sprintf("/v1/%v/keyRings", req.GetParent())
+
+		params := url.Values{}
+		params.Add("$alt", "json;enum-encoding=int")
+		if req.GetFilter() != "" {
+			params.Add("filter", fmt.Sprintf("%v", req.GetFilter()))
+		}
+		if req.GetOrderBy() != "" {
+			params.Add("orderBy", fmt.Sprintf("%v", req.GetOrderBy()))
+		}
+		if req.GetPageSize() != 0 {
+			params.Add("pageSize", fmt.Sprintf("%v", req.GetPageSize()))
+		}
+		if req.GetPageToken() != "" {
+			params.Add("pageToken", fmt.Sprintf("%v", req.GetPageToken()))
+		}
+
+		baseUrl.RawQuery = params.Encode()
+
+		// Build HTTP headers from client and context metadata.
+		headers := buildHeaders(ctx, c.xGoogMetadata, metadata.Pairs("Content-Type", "application/json"))
+		e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+			if settings.Path != "" {
+				baseUrl.Path = settings.Path
+			}
+			httpReq, err := http.NewRequest("GET", baseUrl.String(), nil)
+			if err != nil {
+				return err
+			}
+			httpReq.Header = headers
+
+			httpRsp, err := c.httpClient.Do(httpReq)
+			if err != nil {
+				return err
+			}
+			defer httpRsp.Body.Close()
+
+			if err = googleapi.CheckResponse(httpRsp); err != nil {
+				return err
+			}
+
+			buf, err := io.ReadAll(httpRsp.Body)
+			if err != nil {
+				return err
+			}
+
+			if err := unm.Unmarshal(buf, resp); err != nil {
+				return err
+			}
+
+			return nil
+		}, opts...)
+		if e != nil {
+			return nil, "", e
+		}
+		it.Response = resp
+		return resp.GetKeyRings(), resp.GetNextPageToken(), nil
+	}
+
+	fetch := func(pageSize int, pageToken string) (string, error) {
+		items, nextPageToken, err := it.InternalFetch(pageSize, pageToken)
+		if err != nil {
+			return "", err
+		}
+		it.items = append(it.items, items...)
+		return nextPageToken, nil
+	}
+
+	it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf)
+	it.pageInfo.MaxSize = int(req.GetPageSize())
+	it.pageInfo.Token = req.GetPageToken()
+
+	return it
+}
+
+// ListCryptoKeys lists CryptoKeys.
+func (c *keyManagementRESTClient) ListCryptoKeys(ctx context.Context, req *kmspb.ListCryptoKeysRequest, opts ...gax.CallOption) *CryptoKeyIterator {
+	it := &CryptoKeyIterator{}
+	req = proto.Clone(req).(*kmspb.ListCryptoKeysRequest)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	it.InternalFetch = func(pageSize int, pageToken string) ([]*kmspb.CryptoKey, string, error) {
+		resp := &kmspb.ListCryptoKeysResponse{}
+		if pageToken != "" {
+			req.PageToken = pageToken
+		}
+		if pageSize > math.MaxInt32 {
+			req.PageSize = math.MaxInt32
+		} else if pageSize != 0 {
+			req.PageSize = int32(pageSize)
+		}
+		baseUrl, err := url.Parse(c.endpoint)
+		if err != nil {
+			return nil, "", err
+		}
+		baseUrl.Path += fmt.Sprintf("/v1/%v/cryptoKeys", req.GetParent())
+
+		params := url.Values{}
+		params.Add("$alt", "json;enum-encoding=int")
+		if req.GetFilter() != "" {
+			params.Add("filter", fmt.Sprintf("%v", req.GetFilter()))
+		}
+		if req.GetOrderBy() != "" {
+			params.Add("orderBy", fmt.Sprintf("%v", req.GetOrderBy()))
+		}
+		if req.GetPageSize() != 0 {
+			params.Add("pageSize", fmt.Sprintf("%v", req.GetPageSize()))
+		}
+		if req.GetPageToken() != "" {
+			params.Add("pageToken", fmt.Sprintf("%v", req.GetPageToken()))
+		}
+		if req.GetVersionView() != 0 {
+			params.Add("versionView", fmt.Sprintf("%v", req.GetVersionView()))
+		}
+
+		baseUrl.RawQuery = params.Encode()
+
+		// Build HTTP headers from client and context metadata.
+		headers := buildHeaders(ctx, c.xGoogMetadata, metadata.Pairs("Content-Type", "application/json"))
+		e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+			if settings.Path != "" {
+				baseUrl.Path = settings.Path
+			}
+			httpReq, err := http.NewRequest("GET", baseUrl.String(), nil)
+			if err != nil {
+				return err
+			}
+			httpReq.Header = headers
+
+			httpRsp, err := c.httpClient.Do(httpReq)
+			if err != nil {
+				return err
+			}
+			defer httpRsp.Body.Close()
+
+			if err = googleapi.CheckResponse(httpRsp); err != nil {
+				return err
+			}
+
+			buf, err := io.ReadAll(httpRsp.Body)
+			if err != nil {
+				return err
+			}
+
+			if err := unm.Unmarshal(buf, resp); err != nil {
+				return err
+			}
+
+			return nil
+		}, opts...)
+		if e != nil {
+			return nil, "", e
+		}
+		it.Response = resp
+		return resp.GetCryptoKeys(), resp.GetNextPageToken(), nil
+	}
+
+	fetch := func(pageSize int, pageToken string) (string, error) {
+		items, nextPageToken, err := it.InternalFetch(pageSize, pageToken)
+		if err != nil {
+			return "", err
+		}
+		it.items = append(it.items, items...)
+		return nextPageToken, nil
+	}
+
+	it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf)
+	it.pageInfo.MaxSize = int(req.GetPageSize())
+	it.pageInfo.Token = req.GetPageToken()
+
+	return it
+}
+
+// ListCryptoKeyVersions lists CryptoKeyVersions.
+func (c *keyManagementRESTClient) ListCryptoKeyVersions(ctx context.Context, req *kmspb.ListCryptoKeyVersionsRequest, opts ...gax.CallOption) *CryptoKeyVersionIterator {
+	it := &CryptoKeyVersionIterator{}
+	req = proto.Clone(req).(*kmspb.ListCryptoKeyVersionsRequest)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	it.InternalFetch = func(pageSize int, pageToken string) ([]*kmspb.CryptoKeyVersion, string, error) {
+		resp := &kmspb.ListCryptoKeyVersionsResponse{}
+		if pageToken != "" {
+			req.PageToken = pageToken
+		}
+		if pageSize > math.MaxInt32 {
+			req.PageSize = math.MaxInt32
+		} else if pageSize != 0 {
+			req.PageSize = int32(pageSize)
+		}
+		baseUrl, err := url.Parse(c.endpoint)
+		if err != nil {
+			return nil, "", err
+		}
+		baseUrl.Path += fmt.Sprintf("/v1/%v/cryptoKeyVersions", req.GetParent())
+
+		params := url.Values{}
+		params.Add("$alt", "json;enum-encoding=int")
+		if req.GetFilter() != "" {
+			params.Add("filter", fmt.Sprintf("%v", req.GetFilter()))
+		}
+		if req.GetOrderBy() != "" {
+			params.Add("orderBy", fmt.Sprintf("%v", req.GetOrderBy()))
+		}
+		if req.GetPageSize() != 0 {
+			params.Add("pageSize", fmt.Sprintf("%v", req.GetPageSize()))
+		}
+		if req.GetPageToken() != "" {
+			params.Add("pageToken", fmt.Sprintf("%v", req.GetPageToken()))
+		}
+		if req.GetView() != 0 {
+			params.Add("view", fmt.Sprintf("%v", req.GetView()))
+		}
+
+		baseUrl.RawQuery = params.Encode()
+
+		// Build HTTP headers from client and context metadata.
+		headers := buildHeaders(ctx, c.xGoogMetadata, metadata.Pairs("Content-Type", "application/json"))
+		e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+			if settings.Path != "" {
+				baseUrl.Path = settings.Path
+			}
+			httpReq, err := http.NewRequest("GET", baseUrl.String(), nil)
+			if err != nil {
+				return err
+			}
+			httpReq.Header = headers
+
+			httpRsp, err := c.httpClient.Do(httpReq)
+			if err != nil {
+				return err
+			}
+			defer httpRsp.Body.Close()
+
+			if err = googleapi.CheckResponse(httpRsp); err != nil {
+				return err
+			}
+
+			buf, err := io.ReadAll(httpRsp.Body)
+			if err != nil {
+				return err
+			}
+
+			if err := unm.Unmarshal(buf, resp); err != nil {
+				return err
+			}
+
+			return nil
+		}, opts...)
+		if e != nil {
+			return nil, "", e
+		}
+		it.Response = resp
+		return resp.GetCryptoKeyVersions(), resp.GetNextPageToken(), nil
+	}
+
+	fetch := func(pageSize int, pageToken string) (string, error) {
+		items, nextPageToken, err := it.InternalFetch(pageSize, pageToken)
+		if err != nil {
+			return "", err
+		}
+		it.items = append(it.items, items...)
+		return nextPageToken, nil
+	}
+
+	it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf)
+	it.pageInfo.MaxSize = int(req.GetPageSize())
+	it.pageInfo.Token = req.GetPageToken()
+
+	return it
+}
+
+// ListImportJobs lists ImportJobs.
+func (c *keyManagementRESTClient) ListImportJobs(ctx context.Context, req *kmspb.ListImportJobsRequest, opts ...gax.CallOption) *ImportJobIterator {
+	it := &ImportJobIterator{}
+	req = proto.Clone(req).(*kmspb.ListImportJobsRequest)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	it.InternalFetch = func(pageSize int, pageToken string) ([]*kmspb.ImportJob, string, error) {
+		resp := &kmspb.ListImportJobsResponse{}
+		if pageToken != "" {
+			req.PageToken = pageToken
+		}
+		if pageSize > math.MaxInt32 {
+			req.PageSize = math.MaxInt32
+		} else if pageSize != 0 {
+			req.PageSize = int32(pageSize)
+		}
+		baseUrl, err := url.Parse(c.endpoint)
+		if err != nil {
+			return nil, "", err
+		}
+		baseUrl.Path += fmt.Sprintf("/v1/%v/importJobs", req.GetParent())
+
+		params := url.Values{}
+		params.Add("$alt", "json;enum-encoding=int")
+		if req.GetFilter() != "" {
+			params.Add("filter", fmt.Sprintf("%v", req.GetFilter()))
+		}
+		if req.GetOrderBy() != "" {
+			params.Add("orderBy", fmt.Sprintf("%v", req.GetOrderBy()))
+		}
+		if req.GetPageSize() != 0 {
+			params.Add("pageSize", fmt.Sprintf("%v", req.GetPageSize()))
+		}
+		if req.GetPageToken() != "" {
+			params.Add("pageToken", fmt.Sprintf("%v", req.GetPageToken()))
+		}
+
+		baseUrl.RawQuery = params.Encode()
+
+		// Build HTTP headers from client and context metadata.
+		headers := buildHeaders(ctx, c.xGoogMetadata, metadata.Pairs("Content-Type", "application/json"))
+		e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+			if settings.Path != "" {
+				baseUrl.Path = settings.Path
+			}
+			httpReq, err := http.NewRequest("GET", baseUrl.String(), nil)
+			if err != nil {
+				return err
+			}
+			httpReq.Header = headers
+
+			httpRsp, err := c.httpClient.Do(httpReq)
+			if err != nil {
+				return err
+			}
+			defer httpRsp.Body.Close()
+
+			if err = googleapi.CheckResponse(httpRsp); err != nil {
+				return err
+			}
+
+			buf, err := io.ReadAll(httpRsp.Body)
+			if err != nil {
+				return err
+			}
+
+			if err := unm.Unmarshal(buf, resp); err != nil {
+				return err
+			}
+
+			return nil
+		}, opts...)
+		if e != nil {
+			return nil, "", e
+		}
+		it.Response = resp
+		return resp.GetImportJobs(), resp.GetNextPageToken(), nil
+	}
+
+	fetch := func(pageSize int, pageToken string) (string, error) {
+		items, nextPageToken, err := it.InternalFetch(pageSize, pageToken)
+		if err != nil {
+			return "", err
+		}
+		it.items = append(it.items, items...)
+		return nextPageToken, nil
+	}
+
+	it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf)
+	it.pageInfo.MaxSize = int(req.GetPageSize())
+	it.pageInfo.Token = req.GetPageToken()
+
+	return it
+}
+
+// GetKeyRing returns metadata for a given KeyRing.
+func (c *keyManagementRESTClient) GetKeyRing(ctx context.Context, req *kmspb.GetKeyRingRequest, opts ...gax.CallOption) (*kmspb.KeyRing, error) {
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v", req.GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).GetKeyRing[0:len((*c.CallOptions).GetKeyRing):len((*c.CallOptions).GetKeyRing)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.KeyRing{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("GET", baseUrl.String(), nil)
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// GetCryptoKey returns metadata for a given CryptoKey, as
+// well as its primary
+// CryptoKeyVersion.
+func (c *keyManagementRESTClient) GetCryptoKey(ctx context.Context, req *kmspb.GetCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error) {
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v", req.GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).GetCryptoKey[0:len((*c.CallOptions).GetCryptoKey):len((*c.CallOptions).GetCryptoKey)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.CryptoKey{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("GET", baseUrl.String(), nil)
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// GetCryptoKeyVersion returns metadata for a given
+// CryptoKeyVersion.
+func (c *keyManagementRESTClient) GetCryptoKeyVersion(ctx context.Context, req *kmspb.GetCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) {
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v", req.GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).GetCryptoKeyVersion[0:len((*c.CallOptions).GetCryptoKeyVersion):len((*c.CallOptions).GetCryptoKeyVersion)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.CryptoKeyVersion{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("GET", baseUrl.String(), nil)
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// GetPublicKey returns the public key for the given
+// CryptoKeyVersion. The
+// CryptoKey.purpose must be
+// ASYMMETRIC_SIGN
+// or
+// ASYMMETRIC_DECRYPT.
+func (c *keyManagementRESTClient) GetPublicKey(ctx context.Context, req *kmspb.GetPublicKeyRequest, opts ...gax.CallOption) (*kmspb.PublicKey, error) {
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v/publicKey", req.GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).GetPublicKey[0:len((*c.CallOptions).GetPublicKey):len((*c.CallOptions).GetPublicKey)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.PublicKey{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("GET", baseUrl.String(), nil)
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// GetImportJob returns metadata for a given ImportJob.
+func (c *keyManagementRESTClient) GetImportJob(ctx context.Context, req *kmspb.GetImportJobRequest, opts ...gax.CallOption) (*kmspb.ImportJob, error) {
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v", req.GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).GetImportJob[0:len((*c.CallOptions).GetImportJob):len((*c.CallOptions).GetImportJob)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.ImportJob{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("GET", baseUrl.String(), nil)
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// CreateKeyRing create a new KeyRing in a given Project and
+// Location.
+func (c *keyManagementRESTClient) CreateKeyRing(ctx context.Context, req *kmspb.CreateKeyRingRequest, opts ...gax.CallOption) (*kmspb.KeyRing, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	body := req.GetKeyRing()
+	jsonReq, err := m.Marshal(body)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v/keyRings", req.GetParent())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+	params.Add("keyRingId", fmt.Sprintf("%v", req.GetKeyRingId()))
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).CreateKeyRing[0:len((*c.CallOptions).CreateKeyRing):len((*c.CallOptions).CreateKeyRing)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.KeyRing{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// CreateCryptoKey create a new CryptoKey within a
+// KeyRing.
+//
+// CryptoKey.purpose and
+// CryptoKey.version_template.algorithm
+// are required.
+func (c *keyManagementRESTClient) CreateCryptoKey(ctx context.Context, req *kmspb.CreateCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	body := req.GetCryptoKey()
+	jsonReq, err := m.Marshal(body)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v/cryptoKeys", req.GetParent())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+	params.Add("cryptoKeyId", fmt.Sprintf("%v", req.GetCryptoKeyId()))
+	if req.GetSkipInitialVersionCreation() {
+		params.Add("skipInitialVersionCreation", fmt.Sprintf("%v", req.GetSkipInitialVersionCreation()))
+	}
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).CreateCryptoKey[0:len((*c.CallOptions).CreateCryptoKey):len((*c.CallOptions).CreateCryptoKey)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.CryptoKey{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// CreateCryptoKeyVersion create a new CryptoKeyVersion in a
+// CryptoKey.
+//
+// The server will assign the next sequential id. If unset,
+// state will be set to
+// ENABLED.
+func (c *keyManagementRESTClient) CreateCryptoKeyVersion(ctx context.Context, req *kmspb.CreateCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	body := req.GetCryptoKeyVersion()
+	jsonReq, err := m.Marshal(body)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v/cryptoKeyVersions", req.GetParent())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).CreateCryptoKeyVersion[0:len((*c.CallOptions).CreateCryptoKeyVersion):len((*c.CallOptions).CreateCryptoKeyVersion)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.CryptoKeyVersion{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// ImportCryptoKeyVersion import wrapped key material into a
+// CryptoKeyVersion.
+//
+// All requests must specify a CryptoKey. If
+// a CryptoKeyVersion is additionally
+// specified in the request, key material will be reimported into that
+// version. Otherwise, a new version will be created, and will be assigned the
+// next sequential id within the CryptoKey.
+func (c *keyManagementRESTClient) ImportCryptoKeyVersion(ctx context.Context, req *kmspb.ImportCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	jsonReq, err := m.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v/cryptoKeyVersions:import", req.GetParent())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).ImportCryptoKeyVersion[0:len((*c.CallOptions).ImportCryptoKeyVersion):len((*c.CallOptions).ImportCryptoKeyVersion)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.CryptoKeyVersion{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// CreateImportJob create a new ImportJob within a
+// KeyRing.
+//
+// ImportJob.import_method is
+// required.
+func (c *keyManagementRESTClient) CreateImportJob(ctx context.Context, req *kmspb.CreateImportJobRequest, opts ...gax.CallOption) (*kmspb.ImportJob, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	body := req.GetImportJob()
+	jsonReq, err := m.Marshal(body)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v/importJobs", req.GetParent())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+	params.Add("importJobId", fmt.Sprintf("%v", req.GetImportJobId()))
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).CreateImportJob[0:len((*c.CallOptions).CreateImportJob):len((*c.CallOptions).CreateImportJob)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.ImportJob{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// UpdateCryptoKey update a CryptoKey.
+func (c *keyManagementRESTClient) UpdateCryptoKey(ctx context.Context, req *kmspb.UpdateCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	body := req.GetCryptoKey()
+	jsonReq, err := m.Marshal(body)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v", req.GetCryptoKey().GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+	if req.GetUpdateMask() != nil {
+		updateMask, err := protojson.Marshal(req.GetUpdateMask())
+		if err != nil {
+			return nil, err
+		}
+		params.Add("updateMask", string(updateMask[1:len(updateMask)-1]))
+	}
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "crypto_key.name", url.QueryEscape(req.GetCryptoKey().GetName())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).UpdateCryptoKey[0:len((*c.CallOptions).UpdateCryptoKey):len((*c.CallOptions).UpdateCryptoKey)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.CryptoKey{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("PATCH", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// UpdateCryptoKeyVersion update a CryptoKeyVersion's
+// metadata.
+//
+// state may be changed between
+// ENABLED
+// and
+// DISABLED
+// using this method. See
+// DestroyCryptoKeyVersion
+// and
+// RestoreCryptoKeyVersion
+// to move between other states.
+func (c *keyManagementRESTClient) UpdateCryptoKeyVersion(ctx context.Context, req *kmspb.UpdateCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	body := req.GetCryptoKeyVersion()
+	jsonReq, err := m.Marshal(body)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v", req.GetCryptoKeyVersion().GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+	if req.GetUpdateMask() != nil {
+		updateMask, err := protojson.Marshal(req.GetUpdateMask())
+		if err != nil {
+			return nil, err
+		}
+		params.Add("updateMask", string(updateMask[1:len(updateMask)-1]))
+	}
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "crypto_key_version.name", url.QueryEscape(req.GetCryptoKeyVersion().GetName())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).UpdateCryptoKeyVersion[0:len((*c.CallOptions).UpdateCryptoKeyVersion):len((*c.CallOptions).UpdateCryptoKeyVersion)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.CryptoKeyVersion{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("PATCH", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// UpdateCryptoKeyPrimaryVersion update the version of a CryptoKey that
+// will be used in
+// Encrypt.
+//
+// Returns an error if called on a key whose purpose is not
+// ENCRYPT_DECRYPT.
+func (c *keyManagementRESTClient) UpdateCryptoKeyPrimaryVersion(ctx context.Context, req *kmspb.UpdateCryptoKeyPrimaryVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	jsonReq, err := m.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v:updatePrimaryVersion", req.GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).UpdateCryptoKeyPrimaryVersion[0:len((*c.CallOptions).UpdateCryptoKeyPrimaryVersion):len((*c.CallOptions).UpdateCryptoKeyPrimaryVersion)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.CryptoKey{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// DestroyCryptoKeyVersion schedule a CryptoKeyVersion for
+// destruction.
+//
+// Upon calling this method,
+// CryptoKeyVersion.state will
+// be set to
+// DESTROY_SCHEDULED,
+// and destroy_time will
+// be set to the time
+// destroy_scheduled_duration
+// in the future. At that time, the
+// state will automatically
+// change to
+// DESTROYED,
+// and the key material will be irrevocably destroyed.
+//
+// Before the
+// destroy_time is
+// reached,
+// RestoreCryptoKeyVersion
+// may be called to reverse the process.
+func (c *keyManagementRESTClient) DestroyCryptoKeyVersion(ctx context.Context, req *kmspb.DestroyCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	jsonReq, err := m.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v:destroy", req.GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).DestroyCryptoKeyVersion[0:len((*c.CallOptions).DestroyCryptoKeyVersion):len((*c.CallOptions).DestroyCryptoKeyVersion)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.CryptoKeyVersion{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// RestoreCryptoKeyVersion restore a CryptoKeyVersion in the
+// DESTROY_SCHEDULED
+// state.
+//
+// Upon restoration of the CryptoKeyVersion,
+// state will be set to
+// DISABLED,
+// and destroy_time will
+// be cleared.
+func (c *keyManagementRESTClient) RestoreCryptoKeyVersion(ctx context.Context, req *kmspb.RestoreCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	jsonReq, err := m.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v:restore", req.GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).RestoreCryptoKeyVersion[0:len((*c.CallOptions).RestoreCryptoKeyVersion):len((*c.CallOptions).RestoreCryptoKeyVersion)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.CryptoKeyVersion{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// Encrypt encrypts data, so that it can only be recovered by a call to
+// Decrypt. The
+// CryptoKey.purpose must be
+// ENCRYPT_DECRYPT.
+func (c *keyManagementRESTClient) Encrypt(ctx context.Context, req *kmspb.EncryptRequest, opts ...gax.CallOption) (*kmspb.EncryptResponse, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	jsonReq, err := m.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v:encrypt", req.GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).Encrypt[0:len((*c.CallOptions).Encrypt):len((*c.CallOptions).Encrypt)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.EncryptResponse{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// Decrypt decrypts data that was protected by
+// Encrypt. The
+// CryptoKey.purpose must be
+// ENCRYPT_DECRYPT.
+func (c *keyManagementRESTClient) Decrypt(ctx context.Context, req *kmspb.DecryptRequest, opts ...gax.CallOption) (*kmspb.DecryptResponse, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	jsonReq, err := m.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v:decrypt", req.GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).Decrypt[0:len((*c.CallOptions).Decrypt):len((*c.CallOptions).Decrypt)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.DecryptResponse{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// AsymmetricSign signs data using a CryptoKeyVersion
+// with CryptoKey.purpose
+// ASYMMETRIC_SIGN, producing a signature that can be verified with the public
+// key retrieved from
+// GetPublicKey.
+func (c *keyManagementRESTClient) AsymmetricSign(ctx context.Context, req *kmspb.AsymmetricSignRequest, opts ...gax.CallOption) (*kmspb.AsymmetricSignResponse, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	jsonReq, err := m.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v:asymmetricSign", req.GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).AsymmetricSign[0:len((*c.CallOptions).AsymmetricSign):len((*c.CallOptions).AsymmetricSign)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.AsymmetricSignResponse{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// AsymmetricDecrypt decrypts data that was encrypted with a public key retrieved from
+// GetPublicKey
+// corresponding to a CryptoKeyVersion
+// with CryptoKey.purpose
+// ASYMMETRIC_DECRYPT.
+func (c *keyManagementRESTClient) AsymmetricDecrypt(ctx context.Context, req *kmspb.AsymmetricDecryptRequest, opts ...gax.CallOption) (*kmspb.AsymmetricDecryptResponse, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	jsonReq, err := m.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v:asymmetricDecrypt", req.GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).AsymmetricDecrypt[0:len((*c.CallOptions).AsymmetricDecrypt):len((*c.CallOptions).AsymmetricDecrypt)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.AsymmetricDecryptResponse{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// MacSign signs data using a CryptoKeyVersion
+// with CryptoKey.purpose MAC,
+// producing a tag that can be verified by another source with the same key.
+func (c *keyManagementRESTClient) MacSign(ctx context.Context, req *kmspb.MacSignRequest, opts ...gax.CallOption) (*kmspb.MacSignResponse, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	jsonReq, err := m.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v:macSign", req.GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).MacSign[0:len((*c.CallOptions).MacSign):len((*c.CallOptions).MacSign)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.MacSignResponse{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// MacVerify verifies MAC tag using a
+// CryptoKeyVersion with
+// CryptoKey.purpose MAC, and returns
+// a response that indicates whether or not the verification was successful.
+func (c *keyManagementRESTClient) MacVerify(ctx context.Context, req *kmspb.MacVerifyRequest, opts ...gax.CallOption) (*kmspb.MacVerifyResponse, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	jsonReq, err := m.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v:macVerify", req.GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).MacVerify[0:len((*c.CallOptions).MacVerify):len((*c.CallOptions).MacVerify)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.MacVerifyResponse{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// GenerateRandomBytes generate random bytes using the Cloud KMS randomness source in the provided
+// location.
+func (c *keyManagementRESTClient) GenerateRandomBytes(ctx context.Context, req *kmspb.GenerateRandomBytesRequest, opts ...gax.CallOption) (*kmspb.GenerateRandomBytesResponse, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	jsonReq, err := m.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v:generateRandomBytes", req.GetLocation())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "location", url.QueryEscape(req.GetLocation())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).GenerateRandomBytes[0:len((*c.CallOptions).GenerateRandomBytes):len((*c.CallOptions).GenerateRandomBytes)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &kmspb.GenerateRandomBytesResponse{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// GetLocation gets information about a location.
+func (c *keyManagementRESTClient) GetLocation(ctx context.Context, req *locationpb.GetLocationRequest, opts ...gax.CallOption) (*locationpb.Location, error) {
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v", req.GetName())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).GetLocation[0:len((*c.CallOptions).GetLocation):len((*c.CallOptions).GetLocation)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &locationpb.Location{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("GET", baseUrl.String(), nil)
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// ListLocations lists information about the supported locations for this service.
+func (c *keyManagementRESTClient) ListLocations(ctx context.Context, req *locationpb.ListLocationsRequest, opts ...gax.CallOption) *LocationIterator {
+	it := &LocationIterator{}
+	req = proto.Clone(req).(*locationpb.ListLocationsRequest)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	it.InternalFetch = func(pageSize int, pageToken string) ([]*locationpb.Location, string, error) {
+		resp := &locationpb.ListLocationsResponse{}
+		if pageToken != "" {
+			req.PageToken = pageToken
+		}
+		if pageSize > math.MaxInt32 {
+			req.PageSize = math.MaxInt32
+		} else if pageSize != 0 {
+			req.PageSize = int32(pageSize)
+		}
+		baseUrl, err := url.Parse(c.endpoint)
+		if err != nil {
+			return nil, "", err
+		}
+		baseUrl.Path += fmt.Sprintf("/v1/%v/locations", req.GetName())
+
+		params := url.Values{}
+		params.Add("$alt", "json;enum-encoding=int")
+		if req.GetFilter() != "" {
+			params.Add("filter", fmt.Sprintf("%v", req.GetFilter()))
+		}
+		if req.GetPageSize() != 0 {
+			params.Add("pageSize", fmt.Sprintf("%v", req.GetPageSize()))
+		}
+		if req.GetPageToken() != "" {
+			params.Add("pageToken", fmt.Sprintf("%v", req.GetPageToken()))
+		}
+
+		baseUrl.RawQuery = params.Encode()
+
+		// Build HTTP headers from client and context metadata.
+		headers := buildHeaders(ctx, c.xGoogMetadata, metadata.Pairs("Content-Type", "application/json"))
+		e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+			if settings.Path != "" {
+				baseUrl.Path = settings.Path
+			}
+			httpReq, err := http.NewRequest("GET", baseUrl.String(), nil)
+			if err != nil {
+				return err
+			}
+			httpReq.Header = headers
+
+			httpRsp, err := c.httpClient.Do(httpReq)
+			if err != nil {
+				return err
+			}
+			defer httpRsp.Body.Close()
+
+			if err = googleapi.CheckResponse(httpRsp); err != nil {
+				return err
+			}
+
+			buf, err := io.ReadAll(httpRsp.Body)
+			if err != nil {
+				return err
+			}
+
+			if err := unm.Unmarshal(buf, resp); err != nil {
+				return err
+			}
+
+			return nil
+		}, opts...)
+		if e != nil {
+			return nil, "", e
+		}
+		it.Response = resp
+		return resp.GetLocations(), resp.GetNextPageToken(), nil
+	}
+
+	fetch := func(pageSize int, pageToken string) (string, error) {
+		items, nextPageToken, err := it.InternalFetch(pageSize, pageToken)
+		if err != nil {
+			return "", err
+		}
+		it.items = append(it.items, items...)
+		return nextPageToken, nil
+	}
+
+	it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf)
+	it.pageInfo.MaxSize = int(req.GetPageSize())
+	it.pageInfo.Token = req.GetPageToken()
+
+	return it
+}
+
+// GetIamPolicy gets the access control policy for a resource. Returns an empty policy
+// if the resource exists and does not have a policy set.
+func (c *keyManagementRESTClient) GetIamPolicy(ctx context.Context, req *iampb.GetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy, error) {
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v:getIamPolicy", req.GetResource())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+	if req.GetOptions().GetRequestedPolicyVersion() != 0 {
+		params.Add("options.requestedPolicyVersion", fmt.Sprintf("%v", req.GetOptions().GetRequestedPolicyVersion()))
+	}
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).GetIamPolicy[0:len((*c.CallOptions).GetIamPolicy):len((*c.CallOptions).GetIamPolicy)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &iampb.Policy{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("GET", baseUrl.String(), nil)
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// SetIamPolicy sets the access control policy on the specified resource. Replaces
+// any existing policy.
+//
+// Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED
+// errors.
+func (c *keyManagementRESTClient) SetIamPolicy(ctx context.Context, req *iampb.SetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	jsonReq, err := m.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v:setIamPolicy", req.GetResource())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).SetIamPolicy[0:len((*c.CallOptions).SetIamPolicy):len((*c.CallOptions).SetIamPolicy)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &iampb.Policy{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
+// TestIamPermissions returns permissions that a caller has on the specified resource. If the
+// resource does not exist, this will return an empty set of
+// permissions, not a NOT_FOUND error.
+//
+// Note: This operation is designed to be used for building
+// permission-aware UIs and command-line tools, not for authorization
+// checking. This operation may “fail open” without warning.
+func (c *keyManagementRESTClient) TestIamPermissions(ctx context.Context, req *iampb.TestIamPermissionsRequest, opts ...gax.CallOption) (*iampb.TestIamPermissionsResponse, error) {
+	m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true}
+	jsonReq, err := m.Marshal(req)
+	if err != nil {
+		return nil, err
+	}
+
+	baseUrl, err := url.Parse(c.endpoint)
+	if err != nil {
+		return nil, err
+	}
+	baseUrl.Path += fmt.Sprintf("/v1/%v:testIamPermissions", req.GetResource())
+
+	params := url.Values{}
+	params.Add("$alt", "json;enum-encoding=int")
+
+	baseUrl.RawQuery = params.Encode()
+
+	// Build HTTP headers from client and context metadata.
+	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource())))
+
+	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	opts = append((*c.CallOptions).TestIamPermissions[0:len((*c.CallOptions).TestIamPermissions):len((*c.CallOptions).TestIamPermissions)], opts...)
+	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
+	resp := &iampb.TestIamPermissionsResponse{}
+	e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		if settings.Path != "" {
+			baseUrl.Path = settings.Path
+		}
+		httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq))
+		if err != nil {
+			return err
+		}
+		httpReq = httpReq.WithContext(ctx)
+		httpReq.Header = headers
+
+		httpRsp, err := c.httpClient.Do(httpReq)
+		if err != nil {
+			return err
+		}
+		defer httpRsp.Body.Close()
+
+		if err = googleapi.CheckResponse(httpRsp); err != nil {
+			return err
+		}
+
+		buf, err := io.ReadAll(httpRsp.Body)
+		if err != nil {
+			return err
+		}
+
+		if err := unm.Unmarshal(buf, resp); err != nil {
+			return err
+		}
+
+		return nil
+	}, opts...)
+	if e != nil {
+		return nil, e
+	}
+	return resp, nil
+}
+
 // CryptoKeyIterator manages a stream of *kmspb.CryptoKey.
 type CryptoKeyIterator struct {
 	items    []*kmspb.CryptoKey
diff --git a/vendor/cloud.google.com/go/kms/apiv1/kmspb/ekm_service.pb.go b/vendor/cloud.google.com/go/kms/apiv1/kmspb/ekm_service.pb.go
index 14b54a6e4..c0fd16edf 100644
--- a/vendor/cloud.google.com/go/kms/apiv1/kmspb/ekm_service.pb.go
+++ b/vendor/cloud.google.com/go/kms/apiv1/kmspb/ekm_service.pb.go
@@ -1,4 +1,4 @@
-// Copyright 2021 Google LLC
+// Copyright 2023 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -14,8 +14,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.26.0
-// 	protoc        v3.21.5
+// 	protoc-gen-go v1.30.0
+// 	protoc        v4.23.2
 // source: google/cloud/kms/v1/ekm_service.proto
 
 package kmspb
@@ -42,7 +42,87 @@ const (
 	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
 )
 
-// Request message for [KeyManagementService.ListEkmConnections][].
+// [KeyManagementMode][google.cloud.kms.v1.EkmConnection.KeyManagementMode]
+// describes who can perform control plane cryptographic operations using this
+// [EkmConnection][google.cloud.kms.v1.EkmConnection].
+type EkmConnection_KeyManagementMode int32
+
+const (
+	// Not specified.
+	EkmConnection_KEY_MANAGEMENT_MODE_UNSPECIFIED EkmConnection_KeyManagementMode = 0
+	// EKM-side key management operations on
+	// [CryptoKeys][google.cloud.kms.v1.CryptoKey] created with this
+	// [EkmConnection][google.cloud.kms.v1.EkmConnection] must be initiated from
+	// the EKM directly and cannot be performed from Cloud KMS. This means that:
+	// * When creating a
+	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] associated with
+	// this
+	//   [EkmConnection][google.cloud.kms.v1.EkmConnection], the caller must
+	//   supply the key path of pre-existing external key material that will be
+	//   linked to the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
+	// * Destruction of external key material cannot be requested via the
+	//   Cloud KMS API and must be performed directly in the EKM.
+	// * Automatic rotation of key material is not supported.
+	EkmConnection_MANUAL EkmConnection_KeyManagementMode = 1
+	// All [CryptoKeys][google.cloud.kms.v1.CryptoKey] created with this
+	// [EkmConnection][google.cloud.kms.v1.EkmConnection] use EKM-side key
+	// management operations initiated from Cloud KMS. This means that:
+	// * When a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
+	// associated with this [EkmConnection][google.cloud.kms.v1.EkmConnection]
+	// is
+	//   created, the EKM automatically generates new key material and a new
+	//   key path. The caller cannot supply the key path of pre-existing
+	//   external key material.
+	// * Destruction of external key material associated with this
+	//   [EkmConnection][google.cloud.kms.v1.EkmConnection] can be requested by
+	//   calling [DestroyCryptoKeyVersion][EkmService.DestroyCryptoKeyVersion].
+	// * Automatic rotation of key material is supported.
+	EkmConnection_CLOUD_KMS EkmConnection_KeyManagementMode = 2
+)
+
+// Enum value maps for EkmConnection_KeyManagementMode.
+var (
+	EkmConnection_KeyManagementMode_name = map[int32]string{
+		0: "KEY_MANAGEMENT_MODE_UNSPECIFIED",
+		1: "MANUAL",
+		2: "CLOUD_KMS",
+	}
+	EkmConnection_KeyManagementMode_value = map[string]int32{
+		"KEY_MANAGEMENT_MODE_UNSPECIFIED": 0,
+		"MANUAL":                          1,
+		"CLOUD_KMS":                       2,
+	}
+)
+
+func (x EkmConnection_KeyManagementMode) Enum() *EkmConnection_KeyManagementMode {
+	p := new(EkmConnection_KeyManagementMode)
+	*p = x
+	return p
+}
+
+func (x EkmConnection_KeyManagementMode) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (EkmConnection_KeyManagementMode) Descriptor() protoreflect.EnumDescriptor {
+	return file_google_cloud_kms_v1_ekm_service_proto_enumTypes[0].Descriptor()
+}
+
+func (EkmConnection_KeyManagementMode) Type() protoreflect.EnumType {
+	return &file_google_cloud_kms_v1_ekm_service_proto_enumTypes[0]
+}
+
+func (x EkmConnection_KeyManagementMode) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use EkmConnection_KeyManagementMode.Descriptor instead.
+func (EkmConnection_KeyManagementMode) EnumDescriptor() ([]byte, []int) {
+	return file_google_cloud_kms_v1_ekm_service_proto_rawDescGZIP(), []int{8, 0}
+}
+
+// Request message for
+// [EkmService.ListEkmConnections][google.cloud.kms.v1.EkmService.ListEkmConnections].
 type ListEkmConnectionsRequest struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -142,7 +222,8 @@ func (x *ListEkmConnectionsRequest) GetOrderBy() string {
 	return ""
 }
 
-// Response message for [KeyManagementService.ListEkmConnections][].
+// Response message for
+// [EkmService.ListEkmConnections][google.cloud.kms.v1.EkmService.ListEkmConnections].
 type ListEkmConnectionsResponse struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -212,7 +293,8 @@ func (x *ListEkmConnectionsResponse) GetTotalSize() int32 {
 	return 0
 }
 
-// Request message for [KeyManagementService.GetEkmConnection][].
+// Request message for
+// [EkmService.GetEkmConnection][google.cloud.kms.v1.EkmService.GetEkmConnection].
 type GetEkmConnectionRequest struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -262,7 +344,8 @@ func (x *GetEkmConnectionRequest) GetName() string {
 	return ""
 }
 
-// Request message for [KeyManagementService.CreateEkmConnection][].
+// Request message for
+// [EkmService.CreateEkmConnection][google.cloud.kms.v1.EkmService.CreateEkmConnection].
 type CreateEkmConnectionRequest struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -333,7 +416,8 @@ func (x *CreateEkmConnectionRequest) GetEkmConnection() *EkmConnection {
 	return nil
 }
 
-// Request message for [KeyManagementService.UpdateEkmConnection][].
+// Request message for
+// [EkmService.UpdateEkmConnection][google.cloud.kms.v1.EkmService.UpdateEkmConnection].
 type UpdateEkmConnectionRequest struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -392,6 +476,116 @@ func (x *UpdateEkmConnectionRequest) GetUpdateMask() *fieldmaskpb.FieldMask {
 	return nil
 }
 
+// Request message for
+// [EkmService.GetEkmConfig][google.cloud.kms.v1.EkmService.GetEkmConfig].
+type GetEkmConfigRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Required. The [name][google.cloud.kms.v1.EkmConfig.name] of the
+	// [EkmConfig][google.cloud.kms.v1.EkmConfig] to get.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+}
+
+func (x *GetEkmConfigRequest) Reset() {
+	*x = GetEkmConfigRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_cloud_kms_v1_ekm_service_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GetEkmConfigRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetEkmConfigRequest) ProtoMessage() {}
+
+func (x *GetEkmConfigRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_google_cloud_kms_v1_ekm_service_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetEkmConfigRequest.ProtoReflect.Descriptor instead.
+func (*GetEkmConfigRequest) Descriptor() ([]byte, []int) {
+	return file_google_cloud_kms_v1_ekm_service_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *GetEkmConfigRequest) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+// Request message for
+// [EkmService.UpdateEkmConfig][google.cloud.kms.v1.EkmService.UpdateEkmConfig].
+type UpdateEkmConfigRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Required. [EkmConfig][google.cloud.kms.v1.EkmConfig] with updated values.
+	EkmConfig *EkmConfig `protobuf:"bytes,1,opt,name=ekm_config,json=ekmConfig,proto3" json:"ekm_config,omitempty"`
+	// Required. List of fields to be updated in this request.
+	UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
+}
+
+func (x *UpdateEkmConfigRequest) Reset() {
+	*x = UpdateEkmConfigRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_cloud_kms_v1_ekm_service_proto_msgTypes[6]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *UpdateEkmConfigRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UpdateEkmConfigRequest) ProtoMessage() {}
+
+func (x *UpdateEkmConfigRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_google_cloud_kms_v1_ekm_service_proto_msgTypes[6]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UpdateEkmConfigRequest.ProtoReflect.Descriptor instead.
+func (*UpdateEkmConfigRequest) Descriptor() ([]byte, []int) {
+	return file_google_cloud_kms_v1_ekm_service_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *UpdateEkmConfigRequest) GetEkmConfig() *EkmConfig {
+	if x != nil {
+		return x.EkmConfig
+	}
+	return nil
+}
+
+func (x *UpdateEkmConfigRequest) GetUpdateMask() *fieldmaskpb.FieldMask {
+	if x != nil {
+		return x.UpdateMask
+	}
+	return nil
+}
+
 // A [Certificate][google.cloud.kms.v1.Certificate] represents an X.509
 // certificate used to authenticate HTTPS connections to EKM replicas.
 type Certificate struct {
@@ -429,7 +623,7 @@ type Certificate struct {
 func (x *Certificate) Reset() {
 	*x = Certificate{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_google_cloud_kms_v1_ekm_service_proto_msgTypes[5]
+		mi := &file_google_cloud_kms_v1_ekm_service_proto_msgTypes[7]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -442,7 +636,7 @@ func (x *Certificate) String() string {
 func (*Certificate) ProtoMessage() {}
 
 func (x *Certificate) ProtoReflect() protoreflect.Message {
-	mi := &file_google_cloud_kms_v1_ekm_service_proto_msgTypes[5]
+	mi := &file_google_cloud_kms_v1_ekm_service_proto_msgTypes[7]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -455,7 +649,7 @@ func (x *Certificate) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use Certificate.ProtoReflect.Descriptor instead.
 func (*Certificate) Descriptor() ([]byte, []int) {
-	return file_google_cloud_kms_v1_ekm_service_proto_rawDescGZIP(), []int{5}
+	return file_google_cloud_kms_v1_ekm_service_proto_rawDescGZIP(), []int{7}
 }
 
 func (x *Certificate) GetRawDer() []byte {
@@ -548,16 +742,25 @@ type EkmConnection struct {
 	// [ServiceResolver][google.cloud.kms.v1.EkmConnection.ServiceResolver] is
 	// supported.
 	ServiceResolvers []*EkmConnection_ServiceResolver `protobuf:"bytes,3,rep,name=service_resolvers,json=serviceResolvers,proto3" json:"service_resolvers,omitempty"`
-	// This checksum is computed by the server based on the value of other fields,
-	// and may be sent on update requests to ensure the client has an up-to-date
-	// value before proceeding.
+	// Optional. Etag of the currently stored
+	// [EkmConnection][google.cloud.kms.v1.EkmConnection].
 	Etag string `protobuf:"bytes,5,opt,name=etag,proto3" json:"etag,omitempty"`
+	// Optional. Describes who can perform control plane operations on the EKM. If
+	// unset, this defaults to
+	// [MANUAL][google.cloud.kms.v1.EkmConnection.KeyManagementMode.MANUAL].
+	KeyManagementMode EkmConnection_KeyManagementMode `protobuf:"varint,6,opt,name=key_management_mode,json=keyManagementMode,proto3,enum=google.cloud.kms.v1.EkmConnection_KeyManagementMode" json:"key_management_mode,omitempty"`
+	// Optional. Identifies the EKM Crypto Space that this
+	// [EkmConnection][google.cloud.kms.v1.EkmConnection] maps to. Note: This
+	// field is required if
+	// [KeyManagementMode][google.cloud.kms.v1.EkmConnection.KeyManagementMode] is
+	// [CLOUD_KMS][google.cloud.kms.v1.EkmConnection.KeyManagementMode.CLOUD_KMS].
+	CryptoSpacePath string `protobuf:"bytes,7,opt,name=crypto_space_path,json=cryptoSpacePath,proto3" json:"crypto_space_path,omitempty"`
 }
 
 func (x *EkmConnection) Reset() {
 	*x = EkmConnection{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_google_cloud_kms_v1_ekm_service_proto_msgTypes[6]
+		mi := &file_google_cloud_kms_v1_ekm_service_proto_msgTypes[8]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -570,7 +773,7 @@ func (x *EkmConnection) String() string {
 func (*EkmConnection) ProtoMessage() {}
 
 func (x *EkmConnection) ProtoReflect() protoreflect.Message {
-	mi := &file_google_cloud_kms_v1_ekm_service_proto_msgTypes[6]
+	mi := &file_google_cloud_kms_v1_ekm_service_proto_msgTypes[8]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -583,7 +786,7 @@ func (x *EkmConnection) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use EkmConnection.ProtoReflect.Descriptor instead.
 func (*EkmConnection) Descriptor() ([]byte, []int) {
-	return file_google_cloud_kms_v1_ekm_service_proto_rawDescGZIP(), []int{6}
+	return file_google_cloud_kms_v1_ekm_service_proto_rawDescGZIP(), []int{8}
 }
 
 func (x *EkmConnection) GetName() string {
@@ -614,6 +817,179 @@ func (x *EkmConnection) GetEtag() string {
 	return ""
 }
 
+func (x *EkmConnection) GetKeyManagementMode() EkmConnection_KeyManagementMode {
+	if x != nil {
+		return x.KeyManagementMode
+	}
+	return EkmConnection_KEY_MANAGEMENT_MODE_UNSPECIFIED
+}
+
+func (x *EkmConnection) GetCryptoSpacePath() string {
+	if x != nil {
+		return x.CryptoSpacePath
+	}
+	return ""
+}
+
+// An [EkmConfig][google.cloud.kms.v1.EkmConfig] is a singleton resource that
+// represents configuration parameters that apply to all
+// [CryptoKeys][google.cloud.kms.v1.CryptoKey] and
+// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] with a
+// [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of
+// [EXTERNAL_VPC][CryptoKeyVersion.ProtectionLevel.EXTERNAL_VPC] in a given
+// project and location.
+type EkmConfig struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Output only. The resource name for the
+	// [EkmConfig][google.cloud.kms.v1.EkmConfig] in the format
+	// `projects/*/locations/*/ekmConfig`.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	// Optional. Resource name of the default
+	// [EkmConnection][google.cloud.kms.v1.EkmConnection]. Setting this field to
+	// the empty string removes the default.
+	DefaultEkmConnection string `protobuf:"bytes,2,opt,name=default_ekm_connection,json=defaultEkmConnection,proto3" json:"default_ekm_connection,omitempty"`
+}
+
+func (x *EkmConfig) Reset() {
+	*x = EkmConfig{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_cloud_kms_v1_ekm_service_proto_msgTypes[9]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *EkmConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EkmConfig) ProtoMessage() {}
+
+func (x *EkmConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_google_cloud_kms_v1_ekm_service_proto_msgTypes[9]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use EkmConfig.ProtoReflect.Descriptor instead.
+func (*EkmConfig) Descriptor() ([]byte, []int) {
+	return file_google_cloud_kms_v1_ekm_service_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *EkmConfig) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *EkmConfig) GetDefaultEkmConnection() string {
+	if x != nil {
+		return x.DefaultEkmConnection
+	}
+	return ""
+}
+
+// Request message for
+// [EkmService.VerifyConnectivity][google.cloud.kms.v1.EkmService.VerifyConnectivity].
+type VerifyConnectivityRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Required. The [name][google.cloud.kms.v1.EkmConnection.name] of the
+	// [EkmConnection][google.cloud.kms.v1.EkmConnection] to verify.
+	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+}
+
+func (x *VerifyConnectivityRequest) Reset() {
+	*x = VerifyConnectivityRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_cloud_kms_v1_ekm_service_proto_msgTypes[10]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *VerifyConnectivityRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*VerifyConnectivityRequest) ProtoMessage() {}
+
+func (x *VerifyConnectivityRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_google_cloud_kms_v1_ekm_service_proto_msgTypes[10]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use VerifyConnectivityRequest.ProtoReflect.Descriptor instead.
+func (*VerifyConnectivityRequest) Descriptor() ([]byte, []int) {
+	return file_google_cloud_kms_v1_ekm_service_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *VerifyConnectivityRequest) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+// Response message for
+// [EkmService.VerifyConnectivity][google.cloud.kms.v1.EkmService.VerifyConnectivity].
+type VerifyConnectivityResponse struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+}
+
+func (x *VerifyConnectivityResponse) Reset() {
+	*x = VerifyConnectivityResponse{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_cloud_kms_v1_ekm_service_proto_msgTypes[11]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *VerifyConnectivityResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*VerifyConnectivityResponse) ProtoMessage() {}
+
+func (x *VerifyConnectivityResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_google_cloud_kms_v1_ekm_service_proto_msgTypes[11]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use VerifyConnectivityResponse.ProtoReflect.Descriptor instead.
+func (*VerifyConnectivityResponse) Descriptor() ([]byte, []int) {
+	return file_google_cloud_kms_v1_ekm_service_proto_rawDescGZIP(), []int{11}
+}
+
 // A [ServiceResolver][google.cloud.kms.v1.EkmConnection.ServiceResolver]
 // represents an EKM replica that can be reached within an
 // [EkmConnection][google.cloud.kms.v1.EkmConnection].
@@ -636,14 +1012,15 @@ type EkmConnection_ServiceResolver struct {
 	// Required. The hostname of the EKM replica used at TLS and HTTP layers.
 	Hostname string `protobuf:"bytes,3,opt,name=hostname,proto3" json:"hostname,omitempty"`
 	// Required. A list of leaf server certificates used to authenticate HTTPS
-	// connections to the EKM replica.
+	// connections to the EKM replica. Currently, a maximum of 10
+	// [Certificate][google.cloud.kms.v1.Certificate] is supported.
 	ServerCertificates []*Certificate `protobuf:"bytes,4,rep,name=server_certificates,json=serverCertificates,proto3" json:"server_certificates,omitempty"`
 }
 
 func (x *EkmConnection_ServiceResolver) Reset() {
 	*x = EkmConnection_ServiceResolver{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_google_cloud_kms_v1_ekm_service_proto_msgTypes[7]
+		mi := &file_google_cloud_kms_v1_ekm_service_proto_msgTypes[12]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -656,7 +1033,7 @@ func (x *EkmConnection_ServiceResolver) String() string {
 func (*EkmConnection_ServiceResolver) ProtoMessage() {}
 
 func (x *EkmConnection_ServiceResolver) ProtoReflect() protoreflect.Message {
-	mi := &file_google_cloud_kms_v1_ekm_service_proto_msgTypes[7]
+	mi := &file_google_cloud_kms_v1_ekm_service_proto_msgTypes[12]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -669,7 +1046,7 @@ func (x *EkmConnection_ServiceResolver) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use EkmConnection_ServiceResolver.ProtoReflect.Descriptor instead.
 func (*EkmConnection_ServiceResolver) Descriptor() ([]byte, []int) {
-	return file_google_cloud_kms_v1_ekm_service_proto_rawDescGZIP(), []int{6, 0}
+	return file_google_cloud_kms_v1_ekm_service_proto_rawDescGZIP(), []int{8, 0}
 }
 
 func (x *EkmConnection_ServiceResolver) GetServiceDirectoryService() string {
@@ -774,151 +1151,238 @@ var file_google_cloud_kms_v1_ekm_service_proto_rawDesc = []byte{
 	0x61, 0x74, 0x65, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a,
 	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
 	0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4d, 0x61, 0x73, 0x6b, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52,
-	0x0a, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4d, 0x61, 0x73, 0x6b, 0x22, 0xba, 0x03, 0x0a, 0x0b,
-	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1c, 0x0a, 0x07, 0x72,
-	0x61, 0x77, 0x5f, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41,
-	0x02, 0x52, 0x06, 0x72, 0x61, 0x77, 0x44, 0x65, 0x72, 0x12, 0x1b, 0x0a, 0x06, 0x70, 0x61, 0x72,
-	0x73, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x06,
-	0x70, 0x61, 0x72, 0x73, 0x65, 0x64, 0x12, 0x1b, 0x0a, 0x06, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x06, 0x69, 0x73, 0x73,
-	0x75, 0x65, 0x72, 0x12, 0x1d, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x04,
-	0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65,
-	0x63, 0x74, 0x12, 0x46, 0x0a, 0x1d, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x61, 0x6c,
-	0x74, 0x65, 0x72, 0x6e, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x64, 0x6e, 0x73, 0x5f, 0x6e, 0x61,
-	0x6d, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x1a,
-	0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x74, 0x69,
-	0x76, 0x65, 0x44, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x47, 0x0a, 0x0f, 0x6e, 0x6f,
-	0x74, 0x5f, 0x62, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x06, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x42,
-	0x03, 0xe0, 0x41, 0x03, 0x52, 0x0d, 0x6e, 0x6f, 0x74, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x54,
-	0x69, 0x6d, 0x65, 0x12, 0x45, 0x0a, 0x0e, 0x6e, 0x6f, 0x74, 0x5f, 0x61, 0x66, 0x74, 0x65, 0x72,
-	0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69,
-	0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x0c, 0x6e, 0x6f,
-	0x74, 0x41, 0x66, 0x74, 0x65, 0x72, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x28, 0x0a, 0x0d, 0x73, 0x65,
-	0x72, 0x69, 0x61, 0x6c, 0x5f, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x08, 0x20, 0x01, 0x28,
-	0x09, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x0c, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4e, 0x75,
-	0x6d, 0x62, 0x65, 0x72, 0x12, 0x32, 0x0a, 0x12, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x5f, 0x66,
-	0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09,
-	0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x11, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x46, 0x69, 0x6e,
-	0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x22, 0xfc, 0x04, 0x0a, 0x0d, 0x45, 0x6b, 0x6d,
-	0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x17, 0x0a, 0x04, 0x6e, 0x61,
-	0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x04, 0x6e,
-	0x61, 0x6d, 0x65, 0x12, 0x40, 0x0a, 0x0b, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x5f, 0x74, 0x69,
-	0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73,
-	0x74, 0x61, 0x6d, 0x70, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74,
-	0x65, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x5f, 0x0a, 0x11, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
-	0x5f, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b,
-	0x32, 0x32, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e,
-	0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
-	0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f,
-	0x6c, 0x76, 0x65, 0x72, 0x52, 0x10, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73,
-	0x6f, 0x6c, 0x76, 0x65, 0x72, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x65, 0x74, 0x61, 0x67, 0x18, 0x05,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x65, 0x74, 0x61, 0x67, 0x1a, 0xa5, 0x02, 0x0a, 0x0f, 0x53,
-	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x12, 0x6b,
-	0x0a, 0x19, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74,
-	0x6f, 0x72, 0x79, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x42, 0x2f, 0xe0, 0x41, 0x02, 0xfa, 0x41, 0x29, 0x0a, 0x27, 0x73, 0x65, 0x72, 0x76, 0x69,
-	0x63, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x53, 0x65, 0x72, 0x76, 0x69,
-	0x63, 0x65, 0x52, 0x17, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x69, 0x72, 0x65, 0x63,
-	0x74, 0x6f, 0x72, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x2c, 0x0a, 0x0f, 0x65,
-	0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x0e, 0x65, 0x6e, 0x64, 0x70, 0x6f,
-	0x69, 0x6e, 0x74, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x08, 0x68, 0x6f, 0x73,
-	0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02,
-	0x52, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x56, 0x0a, 0x13, 0x73, 0x65,
-	0x72, 0x76, 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
-	0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x65,
-	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x12,
-	0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
-	0x65, 0x73, 0x3a, 0x73, 0xea, 0x41, 0x70, 0x0a, 0x25, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d,
-	0x73, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d,
-	0x2f, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x47,
-	0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x7b, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63,
-	0x74, 0x7d, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x7b, 0x6c, 0x6f,
-	0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x7d, 0x2f, 0x65, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x7b, 0x65, 0x6b, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x6e,
-	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x7d, 0x32, 0xb1, 0x07, 0x0a, 0x0a, 0x45, 0x6b, 0x6d, 0x53,
-	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0xba, 0x01, 0x0a, 0x12, 0x4c, 0x69, 0x73, 0x74, 0x45,
-	0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x2e, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73,
-	0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73,
-	0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x43,
-	0x82, 0xd3, 0xe4, 0x93, 0x02, 0x34, 0x12, 0x32, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x70, 0x61, 0x72,
-	0x65, 0x6e, 0x74, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c,
-	0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x7d, 0x2f, 0x65, 0x6b, 0x6d, 0x43,
-	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0xda, 0x41, 0x06, 0x70, 0x61, 0x72,
-	0x65, 0x6e, 0x74, 0x12, 0xa7, 0x01, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x45, 0x6b, 0x6d, 0x43, 0x6f,
-	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x47,
-	0x65, 0x74, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x6b, 0x6d,
-	0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x41, 0x82, 0xd3, 0xe4, 0x93,
-	0x02, 0x34, 0x12, 0x32, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x70, 0x72,
-	0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x65, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x7d, 0xda, 0x41, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0xe0, 0x01,
-	0x0a, 0x13, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
-	0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61,
-	0x74, 0x65, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x6b, 0x6d,
-	0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x74, 0x82, 0xd3, 0xe4, 0x93,
-	0x02, 0x44, 0x22, 0x32, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x3d,
-	0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x7d, 0x2f, 0x65, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x3a, 0x0e, 0x65, 0x6b, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x6e,
-	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0xda, 0x41, 0x27, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x2c,
-	0x65, 0x6b, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69,
-	0x64, 0x2c, 0x65, 0x6b, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
-	0x12, 0xe2, 0x01, 0x0a, 0x13, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x45, 0x6b, 0x6d, 0x43, 0x6f,
-	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x55,
-	0x70, 0x64, 0x61, 0x74, 0x65, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e,
-	0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x76, 0x82,
-	0xd3, 0xe4, 0x93, 0x02, 0x53, 0x32, 0x41, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x65, 0x6b, 0x6d, 0x5f,
-	0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x6e, 0x61, 0x6d, 0x65, 0x3d,
-	0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x65, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x7d, 0x3a, 0x0e, 0x65, 0x6b, 0x6d, 0x5f, 0x63, 0x6f,
-	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0xda, 0x41, 0x1a, 0x65, 0x6b, 0x6d, 0x5f, 0x63,
-	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2c, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65,
-	0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x1a, 0x74, 0xca, 0x41, 0x17, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b,
+	0x0a, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4d, 0x61, 0x73, 0x6b, 0x22, 0x54, 0x0a, 0x13, 0x47,
+	0x65, 0x74, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x12, 0x3d, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x42, 0x29, 0xe0, 0x41, 0x02, 0xfa, 0x41, 0x23, 0x0a, 0x21, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b,
 	0x6d, 0x73, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f,
-	0x6d, 0xd2, 0x41, 0x57, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61,
-	0x75, 0x74, 0x68, 0x2f, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2d, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f,
-	0x72, 0x6d, 0x2c, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x75,
-	0x74, 0x68, 0x2f, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x42, 0x92, 0x02, 0x0a, 0x17,
-	0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64,
-	0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x42, 0x0f, 0x45, 0x6b, 0x6d, 0x53, 0x65, 0x72, 0x76,
-	0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x36, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65,
-	0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69,
-	0x73, 0x2f, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2f, 0x6b, 0x6d, 0x73, 0x2f, 0x76, 0x31, 0x3b, 0x6b,
-	0x6d, 0x73, 0xf8, 0x01, 0x01, 0xaa, 0x02, 0x13, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x43,
-	0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x4b, 0x6d, 0x73, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x13, 0x47, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x5c, 0x43, 0x6c, 0x6f, 0x75, 0x64, 0x5c, 0x4b, 0x6d, 0x73, 0x5c, 0x56,
-	0x31, 0xea, 0x41, 0x7c, 0x0a, 0x27, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x64, 0x69, 0x72,
-	0x65, 0x63, 0x74, 0x6f, 0x72, 0x79, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69,
-	0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x51, 0x70,
-	0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x7b, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74,
-	0x7d, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x7b, 0x6c, 0x6f, 0x63,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x7d, 0x2f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65,
-	0x73, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x7d, 0x2f, 0x73, 0x65,
-	0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2f, 0x7b, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x7d,
+	0x6d, 0x2f, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x04, 0x6e, 0x61, 0x6d,
+	0x65, 0x22, 0x9e, 0x01, 0x0a, 0x16, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x45, 0x6b, 0x6d, 0x43,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x42, 0x0a, 0x0a,
+	0x65, 0x6b, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e,
+	0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x09, 0x65, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x12, 0x40, 0x0a, 0x0b, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4d, 0x61, 0x73,
+	0x6b, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0a, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4d, 0x61,
+	0x73, 0x6b, 0x22, 0xba, 0x03, 0x0a, 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
+	0x74, 0x65, 0x12, 0x1c, 0x0a, 0x07, 0x72, 0x61, 0x77, 0x5f, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x06, 0x72, 0x61, 0x77, 0x44, 0x65, 0x72,
+	0x12, 0x1b, 0x0a, 0x06, 0x70, 0x61, 0x72, 0x73, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08,
+	0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x06, 0x70, 0x61, 0x72, 0x73, 0x65, 0x64, 0x12, 0x1b, 0x0a,
+	0x06, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0,
+	0x41, 0x03, 0x52, 0x06, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x12, 0x1d, 0x0a, 0x07, 0x73, 0x75,
+	0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x03,
+	0x52, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x46, 0x0a, 0x1d, 0x73, 0x75, 0x62,
+	0x6a, 0x65, 0x63, 0x74, 0x5f, 0x61, 0x6c, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x74, 0x69, 0x76, 0x65,
+	0x5f, 0x64, 0x6e, 0x73, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09,
+	0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x1a, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c,
+	0x74, 0x65, 0x72, 0x6e, 0x61, 0x74, 0x69, 0x76, 0x65, 0x44, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65,
+	0x73, 0x12, 0x47, 0x0a, 0x0f, 0x6e, 0x6f, 0x74, 0x5f, 0x62, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x5f,
+	0x74, 0x69, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d,
+	0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x0d, 0x6e, 0x6f, 0x74,
+	0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x45, 0x0a, 0x0e, 0x6e, 0x6f,
+	0x74, 0x5f, 0x61, 0x66, 0x74, 0x65, 0x72, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x07, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x42, 0x03,
+	0xe0, 0x41, 0x03, 0x52, 0x0c, 0x6e, 0x6f, 0x74, 0x41, 0x66, 0x74, 0x65, 0x72, 0x54, 0x69, 0x6d,
+	0x65, 0x12, 0x28, 0x0a, 0x0d, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x5f, 0x6e, 0x75, 0x6d, 0x62,
+	0x65, 0x72, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x0c, 0x73,
+	0x65, 0x72, 0x69, 0x61, 0x6c, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x32, 0x0a, 0x12, 0x73,
+	0x68, 0x61, 0x32, 0x35, 0x36, 0x5f, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e,
+	0x74, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x11, 0x73, 0x68,
+	0x61, 0x32, 0x35, 0x36, 0x46, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x22,
+	0xf2, 0x06, 0x0a, 0x0d, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x12, 0x17, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42,
+	0x03, 0xe0, 0x41, 0x03, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x40, 0x0a, 0x0b, 0x63, 0x72,
+	0x65, 0x61, 0x74, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x42, 0x03, 0xe0, 0x41, 0x03,
+	0x52, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x5f, 0x0a, 0x11,
+	0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72,
+	0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x6b,
+	0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x53, 0x65, 0x72, 0x76,
+	0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x52, 0x10, 0x73, 0x65, 0x72,
+	0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x73, 0x12, 0x17, 0x0a,
+	0x04, 0x65, 0x74, 0x61, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x01,
+	0x52, 0x04, 0x65, 0x74, 0x61, 0x67, 0x12, 0x69, 0x0a, 0x13, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x61,
+	0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x06, 0x20,
+	0x01, 0x28, 0x0e, 0x32, 0x34, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f,
+	0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e,
+	0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x4b, 0x65, 0x79, 0x4d, 0x61, 0x6e, 0x61, 0x67,
+	0x65, 0x6d, 0x65, 0x6e, 0x74, 0x4d, 0x6f, 0x64, 0x65, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x11,
+	0x6b, 0x65, 0x79, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x4d, 0x6f, 0x64,
+	0x65, 0x12, 0x2f, 0x0a, 0x11, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x5f, 0x73, 0x70, 0x61, 0x63,
+	0x65, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41,
+	0x01, 0x52, 0x0f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x53, 0x70, 0x61, 0x63, 0x65, 0x50, 0x61,
+	0x74, 0x68, 0x1a, 0xa5, 0x02, 0x0a, 0x0f, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65,
+	0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x12, 0x6b, 0x0a, 0x19, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63,
+	0x65, 0x5f, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79, 0x5f, 0x73, 0x65, 0x72, 0x76,
+	0x69, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x2f, 0xe0, 0x41, 0x02, 0xfa, 0x41,
+	0x29, 0x0a, 0x27, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74,
+	0x6f, 0x72, 0x79, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63,
+	0x6f, 0x6d, 0x2f, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x17, 0x73, 0x65, 0x72, 0x76,
+	0x69, 0x63, 0x65, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79, 0x53, 0x65, 0x72, 0x76,
+	0x69, 0x63, 0x65, 0x12, 0x2c, 0x0a, 0x0f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x5f,
+	0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41,
+	0x01, 0x52, 0x0e, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x46, 0x69, 0x6c, 0x74, 0x65,
+	0x72, 0x12, 0x1f, 0x0a, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20,
+	0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61,
+	0x6d, 0x65, 0x12, 0x56, 0x0a, 0x13, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72,
+	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x20, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b,
+	0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
+	0x65, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x12, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x65,
+	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x22, 0x53, 0x0a, 0x11, 0x4b, 0x65,
+	0x79, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x4d, 0x6f, 0x64, 0x65, 0x12,
+	0x23, 0x0a, 0x1f, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x41, 0x4e, 0x41, 0x47, 0x45, 0x4d, 0x45, 0x4e,
+	0x54, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49,
+	0x45, 0x44, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x4d, 0x41, 0x4e, 0x55, 0x41, 0x4c, 0x10, 0x01,
+	0x12, 0x0d, 0x0a, 0x09, 0x43, 0x4c, 0x4f, 0x55, 0x44, 0x5f, 0x4b, 0x4d, 0x53, 0x10, 0x02, 0x3a,
+	0x73, 0xea, 0x41, 0x70, 0x0a, 0x25, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x45, 0x6b,
+	0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x47, 0x70, 0x72, 0x6f,
+	0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x7b, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x7d, 0x2f,
+	0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x7b, 0x6c, 0x6f, 0x63, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x7d, 0x2f, 0x65, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x2f, 0x7b, 0x65, 0x6b, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
+	0x69, 0x6f, 0x6e, 0x7d, 0x22, 0xe4, 0x01, 0x0a, 0x09, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x12, 0x17, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x63, 0x0a, 0x16, 0x64,
+	0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x65, 0x6b, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x2d, 0xe0, 0x41, 0x01,
+	0xfa, 0x41, 0x27, 0x0a, 0x25, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x45, 0x6b, 0x6d,
+	0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x14, 0x64, 0x65, 0x66, 0x61,
+	0x75, 0x6c, 0x74, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+	0x3a, 0x59, 0xea, 0x41, 0x56, 0x0a, 0x21, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x45,
+	0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x31, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63,
+	0x74, 0x73, 0x2f, 0x7b, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x7d, 0x2f, 0x6c, 0x6f, 0x63,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x7b, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x7d, 0x2f, 0x65, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0x5e, 0x0a, 0x19, 0x56,
+	0x65, 0x72, 0x69, 0x66, 0x79, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x76, 0x69, 0x74,
+	0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x41, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x2d, 0xe0, 0x41, 0x02, 0xfa, 0x41, 0x27, 0x0a, 0x25,
+	0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61,
+	0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x1c, 0x0a, 0x1a, 0x56,
+	0x65, 0x72, 0x69, 0x66, 0x79, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x76, 0x69, 0x74,
+	0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x32, 0xdc, 0x0b, 0x0a, 0x0a, 0x45, 0x6b,
+	0x6d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0xba, 0x01, 0x0a, 0x12, 0x4c, 0x69, 0x73,
+	0x74, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12,
+	0x2e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b,
+	0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e,
+	0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+	0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b,
+	0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e,
+	0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+	0x22, 0x43, 0xda, 0x41, 0x06, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x82, 0xd3, 0xe4, 0x93, 0x02,
+	0x34, 0x12, 0x32, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x3d, 0x70,
+	0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x7d, 0x2f, 0x65, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
+	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0xa7, 0x01, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x45, 0x6b, 0x6d,
+	0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2c, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31,
+	0x2e, 0x47, 0x65, 0x74, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x45,
+	0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x41, 0xda, 0x41,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x34, 0x12, 0x32, 0x2f, 0x76, 0x31,
+	0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f,
+	0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x65, 0x6b,
+	0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x7d, 0x12,
+	0xe0, 0x01, 0x0a, 0x13, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e,
+	0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72,
+	0x65, 0x61, 0x74, 0x65, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x45,
+	0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x74, 0xda, 0x41,
+	0x27, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x2c, 0x65, 0x6b, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x6e,
+	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x2c, 0x65, 0x6b, 0x6d, 0x5f, 0x63, 0x6f,
+	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x44, 0x3a, 0x0e,
+	0x65, 0x6b, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x32,
+	0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x3d, 0x70, 0x72, 0x6f, 0x6a,
+	0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x2f, 0x2a, 0x7d, 0x2f, 0x65, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x73, 0x12, 0xe2, 0x01, 0x0a, 0x13, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x45, 0x6b, 0x6d,
+	0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2f, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31,
+	0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
+	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76,
+	0x31, 0x2e, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22,
+	0x76, 0xda, 0x41, 0x1a, 0x65, 0x6b, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x2c, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x82, 0xd3,
+	0xe4, 0x93, 0x02, 0x53, 0x3a, 0x0e, 0x65, 0x6b, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
+	0x74, 0x69, 0x6f, 0x6e, 0x32, 0x41, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x65, 0x6b, 0x6d, 0x5f, 0x63,
+	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x70,
+	0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x65, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x7d, 0x12, 0x94, 0x01, 0x0a, 0x0c, 0x47, 0x65, 0x74, 0x45,
+	0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x28, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x47,
+	0x65, 0x74, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75,
+	0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x22, 0x3a, 0xda, 0x41, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x82, 0xd3, 0xe4, 0x93, 0x02,
+	0x2d, 0x12, 0x2b, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x70, 0x72, 0x6f,
+	0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x2f, 0x2a, 0x2f, 0x65, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x7d, 0x12, 0xc3,
+	0x01, 0x0a, 0x0f, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x12, 0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75,
+	0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x45,
+	0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+	0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b,
+	0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22,
+	0x63, 0xda, 0x41, 0x16, 0x65, 0x6b, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2c, 0x75,
+	0x70, 0x64, 0x61, 0x74, 0x65, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x44,
+	0x3a, 0x0a, 0x65, 0x6b, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x32, 0x36, 0x2f, 0x76,
+	0x31, 0x2f, 0x7b, 0x65, 0x6b, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x6e, 0x61,
+	0x6d, 0x65, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f,
+	0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x65, 0x6b, 0x6d, 0x43, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x7d, 0x12, 0xcb, 0x01, 0x0a, 0x12, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x43,
+	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x76, 0x69, 0x74, 0x79, 0x12, 0x2e, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76,
+	0x31, 0x2e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
+	0x76, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76,
+	0x31, 0x2e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
+	0x76, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x54, 0xda, 0x41,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x47, 0x12, 0x45, 0x2f, 0x76, 0x31,
+	0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f,
+	0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x65, 0x6b,
+	0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x7d, 0x3a,
+	0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x76, 0x69,
+	0x74, 0x79, 0x1a, 0x74, 0xca, 0x41, 0x17, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0xd2, 0x41,
+	0x57, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x75, 0x74, 0x68,
+	0x2f, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2d, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2c,
+	0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x2f,
+	0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x42, 0x85, 0x02, 0xea, 0x41, 0x7c, 0x0a, 0x27,
+	0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
+	0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x51, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74,
+	0x73, 0x2f, 0x7b, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x7d, 0x2f, 0x6c, 0x6f, 0x63, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x7b, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x7d,
+	0x2f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, 0x2f, 0x7b, 0x6e, 0x61, 0x6d,
+	0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x7d, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73,
+	0x2f, 0x7b, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x7d, 0x0a, 0x17, 0x63, 0x6f, 0x6d, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73,
+	0x2e, 0x76, 0x31, 0x42, 0x0f, 0x45, 0x6b, 0x6d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50,
+	0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x29, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x2f, 0x6b, 0x6d, 0x73, 0x2f,
+	0x61, 0x70, 0x69, 0x76, 0x31, 0x2f, 0x6b, 0x6d, 0x73, 0x70, 0x62, 0x3b, 0x6b, 0x6d, 0x73, 0x70,
+	0x62, 0xf8, 0x01, 0x01, 0xaa, 0x02, 0x13, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x43, 0x6c,
+	0x6f, 0x75, 0x64, 0x2e, 0x4b, 0x6d, 0x73, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x13, 0x47, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x5c, 0x43, 0x6c, 0x6f, 0x75, 0x64, 0x5c, 0x4b, 0x6d, 0x73, 0x5c, 0x56, 0x31,
 	0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
@@ -934,42 +1398,58 @@ func file_google_cloud_kms_v1_ekm_service_proto_rawDescGZIP() []byte {
 	return file_google_cloud_kms_v1_ekm_service_proto_rawDescData
 }
 
-var file_google_cloud_kms_v1_ekm_service_proto_msgTypes = make([]protoimpl.MessageInfo, 8)
+var file_google_cloud_kms_v1_ekm_service_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_google_cloud_kms_v1_ekm_service_proto_msgTypes = make([]protoimpl.MessageInfo, 13)
 var file_google_cloud_kms_v1_ekm_service_proto_goTypes = []interface{}{
-	(*ListEkmConnectionsRequest)(nil),     // 0: google.cloud.kms.v1.ListEkmConnectionsRequest
-	(*ListEkmConnectionsResponse)(nil),    // 1: google.cloud.kms.v1.ListEkmConnectionsResponse
-	(*GetEkmConnectionRequest)(nil),       // 2: google.cloud.kms.v1.GetEkmConnectionRequest
-	(*CreateEkmConnectionRequest)(nil),    // 3: google.cloud.kms.v1.CreateEkmConnectionRequest
-	(*UpdateEkmConnectionRequest)(nil),    // 4: google.cloud.kms.v1.UpdateEkmConnectionRequest
-	(*Certificate)(nil),                   // 5: google.cloud.kms.v1.Certificate
-	(*EkmConnection)(nil),                 // 6: google.cloud.kms.v1.EkmConnection
-	(*EkmConnection_ServiceResolver)(nil), // 7: google.cloud.kms.v1.EkmConnection.ServiceResolver
-	(*fieldmaskpb.FieldMask)(nil),         // 8: google.protobuf.FieldMask
-	(*timestamppb.Timestamp)(nil),         // 9: google.protobuf.Timestamp
+	(EkmConnection_KeyManagementMode)(0),  // 0: google.cloud.kms.v1.EkmConnection.KeyManagementMode
+	(*ListEkmConnectionsRequest)(nil),     // 1: google.cloud.kms.v1.ListEkmConnectionsRequest
+	(*ListEkmConnectionsResponse)(nil),    // 2: google.cloud.kms.v1.ListEkmConnectionsResponse
+	(*GetEkmConnectionRequest)(nil),       // 3: google.cloud.kms.v1.GetEkmConnectionRequest
+	(*CreateEkmConnectionRequest)(nil),    // 4: google.cloud.kms.v1.CreateEkmConnectionRequest
+	(*UpdateEkmConnectionRequest)(nil),    // 5: google.cloud.kms.v1.UpdateEkmConnectionRequest
+	(*GetEkmConfigRequest)(nil),           // 6: google.cloud.kms.v1.GetEkmConfigRequest
+	(*UpdateEkmConfigRequest)(nil),        // 7: google.cloud.kms.v1.UpdateEkmConfigRequest
+	(*Certificate)(nil),                   // 8: google.cloud.kms.v1.Certificate
+	(*EkmConnection)(nil),                 // 9: google.cloud.kms.v1.EkmConnection
+	(*EkmConfig)(nil),                     // 10: google.cloud.kms.v1.EkmConfig
+	(*VerifyConnectivityRequest)(nil),     // 11: google.cloud.kms.v1.VerifyConnectivityRequest
+	(*VerifyConnectivityResponse)(nil),    // 12: google.cloud.kms.v1.VerifyConnectivityResponse
+	(*EkmConnection_ServiceResolver)(nil), // 13: google.cloud.kms.v1.EkmConnection.ServiceResolver
+	(*fieldmaskpb.FieldMask)(nil),         // 14: google.protobuf.FieldMask
+	(*timestamppb.Timestamp)(nil),         // 15: google.protobuf.Timestamp
 }
 var file_google_cloud_kms_v1_ekm_service_proto_depIdxs = []int32{
-	6,  // 0: google.cloud.kms.v1.ListEkmConnectionsResponse.ekm_connections:type_name -> google.cloud.kms.v1.EkmConnection
-	6,  // 1: google.cloud.kms.v1.CreateEkmConnectionRequest.ekm_connection:type_name -> google.cloud.kms.v1.EkmConnection
-	6,  // 2: google.cloud.kms.v1.UpdateEkmConnectionRequest.ekm_connection:type_name -> google.cloud.kms.v1.EkmConnection
-	8,  // 3: google.cloud.kms.v1.UpdateEkmConnectionRequest.update_mask:type_name -> google.protobuf.FieldMask
-	9,  // 4: google.cloud.kms.v1.Certificate.not_before_time:type_name -> google.protobuf.Timestamp
-	9,  // 5: google.cloud.kms.v1.Certificate.not_after_time:type_name -> google.protobuf.Timestamp
-	9,  // 6: google.cloud.kms.v1.EkmConnection.create_time:type_name -> google.protobuf.Timestamp
-	7,  // 7: google.cloud.kms.v1.EkmConnection.service_resolvers:type_name -> google.cloud.kms.v1.EkmConnection.ServiceResolver
-	5,  // 8: google.cloud.kms.v1.EkmConnection.ServiceResolver.server_certificates:type_name -> google.cloud.kms.v1.Certificate
-	0,  // 9: google.cloud.kms.v1.EkmService.ListEkmConnections:input_type -> google.cloud.kms.v1.ListEkmConnectionsRequest
-	2,  // 10: google.cloud.kms.v1.EkmService.GetEkmConnection:input_type -> google.cloud.kms.v1.GetEkmConnectionRequest
-	3,  // 11: google.cloud.kms.v1.EkmService.CreateEkmConnection:input_type -> google.cloud.kms.v1.CreateEkmConnectionRequest
-	4,  // 12: google.cloud.kms.v1.EkmService.UpdateEkmConnection:input_type -> google.cloud.kms.v1.UpdateEkmConnectionRequest
-	1,  // 13: google.cloud.kms.v1.EkmService.ListEkmConnections:output_type -> google.cloud.kms.v1.ListEkmConnectionsResponse
-	6,  // 14: google.cloud.kms.v1.EkmService.GetEkmConnection:output_type -> google.cloud.kms.v1.EkmConnection
-	6,  // 15: google.cloud.kms.v1.EkmService.CreateEkmConnection:output_type -> google.cloud.kms.v1.EkmConnection
-	6,  // 16: google.cloud.kms.v1.EkmService.UpdateEkmConnection:output_type -> google.cloud.kms.v1.EkmConnection
-	13, // [13:17] is the sub-list for method output_type
-	9,  // [9:13] is the sub-list for method input_type
-	9,  // [9:9] is the sub-list for extension type_name
-	9,  // [9:9] is the sub-list for extension extendee
-	0,  // [0:9] is the sub-list for field type_name
+	9,  // 0: google.cloud.kms.v1.ListEkmConnectionsResponse.ekm_connections:type_name -> google.cloud.kms.v1.EkmConnection
+	9,  // 1: google.cloud.kms.v1.CreateEkmConnectionRequest.ekm_connection:type_name -> google.cloud.kms.v1.EkmConnection
+	9,  // 2: google.cloud.kms.v1.UpdateEkmConnectionRequest.ekm_connection:type_name -> google.cloud.kms.v1.EkmConnection
+	14, // 3: google.cloud.kms.v1.UpdateEkmConnectionRequest.update_mask:type_name -> google.protobuf.FieldMask
+	10, // 4: google.cloud.kms.v1.UpdateEkmConfigRequest.ekm_config:type_name -> google.cloud.kms.v1.EkmConfig
+	14, // 5: google.cloud.kms.v1.UpdateEkmConfigRequest.update_mask:type_name -> google.protobuf.FieldMask
+	15, // 6: google.cloud.kms.v1.Certificate.not_before_time:type_name -> google.protobuf.Timestamp
+	15, // 7: google.cloud.kms.v1.Certificate.not_after_time:type_name -> google.protobuf.Timestamp
+	15, // 8: google.cloud.kms.v1.EkmConnection.create_time:type_name -> google.protobuf.Timestamp
+	13, // 9: google.cloud.kms.v1.EkmConnection.service_resolvers:type_name -> google.cloud.kms.v1.EkmConnection.ServiceResolver
+	0,  // 10: google.cloud.kms.v1.EkmConnection.key_management_mode:type_name -> google.cloud.kms.v1.EkmConnection.KeyManagementMode
+	8,  // 11: google.cloud.kms.v1.EkmConnection.ServiceResolver.server_certificates:type_name -> google.cloud.kms.v1.Certificate
+	1,  // 12: google.cloud.kms.v1.EkmService.ListEkmConnections:input_type -> google.cloud.kms.v1.ListEkmConnectionsRequest
+	3,  // 13: google.cloud.kms.v1.EkmService.GetEkmConnection:input_type -> google.cloud.kms.v1.GetEkmConnectionRequest
+	4,  // 14: google.cloud.kms.v1.EkmService.CreateEkmConnection:input_type -> google.cloud.kms.v1.CreateEkmConnectionRequest
+	5,  // 15: google.cloud.kms.v1.EkmService.UpdateEkmConnection:input_type -> google.cloud.kms.v1.UpdateEkmConnectionRequest
+	6,  // 16: google.cloud.kms.v1.EkmService.GetEkmConfig:input_type -> google.cloud.kms.v1.GetEkmConfigRequest
+	7,  // 17: google.cloud.kms.v1.EkmService.UpdateEkmConfig:input_type -> google.cloud.kms.v1.UpdateEkmConfigRequest
+	11, // 18: google.cloud.kms.v1.EkmService.VerifyConnectivity:input_type -> google.cloud.kms.v1.VerifyConnectivityRequest
+	2,  // 19: google.cloud.kms.v1.EkmService.ListEkmConnections:output_type -> google.cloud.kms.v1.ListEkmConnectionsResponse
+	9,  // 20: google.cloud.kms.v1.EkmService.GetEkmConnection:output_type -> google.cloud.kms.v1.EkmConnection
+	9,  // 21: google.cloud.kms.v1.EkmService.CreateEkmConnection:output_type -> google.cloud.kms.v1.EkmConnection
+	9,  // 22: google.cloud.kms.v1.EkmService.UpdateEkmConnection:output_type -> google.cloud.kms.v1.EkmConnection
+	10, // 23: google.cloud.kms.v1.EkmService.GetEkmConfig:output_type -> google.cloud.kms.v1.EkmConfig
+	10, // 24: google.cloud.kms.v1.EkmService.UpdateEkmConfig:output_type -> google.cloud.kms.v1.EkmConfig
+	12, // 25: google.cloud.kms.v1.EkmService.VerifyConnectivity:output_type -> google.cloud.kms.v1.VerifyConnectivityResponse
+	19, // [19:26] is the sub-list for method output_type
+	12, // [12:19] is the sub-list for method input_type
+	12, // [12:12] is the sub-list for extension type_name
+	12, // [12:12] is the sub-list for extension extendee
+	0,  // [0:12] is the sub-list for field type_name
 }
 
 func init() { file_google_cloud_kms_v1_ekm_service_proto_init() }
@@ -1039,7 +1519,7 @@ func file_google_cloud_kms_v1_ekm_service_proto_init() {
 			}
 		}
 		file_google_cloud_kms_v1_ekm_service_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Certificate); i {
+			switch v := v.(*GetEkmConfigRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -1051,7 +1531,7 @@ func file_google_cloud_kms_v1_ekm_service_proto_init() {
 			}
 		}
 		file_google_cloud_kms_v1_ekm_service_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*EkmConnection); i {
+			switch v := v.(*UpdateEkmConfigRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -1063,6 +1543,66 @@ func file_google_cloud_kms_v1_ekm_service_proto_init() {
 			}
 		}
 		file_google_cloud_kms_v1_ekm_service_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Certificate); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_cloud_kms_v1_ekm_service_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*EkmConnection); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_cloud_kms_v1_ekm_service_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*EkmConfig); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_cloud_kms_v1_ekm_service_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*VerifyConnectivityRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_cloud_kms_v1_ekm_service_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*VerifyConnectivityResponse); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_cloud_kms_v1_ekm_service_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*EkmConnection_ServiceResolver); i {
 			case 0:
 				return &v.state
@@ -1080,13 +1620,14 @@ func file_google_cloud_kms_v1_ekm_service_proto_init() {
 		File: protoimpl.DescBuilder{
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_google_cloud_kms_v1_ekm_service_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   8,
+			NumEnums:      1,
+			NumMessages:   13,
 			NumExtensions: 0,
 			NumServices:   1,
 		},
 		GoTypes:           file_google_cloud_kms_v1_ekm_service_proto_goTypes,
 		DependencyIndexes: file_google_cloud_kms_v1_ekm_service_proto_depIdxs,
+		EnumInfos:         file_google_cloud_kms_v1_ekm_service_proto_enumTypes,
 		MessageInfos:      file_google_cloud_kms_v1_ekm_service_proto_msgTypes,
 	}.Build()
 	File_google_cloud_kms_v1_ekm_service_proto = out.File
@@ -1117,6 +1658,18 @@ type EkmServiceClient interface {
 	CreateEkmConnection(ctx context.Context, in *CreateEkmConnectionRequest, opts ...grpc.CallOption) (*EkmConnection, error)
 	// Updates an [EkmConnection][google.cloud.kms.v1.EkmConnection]'s metadata.
 	UpdateEkmConnection(ctx context.Context, in *UpdateEkmConnectionRequest, opts ...grpc.CallOption) (*EkmConnection, error)
+	// Returns the [EkmConfig][google.cloud.kms.v1.EkmConfig] singleton resource
+	// for a given project and location.
+	GetEkmConfig(ctx context.Context, in *GetEkmConfigRequest, opts ...grpc.CallOption) (*EkmConfig, error)
+	// Updates the [EkmConfig][google.cloud.kms.v1.EkmConfig] singleton resource
+	// for a given project and location.
+	UpdateEkmConfig(ctx context.Context, in *UpdateEkmConfigRequest, opts ...grpc.CallOption) (*EkmConfig, error)
+	// Verifies that Cloud KMS can successfully connect to the external key
+	// manager specified by an [EkmConnection][google.cloud.kms.v1.EkmConnection].
+	// If there is an error connecting to the EKM, this method returns a
+	// FAILED_PRECONDITION status containing structured information as described
+	// at https://cloud.google.com/kms/docs/reference/ekm_errors.
+	VerifyConnectivity(ctx context.Context, in *VerifyConnectivityRequest, opts ...grpc.CallOption) (*VerifyConnectivityResponse, error)
 }
 
 type ekmServiceClient struct {
@@ -1163,6 +1716,33 @@ func (c *ekmServiceClient) UpdateEkmConnection(ctx context.Context, in *UpdateEk
 	return out, nil
 }
 
+func (c *ekmServiceClient) GetEkmConfig(ctx context.Context, in *GetEkmConfigRequest, opts ...grpc.CallOption) (*EkmConfig, error) {
+	out := new(EkmConfig)
+	err := c.cc.Invoke(ctx, "/google.cloud.kms.v1.EkmService/GetEkmConfig", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ekmServiceClient) UpdateEkmConfig(ctx context.Context, in *UpdateEkmConfigRequest, opts ...grpc.CallOption) (*EkmConfig, error) {
+	out := new(EkmConfig)
+	err := c.cc.Invoke(ctx, "/google.cloud.kms.v1.EkmService/UpdateEkmConfig", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ekmServiceClient) VerifyConnectivity(ctx context.Context, in *VerifyConnectivityRequest, opts ...grpc.CallOption) (*VerifyConnectivityResponse, error) {
+	out := new(VerifyConnectivityResponse)
+	err := c.cc.Invoke(ctx, "/google.cloud.kms.v1.EkmService/VerifyConnectivity", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
 // EkmServiceServer is the server API for EkmService service.
 type EkmServiceServer interface {
 	// Lists [EkmConnections][google.cloud.kms.v1.EkmConnection].
@@ -1175,6 +1755,18 @@ type EkmServiceServer interface {
 	CreateEkmConnection(context.Context, *CreateEkmConnectionRequest) (*EkmConnection, error)
 	// Updates an [EkmConnection][google.cloud.kms.v1.EkmConnection]'s metadata.
 	UpdateEkmConnection(context.Context, *UpdateEkmConnectionRequest) (*EkmConnection, error)
+	// Returns the [EkmConfig][google.cloud.kms.v1.EkmConfig] singleton resource
+	// for a given project and location.
+	GetEkmConfig(context.Context, *GetEkmConfigRequest) (*EkmConfig, error)
+	// Updates the [EkmConfig][google.cloud.kms.v1.EkmConfig] singleton resource
+	// for a given project and location.
+	UpdateEkmConfig(context.Context, *UpdateEkmConfigRequest) (*EkmConfig, error)
+	// Verifies that Cloud KMS can successfully connect to the external key
+	// manager specified by an [EkmConnection][google.cloud.kms.v1.EkmConnection].
+	// If there is an error connecting to the EKM, this method returns a
+	// FAILED_PRECONDITION status containing structured information as described
+	// at https://cloud.google.com/kms/docs/reference/ekm_errors.
+	VerifyConnectivity(context.Context, *VerifyConnectivityRequest) (*VerifyConnectivityResponse, error)
 }
 
 // UnimplementedEkmServiceServer can be embedded to have forward compatible implementations.
@@ -1193,6 +1785,15 @@ func (*UnimplementedEkmServiceServer) CreateEkmConnection(context.Context, *Crea
 func (*UnimplementedEkmServiceServer) UpdateEkmConnection(context.Context, *UpdateEkmConnectionRequest) (*EkmConnection, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method UpdateEkmConnection not implemented")
 }
+func (*UnimplementedEkmServiceServer) GetEkmConfig(context.Context, *GetEkmConfigRequest) (*EkmConfig, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetEkmConfig not implemented")
+}
+func (*UnimplementedEkmServiceServer) UpdateEkmConfig(context.Context, *UpdateEkmConfigRequest) (*EkmConfig, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method UpdateEkmConfig not implemented")
+}
+func (*UnimplementedEkmServiceServer) VerifyConnectivity(context.Context, *VerifyConnectivityRequest) (*VerifyConnectivityResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method VerifyConnectivity not implemented")
+}
 
 func RegisterEkmServiceServer(s *grpc.Server, srv EkmServiceServer) {
 	s.RegisterService(&_EkmService_serviceDesc, srv)
@@ -1270,6 +1871,60 @@ func _EkmService_UpdateEkmConnection_Handler(srv interface{}, ctx context.Contex
 	return interceptor(ctx, in, info, handler)
 }
 
+func _EkmService_GetEkmConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetEkmConfigRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(EkmServiceServer).GetEkmConfig(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/google.cloud.kms.v1.EkmService/GetEkmConfig",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(EkmServiceServer).GetEkmConfig(ctx, req.(*GetEkmConfigRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _EkmService_UpdateEkmConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdateEkmConfigRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(EkmServiceServer).UpdateEkmConfig(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/google.cloud.kms.v1.EkmService/UpdateEkmConfig",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(EkmServiceServer).UpdateEkmConfig(ctx, req.(*UpdateEkmConfigRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _EkmService_VerifyConnectivity_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(VerifyConnectivityRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(EkmServiceServer).VerifyConnectivity(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/google.cloud.kms.v1.EkmService/VerifyConnectivity",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(EkmServiceServer).VerifyConnectivity(ctx, req.(*VerifyConnectivityRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
 var _EkmService_serviceDesc = grpc.ServiceDesc{
 	ServiceName: "google.cloud.kms.v1.EkmService",
 	HandlerType: (*EkmServiceServer)(nil),
@@ -1290,6 +1945,18 @@ var _EkmService_serviceDesc = grpc.ServiceDesc{
 			MethodName: "UpdateEkmConnection",
 			Handler:    _EkmService_UpdateEkmConnection_Handler,
 		},
+		{
+			MethodName: "GetEkmConfig",
+			Handler:    _EkmService_GetEkmConfig_Handler,
+		},
+		{
+			MethodName: "UpdateEkmConfig",
+			Handler:    _EkmService_UpdateEkmConfig_Handler,
+		},
+		{
+			MethodName: "VerifyConnectivity",
+			Handler:    _EkmService_VerifyConnectivity_Handler,
+		},
 	},
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "google/cloud/kms/v1/ekm_service.proto",
diff --git a/vendor/cloud.google.com/go/kms/apiv1/kmspb/resources.pb.go b/vendor/cloud.google.com/go/kms/apiv1/kmspb/resources.pb.go
index 8f565f7a4..d806e35d5 100644
--- a/vendor/cloud.google.com/go/kms/apiv1/kmspb/resources.pb.go
+++ b/vendor/cloud.google.com/go/kms/apiv1/kmspb/resources.pb.go
@@ -1,4 +1,4 @@
-// Copyright 2021 Google LLC
+// Copyright 2023 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -14,8 +14,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.26.0
-// 	protoc        v3.21.5
+// 	protoc-gen-go v1.30.0
+// 	protoc        v4.23.2
 // source: google/cloud/kms/v1/resources.proto
 
 package kmspb
@@ -186,6 +186,9 @@ const (
 	KeyOperationAttestation_ATTESTATION_FORMAT_UNSPECIFIED KeyOperationAttestation_AttestationFormat = 0
 	// Cavium HSM attestation compressed with gzip. Note that this format is
 	// defined by Cavium and subject to change at any time.
+	//
+	// See
+	// https://www.marvell.com/products/security-solutions/nitrox-hs-adapters/software-key-attestation.html.
 	KeyOperationAttestation_CAVIUM_V1_COMPRESSED KeyOperationAttestation_AttestationFormat = 3
 	// Cavium HSM attestation V2 compressed with gzip. This is a new format
 	// introduced in Cavium's version 3.2-08.
@@ -322,14 +325,28 @@ const (
 	// RSAES-OAEP 4096 bit key with a SHA1 digest.
 	CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA1 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 39
 	// ECDSA on the NIST P-256 curve with a SHA256 digest.
+	// Other hash functions can also be used:
+	// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
 	CryptoKeyVersion_EC_SIGN_P256_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 12
 	// ECDSA on the NIST P-384 curve with a SHA384 digest.
+	// Other hash functions can also be used:
+	// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
 	CryptoKeyVersion_EC_SIGN_P384_SHA384 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 13
 	// ECDSA on the non-NIST secp256k1 curve. This curve is only supported for
 	// HSM protection level.
+	// Other hash functions can also be used:
+	// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
 	CryptoKeyVersion_EC_SIGN_SECP256K1_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 31
 	// HMAC-SHA256 signing with a 256 bit key.
 	CryptoKeyVersion_HMAC_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 32
+	// HMAC-SHA1 signing with a 160 bit key.
+	CryptoKeyVersion_HMAC_SHA1 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 33
+	// HMAC-SHA384 signing with a 384 bit key.
+	CryptoKeyVersion_HMAC_SHA384 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 34
+	// HMAC-SHA512 signing with a 512 bit key.
+	CryptoKeyVersion_HMAC_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 35
+	// HMAC-SHA224 signing with a 224 bit key.
+	CryptoKeyVersion_HMAC_SHA224 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 36
 	// Algorithm representing symmetric encryption by an external key manager.
 	CryptoKeyVersion_EXTERNAL_SYMMETRIC_ENCRYPTION CryptoKeyVersion_CryptoKeyVersionAlgorithm = 18
 )
@@ -361,6 +378,10 @@ var (
 		13: "EC_SIGN_P384_SHA384",
 		31: "EC_SIGN_SECP256K1_SHA256",
 		32: "HMAC_SHA256",
+		33: "HMAC_SHA1",
+		34: "HMAC_SHA384",
+		35: "HMAC_SHA512",
+		36: "HMAC_SHA224",
 		18: "EXTERNAL_SYMMETRIC_ENCRYPTION",
 	}
 	CryptoKeyVersion_CryptoKeyVersionAlgorithm_value = map[string]int32{
@@ -388,6 +409,10 @@ var (
 		"EC_SIGN_P384_SHA384":                      13,
 		"EC_SIGN_SECP256K1_SHA256":                 31,
 		"HMAC_SHA256":                              32,
+		"HMAC_SHA1":                                33,
+		"HMAC_SHA384":                              34,
+		"HMAC_SHA512":                              35,
+		"HMAC_SHA224":                              36,
 		"EXTERNAL_SYMMETRIC_ENCRYPTION":            18,
 	}
 )
@@ -465,19 +490,36 @@ const (
 	// Additional details can be found in
 	// [CryptoKeyVersion.import_failure_reason][google.cloud.kms.v1.CryptoKeyVersion.import_failure_reason].
 	CryptoKeyVersion_IMPORT_FAILED CryptoKeyVersion_CryptoKeyVersionState = 7
+	// This version was not generated successfully. It may not be used, enabled,
+	// disabled, or destroyed. Additional details can be found in
+	// [CryptoKeyVersion.generation_failure_reason][google.cloud.kms.v1.CryptoKeyVersion.generation_failure_reason].
+	CryptoKeyVersion_GENERATION_FAILED CryptoKeyVersion_CryptoKeyVersionState = 8
+	// This version was destroyed, and it may not be used or enabled again.
+	// Cloud KMS is waiting for the corresponding key material residing in an
+	// external key manager to be destroyed.
+	CryptoKeyVersion_PENDING_EXTERNAL_DESTRUCTION CryptoKeyVersion_CryptoKeyVersionState = 9
+	// This version was destroyed, and it may not be used or enabled again.
+	// However, Cloud KMS could not confirm that the corresponding key material
+	// residing in an external key manager was destroyed. Additional details can
+	// be found in
+	// [CryptoKeyVersion.external_destruction_failure_reason][google.cloud.kms.v1.CryptoKeyVersion.external_destruction_failure_reason].
+	CryptoKeyVersion_EXTERNAL_DESTRUCTION_FAILED CryptoKeyVersion_CryptoKeyVersionState = 10
 )
 
 // Enum value maps for CryptoKeyVersion_CryptoKeyVersionState.
 var (
 	CryptoKeyVersion_CryptoKeyVersionState_name = map[int32]string{
-		0: "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED",
-		5: "PENDING_GENERATION",
-		1: "ENABLED",
-		2: "DISABLED",
-		3: "DESTROYED",
-		4: "DESTROY_SCHEDULED",
-		6: "PENDING_IMPORT",
-		7: "IMPORT_FAILED",
+		0:  "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED",
+		5:  "PENDING_GENERATION",
+		1:  "ENABLED",
+		2:  "DISABLED",
+		3:  "DESTROYED",
+		4:  "DESTROY_SCHEDULED",
+		6:  "PENDING_IMPORT",
+		7:  "IMPORT_FAILED",
+		8:  "GENERATION_FAILED",
+		9:  "PENDING_EXTERNAL_DESTRUCTION",
+		10: "EXTERNAL_DESTRUCTION_FAILED",
 	}
 	CryptoKeyVersion_CryptoKeyVersionState_value = map[string]int32{
 		"CRYPTO_KEY_VERSION_STATE_UNSPECIFIED": 0,
@@ -488,6 +530,9 @@ var (
 		"DESTROY_SCHEDULED":                    4,
 		"PENDING_IMPORT":                       6,
 		"IMPORT_FAILED":                        7,
+		"GENERATION_FAILED":                    8,
+		"PENDING_EXTERNAL_DESTRUCTION":         9,
+		"EXTERNAL_DESTRUCTION_FAILED":          10,
 	}
 )
 
@@ -599,6 +644,30 @@ const (
 	// [RSA AES key wrap
 	// mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
 	ImportJob_RSA_OAEP_4096_SHA1_AES_256 ImportJob_ImportMethod = 2
+	// This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping
+	// scheme defined in the PKCS #11 standard. In summary, this involves
+	// wrapping the raw key with an ephemeral AES key, and wrapping the
+	// ephemeral AES key with a 3072 bit RSA key. For more details, see
+	// [RSA AES key wrap
+	// mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
+	ImportJob_RSA_OAEP_3072_SHA256_AES_256 ImportJob_ImportMethod = 3
+	// This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping
+	// scheme defined in the PKCS #11 standard. In summary, this involves
+	// wrapping the raw key with an ephemeral AES key, and wrapping the
+	// ephemeral AES key with a 4096 bit RSA key. For more details, see
+	// [RSA AES key wrap
+	// mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
+	ImportJob_RSA_OAEP_4096_SHA256_AES_256 ImportJob_ImportMethod = 4
+	// This ImportMethod represents RSAES-OAEP with a 3072 bit RSA key. The
+	// key material to be imported is wrapped directly with the RSA key. Due
+	// to technical limitations of RSA wrapping, this method cannot be used to
+	// wrap RSA keys for import.
+	ImportJob_RSA_OAEP_3072_SHA256 ImportJob_ImportMethod = 5
+	// This ImportMethod represents RSAES-OAEP with a 4096 bit RSA key. The
+	// key material to be imported is wrapped directly with the RSA key. Due
+	// to technical limitations of RSA wrapping, this method cannot be used to
+	// wrap RSA keys for import.
+	ImportJob_RSA_OAEP_4096_SHA256 ImportJob_ImportMethod = 6
 )
 
 // Enum value maps for ImportJob_ImportMethod.
@@ -607,11 +676,19 @@ var (
 		0: "IMPORT_METHOD_UNSPECIFIED",
 		1: "RSA_OAEP_3072_SHA1_AES_256",
 		2: "RSA_OAEP_4096_SHA1_AES_256",
+		3: "RSA_OAEP_3072_SHA256_AES_256",
+		4: "RSA_OAEP_4096_SHA256_AES_256",
+		5: "RSA_OAEP_3072_SHA256",
+		6: "RSA_OAEP_4096_SHA256",
 	}
 	ImportJob_ImportMethod_value = map[string]int32{
-		"IMPORT_METHOD_UNSPECIFIED":  0,
-		"RSA_OAEP_3072_SHA1_AES_256": 1,
-		"RSA_OAEP_4096_SHA1_AES_256": 2,
+		"IMPORT_METHOD_UNSPECIFIED":    0,
+		"RSA_OAEP_3072_SHA1_AES_256":   1,
+		"RSA_OAEP_4096_SHA1_AES_256":   2,
+		"RSA_OAEP_3072_SHA256_AES_256": 3,
+		"RSA_OAEP_4096_SHA256_AES_256": 4,
+		"RSA_OAEP_3072_SHA256":         5,
+		"RSA_OAEP_4096_SHA256":         6,
 	}
 )
 
@@ -824,7 +901,6 @@ type CryptoKey struct {
 	// Controls the rate of automatic rotation.
 	//
 	// Types that are assignable to RotationSchedule:
-	//
 	//	*CryptoKey_RotationPeriod
 	RotationSchedule isCryptoKey_RotationSchedule `protobuf_oneof:"rotation_schedule"`
 	// A template describing settings for new
@@ -1210,6 +1286,15 @@ type CryptoKeyVersion struct {
 	// if [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
 	// [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED].
 	ImportFailureReason string `protobuf:"bytes,16,opt,name=import_failure_reason,json=importFailureReason,proto3" json:"import_failure_reason,omitempty"`
+	// Output only. The root cause of the most recent generation failure. Only
+	// present if [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
+	// [GENERATION_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.GENERATION_FAILED].
+	GenerationFailureReason string `protobuf:"bytes,19,opt,name=generation_failure_reason,json=generationFailureReason,proto3" json:"generation_failure_reason,omitempty"`
+	// Output only. The root cause of the most recent external destruction
+	// failure. Only present if
+	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
+	// [EXTERNAL_DESTRUCTION_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.EXTERNAL_DESTRUCTION_FAILED].
+	ExternalDestructionFailureReason string `protobuf:"bytes,20,opt,name=external_destruction_failure_reason,json=externalDestructionFailureReason,proto3" json:"external_destruction_failure_reason,omitempty"`
 	// ExternalProtectionLevelOptions stores a group of additional fields for
 	// configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that
 	// are specific to the
@@ -1339,6 +1424,20 @@ func (x *CryptoKeyVersion) GetImportFailureReason() string {
 	return ""
 }
 
+func (x *CryptoKeyVersion) GetGenerationFailureReason() string {
+	if x != nil {
+		return x.GenerationFailureReason
+	}
+	return ""
+}
+
+func (x *CryptoKeyVersion) GetExternalDestructionFailureReason() string {
+	if x != nil {
+		return x.ExternalDestructionFailureReason
+	}
+	return ""
+}
+
 func (x *CryptoKeyVersion) GetExternalProtectionLevelOptions() *ExternalProtectionLevelOptions {
 	if x != nil {
 		return x.ExternalProtectionLevelOptions
@@ -1981,7 +2080,7 @@ var file_google_cloud_kms_v1_resources_proto_rawDesc = []byte{
 	0x12, 0x18, 0x0a, 0x14, 0x43, 0x41, 0x56, 0x49, 0x55, 0x4d, 0x5f, 0x56, 0x31, 0x5f, 0x43, 0x4f,
 	0x4d, 0x50, 0x52, 0x45, 0x53, 0x53, 0x45, 0x44, 0x10, 0x03, 0x12, 0x18, 0x0a, 0x14, 0x43, 0x41,
 	0x56, 0x49, 0x55, 0x4d, 0x5f, 0x56, 0x32, 0x5f, 0x43, 0x4f, 0x4d, 0x50, 0x52, 0x45, 0x53, 0x53,
-	0x45, 0x44, 0x10, 0x04, 0x22, 0xdd, 0x11, 0x0a, 0x10, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b,
+	0x45, 0x44, 0x10, 0x04, 0x22, 0x8e, 0x14, 0x0a, 0x10, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b,
 	0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x17, 0x0a, 0x04, 0x6e, 0x61, 0x6d,
 	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x04, 0x6e, 0x61,
 	0x6d, 0x65, 0x12, 0x51, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28,
@@ -2033,221 +2132,246 @@ var file_google_cloud_kms_v1_resources_proto_rawDesc = []byte{
 	0x74, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x37, 0x0a, 0x15, 0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x5f,
 	0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x5f, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x10,
 	0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x13, 0x69, 0x6d, 0x70, 0x6f, 0x72,
-	0x74, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x52, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12, 0x7e,
-	0x0a, 0x21, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x5f, 0x6f, 0x70, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e,
-	0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x50, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x1e,
-	0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x50, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x30,
-	0x0a, 0x11, 0x72, 0x65, 0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x65, 0x6c, 0x69, 0x67, 0x69,
-	0x62, 0x6c, 0x65, 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x10,
-	0x72, 0x65, 0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x45, 0x6c, 0x69, 0x67, 0x69, 0x62, 0x6c, 0x65,
-	0x22, 0xa5, 0x06, 0x0a, 0x19, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65,
-	0x72, 0x73, 0x69, 0x6f, 0x6e, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x2c,
-	0x0a, 0x28, 0x43, 0x52, 0x59, 0x50, 0x54, 0x4f, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x56, 0x45, 0x52,
-	0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x55,
-	0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1f, 0x0a, 0x1b,
-	0x47, 0x4f, 0x4f, 0x47, 0x4c, 0x45, 0x5f, 0x53, 0x59, 0x4d, 0x4d, 0x45, 0x54, 0x52, 0x49, 0x43,
-	0x5f, 0x45, 0x4e, 0x43, 0x52, 0x59, 0x50, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x01, 0x12, 0x1c, 0x0a,
-	0x18, 0x52, 0x53, 0x41, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x50, 0x53, 0x53, 0x5f, 0x32, 0x30,
-	0x34, 0x38, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x02, 0x12, 0x1c, 0x0a, 0x18, 0x52,
-	0x53, 0x41, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x50, 0x53, 0x53, 0x5f, 0x33, 0x30, 0x37, 0x32,
-	0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x03, 0x12, 0x1c, 0x0a, 0x18, 0x52, 0x53, 0x41,
-	0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x50, 0x53, 0x53, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x5f, 0x53,
-	0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x04, 0x12, 0x1c, 0x0a, 0x18, 0x52, 0x53, 0x41, 0x5f, 0x53,
-	0x49, 0x47, 0x4e, 0x5f, 0x50, 0x53, 0x53, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x5f, 0x53, 0x48, 0x41,
-	0x35, 0x31, 0x32, 0x10, 0x0f, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53, 0x41, 0x5f, 0x53, 0x49, 0x47,
-	0x4e, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x5f, 0x53, 0x48, 0x41,
-	0x32, 0x35, 0x36, 0x10, 0x05, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53, 0x41, 0x5f, 0x53, 0x49, 0x47,
-	0x4e, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x33, 0x30, 0x37, 0x32, 0x5f, 0x53, 0x48, 0x41,
-	0x32, 0x35, 0x36, 0x10, 0x06, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53, 0x41, 0x5f, 0x53, 0x49, 0x47,
-	0x4e, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x5f, 0x53, 0x48, 0x41,
-	0x32, 0x35, 0x36, 0x10, 0x07, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53, 0x41, 0x5f, 0x53, 0x49, 0x47,
-	0x4e, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x5f, 0x53, 0x48, 0x41,
-	0x35, 0x31, 0x32, 0x10, 0x10, 0x12, 0x1b, 0x0a, 0x17, 0x52, 0x53, 0x41, 0x5f, 0x53, 0x49, 0x47,
-	0x4e, 0x5f, 0x52, 0x41, 0x57, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x32, 0x30, 0x34, 0x38,
-	0x10, 0x1c, 0x12, 0x1b, 0x0a, 0x17, 0x52, 0x53, 0x41, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x52,
-	0x41, 0x57, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x33, 0x30, 0x37, 0x32, 0x10, 0x1d, 0x12,
-	0x1b, 0x0a, 0x17, 0x52, 0x53, 0x41, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x52, 0x41, 0x57, 0x5f,
-	0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x10, 0x1e, 0x12, 0x20, 0x0a, 0x1c,
-	0x52, 0x53, 0x41, 0x5f, 0x44, 0x45, 0x43, 0x52, 0x59, 0x50, 0x54, 0x5f, 0x4f, 0x41, 0x45, 0x50,
-	0x5f, 0x32, 0x30, 0x34, 0x38, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x08, 0x12, 0x20,
-	0x0a, 0x1c, 0x52, 0x53, 0x41, 0x5f, 0x44, 0x45, 0x43, 0x52, 0x59, 0x50, 0x54, 0x5f, 0x4f, 0x41,
-	0x45, 0x50, 0x5f, 0x33, 0x30, 0x37, 0x32, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x09,
-	0x12, 0x20, 0x0a, 0x1c, 0x52, 0x53, 0x41, 0x5f, 0x44, 0x45, 0x43, 0x52, 0x59, 0x50, 0x54, 0x5f,
-	0x4f, 0x41, 0x45, 0x50, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36,
-	0x10, 0x0a, 0x12, 0x20, 0x0a, 0x1c, 0x52, 0x53, 0x41, 0x5f, 0x44, 0x45, 0x43, 0x52, 0x59, 0x50,
-	0x54, 0x5f, 0x4f, 0x41, 0x45, 0x50, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x5f, 0x53, 0x48, 0x41, 0x35,
-	0x31, 0x32, 0x10, 0x11, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53, 0x41, 0x5f, 0x44, 0x45, 0x43, 0x52,
-	0x59, 0x50, 0x54, 0x5f, 0x4f, 0x41, 0x45, 0x50, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x5f, 0x53, 0x48,
-	0x41, 0x31, 0x10, 0x25, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53, 0x41, 0x5f, 0x44, 0x45, 0x43, 0x52,
-	0x59, 0x50, 0x54, 0x5f, 0x4f, 0x41, 0x45, 0x50, 0x5f, 0x33, 0x30, 0x37, 0x32, 0x5f, 0x53, 0x48,
-	0x41, 0x31, 0x10, 0x26, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53, 0x41, 0x5f, 0x44, 0x45, 0x43, 0x52,
-	0x59, 0x50, 0x54, 0x5f, 0x4f, 0x41, 0x45, 0x50, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x5f, 0x53, 0x48,
-	0x41, 0x31, 0x10, 0x27, 0x12, 0x17, 0x0a, 0x13, 0x45, 0x43, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f,
-	0x50, 0x32, 0x35, 0x36, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x0c, 0x12, 0x17, 0x0a,
-	0x13, 0x45, 0x43, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x50, 0x33, 0x38, 0x34, 0x5f, 0x53, 0x48,
-	0x41, 0x33, 0x38, 0x34, 0x10, 0x0d, 0x12, 0x1c, 0x0a, 0x18, 0x45, 0x43, 0x5f, 0x53, 0x49, 0x47,
-	0x4e, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x4b, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x32,
-	0x35, 0x36, 0x10, 0x1f, 0x12, 0x0f, 0x0a, 0x0b, 0x48, 0x4d, 0x41, 0x43, 0x5f, 0x53, 0x48, 0x41,
-	0x32, 0x35, 0x36, 0x10, 0x20, 0x12, 0x21, 0x0a, 0x1d, 0x45, 0x58, 0x54, 0x45, 0x52, 0x4e, 0x41,
-	0x4c, 0x5f, 0x53, 0x59, 0x4d, 0x4d, 0x45, 0x54, 0x52, 0x49, 0x43, 0x5f, 0x45, 0x4e, 0x43, 0x52,
-	0x59, 0x50, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x12, 0x22, 0xc1, 0x01, 0x0a, 0x15, 0x43, 0x72, 0x79,
-	0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61,
-	0x74, 0x65, 0x12, 0x28, 0x0a, 0x24, 0x43, 0x52, 0x59, 0x50, 0x54, 0x4f, 0x5f, 0x4b, 0x45, 0x59,
-	0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x55,
-	0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12,
-	0x50, 0x45, 0x4e, 0x44, 0x49, 0x4e, 0x47, 0x5f, 0x47, 0x45, 0x4e, 0x45, 0x52, 0x41, 0x54, 0x49,
-	0x4f, 0x4e, 0x10, 0x05, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x4e, 0x41, 0x42, 0x4c, 0x45, 0x44, 0x10,
-	0x01, 0x12, 0x0c, 0x0a, 0x08, 0x44, 0x49, 0x53, 0x41, 0x42, 0x4c, 0x45, 0x44, 0x10, 0x02, 0x12,
-	0x0d, 0x0a, 0x09, 0x44, 0x45, 0x53, 0x54, 0x52, 0x4f, 0x59, 0x45, 0x44, 0x10, 0x03, 0x12, 0x15,
-	0x0a, 0x11, 0x44, 0x45, 0x53, 0x54, 0x52, 0x4f, 0x59, 0x5f, 0x53, 0x43, 0x48, 0x45, 0x44, 0x55,
-	0x4c, 0x45, 0x44, 0x10, 0x04, 0x12, 0x12, 0x0a, 0x0e, 0x50, 0x45, 0x4e, 0x44, 0x49, 0x4e, 0x47,
-	0x5f, 0x49, 0x4d, 0x50, 0x4f, 0x52, 0x54, 0x10, 0x06, 0x12, 0x11, 0x0a, 0x0d, 0x49, 0x4d, 0x50,
-	0x4f, 0x52, 0x54, 0x5f, 0x46, 0x41, 0x49, 0x4c, 0x45, 0x44, 0x10, 0x07, 0x22, 0x49, 0x0a, 0x14,
+	0x74, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x52, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12, 0x3f,
+	0x0a, 0x19, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x66, 0x61, 0x69,
+	0x6c, 0x75, 0x72, 0x65, 0x5f, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x13, 0x20, 0x01, 0x28,
+	0x09, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x17, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x52, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12,
+	0x52, 0x0a, 0x23, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x64, 0x65, 0x73, 0x74,
+	0x72, 0x75, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x5f,
+	0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x14, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41,
+	0x03, 0x52, 0x20, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x44, 0x65, 0x73, 0x74, 0x72,
+	0x75, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x52, 0x65, 0x61,
+	0x73, 0x6f, 0x6e, 0x12, 0x7e, 0x0a, 0x21, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f,
+	0x70, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c,
+	0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d,
+	0x73, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x50, 0x72, 0x6f,
+	0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x4f, 0x70, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x52, 0x1e, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x50, 0x72, 0x6f,
+	0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x4f, 0x70, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x12, 0x30, 0x0a, 0x11, 0x72, 0x65, 0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x5f,
+	0x65, 0x6c, 0x69, 0x67, 0x69, 0x62, 0x6c, 0x65, 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x42, 0x03,
+	0xe0, 0x41, 0x03, 0x52, 0x10, 0x72, 0x65, 0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x45, 0x6c, 0x69,
+	0x67, 0x69, 0x62, 0x6c, 0x65, 0x22, 0xe7, 0x06, 0x0a, 0x19, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f,
+	0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69,
+	0x74, 0x68, 0x6d, 0x12, 0x2c, 0x0a, 0x28, 0x43, 0x52, 0x59, 0x50, 0x54, 0x4f, 0x5f, 0x4b, 0x45,
+	0x59, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49,
+	0x54, 0x48, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10,
+	0x00, 0x12, 0x1f, 0x0a, 0x1b, 0x47, 0x4f, 0x4f, 0x47, 0x4c, 0x45, 0x5f, 0x53, 0x59, 0x4d, 0x4d,
+	0x45, 0x54, 0x52, 0x49, 0x43, 0x5f, 0x45, 0x4e, 0x43, 0x52, 0x59, 0x50, 0x54, 0x49, 0x4f, 0x4e,
+	0x10, 0x01, 0x12, 0x1c, 0x0a, 0x18, 0x52, 0x53, 0x41, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x50,
+	0x53, 0x53, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x02,
+	0x12, 0x1c, 0x0a, 0x18, 0x52, 0x53, 0x41, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x50, 0x53, 0x53,
+	0x5f, 0x33, 0x30, 0x37, 0x32, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x03, 0x12, 0x1c,
+	0x0a, 0x18, 0x52, 0x53, 0x41, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x50, 0x53, 0x53, 0x5f, 0x34,
+	0x30, 0x39, 0x36, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x04, 0x12, 0x1c, 0x0a, 0x18,
+	0x52, 0x53, 0x41, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x50, 0x53, 0x53, 0x5f, 0x34, 0x30, 0x39,
+	0x36, 0x5f, 0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x10, 0x0f, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53,
+	0x41, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x32, 0x30, 0x34,
+	0x38, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x05, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53,
+	0x41, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x33, 0x30, 0x37,
+	0x32, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x06, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53,
+	0x41, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x34, 0x30, 0x39,
+	0x36, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x07, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53,
+	0x41, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x34, 0x30, 0x39,
+	0x36, 0x5f, 0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x10, 0x10, 0x12, 0x1b, 0x0a, 0x17, 0x52, 0x53,
+	0x41, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x52, 0x41, 0x57, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31,
+	0x5f, 0x32, 0x30, 0x34, 0x38, 0x10, 0x1c, 0x12, 0x1b, 0x0a, 0x17, 0x52, 0x53, 0x41, 0x5f, 0x53,
+	0x49, 0x47, 0x4e, 0x5f, 0x52, 0x41, 0x57, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x33, 0x30,
+	0x37, 0x32, 0x10, 0x1d, 0x12, 0x1b, 0x0a, 0x17, 0x52, 0x53, 0x41, 0x5f, 0x53, 0x49, 0x47, 0x4e,
+	0x5f, 0x52, 0x41, 0x57, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x10,
+	0x1e, 0x12, 0x20, 0x0a, 0x1c, 0x52, 0x53, 0x41, 0x5f, 0x44, 0x45, 0x43, 0x52, 0x59, 0x50, 0x54,
+	0x5f, 0x4f, 0x41, 0x45, 0x50, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35,
+	0x36, 0x10, 0x08, 0x12, 0x20, 0x0a, 0x1c, 0x52, 0x53, 0x41, 0x5f, 0x44, 0x45, 0x43, 0x52, 0x59,
+	0x50, 0x54, 0x5f, 0x4f, 0x41, 0x45, 0x50, 0x5f, 0x33, 0x30, 0x37, 0x32, 0x5f, 0x53, 0x48, 0x41,
+	0x32, 0x35, 0x36, 0x10, 0x09, 0x12, 0x20, 0x0a, 0x1c, 0x52, 0x53, 0x41, 0x5f, 0x44, 0x45, 0x43,
+	0x52, 0x59, 0x50, 0x54, 0x5f, 0x4f, 0x41, 0x45, 0x50, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x5f, 0x53,
+	0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x0a, 0x12, 0x20, 0x0a, 0x1c, 0x52, 0x53, 0x41, 0x5f, 0x44,
+	0x45, 0x43, 0x52, 0x59, 0x50, 0x54, 0x5f, 0x4f, 0x41, 0x45, 0x50, 0x5f, 0x34, 0x30, 0x39, 0x36,
+	0x5f, 0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x10, 0x11, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53, 0x41,
+	0x5f, 0x44, 0x45, 0x43, 0x52, 0x59, 0x50, 0x54, 0x5f, 0x4f, 0x41, 0x45, 0x50, 0x5f, 0x32, 0x30,
+	0x34, 0x38, 0x5f, 0x53, 0x48, 0x41, 0x31, 0x10, 0x25, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53, 0x41,
+	0x5f, 0x44, 0x45, 0x43, 0x52, 0x59, 0x50, 0x54, 0x5f, 0x4f, 0x41, 0x45, 0x50, 0x5f, 0x33, 0x30,
+	0x37, 0x32, 0x5f, 0x53, 0x48, 0x41, 0x31, 0x10, 0x26, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53, 0x41,
+	0x5f, 0x44, 0x45, 0x43, 0x52, 0x59, 0x50, 0x54, 0x5f, 0x4f, 0x41, 0x45, 0x50, 0x5f, 0x34, 0x30,
+	0x39, 0x36, 0x5f, 0x53, 0x48, 0x41, 0x31, 0x10, 0x27, 0x12, 0x17, 0x0a, 0x13, 0x45, 0x43, 0x5f,
+	0x53, 0x49, 0x47, 0x4e, 0x5f, 0x50, 0x32, 0x35, 0x36, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36,
+	0x10, 0x0c, 0x12, 0x17, 0x0a, 0x13, 0x45, 0x43, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x50, 0x33,
+	0x38, 0x34, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x0d, 0x12, 0x1c, 0x0a, 0x18, 0x45,
+	0x43, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x4b, 0x31,
+	0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x1f, 0x12, 0x0f, 0x0a, 0x0b, 0x48, 0x4d, 0x41,
+	0x43, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x20, 0x12, 0x0d, 0x0a, 0x09, 0x48, 0x4d,
+	0x41, 0x43, 0x5f, 0x53, 0x48, 0x41, 0x31, 0x10, 0x21, 0x12, 0x0f, 0x0a, 0x0b, 0x48, 0x4d, 0x41,
+	0x43, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x22, 0x12, 0x0f, 0x0a, 0x0b, 0x48, 0x4d,
+	0x41, 0x43, 0x5f, 0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x10, 0x23, 0x12, 0x0f, 0x0a, 0x0b, 0x48,
+	0x4d, 0x41, 0x43, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x32, 0x34, 0x10, 0x24, 0x12, 0x21, 0x0a, 0x1d,
+	0x45, 0x58, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x5f, 0x53, 0x59, 0x4d, 0x4d, 0x45, 0x54, 0x52,
+	0x49, 0x43, 0x5f, 0x45, 0x4e, 0x43, 0x52, 0x59, 0x50, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x12, 0x22,
+	0x9b, 0x02, 0x0a, 0x15, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72,
+	0x73, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x28, 0x0a, 0x24, 0x43, 0x52, 0x59,
+	0x50, 0x54, 0x4f, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f,
+	0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45,
+	0x44, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x50, 0x45, 0x4e, 0x44, 0x49, 0x4e, 0x47, 0x5f, 0x47,
+	0x45, 0x4e, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x05, 0x12, 0x0b, 0x0a, 0x07, 0x45,
+	0x4e, 0x41, 0x42, 0x4c, 0x45, 0x44, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x44, 0x49, 0x53, 0x41,
+	0x42, 0x4c, 0x45, 0x44, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, 0x44, 0x45, 0x53, 0x54, 0x52, 0x4f,
+	0x59, 0x45, 0x44, 0x10, 0x03, 0x12, 0x15, 0x0a, 0x11, 0x44, 0x45, 0x53, 0x54, 0x52, 0x4f, 0x59,
+	0x5f, 0x53, 0x43, 0x48, 0x45, 0x44, 0x55, 0x4c, 0x45, 0x44, 0x10, 0x04, 0x12, 0x12, 0x0a, 0x0e,
+	0x50, 0x45, 0x4e, 0x44, 0x49, 0x4e, 0x47, 0x5f, 0x49, 0x4d, 0x50, 0x4f, 0x52, 0x54, 0x10, 0x06,
+	0x12, 0x11, 0x0a, 0x0d, 0x49, 0x4d, 0x50, 0x4f, 0x52, 0x54, 0x5f, 0x46, 0x41, 0x49, 0x4c, 0x45,
+	0x44, 0x10, 0x07, 0x12, 0x15, 0x0a, 0x11, 0x47, 0x45, 0x4e, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f,
+	0x4e, 0x5f, 0x46, 0x41, 0x49, 0x4c, 0x45, 0x44, 0x10, 0x08, 0x12, 0x20, 0x0a, 0x1c, 0x50, 0x45,
+	0x4e, 0x44, 0x49, 0x4e, 0x47, 0x5f, 0x45, 0x58, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x5f, 0x44,
+	0x45, 0x53, 0x54, 0x52, 0x55, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x09, 0x12, 0x1f, 0x0a, 0x1b,
+	0x45, 0x58, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x5f, 0x44, 0x45, 0x53, 0x54, 0x52, 0x55, 0x43,
+	0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x46, 0x41, 0x49, 0x4c, 0x45, 0x44, 0x10, 0x0a, 0x22, 0x49, 0x0a,
+	0x14, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f,
+	0x6e, 0x56, 0x69, 0x65, 0x77, 0x12, 0x27, 0x0a, 0x23, 0x43, 0x52, 0x59, 0x50, 0x54, 0x4f, 0x5f,
+	0x4b, 0x45, 0x59, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x56, 0x49, 0x45, 0x57,
+	0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x08,
+	0x0a, 0x04, 0x46, 0x55, 0x4c, 0x4c, 0x10, 0x01, 0x3a, 0xaa, 0x01, 0xea, 0x41, 0xa6, 0x01, 0x0a,
+	0x28, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b,
+	0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x7a, 0x70, 0x72, 0x6f, 0x6a, 0x65,
+	0x63, 0x74, 0x73, 0x2f, 0x7b, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x7d, 0x2f, 0x6c, 0x6f,
+	0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x7b, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x7d, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x7b, 0x6b, 0x65, 0x79,
+	0x5f, 0x72, 0x69, 0x6e, 0x67, 0x7d, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79,
+	0x73, 0x2f, 0x7b, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x5f, 0x6b, 0x65, 0x79, 0x7d, 0x2f, 0x63,
+	0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73,
+	0x2f, 0x7b, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x76, 0x65, 0x72,
+	0x73, 0x69, 0x6f, 0x6e, 0x7d, 0x22, 0xce, 0x03, 0x0a, 0x09, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63,
+	0x4b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x65, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x03, 0x70, 0x65, 0x6d, 0x12, 0x5d, 0x0a, 0x09, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74,
+	0x68, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43,
+	0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x2e,
 	0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e,
-	0x56, 0x69, 0x65, 0x77, 0x12, 0x27, 0x0a, 0x23, 0x43, 0x52, 0x59, 0x50, 0x54, 0x4f, 0x5f, 0x4b,
-	0x45, 0x59, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x56, 0x49, 0x45, 0x57, 0x5f,
-	0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x08, 0x0a,
-	0x04, 0x46, 0x55, 0x4c, 0x4c, 0x10, 0x01, 0x3a, 0xaa, 0x01, 0xea, 0x41, 0xa6, 0x01, 0x0a, 0x28,
-	0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61,
-	0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65,
-	0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x7a, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63,
+	0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x52, 0x09, 0x61, 0x6c, 0x67, 0x6f, 0x72,
+	0x69, 0x74, 0x68, 0x6d, 0x12, 0x3a, 0x0a, 0x0a, 0x70, 0x65, 0x6d, 0x5f, 0x63, 0x72, 0x63, 0x33,
+	0x32, 0x63, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34,
+	0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x09, 0x70, 0x65, 0x6d, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63,
+	0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
+	0x6e, 0x61, 0x6d, 0x65, 0x12, 0x4f, 0x0a, 0x10, 0x70, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x24,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d,
+	0x73, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c,
+	0x65, 0x76, 0x65, 0x6c, 0x52, 0x0f, 0x70, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+	0x4c, 0x65, 0x76, 0x65, 0x6c, 0x3a, 0xae, 0x01, 0xea, 0x41, 0xaa, 0x01, 0x0a, 0x21, 0x63, 0x6c,
+	0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69,
+	0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12,
+	0x84, 0x01, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x7b, 0x70, 0x72, 0x6f, 0x6a,
+	0x65, 0x63, 0x74, 0x7d, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x7b,
+	0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x7d, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e,
+	0x67, 0x73, 0x2f, 0x7b, 0x6b, 0x65, 0x79, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x7d, 0x2f, 0x63, 0x72,
+	0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73, 0x2f, 0x7b, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f,
+	0x5f, 0x6b, 0x65, 0x79, 0x7d, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56,
+	0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x7b, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x5f,
+	0x6b, 0x65, 0x79, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x7d, 0x2f, 0x70, 0x75, 0x62,
+	0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x22, 0xd4, 0x09, 0x0a, 0x09, 0x49, 0x6d, 0x70, 0x6f, 0x72,
+	0x74, 0x4a, 0x6f, 0x62, 0x12, 0x17, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x58, 0x0a,
+	0x0d, 0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c,
+	0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x49, 0x6d, 0x70, 0x6f, 0x72,
+	0x74, 0x4a, 0x6f, 0x62, 0x2e, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4d, 0x65, 0x74, 0x68, 0x6f,
+	0x64, 0x42, 0x06, 0xe0, 0x41, 0x02, 0xe0, 0x41, 0x05, 0x52, 0x0c, 0x69, 0x6d, 0x70, 0x6f, 0x72,
+	0x74, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x57, 0x0a, 0x10, 0x70, 0x72, 0x6f, 0x74, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x09, 0x20, 0x01, 0x28,
+	0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64,
+	0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x42, 0x06, 0xe0, 0x41, 0x02, 0xe0, 0x41, 0x05, 0x52,
+	0x0f, 0x70, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c,
+	0x12, 0x40, 0x0a, 0x0b, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d,
+	0x70, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x54, 0x69,
+	0x6d, 0x65, 0x12, 0x44, 0x0a, 0x0d, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x5f, 0x74,
+	0x69, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65,
+	0x73, 0x74, 0x61, 0x6d, 0x70, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x0c, 0x67, 0x65, 0x6e, 0x65,
+	0x72, 0x61, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x40, 0x0a, 0x0b, 0x65, 0x78, 0x70, 0x69,
+	0x72, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x0a,
+	0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x4b, 0x0a, 0x11, 0x65, 0x78,
+	0x70, 0x69, 0x72, 0x65, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18,
+	0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d,
+	0x70, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x0f, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x45, 0x76,
+	0x65, 0x6e, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x48, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65,
+	0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x49, 0x6d, 0x70,
+	0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x2e, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62,
+	0x53, 0x74, 0x61, 0x74, 0x65, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x05, 0x73, 0x74, 0x61, 0x74,
+	0x65, 0x12, 0x54, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x18,
+	0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
+	0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x49, 0x6d, 0x70, 0x6f,
+	0x72, 0x74, 0x4a, 0x6f, 0x62, 0x2e, 0x57, 0x72, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x50, 0x75,
+	0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x09, 0x70, 0x75,
+	0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x53, 0x0a, 0x0b, 0x61, 0x74, 0x74, 0x65, 0x73,
+	0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e,
+	0x76, 0x31, 0x2e, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x41,
+	0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52,
+	0x0b, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x25, 0x0a, 0x11,
+	0x57, 0x72, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65,
+	0x79, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x65, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03,
+	0x70, 0x65, 0x6d, 0x22, 0xe5, 0x01, 0x0a, 0x0c, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4d, 0x65,
+	0x74, 0x68, 0x6f, 0x64, 0x12, 0x1d, 0x0a, 0x19, 0x49, 0x4d, 0x50, 0x4f, 0x52, 0x54, 0x5f, 0x4d,
+	0x45, 0x54, 0x48, 0x4f, 0x44, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45,
+	0x44, 0x10, 0x00, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53, 0x41, 0x5f, 0x4f, 0x41, 0x45, 0x50, 0x5f,
+	0x33, 0x30, 0x37, 0x32, 0x5f, 0x53, 0x48, 0x41, 0x31, 0x5f, 0x41, 0x45, 0x53, 0x5f, 0x32, 0x35,
+	0x36, 0x10, 0x01, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53, 0x41, 0x5f, 0x4f, 0x41, 0x45, 0x50, 0x5f,
+	0x34, 0x30, 0x39, 0x36, 0x5f, 0x53, 0x48, 0x41, 0x31, 0x5f, 0x41, 0x45, 0x53, 0x5f, 0x32, 0x35,
+	0x36, 0x10, 0x02, 0x12, 0x20, 0x0a, 0x1c, 0x52, 0x53, 0x41, 0x5f, 0x4f, 0x41, 0x45, 0x50, 0x5f,
+	0x33, 0x30, 0x37, 0x32, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x5f, 0x41, 0x45, 0x53, 0x5f,
+	0x32, 0x35, 0x36, 0x10, 0x03, 0x12, 0x20, 0x0a, 0x1c, 0x52, 0x53, 0x41, 0x5f, 0x4f, 0x41, 0x45,
+	0x50, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x5f, 0x41, 0x45,
+	0x53, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x04, 0x12, 0x18, 0x0a, 0x14, 0x52, 0x53, 0x41, 0x5f, 0x4f,
+	0x41, 0x45, 0x50, 0x5f, 0x33, 0x30, 0x37, 0x32, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10,
+	0x05, 0x12, 0x18, 0x0a, 0x14, 0x52, 0x53, 0x41, 0x5f, 0x4f, 0x41, 0x45, 0x50, 0x5f, 0x34, 0x30,
+	0x39, 0x36, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x06, 0x22, 0x63, 0x0a, 0x0e, 0x49,
+	0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x20, 0x0a,
+	0x1c, 0x49, 0x4d, 0x50, 0x4f, 0x52, 0x54, 0x5f, 0x4a, 0x4f, 0x42, 0x5f, 0x53, 0x54, 0x41, 0x54,
+	0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12,
+	0x16, 0x0a, 0x12, 0x50, 0x45, 0x4e, 0x44, 0x49, 0x4e, 0x47, 0x5f, 0x47, 0x45, 0x4e, 0x45, 0x52,
+	0x41, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x41, 0x43, 0x54, 0x49, 0x56,
+	0x45, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x58, 0x50, 0x49, 0x52, 0x45, 0x44, 0x10, 0x03,
+	0x3a, 0x7b, 0xea, 0x41, 0x78, 0x0a, 0x21, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x49,
+	0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x12, 0x53, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63,
 	0x74, 0x73, 0x2f, 0x7b, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x7d, 0x2f, 0x6c, 0x6f, 0x63,
 	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x7b, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
 	0x7d, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x7b, 0x6b, 0x65, 0x79, 0x5f,
-	0x72, 0x69, 0x6e, 0x67, 0x7d, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73,
-	0x2f, 0x7b, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x5f, 0x6b, 0x65, 0x79, 0x7d, 0x2f, 0x63, 0x72,
-	0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2f,
-	0x7b, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x76, 0x65, 0x72, 0x73,
-	0x69, 0x6f, 0x6e, 0x7d, 0x22, 0xce, 0x03, 0x0a, 0x09, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b,
-	0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x65, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x03, 0x70, 0x65, 0x6d, 0x12, 0x5d, 0x0a, 0x09, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68,
-	0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72,
-	0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x2e, 0x43,
-	0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x41,
-	0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x52, 0x09, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69,
-	0x74, 0x68, 0x6d, 0x12, 0x3a, 0x0a, 0x0a, 0x70, 0x65, 0x6d, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32,
-	0x63, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56,
-	0x61, 0x6c, 0x75, 0x65, 0x52, 0x09, 0x70, 0x65, 0x6d, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x12,
-	0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e,
-	0x61, 0x6d, 0x65, 0x12, 0x4f, 0x0a, 0x10, 0x70, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f,
-	0x6e, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x24, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73,
-	0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65,
-	0x76, 0x65, 0x6c, 0x52, 0x0f, 0x70, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c,
-	0x65, 0x76, 0x65, 0x6c, 0x3a, 0xae, 0x01, 0xea, 0x41, 0xaa, 0x01, 0x0a, 0x21, 0x63, 0x6c, 0x6f,
-	0x75, 0x64, 0x6b, 0x6d, 0x73, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73,
-	0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x84,
-	0x01, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x7b, 0x70, 0x72, 0x6f, 0x6a, 0x65,
-	0x63, 0x74, 0x7d, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x7b, 0x6c,
-	0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x7d, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67,
-	0x73, 0x2f, 0x7b, 0x6b, 0x65, 0x79, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x7d, 0x2f, 0x63, 0x72, 0x79,
-	0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73, 0x2f, 0x7b, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x5f,
-	0x6b, 0x65, 0x79, 0x7d, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65,
-	0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x7b, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x5f, 0x6b,
-	0x65, 0x79, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x7d, 0x2f, 0x70, 0x75, 0x62, 0x6c,
-	0x69, 0x63, 0x4b, 0x65, 0x79, 0x22, 0xdb, 0x08, 0x0a, 0x09, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74,
-	0x4a, 0x6f, 0x62, 0x12, 0x17, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x58, 0x0a, 0x0d,
-	0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f,
-	0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74,
-	0x4a, 0x6f, 0x62, 0x2e, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64,
-	0x42, 0x06, 0xe0, 0x41, 0x02, 0xe0, 0x41, 0x05, 0x52, 0x0c, 0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74,
-	0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x57, 0x0a, 0x10, 0x70, 0x72, 0x6f, 0x74, 0x65, 0x63,
-	0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0e,
-	0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e,
-	0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f,
-	0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x42, 0x06, 0xe0, 0x41, 0x02, 0xe0, 0x41, 0x05, 0x52, 0x0f,
-	0x70, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12,
-	0x40, 0x0a, 0x0b, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70,
-	0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x54, 0x69, 0x6d,
-	0x65, 0x12, 0x44, 0x0a, 0x0d, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x5f, 0x74, 0x69,
-	0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73,
-	0x74, 0x61, 0x6d, 0x70, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x0c, 0x67, 0x65, 0x6e, 0x65, 0x72,
-	0x61, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x40, 0x0a, 0x0b, 0x65, 0x78, 0x70, 0x69, 0x72,
-	0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54,
-	0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x0a, 0x65,
-	0x78, 0x70, 0x69, 0x72, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x4b, 0x0a, 0x11, 0x65, 0x78, 0x70,
-	0x69, 0x72, 0x65, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x0a,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70,
-	0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x0f, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x45, 0x76, 0x65,
-	0x6e, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x48, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18,
-	0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
-	0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x49, 0x6d, 0x70, 0x6f,
-	0x72, 0x74, 0x4a, 0x6f, 0x62, 0x2e, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x53,
-	0x74, 0x61, 0x74, 0x65, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65,
-	0x12, 0x54, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x07,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c,
-	0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x49, 0x6d, 0x70, 0x6f, 0x72,
-	0x74, 0x4a, 0x6f, 0x62, 0x2e, 0x57, 0x72, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x50, 0x75, 0x62,
-	0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x09, 0x70, 0x75, 0x62,
-	0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x53, 0x0a, 0x0b, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76,
-	0x31, 0x2e, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x74,
-	0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x0b,
-	0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x25, 0x0a, 0x11, 0x57,
-	0x72, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79,
-	0x12, 0x10, 0x0a, 0x03, 0x70, 0x65, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x70,
-	0x65, 0x6d, 0x22, 0x6d, 0x0a, 0x0c, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4d, 0x65, 0x74, 0x68,
-	0x6f, 0x64, 0x12, 0x1d, 0x0a, 0x19, 0x49, 0x4d, 0x50, 0x4f, 0x52, 0x54, 0x5f, 0x4d, 0x45, 0x54,
-	0x48, 0x4f, 0x44, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10,
-	0x00, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53, 0x41, 0x5f, 0x4f, 0x41, 0x45, 0x50, 0x5f, 0x33, 0x30,
-	0x37, 0x32, 0x5f, 0x53, 0x48, 0x41, 0x31, 0x5f, 0x41, 0x45, 0x53, 0x5f, 0x32, 0x35, 0x36, 0x10,
-	0x01, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x53, 0x41, 0x5f, 0x4f, 0x41, 0x45, 0x50, 0x5f, 0x34, 0x30,
-	0x39, 0x36, 0x5f, 0x53, 0x48, 0x41, 0x31, 0x5f, 0x41, 0x45, 0x53, 0x5f, 0x32, 0x35, 0x36, 0x10,
-	0x02, 0x22, 0x63, 0x0a, 0x0e, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x53, 0x74,
-	0x61, 0x74, 0x65, 0x12, 0x20, 0x0a, 0x1c, 0x49, 0x4d, 0x50, 0x4f, 0x52, 0x54, 0x5f, 0x4a, 0x4f,
-	0x42, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46,
-	0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x50, 0x45, 0x4e, 0x44, 0x49, 0x4e, 0x47,
-	0x5f, 0x47, 0x45, 0x4e, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x01, 0x12, 0x0a, 0x0a,
-	0x06, 0x41, 0x43, 0x54, 0x49, 0x56, 0x45, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x58, 0x50,
-	0x49, 0x52, 0x45, 0x44, 0x10, 0x03, 0x3a, 0x7b, 0xea, 0x41, 0x78, 0x0a, 0x21, 0x63, 0x6c, 0x6f,
-	0x75, 0x64, 0x6b, 0x6d, 0x73, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73,
-	0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x12, 0x53,
-	0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x7b, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63,
-	0x74, 0x7d, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x7b, 0x6c, 0x6f,
-	0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x7d, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73,
-	0x2f, 0x7b, 0x6b, 0x65, 0x79, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x7d, 0x2f, 0x69, 0x6d, 0x70, 0x6f,
-	0x72, 0x74, 0x4a, 0x6f, 0x62, 0x73, 0x2f, 0x7b, 0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x6a,
-	0x6f, 0x62, 0x7d, 0x22, 0x81, 0x01, 0x0a, 0x1e, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
-	0x50, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x4f,
-	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x28, 0x0a, 0x10, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e,
-	0x61, 0x6c, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x0e, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x4b, 0x65, 0x79, 0x55, 0x72, 0x69,
-	0x12, 0x35, 0x0a, 0x17, 0x65, 0x6b, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x14, 0x65, 0x6b, 0x6d, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
-	0x4b, 0x65, 0x79, 0x50, 0x61, 0x74, 0x68, 0x2a, 0x6a, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x74, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x20, 0x0a, 0x1c, 0x50, 0x52,
-	0x4f, 0x54, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4c, 0x45, 0x56, 0x45, 0x4c, 0x5f, 0x55,
-	0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0c, 0x0a, 0x08,
-	0x53, 0x4f, 0x46, 0x54, 0x57, 0x41, 0x52, 0x45, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x48, 0x53,
-	0x4d, 0x10, 0x02, 0x12, 0x0c, 0x0a, 0x08, 0x45, 0x58, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x10,
-	0x03, 0x12, 0x10, 0x0a, 0x0c, 0x45, 0x58, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x5f, 0x56, 0x50,
-	0x43, 0x10, 0x04, 0x42, 0x95, 0x01, 0x0a, 0x17, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x42,
-	0x11, 0x4b, 0x6d, 0x73, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x50, 0x72, 0x6f,
-	0x74, 0x6f, 0x50, 0x01, 0x5a, 0x36, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c,
-	0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x63, 0x6c, 0x6f, 0x75,
-	0x64, 0x2f, 0x6b, 0x6d, 0x73, 0x2f, 0x76, 0x31, 0x3b, 0x6b, 0x6d, 0x73, 0xf8, 0x01, 0x01, 0xaa,
-	0x02, 0x13, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x43, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x4b,
-	0x6d, 0x73, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x13, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x5c, 0x43,
-	0x6c, 0x6f, 0x75, 0x64, 0x5c, 0x4b, 0x6d, 0x73, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x33,
+	0x72, 0x69, 0x6e, 0x67, 0x7d, 0x2f, 0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x73,
+	0x2f, 0x7b, 0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x6a, 0x6f, 0x62, 0x7d, 0x22, 0x81, 0x01,
+	0x0a, 0x1e, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x50, 0x72, 0x6f, 0x74, 0x65, 0x63,
+	0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x12, 0x28, 0x0a, 0x10, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x6b, 0x65, 0x79,
+	0x5f, 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x65, 0x78, 0x74, 0x65,
+	0x72, 0x6e, 0x61, 0x6c, 0x4b, 0x65, 0x79, 0x55, 0x72, 0x69, 0x12, 0x35, 0x0a, 0x17, 0x65, 0x6b,
+	0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6b, 0x65, 0x79,
+	0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x65, 0x6b, 0x6d,
+	0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x50, 0x61, 0x74,
+	0x68, 0x2a, 0x6a, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c,
+	0x65, 0x76, 0x65, 0x6c, 0x12, 0x20, 0x0a, 0x1c, 0x50, 0x52, 0x4f, 0x54, 0x45, 0x43, 0x54, 0x49,
+	0x4f, 0x4e, 0x5f, 0x4c, 0x45, 0x56, 0x45, 0x4c, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49,
+	0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x4f, 0x46, 0x54, 0x57, 0x41,
+	0x52, 0x45, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x48, 0x53, 0x4d, 0x10, 0x02, 0x12, 0x0c, 0x0a,
+	0x08, 0x45, 0x58, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x10, 0x03, 0x12, 0x10, 0x0a, 0x0c, 0x45,
+	0x58, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x5f, 0x56, 0x50, 0x43, 0x10, 0x04, 0x42, 0x88, 0x01,
+	0x0a, 0x17, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f,
+	0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x42, 0x11, 0x4b, 0x6d, 0x73, 0x52, 0x65,
+	0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x29,
+	0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d,
+	0x2f, 0x67, 0x6f, 0x2f, 0x6b, 0x6d, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x76, 0x31, 0x2f, 0x6b, 0x6d,
+	0x73, 0x70, 0x62, 0x3b, 0x6b, 0x6d, 0x73, 0x70, 0x62, 0xf8, 0x01, 0x01, 0xaa, 0x02, 0x13, 0x47,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x43, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x4b, 0x6d, 0x73, 0x2e,
+	0x56, 0x31, 0xca, 0x02, 0x13, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x5c, 0x43, 0x6c, 0x6f, 0x75,
+	0x64, 0x5c, 0x4b, 0x6d, 0x73, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
diff --git a/vendor/cloud.google.com/go/kms/apiv1/kmspb/service.pb.go b/vendor/cloud.google.com/go/kms/apiv1/kmspb/service.pb.go
index 40f03c383..0a9f8bb3a 100644
--- a/vendor/cloud.google.com/go/kms/apiv1/kmspb/service.pb.go
+++ b/vendor/cloud.google.com/go/kms/apiv1/kmspb/service.pb.go
@@ -1,4 +1,4 @@
-// Copyright 2021 Google LLC
+// Copyright 2023 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -14,8 +14,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.26.0
-// 	protoc        v3.21.5
+// 	protoc-gen-go v1.30.0
+// 	protoc        v4.23.2
 // source: google/cloud/kms/v1/service.proto
 
 package kmspb
@@ -1267,10 +1267,51 @@ type ImportCryptoKeyVersionRequest struct {
 	// [ImportJob][google.cloud.kms.v1.ImportJob] that was used to wrap this key
 	// material.
 	ImportJob string `protobuf:"bytes,4,opt,name=import_job,json=importJob,proto3" json:"import_job,omitempty"`
-	// Required. The incoming wrapped key material that is to be imported.
+	// Optional. The wrapped key material to import.
 	//
-	// Types that are assignable to WrappedKeyMaterial:
+	// Before wrapping, key material must be formatted. If importing symmetric key
+	// material, the expected key material format is plain bytes. If importing
+	// asymmetric key material, the expected key material format is PKCS#8-encoded
+	// DER (the PrivateKeyInfo structure from RFC 5208).
+	//
+	// When wrapping with import methods
+	// ([RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256]
+	// or
+	// [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256]
+	// or
+	// [RSA_OAEP_3072_SHA256_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256_AES_256]
+	// or
+	// [RSA_OAEP_4096_SHA256_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256_AES_256]),
+	//
+	// this field must contain the concatenation of:
+	// <ol>
+	//   <li>An ephemeral AES-256 wrapping key wrapped with the
+	//       [public_key][google.cloud.kms.v1.ImportJob.public_key] using
+	//       RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an empty
+	//       label.
+	//   </li>
+	//   <li>The formatted key to be imported, wrapped with the ephemeral AES-256
+	//       key using AES-KWP (RFC 5649).
+	//   </li>
+	// </ol>
+	//
+	// This format is the same as the format produced by PKCS#11 mechanism
+	// CKM_RSA_AES_KEY_WRAP.
+	//
+	// When wrapping with import methods
+	// ([RSA_OAEP_3072_SHA256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256]
+	// or
+	// [RSA_OAEP_4096_SHA256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256]),
 	//
+	// this field must contain the formatted key to be imported, wrapped with the
+	// [public_key][google.cloud.kms.v1.ImportJob.public_key] using RSAES-OAEP
+	// with SHA-256, MGF1 with SHA-256, and an empty label.
+	WrappedKey []byte `protobuf:"bytes,8,opt,name=wrapped_key,json=wrappedKey,proto3" json:"wrapped_key,omitempty"`
+	// This field is legacy. Use the field
+	// [wrapped_key][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.wrapped_key]
+	// instead.
+	//
+	// Types that are assignable to WrappedKeyMaterial:
 	//	*ImportCryptoKeyVersionRequest_RsaAesWrappedKey
 	WrappedKeyMaterial isImportCryptoKeyVersionRequest_WrappedKeyMaterial `protobuf_oneof:"wrapped_key_material"`
 }
@@ -1335,6 +1376,13 @@ func (x *ImportCryptoKeyVersionRequest) GetImportJob() string {
 	return ""
 }
 
+func (x *ImportCryptoKeyVersionRequest) GetWrappedKey() []byte {
+	if x != nil {
+		return x.WrappedKey
+	}
+	return nil
+}
+
 func (m *ImportCryptoKeyVersionRequest) GetWrappedKeyMaterial() isImportCryptoKeyVersionRequest_WrappedKeyMaterial {
 	if m != nil {
 		return m.WrappedKeyMaterial
@@ -1354,32 +1402,10 @@ type isImportCryptoKeyVersionRequest_WrappedKeyMaterial interface {
 }
 
 type ImportCryptoKeyVersionRequest_RsaAesWrappedKey struct {
-	// Wrapped key material produced with
-	// [RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256]
-	// or
-	// [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256].
-	//
-	// This field contains the concatenation of two wrapped keys:
-	// <ol>
-	//
-	//	<li>An ephemeral AES-256 wrapping key wrapped with the
-	//	    [public_key][google.cloud.kms.v1.ImportJob.public_key] using
-	//	    RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an
-	//	    empty label.
-	//	</li>
-	//	<li>The key to be imported, wrapped with the ephemeral AES-256 key
-	//	    using AES-KWP (RFC 5649).
-	//	</li>
-	//
-	// </ol>
-	//
-	// If importing symmetric key material, it is expected that the unwrapped
-	// key contains plain bytes. If importing asymmetric key material, it is
-	// expected that the unwrapped key is in PKCS#8-encoded DER format (the
-	// PrivateKeyInfo structure from RFC 5208).
-	//
-	// This format is the same as the format produced by PKCS#11 mechanism
-	// CKM_RSA_AES_KEY_WRAP.
+	// Optional. This field has the same meaning as
+	// [wrapped_key][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.wrapped_key].
+	// Prefer to use that field in new work. Either that field or this field
+	// (but not both) must be specified.
 	RsaAesWrappedKey []byte `protobuf:"bytes,5,opt,name=rsa_aes_wrapped_key,json=rsaAesWrappedKey,proto3,oneof"`
 }
 
@@ -1759,7 +1785,9 @@ type EncryptRequest struct {
 	//
 	// The maximum size depends on the key version's
 	// [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level].
-	// For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the
+	// For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE],
+	// [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and
+	// [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys, the
 	// plaintext must be no larger than 64KiB. For
 	// [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of
 	// the plaintext and additional_authenticated_data fields must be no larger
@@ -1771,8 +1799,10 @@ type EncryptRequest struct {
 	//
 	// The maximum size depends on the key version's
 	// [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level].
-	// For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the AAD
-	// must be no larger than 64KiB. For
+	// For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE],
+	// [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and
+	// [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys the
+	// AAD must be no larger than 64KiB. For
 	// [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of
 	// the plaintext and additional_authenticated_data fields must be no larger
 	// than 8KiB.
@@ -3317,7 +3347,6 @@ type Digest struct {
 	// Required. The message digest.
 	//
 	// Types that are assignable to Digest:
-	//
 	//	*Digest_Sha256
 	//	*Digest_Sha384
 	//	*Digest_Sha512
@@ -3671,7 +3700,7 @@ var file_google_cloud_kms_v1_service_proto_rawDesc = []byte{
 	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d,
 	0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65,
 	0x72, 0x73, 0x69, 0x6f, 0x6e, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x10, 0x63, 0x72, 0x79, 0x70,
-	0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x93, 0x03, 0x0a,
+	0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0xbe, 0x03, 0x0a,
 	0x1d, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79,
 	0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x41,
 	0x0a, 0x06, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x29,
@@ -3692,672 +3721,674 @@ var file_google_cloud_kms_v1_service_proto_rawDesc = []byte{
 	0x72, 0x69, 0x74, 0x68, 0x6d, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x09, 0x61, 0x6c, 0x67, 0x6f,
 	0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x22, 0x0a, 0x0a, 0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x5f,
 	0x6a, 0x6f, 0x62, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x09,
-	0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x12, 0x2f, 0x0a, 0x13, 0x72, 0x73, 0x61,
-	0x5f, 0x61, 0x65, 0x73, 0x5f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x6b, 0x65, 0x79,
-	0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x10, 0x72, 0x73, 0x61, 0x41, 0x65, 0x73,
-	0x57, 0x72, 0x61, 0x70, 0x70, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x42, 0x16, 0x0a, 0x14, 0x77, 0x72,
-	0x61, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x61, 0x74, 0x65, 0x72, 0x69,
-	0x61, 0x6c, 0x22, 0xc6, 0x01, 0x0a, 0x16, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x49, 0x6d, 0x70,
-	0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x3f, 0x0a,
-	0x06, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x27, 0xe0,
-	0x41, 0x02, 0xfa, 0x41, 0x21, 0x0a, 0x1f, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x4b,
-	0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x52, 0x06, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x12, 0x27,
-	0x0a, 0x0d, 0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x6a, 0x6f, 0x62, 0x5f, 0x69, 0x64, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0b, 0x69, 0x6d, 0x70, 0x6f,
-	0x72, 0x74, 0x4a, 0x6f, 0x62, 0x49, 0x64, 0x12, 0x42, 0x0a, 0x0a, 0x69, 0x6d, 0x70, 0x6f, 0x72,
-	0x74, 0x5f, 0x6a, 0x6f, 0x62, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76,
-	0x31, 0x2e, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x42, 0x03, 0xe0, 0x41, 0x02,
-	0x52, 0x09, 0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x22, 0x9e, 0x01, 0x0a, 0x16,
-	0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x42, 0x0a, 0x0a, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f,
-	0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31,
-	0x2e, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52,
-	0x09, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x12, 0x40, 0x0a, 0x0b, 0x75, 0x70,
-	0x64, 0x61, 0x74, 0x65, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
-	0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4d, 0x61, 0x73, 0x6b, 0x42, 0x03, 0xe0, 0x41, 0x02,
-	0x52, 0x0a, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4d, 0x61, 0x73, 0x6b, 0x22, 0xbb, 0x01, 0x0a,
-	0x1d, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79,
-	0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x58,
-	0x0a, 0x12, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x76, 0x65, 0x72,
-	0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31,
-	0x2e, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f,
-	0x6e, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x10, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65,
-	0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x40, 0x0a, 0x0b, 0x75, 0x70, 0x64, 0x61,
-	0x74, 0x65, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e,
+	0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x12, 0x24, 0x0a, 0x0b, 0x77, 0x72, 0x61,
+	0x70, 0x70, 0x65, 0x64, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03,
+	0xe0, 0x41, 0x01, 0x52, 0x0a, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x12,
+	0x34, 0x0a, 0x13, 0x72, 0x73, 0x61, 0x5f, 0x61, 0x65, 0x73, 0x5f, 0x77, 0x72, 0x61, 0x70, 0x70,
+	0x65, 0x64, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41,
+	0x01, 0x48, 0x00, 0x52, 0x10, 0x72, 0x73, 0x61, 0x41, 0x65, 0x73, 0x57, 0x72, 0x61, 0x70, 0x70,
+	0x65, 0x64, 0x4b, 0x65, 0x79, 0x42, 0x16, 0x0a, 0x14, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x64,
+	0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x61, 0x74, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x22, 0xc6, 0x01,
+	0x0a, 0x16, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f,
+	0x62, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x3f, 0x0a, 0x06, 0x70, 0x61, 0x72, 0x65,
+	0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x27, 0xe0, 0x41, 0x02, 0xfa, 0x41, 0x21,
+	0x0a, 0x1f, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x4b, 0x65, 0x79, 0x52, 0x69, 0x6e,
+	0x67, 0x52, 0x06, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x12, 0x27, 0x0a, 0x0d, 0x69, 0x6d, 0x70,
+	0x6f, 0x72, 0x74, 0x5f, 0x6a, 0x6f, 0x62, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0b, 0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62,
+	0x49, 0x64, 0x12, 0x42, 0x0a, 0x0a, 0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x6a, 0x6f, 0x62,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x49, 0x6d, 0x70,
+	0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x09, 0x69, 0x6d, 0x70,
+	0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x22, 0x9e, 0x01, 0x0a, 0x16, 0x55, 0x70, 0x64, 0x61, 0x74,
+	0x65, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x12, 0x42, 0x0a, 0x0a, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x5f, 0x6b, 0x65, 0x79, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
+	0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x79, 0x70,
+	0x74, 0x6f, 0x4b, 0x65, 0x79, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x09, 0x63, 0x72, 0x79, 0x70,
+	0x74, 0x6f, 0x4b, 0x65, 0x79, 0x12, 0x40, 0x0a, 0x0b, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x5f,
+	0x6d, 0x61, 0x73, 0x6b, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65,
+	0x6c, 0x64, 0x4d, 0x61, 0x73, 0x6b, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0a, 0x75, 0x70, 0x64,
+	0x61, 0x74, 0x65, 0x4d, 0x61, 0x73, 0x6b, 0x22, 0xbb, 0x01, 0x0a, 0x1d, 0x55, 0x70, 0x64, 0x61,
+	0x74, 0x65, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69,
+	0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x58, 0x0a, 0x12, 0x63, 0x72, 0x79,
+	0x70, 0x74, 0x6f, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
+	0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x79, 0x70,
+	0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x42, 0x03, 0xe0, 0x41,
+	0x02, 0x52, 0x10, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73,
+	0x69, 0x6f, 0x6e, 0x12, 0x40, 0x0a, 0x0b, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x5f, 0x6d, 0x61,
+	0x73, 0x6b, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64,
+	0x4d, 0x61, 0x73, 0x6b, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0a, 0x75, 0x70, 0x64, 0x61, 0x74,
+	0x65, 0x4d, 0x61, 0x73, 0x6b, 0x22, 0x9d, 0x01, 0x0a, 0x24, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65,
+	0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79,
+	0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x3d,
+	0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x29, 0xe0, 0x41,
+	0x02, 0xfa, 0x41, 0x23, 0x0a, 0x21, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x72,
+	0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x36, 0x0a,
+	0x15, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x76, 0x65, 0x72, 0x73,
+	0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41,
+	0x02, 0x52, 0x12, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73,
+	0x69, 0x6f, 0x6e, 0x49, 0x64, 0x22, 0x66, 0x0a, 0x1e, 0x44, 0x65, 0x73, 0x74, 0x72, 0x6f, 0x79,
+	0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x44, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x30, 0xe0, 0x41, 0x02, 0xfa, 0x41, 0x2a, 0x0a, 0x28, 0x63,
+	0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70,
+	0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79,
+	0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x66, 0x0a,
+	0x1e, 0x52, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65,
+	0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
+	0x44, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x30, 0xe0,
+	0x41, 0x02, 0xfa, 0x41, 0x2a, 0x0a, 0x28, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43,
+	0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0xdb, 0x02, 0x0a, 0x0e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70,
+	0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1d, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x09, 0xe0, 0x41, 0x02, 0xfa, 0x41, 0x03, 0x0a, 0x01,
+	0x2a, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x21, 0x0a, 0x09, 0x70, 0x6c, 0x61, 0x69, 0x6e,
+	0x74, 0x65, 0x78, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52,
+	0x09, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x47, 0x0a, 0x1d, 0x61, 0x64,
+	0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74,
+	0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x0c, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x1b, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e,
+	0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x44,
+	0x61, 0x74, 0x61, 0x12, 0x4b, 0x0a, 0x10, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74,
+	0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e,
 	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
-	0x46, 0x69, 0x65, 0x6c, 0x64, 0x4d, 0x61, 0x73, 0x6b, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0a,
-	0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4d, 0x61, 0x73, 0x6b, 0x22, 0x9d, 0x01, 0x0a, 0x24, 0x55,
-	0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x50, 0x72,
-	0x69, 0x6d, 0x61, 0x72, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x12, 0x3d, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x42, 0x29, 0xe0, 0x41, 0x02, 0xfa, 0x41, 0x23, 0x0a, 0x21, 0x63, 0x6c, 0x6f, 0x75, 0x64,
-	0x6b, 0x6d, 0x73, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63,
-	0x6f, 0x6d, 0x2f, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x52, 0x04, 0x6e, 0x61,
-	0x6d, 0x65, 0x12, 0x36, 0x0a, 0x15, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x5f, 0x6b, 0x65, 0x79,
-	0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x12, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65,
-	0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x22, 0x66, 0x0a, 0x1e, 0x44, 0x65,
-	0x73, 0x74, 0x72, 0x6f, 0x79, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65,
-	0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x44, 0x0a, 0x04,
+	0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52,
+	0x0f, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63,
+	0x12, 0x71, 0x0a, 0x24, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x61,
+	0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x64, 0x61, 0x74,
+	0x61, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x03, 0xe0, 0x41, 0x01,
+	0x52, 0x21, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68,
+	0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x44, 0x61, 0x74, 0x61, 0x43, 0x72, 0x63,
+	0x33, 0x32, 0x63, 0x22, 0xff, 0x02, 0x0a, 0x0e, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x3d, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x42, 0x29, 0xe0, 0x41, 0x02, 0xfa, 0x41, 0x23, 0x0a, 0x21, 0x63, 0x6c,
+	0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69,
+	0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x52,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0a, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74,
+	0x65, 0x78, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0a,
+	0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x12, 0x47, 0x0a, 0x1d, 0x61, 0x64,
+	0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74,
+	0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x0c, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x1b, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e,
+	0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x44,
+	0x61, 0x74, 0x61, 0x12, 0x4d, 0x0a, 0x11, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78,
+	0x74, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x03, 0xe0, 0x41, 0x01,
+	0x52, 0x10, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x43, 0x72, 0x63, 0x33,
+	0x32, 0x63, 0x12, 0x71, 0x0a, 0x24, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c,
+	0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x64,
+	0x61, 0x74, 0x61, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x03, 0xe0,
+	0x41, 0x01, 0x52, 0x21, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x41, 0x75,
+	0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x44, 0x61, 0x74, 0x61, 0x43,
+	0x72, 0x63, 0x33, 0x32, 0x63, 0x22, 0xba, 0x02, 0x0a, 0x15, 0x41, 0x73, 0x79, 0x6d, 0x6d, 0x65,
+	0x74, 0x72, 0x69, 0x63, 0x53, 0x69, 0x67, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
+	0x44, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x30, 0xe0,
+	0x41, 0x02, 0xfa, 0x41, 0x2a, 0x0a, 0x28, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43,
+	0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x38, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
+	0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x69, 0x67, 0x65,
+	0x73, 0x74, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12,
+	0x45, 0x0a, 0x0d, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63,
+	0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61,
+	0x6c, 0x75, 0x65, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x0c, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74,
+	0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x12, 0x17, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x06,
+	0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x12,
+	0x41, 0x0a, 0x0b, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x07,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75,
+	0x65, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x0a, 0x64, 0x61, 0x74, 0x61, 0x43, 0x72, 0x63, 0x33,
+	0x32, 0x63, 0x22, 0xd4, 0x01, 0x0a, 0x18, 0x41, 0x73, 0x79, 0x6d, 0x6d, 0x65, 0x74, 0x72, 0x69,
+	0x63, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
+	0x44, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x30, 0xe0,
+	0x41, 0x02, 0xfa, 0x41, 0x2a, 0x0a, 0x28, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43,
+	0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0a, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74,
+	0x65, 0x78, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0a,
+	0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x12, 0x4d, 0x0a, 0x11, 0x63, 0x69,
+	0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18,
+	0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c,
+	0x75, 0x65, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x10, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74,
+	0x65, 0x78, 0x74, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x22, 0xb2, 0x01, 0x0a, 0x0e, 0x4d, 0x61,
+	0x63, 0x53, 0x69, 0x67, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x44, 0x0a, 0x04,
 	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x30, 0xe0, 0x41, 0x02, 0xfa,
 	0x41, 0x2a, 0x0a, 0x28, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x2e, 0x67, 0x6f, 0x6f,
 	0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x72, 0x79, 0x70,
 	0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x04, 0x6e, 0x61,
-	0x6d, 0x65, 0x22, 0x66, 0x0a, 0x1e, 0x52, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x43, 0x72, 0x79,
-	0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x12, 0x44, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x42, 0x30, 0xe0, 0x41, 0x02, 0xfa, 0x41, 0x2a, 0x0a, 0x28, 0x63, 0x6c, 0x6f, 0x75,
-	0x64, 0x6b, 0x6d, 0x73, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e,
-	0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72,
-	0x73, 0x69, 0x6f, 0x6e, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0xdb, 0x02, 0x0a, 0x0e, 0x45,
-	0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1d, 0x0a,
-	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x09, 0xe0, 0x41, 0x02,
-	0xfa, 0x41, 0x03, 0x0a, 0x01, 0x2a, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x21, 0x0a, 0x09,
-	0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x42,
-	0x03, 0xe0, 0x41, 0x02, 0x52, 0x09, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12,
-	0x47, 0x0a, 0x1d, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x61, 0x75,
-	0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x64, 0x61, 0x74, 0x61,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x1b, 0x61, 0x64, 0x64,
-	0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63,
-	0x61, 0x74, 0x65, 0x64, 0x44, 0x61, 0x74, 0x61, 0x12, 0x4b, 0x0a, 0x10, 0x70, 0x6c, 0x61, 0x69,
-	0x6e, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x07, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x42,
-	0x03, 0xe0, 0x41, 0x01, 0x52, 0x0f, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x43,
-	0x72, 0x63, 0x33, 0x32, 0x63, 0x12, 0x71, 0x0a, 0x24, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f,
-	0x6e, 0x61, 0x6c, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65,
-	0x64, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x08, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65,
-	0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x21, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61,
-	0x6c, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x44, 0x61,
-	0x74, 0x61, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x22, 0xff, 0x02, 0x0a, 0x0e, 0x44, 0x65, 0x63,
-	0x72, 0x79, 0x70, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x3d, 0x0a, 0x04, 0x6e,
-	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x29, 0xe0, 0x41, 0x02, 0xfa, 0x41,
-	0x23, 0x0a, 0x21, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x72, 0x79, 0x70, 0x74,
-	0x6f, 0x4b, 0x65, 0x79, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0a, 0x63, 0x69,
-	0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03,
-	0xe0, 0x41, 0x02, 0x52, 0x0a, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x12,
-	0x47, 0x0a, 0x1d, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x61, 0x75,
-	0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x64, 0x61, 0x74, 0x61,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x1b, 0x61, 0x64, 0x64,
-	0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63,
-	0x61, 0x74, 0x65, 0x64, 0x44, 0x61, 0x74, 0x61, 0x12, 0x4d, 0x0a, 0x11, 0x63, 0x69, 0x70, 0x68,
-	0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x05, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65,
-	0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x10, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78,
-	0x74, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x12, 0x71, 0x0a, 0x24, 0x61, 0x64, 0x64, 0x69, 0x74,
-	0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61,
-	0x74, 0x65, 0x64, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18,
-	0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c,
-	0x75, 0x65, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x21, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f,
-	0x6e, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64,
-	0x44, 0x61, 0x74, 0x61, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x22, 0xba, 0x02, 0x0a, 0x15, 0x41,
-	0x73, 0x79, 0x6d, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x53, 0x69, 0x67, 0x6e, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x12, 0x44, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x42, 0x30, 0xe0, 0x41, 0x02, 0xfa, 0x41, 0x2a, 0x0a, 0x28, 0x63, 0x6c, 0x6f, 0x75,
-	0x64, 0x6b, 0x6d, 0x73, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e,
-	0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72,
-	0x73, 0x69, 0x6f, 0x6e, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x38, 0x0a, 0x06, 0x64, 0x69,
-	0x67, 0x65, 0x73, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31,
-	0x2e, 0x44, 0x69, 0x67, 0x65, 0x73, 0x74, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x06, 0x64, 0x69,
-	0x67, 0x65, 0x73, 0x74, 0x12, 0x45, 0x0a, 0x0d, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x5f, 0x63,
-	0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e,
-	0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x0c, 0x64,
-	0x69, 0x67, 0x65, 0x73, 0x74, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x12, 0x17, 0x0a, 0x04, 0x64,
-	0x61, 0x74, 0x61, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x04,
-	0x64, 0x61, 0x74, 0x61, 0x12, 0x41, 0x0a, 0x0b, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x63, 0x72, 0x63,
-	0x33, 0x32, 0x63, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6d, 0x65, 0x12, 0x17, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c,
+	0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x12, 0x41, 0x0a, 0x0b, 0x64,
+	0x61, 0x74, 0x61, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x03, 0xe0,
+	0x41, 0x01, 0x52, 0x0a, 0x64, 0x61, 0x74, 0x61, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x22, 0x8c,
+	0x02, 0x0a, 0x10, 0x4d, 0x61, 0x63, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x12, 0x44, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x42, 0x30, 0xe0, 0x41, 0x02, 0xfa, 0x41, 0x2a, 0x0a, 0x28, 0x63, 0x6c, 0x6f, 0x75, 0x64,
+	0x6b, 0x6d, 0x73, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63,
+	0x6f, 0x6d, 0x2f, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73,
+	0x69, 0x6f, 0x6e, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x17, 0x0a, 0x04, 0x64, 0x61, 0x74,
+	0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x64, 0x61,
+	0x74, 0x61, 0x12, 0x41, 0x0a, 0x0b, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32,
+	0x63, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56,
+	0x61, 0x6c, 0x75, 0x65, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x0a, 0x64, 0x61, 0x74, 0x61, 0x43,
+	0x72, 0x63, 0x33, 0x32, 0x63, 0x12, 0x15, 0x0a, 0x03, 0x6d, 0x61, 0x63, 0x18, 0x04, 0x20, 0x01,
+	0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x03, 0x6d, 0x61, 0x63, 0x12, 0x3f, 0x0a, 0x0a,
+	0x6d, 0x61, 0x63, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x03, 0xe0,
+	0x41, 0x01, 0x52, 0x09, 0x6d, 0x61, 0x63, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x22, 0xac, 0x01,
+	0x0a, 0x1a, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x52, 0x61, 0x6e, 0x64, 0x6f, 0x6d,
+	0x42, 0x79, 0x74, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08,
+	0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08,
+	0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x21, 0x0a, 0x0c, 0x6c, 0x65, 0x6e, 0x67,
+	0x74, 0x68, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0b,
+	0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x42, 0x79, 0x74, 0x65, 0x73, 0x12, 0x4f, 0x0a, 0x10, 0x70,
+	0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
+	0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x74,
+	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x0f, 0x70, 0x72, 0x6f,
+	0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x22, 0xfe, 0x02, 0x0a,
+	0x0f, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+	0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
+	0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65,
+	0x78, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0a, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72,
+	0x74, 0x65, 0x78, 0x74, 0x12, 0x48, 0x0a, 0x11, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65,
+	0x78, 0x74, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x10, 0x63, 0x69,
+	0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x12, 0x3a,
+	0x0a, 0x19, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x70, 0x6c, 0x61, 0x69, 0x6e,
+	0x74, 0x65, 0x78, 0x74, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x05, 0x20, 0x01, 0x28,
+	0x08, 0x52, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x50, 0x6c, 0x61, 0x69, 0x6e,
+	0x74, 0x65, 0x78, 0x74, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x12, 0x60, 0x0a, 0x2d, 0x76, 0x65,
+	0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61,
+	0x6c, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f,
+	0x64, 0x61, 0x74, 0x61, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x06, 0x20, 0x01, 0x28,
+	0x08, 0x52, 0x29, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x41, 0x64, 0x64, 0x69, 0x74,
+	0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74,
+	0x65, 0x64, 0x44, 0x61, 0x74, 0x61, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x12, 0x4f, 0x0a, 0x10,
+	0x70, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c,
+	0x18, 0x07, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x6f,
+	0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x0f, 0x70, 0x72,
+	0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x22, 0xeb, 0x01,
+	0x0a, 0x0f, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x12, 0x1c, 0x0a, 0x09, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12,
+	0x46, 0x0a, 0x10, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x63, 0x72, 0x63,
+	0x33, 0x32, 0x63, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
 	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74, 0x36,
-	0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x0a, 0x64, 0x61, 0x74,
-	0x61, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x22, 0xd4, 0x01, 0x0a, 0x18, 0x41, 0x73, 0x79, 0x6d,
-	0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x12, 0x44, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x42, 0x30, 0xe0, 0x41, 0x02, 0xfa, 0x41, 0x2a, 0x0a, 0x28, 0x63, 0x6c, 0x6f, 0x75,
-	0x64, 0x6b, 0x6d, 0x73, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e,
-	0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72,
-	0x73, 0x69, 0x6f, 0x6e, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0a, 0x63, 0x69,
-	0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03,
-	0xe0, 0x41, 0x02, 0x52, 0x0a, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x12,
-	0x4d, 0x0a, 0x11, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x63, 0x72,
-	0x63, 0x33, 0x32, 0x63, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74,
-	0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x10, 0x63, 0x69,
-	0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x22, 0xb2,
-	0x01, 0x0a, 0x0e, 0x4d, 0x61, 0x63, 0x53, 0x69, 0x67, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
-	0x74, 0x12, 0x44, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42,
-	0x30, 0xe0, 0x41, 0x02, 0xfa, 0x41, 0x2a, 0x0a, 0x28, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d,
-	0x73, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d,
-	0x2f, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f,
-	0x6e, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x17, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61,
-	0x12, 0x41, 0x0a, 0x0b, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18,
-	0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c,
-	0x75, 0x65, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x0a, 0x64, 0x61, 0x74, 0x61, 0x43, 0x72, 0x63,
-	0x33, 0x32, 0x63, 0x22, 0x8c, 0x02, 0x0a, 0x10, 0x4d, 0x61, 0x63, 0x56, 0x65, 0x72, 0x69, 0x66,
-	0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x44, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x30, 0xe0, 0x41, 0x02, 0xfa, 0x41, 0x2a, 0x0a, 0x28,
-	0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61,
-	0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65,
-	0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x17,
-	0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41,
-	0x02, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x12, 0x41, 0x0a, 0x0b, 0x64, 0x61, 0x74, 0x61, 0x5f,
-	0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49,
-	0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x0a,
-	0x64, 0x61, 0x74, 0x61, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x12, 0x15, 0x0a, 0x03, 0x6d, 0x61,
-	0x63, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x03, 0x6d, 0x61,
-	0x63, 0x12, 0x3f, 0x0a, 0x0a, 0x6d, 0x61, 0x63, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18,
-	0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c,
-	0x75, 0x65, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x09, 0x6d, 0x61, 0x63, 0x43, 0x72, 0x63, 0x33,
-	0x32, 0x63, 0x22, 0xac, 0x01, 0x0a, 0x1a, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x52,
-	0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x42, 0x79, 0x74, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
-	0x74, 0x12, 0x1a, 0x0a, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x21, 0x0a,
-	0x0c, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x05, 0x52, 0x0b, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x42, 0x79, 0x74, 0x65, 0x73,
-	0x12, 0x4f, 0x0a, 0x10, 0x70, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6c,
-	0x65, 0x76, 0x65, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31,
-	0x2e, 0x50, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c,
-	0x52, 0x0f, 0x70, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65,
-	0x6c, 0x22, 0xfe, 0x02, 0x0a, 0x0f, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65, 0x73,
-	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x63, 0x69, 0x70,
-	0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0a, 0x63,
-	0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x12, 0x48, 0x0a, 0x11, 0x63, 0x69, 0x70,
-	0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x04,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75,
-	0x65, 0x52, 0x10, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x43, 0x72, 0x63,
-	0x33, 0x32, 0x63, 0x12, 0x3a, 0x0a, 0x19, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f,
-	0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63,
-	0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64,
-	0x50, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x12,
-	0x60, 0x0a, 0x2d, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x69,
-	0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63,
-	0x61, 0x74, 0x65, 0x64, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63,
-	0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x29, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64,
-	0x41, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e,
-	0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x44, 0x61, 0x74, 0x61, 0x43, 0x72, 0x63, 0x33, 0x32,
-	0x63, 0x12, 0x4f, 0x0a, 0x10, 0x70, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f,
-	0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76,
-	0x31, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65,
-	0x6c, 0x52, 0x0f, 0x70, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76,
-	0x65, 0x6c, 0x22, 0xeb, 0x01, 0x0a, 0x0f, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65,
-	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74,
-	0x65, 0x78, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x70, 0x6c, 0x61, 0x69, 0x6e,
-	0x74, 0x65, 0x78, 0x74, 0x12, 0x46, 0x0a, 0x10, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78,
-	0x74, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b,
+	0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0f, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78,
+	0x74, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x12, 0x21, 0x0a, 0x0c, 0x75, 0x73, 0x65, 0x64, 0x5f,
+	0x70, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x75,
+	0x73, 0x65, 0x64, 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x12, 0x4f, 0x0a, 0x10, 0x70, 0x72,
+	0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x04,
+	0x20, 0x01, 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c,
+	0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x0f, 0x70, 0x72, 0x6f, 0x74,
+	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x22, 0xcb, 0x02, 0x0a, 0x16,
+	0x41, 0x73, 0x79, 0x6d, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x53, 0x69, 0x67, 0x6e, 0x52, 0x65,
+	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74,
+	0x75, 0x72, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61,
+	0x74, 0x75, 0x72, 0x65, 0x12, 0x46, 0x0a, 0x10, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72,
+	0x65, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b,
 	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0f, 0x70, 0x6c, 0x61,
-	0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x12, 0x21, 0x0a, 0x0c,
-	0x75, 0x73, 0x65, 0x64, 0x5f, 0x70, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x18, 0x03, 0x20, 0x01,
-	0x28, 0x08, 0x52, 0x0b, 0x75, 0x73, 0x65, 0x64, 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x12,
-	0x4f, 0x0a, 0x10, 0x70, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6c, 0x65,
-	0x76, 0x65, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e,
-	0x50, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52,
-	0x0f, 0x70, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c,
-	0x22, 0xcb, 0x02, 0x0a, 0x16, 0x41, 0x73, 0x79, 0x6d, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x53,
-	0x69, 0x67, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x73,
-	0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09,
-	0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x12, 0x46, 0x0a, 0x10, 0x73, 0x69, 0x67,
-	0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65,
-	0x52, 0x0f, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x43, 0x72, 0x63, 0x33, 0x32,
-	0x63, 0x12, 0x34, 0x0a, 0x16, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x64, 0x69,
-	0x67, 0x65, 0x73, 0x74, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x08, 0x52, 0x14, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x44, 0x69, 0x67, 0x65, 0x73,
-	0x74, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18,
-	0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x30, 0x0a, 0x14, 0x76,
-	0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x63, 0x72, 0x63,
-	0x33, 0x32, 0x63, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x76, 0x65, 0x72, 0x69, 0x66,
-	0x69, 0x65, 0x64, 0x44, 0x61, 0x74, 0x61, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x12, 0x4f, 0x0a,
-	0x10, 0x70, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6c, 0x65, 0x76, 0x65,
-	0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72,
-	0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x0f, 0x70,
-	0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x22, 0x90,
-	0x02, 0x0a, 0x19, 0x41, 0x73, 0x79, 0x6d, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x44, 0x65, 0x63,
-	0x72, 0x79, 0x70, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1c, 0x0a, 0x09,
-	0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52,
-	0x09, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x46, 0x0a, 0x10, 0x70, 0x6c,
-	0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75,
-	0x65, 0x52, 0x0f, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x43, 0x72, 0x63, 0x33,
-	0x32, 0x63, 0x12, 0x3c, 0x0a, 0x1a, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x63,
-	0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x18, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64,
-	0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63,
-	0x12, 0x4f, 0x0a, 0x10, 0x70, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6c,
-	0x65, 0x76, 0x65, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31,
-	0x2e, 0x50, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c,
-	0x52, 0x0f, 0x70, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65,
-	0x6c, 0x22, 0xf6, 0x01, 0x0a, 0x0f, 0x4d, 0x61, 0x63, 0x53, 0x69, 0x67, 0x6e, 0x52, 0x65, 0x73,
-	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x61, 0x63,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x6d, 0x61, 0x63, 0x12, 0x3a, 0x0a, 0x0a, 0x6d,
-	0x61, 0x63, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0f, 0x73, 0x69, 0x67,
+	0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x12, 0x34, 0x0a, 0x16,
+	0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x5f,
+	0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x14, 0x76, 0x65,
+	0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x44, 0x69, 0x67, 0x65, 0x73, 0x74, 0x43, 0x72, 0x63, 0x33,
+	0x32, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x30, 0x0a, 0x14, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69,
+	0x65, 0x64, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x05,
+	0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x44, 0x61,
+	0x74, 0x61, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x12, 0x4f, 0x0a, 0x10, 0x70, 0x72, 0x6f, 0x74,
+	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x06, 0x20, 0x01,
+	0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75,
+	0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74,
+	0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x0f, 0x70, 0x72, 0x6f, 0x74, 0x65, 0x63,
+	0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x22, 0x90, 0x02, 0x0a, 0x19, 0x41, 0x73,
+	0x79, 0x6d, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x70, 0x6c, 0x61, 0x69, 0x6e,
+	0x74, 0x65, 0x78, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x70, 0x6c, 0x61, 0x69,
+	0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x46, 0x0a, 0x10, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65,
+	0x78, 0x74, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
 	0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
-	0x66, 0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x09, 0x6d, 0x61,
-	0x63, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x12, 0x30, 0x0a, 0x14, 0x76, 0x65, 0x72, 0x69, 0x66,
-	0x69, 0x65, 0x64, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18,
-	0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x44,
-	0x61, 0x74, 0x61, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x12, 0x4f, 0x0a, 0x10, 0x70, 0x72, 0x6f,
-	0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x05, 0x20,
+	0x66, 0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0f, 0x70, 0x6c,
+	0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x12, 0x3c, 0x0a,
+	0x1a, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72,
+	0x74, 0x65, 0x78, 0x74, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x08, 0x52, 0x18, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x43, 0x69, 0x70, 0x68, 0x65,
+	0x72, 0x74, 0x65, 0x78, 0x74, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x12, 0x4f, 0x0a, 0x10, 0x70,
+	0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18,
+	0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
+	0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x74,
+	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x0f, 0x70, 0x72, 0x6f,
+	0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x22, 0xf6, 0x01, 0x0a,
+	0x0f, 0x4d, 0x61, 0x63, 0x53, 0x69, 0x67, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+	0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
+	0x6e, 0x61, 0x6d, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x61, 0x63, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x0c, 0x52, 0x03, 0x6d, 0x61, 0x63, 0x12, 0x3a, 0x0a, 0x0a, 0x6d, 0x61, 0x63, 0x5f, 0x63, 0x72,
+	0x63, 0x33, 0x32, 0x63, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74,
+	0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x09, 0x6d, 0x61, 0x63, 0x43, 0x72, 0x63, 0x33,
+	0x32, 0x63, 0x12, 0x30, 0x0a, 0x14, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x64,
+	0x61, 0x74, 0x61, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08,
+	0x52, 0x12, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x44, 0x61, 0x74, 0x61, 0x43, 0x72,
+	0x63, 0x33, 0x32, 0x63, 0x12, 0x4f, 0x0a, 0x10, 0x70, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x24,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d,
+	0x73, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c,
+	0x65, 0x76, 0x65, 0x6c, 0x52, 0x0f, 0x70, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+	0x4c, 0x65, 0x76, 0x65, 0x6c, 0x22, 0xb2, 0x02, 0x0a, 0x11, 0x4d, 0x61, 0x63, 0x56, 0x65, 0x72,
+	0x69, 0x66, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e,
+	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12,
+	0x18, 0x0a, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08,
+	0x52, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x30, 0x0a, 0x14, 0x76, 0x65, 0x72,
+	0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32,
+	0x63, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65,
+	0x64, 0x44, 0x61, 0x74, 0x61, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x12, 0x2e, 0x0a, 0x13, 0x76,
+	0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x6d, 0x61, 0x63, 0x5f, 0x63, 0x72, 0x63, 0x33,
+	0x32, 0x63, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69,
+	0x65, 0x64, 0x4d, 0x61, 0x63, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x12, 0x3c, 0x0a, 0x1a, 0x76,
+	0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f,
+	0x69, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x69, 0x74, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52,
+	0x18, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73,
+	0x49, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x69, 0x74, 0x79, 0x12, 0x4f, 0x0a, 0x10, 0x70, 0x72, 0x6f,
+	0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x06, 0x20,
 	0x01, 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f,
 	0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x65, 0x63,
 	0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x0f, 0x70, 0x72, 0x6f, 0x74, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x22, 0xb2, 0x02, 0x0a, 0x11, 0x4d,
-	0x61, 0x63, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
-	0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
-	0x6e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x30,
-	0x0a, 0x14, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x5f,
-	0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x76, 0x65,
-	0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x44, 0x61, 0x74, 0x61, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63,
-	0x12, 0x2e, 0x0a, 0x13, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x6d, 0x61, 0x63,
-	0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x76,
-	0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x4d, 0x61, 0x63, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63,
-	0x12, 0x3c, 0x0a, 0x1a, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x73, 0x75, 0x63,
-	0x63, 0x65, 0x73, 0x73, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x69, 0x74, 0x79, 0x18, 0x05,
-	0x20, 0x01, 0x28, 0x08, 0x52, 0x18, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x53, 0x75,
-	0x63, 0x63, 0x65, 0x73, 0x73, 0x49, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x69, 0x74, 0x79, 0x12, 0x4f,
-	0x0a, 0x10, 0x70, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6c, 0x65, 0x76,
-	0x65, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x50,
-	0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x0f,
-	0x70, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x22,
-	0x6f, 0x0a, 0x1b, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x52, 0x61, 0x6e, 0x64, 0x6f,
-	0x6d, 0x42, 0x79, 0x74, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x12,
-	0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x64, 0x61,
-	0x74, 0x61, 0x12, 0x3c, 0x0a, 0x0b, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32,
-	0x63, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56,
-	0x61, 0x6c, 0x75, 0x65, 0x52, 0x0a, 0x64, 0x61, 0x74, 0x61, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63,
-	0x22, 0x60, 0x0a, 0x06, 0x44, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x06, 0x73, 0x68,
-	0x61, 0x32, 0x35, 0x36, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x06, 0x73, 0x68,
-	0x61, 0x32, 0x35, 0x36, 0x12, 0x18, 0x0a, 0x06, 0x73, 0x68, 0x61, 0x33, 0x38, 0x34, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x06, 0x73, 0x68, 0x61, 0x33, 0x38, 0x34, 0x12, 0x18,
-	0x0a, 0x06, 0x73, 0x68, 0x61, 0x35, 0x31, 0x32, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00,
-	0x52, 0x06, 0x73, 0x68, 0x61, 0x35, 0x31, 0x32, 0x42, 0x08, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65,
-	0x73, 0x74, 0x22, 0x5c, 0x0a, 0x10, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65,
-	0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x23, 0x0a, 0x0d, 0x68, 0x73, 0x6d, 0x5f, 0x61, 0x76,
-	0x61, 0x69, 0x6c, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x68,
-	0x73, 0x6d, 0x41, 0x76, 0x61, 0x69, 0x6c, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x65,
-	0x6b, 0x6d, 0x5f, 0x61, 0x76, 0x61, 0x69, 0x6c, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x08, 0x52, 0x0c, 0x65, 0x6b, 0x6d, 0x41, 0x76, 0x61, 0x69, 0x6c, 0x61, 0x62, 0x6c, 0x65,
-	0x32, 0x86, 0x2b, 0x0a, 0x14, 0x4b, 0x65, 0x79, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65,
-	0x6e, 0x74, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0xa2, 0x01, 0x0a, 0x0c, 0x4c, 0x69,
-	0x73, 0x74, 0x4b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x28, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31,
-	0x2e, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x1a, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c,
-	0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x4b,
-	0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
-	0x3d, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x2e, 0x12, 0x2c, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x70, 0x61,
-	0x72, 0x65, 0x6e, 0x74, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f,
-	0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x7d, 0x2f, 0x6b, 0x65, 0x79,
-	0x52, 0x69, 0x6e, 0x67, 0x73, 0xda, 0x41, 0x06, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x12, 0xb5,
-	0x01, 0x0a, 0x0e, 0x4c, 0x69, 0x73, 0x74, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79,
-	0x73, 0x12, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64,
-	0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x43, 0x72, 0x79, 0x70,
-	0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2b, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73,
-	0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65,
-	0x79, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x4a, 0x82, 0xd3, 0xe4, 0x93,
-	0x02, 0x3b, 0x12, 0x39, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x3d,
-	0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f,
-	0x2a, 0x7d, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73, 0xda, 0x41, 0x06,
-	0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x12, 0xde, 0x01, 0x0a, 0x15, 0x4c, 0x69, 0x73, 0x74, 0x43,
-	0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73,
-	0x12, 0x31, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e,
-	0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x43, 0x72, 0x79, 0x70, 0x74,
-	0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x1a, 0x32, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f,
-	0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x43, 0x72,
-	0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x5e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x4f, 0x12,
-	0x4d, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x3d, 0x70, 0x72, 0x6f,
-	0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x2f, 0x2a, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x2f, 0x63,
-	0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73, 0x2f, 0x2a, 0x7d, 0x2f, 0x63, 0x72, 0x79,
-	0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0xda, 0x41,
-	0x06, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x12, 0xb5, 0x01, 0x0a, 0x0e, 0x4c, 0x69, 0x73, 0x74,
-	0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x73, 0x12, 0x2a, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31,
-	0x2e, 0x4c, 0x69, 0x73, 0x74, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x73, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73,
-	0x74, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f,
-	0x6e, 0x73, 0x65, 0x22, 0x4a, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x3b, 0x12, 0x39, 0x2f, 0x76, 0x31,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x22, 0x6f, 0x0a, 0x1b, 0x47, 0x65,
+	0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x52, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x42, 0x79, 0x74, 0x65,
+	0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x61, 0x74,
+	0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x12, 0x3c, 0x0a,
+	0x0b, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x63, 0x72, 0x63, 0x33, 0x32, 0x63, 0x18, 0x03, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x49, 0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52,
+	0x0a, 0x64, 0x61, 0x74, 0x61, 0x43, 0x72, 0x63, 0x33, 0x32, 0x63, 0x22, 0x60, 0x0a, 0x06, 0x44,
+	0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x06, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x06, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x12,
+	0x18, 0x0a, 0x06, 0x73, 0x68, 0x61, 0x33, 0x38, 0x34, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x48,
+	0x00, 0x52, 0x06, 0x73, 0x68, 0x61, 0x33, 0x38, 0x34, 0x12, 0x18, 0x0a, 0x06, 0x73, 0x68, 0x61,
+	0x35, 0x31, 0x32, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x06, 0x73, 0x68, 0x61,
+	0x35, 0x31, 0x32, 0x42, 0x08, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x22, 0x5c, 0x0a,
+	0x10, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74,
+	0x61, 0x12, 0x23, 0x0a, 0x0d, 0x68, 0x73, 0x6d, 0x5f, 0x61, 0x76, 0x61, 0x69, 0x6c, 0x61, 0x62,
+	0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x68, 0x73, 0x6d, 0x41, 0x76, 0x61,
+	0x69, 0x6c, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x65, 0x6b, 0x6d, 0x5f, 0x61, 0x76,
+	0x61, 0x69, 0x6c, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x65,
+	0x6b, 0x6d, 0x41, 0x76, 0x61, 0x69, 0x6c, 0x61, 0x62, 0x6c, 0x65, 0x32, 0x86, 0x2b, 0x0a, 0x14,
+	0x4b, 0x65, 0x79, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x72,
+	0x76, 0x69, 0x63, 0x65, 0x12, 0xa2, 0x01, 0x0a, 0x0c, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79,
+	0x52, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x28, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
+	0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74,
+	0x4b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+	0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b,
+	0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x52, 0x69, 0x6e,
+	0x67, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x3d, 0xda, 0x41, 0x06, 0x70,
+	0x61, 0x72, 0x65, 0x6e, 0x74, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x2e, 0x12, 0x2c, 0x2f, 0x76, 0x31,
 	0x2f, 0x7b, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74,
-	0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f,
-	0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x7d, 0x2f, 0x69, 0x6d, 0x70, 0x6f,
-	0x72, 0x74, 0x4a, 0x6f, 0x62, 0x73, 0xda, 0x41, 0x06, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x12,
-	0x8f, 0x01, 0x0a, 0x0a, 0x47, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x12, 0x26,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d,
-	0x73, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4b, 0x65, 0x79,
-	0x52, 0x69, 0x6e, 0x67, 0x22, 0x3b, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x2e, 0x12, 0x2c, 0x2f, 0x76,
-	0x31, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73,
-	0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x6b,
-	0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x7d, 0xda, 0x41, 0x04, 0x6e, 0x61, 0x6d,
-	0x65, 0x12, 0xa2, 0x01, 0x0a, 0x0c, 0x47, 0x65, 0x74, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b,
-	0x65, 0x79, 0x12, 0x28, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75,
-	0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x43, 0x72, 0x79, 0x70,
-	0x74, 0x6f, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x67,
+	0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x7d,
+	0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x12, 0xb5, 0x01, 0x0a, 0x0e, 0x4c, 0x69,
+	0x73, 0x74, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73, 0x12, 0x2a, 0x2e, 0x67,
 	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e,
-	0x76, 0x31, 0x2e, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x22, 0x48, 0x82, 0xd3,
-	0xe4, 0x93, 0x02, 0x3b, 0x12, 0x39, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x3d,
-	0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f,
-	0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73, 0x2f, 0x2a, 0x7d, 0xda,
-	0x41, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0xcb, 0x01, 0x0a, 0x13, 0x47, 0x65, 0x74, 0x43, 0x72,
-	0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x2f,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d,
-	0x73, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65,
-	0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b,
-	0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56,
-	0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x5c, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x4f, 0x12, 0x4d,
-	0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63,
-	0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a,
-	0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70,
-	0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b,
-	0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x7d, 0xda, 0x41, 0x04,
-	0x6e, 0x61, 0x6d, 0x65, 0x12, 0xc0, 0x01, 0x0a, 0x0c, 0x47, 0x65, 0x74, 0x50, 0x75, 0x62, 0x6c,
-	0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x28, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
-	0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x50,
-	0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b,
-	0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x22,
-	0x66, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x59, 0x12, 0x57, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x6e, 0x61,
-	0x6d, 0x65, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f,
-	0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e,
-	0x67, 0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73, 0x2f,
-	0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69,
-	0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x7d, 0x2f, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79,
-	0xda, 0x41, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0xa2, 0x01, 0x0a, 0x0c, 0x47, 0x65, 0x74, 0x49,
-	0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x12, 0x28, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x47,
-	0x65, 0x74, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75,
-	0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a,
-	0x6f, 0x62, 0x22, 0x48, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x3b, 0x12, 0x39, 0x2f, 0x76, 0x31, 0x2f,
-	0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a,
-	0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x6b, 0x65, 0x79,
-	0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x2f, 0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f,
-	0x62, 0x73, 0x2f, 0x2a, 0x7d, 0xda, 0x41, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0xb6, 0x01, 0x0a,
-	0x0d, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x12, 0x29,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d,
-	0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x69,
-	0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e,
-	0x4b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x22, 0x5c, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x38, 0x22,
-	0x2c, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x3d, 0x70, 0x72, 0x6f,
-	0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x2f, 0x2a, 0x7d, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x3a, 0x08, 0x6b,
-	0x65, 0x79, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0xda, 0x41, 0x1b, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74,
-	0x2c, 0x6b, 0x65, 0x79, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x69, 0x64, 0x2c, 0x6b, 0x65, 0x79,
-	0x5f, 0x72, 0x69, 0x6e, 0x67, 0x12, 0xcf, 0x01, 0x0a, 0x0f, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65,
-	0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x12, 0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e,
-	0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x79,
-	0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x22, 0x6f, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x47, 0x22, 0x39,
-	0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x3d, 0x70, 0x72, 0x6f, 0x6a,
-	0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x2f, 0x2a, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x7d, 0x2f, 0x63,
-	0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73, 0x3a, 0x0a, 0x63, 0x72, 0x79, 0x70, 0x74,
-	0x6f, 0x5f, 0x6b, 0x65, 0x79, 0xda, 0x41, 0x1f, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x2c, 0x63,
-	0x72, 0x79, 0x70, 0x74, 0x6f, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x69, 0x64, 0x2c, 0x63, 0x72, 0x79,
-	0x70, 0x74, 0x6f, 0x5f, 0x6b, 0x65, 0x79, 0x12, 0xfb, 0x01, 0x0a, 0x16, 0x43, 0x72, 0x65, 0x61,
-	0x74, 0x65, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69,
-	0x6f, 0x6e, 0x12, 0x32, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75,
-	0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43,
-	0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x79,
-	0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x85, 0x01,
-	0x82, 0xd3, 0xe4, 0x93, 0x02, 0x63, 0x22, 0x4d, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x70, 0x61, 0x72,
+	0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79,
+	0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4c,
+	0x69, 0x73, 0x74, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x73,
+	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x4a, 0xda, 0x41, 0x06, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74,
+	0x82, 0xd3, 0xe4, 0x93, 0x02, 0x3b, 0x12, 0x39, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x70, 0x61, 0x72,
 	0x65, 0x6e, 0x74, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c,
 	0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69,
-	0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73,
-	0x2f, 0x2a, 0x7d, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72,
-	0x73, 0x69, 0x6f, 0x6e, 0x73, 0x3a, 0x12, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x5f, 0x6b, 0x65,
-	0x79, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0xda, 0x41, 0x19, 0x70, 0x61, 0x72, 0x65,
-	0x6e, 0x74, 0x2c, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x76, 0x65,
-	0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0xd4, 0x01, 0x0a, 0x16, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74,
-	0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e,
-	0x12, 0x32, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e,
-	0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x43, 0x72, 0x79,
-	0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c,
-	0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x79, 0x70, 0x74,
-	0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x5f, 0x82, 0xd3, 0xe4,
-	0x93, 0x02, 0x59, 0x22, 0x54, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74,
+	0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x7d, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79,
+	0x73, 0x12, 0xde, 0x01, 0x0a, 0x15, 0x4c, 0x69, 0x73, 0x74, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f,
+	0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x31, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76,
+	0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56,
+	0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x32,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d,
+	0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b,
+	0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+	0x73, 0x65, 0x22, 0x5e, 0xda, 0x41, 0x06, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x82, 0xd3, 0xe4,
+	0x93, 0x02, 0x4f, 0x12, 0x4d, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74,
 	0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61,
 	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73,
 	0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73, 0x2f, 0x2a, 0x7d,
 	0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f,
-	0x6e, 0x73, 0x3a, 0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x3a, 0x01, 0x2a, 0x12, 0xcf, 0x01, 0x0a,
-	0x0f, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62,
-	0x12, 0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e,
-	0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x49, 0x6d, 0x70,
+	0x6e, 0x73, 0x12, 0xb5, 0x01, 0x0a, 0x0e, 0x4c, 0x69, 0x73, 0x74, 0x49, 0x6d, 0x70, 0x6f, 0x72,
+	0x74, 0x4a, 0x6f, 0x62, 0x73, 0x12, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
+	0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74,
+	0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x1a, 0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64,
+	0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x49, 0x6d, 0x70, 0x6f,
+	0x72, 0x74, 0x4a, 0x6f, 0x62, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x4a,
+	0xda, 0x41, 0x06, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x3b, 0x12,
+	0x39, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x3d, 0x70, 0x72, 0x6f,
+	0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x2f, 0x2a, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x7d, 0x2f,
+	0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x73, 0x12, 0x8f, 0x01, 0x0a, 0x0a, 0x47,
+	0x65, 0x74, 0x4b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x12, 0x26, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e,
+	0x47, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x1a, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64,
+	0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x22,
+	0x3b, 0xda, 0x41, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x2e, 0x12, 0x2c,
+	0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63,
+	0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a,
+	0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x7d, 0x12, 0xa2, 0x01, 0x0a,
+	0x0c, 0x47, 0x65, 0x74, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x12, 0x28, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73,
+	0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72,
+	0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x22, 0x48, 0xda, 0x41, 0x04, 0x6e, 0x61, 0x6d, 0x65,
+	0x82, 0xd3, 0xe4, 0x93, 0x02, 0x3b, 0x12, 0x39, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x6e, 0x61, 0x6d,
+	0x65, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67,
+	0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73, 0x2f, 0x2a,
+	0x7d, 0x12, 0xcb, 0x01, 0x0a, 0x13, 0x47, 0x65, 0x74, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b,
+	0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e,
+	0x47, 0x65, 0x74, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73,
+	0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31,
+	0x2e, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f,
+	0x6e, 0x22, 0x5c, 0xda, 0x41, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x4f,
+	0x12, 0x4d, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x70, 0x72, 0x6f, 0x6a,
+	0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x2f, 0x2a, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72,
+	0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74,
+	0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x7d, 0x12,
+	0xc0, 0x01, 0x0a, 0x0c, 0x47, 0x65, 0x74, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79,
+	0x12, 0x28, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e,
+	0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63,
+	0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31,
+	0x2e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x22, 0x66, 0xda, 0x41, 0x04, 0x6e,
+	0x61, 0x6d, 0x65, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x59, 0x12, 0x57, 0x2f, 0x76, 0x31, 0x2f, 0x7b,
+	0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f,
+	0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x6b, 0x65, 0x79, 0x52,
+	0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79,
+	0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72,
+	0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x7d, 0x2f, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b,
+	0x65, 0x79, 0x12, 0xa2, 0x01, 0x0a, 0x0c, 0x47, 0x65, 0x74, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74,
+	0x4a, 0x6f, 0x62, 0x12, 0x28, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f,
+	0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x49, 0x6d, 0x70,
 	0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e,
 	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73,
-	0x2e, 0x76, 0x31, 0x2e, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x22, 0x6f, 0x82,
-	0xd3, 0xe4, 0x93, 0x02, 0x47, 0x22, 0x39, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x70, 0x61, 0x72, 0x65,
-	0x6e, 0x74, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f,
-	0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e,
-	0x67, 0x73, 0x2f, 0x2a, 0x7d, 0x2f, 0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x73,
-	0x3a, 0x0a, 0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x6a, 0x6f, 0x62, 0xda, 0x41, 0x1f, 0x70,
-	0x61, 0x72, 0x65, 0x6e, 0x74, 0x2c, 0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x6a, 0x6f, 0x62,
-	0x5f, 0x69, 0x64, 0x2c, 0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x6a, 0x6f, 0x62, 0x12, 0xd1,
-	0x01, 0x0a, 0x0f, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b,
-	0x65, 0x79, 0x12, 0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75,
-	0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43,
-	0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b,
-	0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x22,
-	0x71, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x52, 0x32, 0x44, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x63, 0x72,
-	0x79, 0x70, 0x74, 0x6f, 0x5f, 0x6b, 0x65, 0x79, 0x2e, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x70, 0x72,
-	0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x2f,
-	0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73, 0x2f, 0x2a, 0x7d, 0x3a, 0x0a, 0x63,
-	0x72, 0x79, 0x70, 0x74, 0x6f, 0x5f, 0x6b, 0x65, 0x79, 0xda, 0x41, 0x16, 0x63, 0x72, 0x79, 0x70,
-	0x74, 0x6f, 0x5f, 0x6b, 0x65, 0x79, 0x2c, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x5f, 0x6d, 0x61,
-	0x73, 0x6b, 0x12, 0x93, 0x02, 0x0a, 0x16, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x72, 0x79,
+	0x2e, 0x76, 0x31, 0x2e, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x22, 0x48, 0xda,
+	0x41, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x3b, 0x12, 0x39, 0x2f, 0x76,
+	0x31, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73,
+	0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x6b,
+	0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x2f, 0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74,
+	0x4a, 0x6f, 0x62, 0x73, 0x2f, 0x2a, 0x7d, 0x12, 0xb6, 0x01, 0x0a, 0x0d, 0x43, 0x72, 0x65, 0x61,
+	0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x12, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e,
+	0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71,
+	0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c,
+	0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4b, 0x65, 0x79, 0x52, 0x69,
+	0x6e, 0x67, 0x22, 0x5c, 0xda, 0x41, 0x1b, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x2c, 0x6b, 0x65,
+	0x79, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x69, 0x64, 0x2c, 0x6b, 0x65, 0x79, 0x5f, 0x72, 0x69,
+	0x6e, 0x67, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x38, 0x3a, 0x08, 0x6b, 0x65, 0x79, 0x5f, 0x72, 0x69,
+	0x6e, 0x67, 0x22, 0x2c, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x3d,
+	0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x7d, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73,
+	0x12, 0xcf, 0x01, 0x0a, 0x0f, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x72, 0x79, 0x70, 0x74,
+	0x6f, 0x4b, 0x65, 0x79, 0x12, 0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c,
+	0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74,
+	0x65, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x1a, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64,
+	0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65,
+	0x79, 0x22, 0x6f, 0xda, 0x41, 0x1f, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x2c, 0x63, 0x72, 0x79,
+	0x70, 0x74, 0x6f, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x69, 0x64, 0x2c, 0x63, 0x72, 0x79, 0x70, 0x74,
+	0x6f, 0x5f, 0x6b, 0x65, 0x79, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x47, 0x3a, 0x0a, 0x63, 0x72, 0x79,
+	0x70, 0x74, 0x6f, 0x5f, 0x6b, 0x65, 0x79, 0x22, 0x39, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x70, 0x61,
+	0x72, 0x65, 0x6e, 0x74, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f,
+	0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x6b, 0x65, 0x79, 0x52,
+	0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x7d, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65,
+	0x79, 0x73, 0x12, 0xfb, 0x01, 0x0a, 0x16, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x72, 0x79,
 	0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x32, 0x2e,
 	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73,
-	0x2e, 0x76, 0x31, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f,
+	0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f,
 	0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
 	0x74, 0x1a, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64,
 	0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65,
-	0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x9d, 0x01, 0x82, 0xd3, 0xe4, 0x93, 0x02,
-	0x76, 0x32, 0x60, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x5f, 0x6b,
+	0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x85, 0x01, 0xda, 0x41, 0x19, 0x70, 0x61,
+	0x72, 0x65, 0x6e, 0x74, 0x2c, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x5f, 0x6b, 0x65, 0x79, 0x5f,
+	0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x63, 0x3a, 0x12, 0x63,
+	0x72, 0x79, 0x70, 0x74, 0x6f, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f,
+	0x6e, 0x22, 0x4d, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x3d, 0x70,
+	0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a,
+	0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73, 0x2f, 0x2a, 0x7d, 0x2f, 0x63,
+	0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73,
+	0x12, 0xd4, 0x01, 0x0a, 0x16, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x43, 0x72, 0x79, 0x70, 0x74,
+	0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x32, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76,
+	0x31, 0x2e, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65,
+	0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+	0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b,
+	0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56,
+	0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x5f, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x59, 0x3a, 0x01,
+	0x2a, 0x22, 0x54, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x3d, 0x70,
+	0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a,
+	0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73, 0x2f, 0x2a, 0x7d, 0x2f, 0x63,
+	0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73,
+	0x3a, 0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x12, 0xcf, 0x01, 0x0a, 0x0f, 0x43, 0x72, 0x65, 0x61,
+	0x74, 0x65, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x12, 0x2b, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76,
+	0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f,
+	0x62, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x49,
+	0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x22, 0x6f, 0xda, 0x41, 0x1f, 0x70, 0x61, 0x72,
+	0x65, 0x6e, 0x74, 0x2c, 0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x6a, 0x6f, 0x62, 0x5f, 0x69,
+	0x64, 0x2c, 0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x6a, 0x6f, 0x62, 0x82, 0xd3, 0xe4, 0x93,
+	0x02, 0x47, 0x3a, 0x0a, 0x69, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x6a, 0x6f, 0x62, 0x22, 0x39,
+	0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x3d, 0x70, 0x72, 0x6f, 0x6a,
+	0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x2f, 0x2a, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x7d, 0x2f, 0x69,
+	0x6d, 0x70, 0x6f, 0x72, 0x74, 0x4a, 0x6f, 0x62, 0x73, 0x12, 0xd1, 0x01, 0x0a, 0x0f, 0x55, 0x70,
+	0x64, 0x61, 0x74, 0x65, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x12, 0x2b, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73,
+	0x2e, 0x76, 0x31, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f,
+	0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31,
+	0x2e, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x22, 0x71, 0xda, 0x41, 0x16, 0x63,
+	0x72, 0x79, 0x70, 0x74, 0x6f, 0x5f, 0x6b, 0x65, 0x79, 0x2c, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65,
+	0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x52, 0x3a, 0x0a, 0x63, 0x72, 0x79,
+	0x70, 0x74, 0x6f, 0x5f, 0x6b, 0x65, 0x79, 0x32, 0x44, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x63, 0x72,
+	0x79, 0x70, 0x74, 0x6f, 0x5f, 0x6b, 0x65, 0x79, 0x2e, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x70, 0x72,
+	0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x2f,
+	0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73, 0x2f, 0x2a, 0x7d, 0x12, 0x93, 0x02,
+	0x0a, 0x16, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65,
+	0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x32, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x55,
+	0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65,
+	0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e,
+	0x76, 0x31, 0x2e, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73,
+	0x69, 0x6f, 0x6e, 0x22, 0x9d, 0x01, 0xda, 0x41, 0x1e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x5f,
+	0x6b, 0x65, 0x79, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x2c, 0x75, 0x70, 0x64, 0x61,
+	0x74, 0x65, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x76, 0x3a, 0x12, 0x63,
+	0x72, 0x79, 0x70, 0x74, 0x6f, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f,
+	0x6e, 0x32, 0x60, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x5f, 0x6b,
 	0x65, 0x79, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x2e, 0x6e, 0x61, 0x6d, 0x65, 0x3d,
 	0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74,
 	0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f,
 	0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73, 0x2f, 0x2a, 0x2f, 0x63,
 	0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73,
-	0x2f, 0x2a, 0x7d, 0x3a, 0x12, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x5f, 0x6b, 0x65, 0x79, 0x5f,
-	0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0xda, 0x41, 0x1e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f,
-	0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x2c, 0x75, 0x70, 0x64,
-	0x61, 0x74, 0x65, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x12, 0xf2, 0x01, 0x0a, 0x1d, 0x55, 0x70, 0x64,
-	0x61, 0x74, 0x65, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x50, 0x72, 0x69, 0x6d,
-	0x61, 0x72, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x39, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31,
-	0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79,
-	0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
-	0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x79, 0x70,
-	0x74, 0x6f, 0x4b, 0x65, 0x79, 0x22, 0x76, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x53, 0x22, 0x4e, 0x2f,
-	0x76, 0x31, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74,
-	0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f,
-	0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74,
-	0x6f, 0x4b, 0x65, 0x79, 0x73, 0x2f, 0x2a, 0x7d, 0x3a, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x50,
-	0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x3a, 0x01, 0x2a,
-	0xda, 0x41, 0x1a, 0x6e, 0x61, 0x6d, 0x65, 0x2c, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x5f, 0x6b,
-	0x65, 0x79, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x12, 0xde, 0x01,
-	0x0a, 0x17, 0x44, 0x65, 0x73, 0x74, 0x72, 0x6f, 0x79, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b,
-	0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x33, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x2f, 0x2a, 0x7d, 0x12, 0xf2, 0x01, 0x0a, 0x1d, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x72,
+	0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x56, 0x65,
+	0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x39, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
+	0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x70, 0x64, 0x61,
+	0x74, 0x65, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x50, 0x72, 0x69, 0x6d, 0x61,
+	0x72, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x1a, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e,
+	0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79,
+	0x22, 0x76, 0xda, 0x41, 0x1a, 0x6e, 0x61, 0x6d, 0x65, 0x2c, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f,
+	0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x82,
+	0xd3, 0xe4, 0x93, 0x02, 0x53, 0x3a, 0x01, 0x2a, 0x22, 0x4e, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x6e,
+	0x61, 0x6d, 0x65, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c,
+	0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69,
+	0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73,
+	0x2f, 0x2a, 0x7d, 0x3a, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72,
+	0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0xde, 0x01, 0x0a, 0x17, 0x44, 0x65, 0x73,
+	0x74, 0x72, 0x6f, 0x79, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72,
+	0x73, 0x69, 0x6f, 0x6e, 0x12, 0x33, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c,
+	0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x72,
+	0x6f, 0x79, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69,
+	0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
 	0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e,
-	0x44, 0x65, 0x73, 0x74, 0x72, 0x6f, 0x79, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79,
-	0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d,
-	0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65,
-	0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x67, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x5a, 0x22, 0x55, 0x2f,
+	0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e,
+	0x22, 0x67, 0xda, 0x41, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x5a, 0x3a,
+	0x01, 0x2a, 0x22, 0x55, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x70, 0x72,
+	0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x2f,
+	0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79,
+	0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a,
+	0x7d, 0x3a, 0x64, 0x65, 0x73, 0x74, 0x72, 0x6f, 0x79, 0x12, 0xde, 0x01, 0x0a, 0x17, 0x52, 0x65,
+	0x73, 0x74, 0x6f, 0x72, 0x65, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65,
+	0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x33, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
+	0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x74,
+	0x6f, 0x72, 0x65, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73,
+	0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31,
+	0x2e, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f,
+	0x6e, 0x22, 0x67, 0xda, 0x41, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x5a,
+	0x3a, 0x01, 0x2a, 0x22, 0x55, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x70,
+	0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a,
+	0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72,
+	0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2f,
+	0x2a, 0x7d, 0x3a, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x12, 0xb4, 0x01, 0x0a, 0x07, 0x45,
+	0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x12, 0x23, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x6e, 0x63,
+	0x72, 0x79, 0x70, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x24, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76,
+	0x31, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x22, 0x5e, 0xda, 0x41, 0x0e, 0x6e, 0x61, 0x6d, 0x65, 0x2c, 0x70, 0x6c, 0x61, 0x69, 0x6e,
+	0x74, 0x65, 0x78, 0x74, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x47, 0x3a, 0x01, 0x2a, 0x22, 0x42, 0x2f,
 	0x76, 0x31, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74,
 	0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f,
 	0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74,
-	0x6f, 0x4b, 0x65, 0x79, 0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65,
-	0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x7d, 0x3a, 0x64, 0x65, 0x73,
-	0x74, 0x72, 0x6f, 0x79, 0x3a, 0x01, 0x2a, 0xda, 0x41, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0xde,
-	0x01, 0x0a, 0x17, 0x52, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f,
-	0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x33, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31,
-	0x2e, 0x52, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65,
-	0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b,
-	0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56,
-	0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x67, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x5a, 0x22, 0x55,
-	0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63,
-	0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a,
-	0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70,
-	0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b,
-	0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x7d, 0x3a, 0x72, 0x65,
-	0x73, 0x74, 0x6f, 0x72, 0x65, 0x3a, 0x01, 0x2a, 0xda, 0x41, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12,
-	0xb4, 0x01, 0x0a, 0x07, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x12, 0x23, 0x2e, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76,
-	0x31, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x1a, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e,
-	0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65,
-	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x5e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x47, 0x22, 0x42,
-	0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63,
-	0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a,
-	0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70,
-	0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73, 0x2f, 0x2a, 0x2a, 0x7d, 0x3a, 0x65, 0x6e, 0x63, 0x72, 0x79,
-	0x70, 0x74, 0x3a, 0x01, 0x2a, 0xda, 0x41, 0x0e, 0x6e, 0x61, 0x6d, 0x65, 0x2c, 0x70, 0x6c, 0x61,
-	0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0xb4, 0x01, 0x0a, 0x07, 0x44, 0x65, 0x63, 0x72, 0x79,
-	0x70, 0x74, 0x12, 0x23, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75,
+	0x6f, 0x4b, 0x65, 0x79, 0x73, 0x2f, 0x2a, 0x2a, 0x7d, 0x3a, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70,
+	0x74, 0x12, 0xb4, 0x01, 0x0a, 0x07, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x12, 0x23, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73,
+	0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x1a, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75,
 	0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65,
-	0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x5e, 0x82,
-	0xd3, 0xe4, 0x93, 0x02, 0x46, 0x22, 0x41, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65,
+	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x5e, 0xda, 0x41, 0x0f, 0x6e, 0x61, 0x6d,
+	0x65, 0x2c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x82, 0xd3, 0xe4, 0x93,
+	0x02, 0x46, 0x3a, 0x01, 0x2a, 0x22, 0x41, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65,
 	0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61,
 	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73,
 	0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73, 0x2f, 0x2a, 0x7d,
-	0x3a, 0x64, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x3a, 0x01, 0x2a, 0xda, 0x41, 0x0f, 0x6e, 0x61,
-	0x6d, 0x65, 0x2c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x12, 0xe0, 0x01,
-	0x0a, 0x0e, 0x41, 0x73, 0x79, 0x6d, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x53, 0x69, 0x67, 0x6e,
-	0x12, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e,
-	0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x73, 0x79, 0x6d, 0x6d, 0x65, 0x74, 0x72, 0x69,
-	0x63, 0x53, 0x69, 0x67, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e,
-	0x76, 0x31, 0x2e, 0x41, 0x73, 0x79, 0x6d, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x53, 0x69, 0x67,
-	0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x75, 0x82, 0xd3, 0xe4, 0x93, 0x02,
-	0x61, 0x22, 0x5c, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x70, 0x72, 0x6f,
-	0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x2f, 0x2a, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x2f, 0x63,
-	0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70,
-	0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x7d,
-	0x3a, 0x61, 0x73, 0x79, 0x6d, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x53, 0x69, 0x67, 0x6e, 0x3a,
-	0x01, 0x2a, 0xda, 0x41, 0x0b, 0x6e, 0x61, 0x6d, 0x65, 0x2c, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74,
-	0x12, 0xf0, 0x01, 0x0a, 0x11, 0x41, 0x73, 0x79, 0x6d, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x44,
-	0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x12, 0x2d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x73, 0x79,
-	0x6d, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63,
-	0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x73, 0x79, 0x6d,
-	0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65, 0x73,
-	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x7c, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x64, 0x22, 0x5f, 0x2f,
+	0x3a, 0x64, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x12, 0xe0, 0x01, 0x0a, 0x0e, 0x41, 0x73, 0x79,
+	0x6d, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x53, 0x69, 0x67, 0x6e, 0x12, 0x2a, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76,
+	0x31, 0x2e, 0x41, 0x73, 0x79, 0x6d, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x53, 0x69, 0x67, 0x6e,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x73,
+	0x79, 0x6d, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x53, 0x69, 0x67, 0x6e, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x75, 0xda, 0x41, 0x0b, 0x6e, 0x61, 0x6d, 0x65, 0x2c, 0x64, 0x69,
+	0x67, 0x65, 0x73, 0x74, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x61, 0x3a, 0x01, 0x2a, 0x22, 0x5c, 0x2f,
 	0x76, 0x31, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74,
 	0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f,
 	0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74,
 	0x6f, 0x4b, 0x65, 0x79, 0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65,
 	0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x7d, 0x3a, 0x61, 0x73, 0x79,
-	0x6d, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x3a, 0x01,
-	0x2a, 0xda, 0x41, 0x0f, 0x6e, 0x61, 0x6d, 0x65, 0x2c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74,
-	0x65, 0x78, 0x74, 0x12, 0xc2, 0x01, 0x0a, 0x07, 0x4d, 0x61, 0x63, 0x53, 0x69, 0x67, 0x6e, 0x12,
-	0x23, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b,
-	0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x61, 0x63, 0x53, 0x69, 0x67, 0x6e, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x1a, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c,
-	0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x61, 0x63, 0x53, 0x69,
-	0x67, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x6c, 0x82, 0xd3, 0xe4, 0x93,
-	0x02, 0x5a, 0x22, 0x55, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x70, 0x72,
-	0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x2f,
-	0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79,
-	0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a,
-	0x7d, 0x3a, 0x6d, 0x61, 0x63, 0x53, 0x69, 0x67, 0x6e, 0x3a, 0x01, 0x2a, 0xda, 0x41, 0x09, 0x6e,
-	0x61, 0x6d, 0x65, 0x2c, 0x64, 0x61, 0x74, 0x61, 0x12, 0xce, 0x01, 0x0a, 0x09, 0x4d, 0x61, 0x63,
-	0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x12, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x61, 0x63,
-	0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x26, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73,
-	0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x61, 0x63, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x52, 0x65, 0x73,
-	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x72, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x5c, 0x22, 0x57, 0x2f,
+	0x6d, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x53, 0x69, 0x67, 0x6e, 0x12, 0xf0, 0x01, 0x0a, 0x11,
+	0x41, 0x73, 0x79, 0x6d, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70,
+	0x74, 0x12, 0x2d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64,
+	0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x73, 0x79, 0x6d, 0x6d, 0x65, 0x74, 0x72,
+	0x69, 0x63, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x1a, 0x2e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e,
+	0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x73, 0x79, 0x6d, 0x6d, 0x65, 0x74, 0x72, 0x69,
+	0x63, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+	0x22, 0x7c, 0xda, 0x41, 0x0f, 0x6e, 0x61, 0x6d, 0x65, 0x2c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72,
+	0x74, 0x65, 0x78, 0x74, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x64, 0x3a, 0x01, 0x2a, 0x22, 0x5f, 0x2f,
 	0x76, 0x31, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74,
 	0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f,
 	0x6b, 0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74,
 	0x6f, 0x4b, 0x65, 0x79, 0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65,
-	0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x7d, 0x3a, 0x6d, 0x61, 0x63,
-	0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x3a, 0x01, 0x2a, 0xda, 0x41, 0x0d, 0x6e, 0x61, 0x6d, 0x65,
-	0x2c, 0x64, 0x61, 0x74, 0x61, 0x2c, 0x6d, 0x61, 0x63, 0x12, 0xe7, 0x01, 0x0a, 0x13, 0x47, 0x65,
-	0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x52, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x42, 0x79, 0x74, 0x65,
-	0x73, 0x12, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64,
-	0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65,
-	0x52, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x42, 0x79, 0x74, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x30, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75,
-	0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74,
-	0x65, 0x52, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x42, 0x79, 0x74, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70,
-	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x6d, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x3e, 0x22, 0x39, 0x2f, 0x76,
-	0x31, 0x2f, 0x7b, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x3d, 0x70, 0x72, 0x6f, 0x6a,
-	0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x2f, 0x2a, 0x7d, 0x3a, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x52, 0x61, 0x6e, 0x64,
-	0x6f, 0x6d, 0x42, 0x79, 0x74, 0x65, 0x73, 0x3a, 0x01, 0x2a, 0xda, 0x41, 0x26, 0x6c, 0x6f, 0x63,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2c, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x5f, 0x62, 0x79, 0x74,
-	0x65, 0x73, 0x2c, 0x70, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6c, 0x65,
-	0x76, 0x65, 0x6c, 0x1a, 0x74, 0xca, 0x41, 0x17, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0xd2,
-	0x41, 0x57, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x75, 0x74,
-	0x68, 0x2f, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2d, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d,
-	0x2c, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x75, 0x74, 0x68,
-	0x2f, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x42, 0x8c, 0x01, 0x0a, 0x17, 0x63, 0x6f,
-	0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b,
-	0x6d, 0x73, 0x2e, 0x76, 0x31, 0x42, 0x08, 0x4b, 0x6d, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50,
-	0x01, 0x5a, 0x36, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67,
-	0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2f, 0x6b,
-	0x6d, 0x73, 0x2f, 0x76, 0x31, 0x3b, 0x6b, 0x6d, 0x73, 0xf8, 0x01, 0x01, 0xaa, 0x02, 0x13, 0x47,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x43, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x4b, 0x6d, 0x73, 0x2e,
-	0x56, 0x31, 0xca, 0x02, 0x13, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x5c, 0x43, 0x6c, 0x6f, 0x75,
-	0x64, 0x5c, 0x4b, 0x6d, 0x73, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x7d, 0x3a, 0x61, 0x73, 0x79,
+	0x6d, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x12, 0xc2,
+	0x01, 0x0a, 0x07, 0x4d, 0x61, 0x63, 0x53, 0x69, 0x67, 0x6e, 0x12, 0x23, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31,
+	0x2e, 0x4d, 0x61, 0x63, 0x53, 0x69, 0x67, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+	0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b,
+	0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x61, 0x63, 0x53, 0x69, 0x67, 0x6e, 0x52, 0x65, 0x73,
+	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x6c, 0xda, 0x41, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x2c, 0x64,
+	0x61, 0x74, 0x61, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x5a, 0x3a, 0x01, 0x2a, 0x22, 0x55, 0x2f, 0x76,
+	0x31, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73,
+	0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x6b,
+	0x65, 0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f,
+	0x4b, 0x65, 0x79, 0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79,
+	0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x7d, 0x3a, 0x6d, 0x61, 0x63, 0x53,
+	0x69, 0x67, 0x6e, 0x12, 0xce, 0x01, 0x0a, 0x09, 0x4d, 0x61, 0x63, 0x56, 0x65, 0x72, 0x69, 0x66,
+	0x79, 0x12, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64,
+	0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x61, 0x63, 0x56, 0x65, 0x72, 0x69, 0x66,
+	0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x26, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4d,
+	0x61, 0x63, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+	0x22, 0x72, 0xda, 0x41, 0x0d, 0x6e, 0x61, 0x6d, 0x65, 0x2c, 0x64, 0x61, 0x74, 0x61, 0x2c, 0x6d,
+	0x61, 0x63, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x5c, 0x3a, 0x01, 0x2a, 0x22, 0x57, 0x2f, 0x76, 0x31,
+	0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f,
+	0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x6b, 0x65,
+	0x79, 0x52, 0x69, 0x6e, 0x67, 0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b,
+	0x65, 0x79, 0x73, 0x2f, 0x2a, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x56,
+	0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x7d, 0x3a, 0x6d, 0x61, 0x63, 0x56, 0x65,
+	0x72, 0x69, 0x66, 0x79, 0x12, 0xe7, 0x01, 0x0a, 0x13, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74,
+	0x65, 0x52, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x42, 0x79, 0x74, 0x65, 0x73, 0x12, 0x2f, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e,
+	0x76, 0x31, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x52, 0x61, 0x6e, 0x64, 0x6f,
+	0x6d, 0x42, 0x79, 0x74, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x30, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73,
+	0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x52, 0x61, 0x6e, 0x64,
+	0x6f, 0x6d, 0x42, 0x79, 0x74, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
+	0x6d, 0xda, 0x41, 0x26, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2c, 0x6c, 0x65, 0x6e,
+	0x67, 0x74, 0x68, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x2c, 0x70, 0x72, 0x6f, 0x74, 0x65, 0x63,
+	0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x3e,
+	0x3a, 0x01, 0x2a, 0x22, 0x39, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f,
+	0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x7d, 0x3a, 0x67, 0x65, 0x6e, 0x65, 0x72,
+	0x61, 0x74, 0x65, 0x52, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x42, 0x79, 0x74, 0x65, 0x73, 0x1a, 0x74,
+	0xca, 0x41, 0x17, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0xd2, 0x41, 0x57, 0x68, 0x74, 0x74,
+	0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61,
+	0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x2f, 0x63, 0x6c, 0x6f,
+	0x75, 0x64, 0x2d, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2c, 0x68, 0x74, 0x74, 0x70,
+	0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70,
+	0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x2f, 0x63, 0x6c, 0x6f, 0x75,
+	0x64, 0x6b, 0x6d, 0x73, 0x42, 0x7f, 0x0a, 0x17, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x42,
+	0x08, 0x4b, 0x6d, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x29, 0x63, 0x6c, 0x6f,
+	0x75, 0x64, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f,
+	0x2f, 0x6b, 0x6d, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x76, 0x31, 0x2f, 0x6b, 0x6d, 0x73, 0x70, 0x62,
+	0x3b, 0x6b, 0x6d, 0x73, 0x70, 0x62, 0xf8, 0x01, 0x01, 0xaa, 0x02, 0x13, 0x47, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x43, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x4b, 0x6d, 0x73, 0x2e, 0x56, 0x31, 0xca,
+	0x02, 0x13, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x5c, 0x43, 0x6c, 0x6f, 0x75, 0x64, 0x5c, 0x4b,
+	0x6d, 0x73, 0x5c, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
diff --git a/vendor/cloud.google.com/go/kms/apiv1/version.go b/vendor/cloud.google.com/go/kms/apiv1/version.go
index 03fc7531c..f84de4ca5 100644
--- a/vendor/cloud.google.com/go/kms/apiv1/version.go
+++ b/vendor/cloud.google.com/go/kms/apiv1/version.go
@@ -1,4 +1,4 @@
-// Copyright 2022 Google LLC
+// Copyright 2023 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/vendor/cloud.google.com/go/kms/internal/version.go b/vendor/cloud.google.com/go/kms/internal/version.go
index 05d3396f1..5ac4a843e 100644
--- a/vendor/cloud.google.com/go/kms/internal/version.go
+++ b/vendor/cloud.google.com/go/kms/internal/version.go
@@ -15,4 +15,4 @@
 package internal
 
 // Version is the current tagged release of the library.
-const Version = "1.6.0"
+const Version = "1.12.1"
diff --git a/vendor/github.com/golang/protobuf/jsonpb/decode.go b/vendor/github.com/golang/protobuf/jsonpb/decode.go
index 60e82caa9..6c16c255f 100644
--- a/vendor/github.com/golang/protobuf/jsonpb/decode.go
+++ b/vendor/github.com/golang/protobuf/jsonpb/decode.go
@@ -386,8 +386,14 @@ func (u *Unmarshaler) unmarshalMessage(m protoreflect.Message, in []byte) error
 }
 
 func isSingularWellKnownValue(fd protoreflect.FieldDescriptor) bool {
+	if fd.Cardinality() == protoreflect.Repeated {
+		return false
+	}
 	if md := fd.Message(); md != nil {
-		return md.FullName() == "google.protobuf.Value" && fd.Cardinality() != protoreflect.Repeated
+		return md.FullName() == "google.protobuf.Value"
+	}
+	if ed := fd.Enum(); ed != nil {
+		return ed.FullName() == "google.protobuf.NullValue"
 	}
 	return false
 }
diff --git a/vendor/github.com/google/s2a-go/.gitignore b/vendor/github.com/google/s2a-go/.gitignore
new file mode 100644
index 000000000..01764d1cd
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/.gitignore
@@ -0,0 +1,6 @@
+# Ignore binaries without extension
+//example/client/client
+//example/server/server
+//internal/v2/fakes2av2_server/fakes2av2_server
+
+.idea/
\ No newline at end of file
diff --git a/vendor/github.com/google/s2a-go/CODE_OF_CONDUCT.md b/vendor/github.com/google/s2a-go/CODE_OF_CONDUCT.md
new file mode 100644
index 000000000..dc079b4d6
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/CODE_OF_CONDUCT.md
@@ -0,0 +1,93 @@
+# Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of
+experience, education, socio-economic status, nationality, personal appearance,
+race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+*   Using welcoming and inclusive language
+*   Being respectful of differing viewpoints and experiences
+*   Gracefully accepting constructive criticism
+*   Focusing on what is best for the community
+*   Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+*   The use of sexualized language or imagery and unwelcome sexual attention or
+    advances
+*   Trolling, insulting/derogatory comments, and personal or political attacks
+*   Public or private harassment
+*   Publishing others' private information, such as a physical or electronic
+    address, without explicit permission
+*   Other conduct which could reasonably be considered inappropriate in a
+    professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, or to ban temporarily or permanently any
+contributor for other behaviors that they deem inappropriate, threatening,
+offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+This Code of Conduct also applies outside the project spaces when the Project
+Steward has a reasonable belief that an individual's behavior may have a
+negative impact on the project or its community.
+
+## Conflict Resolution
+
+We do not believe that all conflict is bad; healthy debate and disagreement
+often yield positive results. However, it is never okay to be disrespectful or
+to engage in behavior that violates the project’s code of conduct.
+
+If you see someone violating the code of conduct, you are encouraged to address
+the behavior directly with those involved. Many issues can be resolved quickly
+and easily, and this gives people more control over the outcome of their
+dispute. If you are unable to resolve the matter for any reason, or if the
+behavior is threatening or harassing, report it. We are dedicated to providing
+an environment where participants feel welcome and safe.
+
+Reports should be directed to *[PROJECT STEWARD NAME(s) AND EMAIL(s)]*, the
+Project Steward(s) for *[PROJECT NAME]*. It is the Project Steward’s duty to
+receive and address reported violations of the code of conduct. They will then
+work with a committee consisting of representatives from the Open Source
+Programs Office and the Google Open Source Strategy team. If for any reason you
+are uncomfortable reaching out to the Project Steward, please email
+opensource@google.com.
+
+We will investigate every complaint, but you may not receive a direct response.
+We will use our discretion in determining when and how to follow up on reported
+incidents, which may range from not taking action to permanent expulsion from
+the project and project-sponsored spaces. We will notify the accused of the
+report and provide them an opportunity to discuss it before any action is taken.
+The identity of the reporter will be omitted from the details of the report
+supplied to the accused. In potentially harmful situations, such as ongoing
+harassment or threats to anyone's safety, we may take action without notice.
+
+## Attribution
+
+This Code of Conduct is adapted from the Contributor Covenant, version 1.4,
+available at
+https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
diff --git a/vendor/github.com/google/s2a-go/CONTRIBUTING.md b/vendor/github.com/google/s2a-go/CONTRIBUTING.md
new file mode 100644
index 000000000..22b241cb7
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/CONTRIBUTING.md
@@ -0,0 +1,29 @@
+# How to Contribute
+
+We'd love to accept your patches and contributions to this project. There are
+just a few small guidelines you need to follow.
+
+## Contributor License Agreement
+
+Contributions to this project must be accompanied by a Contributor License
+Agreement (CLA). You (or your employer) retain the copyright to your
+contribution; this simply gives us permission to use and redistribute your
+contributions as part of the project. Head over to
+<https://cla.developers.google.com/> to see your current agreements on file or
+to sign a new one.
+
+You generally only need to submit a CLA once, so if you've already submitted one
+(even if it was for a different project), you probably don't need to do it
+again.
+
+## Code reviews
+
+All submissions, including submissions by project members, require review. We
+use GitHub pull requests for this purpose. Consult
+[GitHub Help](https://help.github.com/articles/about-pull-requests/) for more
+information on using pull requests.
+
+## Community Guidelines
+
+This project follows
+[Google's Open Source Community Guidelines](https://opensource.google/conduct/).
diff --git a/vendor/github.com/google/s2a-go/LICENSE.md b/vendor/github.com/google/s2a-go/LICENSE.md
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/LICENSE.md
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/google/s2a-go/README.md b/vendor/github.com/google/s2a-go/README.md
new file mode 100644
index 000000000..d566950f3
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/README.md
@@ -0,0 +1,17 @@
+# Secure Session Agent Client Libraries
+
+The Secure Session Agent is a service that enables a workload to offload select
+operations from the mTLS handshake and protects a workload's private key
+material from exfiltration. Specifically, the workload asks the Secure Session
+Agent for the TLS configuration to use during the handshake, to perform private
+key operations, and to validate the peer certificate chain. The Secure Session
+Agent's client libraries enable applications to communicate with the Secure
+Session Agent during the TLS handshake, and to encrypt traffic to the peer
+after the TLS handshake is complete.
+
+This repository contains the source code for the Secure Session Agent's Go
+client libraries, which allow gRPC-Go applications to use the Secure Session
+Agent. This repository supports the Bazel and Golang build systems.
+
+All code in this repository is experimental and subject to change. We do not
+guarantee API stability at this time.
diff --git a/vendor/github.com/google/s2a-go/fallback/s2a_fallback.go b/vendor/github.com/google/s2a-go/fallback/s2a_fallback.go
new file mode 100644
index 000000000..034d1b912
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/fallback/s2a_fallback.go
@@ -0,0 +1,167 @@
+/*
+ *
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package fallback provides default implementations of fallback options when S2A fails.
+package fallback
+
+import (
+	"context"
+	"crypto/tls"
+	"fmt"
+	"net"
+
+	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/grpclog"
+)
+
+const (
+	alpnProtoStrH2   = "h2"
+	alpnProtoStrHTTP = "http/1.1"
+	defaultHTTPSPort = "443"
+)
+
+// FallbackTLSConfigGRPC is a tls.Config used by the DefaultFallbackClientHandshakeFunc function.
+// It supports GRPC use case, thus the alpn is set to 'h2'.
+var FallbackTLSConfigGRPC = tls.Config{
+	MinVersion:         tls.VersionTLS13,
+	ClientSessionCache: nil,
+	NextProtos:         []string{alpnProtoStrH2},
+}
+
+// FallbackTLSConfigHTTP is a tls.Config used by the DefaultFallbackDialerAndAddress func.
+// It supports the HTTP use case and the alpn is set to both 'http/1.1' and 'h2'.
+var FallbackTLSConfigHTTP = tls.Config{
+	MinVersion:         tls.VersionTLS13,
+	ClientSessionCache: nil,
+	NextProtos:         []string{alpnProtoStrH2, alpnProtoStrHTTP},
+}
+
+// ClientHandshake establishes a TLS connection and returns it, plus its auth info.
+// Inputs:
+//
+//	targetServer: the server attempted with S2A.
+//	conn: the tcp connection to the server at address targetServer that was passed into S2A's ClientHandshake func.
+//	            If fallback is successful, the `conn` should be closed.
+//	err: the error encountered when performing the client-side TLS handshake with S2A.
+type ClientHandshake func(ctx context.Context, targetServer string, conn net.Conn, err error) (net.Conn, credentials.AuthInfo, error)
+
+// DefaultFallbackClientHandshakeFunc returns a ClientHandshake function,
+// which establishes a TLS connection to the provided fallbackAddr, returns the new connection and its auth info.
+// Example use:
+//
+//	transportCreds, _ = s2a.NewClientCreds(&s2a.ClientOptions{
+//		S2AAddress: s2aAddress,
+//		FallbackOpts: &s2a.FallbackOptions{ // optional
+//			FallbackClientHandshakeFunc: fallback.DefaultFallbackClientHandshakeFunc(fallbackAddr),
+//		},
+//	})
+//
+// The fallback server's certificate must be verifiable using OS root store.
+// The fallbackAddr is expected to be a network address, e.g. example.com:port. If port is not specified,
+// it uses default port 443.
+// In the returned function's TLS config, ClientSessionCache is explicitly set to nil to disable TLS resumption,
+// and min TLS version is set to 1.3.
+func DefaultFallbackClientHandshakeFunc(fallbackAddr string) (ClientHandshake, error) {
+	var fallbackDialer = tls.Dialer{Config: &FallbackTLSConfigGRPC}
+	return defaultFallbackClientHandshakeFuncInternal(fallbackAddr, fallbackDialer.DialContext)
+}
+
+func defaultFallbackClientHandshakeFuncInternal(fallbackAddr string, dialContextFunc func(context.Context, string, string) (net.Conn, error)) (ClientHandshake, error) {
+	fallbackServerAddr, err := processFallbackAddr(fallbackAddr)
+	if err != nil {
+		if grpclog.V(1) {
+			grpclog.Infof("error processing fallback address [%s]: %v", fallbackAddr, err)
+		}
+		return nil, err
+	}
+	return func(ctx context.Context, targetServer string, conn net.Conn, s2aErr error) (net.Conn, credentials.AuthInfo, error) {
+		fbConn, fbErr := dialContextFunc(ctx, "tcp", fallbackServerAddr)
+		if fbErr != nil {
+			grpclog.Infof("dialing to fallback server %s failed: %v", fallbackServerAddr, fbErr)
+			return nil, nil, fmt.Errorf("dialing to fallback server %s failed: %v; S2A client handshake with %s error: %w", fallbackServerAddr, fbErr, targetServer, s2aErr)
+		}
+
+		tc, success := fbConn.(*tls.Conn)
+		if !success {
+			grpclog.Infof("the connection with fallback server is expected to be tls but isn't")
+			return nil, nil, fmt.Errorf("the connection with fallback server is expected to be tls but isn't; S2A client handshake with %s error: %w", targetServer, s2aErr)
+		}
+
+		tlsInfo := credentials.TLSInfo{
+			State: tc.ConnectionState(),
+			CommonAuthInfo: credentials.CommonAuthInfo{
+				SecurityLevel: credentials.PrivacyAndIntegrity,
+			},
+		}
+		if grpclog.V(1) {
+			grpclog.Infof("ConnectionState.NegotiatedProtocol: %v", tc.ConnectionState().NegotiatedProtocol)
+			grpclog.Infof("ConnectionState.HandshakeComplete: %v", tc.ConnectionState().HandshakeComplete)
+			grpclog.Infof("ConnectionState.ServerName: %v", tc.ConnectionState().ServerName)
+		}
+		conn.Close()
+		return fbConn, tlsInfo, nil
+	}, nil
+}
+
+// DefaultFallbackDialerAndAddress returns a TLS dialer and the network address to dial.
+// Example use:
+//
+//	    fallbackDialer, fallbackServerAddr := fallback.DefaultFallbackDialerAndAddress(fallbackAddr)
+//		dialTLSContext := s2a.NewS2aDialTLSContextFunc(&s2a.ClientOptions{
+//			S2AAddress:         s2aAddress, // required
+//			FallbackOpts: &s2a.FallbackOptions{
+//				FallbackDialer: &s2a.FallbackDialer{
+//					Dialer:     fallbackDialer,
+//					ServerAddr: fallbackServerAddr,
+//				},
+//			},
+//	})
+//
+// The fallback server's certificate should be verifiable using OS root store.
+// The fallbackAddr is expected to be a network address, e.g. example.com:port. If port is not specified,
+// it uses default port 443.
+// In the returned function's TLS config, ClientSessionCache is explicitly set to nil to disable TLS resumption,
+// and min TLS version is set to 1.3.
+func DefaultFallbackDialerAndAddress(fallbackAddr string) (*tls.Dialer, string, error) {
+	fallbackServerAddr, err := processFallbackAddr(fallbackAddr)
+	if err != nil {
+		if grpclog.V(1) {
+			grpclog.Infof("error processing fallback address [%s]: %v", fallbackAddr, err)
+		}
+		return nil, "", err
+	}
+	return &tls.Dialer{Config: &FallbackTLSConfigHTTP}, fallbackServerAddr, nil
+}
+
+func processFallbackAddr(fallbackAddr string) (string, error) {
+	var fallbackServerAddr string
+	var err error
+
+	if fallbackAddr == "" {
+		return "", fmt.Errorf("empty fallback address")
+	}
+	_, _, err = net.SplitHostPort(fallbackAddr)
+	if err != nil {
+		// fallbackAddr does not have port suffix
+		fallbackServerAddr = net.JoinHostPort(fallbackAddr, defaultHTTPSPort)
+	} else {
+		// FallbackServerAddr already has port suffix
+		fallbackServerAddr = fallbackAddr
+	}
+	return fallbackServerAddr, nil
+}
diff --git a/vendor/github.com/google/s2a-go/internal/authinfo/authinfo.go b/vendor/github.com/google/s2a-go/internal/authinfo/authinfo.go
new file mode 100644
index 000000000..aa3967f9d
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/authinfo/authinfo.go
@@ -0,0 +1,119 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package authinfo provides authentication and authorization information that
+// results from the TLS handshake.
+package authinfo
+
+import (
+	"errors"
+
+	commonpb "github.com/google/s2a-go/internal/proto/common_go_proto"
+	contextpb "github.com/google/s2a-go/internal/proto/s2a_context_go_proto"
+	grpcpb "github.com/google/s2a-go/internal/proto/s2a_go_proto"
+	"google.golang.org/grpc/credentials"
+)
+
+var _ credentials.AuthInfo = (*S2AAuthInfo)(nil)
+
+const s2aAuthType = "s2a"
+
+// S2AAuthInfo exposes authentication and authorization information from the
+// S2A session result to the gRPC stack.
+type S2AAuthInfo struct {
+	s2aContext     *contextpb.S2AContext
+	commonAuthInfo credentials.CommonAuthInfo
+}
+
+// NewS2AAuthInfo returns a new S2AAuthInfo object from the S2A session result.
+func NewS2AAuthInfo(result *grpcpb.SessionResult) (credentials.AuthInfo, error) {
+	return newS2AAuthInfo(result)
+}
+
+func newS2AAuthInfo(result *grpcpb.SessionResult) (*S2AAuthInfo, error) {
+	if result == nil {
+		return nil, errors.New("NewS2aAuthInfo given nil session result")
+	}
+	return &S2AAuthInfo{
+		s2aContext: &contextpb.S2AContext{
+			ApplicationProtocol:  result.GetApplicationProtocol(),
+			TlsVersion:           result.GetState().GetTlsVersion(),
+			Ciphersuite:          result.GetState().GetTlsCiphersuite(),
+			PeerIdentity:         result.GetPeerIdentity(),
+			LocalIdentity:        result.GetLocalIdentity(),
+			PeerCertFingerprint:  result.GetPeerCertFingerprint(),
+			LocalCertFingerprint: result.GetLocalCertFingerprint(),
+			IsHandshakeResumed:   result.GetState().GetIsHandshakeResumed(),
+		},
+		commonAuthInfo: credentials.CommonAuthInfo{SecurityLevel: credentials.PrivacyAndIntegrity},
+	}, nil
+}
+
+// AuthType returns the authentication type.
+func (s *S2AAuthInfo) AuthType() string {
+	return s2aAuthType
+}
+
+// ApplicationProtocol returns the application protocol, e.g. "grpc".
+func (s *S2AAuthInfo) ApplicationProtocol() string {
+	return s.s2aContext.GetApplicationProtocol()
+}
+
+// TLSVersion returns the TLS version negotiated during the handshake.
+func (s *S2AAuthInfo) TLSVersion() commonpb.TLSVersion {
+	return s.s2aContext.GetTlsVersion()
+}
+
+// Ciphersuite returns the ciphersuite negotiated during the handshake.
+func (s *S2AAuthInfo) Ciphersuite() commonpb.Ciphersuite {
+	return s.s2aContext.GetCiphersuite()
+}
+
+// PeerIdentity returns the authenticated identity of the peer.
+func (s *S2AAuthInfo) PeerIdentity() *commonpb.Identity {
+	return s.s2aContext.GetPeerIdentity()
+}
+
+// LocalIdentity returns the local identity of the application used during
+// session setup.
+func (s *S2AAuthInfo) LocalIdentity() *commonpb.Identity {
+	return s.s2aContext.GetLocalIdentity()
+}
+
+// PeerCertFingerprint returns the SHA256 hash of the peer certificate used in
+// the S2A handshake.
+func (s *S2AAuthInfo) PeerCertFingerprint() []byte {
+	return s.s2aContext.GetPeerCertFingerprint()
+}
+
+// LocalCertFingerprint returns the SHA256 hash of the local certificate used
+// in the S2A handshake.
+func (s *S2AAuthInfo) LocalCertFingerprint() []byte {
+	return s.s2aContext.GetLocalCertFingerprint()
+}
+
+// IsHandshakeResumed returns true if a cached session was used to resume
+// the handshake.
+func (s *S2AAuthInfo) IsHandshakeResumed() bool {
+	return s.s2aContext.GetIsHandshakeResumed()
+}
+
+// SecurityLevel returns the security level of the connection.
+func (s *S2AAuthInfo) SecurityLevel() credentials.SecurityLevel {
+	return s.commonAuthInfo.SecurityLevel
+}
diff --git a/vendor/github.com/google/s2a-go/internal/handshaker/handshaker.go b/vendor/github.com/google/s2a-go/internal/handshaker/handshaker.go
new file mode 100644
index 000000000..8297c9a97
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/handshaker/handshaker.go
@@ -0,0 +1,438 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package handshaker communicates with the S2A handshaker service.
+package handshaker
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"sync"
+
+	"github.com/google/s2a-go/internal/authinfo"
+	commonpb "github.com/google/s2a-go/internal/proto/common_go_proto"
+	s2apb "github.com/google/s2a-go/internal/proto/s2a_go_proto"
+	"github.com/google/s2a-go/internal/record"
+	"github.com/google/s2a-go/internal/tokenmanager"
+	grpc "google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/grpclog"
+)
+
+var (
+	// appProtocol contains the application protocol accepted by the handshaker.
+	appProtocol = "grpc"
+	// frameLimit is the maximum size of a frame in bytes.
+	frameLimit = 1024 * 64
+	// peerNotRespondingError is the error thrown when the peer doesn't respond.
+	errPeerNotResponding = errors.New("peer is not responding and re-connection should be attempted")
+)
+
+// Handshaker defines a handshaker interface.
+type Handshaker interface {
+	// ClientHandshake starts and completes a TLS handshake from the client side,
+	// and returns a secure connection along with additional auth information.
+	ClientHandshake(ctx context.Context) (net.Conn, credentials.AuthInfo, error)
+	// ServerHandshake starts and completes a TLS handshake from the server side,
+	// and returns a secure connection along with additional auth information.
+	ServerHandshake(ctx context.Context) (net.Conn, credentials.AuthInfo, error)
+	// Close terminates the Handshaker. It should be called when the handshake
+	// is complete.
+	Close() error
+}
+
+// ClientHandshakerOptions contains the options needed to configure the S2A
+// handshaker service on the client-side.
+type ClientHandshakerOptions struct {
+	// MinTLSVersion specifies the min TLS version supported by the client.
+	MinTLSVersion commonpb.TLSVersion
+	// MaxTLSVersion specifies the max TLS version supported by the client.
+	MaxTLSVersion commonpb.TLSVersion
+	// TLSCiphersuites is the ordered list of ciphersuites supported by the
+	// client.
+	TLSCiphersuites []commonpb.Ciphersuite
+	// TargetIdentities contains a list of allowed server identities. One of the
+	// target identities should match the peer identity in the handshake
+	// result; otherwise, the handshake fails.
+	TargetIdentities []*commonpb.Identity
+	// LocalIdentity is the local identity of the client application. If none is
+	// provided, then the S2A will choose the default identity.
+	LocalIdentity *commonpb.Identity
+	// TargetName is the allowed server name, which may be used for server
+	// authorization check by the S2A if it is provided.
+	TargetName string
+	// EnsureProcessSessionTickets allows users to wait and ensure that all
+	// available session tickets are sent to S2A before a process completes.
+	EnsureProcessSessionTickets *sync.WaitGroup
+}
+
+// ServerHandshakerOptions contains the options needed to configure the S2A
+// handshaker service on the server-side.
+type ServerHandshakerOptions struct {
+	// MinTLSVersion specifies the min TLS version supported by the server.
+	MinTLSVersion commonpb.TLSVersion
+	// MaxTLSVersion specifies the max TLS version supported by the server.
+	MaxTLSVersion commonpb.TLSVersion
+	// TLSCiphersuites is the ordered list of ciphersuites supported by the
+	// server.
+	TLSCiphersuites []commonpb.Ciphersuite
+	// LocalIdentities is the list of local identities that may be assumed by
+	// the server. If no local identity is specified, then the S2A chooses a
+	// default local identity.
+	LocalIdentities []*commonpb.Identity
+}
+
+// s2aHandshaker performs a TLS handshake using the S2A handshaker service.
+type s2aHandshaker struct {
+	// stream is used to communicate with the S2A handshaker service.
+	stream s2apb.S2AService_SetUpSessionClient
+	// conn is the connection to the peer.
+	conn net.Conn
+	// clientOpts should be non-nil iff the handshaker is client-side.
+	clientOpts *ClientHandshakerOptions
+	// serverOpts should be non-nil iff the handshaker is server-side.
+	serverOpts *ServerHandshakerOptions
+	// isClient determines if the handshaker is client or server side.
+	isClient bool
+	// hsAddr stores the address of the S2A handshaker service.
+	hsAddr string
+	// tokenManager manages access tokens for authenticating to S2A.
+	tokenManager tokenmanager.AccessTokenManager
+	// localIdentities is the set of local identities for whom the
+	// tokenManager should fetch a token when preparing a request to be
+	// sent to S2A.
+	localIdentities []*commonpb.Identity
+}
+
+// NewClientHandshaker creates an s2aHandshaker instance that performs a
+// client-side TLS handshake using the S2A handshaker service.
+func NewClientHandshaker(ctx context.Context, conn *grpc.ClientConn, c net.Conn, hsAddr string, opts *ClientHandshakerOptions) (Handshaker, error) {
+	stream, err := s2apb.NewS2AServiceClient(conn).SetUpSession(ctx, grpc.WaitForReady(true))
+	if err != nil {
+		return nil, err
+	}
+	tokenManager, err := tokenmanager.NewSingleTokenAccessTokenManager()
+	if err != nil {
+		grpclog.Infof("failed to create single token access token manager: %v", err)
+	}
+	return newClientHandshaker(stream, c, hsAddr, opts, tokenManager), nil
+}
+
+func newClientHandshaker(stream s2apb.S2AService_SetUpSessionClient, c net.Conn, hsAddr string, opts *ClientHandshakerOptions, tokenManager tokenmanager.AccessTokenManager) *s2aHandshaker {
+	var localIdentities []*commonpb.Identity
+	if opts != nil {
+		localIdentities = []*commonpb.Identity{opts.LocalIdentity}
+	}
+	return &s2aHandshaker{
+		stream:          stream,
+		conn:            c,
+		clientOpts:      opts,
+		isClient:        true,
+		hsAddr:          hsAddr,
+		tokenManager:    tokenManager,
+		localIdentities: localIdentities,
+	}
+}
+
+// NewServerHandshaker creates an s2aHandshaker instance that performs a
+// server-side TLS handshake using the S2A handshaker service.
+func NewServerHandshaker(ctx context.Context, conn *grpc.ClientConn, c net.Conn, hsAddr string, opts *ServerHandshakerOptions) (Handshaker, error) {
+	stream, err := s2apb.NewS2AServiceClient(conn).SetUpSession(ctx, grpc.WaitForReady(true))
+	if err != nil {
+		return nil, err
+	}
+	tokenManager, err := tokenmanager.NewSingleTokenAccessTokenManager()
+	if err != nil {
+		grpclog.Infof("failed to create single token access token manager: %v", err)
+	}
+	return newServerHandshaker(stream, c, hsAddr, opts, tokenManager), nil
+}
+
+func newServerHandshaker(stream s2apb.S2AService_SetUpSessionClient, c net.Conn, hsAddr string, opts *ServerHandshakerOptions, tokenManager tokenmanager.AccessTokenManager) *s2aHandshaker {
+	var localIdentities []*commonpb.Identity
+	if opts != nil {
+		localIdentities = opts.LocalIdentities
+	}
+	return &s2aHandshaker{
+		stream:          stream,
+		conn:            c,
+		serverOpts:      opts,
+		isClient:        false,
+		hsAddr:          hsAddr,
+		tokenManager:    tokenManager,
+		localIdentities: localIdentities,
+	}
+}
+
+// ClientHandshake performs a client-side TLS handshake using the S2A handshaker
+// service. When complete, returns a TLS connection.
+func (h *s2aHandshaker) ClientHandshake(_ context.Context) (net.Conn, credentials.AuthInfo, error) {
+	if !h.isClient {
+		return nil, nil, errors.New("only handshakers created using NewClientHandshaker can perform a client-side handshake")
+	}
+	// Extract the hostname from the target name. The target name is assumed to be an authority.
+	hostname, _, err := net.SplitHostPort(h.clientOpts.TargetName)
+	if err != nil {
+		// If the target name had no host port or could not be parsed, use it as is.
+		hostname = h.clientOpts.TargetName
+	}
+
+	// Prepare a client start message to send to the S2A handshaker service.
+	req := &s2apb.SessionReq{
+		ReqOneof: &s2apb.SessionReq_ClientStart{
+			ClientStart: &s2apb.ClientSessionStartReq{
+				ApplicationProtocols: []string{appProtocol},
+				MinTlsVersion:        h.clientOpts.MinTLSVersion,
+				MaxTlsVersion:        h.clientOpts.MaxTLSVersion,
+				TlsCiphersuites:      h.clientOpts.TLSCiphersuites,
+				TargetIdentities:     h.clientOpts.TargetIdentities,
+				LocalIdentity:        h.clientOpts.LocalIdentity,
+				TargetName:           hostname,
+			},
+		},
+		AuthMechanisms: h.getAuthMechanisms(),
+	}
+	conn, result, err := h.setUpSession(req)
+	if err != nil {
+		return nil, nil, err
+	}
+	authInfo, err := authinfo.NewS2AAuthInfo(result)
+	if err != nil {
+		return nil, nil, err
+	}
+	return conn, authInfo, nil
+}
+
+// ServerHandshake performs a server-side TLS handshake using the S2A handshaker
+// service. When complete, returns a TLS connection.
+func (h *s2aHandshaker) ServerHandshake(_ context.Context) (net.Conn, credentials.AuthInfo, error) {
+	if h.isClient {
+		return nil, nil, errors.New("only handshakers created using NewServerHandshaker can perform a server-side handshake")
+	}
+	p := make([]byte, frameLimit)
+	n, err := h.conn.Read(p)
+	if err != nil {
+		return nil, nil, err
+	}
+	// Prepare a server start message to send to the S2A handshaker service.
+	req := &s2apb.SessionReq{
+		ReqOneof: &s2apb.SessionReq_ServerStart{
+			ServerStart: &s2apb.ServerSessionStartReq{
+				ApplicationProtocols: []string{appProtocol},
+				MinTlsVersion:        h.serverOpts.MinTLSVersion,
+				MaxTlsVersion:        h.serverOpts.MaxTLSVersion,
+				TlsCiphersuites:      h.serverOpts.TLSCiphersuites,
+				LocalIdentities:      h.serverOpts.LocalIdentities,
+				InBytes:              p[:n],
+			},
+		},
+		AuthMechanisms: h.getAuthMechanisms(),
+	}
+	conn, result, err := h.setUpSession(req)
+	if err != nil {
+		return nil, nil, err
+	}
+	authInfo, err := authinfo.NewS2AAuthInfo(result)
+	if err != nil {
+		return nil, nil, err
+	}
+	return conn, authInfo, nil
+}
+
+// setUpSession proxies messages between the peer and the S2A handshaker
+// service.
+func (h *s2aHandshaker) setUpSession(req *s2apb.SessionReq) (net.Conn, *s2apb.SessionResult, error) {
+	resp, err := h.accessHandshakerService(req)
+	if err != nil {
+		return nil, nil, err
+	}
+	// Check if the returned status is an error.
+	if resp.GetStatus() != nil {
+		if got, want := resp.GetStatus().Code, uint32(codes.OK); got != want {
+			return nil, nil, fmt.Errorf("%v", resp.GetStatus().Details)
+		}
+	}
+	// Calculate the extra unread bytes from the Session. Attempting to consume
+	// more than the bytes sent will throw an error.
+	var extra []byte
+	if req.GetServerStart() != nil {
+		if resp.GetBytesConsumed() > uint32(len(req.GetServerStart().GetInBytes())) {
+			return nil, nil, errors.New("handshaker service consumed bytes value is out-of-bounds")
+		}
+		extra = req.GetServerStart().GetInBytes()[resp.GetBytesConsumed():]
+	}
+	result, extra, err := h.processUntilDone(resp, extra)
+	if err != nil {
+		return nil, nil, err
+	}
+	if result.GetLocalIdentity() == nil {
+		return nil, nil, errors.New("local identity must be populated in session result")
+	}
+
+	// Create a new TLS record protocol using the Session Result.
+	newConn, err := record.NewConn(&record.ConnParameters{
+		NetConn:                     h.conn,
+		Ciphersuite:                 result.GetState().GetTlsCiphersuite(),
+		TLSVersion:                  result.GetState().GetTlsVersion(),
+		InTrafficSecret:             result.GetState().GetInKey(),
+		OutTrafficSecret:            result.GetState().GetOutKey(),
+		UnusedBuf:                   extra,
+		InSequence:                  result.GetState().GetInSequence(),
+		OutSequence:                 result.GetState().GetOutSequence(),
+		HSAddr:                      h.hsAddr,
+		ConnectionID:                result.GetState().GetConnectionId(),
+		LocalIdentity:               result.GetLocalIdentity(),
+		EnsureProcessSessionTickets: h.ensureProcessSessionTickets(),
+	})
+	if err != nil {
+		return nil, nil, err
+	}
+	return newConn, result, nil
+}
+
+func (h *s2aHandshaker) ensureProcessSessionTickets() *sync.WaitGroup {
+	if h.clientOpts == nil {
+		return nil
+	}
+	return h.clientOpts.EnsureProcessSessionTickets
+}
+
+// accessHandshakerService sends the session request to the S2A handshaker
+// service and returns the session response.
+func (h *s2aHandshaker) accessHandshakerService(req *s2apb.SessionReq) (*s2apb.SessionResp, error) {
+	if err := h.stream.Send(req); err != nil {
+		return nil, err
+	}
+	resp, err := h.stream.Recv()
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+// processUntilDone continues proxying messages between the peer and the S2A
+// handshaker service until the handshaker service returns the SessionResult at
+// the end of the handshake or an error occurs.
+func (h *s2aHandshaker) processUntilDone(resp *s2apb.SessionResp, unusedBytes []byte) (*s2apb.SessionResult, []byte, error) {
+	for {
+		if len(resp.OutFrames) > 0 {
+			if _, err := h.conn.Write(resp.OutFrames); err != nil {
+				return nil, nil, err
+			}
+		}
+		if resp.Result != nil {
+			return resp.Result, unusedBytes, nil
+		}
+		buf := make([]byte, frameLimit)
+		n, err := h.conn.Read(buf)
+		if err != nil && err != io.EOF {
+			return nil, nil, err
+		}
+		// If there is nothing to send to the handshaker service and nothing is
+		// received from the peer, then we are stuck. This covers the case when
+		// the peer is not responding. Note that handshaker service connection
+		// issues are caught in accessHandshakerService before we even get
+		// here.
+		if len(resp.OutFrames) == 0 && n == 0 {
+			return nil, nil, errPeerNotResponding
+		}
+		// Append extra bytes from the previous interaction with the handshaker
+		// service with the current buffer read from conn.
+		p := append(unusedBytes, buf[:n]...)
+		// From here on, p and unusedBytes point to the same slice.
+		resp, err = h.accessHandshakerService(&s2apb.SessionReq{
+			ReqOneof: &s2apb.SessionReq_Next{
+				Next: &s2apb.SessionNextReq{
+					InBytes: p,
+				},
+			},
+			AuthMechanisms: h.getAuthMechanisms(),
+		})
+		if err != nil {
+			return nil, nil, err
+		}
+
+		// Cache the local identity returned by S2A, if it is populated. This
+		// overwrites any existing local identities. This is done because, once the
+		// S2A has selected a local identity, then only that local identity should
+		// be asserted in future requests until the end of the current handshake.
+		if resp.GetLocalIdentity() != nil {
+			h.localIdentities = []*commonpb.Identity{resp.GetLocalIdentity()}
+		}
+
+		// Set unusedBytes based on the handshaker service response.
+		if resp.GetBytesConsumed() > uint32(len(p)) {
+			return nil, nil, errors.New("handshaker service consumed bytes value is out-of-bounds")
+		}
+		unusedBytes = p[resp.GetBytesConsumed():]
+	}
+}
+
+// Close shuts down the handshaker and the stream to the S2A handshaker service
+// when the handshake is complete. It should be called when the caller obtains
+// the secure connection at the end of the handshake.
+func (h *s2aHandshaker) Close() error {
+	return h.stream.CloseSend()
+}
+
+func (h *s2aHandshaker) getAuthMechanisms() []*s2apb.AuthenticationMechanism {
+	if h.tokenManager == nil {
+		return nil
+	}
+	// First handle the special case when no local identities have been provided
+	// by the application. In this case, an AuthenticationMechanism with no local
+	// identity will be sent.
+	if len(h.localIdentities) == 0 {
+		token, err := h.tokenManager.DefaultToken()
+		if err != nil {
+			grpclog.Infof("unable to get token for empty local identity: %v", err)
+			return nil
+		}
+		return []*s2apb.AuthenticationMechanism{
+			{
+				MechanismOneof: &s2apb.AuthenticationMechanism_Token{
+					Token: token,
+				},
+			},
+		}
+	}
+
+	// Next, handle the case where the application (or the S2A) has provided
+	// one or more local identities.
+	var authMechanisms []*s2apb.AuthenticationMechanism
+	for _, localIdentity := range h.localIdentities {
+		token, err := h.tokenManager.Token(localIdentity)
+		if err != nil {
+			grpclog.Infof("unable to get token for local identity %v: %v", localIdentity, err)
+			continue
+		}
+
+		authMechanism := &s2apb.AuthenticationMechanism{
+			Identity: localIdentity,
+			MechanismOneof: &s2apb.AuthenticationMechanism_Token{
+				Token: token,
+			},
+		}
+		authMechanisms = append(authMechanisms, authMechanism)
+	}
+	return authMechanisms
+}
diff --git a/vendor/github.com/google/s2a-go/internal/handshaker/service/service.go b/vendor/github.com/google/s2a-go/internal/handshaker/service/service.go
new file mode 100644
index 000000000..49573af88
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/handshaker/service/service.go
@@ -0,0 +1,99 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package service is a utility for calling the S2A handshaker service.
+package service
+
+import (
+	"context"
+	"net"
+	"os"
+	"strings"
+	"sync"
+	"time"
+
+	"google.golang.org/appengine"
+	"google.golang.org/appengine/socket"
+	grpc "google.golang.org/grpc"
+	"google.golang.org/grpc/grpclog"
+)
+
+// An environment variable, if true, opportunistically use AppEngine-specific dialer to call S2A.
+const enableAppEngineDialerEnv = "S2A_ENABLE_APP_ENGINE_DIALER"
+
+var (
+	// appEngineDialerHook is an AppEngine-specific dial option that is set
+	// during init time. If nil, then the application is not running on Google
+	// AppEngine.
+	appEngineDialerHook func(context.Context) grpc.DialOption
+	// mu guards hsConnMap and hsDialer.
+	mu sync.Mutex
+	// hsConnMap represents a mapping from an S2A handshaker service address
+	// to a corresponding connection to an S2A handshaker service instance.
+	hsConnMap = make(map[string]*grpc.ClientConn)
+	// hsDialer will be reassigned in tests.
+	hsDialer = grpc.Dial
+)
+
+func init() {
+	if !appengine.IsAppEngine() && !appengine.IsDevAppServer() {
+		return
+	}
+	appEngineDialerHook = func(ctx context.Context) grpc.DialOption {
+		return grpc.WithDialer(func(addr string, timeout time.Duration) (net.Conn, error) {
+			return socket.DialTimeout(ctx, "tcp", addr, timeout)
+		})
+	}
+}
+
+// Dial dials the S2A handshaker service. If a connection has already been
+// established, this function returns it. Otherwise, a new connection is
+// created.
+func Dial(handshakerServiceAddress string) (*grpc.ClientConn, error) {
+	mu.Lock()
+	defer mu.Unlock()
+
+	hsConn, ok := hsConnMap[handshakerServiceAddress]
+	if !ok {
+		// Create a new connection to the S2A handshaker service. Note that
+		// this connection stays open until the application is closed.
+		grpcOpts := []grpc.DialOption{
+			grpc.WithInsecure(),
+		}
+		if enableAppEngineDialer() && appEngineDialerHook != nil {
+			if grpclog.V(1) {
+				grpclog.Info("Using AppEngine-specific dialer to talk to S2A.")
+			}
+			grpcOpts = append(grpcOpts, appEngineDialerHook(context.Background()))
+		}
+		var err error
+		hsConn, err = hsDialer(handshakerServiceAddress, grpcOpts...)
+		if err != nil {
+			return nil, err
+		}
+		hsConnMap[handshakerServiceAddress] = hsConn
+	}
+	return hsConn, nil
+}
+
+func enableAppEngineDialer() bool {
+	if strings.ToLower(os.Getenv(enableAppEngineDialerEnv)) == "true" {
+		return true
+	}
+	return false
+}
diff --git a/vendor/github.com/google/s2a-go/internal/proto/common_go_proto/common.pb.go b/vendor/github.com/google/s2a-go/internal/proto/common_go_proto/common.pb.go
new file mode 100644
index 000000000..16278a1d9
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/proto/common_go_proto/common.pb.go
@@ -0,0 +1,389 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        v3.21.12
+// source: internal/proto/common/common.proto
+
+package common_go_proto
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// The ciphersuites supported by S2A. The name determines the confidentiality,
+// and authentication ciphers as well as the hash algorithm used for PRF in
+// TLS 1.2 or HKDF in TLS 1.3. Thus, the components of the name are:
+//   - AEAD -- for encryption and authentication, e.g., AES_128_GCM.
+//   - Hash algorithm -- used in PRF or HKDF, e.g., SHA256.
+type Ciphersuite int32
+
+const (
+	Ciphersuite_AES_128_GCM_SHA256       Ciphersuite = 0
+	Ciphersuite_AES_256_GCM_SHA384       Ciphersuite = 1
+	Ciphersuite_CHACHA20_POLY1305_SHA256 Ciphersuite = 2
+)
+
+// Enum value maps for Ciphersuite.
+var (
+	Ciphersuite_name = map[int32]string{
+		0: "AES_128_GCM_SHA256",
+		1: "AES_256_GCM_SHA384",
+		2: "CHACHA20_POLY1305_SHA256",
+	}
+	Ciphersuite_value = map[string]int32{
+		"AES_128_GCM_SHA256":       0,
+		"AES_256_GCM_SHA384":       1,
+		"CHACHA20_POLY1305_SHA256": 2,
+	}
+)
+
+func (x Ciphersuite) Enum() *Ciphersuite {
+	p := new(Ciphersuite)
+	*p = x
+	return p
+}
+
+func (x Ciphersuite) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (Ciphersuite) Descriptor() protoreflect.EnumDescriptor {
+	return file_internal_proto_common_common_proto_enumTypes[0].Descriptor()
+}
+
+func (Ciphersuite) Type() protoreflect.EnumType {
+	return &file_internal_proto_common_common_proto_enumTypes[0]
+}
+
+func (x Ciphersuite) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use Ciphersuite.Descriptor instead.
+func (Ciphersuite) EnumDescriptor() ([]byte, []int) {
+	return file_internal_proto_common_common_proto_rawDescGZIP(), []int{0}
+}
+
+// The TLS versions supported by S2A's handshaker module.
+type TLSVersion int32
+
+const (
+	TLSVersion_TLS1_2 TLSVersion = 0
+	TLSVersion_TLS1_3 TLSVersion = 1
+)
+
+// Enum value maps for TLSVersion.
+var (
+	TLSVersion_name = map[int32]string{
+		0: "TLS1_2",
+		1: "TLS1_3",
+	}
+	TLSVersion_value = map[string]int32{
+		"TLS1_2": 0,
+		"TLS1_3": 1,
+	}
+)
+
+func (x TLSVersion) Enum() *TLSVersion {
+	p := new(TLSVersion)
+	*p = x
+	return p
+}
+
+func (x TLSVersion) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (TLSVersion) Descriptor() protoreflect.EnumDescriptor {
+	return file_internal_proto_common_common_proto_enumTypes[1].Descriptor()
+}
+
+func (TLSVersion) Type() protoreflect.EnumType {
+	return &file_internal_proto_common_common_proto_enumTypes[1]
+}
+
+func (x TLSVersion) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use TLSVersion.Descriptor instead.
+func (TLSVersion) EnumDescriptor() ([]byte, []int) {
+	return file_internal_proto_common_common_proto_rawDescGZIP(), []int{1}
+}
+
+type Identity struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Types that are assignable to IdentityOneof:
+	//
+	//	*Identity_SpiffeId
+	//	*Identity_Hostname
+	//	*Identity_Uid
+	//	*Identity_MdbUsername
+	//	*Identity_GaiaId
+	IdentityOneof isIdentity_IdentityOneof `protobuf_oneof:"identity_oneof"`
+	// Additional identity-specific attributes.
+	Attributes map[string]string `protobuf:"bytes,3,rep,name=attributes,proto3" json:"attributes,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+}
+
+func (x *Identity) Reset() {
+	*x = Identity{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_common_common_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Identity) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Identity) ProtoMessage() {}
+
+func (x *Identity) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_common_common_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Identity.ProtoReflect.Descriptor instead.
+func (*Identity) Descriptor() ([]byte, []int) {
+	return file_internal_proto_common_common_proto_rawDescGZIP(), []int{0}
+}
+
+func (m *Identity) GetIdentityOneof() isIdentity_IdentityOneof {
+	if m != nil {
+		return m.IdentityOneof
+	}
+	return nil
+}
+
+func (x *Identity) GetSpiffeId() string {
+	if x, ok := x.GetIdentityOneof().(*Identity_SpiffeId); ok {
+		return x.SpiffeId
+	}
+	return ""
+}
+
+func (x *Identity) GetHostname() string {
+	if x, ok := x.GetIdentityOneof().(*Identity_Hostname); ok {
+		return x.Hostname
+	}
+	return ""
+}
+
+func (x *Identity) GetUid() string {
+	if x, ok := x.GetIdentityOneof().(*Identity_Uid); ok {
+		return x.Uid
+	}
+	return ""
+}
+
+func (x *Identity) GetMdbUsername() string {
+	if x, ok := x.GetIdentityOneof().(*Identity_MdbUsername); ok {
+		return x.MdbUsername
+	}
+	return ""
+}
+
+func (x *Identity) GetGaiaId() string {
+	if x, ok := x.GetIdentityOneof().(*Identity_GaiaId); ok {
+		return x.GaiaId
+	}
+	return ""
+}
+
+func (x *Identity) GetAttributes() map[string]string {
+	if x != nil {
+		return x.Attributes
+	}
+	return nil
+}
+
+type isIdentity_IdentityOneof interface {
+	isIdentity_IdentityOneof()
+}
+
+type Identity_SpiffeId struct {
+	// The SPIFFE ID of a connection endpoint.
+	SpiffeId string `protobuf:"bytes,1,opt,name=spiffe_id,json=spiffeId,proto3,oneof"`
+}
+
+type Identity_Hostname struct {
+	// The hostname of a connection endpoint.
+	Hostname string `protobuf:"bytes,2,opt,name=hostname,proto3,oneof"`
+}
+
+type Identity_Uid struct {
+	// The UID of a connection endpoint.
+	Uid string `protobuf:"bytes,4,opt,name=uid,proto3,oneof"`
+}
+
+type Identity_MdbUsername struct {
+	// The MDB username of a connection endpoint.
+	MdbUsername string `protobuf:"bytes,5,opt,name=mdb_username,json=mdbUsername,proto3,oneof"`
+}
+
+type Identity_GaiaId struct {
+	// The Gaia ID of a connection endpoint.
+	GaiaId string `protobuf:"bytes,6,opt,name=gaia_id,json=gaiaId,proto3,oneof"`
+}
+
+func (*Identity_SpiffeId) isIdentity_IdentityOneof() {}
+
+func (*Identity_Hostname) isIdentity_IdentityOneof() {}
+
+func (*Identity_Uid) isIdentity_IdentityOneof() {}
+
+func (*Identity_MdbUsername) isIdentity_IdentityOneof() {}
+
+func (*Identity_GaiaId) isIdentity_IdentityOneof() {}
+
+var File_internal_proto_common_common_proto protoreflect.FileDescriptor
+
+var file_internal_proto_common_common_proto_rawDesc = []byte{
+	0x0a, 0x22, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x12, 0x09, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22,
+	0xb1, 0x02, 0x0a, 0x08, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x1d, 0x0a, 0x09,
+	0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48,
+	0x00, 0x52, 0x08, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x49, 0x64, 0x12, 0x1c, 0x0a, 0x08, 0x68,
+	0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52,
+	0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x03, 0x75, 0x69, 0x64,
+	0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, 0x23, 0x0a,
+	0x0c, 0x6d, 0x64, 0x62, 0x5f, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20,
+	0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0b, 0x6d, 0x64, 0x62, 0x55, 0x73, 0x65, 0x72, 0x6e, 0x61,
+	0x6d, 0x65, 0x12, 0x19, 0x0a, 0x07, 0x67, 0x61, 0x69, 0x61, 0x5f, 0x69, 0x64, 0x18, 0x06, 0x20,
+	0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x06, 0x67, 0x61, 0x69, 0x61, 0x49, 0x64, 0x12, 0x43, 0x0a,
+	0x0a, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28,
+	0x0b, 0x32, 0x23, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x64,
+	0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65,
+	0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0a, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74,
+	0x65, 0x73, 0x1a, 0x3d, 0x0a, 0x0f, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73,
+	0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38,
+	0x01, 0x42, 0x10, 0x0a, 0x0e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x6f, 0x6e,
+	0x65, 0x6f, 0x66, 0x2a, 0x5b, 0x0a, 0x0b, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x75, 0x69,
+	0x74, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x41, 0x45, 0x53, 0x5f, 0x31, 0x32, 0x38, 0x5f, 0x47, 0x43,
+	0x4d, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x41, 0x45,
+	0x53, 0x5f, 0x32, 0x35, 0x36, 0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34,
+	0x10, 0x01, 0x12, 0x1c, 0x0a, 0x18, 0x43, 0x48, 0x41, 0x43, 0x48, 0x41, 0x32, 0x30, 0x5f, 0x50,
+	0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30, 0x35, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x02,
+	0x2a, 0x24, 0x0a, 0x0a, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x0a,
+	0x0a, 0x06, 0x54, 0x4c, 0x53, 0x31, 0x5f, 0x32, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x54, 0x4c,
+	0x53, 0x31, 0x5f, 0x33, 0x10, 0x01, 0x42, 0x36, 0x5a, 0x34, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62,
+	0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x73, 0x32, 0x61, 0x2f,
+	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x63,
+	0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x67, 0x6f, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_internal_proto_common_common_proto_rawDescOnce sync.Once
+	file_internal_proto_common_common_proto_rawDescData = file_internal_proto_common_common_proto_rawDesc
+)
+
+func file_internal_proto_common_common_proto_rawDescGZIP() []byte {
+	file_internal_proto_common_common_proto_rawDescOnce.Do(func() {
+		file_internal_proto_common_common_proto_rawDescData = protoimpl.X.CompressGZIP(file_internal_proto_common_common_proto_rawDescData)
+	})
+	return file_internal_proto_common_common_proto_rawDescData
+}
+
+var file_internal_proto_common_common_proto_enumTypes = make([]protoimpl.EnumInfo, 2)
+var file_internal_proto_common_common_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
+var file_internal_proto_common_common_proto_goTypes = []interface{}{
+	(Ciphersuite)(0), // 0: s2a.proto.Ciphersuite
+	(TLSVersion)(0),  // 1: s2a.proto.TLSVersion
+	(*Identity)(nil), // 2: s2a.proto.Identity
+	nil,              // 3: s2a.proto.Identity.AttributesEntry
+}
+var file_internal_proto_common_common_proto_depIdxs = []int32{
+	3, // 0: s2a.proto.Identity.attributes:type_name -> s2a.proto.Identity.AttributesEntry
+	1, // [1:1] is the sub-list for method output_type
+	1, // [1:1] is the sub-list for method input_type
+	1, // [1:1] is the sub-list for extension type_name
+	1, // [1:1] is the sub-list for extension extendee
+	0, // [0:1] is the sub-list for field type_name
+}
+
+func init() { file_internal_proto_common_common_proto_init() }
+func file_internal_proto_common_common_proto_init() {
+	if File_internal_proto_common_common_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_internal_proto_common_common_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Identity); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_internal_proto_common_common_proto_msgTypes[0].OneofWrappers = []interface{}{
+		(*Identity_SpiffeId)(nil),
+		(*Identity_Hostname)(nil),
+		(*Identity_Uid)(nil),
+		(*Identity_MdbUsername)(nil),
+		(*Identity_GaiaId)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_internal_proto_common_common_proto_rawDesc,
+			NumEnums:      2,
+			NumMessages:   2,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_internal_proto_common_common_proto_goTypes,
+		DependencyIndexes: file_internal_proto_common_common_proto_depIdxs,
+		EnumInfos:         file_internal_proto_common_common_proto_enumTypes,
+		MessageInfos:      file_internal_proto_common_common_proto_msgTypes,
+	}.Build()
+	File_internal_proto_common_common_proto = out.File
+	file_internal_proto_common_common_proto_rawDesc = nil
+	file_internal_proto_common_common_proto_goTypes = nil
+	file_internal_proto_common_common_proto_depIdxs = nil
+}
diff --git a/vendor/github.com/google/s2a-go/internal/proto/s2a_context_go_proto/s2a_context.pb.go b/vendor/github.com/google/s2a-go/internal/proto/s2a_context_go_proto/s2a_context.pb.go
new file mode 100644
index 000000000..f4f763ae1
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/proto/s2a_context_go_proto/s2a_context.pb.go
@@ -0,0 +1,267 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        v3.21.12
+// source: internal/proto/s2a_context/s2a_context.proto
+
+package s2a_context_go_proto
+
+import (
+	common_go_proto "github.com/google/s2a-go/internal/proto/common_go_proto"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type S2AContext struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The application protocol negotiated for this connection, e.g., 'grpc'.
+	ApplicationProtocol string `protobuf:"bytes,1,opt,name=application_protocol,json=applicationProtocol,proto3" json:"application_protocol,omitempty"`
+	// The TLS version number that the S2A's handshaker module used to set up the
+	// session.
+	TlsVersion common_go_proto.TLSVersion `protobuf:"varint,2,opt,name=tls_version,json=tlsVersion,proto3,enum=s2a.proto.TLSVersion" json:"tls_version,omitempty"`
+	// The TLS ciphersuite negotiated by the S2A's handshaker module.
+	Ciphersuite common_go_proto.Ciphersuite `protobuf:"varint,3,opt,name=ciphersuite,proto3,enum=s2a.proto.Ciphersuite" json:"ciphersuite,omitempty"`
+	// The authenticated identity of the peer.
+	PeerIdentity *common_go_proto.Identity `protobuf:"bytes,4,opt,name=peer_identity,json=peerIdentity,proto3" json:"peer_identity,omitempty"`
+	// The local identity used during session setup. This could be:
+	//   - The local identity that the client specifies in ClientSessionStartReq.
+	//   - One of the local identities that the server specifies in
+	//     ServerSessionStartReq.
+	//   - If neither client or server specifies local identities, the S2A picks the
+	//     default one. In this case, this field will contain that identity.
+	LocalIdentity *common_go_proto.Identity `protobuf:"bytes,5,opt,name=local_identity,json=localIdentity,proto3" json:"local_identity,omitempty"`
+	// The SHA256 hash of the peer certificate used in the handshake.
+	PeerCertFingerprint []byte `protobuf:"bytes,6,opt,name=peer_cert_fingerprint,json=peerCertFingerprint,proto3" json:"peer_cert_fingerprint,omitempty"`
+	// The SHA256 hash of the local certificate used in the handshake.
+	LocalCertFingerprint []byte `protobuf:"bytes,7,opt,name=local_cert_fingerprint,json=localCertFingerprint,proto3" json:"local_cert_fingerprint,omitempty"`
+	// Set to true if a cached session was reused to resume the handshake.
+	IsHandshakeResumed bool `protobuf:"varint,8,opt,name=is_handshake_resumed,json=isHandshakeResumed,proto3" json:"is_handshake_resumed,omitempty"`
+}
+
+func (x *S2AContext) Reset() {
+	*x = S2AContext{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_s2a_context_s2a_context_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *S2AContext) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*S2AContext) ProtoMessage() {}
+
+func (x *S2AContext) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_s2a_context_s2a_context_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use S2AContext.ProtoReflect.Descriptor instead.
+func (*S2AContext) Descriptor() ([]byte, []int) {
+	return file_internal_proto_s2a_context_s2a_context_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *S2AContext) GetApplicationProtocol() string {
+	if x != nil {
+		return x.ApplicationProtocol
+	}
+	return ""
+}
+
+func (x *S2AContext) GetTlsVersion() common_go_proto.TLSVersion {
+	if x != nil {
+		return x.TlsVersion
+	}
+	return common_go_proto.TLSVersion(0)
+}
+
+func (x *S2AContext) GetCiphersuite() common_go_proto.Ciphersuite {
+	if x != nil {
+		return x.Ciphersuite
+	}
+	return common_go_proto.Ciphersuite(0)
+}
+
+func (x *S2AContext) GetPeerIdentity() *common_go_proto.Identity {
+	if x != nil {
+		return x.PeerIdentity
+	}
+	return nil
+}
+
+func (x *S2AContext) GetLocalIdentity() *common_go_proto.Identity {
+	if x != nil {
+		return x.LocalIdentity
+	}
+	return nil
+}
+
+func (x *S2AContext) GetPeerCertFingerprint() []byte {
+	if x != nil {
+		return x.PeerCertFingerprint
+	}
+	return nil
+}
+
+func (x *S2AContext) GetLocalCertFingerprint() []byte {
+	if x != nil {
+		return x.LocalCertFingerprint
+	}
+	return nil
+}
+
+func (x *S2AContext) GetIsHandshakeResumed() bool {
+	if x != nil {
+		return x.IsHandshakeResumed
+	}
+	return false
+}
+
+var File_internal_proto_s2a_context_s2a_context_proto protoreflect.FileDescriptor
+
+var file_internal_proto_s2a_context_s2a_context_proto_rawDesc = []byte{
+	0x0a, 0x2c, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x2f, 0x73, 0x32, 0x61, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2f, 0x73, 0x32, 0x61,
+	0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x09,
+	0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x22, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e,
+	0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc3, 0x03,
+	0x0a, 0x0a, 0x53, 0x32, 0x41, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x31, 0x0a, 0x14,
+	0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x61, 0x70, 0x70, 0x6c,
+	0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12,
+	0x36, 0x0a, 0x0b, 0x74, 0x6c, 0x73, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x2e, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x74, 0x6c, 0x73,
+	0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x38, 0x0a, 0x0b, 0x63, 0x69, 0x70, 0x68, 0x65,
+	0x72, 0x73, 0x75, 0x69, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x16, 0x2e, 0x73,
+	0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73,
+	0x75, 0x69, 0x74, 0x65, 0x52, 0x0b, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x75, 0x69, 0x74,
+	0x65, 0x12, 0x38, 0x0a, 0x0d, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69,
+	0x74, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x0c, 0x70,
+	0x65, 0x65, 0x72, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x3a, 0x0a, 0x0e, 0x6c,
+	0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x05, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
+	0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x0d, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49,
+	0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x32, 0x0a, 0x15, 0x70, 0x65, 0x65, 0x72, 0x5f,
+	0x63, 0x65, 0x72, 0x74, 0x5f, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74,
+	0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x13, 0x70, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74,
+	0x46, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x12, 0x34, 0x0a, 0x16, 0x6c,
+	0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72,
+	0x70, 0x72, 0x69, 0x6e, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x14, 0x6c, 0x6f, 0x63,
+	0x61, 0x6c, 0x43, 0x65, 0x72, 0x74, 0x46, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e,
+	0x74, 0x12, 0x30, 0x0a, 0x14, 0x69, 0x73, 0x5f, 0x68, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b,
+	0x65, 0x5f, 0x72, 0x65, 0x73, 0x75, 0x6d, 0x65, 0x64, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52,
+	0x12, 0x69, 0x73, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x52, 0x65, 0x73, 0x75,
+	0x6d, 0x65, 0x64, 0x42, 0x3b, 0x5a, 0x39, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f,
+	0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x73, 0x32, 0x61, 0x2f, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x32, 0x61, 0x5f,
+	0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x67, 0x6f, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_internal_proto_s2a_context_s2a_context_proto_rawDescOnce sync.Once
+	file_internal_proto_s2a_context_s2a_context_proto_rawDescData = file_internal_proto_s2a_context_s2a_context_proto_rawDesc
+)
+
+func file_internal_proto_s2a_context_s2a_context_proto_rawDescGZIP() []byte {
+	file_internal_proto_s2a_context_s2a_context_proto_rawDescOnce.Do(func() {
+		file_internal_proto_s2a_context_s2a_context_proto_rawDescData = protoimpl.X.CompressGZIP(file_internal_proto_s2a_context_s2a_context_proto_rawDescData)
+	})
+	return file_internal_proto_s2a_context_s2a_context_proto_rawDescData
+}
+
+var file_internal_proto_s2a_context_s2a_context_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_internal_proto_s2a_context_s2a_context_proto_goTypes = []interface{}{
+	(*S2AContext)(nil),               // 0: s2a.proto.S2AContext
+	(common_go_proto.TLSVersion)(0),  // 1: s2a.proto.TLSVersion
+	(common_go_proto.Ciphersuite)(0), // 2: s2a.proto.Ciphersuite
+	(*common_go_proto.Identity)(nil), // 3: s2a.proto.Identity
+}
+var file_internal_proto_s2a_context_s2a_context_proto_depIdxs = []int32{
+	1, // 0: s2a.proto.S2AContext.tls_version:type_name -> s2a.proto.TLSVersion
+	2, // 1: s2a.proto.S2AContext.ciphersuite:type_name -> s2a.proto.Ciphersuite
+	3, // 2: s2a.proto.S2AContext.peer_identity:type_name -> s2a.proto.Identity
+	3, // 3: s2a.proto.S2AContext.local_identity:type_name -> s2a.proto.Identity
+	4, // [4:4] is the sub-list for method output_type
+	4, // [4:4] is the sub-list for method input_type
+	4, // [4:4] is the sub-list for extension type_name
+	4, // [4:4] is the sub-list for extension extendee
+	0, // [0:4] is the sub-list for field type_name
+}
+
+func init() { file_internal_proto_s2a_context_s2a_context_proto_init() }
+func file_internal_proto_s2a_context_s2a_context_proto_init() {
+	if File_internal_proto_s2a_context_s2a_context_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_internal_proto_s2a_context_s2a_context_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*S2AContext); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_internal_proto_s2a_context_s2a_context_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   1,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_internal_proto_s2a_context_s2a_context_proto_goTypes,
+		DependencyIndexes: file_internal_proto_s2a_context_s2a_context_proto_depIdxs,
+		MessageInfos:      file_internal_proto_s2a_context_s2a_context_proto_msgTypes,
+	}.Build()
+	File_internal_proto_s2a_context_s2a_context_proto = out.File
+	file_internal_proto_s2a_context_s2a_context_proto_rawDesc = nil
+	file_internal_proto_s2a_context_s2a_context_proto_goTypes = nil
+	file_internal_proto_s2a_context_s2a_context_proto_depIdxs = nil
+}
diff --git a/vendor/github.com/google/s2a-go/internal/proto/s2a_go_proto/s2a.pb.go b/vendor/github.com/google/s2a-go/internal/proto/s2a_go_proto/s2a.pb.go
new file mode 100644
index 000000000..0a86ebee5
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/proto/s2a_go_proto/s2a.pb.go
@@ -0,0 +1,1377 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        v3.21.12
+// source: internal/proto/s2a/s2a.proto
+
+package s2a_go_proto
+
+import (
+	common_go_proto "github.com/google/s2a-go/internal/proto/common_go_proto"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type AuthenticationMechanism struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// (Optional) Application may specify an identity associated to an
+	// authentication mechanism. Otherwise, S2A assumes that the authentication
+	// mechanism is associated with the default identity. If the default identity
+	// cannot be determined, session setup fails.
+	Identity *common_go_proto.Identity `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"`
+	// Types that are assignable to MechanismOneof:
+	//
+	//	*AuthenticationMechanism_Token
+	MechanismOneof isAuthenticationMechanism_MechanismOneof `protobuf_oneof:"mechanism_oneof"`
+}
+
+func (x *AuthenticationMechanism) Reset() {
+	*x = AuthenticationMechanism{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_s2a_s2a_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *AuthenticationMechanism) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AuthenticationMechanism) ProtoMessage() {}
+
+func (x *AuthenticationMechanism) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_s2a_s2a_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AuthenticationMechanism.ProtoReflect.Descriptor instead.
+func (*AuthenticationMechanism) Descriptor() ([]byte, []int) {
+	return file_internal_proto_s2a_s2a_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *AuthenticationMechanism) GetIdentity() *common_go_proto.Identity {
+	if x != nil {
+		return x.Identity
+	}
+	return nil
+}
+
+func (m *AuthenticationMechanism) GetMechanismOneof() isAuthenticationMechanism_MechanismOneof {
+	if m != nil {
+		return m.MechanismOneof
+	}
+	return nil
+}
+
+func (x *AuthenticationMechanism) GetToken() string {
+	if x, ok := x.GetMechanismOneof().(*AuthenticationMechanism_Token); ok {
+		return x.Token
+	}
+	return ""
+}
+
+type isAuthenticationMechanism_MechanismOneof interface {
+	isAuthenticationMechanism_MechanismOneof()
+}
+
+type AuthenticationMechanism_Token struct {
+	// A token that the application uses to authenticate itself to the S2A.
+	Token string `protobuf:"bytes,2,opt,name=token,proto3,oneof"`
+}
+
+func (*AuthenticationMechanism_Token) isAuthenticationMechanism_MechanismOneof() {}
+
+type ClientSessionStartReq struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The application protocols supported by the client, e.g., "grpc".
+	ApplicationProtocols []string `protobuf:"bytes,1,rep,name=application_protocols,json=applicationProtocols,proto3" json:"application_protocols,omitempty"`
+	// (Optional) The minimum TLS version number that the S2A's handshaker module
+	// will use to set up the session. If this field is not provided, S2A will use
+	// the minimum version it supports.
+	MinTlsVersion common_go_proto.TLSVersion `protobuf:"varint,2,opt,name=min_tls_version,json=minTlsVersion,proto3,enum=s2a.proto.TLSVersion" json:"min_tls_version,omitempty"`
+	// (Optional) The maximum TLS version number that the S2A's handshaker module
+	// will use to set up the session. If this field is not provided, S2A will use
+	// the maximum version it supports.
+	MaxTlsVersion common_go_proto.TLSVersion `protobuf:"varint,3,opt,name=max_tls_version,json=maxTlsVersion,proto3,enum=s2a.proto.TLSVersion" json:"max_tls_version,omitempty"`
+	// The TLS ciphersuites that the client is willing to support.
+	TlsCiphersuites []common_go_proto.Ciphersuite `protobuf:"varint,4,rep,packed,name=tls_ciphersuites,json=tlsCiphersuites,proto3,enum=s2a.proto.Ciphersuite" json:"tls_ciphersuites,omitempty"`
+	// (Optional) Describes which server identities are acceptable by the client.
+	// If target identities are provided and none of them matches the peer
+	// identity of the server, session setup fails.
+	TargetIdentities []*common_go_proto.Identity `protobuf:"bytes,5,rep,name=target_identities,json=targetIdentities,proto3" json:"target_identities,omitempty"`
+	// (Optional) Application may specify a local identity. Otherwise, S2A chooses
+	// the default local identity. If the default identity cannot be determined,
+	// session setup fails.
+	LocalIdentity *common_go_proto.Identity `protobuf:"bytes,6,opt,name=local_identity,json=localIdentity,proto3" json:"local_identity,omitempty"`
+	// The target name that is used by S2A to configure SNI in the TLS handshake.
+	// It is also used to perform server authorization check if avaiable. This
+	// check is intended to verify that the peer authenticated identity is
+	// authorized to run a service with the target name.
+	// This field MUST only contain the host portion of the server address. It
+	// MUST not contain the scheme or the port number. For example, if the server
+	// address is dns://www.example.com:443, the value of this field should be
+	// set to www.example.com.
+	TargetName string `protobuf:"bytes,7,opt,name=target_name,json=targetName,proto3" json:"target_name,omitempty"`
+}
+
+func (x *ClientSessionStartReq) Reset() {
+	*x = ClientSessionStartReq{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_s2a_s2a_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ClientSessionStartReq) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ClientSessionStartReq) ProtoMessage() {}
+
+func (x *ClientSessionStartReq) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_s2a_s2a_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ClientSessionStartReq.ProtoReflect.Descriptor instead.
+func (*ClientSessionStartReq) Descriptor() ([]byte, []int) {
+	return file_internal_proto_s2a_s2a_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *ClientSessionStartReq) GetApplicationProtocols() []string {
+	if x != nil {
+		return x.ApplicationProtocols
+	}
+	return nil
+}
+
+func (x *ClientSessionStartReq) GetMinTlsVersion() common_go_proto.TLSVersion {
+	if x != nil {
+		return x.MinTlsVersion
+	}
+	return common_go_proto.TLSVersion(0)
+}
+
+func (x *ClientSessionStartReq) GetMaxTlsVersion() common_go_proto.TLSVersion {
+	if x != nil {
+		return x.MaxTlsVersion
+	}
+	return common_go_proto.TLSVersion(0)
+}
+
+func (x *ClientSessionStartReq) GetTlsCiphersuites() []common_go_proto.Ciphersuite {
+	if x != nil {
+		return x.TlsCiphersuites
+	}
+	return nil
+}
+
+func (x *ClientSessionStartReq) GetTargetIdentities() []*common_go_proto.Identity {
+	if x != nil {
+		return x.TargetIdentities
+	}
+	return nil
+}
+
+func (x *ClientSessionStartReq) GetLocalIdentity() *common_go_proto.Identity {
+	if x != nil {
+		return x.LocalIdentity
+	}
+	return nil
+}
+
+func (x *ClientSessionStartReq) GetTargetName() string {
+	if x != nil {
+		return x.TargetName
+	}
+	return ""
+}
+
+type ServerSessionStartReq struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The application protocols supported by the server, e.g., "grpc".
+	ApplicationProtocols []string `protobuf:"bytes,1,rep,name=application_protocols,json=applicationProtocols,proto3" json:"application_protocols,omitempty"`
+	// (Optional) The minimum TLS version number that the S2A's handshaker module
+	// will use to set up the session. If this field is not provided, S2A will use
+	// the minimum version it supports.
+	MinTlsVersion common_go_proto.TLSVersion `protobuf:"varint,2,opt,name=min_tls_version,json=minTlsVersion,proto3,enum=s2a.proto.TLSVersion" json:"min_tls_version,omitempty"`
+	// (Optional) The maximum TLS version number that the S2A's handshaker module
+	// will use to set up the session. If this field is not provided, S2A will use
+	// the maximum version it supports.
+	MaxTlsVersion common_go_proto.TLSVersion `protobuf:"varint,3,opt,name=max_tls_version,json=maxTlsVersion,proto3,enum=s2a.proto.TLSVersion" json:"max_tls_version,omitempty"`
+	// The TLS ciphersuites that the server is willing to support.
+	TlsCiphersuites []common_go_proto.Ciphersuite `protobuf:"varint,4,rep,packed,name=tls_ciphersuites,json=tlsCiphersuites,proto3,enum=s2a.proto.Ciphersuite" json:"tls_ciphersuites,omitempty"`
+	// (Optional) A list of local identities supported by the server, if
+	// specified. Otherwise, S2A chooses the default local identity. If the
+	// default identity cannot be determined, session setup fails.
+	LocalIdentities []*common_go_proto.Identity `protobuf:"bytes,5,rep,name=local_identities,json=localIdentities,proto3" json:"local_identities,omitempty"`
+	// The byte representation of the first handshake message received from the
+	// client peer. It is possible that this first message is split into multiple
+	// chunks. In this case, the first chunk is sent using this field and the
+	// following chunks are sent using the in_bytes field of SessionNextReq
+	// Specifically, if the client peer is using S2A, this field contains the
+	// bytes in the out_frames field of SessionResp message that the client peer
+	// received from its S2A after initiating the handshake.
+	InBytes []byte `protobuf:"bytes,6,opt,name=in_bytes,json=inBytes,proto3" json:"in_bytes,omitempty"`
+}
+
+func (x *ServerSessionStartReq) Reset() {
+	*x = ServerSessionStartReq{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_s2a_s2a_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ServerSessionStartReq) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ServerSessionStartReq) ProtoMessage() {}
+
+func (x *ServerSessionStartReq) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_s2a_s2a_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ServerSessionStartReq.ProtoReflect.Descriptor instead.
+func (*ServerSessionStartReq) Descriptor() ([]byte, []int) {
+	return file_internal_proto_s2a_s2a_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *ServerSessionStartReq) GetApplicationProtocols() []string {
+	if x != nil {
+		return x.ApplicationProtocols
+	}
+	return nil
+}
+
+func (x *ServerSessionStartReq) GetMinTlsVersion() common_go_proto.TLSVersion {
+	if x != nil {
+		return x.MinTlsVersion
+	}
+	return common_go_proto.TLSVersion(0)
+}
+
+func (x *ServerSessionStartReq) GetMaxTlsVersion() common_go_proto.TLSVersion {
+	if x != nil {
+		return x.MaxTlsVersion
+	}
+	return common_go_proto.TLSVersion(0)
+}
+
+func (x *ServerSessionStartReq) GetTlsCiphersuites() []common_go_proto.Ciphersuite {
+	if x != nil {
+		return x.TlsCiphersuites
+	}
+	return nil
+}
+
+func (x *ServerSessionStartReq) GetLocalIdentities() []*common_go_proto.Identity {
+	if x != nil {
+		return x.LocalIdentities
+	}
+	return nil
+}
+
+func (x *ServerSessionStartReq) GetInBytes() []byte {
+	if x != nil {
+		return x.InBytes
+	}
+	return nil
+}
+
+type SessionNextReq struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The byte representation of session setup, i.e., handshake messages.
+	// Specifically:
+	//   - All handshake messages sent from the server to the client.
+	//   - All, except for the first, handshake messages sent from the client to
+	//     the server. Note that the first message is communicated to S2A using the
+	//     in_bytes field of ServerSessionStartReq.
+	//
+	// If the peer is using S2A, this field contains the bytes in the out_frames
+	// field of SessionResp message that the peer received from its S2A.
+	InBytes []byte `protobuf:"bytes,1,opt,name=in_bytes,json=inBytes,proto3" json:"in_bytes,omitempty"`
+}
+
+func (x *SessionNextReq) Reset() {
+	*x = SessionNextReq{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_s2a_s2a_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SessionNextReq) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SessionNextReq) ProtoMessage() {}
+
+func (x *SessionNextReq) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_s2a_s2a_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SessionNextReq.ProtoReflect.Descriptor instead.
+func (*SessionNextReq) Descriptor() ([]byte, []int) {
+	return file_internal_proto_s2a_s2a_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *SessionNextReq) GetInBytes() []byte {
+	if x != nil {
+		return x.InBytes
+	}
+	return nil
+}
+
+type ResumptionTicketReq struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The byte representation of a NewSessionTicket message received from the
+	// server.
+	InBytes [][]byte `protobuf:"bytes,1,rep,name=in_bytes,json=inBytes,proto3" json:"in_bytes,omitempty"`
+	// A connection identifier that was created and sent by S2A at the end of a
+	// handshake.
+	ConnectionId uint64 `protobuf:"varint,2,opt,name=connection_id,json=connectionId,proto3" json:"connection_id,omitempty"`
+	// The local identity that was used by S2A during session setup and included
+	// in |SessionResult|.
+	LocalIdentity *common_go_proto.Identity `protobuf:"bytes,3,opt,name=local_identity,json=localIdentity,proto3" json:"local_identity,omitempty"`
+}
+
+func (x *ResumptionTicketReq) Reset() {
+	*x = ResumptionTicketReq{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_s2a_s2a_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ResumptionTicketReq) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ResumptionTicketReq) ProtoMessage() {}
+
+func (x *ResumptionTicketReq) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_s2a_s2a_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ResumptionTicketReq.ProtoReflect.Descriptor instead.
+func (*ResumptionTicketReq) Descriptor() ([]byte, []int) {
+	return file_internal_proto_s2a_s2a_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *ResumptionTicketReq) GetInBytes() [][]byte {
+	if x != nil {
+		return x.InBytes
+	}
+	return nil
+}
+
+func (x *ResumptionTicketReq) GetConnectionId() uint64 {
+	if x != nil {
+		return x.ConnectionId
+	}
+	return 0
+}
+
+func (x *ResumptionTicketReq) GetLocalIdentity() *common_go_proto.Identity {
+	if x != nil {
+		return x.LocalIdentity
+	}
+	return nil
+}
+
+type SessionReq struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Types that are assignable to ReqOneof:
+	//
+	//	*SessionReq_ClientStart
+	//	*SessionReq_ServerStart
+	//	*SessionReq_Next
+	//	*SessionReq_ResumptionTicket
+	ReqOneof isSessionReq_ReqOneof `protobuf_oneof:"req_oneof"`
+	// (Optional) The authentication mechanisms that the client wishes to use to
+	// authenticate to the S2A, ordered by preference. The S2A will always use the
+	// first authentication mechanism that appears in the list and is supported by
+	// the S2A.
+	AuthMechanisms []*AuthenticationMechanism `protobuf:"bytes,5,rep,name=auth_mechanisms,json=authMechanisms,proto3" json:"auth_mechanisms,omitempty"`
+}
+
+func (x *SessionReq) Reset() {
+	*x = SessionReq{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_s2a_s2a_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SessionReq) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SessionReq) ProtoMessage() {}
+
+func (x *SessionReq) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_s2a_s2a_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SessionReq.ProtoReflect.Descriptor instead.
+func (*SessionReq) Descriptor() ([]byte, []int) {
+	return file_internal_proto_s2a_s2a_proto_rawDescGZIP(), []int{5}
+}
+
+func (m *SessionReq) GetReqOneof() isSessionReq_ReqOneof {
+	if m != nil {
+		return m.ReqOneof
+	}
+	return nil
+}
+
+func (x *SessionReq) GetClientStart() *ClientSessionStartReq {
+	if x, ok := x.GetReqOneof().(*SessionReq_ClientStart); ok {
+		return x.ClientStart
+	}
+	return nil
+}
+
+func (x *SessionReq) GetServerStart() *ServerSessionStartReq {
+	if x, ok := x.GetReqOneof().(*SessionReq_ServerStart); ok {
+		return x.ServerStart
+	}
+	return nil
+}
+
+func (x *SessionReq) GetNext() *SessionNextReq {
+	if x, ok := x.GetReqOneof().(*SessionReq_Next); ok {
+		return x.Next
+	}
+	return nil
+}
+
+func (x *SessionReq) GetResumptionTicket() *ResumptionTicketReq {
+	if x, ok := x.GetReqOneof().(*SessionReq_ResumptionTicket); ok {
+		return x.ResumptionTicket
+	}
+	return nil
+}
+
+func (x *SessionReq) GetAuthMechanisms() []*AuthenticationMechanism {
+	if x != nil {
+		return x.AuthMechanisms
+	}
+	return nil
+}
+
+type isSessionReq_ReqOneof interface {
+	isSessionReq_ReqOneof()
+}
+
+type SessionReq_ClientStart struct {
+	// The client session setup request message.
+	ClientStart *ClientSessionStartReq `protobuf:"bytes,1,opt,name=client_start,json=clientStart,proto3,oneof"`
+}
+
+type SessionReq_ServerStart struct {
+	// The server session setup request message.
+	ServerStart *ServerSessionStartReq `protobuf:"bytes,2,opt,name=server_start,json=serverStart,proto3,oneof"`
+}
+
+type SessionReq_Next struct {
+	// The next session setup message request message.
+	Next *SessionNextReq `protobuf:"bytes,3,opt,name=next,proto3,oneof"`
+}
+
+type SessionReq_ResumptionTicket struct {
+	// The resumption ticket that is received from the server. This message is
+	// only accepted by S2A if it is running as a client and if it is received
+	// after session setup is complete. If S2A is running as a server and it
+	// receives this message, the session is terminated.
+	ResumptionTicket *ResumptionTicketReq `protobuf:"bytes,4,opt,name=resumption_ticket,json=resumptionTicket,proto3,oneof"`
+}
+
+func (*SessionReq_ClientStart) isSessionReq_ReqOneof() {}
+
+func (*SessionReq_ServerStart) isSessionReq_ReqOneof() {}
+
+func (*SessionReq_Next) isSessionReq_ReqOneof() {}
+
+func (*SessionReq_ResumptionTicket) isSessionReq_ReqOneof() {}
+
+type SessionState struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The TLS version number that the S2A's handshaker module used to set up the
+	// session.
+	TlsVersion common_go_proto.TLSVersion `protobuf:"varint,1,opt,name=tls_version,json=tlsVersion,proto3,enum=s2a.proto.TLSVersion" json:"tls_version,omitempty"`
+	// The TLS ciphersuite negotiated by the S2A's handshaker module.
+	TlsCiphersuite common_go_proto.Ciphersuite `protobuf:"varint,2,opt,name=tls_ciphersuite,json=tlsCiphersuite,proto3,enum=s2a.proto.Ciphersuite" json:"tls_ciphersuite,omitempty"`
+	// The sequence number of the next, incoming, TLS record.
+	InSequence uint64 `protobuf:"varint,3,opt,name=in_sequence,json=inSequence,proto3" json:"in_sequence,omitempty"`
+	// The sequence number of the next, outgoing, TLS record.
+	OutSequence uint64 `protobuf:"varint,4,opt,name=out_sequence,json=outSequence,proto3" json:"out_sequence,omitempty"`
+	// The key for the inbound direction.
+	InKey []byte `protobuf:"bytes,5,opt,name=in_key,json=inKey,proto3" json:"in_key,omitempty"`
+	// The key for the outbound direction.
+	OutKey []byte `protobuf:"bytes,6,opt,name=out_key,json=outKey,proto3" json:"out_key,omitempty"`
+	// The constant part of the record nonce for the outbound direction.
+	InFixedNonce []byte `protobuf:"bytes,7,opt,name=in_fixed_nonce,json=inFixedNonce,proto3" json:"in_fixed_nonce,omitempty"`
+	// The constant part of the record nonce for the inbound direction.
+	OutFixedNonce []byte `protobuf:"bytes,8,opt,name=out_fixed_nonce,json=outFixedNonce,proto3" json:"out_fixed_nonce,omitempty"`
+	// A connection identifier that can be provided to S2A to perform operations
+	// related to this connection. This identifier will be stored by the record
+	// protocol, and included in the |ResumptionTicketReq| message that is later
+	// sent back to S2A. This field is set only for client-side connections.
+	ConnectionId uint64 `protobuf:"varint,9,opt,name=connection_id,json=connectionId,proto3" json:"connection_id,omitempty"`
+	// Set to true if a cached session was reused to do an abbreviated handshake.
+	IsHandshakeResumed bool `protobuf:"varint,10,opt,name=is_handshake_resumed,json=isHandshakeResumed,proto3" json:"is_handshake_resumed,omitempty"`
+}
+
+func (x *SessionState) Reset() {
+	*x = SessionState{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_s2a_s2a_proto_msgTypes[6]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SessionState) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SessionState) ProtoMessage() {}
+
+func (x *SessionState) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_s2a_s2a_proto_msgTypes[6]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SessionState.ProtoReflect.Descriptor instead.
+func (*SessionState) Descriptor() ([]byte, []int) {
+	return file_internal_proto_s2a_s2a_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *SessionState) GetTlsVersion() common_go_proto.TLSVersion {
+	if x != nil {
+		return x.TlsVersion
+	}
+	return common_go_proto.TLSVersion(0)
+}
+
+func (x *SessionState) GetTlsCiphersuite() common_go_proto.Ciphersuite {
+	if x != nil {
+		return x.TlsCiphersuite
+	}
+	return common_go_proto.Ciphersuite(0)
+}
+
+func (x *SessionState) GetInSequence() uint64 {
+	if x != nil {
+		return x.InSequence
+	}
+	return 0
+}
+
+func (x *SessionState) GetOutSequence() uint64 {
+	if x != nil {
+		return x.OutSequence
+	}
+	return 0
+}
+
+func (x *SessionState) GetInKey() []byte {
+	if x != nil {
+		return x.InKey
+	}
+	return nil
+}
+
+func (x *SessionState) GetOutKey() []byte {
+	if x != nil {
+		return x.OutKey
+	}
+	return nil
+}
+
+func (x *SessionState) GetInFixedNonce() []byte {
+	if x != nil {
+		return x.InFixedNonce
+	}
+	return nil
+}
+
+func (x *SessionState) GetOutFixedNonce() []byte {
+	if x != nil {
+		return x.OutFixedNonce
+	}
+	return nil
+}
+
+func (x *SessionState) GetConnectionId() uint64 {
+	if x != nil {
+		return x.ConnectionId
+	}
+	return 0
+}
+
+func (x *SessionState) GetIsHandshakeResumed() bool {
+	if x != nil {
+		return x.IsHandshakeResumed
+	}
+	return false
+}
+
+type SessionResult struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The application protocol negotiated for this session.
+	ApplicationProtocol string `protobuf:"bytes,1,opt,name=application_protocol,json=applicationProtocol,proto3" json:"application_protocol,omitempty"`
+	// The session state at the end. This state contains all cryptographic
+	// material required to initialize the record protocol object.
+	State *SessionState `protobuf:"bytes,2,opt,name=state,proto3" json:"state,omitempty"`
+	// The authenticated identity of the peer.
+	PeerIdentity *common_go_proto.Identity `protobuf:"bytes,4,opt,name=peer_identity,json=peerIdentity,proto3" json:"peer_identity,omitempty"`
+	// The local identity used during session setup. This could be:
+	//   - The local identity that the client specifies in ClientSessionStartReq.
+	//   - One of the local identities that the server specifies in
+	//     ServerSessionStartReq.
+	//   - If neither client or server specifies local identities, the S2A picks the
+	//     default one. In this case, this field will contain that identity.
+	LocalIdentity *common_go_proto.Identity `protobuf:"bytes,5,opt,name=local_identity,json=localIdentity,proto3" json:"local_identity,omitempty"`
+	// The SHA256 hash of the local certificate used in the handshake.
+	LocalCertFingerprint []byte `protobuf:"bytes,6,opt,name=local_cert_fingerprint,json=localCertFingerprint,proto3" json:"local_cert_fingerprint,omitempty"`
+	// The SHA256 hash of the peer certificate used in the handshake.
+	PeerCertFingerprint []byte `protobuf:"bytes,7,opt,name=peer_cert_fingerprint,json=peerCertFingerprint,proto3" json:"peer_cert_fingerprint,omitempty"`
+}
+
+func (x *SessionResult) Reset() {
+	*x = SessionResult{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_s2a_s2a_proto_msgTypes[7]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SessionResult) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SessionResult) ProtoMessage() {}
+
+func (x *SessionResult) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_s2a_s2a_proto_msgTypes[7]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SessionResult.ProtoReflect.Descriptor instead.
+func (*SessionResult) Descriptor() ([]byte, []int) {
+	return file_internal_proto_s2a_s2a_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *SessionResult) GetApplicationProtocol() string {
+	if x != nil {
+		return x.ApplicationProtocol
+	}
+	return ""
+}
+
+func (x *SessionResult) GetState() *SessionState {
+	if x != nil {
+		return x.State
+	}
+	return nil
+}
+
+func (x *SessionResult) GetPeerIdentity() *common_go_proto.Identity {
+	if x != nil {
+		return x.PeerIdentity
+	}
+	return nil
+}
+
+func (x *SessionResult) GetLocalIdentity() *common_go_proto.Identity {
+	if x != nil {
+		return x.LocalIdentity
+	}
+	return nil
+}
+
+func (x *SessionResult) GetLocalCertFingerprint() []byte {
+	if x != nil {
+		return x.LocalCertFingerprint
+	}
+	return nil
+}
+
+func (x *SessionResult) GetPeerCertFingerprint() []byte {
+	if x != nil {
+		return x.PeerCertFingerprint
+	}
+	return nil
+}
+
+type SessionStatus struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The status code that is specific to the application and the implementation
+	// of S2A, e.g., gRPC status code.
+	Code uint32 `protobuf:"varint,1,opt,name=code,proto3" json:"code,omitempty"`
+	// The status details.
+	Details string `protobuf:"bytes,2,opt,name=details,proto3" json:"details,omitempty"`
+}
+
+func (x *SessionStatus) Reset() {
+	*x = SessionStatus{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_s2a_s2a_proto_msgTypes[8]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SessionStatus) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SessionStatus) ProtoMessage() {}
+
+func (x *SessionStatus) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_s2a_s2a_proto_msgTypes[8]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SessionStatus.ProtoReflect.Descriptor instead.
+func (*SessionStatus) Descriptor() ([]byte, []int) {
+	return file_internal_proto_s2a_s2a_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *SessionStatus) GetCode() uint32 {
+	if x != nil {
+		return x.Code
+	}
+	return 0
+}
+
+func (x *SessionStatus) GetDetails() string {
+	if x != nil {
+		return x.Details
+	}
+	return ""
+}
+
+type SessionResp struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The local identity used during session setup. This could be:
+	//   - The local identity that the client specifies in ClientSessionStartReq.
+	//   - One of the local identities that the server specifies in
+	//     ServerSessionStartReq.
+	//   - If neither client or server specifies local identities, the S2A picks the
+	//     default one. In this case, this field will contain that identity.
+	//
+	// If the SessionResult is populated, then this must coincide with the local
+	// identity specified in the SessionResult; otherwise, the handshake must
+	// fail.
+	LocalIdentity *common_go_proto.Identity `protobuf:"bytes,1,opt,name=local_identity,json=localIdentity,proto3" json:"local_identity,omitempty"`
+	// The byte representation of the frames that should be sent to the peer. May
+	// be empty if nothing needs to be sent to the peer or if in_bytes in the
+	// SessionReq is incomplete. All bytes in a non-empty out_frames must be sent
+	// to the peer even if the session setup status is not OK as these frames may
+	// contain appropriate alerts.
+	OutFrames []byte `protobuf:"bytes,2,opt,name=out_frames,json=outFrames,proto3" json:"out_frames,omitempty"`
+	// Number of bytes in the in_bytes field that are consumed by S2A. It is
+	// possible that part of in_bytes is unrelated to the session setup process.
+	BytesConsumed uint32 `protobuf:"varint,3,opt,name=bytes_consumed,json=bytesConsumed,proto3" json:"bytes_consumed,omitempty"`
+	// This is set if the session is successfully set up. out_frames may
+	// still be set to frames that needs to be forwarded to the peer.
+	Result *SessionResult `protobuf:"bytes,4,opt,name=result,proto3" json:"result,omitempty"`
+	// Status of session setup at the current stage.
+	Status *SessionStatus `protobuf:"bytes,5,opt,name=status,proto3" json:"status,omitempty"`
+}
+
+func (x *SessionResp) Reset() {
+	*x = SessionResp{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_s2a_s2a_proto_msgTypes[9]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SessionResp) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SessionResp) ProtoMessage() {}
+
+func (x *SessionResp) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_s2a_s2a_proto_msgTypes[9]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SessionResp.ProtoReflect.Descriptor instead.
+func (*SessionResp) Descriptor() ([]byte, []int) {
+	return file_internal_proto_s2a_s2a_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *SessionResp) GetLocalIdentity() *common_go_proto.Identity {
+	if x != nil {
+		return x.LocalIdentity
+	}
+	return nil
+}
+
+func (x *SessionResp) GetOutFrames() []byte {
+	if x != nil {
+		return x.OutFrames
+	}
+	return nil
+}
+
+func (x *SessionResp) GetBytesConsumed() uint32 {
+	if x != nil {
+		return x.BytesConsumed
+	}
+	return 0
+}
+
+func (x *SessionResp) GetResult() *SessionResult {
+	if x != nil {
+		return x.Result
+	}
+	return nil
+}
+
+func (x *SessionResp) GetStatus() *SessionStatus {
+	if x != nil {
+		return x.Status
+	}
+	return nil
+}
+
+var File_internal_proto_s2a_s2a_proto protoreflect.FileDescriptor
+
+var file_internal_proto_s2a_s2a_proto_rawDesc = []byte{
+	0x0a, 0x1c, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x2f, 0x73, 0x32, 0x61, 0x2f, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x09,
+	0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x22, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e,
+	0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x75, 0x0a,
+	0x17, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d,
+	0x65, 0x63, 0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d, 0x12, 0x2f, 0x0a, 0x08, 0x69, 0x64, 0x65, 0x6e,
+	0x74, 0x69, 0x74, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73, 0x32, 0x61,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52,
+	0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x16, 0x0a, 0x05, 0x74, 0x6f, 0x6b,
+	0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65,
+	0x6e, 0x42, 0x11, 0x0a, 0x0f, 0x6d, 0x65, 0x63, 0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d, 0x5f, 0x6f,
+	0x6e, 0x65, 0x6f, 0x66, 0x22, 0xac, 0x03, 0x0a, 0x15, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53,
+	0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x72, 0x74, 0x52, 0x65, 0x71, 0x12, 0x33,
+	0x0a, 0x15, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x14, 0x61,
+	0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63,
+	0x6f, 0x6c, 0x73, 0x12, 0x3d, 0x0a, 0x0f, 0x6d, 0x69, 0x6e, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x76,
+	0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x73,
+	0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72, 0x73,
+	0x69, 0x6f, 0x6e, 0x52, 0x0d, 0x6d, 0x69, 0x6e, 0x54, 0x6c, 0x73, 0x56, 0x65, 0x72, 0x73, 0x69,
+	0x6f, 0x6e, 0x12, 0x3d, 0x0a, 0x0f, 0x6d, 0x61, 0x78, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x76, 0x65,
+	0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x73, 0x32,
+	0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72, 0x73, 0x69,
+	0x6f, 0x6e, 0x52, 0x0d, 0x6d, 0x61, 0x78, 0x54, 0x6c, 0x73, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f,
+	0x6e, 0x12, 0x41, 0x0a, 0x10, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73,
+	0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x16, 0x2e, 0x73, 0x32,
+	0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x75,
+	0x69, 0x74, 0x65, 0x52, 0x0f, 0x74, 0x6c, 0x73, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x75,
+	0x69, 0x74, 0x65, 0x73, 0x12, 0x40, 0x0a, 0x11, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x69,
+	0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x13, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x64, 0x65, 0x6e,
+	0x74, 0x69, 0x74, 0x79, 0x52, 0x10, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x49, 0x64, 0x65, 0x6e,
+	0x74, 0x69, 0x74, 0x69, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f,
+	0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13,
+	0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74,
+	0x69, 0x74, 0x79, 0x52, 0x0d, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69,
+	0x74, 0x79, 0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x6e, 0x61, 0x6d,
+	0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x4e,
+	0x61, 0x6d, 0x65, 0x22, 0xe8, 0x02, 0x0a, 0x15, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x53, 0x65,
+	0x73, 0x73, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x72, 0x74, 0x52, 0x65, 0x71, 0x12, 0x33, 0x0a,
+	0x15, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x14, 0x61, 0x70,
+	0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f,
+	0x6c, 0x73, 0x12, 0x3d, 0x0a, 0x0f, 0x6d, 0x69, 0x6e, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x76, 0x65,
+	0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x73, 0x32,
+	0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72, 0x73, 0x69,
+	0x6f, 0x6e, 0x52, 0x0d, 0x6d, 0x69, 0x6e, 0x54, 0x6c, 0x73, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f,
+	0x6e, 0x12, 0x3d, 0x0a, 0x0f, 0x6d, 0x61, 0x78, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x76, 0x65, 0x72,
+	0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x73, 0x32, 0x61,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f,
+	0x6e, 0x52, 0x0d, 0x6d, 0x61, 0x78, 0x54, 0x6c, 0x73, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e,
+	0x12, 0x41, 0x0a, 0x10, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x75,
+	0x69, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x16, 0x2e, 0x73, 0x32, 0x61,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x75, 0x69,
+	0x74, 0x65, 0x52, 0x0f, 0x74, 0x6c, 0x73, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x75, 0x69,
+	0x74, 0x65, 0x73, 0x12, 0x3e, 0x0a, 0x10, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x69, 0x64, 0x65,
+	0x6e, 0x74, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e,
+	0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69,
+	0x74, 0x79, 0x52, 0x0f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74,
+	0x69, 0x65, 0x73, 0x12, 0x19, 0x0a, 0x08, 0x69, 0x6e, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18,
+	0x06, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x69, 0x6e, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22, 0x2b,
+	0x0a, 0x0e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x4e, 0x65, 0x78, 0x74, 0x52, 0x65, 0x71,
+	0x12, 0x19, 0x0a, 0x08, 0x69, 0x6e, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x0c, 0x52, 0x07, 0x69, 0x6e, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22, 0x91, 0x01, 0x0a, 0x13,
+	0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x63, 0x6b, 0x65, 0x74,
+	0x52, 0x65, 0x71, 0x12, 0x19, 0x0a, 0x08, 0x69, 0x6e, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18,
+	0x01, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x07, 0x69, 0x6e, 0x42, 0x79, 0x74, 0x65, 0x73, 0x12, 0x23,
+	0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0c, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x49, 0x64, 0x12, 0x3a, 0x0a, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x69, 0x64, 0x65,
+	0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73, 0x32,
+	0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79,
+	0x52, 0x0d, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x22,
+	0xf4, 0x02, 0x0a, 0x0a, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x12, 0x45,
+	0x0a, 0x0c, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x53, 0x74,
+	0x61, 0x72, 0x74, 0x52, 0x65, 0x71, 0x48, 0x00, 0x52, 0x0b, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
+	0x53, 0x74, 0x61, 0x72, 0x74, 0x12, 0x45, 0x0a, 0x0c, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f,
+	0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x73, 0x32,
+	0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x53, 0x65,
+	0x73, 0x73, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x72, 0x74, 0x52, 0x65, 0x71, 0x48, 0x00, 0x52,
+	0x0b, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x53, 0x74, 0x61, 0x72, 0x74, 0x12, 0x2f, 0x0a, 0x04,
+	0x6e, 0x65, 0x78, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x73, 0x32, 0x61,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x4e, 0x65,
+	0x78, 0x74, 0x52, 0x65, 0x71, 0x48, 0x00, 0x52, 0x04, 0x6e, 0x65, 0x78, 0x74, 0x12, 0x4d, 0x0a,
+	0x11, 0x72, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x69, 0x63, 0x6b,
+	0x65, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x54,
+	0x69, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x65, 0x71, 0x48, 0x00, 0x52, 0x10, 0x72, 0x65, 0x73, 0x75,
+	0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x4b, 0x0a, 0x0f,
+	0x61, 0x75, 0x74, 0x68, 0x5f, 0x6d, 0x65, 0x63, 0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d, 0x73, 0x18,
+	0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x4d, 0x65, 0x63, 0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d, 0x52, 0x0e, 0x61, 0x75, 0x74, 0x68, 0x4d,
+	0x65, 0x63, 0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d, 0x73, 0x42, 0x0b, 0x0a, 0x09, 0x72, 0x65, 0x71,
+	0x5f, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x22, 0xa0, 0x03, 0x0a, 0x0c, 0x53, 0x65, 0x73, 0x73, 0x69,
+	0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x36, 0x0a, 0x0b, 0x74, 0x6c, 0x73, 0x5f, 0x76,
+	0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x73,
+	0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72, 0x73,
+	0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x74, 0x6c, 0x73, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12,
+	0x3f, 0x0a, 0x0f, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x75, 0x69,
+	0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x16, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x75, 0x69, 0x74, 0x65,
+	0x52, 0x0e, 0x74, 0x6c, 0x73, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x75, 0x69, 0x74, 0x65,
+	0x12, 0x1f, 0x0a, 0x0b, 0x69, 0x6e, 0x5f, 0x73, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0a, 0x69, 0x6e, 0x53, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63,
+	0x65, 0x12, 0x21, 0x0a, 0x0c, 0x6f, 0x75, 0x74, 0x5f, 0x73, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63,
+	0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x6f, 0x75, 0x74, 0x53, 0x65, 0x71, 0x75,
+	0x65, 0x6e, 0x63, 0x65, 0x12, 0x15, 0x0a, 0x06, 0x69, 0x6e, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x05,
+	0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x69, 0x6e, 0x4b, 0x65, 0x79, 0x12, 0x17, 0x0a, 0x07, 0x6f,
+	0x75, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x6f, 0x75,
+	0x74, 0x4b, 0x65, 0x79, 0x12, 0x24, 0x0a, 0x0e, 0x69, 0x6e, 0x5f, 0x66, 0x69, 0x78, 0x65, 0x64,
+	0x5f, 0x6e, 0x6f, 0x6e, 0x63, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0c, 0x69, 0x6e,
+	0x46, 0x69, 0x78, 0x65, 0x64, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x12, 0x26, 0x0a, 0x0f, 0x6f, 0x75,
+	0x74, 0x5f, 0x66, 0x69, 0x78, 0x65, 0x64, 0x5f, 0x6e, 0x6f, 0x6e, 0x63, 0x65, 0x18, 0x08, 0x20,
+	0x01, 0x28, 0x0c, 0x52, 0x0d, 0x6f, 0x75, 0x74, 0x46, 0x69, 0x78, 0x65, 0x64, 0x4e, 0x6f, 0x6e,
+	0x63, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+	0x5f, 0x69, 0x64, 0x18, 0x09, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0c, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x12, 0x30, 0x0a, 0x14, 0x69, 0x73, 0x5f, 0x68, 0x61,
+	0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x75, 0x6d, 0x65, 0x64, 0x18,
+	0x0a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x69, 0x73, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61,
+	0x6b, 0x65, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x65, 0x64, 0x22, 0xd1, 0x02, 0x0a, 0x0d, 0x53, 0x65,
+	0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x31, 0x0a, 0x14, 0x61,
+	0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x63, 0x6f, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x61, 0x70, 0x70, 0x6c, 0x69,
+	0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x2d,
+	0x0a, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e,
+	0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f,
+	0x6e, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, 0x38, 0x0a,
+	0x0d, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x04,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x0c, 0x70, 0x65, 0x65, 0x72, 0x49,
+	0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x3a, 0x0a, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c,
+	0x5f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x13, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x64, 0x65, 0x6e,
+	0x74, 0x69, 0x74, 0x79, 0x52, 0x0d, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x64, 0x65, 0x6e, 0x74,
+	0x69, 0x74, 0x79, 0x12, 0x34, 0x0a, 0x16, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x63, 0x65, 0x72,
+	0x74, 0x5f, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x18, 0x06, 0x20,
+	0x01, 0x28, 0x0c, 0x52, 0x14, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x43, 0x65, 0x72, 0x74, 0x46, 0x69,
+	0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x12, 0x32, 0x0a, 0x15, 0x70, 0x65, 0x65,
+	0x72, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69,
+	0x6e, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x13, 0x70, 0x65, 0x65, 0x72, 0x43, 0x65,
+	0x72, 0x74, 0x46, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x22, 0x3d, 0x0a,
+	0x0d, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x12,
+	0x0a, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x63, 0x6f,
+	0x64, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x22, 0xf3, 0x01, 0x0a,
+	0x0b, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x12, 0x3a, 0x0a, 0x0e,
+	0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x0d, 0x6c, 0x6f, 0x63, 0x61, 0x6c,
+	0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x1d, 0x0a, 0x0a, 0x6f, 0x75, 0x74, 0x5f,
+	0x66, 0x72, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x6f, 0x75,
+	0x74, 0x46, 0x72, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x62, 0x79, 0x74, 0x65, 0x73,
+	0x5f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6d, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52,
+	0x0d, 0x62, 0x79, 0x74, 0x65, 0x73, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6d, 0x65, 0x64, 0x12, 0x30,
+	0x0a, 0x06, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18,
+	0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69,
+	0x6f, 0x6e, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x52, 0x06, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74,
+	0x12, 0x30, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x18, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x53, 0x65, 0x73,
+	0x73, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74,
+	0x75, 0x73, 0x32, 0x51, 0x0a, 0x0a, 0x53, 0x32, 0x41, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
+	0x12, 0x43, 0x0a, 0x0c, 0x53, 0x65, 0x74, 0x55, 0x70, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e,
+	0x12, 0x15, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x53, 0x65, 0x73,
+	0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x1a, 0x16, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x22,
+	0x00, 0x28, 0x01, 0x30, 0x01, 0x42, 0x33, 0x5a, 0x31, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e,
+	0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x73, 0x32, 0x61, 0x2f, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x32,
+	0x61, 0x5f, 0x67, 0x6f, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x33,
+}
+
+var (
+	file_internal_proto_s2a_s2a_proto_rawDescOnce sync.Once
+	file_internal_proto_s2a_s2a_proto_rawDescData = file_internal_proto_s2a_s2a_proto_rawDesc
+)
+
+func file_internal_proto_s2a_s2a_proto_rawDescGZIP() []byte {
+	file_internal_proto_s2a_s2a_proto_rawDescOnce.Do(func() {
+		file_internal_proto_s2a_s2a_proto_rawDescData = protoimpl.X.CompressGZIP(file_internal_proto_s2a_s2a_proto_rawDescData)
+	})
+	return file_internal_proto_s2a_s2a_proto_rawDescData
+}
+
+var file_internal_proto_s2a_s2a_proto_msgTypes = make([]protoimpl.MessageInfo, 10)
+var file_internal_proto_s2a_s2a_proto_goTypes = []interface{}{
+	(*AuthenticationMechanism)(nil),  // 0: s2a.proto.AuthenticationMechanism
+	(*ClientSessionStartReq)(nil),    // 1: s2a.proto.ClientSessionStartReq
+	(*ServerSessionStartReq)(nil),    // 2: s2a.proto.ServerSessionStartReq
+	(*SessionNextReq)(nil),           // 3: s2a.proto.SessionNextReq
+	(*ResumptionTicketReq)(nil),      // 4: s2a.proto.ResumptionTicketReq
+	(*SessionReq)(nil),               // 5: s2a.proto.SessionReq
+	(*SessionState)(nil),             // 6: s2a.proto.SessionState
+	(*SessionResult)(nil),            // 7: s2a.proto.SessionResult
+	(*SessionStatus)(nil),            // 8: s2a.proto.SessionStatus
+	(*SessionResp)(nil),              // 9: s2a.proto.SessionResp
+	(*common_go_proto.Identity)(nil), // 10: s2a.proto.Identity
+	(common_go_proto.TLSVersion)(0),  // 11: s2a.proto.TLSVersion
+	(common_go_proto.Ciphersuite)(0), // 12: s2a.proto.Ciphersuite
+}
+var file_internal_proto_s2a_s2a_proto_depIdxs = []int32{
+	10, // 0: s2a.proto.AuthenticationMechanism.identity:type_name -> s2a.proto.Identity
+	11, // 1: s2a.proto.ClientSessionStartReq.min_tls_version:type_name -> s2a.proto.TLSVersion
+	11, // 2: s2a.proto.ClientSessionStartReq.max_tls_version:type_name -> s2a.proto.TLSVersion
+	12, // 3: s2a.proto.ClientSessionStartReq.tls_ciphersuites:type_name -> s2a.proto.Ciphersuite
+	10, // 4: s2a.proto.ClientSessionStartReq.target_identities:type_name -> s2a.proto.Identity
+	10, // 5: s2a.proto.ClientSessionStartReq.local_identity:type_name -> s2a.proto.Identity
+	11, // 6: s2a.proto.ServerSessionStartReq.min_tls_version:type_name -> s2a.proto.TLSVersion
+	11, // 7: s2a.proto.ServerSessionStartReq.max_tls_version:type_name -> s2a.proto.TLSVersion
+	12, // 8: s2a.proto.ServerSessionStartReq.tls_ciphersuites:type_name -> s2a.proto.Ciphersuite
+	10, // 9: s2a.proto.ServerSessionStartReq.local_identities:type_name -> s2a.proto.Identity
+	10, // 10: s2a.proto.ResumptionTicketReq.local_identity:type_name -> s2a.proto.Identity
+	1,  // 11: s2a.proto.SessionReq.client_start:type_name -> s2a.proto.ClientSessionStartReq
+	2,  // 12: s2a.proto.SessionReq.server_start:type_name -> s2a.proto.ServerSessionStartReq
+	3,  // 13: s2a.proto.SessionReq.next:type_name -> s2a.proto.SessionNextReq
+	4,  // 14: s2a.proto.SessionReq.resumption_ticket:type_name -> s2a.proto.ResumptionTicketReq
+	0,  // 15: s2a.proto.SessionReq.auth_mechanisms:type_name -> s2a.proto.AuthenticationMechanism
+	11, // 16: s2a.proto.SessionState.tls_version:type_name -> s2a.proto.TLSVersion
+	12, // 17: s2a.proto.SessionState.tls_ciphersuite:type_name -> s2a.proto.Ciphersuite
+	6,  // 18: s2a.proto.SessionResult.state:type_name -> s2a.proto.SessionState
+	10, // 19: s2a.proto.SessionResult.peer_identity:type_name -> s2a.proto.Identity
+	10, // 20: s2a.proto.SessionResult.local_identity:type_name -> s2a.proto.Identity
+	10, // 21: s2a.proto.SessionResp.local_identity:type_name -> s2a.proto.Identity
+	7,  // 22: s2a.proto.SessionResp.result:type_name -> s2a.proto.SessionResult
+	8,  // 23: s2a.proto.SessionResp.status:type_name -> s2a.proto.SessionStatus
+	5,  // 24: s2a.proto.S2AService.SetUpSession:input_type -> s2a.proto.SessionReq
+	9,  // 25: s2a.proto.S2AService.SetUpSession:output_type -> s2a.proto.SessionResp
+	25, // [25:26] is the sub-list for method output_type
+	24, // [24:25] is the sub-list for method input_type
+	24, // [24:24] is the sub-list for extension type_name
+	24, // [24:24] is the sub-list for extension extendee
+	0,  // [0:24] is the sub-list for field type_name
+}
+
+func init() { file_internal_proto_s2a_s2a_proto_init() }
+func file_internal_proto_s2a_s2a_proto_init() {
+	if File_internal_proto_s2a_s2a_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_internal_proto_s2a_s2a_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*AuthenticationMechanism); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_s2a_s2a_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ClientSessionStartReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_s2a_s2a_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ServerSessionStartReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_s2a_s2a_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SessionNextReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_s2a_s2a_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ResumptionTicketReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_s2a_s2a_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SessionReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_s2a_s2a_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SessionState); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_s2a_s2a_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SessionResult); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_s2a_s2a_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SessionStatus); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_s2a_s2a_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SessionResp); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_internal_proto_s2a_s2a_proto_msgTypes[0].OneofWrappers = []interface{}{
+		(*AuthenticationMechanism_Token)(nil),
+	}
+	file_internal_proto_s2a_s2a_proto_msgTypes[5].OneofWrappers = []interface{}{
+		(*SessionReq_ClientStart)(nil),
+		(*SessionReq_ServerStart)(nil),
+		(*SessionReq_Next)(nil),
+		(*SessionReq_ResumptionTicket)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_internal_proto_s2a_s2a_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   10,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_internal_proto_s2a_s2a_proto_goTypes,
+		DependencyIndexes: file_internal_proto_s2a_s2a_proto_depIdxs,
+		MessageInfos:      file_internal_proto_s2a_s2a_proto_msgTypes,
+	}.Build()
+	File_internal_proto_s2a_s2a_proto = out.File
+	file_internal_proto_s2a_s2a_proto_rawDesc = nil
+	file_internal_proto_s2a_s2a_proto_goTypes = nil
+	file_internal_proto_s2a_s2a_proto_depIdxs = nil
+}
diff --git a/vendor/github.com/google/s2a-go/internal/proto/s2a_go_proto/s2a_grpc.pb.go b/vendor/github.com/google/s2a-go/internal/proto/s2a_go_proto/s2a_grpc.pb.go
new file mode 100644
index 000000000..0fa582fc8
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/proto/s2a_go_proto/s2a_grpc.pb.go
@@ -0,0 +1,173 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.3.0
+// - protoc             v3.21.12
+// source: internal/proto/s2a/s2a.proto
+
+package s2a_go_proto
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.32.0 or later.
+const _ = grpc.SupportPackageIsVersion7
+
+const (
+	S2AService_SetUpSession_FullMethodName = "/s2a.proto.S2AService/SetUpSession"
+)
+
+// S2AServiceClient is the client API for S2AService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type S2AServiceClient interface {
+	// S2A service accepts a stream of session setup requests and returns a stream
+	// of session setup responses. The client of this service is expected to send
+	// exactly one client_start or server_start message followed by at least one
+	// next message. Applications running TLS clients can send requests with
+	// resumption_ticket messages only after the session is successfully set up.
+	//
+	// Every time S2A client sends a request, this service sends a response.
+	// However, clients do not have to wait for service response before sending
+	// the next request.
+	SetUpSession(ctx context.Context, opts ...grpc.CallOption) (S2AService_SetUpSessionClient, error)
+}
+
+type s2AServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewS2AServiceClient(cc grpc.ClientConnInterface) S2AServiceClient {
+	return &s2AServiceClient{cc}
+}
+
+func (c *s2AServiceClient) SetUpSession(ctx context.Context, opts ...grpc.CallOption) (S2AService_SetUpSessionClient, error) {
+	stream, err := c.cc.NewStream(ctx, &S2AService_ServiceDesc.Streams[0], S2AService_SetUpSession_FullMethodName, opts...)
+	if err != nil {
+		return nil, err
+	}
+	x := &s2AServiceSetUpSessionClient{stream}
+	return x, nil
+}
+
+type S2AService_SetUpSessionClient interface {
+	Send(*SessionReq) error
+	Recv() (*SessionResp, error)
+	grpc.ClientStream
+}
+
+type s2AServiceSetUpSessionClient struct {
+	grpc.ClientStream
+}
+
+func (x *s2AServiceSetUpSessionClient) Send(m *SessionReq) error {
+	return x.ClientStream.SendMsg(m)
+}
+
+func (x *s2AServiceSetUpSessionClient) Recv() (*SessionResp, error) {
+	m := new(SessionResp)
+	if err := x.ClientStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+// S2AServiceServer is the server API for S2AService service.
+// All implementations must embed UnimplementedS2AServiceServer
+// for forward compatibility
+type S2AServiceServer interface {
+	// S2A service accepts a stream of session setup requests and returns a stream
+	// of session setup responses. The client of this service is expected to send
+	// exactly one client_start or server_start message followed by at least one
+	// next message. Applications running TLS clients can send requests with
+	// resumption_ticket messages only after the session is successfully set up.
+	//
+	// Every time S2A client sends a request, this service sends a response.
+	// However, clients do not have to wait for service response before sending
+	// the next request.
+	SetUpSession(S2AService_SetUpSessionServer) error
+	mustEmbedUnimplementedS2AServiceServer()
+}
+
+// UnimplementedS2AServiceServer must be embedded to have forward compatible implementations.
+type UnimplementedS2AServiceServer struct {
+}
+
+func (UnimplementedS2AServiceServer) SetUpSession(S2AService_SetUpSessionServer) error {
+	return status.Errorf(codes.Unimplemented, "method SetUpSession not implemented")
+}
+func (UnimplementedS2AServiceServer) mustEmbedUnimplementedS2AServiceServer() {}
+
+// UnsafeS2AServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to S2AServiceServer will
+// result in compilation errors.
+type UnsafeS2AServiceServer interface {
+	mustEmbedUnimplementedS2AServiceServer()
+}
+
+func RegisterS2AServiceServer(s grpc.ServiceRegistrar, srv S2AServiceServer) {
+	s.RegisterService(&S2AService_ServiceDesc, srv)
+}
+
+func _S2AService_SetUpSession_Handler(srv interface{}, stream grpc.ServerStream) error {
+	return srv.(S2AServiceServer).SetUpSession(&s2AServiceSetUpSessionServer{stream})
+}
+
+type S2AService_SetUpSessionServer interface {
+	Send(*SessionResp) error
+	Recv() (*SessionReq, error)
+	grpc.ServerStream
+}
+
+type s2AServiceSetUpSessionServer struct {
+	grpc.ServerStream
+}
+
+func (x *s2AServiceSetUpSessionServer) Send(m *SessionResp) error {
+	return x.ServerStream.SendMsg(m)
+}
+
+func (x *s2AServiceSetUpSessionServer) Recv() (*SessionReq, error) {
+	m := new(SessionReq)
+	if err := x.ServerStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+// S2AService_ServiceDesc is the grpc.ServiceDesc for S2AService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var S2AService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "s2a.proto.S2AService",
+	HandlerType: (*S2AServiceServer)(nil),
+	Methods:     []grpc.MethodDesc{},
+	Streams: []grpc.StreamDesc{
+		{
+			StreamName:    "SetUpSession",
+			Handler:       _S2AService_SetUpSession_Handler,
+			ServerStreams: true,
+			ClientStreams: true,
+		},
+	},
+	Metadata: "internal/proto/s2a/s2a.proto",
+}
diff --git a/vendor/github.com/google/s2a-go/internal/proto/v2/common_go_proto/common.pb.go b/vendor/github.com/google/s2a-go/internal/proto/v2/common_go_proto/common.pb.go
new file mode 100644
index 000000000..c84bed977
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/proto/v2/common_go_proto/common.pb.go
@@ -0,0 +1,367 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        v3.21.12
+// source: internal/proto/v2/common/common.proto
+
+package common_go_proto
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// The TLS 1.0-1.2 ciphersuites that the application can negotiate when using
+// S2A.
+type Ciphersuite int32
+
+const (
+	Ciphersuite_CIPHERSUITE_UNSPECIFIED                               Ciphersuite = 0
+	Ciphersuite_CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256       Ciphersuite = 1
+	Ciphersuite_CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384       Ciphersuite = 2
+	Ciphersuite_CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 Ciphersuite = 3
+	Ciphersuite_CIPHERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256         Ciphersuite = 4
+	Ciphersuite_CIPHERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384         Ciphersuite = 5
+	Ciphersuite_CIPHERSUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   Ciphersuite = 6
+)
+
+// Enum value maps for Ciphersuite.
+var (
+	Ciphersuite_name = map[int32]string{
+		0: "CIPHERSUITE_UNSPECIFIED",
+		1: "CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+		2: "CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+		3: "CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
+		4: "CIPHERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+		5: "CIPHERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+		6: "CIPHERSUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
+	}
+	Ciphersuite_value = map[string]int32{
+		"CIPHERSUITE_UNSPECIFIED":                               0,
+		"CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256":       1,
+		"CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384":       2,
+		"CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256": 3,
+		"CIPHERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256":         4,
+		"CIPHERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384":         5,
+		"CIPHERSUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256":   6,
+	}
+)
+
+func (x Ciphersuite) Enum() *Ciphersuite {
+	p := new(Ciphersuite)
+	*p = x
+	return p
+}
+
+func (x Ciphersuite) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (Ciphersuite) Descriptor() protoreflect.EnumDescriptor {
+	return file_internal_proto_v2_common_common_proto_enumTypes[0].Descriptor()
+}
+
+func (Ciphersuite) Type() protoreflect.EnumType {
+	return &file_internal_proto_v2_common_common_proto_enumTypes[0]
+}
+
+func (x Ciphersuite) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use Ciphersuite.Descriptor instead.
+func (Ciphersuite) EnumDescriptor() ([]byte, []int) {
+	return file_internal_proto_v2_common_common_proto_rawDescGZIP(), []int{0}
+}
+
+// The TLS versions supported by S2A's handshaker module.
+type TLSVersion int32
+
+const (
+	TLSVersion_TLS_VERSION_UNSPECIFIED TLSVersion = 0
+	TLSVersion_TLS_VERSION_1_0         TLSVersion = 1
+	TLSVersion_TLS_VERSION_1_1         TLSVersion = 2
+	TLSVersion_TLS_VERSION_1_2         TLSVersion = 3
+	TLSVersion_TLS_VERSION_1_3         TLSVersion = 4
+)
+
+// Enum value maps for TLSVersion.
+var (
+	TLSVersion_name = map[int32]string{
+		0: "TLS_VERSION_UNSPECIFIED",
+		1: "TLS_VERSION_1_0",
+		2: "TLS_VERSION_1_1",
+		3: "TLS_VERSION_1_2",
+		4: "TLS_VERSION_1_3",
+	}
+	TLSVersion_value = map[string]int32{
+		"TLS_VERSION_UNSPECIFIED": 0,
+		"TLS_VERSION_1_0":         1,
+		"TLS_VERSION_1_1":         2,
+		"TLS_VERSION_1_2":         3,
+		"TLS_VERSION_1_3":         4,
+	}
+)
+
+func (x TLSVersion) Enum() *TLSVersion {
+	p := new(TLSVersion)
+	*p = x
+	return p
+}
+
+func (x TLSVersion) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (TLSVersion) Descriptor() protoreflect.EnumDescriptor {
+	return file_internal_proto_v2_common_common_proto_enumTypes[1].Descriptor()
+}
+
+func (TLSVersion) Type() protoreflect.EnumType {
+	return &file_internal_proto_v2_common_common_proto_enumTypes[1]
+}
+
+func (x TLSVersion) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use TLSVersion.Descriptor instead.
+func (TLSVersion) EnumDescriptor() ([]byte, []int) {
+	return file_internal_proto_v2_common_common_proto_rawDescGZIP(), []int{1}
+}
+
+// The side in the TLS connection.
+type ConnectionSide int32
+
+const (
+	ConnectionSide_CONNECTION_SIDE_UNSPECIFIED ConnectionSide = 0
+	ConnectionSide_CONNECTION_SIDE_CLIENT      ConnectionSide = 1
+	ConnectionSide_CONNECTION_SIDE_SERVER      ConnectionSide = 2
+)
+
+// Enum value maps for ConnectionSide.
+var (
+	ConnectionSide_name = map[int32]string{
+		0: "CONNECTION_SIDE_UNSPECIFIED",
+		1: "CONNECTION_SIDE_CLIENT",
+		2: "CONNECTION_SIDE_SERVER",
+	}
+	ConnectionSide_value = map[string]int32{
+		"CONNECTION_SIDE_UNSPECIFIED": 0,
+		"CONNECTION_SIDE_CLIENT":      1,
+		"CONNECTION_SIDE_SERVER":      2,
+	}
+)
+
+func (x ConnectionSide) Enum() *ConnectionSide {
+	p := new(ConnectionSide)
+	*p = x
+	return p
+}
+
+func (x ConnectionSide) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (ConnectionSide) Descriptor() protoreflect.EnumDescriptor {
+	return file_internal_proto_v2_common_common_proto_enumTypes[2].Descriptor()
+}
+
+func (ConnectionSide) Type() protoreflect.EnumType {
+	return &file_internal_proto_v2_common_common_proto_enumTypes[2]
+}
+
+func (x ConnectionSide) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use ConnectionSide.Descriptor instead.
+func (ConnectionSide) EnumDescriptor() ([]byte, []int) {
+	return file_internal_proto_v2_common_common_proto_rawDescGZIP(), []int{2}
+}
+
+// The ALPN protocols that the application can negotiate during a TLS handshake.
+type AlpnProtocol int32
+
+const (
+	AlpnProtocol_ALPN_PROTOCOL_UNSPECIFIED AlpnProtocol = 0
+	AlpnProtocol_ALPN_PROTOCOL_GRPC        AlpnProtocol = 1
+	AlpnProtocol_ALPN_PROTOCOL_HTTP2       AlpnProtocol = 2
+	AlpnProtocol_ALPN_PROTOCOL_HTTP1_1     AlpnProtocol = 3
+)
+
+// Enum value maps for AlpnProtocol.
+var (
+	AlpnProtocol_name = map[int32]string{
+		0: "ALPN_PROTOCOL_UNSPECIFIED",
+		1: "ALPN_PROTOCOL_GRPC",
+		2: "ALPN_PROTOCOL_HTTP2",
+		3: "ALPN_PROTOCOL_HTTP1_1",
+	}
+	AlpnProtocol_value = map[string]int32{
+		"ALPN_PROTOCOL_UNSPECIFIED": 0,
+		"ALPN_PROTOCOL_GRPC":        1,
+		"ALPN_PROTOCOL_HTTP2":       2,
+		"ALPN_PROTOCOL_HTTP1_1":     3,
+	}
+)
+
+func (x AlpnProtocol) Enum() *AlpnProtocol {
+	p := new(AlpnProtocol)
+	*p = x
+	return p
+}
+
+func (x AlpnProtocol) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (AlpnProtocol) Descriptor() protoreflect.EnumDescriptor {
+	return file_internal_proto_v2_common_common_proto_enumTypes[3].Descriptor()
+}
+
+func (AlpnProtocol) Type() protoreflect.EnumType {
+	return &file_internal_proto_v2_common_common_proto_enumTypes[3]
+}
+
+func (x AlpnProtocol) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use AlpnProtocol.Descriptor instead.
+func (AlpnProtocol) EnumDescriptor() ([]byte, []int) {
+	return file_internal_proto_v2_common_common_proto_rawDescGZIP(), []int{3}
+}
+
+var File_internal_proto_v2_common_common_proto protoreflect.FileDescriptor
+
+var file_internal_proto_v2_common_common_proto_rawDesc = []byte{
+	0x0a, 0x25, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x2f, 0x76, 0x32, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f,
+	0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0c, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2a, 0xee, 0x02, 0x0a, 0x0b, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72,
+	0x73, 0x75, 0x69, 0x74, 0x65, 0x12, 0x1b, 0x0a, 0x17, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x53,
+	0x55, 0x49, 0x54, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44,
+	0x10, 0x00, 0x12, 0x33, 0x0a, 0x2f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x53, 0x55, 0x49, 0x54,
+	0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x57, 0x49,
+	0x54, 0x48, 0x5f, 0x41, 0x45, 0x53, 0x5f, 0x31, 0x32, 0x38, 0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x53,
+	0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x01, 0x12, 0x33, 0x0a, 0x2f, 0x43, 0x49, 0x50, 0x48, 0x45,
+	0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x45, 0x43, 0x44,
+	0x53, 0x41, 0x5f, 0x57, 0x49, 0x54, 0x48, 0x5f, 0x41, 0x45, 0x53, 0x5f, 0x32, 0x35, 0x36, 0x5f,
+	0x47, 0x43, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x02, 0x12, 0x39, 0x0a, 0x35,
+	0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48,
+	0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x57, 0x49, 0x54, 0x48, 0x5f, 0x43, 0x48, 0x41,
+	0x43, 0x48, 0x41, 0x32, 0x30, 0x5f, 0x50, 0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30, 0x35, 0x5f, 0x53,
+	0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x03, 0x12, 0x31, 0x0a, 0x2d, 0x43, 0x49, 0x50, 0x48, 0x45,
+	0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x52, 0x53, 0x41,
+	0x5f, 0x57, 0x49, 0x54, 0x48, 0x5f, 0x41, 0x45, 0x53, 0x5f, 0x31, 0x32, 0x38, 0x5f, 0x47, 0x43,
+	0x4d, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x04, 0x12, 0x31, 0x0a, 0x2d, 0x43, 0x49,
+	0x50, 0x48, 0x45, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f,
+	0x52, 0x53, 0x41, 0x5f, 0x57, 0x49, 0x54, 0x48, 0x5f, 0x41, 0x45, 0x53, 0x5f, 0x32, 0x35, 0x36,
+	0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x05, 0x12, 0x37, 0x0a,
+	0x33, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44,
+	0x48, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x57, 0x49, 0x54, 0x48, 0x5f, 0x43, 0x48, 0x41, 0x43,
+	0x48, 0x41, 0x32, 0x30, 0x5f, 0x50, 0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30, 0x35, 0x5f, 0x53, 0x48,
+	0x41, 0x32, 0x35, 0x36, 0x10, 0x06, 0x2a, 0x7d, 0x0a, 0x0a, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72,
+	0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1b, 0x0a, 0x17, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53,
+	0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10,
+	0x00, 0x12, 0x13, 0x0a, 0x0f, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e,
+	0x5f, 0x31, 0x5f, 0x30, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45,
+	0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x31, 0x5f, 0x31, 0x10, 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x54,
+	0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x31, 0x5f, 0x32, 0x10, 0x03,
+	0x12, 0x13, 0x0a, 0x0f, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f,
+	0x31, 0x5f, 0x33, 0x10, 0x04, 0x2a, 0x69, 0x0a, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
+	0x69, 0x6f, 0x6e, 0x53, 0x69, 0x64, 0x65, 0x12, 0x1f, 0x0a, 0x1b, 0x43, 0x4f, 0x4e, 0x4e, 0x45,
+	0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x49, 0x44, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45,
+	0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x43, 0x4f, 0x4e, 0x4e,
+	0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x49, 0x44, 0x45, 0x5f, 0x43, 0x4c, 0x49, 0x45,
+	0x4e, 0x54, 0x10, 0x01, 0x12, 0x1a, 0x0a, 0x16, 0x43, 0x4f, 0x4e, 0x4e, 0x45, 0x43, 0x54, 0x49,
+	0x4f, 0x4e, 0x5f, 0x53, 0x49, 0x44, 0x45, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x45, 0x52, 0x10, 0x02,
+	0x2a, 0x79, 0x0a, 0x0c, 0x41, 0x6c, 0x70, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c,
+	0x12, 0x1d, 0x0a, 0x19, 0x41, 0x4c, 0x50, 0x4e, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f,
+	0x4c, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12,
+	0x16, 0x0a, 0x12, 0x41, 0x4c, 0x50, 0x4e, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c,
+	0x5f, 0x47, 0x52, 0x50, 0x43, 0x10, 0x01, 0x12, 0x17, 0x0a, 0x13, 0x41, 0x4c, 0x50, 0x4e, 0x5f,
+	0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x48, 0x54, 0x54, 0x50, 0x32, 0x10, 0x02,
+	0x12, 0x19, 0x0a, 0x15, 0x41, 0x4c, 0x50, 0x4e, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f,
+	0x4c, 0x5f, 0x48, 0x54, 0x54, 0x50, 0x31, 0x5f, 0x31, 0x10, 0x03, 0x42, 0x39, 0x5a, 0x37, 0x67,
+	0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2f, 0x73, 0x32, 0x61, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x2f, 0x76, 0x32, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x67, 0x6f,
+	0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_internal_proto_v2_common_common_proto_rawDescOnce sync.Once
+	file_internal_proto_v2_common_common_proto_rawDescData = file_internal_proto_v2_common_common_proto_rawDesc
+)
+
+func file_internal_proto_v2_common_common_proto_rawDescGZIP() []byte {
+	file_internal_proto_v2_common_common_proto_rawDescOnce.Do(func() {
+		file_internal_proto_v2_common_common_proto_rawDescData = protoimpl.X.CompressGZIP(file_internal_proto_v2_common_common_proto_rawDescData)
+	})
+	return file_internal_proto_v2_common_common_proto_rawDescData
+}
+
+var file_internal_proto_v2_common_common_proto_enumTypes = make([]protoimpl.EnumInfo, 4)
+var file_internal_proto_v2_common_common_proto_goTypes = []interface{}{
+	(Ciphersuite)(0),    // 0: s2a.proto.v2.Ciphersuite
+	(TLSVersion)(0),     // 1: s2a.proto.v2.TLSVersion
+	(ConnectionSide)(0), // 2: s2a.proto.v2.ConnectionSide
+	(AlpnProtocol)(0),   // 3: s2a.proto.v2.AlpnProtocol
+}
+var file_internal_proto_v2_common_common_proto_depIdxs = []int32{
+	0, // [0:0] is the sub-list for method output_type
+	0, // [0:0] is the sub-list for method input_type
+	0, // [0:0] is the sub-list for extension type_name
+	0, // [0:0] is the sub-list for extension extendee
+	0, // [0:0] is the sub-list for field type_name
+}
+
+func init() { file_internal_proto_v2_common_common_proto_init() }
+func file_internal_proto_v2_common_common_proto_init() {
+	if File_internal_proto_v2_common_common_proto != nil {
+		return
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_internal_proto_v2_common_common_proto_rawDesc,
+			NumEnums:      4,
+			NumMessages:   0,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_internal_proto_v2_common_common_proto_goTypes,
+		DependencyIndexes: file_internal_proto_v2_common_common_proto_depIdxs,
+		EnumInfos:         file_internal_proto_v2_common_common_proto_enumTypes,
+	}.Build()
+	File_internal_proto_v2_common_common_proto = out.File
+	file_internal_proto_v2_common_common_proto_rawDesc = nil
+	file_internal_proto_v2_common_common_proto_goTypes = nil
+	file_internal_proto_v2_common_common_proto_depIdxs = nil
+}
diff --git a/vendor/github.com/google/s2a-go/internal/proto/v2/s2a_context_go_proto/s2a_context.pb.go b/vendor/github.com/google/s2a-go/internal/proto/v2/s2a_context_go_proto/s2a_context.pb.go
new file mode 100644
index 000000000..b7fd871c7
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/proto/v2/s2a_context_go_proto/s2a_context.pb.go
@@ -0,0 +1,248 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        v3.21.12
+// source: internal/proto/v2/s2a_context/s2a_context.proto
+
+package s2a_context_go_proto
+
+import (
+	common_go_proto "github.com/google/s2a-go/internal/proto/common_go_proto"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type S2AContext struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The SPIFFE ID from the peer leaf certificate, if present.
+	//
+	// This field is only populated if the leaf certificate is a valid SPIFFE
+	// SVID; in particular, there is a unique URI SAN and this URI SAN is a valid
+	// SPIFFE ID.
+	LeafCertSpiffeId string `protobuf:"bytes,1,opt,name=leaf_cert_spiffe_id,json=leafCertSpiffeId,proto3" json:"leaf_cert_spiffe_id,omitempty"`
+	// The URIs that are present in the SubjectAltName extension of the peer leaf
+	// certificate.
+	//
+	// Note that the extracted URIs are not validated and may not be properly
+	// formatted.
+	LeafCertUris []string `protobuf:"bytes,2,rep,name=leaf_cert_uris,json=leafCertUris,proto3" json:"leaf_cert_uris,omitempty"`
+	// The DNSNames that are present in the SubjectAltName extension of the peer
+	// leaf certificate.
+	LeafCertDnsnames []string `protobuf:"bytes,3,rep,name=leaf_cert_dnsnames,json=leafCertDnsnames,proto3" json:"leaf_cert_dnsnames,omitempty"`
+	// The (ordered) list of fingerprints in the certificate chain used to verify
+	// the given leaf certificate. The order MUST be from leaf certificate
+	// fingerprint to root certificate fingerprint.
+	//
+	// A fingerprint is the base-64 encoding of the SHA256 hash of the
+	// DER-encoding of a certificate. The list MAY be populated even if the peer
+	// certificate chain was NOT validated successfully.
+	PeerCertificateChainFingerprints []string `protobuf:"bytes,4,rep,name=peer_certificate_chain_fingerprints,json=peerCertificateChainFingerprints,proto3" json:"peer_certificate_chain_fingerprints,omitempty"`
+	// The local identity used during session setup.
+	LocalIdentity *common_go_proto.Identity `protobuf:"bytes,5,opt,name=local_identity,json=localIdentity,proto3" json:"local_identity,omitempty"`
+	// The SHA256 hash of the DER-encoding of the local leaf certificate used in
+	// the handshake.
+	LocalLeafCertFingerprint []byte `protobuf:"bytes,6,opt,name=local_leaf_cert_fingerprint,json=localLeafCertFingerprint,proto3" json:"local_leaf_cert_fingerprint,omitempty"`
+}
+
+func (x *S2AContext) Reset() {
+	*x = S2AContext{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_context_s2a_context_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *S2AContext) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*S2AContext) ProtoMessage() {}
+
+func (x *S2AContext) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_context_s2a_context_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use S2AContext.ProtoReflect.Descriptor instead.
+func (*S2AContext) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_context_s2a_context_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *S2AContext) GetLeafCertSpiffeId() string {
+	if x != nil {
+		return x.LeafCertSpiffeId
+	}
+	return ""
+}
+
+func (x *S2AContext) GetLeafCertUris() []string {
+	if x != nil {
+		return x.LeafCertUris
+	}
+	return nil
+}
+
+func (x *S2AContext) GetLeafCertDnsnames() []string {
+	if x != nil {
+		return x.LeafCertDnsnames
+	}
+	return nil
+}
+
+func (x *S2AContext) GetPeerCertificateChainFingerprints() []string {
+	if x != nil {
+		return x.PeerCertificateChainFingerprints
+	}
+	return nil
+}
+
+func (x *S2AContext) GetLocalIdentity() *common_go_proto.Identity {
+	if x != nil {
+		return x.LocalIdentity
+	}
+	return nil
+}
+
+func (x *S2AContext) GetLocalLeafCertFingerprint() []byte {
+	if x != nil {
+		return x.LocalLeafCertFingerprint
+	}
+	return nil
+}
+
+var File_internal_proto_v2_s2a_context_s2a_context_proto protoreflect.FileDescriptor
+
+var file_internal_proto_v2_s2a_context_s2a_context_proto_rawDesc = []byte{
+	0x0a, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x2f, 0x76, 0x32, 0x2f, 0x73, 0x32, 0x61, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2f,
+	0x73, 0x32, 0x61, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x12, 0x0c, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x1a,
+	0x22, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f,
+	0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x22, 0xd9, 0x02, 0x0a, 0x0a, 0x53, 0x32, 0x41, 0x43, 0x6f, 0x6e, 0x74, 0x65,
+	0x78, 0x74, 0x12, 0x2d, 0x0a, 0x13, 0x6c, 0x65, 0x61, 0x66, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x5f,
+	0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x10, 0x6c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x53, 0x70, 0x69, 0x66, 0x66, 0x65, 0x49,
+	0x64, 0x12, 0x24, 0x0a, 0x0e, 0x6c, 0x65, 0x61, 0x66, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x75,
+	0x72, 0x69, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x6c, 0x65, 0x61, 0x66, 0x43,
+	0x65, 0x72, 0x74, 0x55, 0x72, 0x69, 0x73, 0x12, 0x2c, 0x0a, 0x12, 0x6c, 0x65, 0x61, 0x66, 0x5f,
+	0x63, 0x65, 0x72, 0x74, 0x5f, 0x64, 0x6e, 0x73, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x03, 0x20,
+	0x03, 0x28, 0x09, 0x52, 0x10, 0x6c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x44, 0x6e, 0x73,
+	0x6e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x4d, 0x0a, 0x23, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x63, 0x65,
+	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x5f,
+	0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x73, 0x18, 0x04, 0x20, 0x03,
+	0x28, 0x09, 0x52, 0x20, 0x70, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
+	0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x46, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72,
+	0x69, 0x6e, 0x74, 0x73, 0x12, 0x3a, 0x0a, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x69, 0x64,
+	0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73,
+	0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74,
+	0x79, 0x52, 0x0d, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79,
+	0x12, 0x3d, 0x0a, 0x1b, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x6c, 0x65, 0x61, 0x66, 0x5f, 0x63,
+	0x65, 0x72, 0x74, 0x5f, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x18,
+	0x06, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x18, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x4c, 0x65, 0x61, 0x66,
+	0x43, 0x65, 0x72, 0x74, 0x46, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x42,
+	0x3e, 0x5a, 0x3c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x73, 0x32, 0x61, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
+	0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x76, 0x32, 0x2f, 0x73, 0x32, 0x61, 0x5f, 0x63,
+	0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x67, 0x6f, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_internal_proto_v2_s2a_context_s2a_context_proto_rawDescOnce sync.Once
+	file_internal_proto_v2_s2a_context_s2a_context_proto_rawDescData = file_internal_proto_v2_s2a_context_s2a_context_proto_rawDesc
+)
+
+func file_internal_proto_v2_s2a_context_s2a_context_proto_rawDescGZIP() []byte {
+	file_internal_proto_v2_s2a_context_s2a_context_proto_rawDescOnce.Do(func() {
+		file_internal_proto_v2_s2a_context_s2a_context_proto_rawDescData = protoimpl.X.CompressGZIP(file_internal_proto_v2_s2a_context_s2a_context_proto_rawDescData)
+	})
+	return file_internal_proto_v2_s2a_context_s2a_context_proto_rawDescData
+}
+
+var file_internal_proto_v2_s2a_context_s2a_context_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_internal_proto_v2_s2a_context_s2a_context_proto_goTypes = []interface{}{
+	(*S2AContext)(nil),               // 0: s2a.proto.v2.S2AContext
+	(*common_go_proto.Identity)(nil), // 1: s2a.proto.Identity
+}
+var file_internal_proto_v2_s2a_context_s2a_context_proto_depIdxs = []int32{
+	1, // 0: s2a.proto.v2.S2AContext.local_identity:type_name -> s2a.proto.Identity
+	1, // [1:1] is the sub-list for method output_type
+	1, // [1:1] is the sub-list for method input_type
+	1, // [1:1] is the sub-list for extension type_name
+	1, // [1:1] is the sub-list for extension extendee
+	0, // [0:1] is the sub-list for field type_name
+}
+
+func init() { file_internal_proto_v2_s2a_context_s2a_context_proto_init() }
+func file_internal_proto_v2_s2a_context_s2a_context_proto_init() {
+	if File_internal_proto_v2_s2a_context_s2a_context_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_internal_proto_v2_s2a_context_s2a_context_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*S2AContext); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_internal_proto_v2_s2a_context_s2a_context_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   1,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_internal_proto_v2_s2a_context_s2a_context_proto_goTypes,
+		DependencyIndexes: file_internal_proto_v2_s2a_context_s2a_context_proto_depIdxs,
+		MessageInfos:      file_internal_proto_v2_s2a_context_s2a_context_proto_msgTypes,
+	}.Build()
+	File_internal_proto_v2_s2a_context_s2a_context_proto = out.File
+	file_internal_proto_v2_s2a_context_s2a_context_proto_rawDesc = nil
+	file_internal_proto_v2_s2a_context_s2a_context_proto_goTypes = nil
+	file_internal_proto_v2_s2a_context_s2a_context_proto_depIdxs = nil
+}
diff --git a/vendor/github.com/google/s2a-go/internal/proto/v2/s2a_go_proto/s2a.pb.go b/vendor/github.com/google/s2a-go/internal/proto/v2/s2a_go_proto/s2a.pb.go
new file mode 100644
index 000000000..e843450c7
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/proto/v2/s2a_go_proto/s2a.pb.go
@@ -0,0 +1,2494 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        v3.21.12
+// source: internal/proto/v2/s2a/s2a.proto
+
+package s2a_go_proto
+
+import (
+	common_go_proto1 "github.com/google/s2a-go/internal/proto/common_go_proto"
+	common_go_proto "github.com/google/s2a-go/internal/proto/v2/common_go_proto"
+	s2a_context_go_proto "github.com/google/s2a-go/internal/proto/v2/s2a_context_go_proto"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type SignatureAlgorithm int32
+
+const (
+	SignatureAlgorithm_S2A_SSL_SIGN_UNSPECIFIED SignatureAlgorithm = 0
+	// RSA Public-Key Cryptography Standards #1.
+	SignatureAlgorithm_S2A_SSL_SIGN_RSA_PKCS1_SHA256 SignatureAlgorithm = 1
+	SignatureAlgorithm_S2A_SSL_SIGN_RSA_PKCS1_SHA384 SignatureAlgorithm = 2
+	SignatureAlgorithm_S2A_SSL_SIGN_RSA_PKCS1_SHA512 SignatureAlgorithm = 3
+	// ECDSA.
+	SignatureAlgorithm_S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256 SignatureAlgorithm = 4
+	SignatureAlgorithm_S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384 SignatureAlgorithm = 5
+	SignatureAlgorithm_S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512 SignatureAlgorithm = 6
+	// RSA Probabilistic Signature Scheme.
+	SignatureAlgorithm_S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256 SignatureAlgorithm = 7
+	SignatureAlgorithm_S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384 SignatureAlgorithm = 8
+	SignatureAlgorithm_S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512 SignatureAlgorithm = 9
+	// ED25519.
+	SignatureAlgorithm_S2A_SSL_SIGN_ED25519 SignatureAlgorithm = 10
+)
+
+// Enum value maps for SignatureAlgorithm.
+var (
+	SignatureAlgorithm_name = map[int32]string{
+		0:  "S2A_SSL_SIGN_UNSPECIFIED",
+		1:  "S2A_SSL_SIGN_RSA_PKCS1_SHA256",
+		2:  "S2A_SSL_SIGN_RSA_PKCS1_SHA384",
+		3:  "S2A_SSL_SIGN_RSA_PKCS1_SHA512",
+		4:  "S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256",
+		5:  "S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384",
+		6:  "S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512",
+		7:  "S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256",
+		8:  "S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384",
+		9:  "S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512",
+		10: "S2A_SSL_SIGN_ED25519",
+	}
+	SignatureAlgorithm_value = map[string]int32{
+		"S2A_SSL_SIGN_UNSPECIFIED":            0,
+		"S2A_SSL_SIGN_RSA_PKCS1_SHA256":       1,
+		"S2A_SSL_SIGN_RSA_PKCS1_SHA384":       2,
+		"S2A_SSL_SIGN_RSA_PKCS1_SHA512":       3,
+		"S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256": 4,
+		"S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384": 5,
+		"S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512": 6,
+		"S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256":    7,
+		"S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384":    8,
+		"S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512":    9,
+		"S2A_SSL_SIGN_ED25519":                10,
+	}
+)
+
+func (x SignatureAlgorithm) Enum() *SignatureAlgorithm {
+	p := new(SignatureAlgorithm)
+	*p = x
+	return p
+}
+
+func (x SignatureAlgorithm) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (SignatureAlgorithm) Descriptor() protoreflect.EnumDescriptor {
+	return file_internal_proto_v2_s2a_s2a_proto_enumTypes[0].Descriptor()
+}
+
+func (SignatureAlgorithm) Type() protoreflect.EnumType {
+	return &file_internal_proto_v2_s2a_s2a_proto_enumTypes[0]
+}
+
+func (x SignatureAlgorithm) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use SignatureAlgorithm.Descriptor instead.
+func (SignatureAlgorithm) EnumDescriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{0}
+}
+
+type GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate int32
+
+const (
+	GetTlsConfigurationResp_ServerTlsConfiguration_UNSPECIFIED                                            GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 0
+	GetTlsConfigurationResp_ServerTlsConfiguration_DONT_REQUEST_CLIENT_CERTIFICATE                        GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 1
+	GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY             GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 2
+	GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY                  GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 3
+	GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 4
+	GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY      GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 5
+)
+
+// Enum value maps for GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate.
+var (
+	GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate_name = map[int32]string{
+		0: "UNSPECIFIED",
+		1: "DONT_REQUEST_CLIENT_CERTIFICATE",
+		2: "REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY",
+		3: "REQUEST_CLIENT_CERTIFICATE_AND_VERIFY",
+		4: "REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY",
+		5: "REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY",
+	}
+	GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate_value = map[string]int32{
+		"UNSPECIFIED":                                            0,
+		"DONT_REQUEST_CLIENT_CERTIFICATE":                        1,
+		"REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY":             2,
+		"REQUEST_CLIENT_CERTIFICATE_AND_VERIFY":                  3,
+		"REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY": 4,
+		"REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY":      5,
+	}
+)
+
+func (x GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Enum() *GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate {
+	p := new(GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate)
+	*p = x
+	return p
+}
+
+func (x GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Descriptor() protoreflect.EnumDescriptor {
+	return file_internal_proto_v2_s2a_s2a_proto_enumTypes[1].Descriptor()
+}
+
+func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Type() protoreflect.EnumType {
+	return &file_internal_proto_v2_s2a_s2a_proto_enumTypes[1]
+}
+
+func (x GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate.Descriptor instead.
+func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) EnumDescriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{4, 1, 0}
+}
+
+type OffloadPrivateKeyOperationReq_PrivateKeyOperation int32
+
+const (
+	OffloadPrivateKeyOperationReq_UNSPECIFIED OffloadPrivateKeyOperationReq_PrivateKeyOperation = 0
+	// When performing a TLS 1.2 or 1.3 handshake, the (partial) transcript of
+	// the TLS handshake must be signed to prove possession of the private key.
+	//
+	// See https://www.rfc-editor.org/rfc/rfc8446.html#section-4.4.3.
+	OffloadPrivateKeyOperationReq_SIGN OffloadPrivateKeyOperationReq_PrivateKeyOperation = 1
+	// When performing a TLS 1.2 handshake using an RSA algorithm, the key
+	// exchange algorithm involves the client generating a premaster secret,
+	// encrypting it using the server's public key, and sending this encrypted
+	// blob to the server in a ClientKeyExchange message.
+	//
+	// See https://www.rfc-editor.org/rfc/rfc4346#section-7.4.7.1.
+	OffloadPrivateKeyOperationReq_DECRYPT OffloadPrivateKeyOperationReq_PrivateKeyOperation = 2
+)
+
+// Enum value maps for OffloadPrivateKeyOperationReq_PrivateKeyOperation.
+var (
+	OffloadPrivateKeyOperationReq_PrivateKeyOperation_name = map[int32]string{
+		0: "UNSPECIFIED",
+		1: "SIGN",
+		2: "DECRYPT",
+	}
+	OffloadPrivateKeyOperationReq_PrivateKeyOperation_value = map[string]int32{
+		"UNSPECIFIED": 0,
+		"SIGN":        1,
+		"DECRYPT":     2,
+	}
+)
+
+func (x OffloadPrivateKeyOperationReq_PrivateKeyOperation) Enum() *OffloadPrivateKeyOperationReq_PrivateKeyOperation {
+	p := new(OffloadPrivateKeyOperationReq_PrivateKeyOperation)
+	*p = x
+	return p
+}
+
+func (x OffloadPrivateKeyOperationReq_PrivateKeyOperation) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) Descriptor() protoreflect.EnumDescriptor {
+	return file_internal_proto_v2_s2a_s2a_proto_enumTypes[2].Descriptor()
+}
+
+func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) Type() protoreflect.EnumType {
+	return &file_internal_proto_v2_s2a_s2a_proto_enumTypes[2]
+}
+
+func (x OffloadPrivateKeyOperationReq_PrivateKeyOperation) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use OffloadPrivateKeyOperationReq_PrivateKeyOperation.Descriptor instead.
+func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) EnumDescriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{5, 0}
+}
+
+type OffloadResumptionKeyOperationReq_ResumptionKeyOperation int32
+
+const (
+	OffloadResumptionKeyOperationReq_UNSPECIFIED OffloadResumptionKeyOperationReq_ResumptionKeyOperation = 0
+	OffloadResumptionKeyOperationReq_ENCRYPT     OffloadResumptionKeyOperationReq_ResumptionKeyOperation = 1
+	OffloadResumptionKeyOperationReq_DECRYPT     OffloadResumptionKeyOperationReq_ResumptionKeyOperation = 2
+)
+
+// Enum value maps for OffloadResumptionKeyOperationReq_ResumptionKeyOperation.
+var (
+	OffloadResumptionKeyOperationReq_ResumptionKeyOperation_name = map[int32]string{
+		0: "UNSPECIFIED",
+		1: "ENCRYPT",
+		2: "DECRYPT",
+	}
+	OffloadResumptionKeyOperationReq_ResumptionKeyOperation_value = map[string]int32{
+		"UNSPECIFIED": 0,
+		"ENCRYPT":     1,
+		"DECRYPT":     2,
+	}
+)
+
+func (x OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Enum() *OffloadResumptionKeyOperationReq_ResumptionKeyOperation {
+	p := new(OffloadResumptionKeyOperationReq_ResumptionKeyOperation)
+	*p = x
+	return p
+}
+
+func (x OffloadResumptionKeyOperationReq_ResumptionKeyOperation) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Descriptor() protoreflect.EnumDescriptor {
+	return file_internal_proto_v2_s2a_s2a_proto_enumTypes[3].Descriptor()
+}
+
+func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Type() protoreflect.EnumType {
+	return &file_internal_proto_v2_s2a_s2a_proto_enumTypes[3]
+}
+
+func (x OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use OffloadResumptionKeyOperationReq_ResumptionKeyOperation.Descriptor instead.
+func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) EnumDescriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{7, 0}
+}
+
+type ValidatePeerCertificateChainReq_VerificationMode int32
+
+const (
+	// The default verification mode supported by S2A.
+	ValidatePeerCertificateChainReq_UNSPECIFIED ValidatePeerCertificateChainReq_VerificationMode = 0
+	// The SPIFFE verification mode selects the set of trusted certificates to
+	// use for path building based on the SPIFFE trust domain in the peer's leaf
+	// certificate.
+	ValidatePeerCertificateChainReq_SPIFFE ValidatePeerCertificateChainReq_VerificationMode = 1
+	// The connect-to-Google verification mode uses the trust bundle for
+	// connecting to Google, e.g. *.mtls.googleapis.com endpoints.
+	ValidatePeerCertificateChainReq_CONNECT_TO_GOOGLE ValidatePeerCertificateChainReq_VerificationMode = 2
+)
+
+// Enum value maps for ValidatePeerCertificateChainReq_VerificationMode.
+var (
+	ValidatePeerCertificateChainReq_VerificationMode_name = map[int32]string{
+		0: "UNSPECIFIED",
+		1: "SPIFFE",
+		2: "CONNECT_TO_GOOGLE",
+	}
+	ValidatePeerCertificateChainReq_VerificationMode_value = map[string]int32{
+		"UNSPECIFIED":       0,
+		"SPIFFE":            1,
+		"CONNECT_TO_GOOGLE": 2,
+	}
+)
+
+func (x ValidatePeerCertificateChainReq_VerificationMode) Enum() *ValidatePeerCertificateChainReq_VerificationMode {
+	p := new(ValidatePeerCertificateChainReq_VerificationMode)
+	*p = x
+	return p
+}
+
+func (x ValidatePeerCertificateChainReq_VerificationMode) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (ValidatePeerCertificateChainReq_VerificationMode) Descriptor() protoreflect.EnumDescriptor {
+	return file_internal_proto_v2_s2a_s2a_proto_enumTypes[4].Descriptor()
+}
+
+func (ValidatePeerCertificateChainReq_VerificationMode) Type() protoreflect.EnumType {
+	return &file_internal_proto_v2_s2a_s2a_proto_enumTypes[4]
+}
+
+func (x ValidatePeerCertificateChainReq_VerificationMode) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use ValidatePeerCertificateChainReq_VerificationMode.Descriptor instead.
+func (ValidatePeerCertificateChainReq_VerificationMode) EnumDescriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{9, 0}
+}
+
+type ValidatePeerCertificateChainResp_ValidationResult int32
+
+const (
+	ValidatePeerCertificateChainResp_UNSPECIFIED ValidatePeerCertificateChainResp_ValidationResult = 0
+	ValidatePeerCertificateChainResp_SUCCESS     ValidatePeerCertificateChainResp_ValidationResult = 1
+	ValidatePeerCertificateChainResp_FAILURE     ValidatePeerCertificateChainResp_ValidationResult = 2
+)
+
+// Enum value maps for ValidatePeerCertificateChainResp_ValidationResult.
+var (
+	ValidatePeerCertificateChainResp_ValidationResult_name = map[int32]string{
+		0: "UNSPECIFIED",
+		1: "SUCCESS",
+		2: "FAILURE",
+	}
+	ValidatePeerCertificateChainResp_ValidationResult_value = map[string]int32{
+		"UNSPECIFIED": 0,
+		"SUCCESS":     1,
+		"FAILURE":     2,
+	}
+)
+
+func (x ValidatePeerCertificateChainResp_ValidationResult) Enum() *ValidatePeerCertificateChainResp_ValidationResult {
+	p := new(ValidatePeerCertificateChainResp_ValidationResult)
+	*p = x
+	return p
+}
+
+func (x ValidatePeerCertificateChainResp_ValidationResult) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (ValidatePeerCertificateChainResp_ValidationResult) Descriptor() protoreflect.EnumDescriptor {
+	return file_internal_proto_v2_s2a_s2a_proto_enumTypes[5].Descriptor()
+}
+
+func (ValidatePeerCertificateChainResp_ValidationResult) Type() protoreflect.EnumType {
+	return &file_internal_proto_v2_s2a_s2a_proto_enumTypes[5]
+}
+
+func (x ValidatePeerCertificateChainResp_ValidationResult) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use ValidatePeerCertificateChainResp_ValidationResult.Descriptor instead.
+func (ValidatePeerCertificateChainResp_ValidationResult) EnumDescriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{10, 0}
+}
+
+type AlpnPolicy struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// If true, the application MUST perform ALPN negotiation.
+	EnableAlpnNegotiation bool `protobuf:"varint,1,opt,name=enable_alpn_negotiation,json=enableAlpnNegotiation,proto3" json:"enable_alpn_negotiation,omitempty"`
+	// The ordered list of ALPN protocols that specify how the application SHOULD
+	// negotiate ALPN during the TLS handshake.
+	//
+	// The application MAY ignore any ALPN protocols in this list that are not
+	// supported by the application.
+	AlpnProtocols []common_go_proto.AlpnProtocol `protobuf:"varint,2,rep,packed,name=alpn_protocols,json=alpnProtocols,proto3,enum=s2a.proto.v2.AlpnProtocol" json:"alpn_protocols,omitempty"`
+}
+
+func (x *AlpnPolicy) Reset() {
+	*x = AlpnPolicy{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *AlpnPolicy) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AlpnPolicy) ProtoMessage() {}
+
+func (x *AlpnPolicy) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AlpnPolicy.ProtoReflect.Descriptor instead.
+func (*AlpnPolicy) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *AlpnPolicy) GetEnableAlpnNegotiation() bool {
+	if x != nil {
+		return x.EnableAlpnNegotiation
+	}
+	return false
+}
+
+func (x *AlpnPolicy) GetAlpnProtocols() []common_go_proto.AlpnProtocol {
+	if x != nil {
+		return x.AlpnProtocols
+	}
+	return nil
+}
+
+type AuthenticationMechanism struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Applications may specify an identity associated to an authentication
+	// mechanism. Otherwise, S2A assumes that the authentication mechanism is
+	// associated with the default identity. If the default identity cannot be
+	// determined, the request is rejected.
+	Identity *common_go_proto1.Identity `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"`
+	// Types that are assignable to MechanismOneof:
+	//
+	//	*AuthenticationMechanism_Token
+	MechanismOneof isAuthenticationMechanism_MechanismOneof `protobuf_oneof:"mechanism_oneof"`
+}
+
+func (x *AuthenticationMechanism) Reset() {
+	*x = AuthenticationMechanism{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *AuthenticationMechanism) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AuthenticationMechanism) ProtoMessage() {}
+
+func (x *AuthenticationMechanism) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AuthenticationMechanism.ProtoReflect.Descriptor instead.
+func (*AuthenticationMechanism) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *AuthenticationMechanism) GetIdentity() *common_go_proto1.Identity {
+	if x != nil {
+		return x.Identity
+	}
+	return nil
+}
+
+func (m *AuthenticationMechanism) GetMechanismOneof() isAuthenticationMechanism_MechanismOneof {
+	if m != nil {
+		return m.MechanismOneof
+	}
+	return nil
+}
+
+func (x *AuthenticationMechanism) GetToken() string {
+	if x, ok := x.GetMechanismOneof().(*AuthenticationMechanism_Token); ok {
+		return x.Token
+	}
+	return ""
+}
+
+type isAuthenticationMechanism_MechanismOneof interface {
+	isAuthenticationMechanism_MechanismOneof()
+}
+
+type AuthenticationMechanism_Token struct {
+	// A token that the application uses to authenticate itself to S2A.
+	Token string `protobuf:"bytes,2,opt,name=token,proto3,oneof"`
+}
+
+func (*AuthenticationMechanism_Token) isAuthenticationMechanism_MechanismOneof() {}
+
+type Status struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The status code that is specific to the application and the implementation
+	// of S2A, e.g., gRPC status code.
+	Code uint32 `protobuf:"varint,1,opt,name=code,proto3" json:"code,omitempty"`
+	// The status details.
+	Details string `protobuf:"bytes,2,opt,name=details,proto3" json:"details,omitempty"`
+}
+
+func (x *Status) Reset() {
+	*x = Status{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Status) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Status) ProtoMessage() {}
+
+func (x *Status) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Status.ProtoReflect.Descriptor instead.
+func (*Status) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *Status) GetCode() uint32 {
+	if x != nil {
+		return x.Code
+	}
+	return 0
+}
+
+func (x *Status) GetDetails() string {
+	if x != nil {
+		return x.Details
+	}
+	return ""
+}
+
+type GetTlsConfigurationReq struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The role of the application in the TLS connection.
+	ConnectionSide common_go_proto.ConnectionSide `protobuf:"varint,1,opt,name=connection_side,json=connectionSide,proto3,enum=s2a.proto.v2.ConnectionSide" json:"connection_side,omitempty"`
+	// The server name indication (SNI) extension, which MAY be populated when a
+	// server is offloading to S2A. The SNI is used to determine the server
+	// identity if the local identity in the request is empty.
+	Sni string `protobuf:"bytes,2,opt,name=sni,proto3" json:"sni,omitempty"`
+}
+
+func (x *GetTlsConfigurationReq) Reset() {
+	*x = GetTlsConfigurationReq{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GetTlsConfigurationReq) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetTlsConfigurationReq) ProtoMessage() {}
+
+func (x *GetTlsConfigurationReq) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetTlsConfigurationReq.ProtoReflect.Descriptor instead.
+func (*GetTlsConfigurationReq) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *GetTlsConfigurationReq) GetConnectionSide() common_go_proto.ConnectionSide {
+	if x != nil {
+		return x.ConnectionSide
+	}
+	return common_go_proto.ConnectionSide(0)
+}
+
+func (x *GetTlsConfigurationReq) GetSni() string {
+	if x != nil {
+		return x.Sni
+	}
+	return ""
+}
+
+type GetTlsConfigurationResp struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Types that are assignable to TlsConfiguration:
+	//
+	//	*GetTlsConfigurationResp_ClientTlsConfiguration_
+	//	*GetTlsConfigurationResp_ServerTlsConfiguration_
+	TlsConfiguration isGetTlsConfigurationResp_TlsConfiguration `protobuf_oneof:"tls_configuration"`
+}
+
+func (x *GetTlsConfigurationResp) Reset() {
+	*x = GetTlsConfigurationResp{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GetTlsConfigurationResp) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetTlsConfigurationResp) ProtoMessage() {}
+
+func (x *GetTlsConfigurationResp) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetTlsConfigurationResp.ProtoReflect.Descriptor instead.
+func (*GetTlsConfigurationResp) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{4}
+}
+
+func (m *GetTlsConfigurationResp) GetTlsConfiguration() isGetTlsConfigurationResp_TlsConfiguration {
+	if m != nil {
+		return m.TlsConfiguration
+	}
+	return nil
+}
+
+func (x *GetTlsConfigurationResp) GetClientTlsConfiguration() *GetTlsConfigurationResp_ClientTlsConfiguration {
+	if x, ok := x.GetTlsConfiguration().(*GetTlsConfigurationResp_ClientTlsConfiguration_); ok {
+		return x.ClientTlsConfiguration
+	}
+	return nil
+}
+
+func (x *GetTlsConfigurationResp) GetServerTlsConfiguration() *GetTlsConfigurationResp_ServerTlsConfiguration {
+	if x, ok := x.GetTlsConfiguration().(*GetTlsConfigurationResp_ServerTlsConfiguration_); ok {
+		return x.ServerTlsConfiguration
+	}
+	return nil
+}
+
+type isGetTlsConfigurationResp_TlsConfiguration interface {
+	isGetTlsConfigurationResp_TlsConfiguration()
+}
+
+type GetTlsConfigurationResp_ClientTlsConfiguration_ struct {
+	ClientTlsConfiguration *GetTlsConfigurationResp_ClientTlsConfiguration `protobuf:"bytes,1,opt,name=client_tls_configuration,json=clientTlsConfiguration,proto3,oneof"`
+}
+
+type GetTlsConfigurationResp_ServerTlsConfiguration_ struct {
+	ServerTlsConfiguration *GetTlsConfigurationResp_ServerTlsConfiguration `protobuf:"bytes,2,opt,name=server_tls_configuration,json=serverTlsConfiguration,proto3,oneof"`
+}
+
+func (*GetTlsConfigurationResp_ClientTlsConfiguration_) isGetTlsConfigurationResp_TlsConfiguration() {
+}
+
+func (*GetTlsConfigurationResp_ServerTlsConfiguration_) isGetTlsConfigurationResp_TlsConfiguration() {
+}
+
+type OffloadPrivateKeyOperationReq struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The operation the private key is used for.
+	Operation OffloadPrivateKeyOperationReq_PrivateKeyOperation `protobuf:"varint,1,opt,name=operation,proto3,enum=s2a.proto.v2.OffloadPrivateKeyOperationReq_PrivateKeyOperation" json:"operation,omitempty"`
+	// The signature algorithm to be used for signing operations.
+	SignatureAlgorithm SignatureAlgorithm `protobuf:"varint,2,opt,name=signature_algorithm,json=signatureAlgorithm,proto3,enum=s2a.proto.v2.SignatureAlgorithm" json:"signature_algorithm,omitempty"`
+	// The input bytes to be signed or decrypted.
+	//
+	// Types that are assignable to InBytes:
+	//
+	//	*OffloadPrivateKeyOperationReq_RawBytes
+	//	*OffloadPrivateKeyOperationReq_Sha256Digest
+	//	*OffloadPrivateKeyOperationReq_Sha384Digest
+	//	*OffloadPrivateKeyOperationReq_Sha512Digest
+	InBytes isOffloadPrivateKeyOperationReq_InBytes `protobuf_oneof:"in_bytes"`
+}
+
+func (x *OffloadPrivateKeyOperationReq) Reset() {
+	*x = OffloadPrivateKeyOperationReq{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *OffloadPrivateKeyOperationReq) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*OffloadPrivateKeyOperationReq) ProtoMessage() {}
+
+func (x *OffloadPrivateKeyOperationReq) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use OffloadPrivateKeyOperationReq.ProtoReflect.Descriptor instead.
+func (*OffloadPrivateKeyOperationReq) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *OffloadPrivateKeyOperationReq) GetOperation() OffloadPrivateKeyOperationReq_PrivateKeyOperation {
+	if x != nil {
+		return x.Operation
+	}
+	return OffloadPrivateKeyOperationReq_UNSPECIFIED
+}
+
+func (x *OffloadPrivateKeyOperationReq) GetSignatureAlgorithm() SignatureAlgorithm {
+	if x != nil {
+		return x.SignatureAlgorithm
+	}
+	return SignatureAlgorithm_S2A_SSL_SIGN_UNSPECIFIED
+}
+
+func (m *OffloadPrivateKeyOperationReq) GetInBytes() isOffloadPrivateKeyOperationReq_InBytes {
+	if m != nil {
+		return m.InBytes
+	}
+	return nil
+}
+
+func (x *OffloadPrivateKeyOperationReq) GetRawBytes() []byte {
+	if x, ok := x.GetInBytes().(*OffloadPrivateKeyOperationReq_RawBytes); ok {
+		return x.RawBytes
+	}
+	return nil
+}
+
+func (x *OffloadPrivateKeyOperationReq) GetSha256Digest() []byte {
+	if x, ok := x.GetInBytes().(*OffloadPrivateKeyOperationReq_Sha256Digest); ok {
+		return x.Sha256Digest
+	}
+	return nil
+}
+
+func (x *OffloadPrivateKeyOperationReq) GetSha384Digest() []byte {
+	if x, ok := x.GetInBytes().(*OffloadPrivateKeyOperationReq_Sha384Digest); ok {
+		return x.Sha384Digest
+	}
+	return nil
+}
+
+func (x *OffloadPrivateKeyOperationReq) GetSha512Digest() []byte {
+	if x, ok := x.GetInBytes().(*OffloadPrivateKeyOperationReq_Sha512Digest); ok {
+		return x.Sha512Digest
+	}
+	return nil
+}
+
+type isOffloadPrivateKeyOperationReq_InBytes interface {
+	isOffloadPrivateKeyOperationReq_InBytes()
+}
+
+type OffloadPrivateKeyOperationReq_RawBytes struct {
+	// Raw bytes to be hashed and signed, or decrypted.
+	RawBytes []byte `protobuf:"bytes,4,opt,name=raw_bytes,json=rawBytes,proto3,oneof"`
+}
+
+type OffloadPrivateKeyOperationReq_Sha256Digest struct {
+	// A SHA256 hash to be signed. Must be 32 bytes.
+	Sha256Digest []byte `protobuf:"bytes,5,opt,name=sha256_digest,json=sha256Digest,proto3,oneof"`
+}
+
+type OffloadPrivateKeyOperationReq_Sha384Digest struct {
+	// A SHA384 hash to be signed. Must be 48 bytes.
+	Sha384Digest []byte `protobuf:"bytes,6,opt,name=sha384_digest,json=sha384Digest,proto3,oneof"`
+}
+
+type OffloadPrivateKeyOperationReq_Sha512Digest struct {
+	// A SHA512 hash to be signed. Must be 64 bytes.
+	Sha512Digest []byte `protobuf:"bytes,7,opt,name=sha512_digest,json=sha512Digest,proto3,oneof"`
+}
+
+func (*OffloadPrivateKeyOperationReq_RawBytes) isOffloadPrivateKeyOperationReq_InBytes() {}
+
+func (*OffloadPrivateKeyOperationReq_Sha256Digest) isOffloadPrivateKeyOperationReq_InBytes() {}
+
+func (*OffloadPrivateKeyOperationReq_Sha384Digest) isOffloadPrivateKeyOperationReq_InBytes() {}
+
+func (*OffloadPrivateKeyOperationReq_Sha512Digest) isOffloadPrivateKeyOperationReq_InBytes() {}
+
+type OffloadPrivateKeyOperationResp struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The signed or decrypted output bytes.
+	OutBytes []byte `protobuf:"bytes,1,opt,name=out_bytes,json=outBytes,proto3" json:"out_bytes,omitempty"`
+}
+
+func (x *OffloadPrivateKeyOperationResp) Reset() {
+	*x = OffloadPrivateKeyOperationResp{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[6]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *OffloadPrivateKeyOperationResp) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*OffloadPrivateKeyOperationResp) ProtoMessage() {}
+
+func (x *OffloadPrivateKeyOperationResp) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[6]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use OffloadPrivateKeyOperationResp.ProtoReflect.Descriptor instead.
+func (*OffloadPrivateKeyOperationResp) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *OffloadPrivateKeyOperationResp) GetOutBytes() []byte {
+	if x != nil {
+		return x.OutBytes
+	}
+	return nil
+}
+
+type OffloadResumptionKeyOperationReq struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The operation the resumption key is used for.
+	Operation OffloadResumptionKeyOperationReq_ResumptionKeyOperation `protobuf:"varint,1,opt,name=operation,proto3,enum=s2a.proto.v2.OffloadResumptionKeyOperationReq_ResumptionKeyOperation" json:"operation,omitempty"`
+	// The bytes to be encrypted or decrypted.
+	InBytes []byte `protobuf:"bytes,2,opt,name=in_bytes,json=inBytes,proto3" json:"in_bytes,omitempty"`
+}
+
+func (x *OffloadResumptionKeyOperationReq) Reset() {
+	*x = OffloadResumptionKeyOperationReq{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[7]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *OffloadResumptionKeyOperationReq) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*OffloadResumptionKeyOperationReq) ProtoMessage() {}
+
+func (x *OffloadResumptionKeyOperationReq) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[7]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use OffloadResumptionKeyOperationReq.ProtoReflect.Descriptor instead.
+func (*OffloadResumptionKeyOperationReq) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *OffloadResumptionKeyOperationReq) GetOperation() OffloadResumptionKeyOperationReq_ResumptionKeyOperation {
+	if x != nil {
+		return x.Operation
+	}
+	return OffloadResumptionKeyOperationReq_UNSPECIFIED
+}
+
+func (x *OffloadResumptionKeyOperationReq) GetInBytes() []byte {
+	if x != nil {
+		return x.InBytes
+	}
+	return nil
+}
+
+type OffloadResumptionKeyOperationResp struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The encrypted or decrypted bytes.
+	OutBytes []byte `protobuf:"bytes,1,opt,name=out_bytes,json=outBytes,proto3" json:"out_bytes,omitempty"`
+}
+
+func (x *OffloadResumptionKeyOperationResp) Reset() {
+	*x = OffloadResumptionKeyOperationResp{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[8]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *OffloadResumptionKeyOperationResp) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*OffloadResumptionKeyOperationResp) ProtoMessage() {}
+
+func (x *OffloadResumptionKeyOperationResp) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[8]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use OffloadResumptionKeyOperationResp.ProtoReflect.Descriptor instead.
+func (*OffloadResumptionKeyOperationResp) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *OffloadResumptionKeyOperationResp) GetOutBytes() []byte {
+	if x != nil {
+		return x.OutBytes
+	}
+	return nil
+}
+
+type ValidatePeerCertificateChainReq struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The verification mode that S2A MUST use to validate the peer certificate
+	// chain.
+	Mode ValidatePeerCertificateChainReq_VerificationMode `protobuf:"varint,1,opt,name=mode,proto3,enum=s2a.proto.v2.ValidatePeerCertificateChainReq_VerificationMode" json:"mode,omitempty"`
+	// Types that are assignable to PeerOneof:
+	//
+	//	*ValidatePeerCertificateChainReq_ClientPeer_
+	//	*ValidatePeerCertificateChainReq_ServerPeer_
+	PeerOneof isValidatePeerCertificateChainReq_PeerOneof `protobuf_oneof:"peer_oneof"`
+}
+
+func (x *ValidatePeerCertificateChainReq) Reset() {
+	*x = ValidatePeerCertificateChainReq{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[9]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ValidatePeerCertificateChainReq) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ValidatePeerCertificateChainReq) ProtoMessage() {}
+
+func (x *ValidatePeerCertificateChainReq) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[9]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ValidatePeerCertificateChainReq.ProtoReflect.Descriptor instead.
+func (*ValidatePeerCertificateChainReq) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *ValidatePeerCertificateChainReq) GetMode() ValidatePeerCertificateChainReq_VerificationMode {
+	if x != nil {
+		return x.Mode
+	}
+	return ValidatePeerCertificateChainReq_UNSPECIFIED
+}
+
+func (m *ValidatePeerCertificateChainReq) GetPeerOneof() isValidatePeerCertificateChainReq_PeerOneof {
+	if m != nil {
+		return m.PeerOneof
+	}
+	return nil
+}
+
+func (x *ValidatePeerCertificateChainReq) GetClientPeer() *ValidatePeerCertificateChainReq_ClientPeer {
+	if x, ok := x.GetPeerOneof().(*ValidatePeerCertificateChainReq_ClientPeer_); ok {
+		return x.ClientPeer
+	}
+	return nil
+}
+
+func (x *ValidatePeerCertificateChainReq) GetServerPeer() *ValidatePeerCertificateChainReq_ServerPeer {
+	if x, ok := x.GetPeerOneof().(*ValidatePeerCertificateChainReq_ServerPeer_); ok {
+		return x.ServerPeer
+	}
+	return nil
+}
+
+type isValidatePeerCertificateChainReq_PeerOneof interface {
+	isValidatePeerCertificateChainReq_PeerOneof()
+}
+
+type ValidatePeerCertificateChainReq_ClientPeer_ struct {
+	ClientPeer *ValidatePeerCertificateChainReq_ClientPeer `protobuf:"bytes,2,opt,name=client_peer,json=clientPeer,proto3,oneof"`
+}
+
+type ValidatePeerCertificateChainReq_ServerPeer_ struct {
+	ServerPeer *ValidatePeerCertificateChainReq_ServerPeer `protobuf:"bytes,3,opt,name=server_peer,json=serverPeer,proto3,oneof"`
+}
+
+func (*ValidatePeerCertificateChainReq_ClientPeer_) isValidatePeerCertificateChainReq_PeerOneof() {}
+
+func (*ValidatePeerCertificateChainReq_ServerPeer_) isValidatePeerCertificateChainReq_PeerOneof() {}
+
+type ValidatePeerCertificateChainResp struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The result of validating the peer certificate chain.
+	ValidationResult ValidatePeerCertificateChainResp_ValidationResult `protobuf:"varint,1,opt,name=validation_result,json=validationResult,proto3,enum=s2a.proto.v2.ValidatePeerCertificateChainResp_ValidationResult" json:"validation_result,omitempty"`
+	// The validation details. This field is only populated when the validation
+	// result is NOT SUCCESS.
+	ValidationDetails string `protobuf:"bytes,2,opt,name=validation_details,json=validationDetails,proto3" json:"validation_details,omitempty"`
+	// The S2A context contains information from the peer certificate chain.
+	//
+	// The S2A context MAY be populated even if validation of the peer certificate
+	// chain fails.
+	Context *s2a_context_go_proto.S2AContext `protobuf:"bytes,3,opt,name=context,proto3" json:"context,omitempty"`
+}
+
+func (x *ValidatePeerCertificateChainResp) Reset() {
+	*x = ValidatePeerCertificateChainResp{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[10]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ValidatePeerCertificateChainResp) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ValidatePeerCertificateChainResp) ProtoMessage() {}
+
+func (x *ValidatePeerCertificateChainResp) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[10]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ValidatePeerCertificateChainResp.ProtoReflect.Descriptor instead.
+func (*ValidatePeerCertificateChainResp) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *ValidatePeerCertificateChainResp) GetValidationResult() ValidatePeerCertificateChainResp_ValidationResult {
+	if x != nil {
+		return x.ValidationResult
+	}
+	return ValidatePeerCertificateChainResp_UNSPECIFIED
+}
+
+func (x *ValidatePeerCertificateChainResp) GetValidationDetails() string {
+	if x != nil {
+		return x.ValidationDetails
+	}
+	return ""
+}
+
+func (x *ValidatePeerCertificateChainResp) GetContext() *s2a_context_go_proto.S2AContext {
+	if x != nil {
+		return x.Context
+	}
+	return nil
+}
+
+type SessionReq struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The identity corresponding to the TLS configurations that MUST be used for
+	// the TLS handshake.
+	//
+	// If a managed identity already exists, the local identity and authentication
+	// mechanisms are ignored. If a managed identity doesn't exist and the local
+	// identity is not populated, S2A will try to deduce the managed identity to
+	// use from the SNI extension. If that also fails, S2A uses the default
+	// identity (if one exists).
+	LocalIdentity *common_go_proto1.Identity `protobuf:"bytes,1,opt,name=local_identity,json=localIdentity,proto3" json:"local_identity,omitempty"`
+	// The authentication mechanisms that the application wishes to use to
+	// authenticate to S2A, ordered by preference. S2A will always use the first
+	// authentication mechanism that matches the managed identity.
+	AuthenticationMechanisms []*AuthenticationMechanism `protobuf:"bytes,2,rep,name=authentication_mechanisms,json=authenticationMechanisms,proto3" json:"authentication_mechanisms,omitempty"`
+	// Types that are assignable to ReqOneof:
+	//
+	//	*SessionReq_GetTlsConfigurationReq
+	//	*SessionReq_OffloadPrivateKeyOperationReq
+	//	*SessionReq_OffloadResumptionKeyOperationReq
+	//	*SessionReq_ValidatePeerCertificateChainReq
+	ReqOneof isSessionReq_ReqOneof `protobuf_oneof:"req_oneof"`
+}
+
+func (x *SessionReq) Reset() {
+	*x = SessionReq{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[11]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SessionReq) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SessionReq) ProtoMessage() {}
+
+func (x *SessionReq) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[11]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SessionReq.ProtoReflect.Descriptor instead.
+func (*SessionReq) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{11}
+}
+
+func (x *SessionReq) GetLocalIdentity() *common_go_proto1.Identity {
+	if x != nil {
+		return x.LocalIdentity
+	}
+	return nil
+}
+
+func (x *SessionReq) GetAuthenticationMechanisms() []*AuthenticationMechanism {
+	if x != nil {
+		return x.AuthenticationMechanisms
+	}
+	return nil
+}
+
+func (m *SessionReq) GetReqOneof() isSessionReq_ReqOneof {
+	if m != nil {
+		return m.ReqOneof
+	}
+	return nil
+}
+
+func (x *SessionReq) GetGetTlsConfigurationReq() *GetTlsConfigurationReq {
+	if x, ok := x.GetReqOneof().(*SessionReq_GetTlsConfigurationReq); ok {
+		return x.GetTlsConfigurationReq
+	}
+	return nil
+}
+
+func (x *SessionReq) GetOffloadPrivateKeyOperationReq() *OffloadPrivateKeyOperationReq {
+	if x, ok := x.GetReqOneof().(*SessionReq_OffloadPrivateKeyOperationReq); ok {
+		return x.OffloadPrivateKeyOperationReq
+	}
+	return nil
+}
+
+func (x *SessionReq) GetOffloadResumptionKeyOperationReq() *OffloadResumptionKeyOperationReq {
+	if x, ok := x.GetReqOneof().(*SessionReq_OffloadResumptionKeyOperationReq); ok {
+		return x.OffloadResumptionKeyOperationReq
+	}
+	return nil
+}
+
+func (x *SessionReq) GetValidatePeerCertificateChainReq() *ValidatePeerCertificateChainReq {
+	if x, ok := x.GetReqOneof().(*SessionReq_ValidatePeerCertificateChainReq); ok {
+		return x.ValidatePeerCertificateChainReq
+	}
+	return nil
+}
+
+type isSessionReq_ReqOneof interface {
+	isSessionReq_ReqOneof()
+}
+
+type SessionReq_GetTlsConfigurationReq struct {
+	// Requests the certificate chain and TLS configuration corresponding to the
+	// local identity, which the application MUST use to negotiate the TLS
+	// handshake.
+	GetTlsConfigurationReq *GetTlsConfigurationReq `protobuf:"bytes,3,opt,name=get_tls_configuration_req,json=getTlsConfigurationReq,proto3,oneof"`
+}
+
+type SessionReq_OffloadPrivateKeyOperationReq struct {
+	// Signs or decrypts the input bytes using a private key corresponding to
+	// the local identity in the request.
+	//
+	// WARNING: More than one OffloadPrivateKeyOperationReq may be sent to the
+	// S2Av2 by a server during a TLS 1.2 handshake.
+	OffloadPrivateKeyOperationReq *OffloadPrivateKeyOperationReq `protobuf:"bytes,4,opt,name=offload_private_key_operation_req,json=offloadPrivateKeyOperationReq,proto3,oneof"`
+}
+
+type SessionReq_OffloadResumptionKeyOperationReq struct {
+	// Encrypts or decrypts the input bytes using a resumption key corresponding
+	// to the local identity in the request.
+	OffloadResumptionKeyOperationReq *OffloadResumptionKeyOperationReq `protobuf:"bytes,5,opt,name=offload_resumption_key_operation_req,json=offloadResumptionKeyOperationReq,proto3,oneof"`
+}
+
+type SessionReq_ValidatePeerCertificateChainReq struct {
+	// Verifies the peer's certificate chain using
+	// (a) trust bundles corresponding to the local identity in the request, and
+	// (b) the verification mode in the request.
+	ValidatePeerCertificateChainReq *ValidatePeerCertificateChainReq `protobuf:"bytes,6,opt,name=validate_peer_certificate_chain_req,json=validatePeerCertificateChainReq,proto3,oneof"`
+}
+
+func (*SessionReq_GetTlsConfigurationReq) isSessionReq_ReqOneof() {}
+
+func (*SessionReq_OffloadPrivateKeyOperationReq) isSessionReq_ReqOneof() {}
+
+func (*SessionReq_OffloadResumptionKeyOperationReq) isSessionReq_ReqOneof() {}
+
+func (*SessionReq_ValidatePeerCertificateChainReq) isSessionReq_ReqOneof() {}
+
+type SessionResp struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Status of the session response.
+	//
+	// The status field is populated so that if an error occurs when making an
+	// individual request, then communication with the S2A may continue. If an
+	// error is returned directly (e.g. at the gRPC layer), then it may result
+	// that the bidirectional stream being closed.
+	Status *Status `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"`
+	// Types that are assignable to RespOneof:
+	//
+	//	*SessionResp_GetTlsConfigurationResp
+	//	*SessionResp_OffloadPrivateKeyOperationResp
+	//	*SessionResp_OffloadResumptionKeyOperationResp
+	//	*SessionResp_ValidatePeerCertificateChainResp
+	RespOneof isSessionResp_RespOneof `protobuf_oneof:"resp_oneof"`
+}
+
+func (x *SessionResp) Reset() {
+	*x = SessionResp{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[12]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SessionResp) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SessionResp) ProtoMessage() {}
+
+func (x *SessionResp) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[12]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SessionResp.ProtoReflect.Descriptor instead.
+func (*SessionResp) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{12}
+}
+
+func (x *SessionResp) GetStatus() *Status {
+	if x != nil {
+		return x.Status
+	}
+	return nil
+}
+
+func (m *SessionResp) GetRespOneof() isSessionResp_RespOneof {
+	if m != nil {
+		return m.RespOneof
+	}
+	return nil
+}
+
+func (x *SessionResp) GetGetTlsConfigurationResp() *GetTlsConfigurationResp {
+	if x, ok := x.GetRespOneof().(*SessionResp_GetTlsConfigurationResp); ok {
+		return x.GetTlsConfigurationResp
+	}
+	return nil
+}
+
+func (x *SessionResp) GetOffloadPrivateKeyOperationResp() *OffloadPrivateKeyOperationResp {
+	if x, ok := x.GetRespOneof().(*SessionResp_OffloadPrivateKeyOperationResp); ok {
+		return x.OffloadPrivateKeyOperationResp
+	}
+	return nil
+}
+
+func (x *SessionResp) GetOffloadResumptionKeyOperationResp() *OffloadResumptionKeyOperationResp {
+	if x, ok := x.GetRespOneof().(*SessionResp_OffloadResumptionKeyOperationResp); ok {
+		return x.OffloadResumptionKeyOperationResp
+	}
+	return nil
+}
+
+func (x *SessionResp) GetValidatePeerCertificateChainResp() *ValidatePeerCertificateChainResp {
+	if x, ok := x.GetRespOneof().(*SessionResp_ValidatePeerCertificateChainResp); ok {
+		return x.ValidatePeerCertificateChainResp
+	}
+	return nil
+}
+
+type isSessionResp_RespOneof interface {
+	isSessionResp_RespOneof()
+}
+
+type SessionResp_GetTlsConfigurationResp struct {
+	// Contains the certificate chain and TLS configurations corresponding to
+	// the local identity.
+	GetTlsConfigurationResp *GetTlsConfigurationResp `protobuf:"bytes,2,opt,name=get_tls_configuration_resp,json=getTlsConfigurationResp,proto3,oneof"`
+}
+
+type SessionResp_OffloadPrivateKeyOperationResp struct {
+	// Contains the signed or encrypted output bytes using the private key
+	// corresponding to the local identity.
+	OffloadPrivateKeyOperationResp *OffloadPrivateKeyOperationResp `protobuf:"bytes,3,opt,name=offload_private_key_operation_resp,json=offloadPrivateKeyOperationResp,proto3,oneof"`
+}
+
+type SessionResp_OffloadResumptionKeyOperationResp struct {
+	// Contains the encrypted or decrypted output bytes using the resumption key
+	// corresponding to the local identity.
+	OffloadResumptionKeyOperationResp *OffloadResumptionKeyOperationResp `protobuf:"bytes,4,opt,name=offload_resumption_key_operation_resp,json=offloadResumptionKeyOperationResp,proto3,oneof"`
+}
+
+type SessionResp_ValidatePeerCertificateChainResp struct {
+	// Contains the validation result, peer identity and fingerprints of peer
+	// certificates.
+	ValidatePeerCertificateChainResp *ValidatePeerCertificateChainResp `protobuf:"bytes,5,opt,name=validate_peer_certificate_chain_resp,json=validatePeerCertificateChainResp,proto3,oneof"`
+}
+
+func (*SessionResp_GetTlsConfigurationResp) isSessionResp_RespOneof() {}
+
+func (*SessionResp_OffloadPrivateKeyOperationResp) isSessionResp_RespOneof() {}
+
+func (*SessionResp_OffloadResumptionKeyOperationResp) isSessionResp_RespOneof() {}
+
+func (*SessionResp_ValidatePeerCertificateChainResp) isSessionResp_RespOneof() {}
+
+// Next ID: 8
+type GetTlsConfigurationResp_ClientTlsConfiguration struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The certificate chain that the client MUST use for the TLS handshake.
+	// It's a list of PEM-encoded certificates, ordered from leaf to root,
+	// excluding the root.
+	CertificateChain []string `protobuf:"bytes,1,rep,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"`
+	// The minimum TLS version number that the client MUST use for the TLS
+	// handshake. If this field is not provided, the client MUST use the default
+	// minimum version of the client's TLS library.
+	MinTlsVersion common_go_proto.TLSVersion `protobuf:"varint,2,opt,name=min_tls_version,json=minTlsVersion,proto3,enum=s2a.proto.v2.TLSVersion" json:"min_tls_version,omitempty"`
+	// The maximum TLS version number that the client MUST use for the TLS
+	// handshake. If this field is not provided, the client MUST use the default
+	// maximum version of the client's TLS library.
+	MaxTlsVersion common_go_proto.TLSVersion `protobuf:"varint,3,opt,name=max_tls_version,json=maxTlsVersion,proto3,enum=s2a.proto.v2.TLSVersion" json:"max_tls_version,omitempty"`
+	// The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
+	// negotiate in the TLS handshake.
+	Ciphersuites []common_go_proto.Ciphersuite `protobuf:"varint,6,rep,packed,name=ciphersuites,proto3,enum=s2a.proto.v2.Ciphersuite" json:"ciphersuites,omitempty"`
+	// The policy that dictates how the client negotiates ALPN during the TLS
+	// handshake.
+	AlpnPolicy *AlpnPolicy `protobuf:"bytes,7,opt,name=alpn_policy,json=alpnPolicy,proto3" json:"alpn_policy,omitempty"`
+}
+
+func (x *GetTlsConfigurationResp_ClientTlsConfiguration) Reset() {
+	*x = GetTlsConfigurationResp_ClientTlsConfiguration{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[13]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GetTlsConfigurationResp_ClientTlsConfiguration) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetTlsConfigurationResp_ClientTlsConfiguration) ProtoMessage() {}
+
+func (x *GetTlsConfigurationResp_ClientTlsConfiguration) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[13]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetTlsConfigurationResp_ClientTlsConfiguration.ProtoReflect.Descriptor instead.
+func (*GetTlsConfigurationResp_ClientTlsConfiguration) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{4, 0}
+}
+
+func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetCertificateChain() []string {
+	if x != nil {
+		return x.CertificateChain
+	}
+	return nil
+}
+
+func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetMinTlsVersion() common_go_proto.TLSVersion {
+	if x != nil {
+		return x.MinTlsVersion
+	}
+	return common_go_proto.TLSVersion(0)
+}
+
+func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetMaxTlsVersion() common_go_proto.TLSVersion {
+	if x != nil {
+		return x.MaxTlsVersion
+	}
+	return common_go_proto.TLSVersion(0)
+}
+
+func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetCiphersuites() []common_go_proto.Ciphersuite {
+	if x != nil {
+		return x.Ciphersuites
+	}
+	return nil
+}
+
+func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetAlpnPolicy() *AlpnPolicy {
+	if x != nil {
+		return x.AlpnPolicy
+	}
+	return nil
+}
+
+// Next ID: 12
+type GetTlsConfigurationResp_ServerTlsConfiguration struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The certificate chain that the server MUST use for the TLS handshake.
+	// It's a list of PEM-encoded certificates, ordered from leaf to root,
+	// excluding the root.
+	CertificateChain []string `protobuf:"bytes,1,rep,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"`
+	// The minimum TLS version number that the server MUST use for the TLS
+	// handshake. If this field is not provided, the server MUST use the default
+	// minimum version of the server's TLS library.
+	MinTlsVersion common_go_proto.TLSVersion `protobuf:"varint,2,opt,name=min_tls_version,json=minTlsVersion,proto3,enum=s2a.proto.v2.TLSVersion" json:"min_tls_version,omitempty"`
+	// The maximum TLS version number that the server MUST use for the TLS
+	// handshake. If this field is not provided, the server MUST use the default
+	// maximum version of the server's TLS library.
+	MaxTlsVersion common_go_proto.TLSVersion `protobuf:"varint,3,opt,name=max_tls_version,json=maxTlsVersion,proto3,enum=s2a.proto.v2.TLSVersion" json:"max_tls_version,omitempty"`
+	// The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
+	// negotiate in the TLS handshake.
+	Ciphersuites []common_go_proto.Ciphersuite `protobuf:"varint,10,rep,packed,name=ciphersuites,proto3,enum=s2a.proto.v2.Ciphersuite" json:"ciphersuites,omitempty"`
+	// Whether to enable TLS resumption.
+	TlsResumptionEnabled bool `protobuf:"varint,6,opt,name=tls_resumption_enabled,json=tlsResumptionEnabled,proto3" json:"tls_resumption_enabled,omitempty"`
+	// Whether the server MUST request a client certificate (i.e. to negotiate
+	// TLS vs. mTLS).
+	RequestClientCertificate GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate `protobuf:"varint,7,opt,name=request_client_certificate,json=requestClientCertificate,proto3,enum=s2a.proto.v2.GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate" json:"request_client_certificate,omitempty"`
+	// Returns the maximum number of extra bytes that
+	// |OffloadResumptionKeyOperation| can add to the number of unencrypted
+	// bytes to form the encrypted bytes.
+	MaxOverheadOfTicketAead uint32 `protobuf:"varint,9,opt,name=max_overhead_of_ticket_aead,json=maxOverheadOfTicketAead,proto3" json:"max_overhead_of_ticket_aead,omitempty"`
+	// The policy that dictates how the server negotiates ALPN during the TLS
+	// handshake.
+	AlpnPolicy *AlpnPolicy `protobuf:"bytes,11,opt,name=alpn_policy,json=alpnPolicy,proto3" json:"alpn_policy,omitempty"`
+}
+
+func (x *GetTlsConfigurationResp_ServerTlsConfiguration) Reset() {
+	*x = GetTlsConfigurationResp_ServerTlsConfiguration{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[14]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GetTlsConfigurationResp_ServerTlsConfiguration) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetTlsConfigurationResp_ServerTlsConfiguration) ProtoMessage() {}
+
+func (x *GetTlsConfigurationResp_ServerTlsConfiguration) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[14]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetTlsConfigurationResp_ServerTlsConfiguration.ProtoReflect.Descriptor instead.
+func (*GetTlsConfigurationResp_ServerTlsConfiguration) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{4, 1}
+}
+
+func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetCertificateChain() []string {
+	if x != nil {
+		return x.CertificateChain
+	}
+	return nil
+}
+
+func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetMinTlsVersion() common_go_proto.TLSVersion {
+	if x != nil {
+		return x.MinTlsVersion
+	}
+	return common_go_proto.TLSVersion(0)
+}
+
+func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetMaxTlsVersion() common_go_proto.TLSVersion {
+	if x != nil {
+		return x.MaxTlsVersion
+	}
+	return common_go_proto.TLSVersion(0)
+}
+
+func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetCiphersuites() []common_go_proto.Ciphersuite {
+	if x != nil {
+		return x.Ciphersuites
+	}
+	return nil
+}
+
+func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetTlsResumptionEnabled() bool {
+	if x != nil {
+		return x.TlsResumptionEnabled
+	}
+	return false
+}
+
+func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetRequestClientCertificate() GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate {
+	if x != nil {
+		return x.RequestClientCertificate
+	}
+	return GetTlsConfigurationResp_ServerTlsConfiguration_UNSPECIFIED
+}
+
+func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetMaxOverheadOfTicketAead() uint32 {
+	if x != nil {
+		return x.MaxOverheadOfTicketAead
+	}
+	return 0
+}
+
+func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetAlpnPolicy() *AlpnPolicy {
+	if x != nil {
+		return x.AlpnPolicy
+	}
+	return nil
+}
+
+type ValidatePeerCertificateChainReq_ClientPeer struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The certificate chain to be verified. The chain MUST be a list of
+	// DER-encoded certificates, ordered from leaf to root, excluding the root.
+	CertificateChain [][]byte `protobuf:"bytes,1,rep,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"`
+}
+
+func (x *ValidatePeerCertificateChainReq_ClientPeer) Reset() {
+	*x = ValidatePeerCertificateChainReq_ClientPeer{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[15]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ValidatePeerCertificateChainReq_ClientPeer) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ValidatePeerCertificateChainReq_ClientPeer) ProtoMessage() {}
+
+func (x *ValidatePeerCertificateChainReq_ClientPeer) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[15]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ValidatePeerCertificateChainReq_ClientPeer.ProtoReflect.Descriptor instead.
+func (*ValidatePeerCertificateChainReq_ClientPeer) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{9, 0}
+}
+
+func (x *ValidatePeerCertificateChainReq_ClientPeer) GetCertificateChain() [][]byte {
+	if x != nil {
+		return x.CertificateChain
+	}
+	return nil
+}
+
+type ValidatePeerCertificateChainReq_ServerPeer struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The certificate chain to be verified. The chain MUST be a list of
+	// DER-encoded certificates, ordered from leaf to root, excluding the root.
+	CertificateChain [][]byte `protobuf:"bytes,1,rep,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"`
+	// The expected hostname of the server.
+	ServerHostname string `protobuf:"bytes,2,opt,name=server_hostname,json=serverHostname,proto3" json:"server_hostname,omitempty"`
+	// The UnrestrictedClientPolicy specified by the user.
+	SerializedUnrestrictedClientPolicy []byte `protobuf:"bytes,3,opt,name=serialized_unrestricted_client_policy,json=serializedUnrestrictedClientPolicy,proto3" json:"serialized_unrestricted_client_policy,omitempty"`
+}
+
+func (x *ValidatePeerCertificateChainReq_ServerPeer) Reset() {
+	*x = ValidatePeerCertificateChainReq_ServerPeer{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[16]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ValidatePeerCertificateChainReq_ServerPeer) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ValidatePeerCertificateChainReq_ServerPeer) ProtoMessage() {}
+
+func (x *ValidatePeerCertificateChainReq_ServerPeer) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[16]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ValidatePeerCertificateChainReq_ServerPeer.ProtoReflect.Descriptor instead.
+func (*ValidatePeerCertificateChainReq_ServerPeer) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{9, 1}
+}
+
+func (x *ValidatePeerCertificateChainReq_ServerPeer) GetCertificateChain() [][]byte {
+	if x != nil {
+		return x.CertificateChain
+	}
+	return nil
+}
+
+func (x *ValidatePeerCertificateChainReq_ServerPeer) GetServerHostname() string {
+	if x != nil {
+		return x.ServerHostname
+	}
+	return ""
+}
+
+func (x *ValidatePeerCertificateChainReq_ServerPeer) GetSerializedUnrestrictedClientPolicy() []byte {
+	if x != nil {
+		return x.SerializedUnrestrictedClientPolicy
+	}
+	return nil
+}
+
+var File_internal_proto_v2_s2a_s2a_proto protoreflect.FileDescriptor
+
+var file_internal_proto_v2_s2a_s2a_proto_rawDesc = []byte{
+	0x0a, 0x1f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x2f, 0x76, 0x32, 0x2f, 0x73, 0x32, 0x61, 0x2f, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x12, 0x0c, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x1a,
+	0x22, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f,
+	0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x1a, 0x25, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x2f, 0x76, 0x32, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f,
+	0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x2f, 0x69, 0x6e, 0x74, 0x65,
+	0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x76, 0x32, 0x2f, 0x73, 0x32,
+	0x61, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2f, 0x73, 0x32, 0x61, 0x5f, 0x63, 0x6f,
+	0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x87, 0x01, 0x0a, 0x0a,
+	0x41, 0x6c, 0x70, 0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x36, 0x0a, 0x17, 0x65, 0x6e,
+	0x61, 0x62, 0x6c, 0x65, 0x5f, 0x61, 0x6c, 0x70, 0x6e, 0x5f, 0x6e, 0x65, 0x67, 0x6f, 0x74, 0x69,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15, 0x65, 0x6e, 0x61,
+	0x62, 0x6c, 0x65, 0x41, 0x6c, 0x70, 0x6e, 0x4e, 0x65, 0x67, 0x6f, 0x74, 0x69, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x12, 0x41, 0x0a, 0x0e, 0x61, 0x6c, 0x70, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x63, 0x6f, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x73, 0x32, 0x61,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x41, 0x6c, 0x70, 0x6e, 0x50, 0x72,
+	0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x52, 0x0d, 0x61, 0x6c, 0x70, 0x6e, 0x50, 0x72, 0x6f, 0x74,
+	0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x22, 0x75, 0x0a, 0x17, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74,
+	0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x63, 0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d,
+	0x12, 0x2f, 0x0a, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49,
+	0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74,
+	0x79, 0x12, 0x16, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x48, 0x00, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x42, 0x11, 0x0a, 0x0f, 0x6d, 0x65, 0x63,
+	0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d, 0x5f, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x22, 0x36, 0x0a, 0x06,
+	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x65,
+	0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x64, 0x65, 0x74,
+	0x61, 0x69, 0x6c, 0x73, 0x22, 0x71, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x12, 0x45,
+	0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x69, 0x64,
+	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x53, 0x69, 0x64, 0x65, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x53, 0x69, 0x64, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x73, 0x6e, 0x69, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x03, 0x73, 0x6e, 0x69, 0x22, 0xf1, 0x0b, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x54,
+	0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
+	0x65, 0x73, 0x70, 0x12, 0x78, 0x0a, 0x18, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x74, 0x6c,
+	0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x2e, 0x43, 0x6c, 0x69,
+	0x65, 0x6e, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x16, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x54, 0x6c, 0x73,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x78, 0x0a,
+	0x18, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x3c, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x47,
+	0x65, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x6c, 0x73,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52,
+	0x16, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0xcf, 0x02, 0x0a, 0x16, 0x43, 0x6c, 0x69, 0x65,
+	0x6e, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x12, 0x2b, 0x0a, 0x11, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
+	0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, 0x63,
+	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x12,
+	0x40, 0x0a, 0x0f, 0x6d, 0x69, 0x6e, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69,
+	0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72, 0x73, 0x69,
+	0x6f, 0x6e, 0x52, 0x0d, 0x6d, 0x69, 0x6e, 0x54, 0x6c, 0x73, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f,
+	0x6e, 0x12, 0x40, 0x0a, 0x0f, 0x6d, 0x61, 0x78, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x76, 0x65, 0x72,
+	0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x73, 0x32, 0x61,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72,
+	0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0d, 0x6d, 0x61, 0x78, 0x54, 0x6c, 0x73, 0x56, 0x65, 0x72, 0x73,
+	0x69, 0x6f, 0x6e, 0x12, 0x3d, 0x0a, 0x0c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x75, 0x69,
+	0x74, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x19, 0x2e, 0x73, 0x32, 0x61, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73,
+	0x75, 0x69, 0x74, 0x65, 0x52, 0x0c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x75, 0x69, 0x74,
+	0x65, 0x73, 0x12, 0x39, 0x0a, 0x0b, 0x61, 0x6c, 0x70, 0x6e, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63,
+	0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x41, 0x6c, 0x70, 0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63,
+	0x79, 0x52, 0x0a, 0x61, 0x6c, 0x70, 0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4a, 0x04, 0x08,
+	0x04, 0x10, 0x05, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x1a, 0xfa, 0x06, 0x0a, 0x16, 0x53, 0x65,
+	0x72, 0x76, 0x65, 0x72, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2b, 0x0a, 0x11, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
+	0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52,
+	0x10, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69,
+	0x6e, 0x12, 0x40, 0x0a, 0x0f, 0x6d, 0x69, 0x6e, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x76, 0x65, 0x72,
+	0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x73, 0x32, 0x61,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72,
+	0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0d, 0x6d, 0x69, 0x6e, 0x54, 0x6c, 0x73, 0x56, 0x65, 0x72, 0x73,
+	0x69, 0x6f, 0x6e, 0x12, 0x40, 0x0a, 0x0f, 0x6d, 0x61, 0x78, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x76,
+	0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x73,
+	0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x54, 0x4c, 0x53, 0x56,
+	0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0d, 0x6d, 0x61, 0x78, 0x54, 0x6c, 0x73, 0x56, 0x65,
+	0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x3d, 0x0a, 0x0c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73,
+	0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x19, 0x2e, 0x73, 0x32,
+	0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x43, 0x69, 0x70, 0x68, 0x65,
+	0x72, 0x73, 0x75, 0x69, 0x74, 0x65, 0x52, 0x0c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x75,
+	0x69, 0x74, 0x65, 0x73, 0x12, 0x34, 0x0a, 0x16, 0x74, 0x6c, 0x73, 0x5f, 0x72, 0x65, 0x73, 0x75,
+	0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x06,
+	0x20, 0x01, 0x28, 0x08, 0x52, 0x14, 0x74, 0x6c, 0x73, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x93, 0x01, 0x0a, 0x1a, 0x72,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x65,
+	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0e, 0x32,
+	0x55, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x47,
+	0x65, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x6c, 0x73,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69,
+	0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x18, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x43,
+	0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
+	0x12, 0x3c, 0x0a, 0x1b, 0x6d, 0x61, 0x78, 0x5f, 0x6f, 0x76, 0x65, 0x72, 0x68, 0x65, 0x61, 0x64,
+	0x5f, 0x6f, 0x66, 0x5f, 0x74, 0x69, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x61, 0x65, 0x61, 0x64, 0x18,
+	0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x17, 0x6d, 0x61, 0x78, 0x4f, 0x76, 0x65, 0x72, 0x68, 0x65,
+	0x61, 0x64, 0x4f, 0x66, 0x54, 0x69, 0x63, 0x6b, 0x65, 0x74, 0x41, 0x65, 0x61, 0x64, 0x12, 0x39,
+	0x0a, 0x0b, 0x61, 0x6c, 0x70, 0x6e, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x0b, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
+	0x76, 0x32, 0x2e, 0x41, 0x6c, 0x70, 0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0a, 0x61,
+	0x6c, 0x70, 0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, 0x9e, 0x02, 0x0a, 0x18, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69,
+	0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43,
+	0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x23, 0x0a, 0x1f, 0x44, 0x4f, 0x4e, 0x54, 0x5f,
+	0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x5f, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x43,
+	0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x10, 0x01, 0x12, 0x2e, 0x0a, 0x2a,
+	0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x5f, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x43,
+	0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x5f, 0x42, 0x55, 0x54, 0x5f, 0x44,
+	0x4f, 0x4e, 0x54, 0x5f, 0x56, 0x45, 0x52, 0x49, 0x46, 0x59, 0x10, 0x02, 0x12, 0x29, 0x0a, 0x25,
+	0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x5f, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x43,
+	0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x5f, 0x41, 0x4e, 0x44, 0x5f, 0x56,
+	0x45, 0x52, 0x49, 0x46, 0x59, 0x10, 0x03, 0x12, 0x3a, 0x0a, 0x36, 0x52, 0x45, 0x51, 0x55, 0x45,
+	0x53, 0x54, 0x5f, 0x41, 0x4e, 0x44, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x49, 0x52, 0x45, 0x5f, 0x43,
+	0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54,
+	0x45, 0x5f, 0x42, 0x55, 0x54, 0x5f, 0x44, 0x4f, 0x4e, 0x54, 0x5f, 0x56, 0x45, 0x52, 0x49, 0x46,
+	0x59, 0x10, 0x04, 0x12, 0x35, 0x0a, 0x31, 0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x5f, 0x41,
+	0x4e, 0x44, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x49, 0x52, 0x45, 0x5f, 0x43, 0x4c, 0x49, 0x45, 0x4e,
+	0x54, 0x5f, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x5f, 0x41, 0x4e,
+	0x44, 0x5f, 0x56, 0x45, 0x52, 0x49, 0x46, 0x59, 0x10, 0x05, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05,
+	0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x42, 0x13, 0x0a, 0x11, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xb0, 0x03, 0x0a, 0x1d,
+	0x4f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65,
+	0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x12, 0x5d, 0x0a,
+	0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e,
+	0x32, 0x3f, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e,
+	0x4f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65,
+	0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x2e, 0x50, 0x72,
+	0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x52, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x51, 0x0a, 0x13,
+	0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69,
+	0x74, 0x68, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x20, 0x2e, 0x73, 0x32, 0x61, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75,
+	0x72, 0x65, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x52, 0x12, 0x73, 0x69, 0x67,
+	0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12,
+	0x1d, 0x0a, 0x09, 0x72, 0x61, 0x77, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01,
+	0x28, 0x0c, 0x48, 0x00, 0x52, 0x08, 0x72, 0x61, 0x77, 0x42, 0x79, 0x74, 0x65, 0x73, 0x12, 0x25,
+	0x0a, 0x0d, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x5f, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18,
+	0x05, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x0c, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x44,
+	0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x25, 0x0a, 0x0d, 0x73, 0x68, 0x61, 0x33, 0x38, 0x34, 0x5f,
+	0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x0c,
+	0x73, 0x68, 0x61, 0x33, 0x38, 0x34, 0x44, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x25, 0x0a, 0x0d,
+	0x73, 0x68, 0x61, 0x35, 0x31, 0x32, 0x5f, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x07, 0x20,
+	0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x0c, 0x73, 0x68, 0x61, 0x35, 0x31, 0x32, 0x44, 0x69, 0x67,
+	0x65, 0x73, 0x74, 0x22, 0x3d, 0x0a, 0x13, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65,
+	0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x0f, 0x0a, 0x0b, 0x55, 0x4e,
+	0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x53,
+	0x49, 0x47, 0x4e, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, 0x43, 0x52, 0x59, 0x50, 0x54,
+	0x10, 0x02, 0x42, 0x0a, 0x0a, 0x08, 0x69, 0x6e, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x22, 0x3d,
+	0x0a, 0x1e, 0x4f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65,
+	0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70,
+	0x12, 0x1b, 0x0a, 0x09, 0x6f, 0x75, 0x74, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0c, 0x52, 0x08, 0x6f, 0x75, 0x74, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22, 0xe7, 0x01,
+	0x0a, 0x20, 0x4f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
+	0x65, 0x71, 0x12, 0x63, 0x0a, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x45, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x4f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x73, 0x75,
+	0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x52, 0x65, 0x71, 0x2e, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+	0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x6f, 0x70,
+	0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, 0x08, 0x69, 0x6e, 0x5f, 0x62, 0x79,
+	0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x69, 0x6e, 0x42, 0x79, 0x74,
+	0x65, 0x73, 0x22, 0x43, 0x0a, 0x16, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+	0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x0f, 0x0a, 0x0b,
+	0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0b, 0x0a,
+	0x07, 0x45, 0x4e, 0x43, 0x52, 0x59, 0x50, 0x54, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45,
+	0x43, 0x52, 0x59, 0x50, 0x54, 0x10, 0x02, 0x22, 0x40, 0x0a, 0x21, 0x4f, 0x66, 0x66, 0x6c, 0x6f,
+	0x61, 0x64, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x4f,
+	0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x12, 0x1b, 0x0a, 0x09,
+	0x6f, 0x75, 0x74, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52,
+	0x08, 0x6f, 0x75, 0x74, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22, 0xf8, 0x04, 0x0a, 0x1f, 0x56, 0x61,
+	0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
+	0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x12, 0x52, 0x0a,
+	0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3e, 0x2e, 0x73, 0x32,
+	0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64,
+	0x61, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
+	0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x2e, 0x56, 0x65, 0x72, 0x69, 0x66,
+	0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64,
+	0x65, 0x12, 0x5b, 0x0a, 0x0b, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x70, 0x65, 0x65, 0x72,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50, 0x65,
+	0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61,
+	0x69, 0x6e, 0x52, 0x65, 0x71, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x65, 0x65, 0x72,
+	0x48, 0x00, 0x52, 0x0a, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x65, 0x65, 0x72, 0x12, 0x5b,
+	0x0a, 0x0b, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x18, 0x03, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
+	0x76, 0x32, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x43,
+	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52,
+	0x65, 0x71, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x50, 0x65, 0x65, 0x72, 0x48, 0x00, 0x52,
+	0x0a, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x50, 0x65, 0x65, 0x72, 0x1a, 0x39, 0x0a, 0x0a, 0x43,
+	0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x65, 0x65, 0x72, 0x12, 0x2b, 0x0a, 0x11, 0x63, 0x65, 0x72,
+	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, 0x01,
+	0x20, 0x03, 0x28, 0x0c, 0x52, 0x10, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
+	0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x1a, 0xb5, 0x01, 0x0a, 0x0a, 0x53, 0x65, 0x72, 0x76, 0x65,
+	0x72, 0x50, 0x65, 0x65, 0x72, 0x12, 0x2b, 0x0a, 0x11, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
+	0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0c,
+	0x52, 0x10, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61,
+	0x69, 0x6e, 0x12, 0x27, 0x0a, 0x0f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x68, 0x6f, 0x73,
+	0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x73, 0x65, 0x72,
+	0x76, 0x65, 0x72, 0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x51, 0x0a, 0x25, 0x73,
+	0x65, 0x72, 0x69, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x5f, 0x75, 0x6e, 0x72, 0x65, 0x73, 0x74,
+	0x72, 0x69, 0x63, 0x74, 0x65, 0x64, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x70, 0x6f,
+	0x6c, 0x69, 0x63, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x22, 0x73, 0x65, 0x72, 0x69,
+	0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x55, 0x6e, 0x72, 0x65, 0x73, 0x74, 0x72, 0x69, 0x63, 0x74,
+	0x65, 0x64, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, 0x46,
+	0x0a, 0x10, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x6f,
+	0x64, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45,
+	0x44, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x50, 0x49, 0x46, 0x46, 0x45, 0x10, 0x01, 0x12,
+	0x15, 0x0a, 0x11, 0x43, 0x4f, 0x4e, 0x4e, 0x45, 0x43, 0x54, 0x5f, 0x54, 0x4f, 0x5f, 0x47, 0x4f,
+	0x4f, 0x47, 0x4c, 0x45, 0x10, 0x02, 0x42, 0x0c, 0x0a, 0x0a, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x6f,
+	0x6e, 0x65, 0x6f, 0x66, 0x22, 0xb2, 0x02, 0x0a, 0x20, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74,
+	0x65, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
+	0x43, 0x68, 0x61, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x12, 0x6c, 0x0a, 0x11, 0x76, 0x61, 0x6c,
+	0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x0e, 0x32, 0x3f, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x2e, 0x76, 0x32, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72,
+	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e,
+	0x52, 0x65, 0x73, 0x70, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
+	0x65, 0x73, 0x75, 0x6c, 0x74, 0x52, 0x10, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x2d, 0x0a, 0x12, 0x76, 0x61, 0x6c, 0x69, 0x64,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44,
+	0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x12, 0x32, 0x0a, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78,
+	0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x32, 0x41, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78,
+	0x74, 0x52, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x22, 0x3d, 0x0a, 0x10, 0x56, 0x61,
+	0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x0f,
+	0x0a, 0x0b, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12,
+	0x0b, 0x0a, 0x07, 0x53, 0x55, 0x43, 0x43, 0x45, 0x53, 0x53, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07,
+	0x46, 0x41, 0x49, 0x4c, 0x55, 0x52, 0x45, 0x10, 0x02, 0x22, 0x97, 0x05, 0x0a, 0x0a, 0x53, 0x65,
+	0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x12, 0x3a, 0x0a, 0x0e, 0x6c, 0x6f, 0x63, 0x61,
+	0x6c, 0x5f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x13, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x64, 0x65,
+	0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x0d, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x64, 0x65, 0x6e,
+	0x74, 0x69, 0x74, 0x79, 0x12, 0x62, 0x0a, 0x19, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69,
+	0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6d, 0x65, 0x63, 0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d,
+	0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x63, 0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d, 0x52, 0x18,
+	0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65,
+	0x63, 0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d, 0x73, 0x12, 0x61, 0x0a, 0x19, 0x67, 0x65, 0x74, 0x5f,
+	0x74, 0x6c, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x5f, 0x72, 0x65, 0x71, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x73, 0x32,
+	0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, 0x54, 0x6c,
+	0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65,
+	0x71, 0x48, 0x00, 0x52, 0x16, 0x67, 0x65, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x12, 0x77, 0x0a, 0x21, 0x6f,
+	0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b,
+	0x65, 0x79, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x71,
+	0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x4f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72, 0x69,
+	0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x52, 0x65, 0x71, 0x48, 0x00, 0x52, 0x1d, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72,
+	0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x52, 0x65, 0x71, 0x12, 0x80, 0x01, 0x0a, 0x24, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64,
+	0x5f, 0x72, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6b, 0x65, 0x79, 0x5f,
+	0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x71, 0x18, 0x05, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
+	0x76, 0x32, 0x2e, 0x4f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70,
+	0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x52, 0x65, 0x71, 0x48, 0x00, 0x52, 0x20, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65,
+	0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x12, 0x7d, 0x0a, 0x23, 0x76, 0x61, 0x6c, 0x69, 0x64,
+	0x61, 0x74, 0x65, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
+	0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x5f, 0x72, 0x65, 0x71, 0x18, 0x06,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x2e, 0x76, 0x32, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72,
+	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e,
+	0x52, 0x65, 0x71, 0x48, 0x00, 0x52, 0x1f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50,
+	0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68,
+	0x61, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x42, 0x0b, 0x0a, 0x09, 0x72, 0x65, 0x71, 0x5f, 0x6f, 0x6e,
+	0x65, 0x6f, 0x66, 0x22, 0xb4, 0x04, 0x0a, 0x0b, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52,
+	0x65, 0x73, 0x70, 0x12, 0x2c, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
+	0x76, 0x32, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75,
+	0x73, 0x12, 0x64, 0x0a, 0x1a, 0x67, 0x65, 0x74, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x48, 0x00, 0x52, 0x17,
+	0x67, 0x65, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x12, 0x7a, 0x0a, 0x22, 0x6f, 0x66, 0x66, 0x6c, 0x6f,
+	0x61, 0x64, 0x5f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x6f,
+	0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x18, 0x03, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
+	0x76, 0x32, 0x2e, 0x4f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74,
+	0x65, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73,
+	0x70, 0x48, 0x00, 0x52, 0x1e, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72, 0x69, 0x76,
+	0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
+	0x65, 0x73, 0x70, 0x12, 0x83, 0x01, 0x0a, 0x25, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x5f,
+	0x72, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x6f,
+	0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x18, 0x04, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
+	0x76, 0x32, 0x2e, 0x4f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70,
+	0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x52, 0x65, 0x73, 0x70, 0x48, 0x00, 0x52, 0x21, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52,
+	0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x12, 0x80, 0x01, 0x0a, 0x24, 0x76, 0x61,
+	0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74,
+	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x5f, 0x72, 0x65,
+	0x73, 0x70, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65,
+	0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43,
+	0x68, 0x61, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x48, 0x00, 0x52, 0x20, 0x76, 0x61, 0x6c, 0x69,
+	0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
+	0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x42, 0x0c, 0x0a, 0x0a,
+	0x72, 0x65, 0x73, 0x70, 0x5f, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x2a, 0xa2, 0x03, 0x0a, 0x12, 0x53,
+	0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68,
+	0x6d, 0x12, 0x1c, 0x0a, 0x18, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47,
+	0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12,
+	0x21, 0x0a, 0x1d, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f,
+	0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36,
+	0x10, 0x01, 0x12, 0x21, 0x0a, 0x1d, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49,
+	0x47, 0x4e, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x53, 0x48, 0x41,
+	0x33, 0x38, 0x34, 0x10, 0x02, 0x12, 0x21, 0x0a, 0x1d, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c,
+	0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f,
+	0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x10, 0x03, 0x12, 0x27, 0x0a, 0x23, 0x53, 0x32, 0x41, 0x5f,
+	0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53,
+	0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x52, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10,
+	0x04, 0x12, 0x27, 0x0a, 0x23, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47,
+	0x4e, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x33, 0x38, 0x34, 0x52,
+	0x31, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x05, 0x12, 0x27, 0x0a, 0x23, 0x53, 0x32,
+	0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41,
+	0x5f, 0x53, 0x45, 0x43, 0x50, 0x35, 0x32, 0x31, 0x52, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x35, 0x31,
+	0x32, 0x10, 0x06, 0x12, 0x24, 0x0a, 0x20, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53,
+	0x49, 0x47, 0x4e, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, 0x5f, 0x52, 0x53, 0x41, 0x45,
+	0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x07, 0x12, 0x24, 0x0a, 0x20, 0x53, 0x32, 0x41,
+	0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53,
+	0x53, 0x5f, 0x52, 0x53, 0x41, 0x45, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x08, 0x12,
+	0x24, 0x0a, 0x20, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f,
+	0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, 0x5f, 0x52, 0x53, 0x41, 0x45, 0x5f, 0x53, 0x48, 0x41,
+	0x35, 0x31, 0x32, 0x10, 0x09, 0x12, 0x18, 0x0a, 0x14, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c,
+	0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x0a, 0x32,
+	0x57, 0x0a, 0x0a, 0x53, 0x32, 0x41, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x49, 0x0a,
+	0x0c, 0x53, 0x65, 0x74, 0x55, 0x70, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x2e,
+	0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x65, 0x73,
+	0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x1a, 0x19, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65,
+	0x73, 0x70, 0x22, 0x00, 0x28, 0x01, 0x30, 0x01, 0x42, 0x36, 0x5a, 0x34, 0x67, 0x69, 0x74, 0x68,
+	0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x73, 0x32,
+	0x61, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x2f, 0x76, 0x32, 0x2f, 0x73, 0x32, 0x61, 0x5f, 0x67, 0x6f, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_internal_proto_v2_s2a_s2a_proto_rawDescOnce sync.Once
+	file_internal_proto_v2_s2a_s2a_proto_rawDescData = file_internal_proto_v2_s2a_s2a_proto_rawDesc
+)
+
+func file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP() []byte {
+	file_internal_proto_v2_s2a_s2a_proto_rawDescOnce.Do(func() {
+		file_internal_proto_v2_s2a_s2a_proto_rawDescData = protoimpl.X.CompressGZIP(file_internal_proto_v2_s2a_s2a_proto_rawDescData)
+	})
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescData
+}
+
+var file_internal_proto_v2_s2a_s2a_proto_enumTypes = make([]protoimpl.EnumInfo, 6)
+var file_internal_proto_v2_s2a_s2a_proto_msgTypes = make([]protoimpl.MessageInfo, 17)
+var file_internal_proto_v2_s2a_s2a_proto_goTypes = []interface{}{
+	(SignatureAlgorithm)(0), // 0: s2a.proto.v2.SignatureAlgorithm
+	(GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate)(0), // 1: s2a.proto.v2.GetTlsConfigurationResp.ServerTlsConfiguration.RequestClientCertificate
+	(OffloadPrivateKeyOperationReq_PrivateKeyOperation)(0),                       // 2: s2a.proto.v2.OffloadPrivateKeyOperationReq.PrivateKeyOperation
+	(OffloadResumptionKeyOperationReq_ResumptionKeyOperation)(0),                 // 3: s2a.proto.v2.OffloadResumptionKeyOperationReq.ResumptionKeyOperation
+	(ValidatePeerCertificateChainReq_VerificationMode)(0),                        // 4: s2a.proto.v2.ValidatePeerCertificateChainReq.VerificationMode
+	(ValidatePeerCertificateChainResp_ValidationResult)(0),                       // 5: s2a.proto.v2.ValidatePeerCertificateChainResp.ValidationResult
+	(*AlpnPolicy)(nil),                                     // 6: s2a.proto.v2.AlpnPolicy
+	(*AuthenticationMechanism)(nil),                        // 7: s2a.proto.v2.AuthenticationMechanism
+	(*Status)(nil),                                         // 8: s2a.proto.v2.Status
+	(*GetTlsConfigurationReq)(nil),                         // 9: s2a.proto.v2.GetTlsConfigurationReq
+	(*GetTlsConfigurationResp)(nil),                        // 10: s2a.proto.v2.GetTlsConfigurationResp
+	(*OffloadPrivateKeyOperationReq)(nil),                  // 11: s2a.proto.v2.OffloadPrivateKeyOperationReq
+	(*OffloadPrivateKeyOperationResp)(nil),                 // 12: s2a.proto.v2.OffloadPrivateKeyOperationResp
+	(*OffloadResumptionKeyOperationReq)(nil),               // 13: s2a.proto.v2.OffloadResumptionKeyOperationReq
+	(*OffloadResumptionKeyOperationResp)(nil),              // 14: s2a.proto.v2.OffloadResumptionKeyOperationResp
+	(*ValidatePeerCertificateChainReq)(nil),                // 15: s2a.proto.v2.ValidatePeerCertificateChainReq
+	(*ValidatePeerCertificateChainResp)(nil),               // 16: s2a.proto.v2.ValidatePeerCertificateChainResp
+	(*SessionReq)(nil),                                     // 17: s2a.proto.v2.SessionReq
+	(*SessionResp)(nil),                                    // 18: s2a.proto.v2.SessionResp
+	(*GetTlsConfigurationResp_ClientTlsConfiguration)(nil), // 19: s2a.proto.v2.GetTlsConfigurationResp.ClientTlsConfiguration
+	(*GetTlsConfigurationResp_ServerTlsConfiguration)(nil), // 20: s2a.proto.v2.GetTlsConfigurationResp.ServerTlsConfiguration
+	(*ValidatePeerCertificateChainReq_ClientPeer)(nil),     // 21: s2a.proto.v2.ValidatePeerCertificateChainReq.ClientPeer
+	(*ValidatePeerCertificateChainReq_ServerPeer)(nil),     // 22: s2a.proto.v2.ValidatePeerCertificateChainReq.ServerPeer
+	(common_go_proto.AlpnProtocol)(0),                      // 23: s2a.proto.v2.AlpnProtocol
+	(*common_go_proto1.Identity)(nil),                      // 24: s2a.proto.Identity
+	(common_go_proto.ConnectionSide)(0),                    // 25: s2a.proto.v2.ConnectionSide
+	(*s2a_context_go_proto.S2AContext)(nil),                // 26: s2a.proto.v2.S2AContext
+	(common_go_proto.TLSVersion)(0),                        // 27: s2a.proto.v2.TLSVersion
+	(common_go_proto.Ciphersuite)(0),                       // 28: s2a.proto.v2.Ciphersuite
+}
+var file_internal_proto_v2_s2a_s2a_proto_depIdxs = []int32{
+	23, // 0: s2a.proto.v2.AlpnPolicy.alpn_protocols:type_name -> s2a.proto.v2.AlpnProtocol
+	24, // 1: s2a.proto.v2.AuthenticationMechanism.identity:type_name -> s2a.proto.Identity
+	25, // 2: s2a.proto.v2.GetTlsConfigurationReq.connection_side:type_name -> s2a.proto.v2.ConnectionSide
+	19, // 3: s2a.proto.v2.GetTlsConfigurationResp.client_tls_configuration:type_name -> s2a.proto.v2.GetTlsConfigurationResp.ClientTlsConfiguration
+	20, // 4: s2a.proto.v2.GetTlsConfigurationResp.server_tls_configuration:type_name -> s2a.proto.v2.GetTlsConfigurationResp.ServerTlsConfiguration
+	2,  // 5: s2a.proto.v2.OffloadPrivateKeyOperationReq.operation:type_name -> s2a.proto.v2.OffloadPrivateKeyOperationReq.PrivateKeyOperation
+	0,  // 6: s2a.proto.v2.OffloadPrivateKeyOperationReq.signature_algorithm:type_name -> s2a.proto.v2.SignatureAlgorithm
+	3,  // 7: s2a.proto.v2.OffloadResumptionKeyOperationReq.operation:type_name -> s2a.proto.v2.OffloadResumptionKeyOperationReq.ResumptionKeyOperation
+	4,  // 8: s2a.proto.v2.ValidatePeerCertificateChainReq.mode:type_name -> s2a.proto.v2.ValidatePeerCertificateChainReq.VerificationMode
+	21, // 9: s2a.proto.v2.ValidatePeerCertificateChainReq.client_peer:type_name -> s2a.proto.v2.ValidatePeerCertificateChainReq.ClientPeer
+	22, // 10: s2a.proto.v2.ValidatePeerCertificateChainReq.server_peer:type_name -> s2a.proto.v2.ValidatePeerCertificateChainReq.ServerPeer
+	5,  // 11: s2a.proto.v2.ValidatePeerCertificateChainResp.validation_result:type_name -> s2a.proto.v2.ValidatePeerCertificateChainResp.ValidationResult
+	26, // 12: s2a.proto.v2.ValidatePeerCertificateChainResp.context:type_name -> s2a.proto.v2.S2AContext
+	24, // 13: s2a.proto.v2.SessionReq.local_identity:type_name -> s2a.proto.Identity
+	7,  // 14: s2a.proto.v2.SessionReq.authentication_mechanisms:type_name -> s2a.proto.v2.AuthenticationMechanism
+	9,  // 15: s2a.proto.v2.SessionReq.get_tls_configuration_req:type_name -> s2a.proto.v2.GetTlsConfigurationReq
+	11, // 16: s2a.proto.v2.SessionReq.offload_private_key_operation_req:type_name -> s2a.proto.v2.OffloadPrivateKeyOperationReq
+	13, // 17: s2a.proto.v2.SessionReq.offload_resumption_key_operation_req:type_name -> s2a.proto.v2.OffloadResumptionKeyOperationReq
+	15, // 18: s2a.proto.v2.SessionReq.validate_peer_certificate_chain_req:type_name -> s2a.proto.v2.ValidatePeerCertificateChainReq
+	8,  // 19: s2a.proto.v2.SessionResp.status:type_name -> s2a.proto.v2.Status
+	10, // 20: s2a.proto.v2.SessionResp.get_tls_configuration_resp:type_name -> s2a.proto.v2.GetTlsConfigurationResp
+	12, // 21: s2a.proto.v2.SessionResp.offload_private_key_operation_resp:type_name -> s2a.proto.v2.OffloadPrivateKeyOperationResp
+	14, // 22: s2a.proto.v2.SessionResp.offload_resumption_key_operation_resp:type_name -> s2a.proto.v2.OffloadResumptionKeyOperationResp
+	16, // 23: s2a.proto.v2.SessionResp.validate_peer_certificate_chain_resp:type_name -> s2a.proto.v2.ValidatePeerCertificateChainResp
+	27, // 24: s2a.proto.v2.GetTlsConfigurationResp.ClientTlsConfiguration.min_tls_version:type_name -> s2a.proto.v2.TLSVersion
+	27, // 25: s2a.proto.v2.GetTlsConfigurationResp.ClientTlsConfiguration.max_tls_version:type_name -> s2a.proto.v2.TLSVersion
+	28, // 26: s2a.proto.v2.GetTlsConfigurationResp.ClientTlsConfiguration.ciphersuites:type_name -> s2a.proto.v2.Ciphersuite
+	6,  // 27: s2a.proto.v2.GetTlsConfigurationResp.ClientTlsConfiguration.alpn_policy:type_name -> s2a.proto.v2.AlpnPolicy
+	27, // 28: s2a.proto.v2.GetTlsConfigurationResp.ServerTlsConfiguration.min_tls_version:type_name -> s2a.proto.v2.TLSVersion
+	27, // 29: s2a.proto.v2.GetTlsConfigurationResp.ServerTlsConfiguration.max_tls_version:type_name -> s2a.proto.v2.TLSVersion
+	28, // 30: s2a.proto.v2.GetTlsConfigurationResp.ServerTlsConfiguration.ciphersuites:type_name -> s2a.proto.v2.Ciphersuite
+	1,  // 31: s2a.proto.v2.GetTlsConfigurationResp.ServerTlsConfiguration.request_client_certificate:type_name -> s2a.proto.v2.GetTlsConfigurationResp.ServerTlsConfiguration.RequestClientCertificate
+	6,  // 32: s2a.proto.v2.GetTlsConfigurationResp.ServerTlsConfiguration.alpn_policy:type_name -> s2a.proto.v2.AlpnPolicy
+	17, // 33: s2a.proto.v2.S2AService.SetUpSession:input_type -> s2a.proto.v2.SessionReq
+	18, // 34: s2a.proto.v2.S2AService.SetUpSession:output_type -> s2a.proto.v2.SessionResp
+	34, // [34:35] is the sub-list for method output_type
+	33, // [33:34] is the sub-list for method input_type
+	33, // [33:33] is the sub-list for extension type_name
+	33, // [33:33] is the sub-list for extension extendee
+	0,  // [0:33] is the sub-list for field type_name
+}
+
+func init() { file_internal_proto_v2_s2a_s2a_proto_init() }
+func file_internal_proto_v2_s2a_s2a_proto_init() {
+	if File_internal_proto_v2_s2a_s2a_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*AlpnPolicy); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*AuthenticationMechanism); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Status); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*GetTlsConfigurationReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*GetTlsConfigurationResp); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*OffloadPrivateKeyOperationReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*OffloadPrivateKeyOperationResp); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*OffloadResumptionKeyOperationReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*OffloadResumptionKeyOperationResp); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ValidatePeerCertificateChainReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ValidatePeerCertificateChainResp); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SessionReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SessionResp); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*GetTlsConfigurationResp_ClientTlsConfiguration); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*GetTlsConfigurationResp_ServerTlsConfiguration); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ValidatePeerCertificateChainReq_ClientPeer); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ValidatePeerCertificateChainReq_ServerPeer); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_internal_proto_v2_s2a_s2a_proto_msgTypes[1].OneofWrappers = []interface{}{
+		(*AuthenticationMechanism_Token)(nil),
+	}
+	file_internal_proto_v2_s2a_s2a_proto_msgTypes[4].OneofWrappers = []interface{}{
+		(*GetTlsConfigurationResp_ClientTlsConfiguration_)(nil),
+		(*GetTlsConfigurationResp_ServerTlsConfiguration_)(nil),
+	}
+	file_internal_proto_v2_s2a_s2a_proto_msgTypes[5].OneofWrappers = []interface{}{
+		(*OffloadPrivateKeyOperationReq_RawBytes)(nil),
+		(*OffloadPrivateKeyOperationReq_Sha256Digest)(nil),
+		(*OffloadPrivateKeyOperationReq_Sha384Digest)(nil),
+		(*OffloadPrivateKeyOperationReq_Sha512Digest)(nil),
+	}
+	file_internal_proto_v2_s2a_s2a_proto_msgTypes[9].OneofWrappers = []interface{}{
+		(*ValidatePeerCertificateChainReq_ClientPeer_)(nil),
+		(*ValidatePeerCertificateChainReq_ServerPeer_)(nil),
+	}
+	file_internal_proto_v2_s2a_s2a_proto_msgTypes[11].OneofWrappers = []interface{}{
+		(*SessionReq_GetTlsConfigurationReq)(nil),
+		(*SessionReq_OffloadPrivateKeyOperationReq)(nil),
+		(*SessionReq_OffloadResumptionKeyOperationReq)(nil),
+		(*SessionReq_ValidatePeerCertificateChainReq)(nil),
+	}
+	file_internal_proto_v2_s2a_s2a_proto_msgTypes[12].OneofWrappers = []interface{}{
+		(*SessionResp_GetTlsConfigurationResp)(nil),
+		(*SessionResp_OffloadPrivateKeyOperationResp)(nil),
+		(*SessionResp_OffloadResumptionKeyOperationResp)(nil),
+		(*SessionResp_ValidatePeerCertificateChainResp)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_internal_proto_v2_s2a_s2a_proto_rawDesc,
+			NumEnums:      6,
+			NumMessages:   17,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_internal_proto_v2_s2a_s2a_proto_goTypes,
+		DependencyIndexes: file_internal_proto_v2_s2a_s2a_proto_depIdxs,
+		EnumInfos:         file_internal_proto_v2_s2a_s2a_proto_enumTypes,
+		MessageInfos:      file_internal_proto_v2_s2a_s2a_proto_msgTypes,
+	}.Build()
+	File_internal_proto_v2_s2a_s2a_proto = out.File
+	file_internal_proto_v2_s2a_s2a_proto_rawDesc = nil
+	file_internal_proto_v2_s2a_s2a_proto_goTypes = nil
+	file_internal_proto_v2_s2a_s2a_proto_depIdxs = nil
+}
diff --git a/vendor/github.com/google/s2a-go/internal/proto/v2/s2a_go_proto/s2a_grpc.pb.go b/vendor/github.com/google/s2a-go/internal/proto/v2/s2a_go_proto/s2a_grpc.pb.go
new file mode 100644
index 000000000..2566df6c3
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/proto/v2/s2a_go_proto/s2a_grpc.pb.go
@@ -0,0 +1,159 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.3.0
+// - protoc             v3.21.12
+// source: internal/proto/v2/s2a/s2a.proto
+
+package s2a_go_proto
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.32.0 or later.
+const _ = grpc.SupportPackageIsVersion7
+
+const (
+	S2AService_SetUpSession_FullMethodName = "/s2a.proto.v2.S2AService/SetUpSession"
+)
+
+// S2AServiceClient is the client API for S2AService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type S2AServiceClient interface {
+	// SetUpSession is a bidirectional stream used by applications to offload
+	// operations from the TLS handshake.
+	SetUpSession(ctx context.Context, opts ...grpc.CallOption) (S2AService_SetUpSessionClient, error)
+}
+
+type s2AServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewS2AServiceClient(cc grpc.ClientConnInterface) S2AServiceClient {
+	return &s2AServiceClient{cc}
+}
+
+func (c *s2AServiceClient) SetUpSession(ctx context.Context, opts ...grpc.CallOption) (S2AService_SetUpSessionClient, error) {
+	stream, err := c.cc.NewStream(ctx, &S2AService_ServiceDesc.Streams[0], S2AService_SetUpSession_FullMethodName, opts...)
+	if err != nil {
+		return nil, err
+	}
+	x := &s2AServiceSetUpSessionClient{stream}
+	return x, nil
+}
+
+type S2AService_SetUpSessionClient interface {
+	Send(*SessionReq) error
+	Recv() (*SessionResp, error)
+	grpc.ClientStream
+}
+
+type s2AServiceSetUpSessionClient struct {
+	grpc.ClientStream
+}
+
+func (x *s2AServiceSetUpSessionClient) Send(m *SessionReq) error {
+	return x.ClientStream.SendMsg(m)
+}
+
+func (x *s2AServiceSetUpSessionClient) Recv() (*SessionResp, error) {
+	m := new(SessionResp)
+	if err := x.ClientStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+// S2AServiceServer is the server API for S2AService service.
+// All implementations must embed UnimplementedS2AServiceServer
+// for forward compatibility
+type S2AServiceServer interface {
+	// SetUpSession is a bidirectional stream used by applications to offload
+	// operations from the TLS handshake.
+	SetUpSession(S2AService_SetUpSessionServer) error
+	mustEmbedUnimplementedS2AServiceServer()
+}
+
+// UnimplementedS2AServiceServer must be embedded to have forward compatible implementations.
+type UnimplementedS2AServiceServer struct {
+}
+
+func (UnimplementedS2AServiceServer) SetUpSession(S2AService_SetUpSessionServer) error {
+	return status.Errorf(codes.Unimplemented, "method SetUpSession not implemented")
+}
+func (UnimplementedS2AServiceServer) mustEmbedUnimplementedS2AServiceServer() {}
+
+// UnsafeS2AServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to S2AServiceServer will
+// result in compilation errors.
+type UnsafeS2AServiceServer interface {
+	mustEmbedUnimplementedS2AServiceServer()
+}
+
+func RegisterS2AServiceServer(s grpc.ServiceRegistrar, srv S2AServiceServer) {
+	s.RegisterService(&S2AService_ServiceDesc, srv)
+}
+
+func _S2AService_SetUpSession_Handler(srv interface{}, stream grpc.ServerStream) error {
+	return srv.(S2AServiceServer).SetUpSession(&s2AServiceSetUpSessionServer{stream})
+}
+
+type S2AService_SetUpSessionServer interface {
+	Send(*SessionResp) error
+	Recv() (*SessionReq, error)
+	grpc.ServerStream
+}
+
+type s2AServiceSetUpSessionServer struct {
+	grpc.ServerStream
+}
+
+func (x *s2AServiceSetUpSessionServer) Send(m *SessionResp) error {
+	return x.ServerStream.SendMsg(m)
+}
+
+func (x *s2AServiceSetUpSessionServer) Recv() (*SessionReq, error) {
+	m := new(SessionReq)
+	if err := x.ServerStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+// S2AService_ServiceDesc is the grpc.ServiceDesc for S2AService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var S2AService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "s2a.proto.v2.S2AService",
+	HandlerType: (*S2AServiceServer)(nil),
+	Methods:     []grpc.MethodDesc{},
+	Streams: []grpc.StreamDesc{
+		{
+			StreamName:    "SetUpSession",
+			Handler:       _S2AService_SetUpSession_Handler,
+			ServerStreams: true,
+			ClientStreams: true,
+		},
+	},
+	Metadata: "internal/proto/v2/s2a/s2a.proto",
+}
diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/aeadcrypter.go b/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/aeadcrypter.go
new file mode 100644
index 000000000..486f4ec4f
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/aeadcrypter.go
@@ -0,0 +1,34 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package aeadcrypter provides the interface for AEAD cipher implementations
+// used by S2A's record protocol.
+package aeadcrypter
+
+// S2AAEADCrypter is the interface for an AEAD cipher used by the S2A record
+// protocol.
+type S2AAEADCrypter interface {
+	// Encrypt encrypts the plaintext and computes the tag of dst and plaintext.
+	// dst and plaintext may fully overlap or not at all.
+	Encrypt(dst, plaintext, nonce, aad []byte) ([]byte, error)
+	// Decrypt decrypts ciphertext and verifies the tag. dst and ciphertext may
+	// fully overlap or not at all.
+	Decrypt(dst, ciphertext, nonce, aad []byte) ([]byte, error)
+	// TagSize returns the tag size in bytes.
+	TagSize() int
+}
diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/aesgcm.go b/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/aesgcm.go
new file mode 100644
index 000000000..85c4e595d
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/aesgcm.go
@@ -0,0 +1,70 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package aeadcrypter
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"fmt"
+)
+
+// Supported key sizes in bytes.
+const (
+	AES128GCMKeySize = 16
+	AES256GCMKeySize = 32
+)
+
+// aesgcm is the struct that holds an AES-GCM cipher for the S2A AEAD crypter.
+type aesgcm struct {
+	aead cipher.AEAD
+}
+
+// NewAESGCM creates an AES-GCM crypter instance. Note that the key must be
+// either 128 bits or 256 bits.
+func NewAESGCM(key []byte) (S2AAEADCrypter, error) {
+	if len(key) != AES128GCMKeySize && len(key) != AES256GCMKeySize {
+		return nil, fmt.Errorf("%d or %d bytes, given: %d", AES128GCMKeySize, AES256GCMKeySize, len(key))
+	}
+	c, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+	a, err := cipher.NewGCM(c)
+	if err != nil {
+		return nil, err
+	}
+	return &aesgcm{aead: a}, nil
+}
+
+// Encrypt is the encryption function. dst can contain bytes at the beginning of
+// the ciphertext that will not be encrypted but will be authenticated. If dst
+// has enough capacity to hold these bytes, the ciphertext and the tag, no
+// allocation and copy operations will be performed. dst and plaintext may
+// fully overlap or not at all.
+func (s *aesgcm) Encrypt(dst, plaintext, nonce, aad []byte) ([]byte, error) {
+	return encrypt(s.aead, dst, plaintext, nonce, aad)
+}
+
+func (s *aesgcm) Decrypt(dst, ciphertext, nonce, aad []byte) ([]byte, error) {
+	return decrypt(s.aead, dst, ciphertext, nonce, aad)
+}
+
+func (s *aesgcm) TagSize() int {
+	return TagSize
+}
diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/chachapoly.go b/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/chachapoly.go
new file mode 100644
index 000000000..214df4ca4
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/chachapoly.go
@@ -0,0 +1,67 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package aeadcrypter
+
+import (
+	"crypto/cipher"
+	"fmt"
+
+	"golang.org/x/crypto/chacha20poly1305"
+)
+
+// Supported key size in bytes.
+const (
+	Chacha20Poly1305KeySize = 32
+)
+
+// chachapoly is the struct that holds a CHACHA-POLY cipher for the S2A AEAD
+// crypter.
+type chachapoly struct {
+	aead cipher.AEAD
+}
+
+// NewChachaPoly creates a Chacha-Poly crypter instance. Note that the key must
+// be Chacha20Poly1305KeySize bytes in length.
+func NewChachaPoly(key []byte) (S2AAEADCrypter, error) {
+	if len(key) != Chacha20Poly1305KeySize {
+		return nil, fmt.Errorf("%d bytes, given: %d", Chacha20Poly1305KeySize, len(key))
+	}
+	c, err := chacha20poly1305.New(key)
+	if err != nil {
+		return nil, err
+	}
+	return &chachapoly{aead: c}, nil
+}
+
+// Encrypt is the encryption function. dst can contain bytes at the beginning of
+// the ciphertext that will not be encrypted but will be authenticated. If dst
+// has enough capacity to hold these bytes, the ciphertext and the tag, no
+// allocation and copy operations will be performed. dst and plaintext may
+// fully overlap or not at all.
+func (s *chachapoly) Encrypt(dst, plaintext, nonce, aad []byte) ([]byte, error) {
+	return encrypt(s.aead, dst, plaintext, nonce, aad)
+}
+
+func (s *chachapoly) Decrypt(dst, ciphertext, nonce, aad []byte) ([]byte, error) {
+	return decrypt(s.aead, dst, ciphertext, nonce, aad)
+}
+
+func (s *chachapoly) TagSize() int {
+	return TagSize
+}
diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/common.go b/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/common.go
new file mode 100644
index 000000000..b3c36ad95
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/common.go
@@ -0,0 +1,92 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package aeadcrypter
+
+import (
+	"crypto/cipher"
+	"fmt"
+)
+
+const (
+	// TagSize is the tag size in bytes for AES-128-GCM-SHA256,
+	// AES-256-GCM-SHA384, and CHACHA20-POLY1305-SHA256.
+	TagSize = 16
+	// NonceSize is the size of the nonce in number of bytes for
+	// AES-128-GCM-SHA256, AES-256-GCM-SHA384, and CHACHA20-POLY1305-SHA256.
+	NonceSize = 12
+	// SHA256DigestSize is the digest size of sha256 in bytes.
+	SHA256DigestSize = 32
+	// SHA384DigestSize is the digest size of sha384 in bytes.
+	SHA384DigestSize = 48
+)
+
+// sliceForAppend takes a slice and a requested number of bytes. It returns a
+// slice with the contents of the given slice followed by that many bytes and a
+// second slice that aliases into it and contains only the extra bytes. If the
+// original slice has sufficient capacity then no allocation is performed.
+func sliceForAppend(in []byte, n int) (head, tail []byte) {
+	if total := len(in) + n; cap(in) >= total {
+		head = in[:total]
+	} else {
+		head = make([]byte, total)
+		copy(head, in)
+	}
+	tail = head[len(in):]
+	return head, tail
+}
+
+// encrypt is the encryption function for an AEAD crypter. aead determines
+// the type of AEAD crypter. dst can contain bytes at the beginning of the
+// ciphertext that will not be encrypted but will be authenticated. If dst has
+// enough capacity to hold these bytes, the ciphertext and the tag, no
+// allocation and copy operations will be performed. dst and plaintext may
+// fully overlap or not at all.
+func encrypt(aead cipher.AEAD, dst, plaintext, nonce, aad []byte) ([]byte, error) {
+	if len(nonce) != NonceSize {
+		return nil, fmt.Errorf("nonce size must be %d bytes. received: %d", NonceSize, len(nonce))
+	}
+	// If we need to allocate an output buffer, we want to include space for
+	// the tag to avoid forcing the caller to reallocate as well.
+	dlen := len(dst)
+	dst, out := sliceForAppend(dst, len(plaintext)+TagSize)
+	data := out[:len(plaintext)]
+	copy(data, plaintext) // data may fully overlap plaintext
+
+	// Seal appends the ciphertext and the tag to its first argument and
+	// returns the updated slice. However, sliceForAppend above ensures that
+	// dst has enough capacity to avoid a reallocation and copy due to the
+	// append.
+	dst = aead.Seal(dst[:dlen], nonce, data, aad)
+	return dst, nil
+}
+
+// decrypt is the decryption function for an AEAD crypter, where aead determines
+// the type of AEAD crypter, and dst the destination bytes for the decrypted
+// ciphertext. The dst buffer may fully overlap with plaintext or not at all.
+func decrypt(aead cipher.AEAD, dst, ciphertext, nonce, aad []byte) ([]byte, error) {
+	if len(nonce) != NonceSize {
+		return nil, fmt.Errorf("nonce size must be %d bytes. received: %d", NonceSize, len(nonce))
+	}
+	// If dst is equal to ciphertext[:0], ciphertext storage is reused.
+	plaintext, err := aead.Open(dst, nonce, ciphertext, aad)
+	if err != nil {
+		return nil, fmt.Errorf("message auth failed: %v", err)
+	}
+	return plaintext, nil
+}
diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/ciphersuite.go b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/ciphersuite.go
new file mode 100644
index 000000000..ddeaa6d77
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/ciphersuite.go
@@ -0,0 +1,98 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package halfconn
+
+import (
+	"crypto/sha256"
+	"crypto/sha512"
+	"fmt"
+	"hash"
+
+	s2apb "github.com/google/s2a-go/internal/proto/common_go_proto"
+	"github.com/google/s2a-go/internal/record/internal/aeadcrypter"
+)
+
+// ciphersuite is the interface for retrieving ciphersuite-specific information
+// and utilities.
+type ciphersuite interface {
+	// keySize returns the key size in bytes. This refers to the key used by
+	// the AEAD crypter. This is derived by calling HKDF expand on the traffic
+	// secret.
+	keySize() int
+	// nonceSize returns the nonce size in bytes.
+	nonceSize() int
+	// trafficSecretSize returns the traffic secret size in bytes. This refers
+	// to the secret used to derive the traffic key and nonce, as specified in
+	// https://tools.ietf.org/html/rfc8446#section-7.
+	trafficSecretSize() int
+	// hashFunction returns the hash function for the ciphersuite.
+	hashFunction() func() hash.Hash
+	// aeadCrypter takes a key and creates an AEAD crypter for the ciphersuite
+	// using that key.
+	aeadCrypter(key []byte) (aeadcrypter.S2AAEADCrypter, error)
+}
+
+func newCiphersuite(ciphersuite s2apb.Ciphersuite) (ciphersuite, error) {
+	switch ciphersuite {
+	case s2apb.Ciphersuite_AES_128_GCM_SHA256:
+		return &aesgcm128sha256{}, nil
+	case s2apb.Ciphersuite_AES_256_GCM_SHA384:
+		return &aesgcm256sha384{}, nil
+	case s2apb.Ciphersuite_CHACHA20_POLY1305_SHA256:
+		return &chachapolysha256{}, nil
+	default:
+		return nil, fmt.Errorf("unrecognized ciphersuite: %v", ciphersuite)
+	}
+}
+
+// aesgcm128sha256 is the AES-128-GCM-SHA256 implementation of the ciphersuite
+// interface.
+type aesgcm128sha256 struct{}
+
+func (aesgcm128sha256) keySize() int                   { return aeadcrypter.AES128GCMKeySize }
+func (aesgcm128sha256) nonceSize() int                 { return aeadcrypter.NonceSize }
+func (aesgcm128sha256) trafficSecretSize() int         { return aeadcrypter.SHA256DigestSize }
+func (aesgcm128sha256) hashFunction() func() hash.Hash { return sha256.New }
+func (aesgcm128sha256) aeadCrypter(key []byte) (aeadcrypter.S2AAEADCrypter, error) {
+	return aeadcrypter.NewAESGCM(key)
+}
+
+// aesgcm256sha384 is the AES-256-GCM-SHA384 implementation of the ciphersuite
+// interface.
+type aesgcm256sha384 struct{}
+
+func (aesgcm256sha384) keySize() int                   { return aeadcrypter.AES256GCMKeySize }
+func (aesgcm256sha384) nonceSize() int                 { return aeadcrypter.NonceSize }
+func (aesgcm256sha384) trafficSecretSize() int         { return aeadcrypter.SHA384DigestSize }
+func (aesgcm256sha384) hashFunction() func() hash.Hash { return sha512.New384 }
+func (aesgcm256sha384) aeadCrypter(key []byte) (aeadcrypter.S2AAEADCrypter, error) {
+	return aeadcrypter.NewAESGCM(key)
+}
+
+// chachapolysha256 is the ChaChaPoly-SHA256 implementation of the ciphersuite
+// interface.
+type chachapolysha256 struct{}
+
+func (chachapolysha256) keySize() int                   { return aeadcrypter.Chacha20Poly1305KeySize }
+func (chachapolysha256) nonceSize() int                 { return aeadcrypter.NonceSize }
+func (chachapolysha256) trafficSecretSize() int         { return aeadcrypter.SHA256DigestSize }
+func (chachapolysha256) hashFunction() func() hash.Hash { return sha256.New }
+func (chachapolysha256) aeadCrypter(key []byte) (aeadcrypter.S2AAEADCrypter, error) {
+	return aeadcrypter.NewChachaPoly(key)
+}
diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/counter.go b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/counter.go
new file mode 100644
index 000000000..9499cdca7
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/counter.go
@@ -0,0 +1,60 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package halfconn
+
+import "errors"
+
+// counter is a 64-bit counter.
+type counter struct {
+	val           uint64
+	hasOverflowed bool
+}
+
+// newCounter creates a new counter with the initial value set to val.
+func newCounter(val uint64) counter {
+	return counter{val: val}
+}
+
+// value returns the current value of the counter.
+func (c *counter) value() (uint64, error) {
+	if c.hasOverflowed {
+		return 0, errors.New("counter has overflowed")
+	}
+	return c.val, nil
+}
+
+// increment increments the counter and checks for overflow.
+func (c *counter) increment() {
+	// If the counter is already invalid due to overflow, there is no need to
+	// increase it. We check for the hasOverflowed flag in the call to value().
+	if c.hasOverflowed {
+		return
+	}
+	c.val++
+	if c.val == 0 {
+		c.hasOverflowed = true
+	}
+}
+
+// reset sets the counter value to zero and sets the hasOverflowed flag to
+// false.
+func (c *counter) reset() {
+	c.val = 0
+	c.hasOverflowed = false
+}
diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/expander.go b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/expander.go
new file mode 100644
index 000000000..e05f2c36a
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/expander.go
@@ -0,0 +1,59 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package halfconn
+
+import (
+	"fmt"
+	"hash"
+
+	"golang.org/x/crypto/hkdf"
+)
+
+// hkdfExpander is the interface for the HKDF expansion function; see
+// https://tools.ietf.org/html/rfc5869 for details. its use in TLS 1.3 is
+// specified in https://tools.ietf.org/html/rfc8446#section-7.2
+type hkdfExpander interface {
+	// expand takes a secret, a label, and the output length in bytes, and
+	// returns the resulting expanded key.
+	expand(secret, label []byte, length int) ([]byte, error)
+}
+
+// defaultHKDFExpander is the default HKDF expander which uses Go's crypto/hkdf
+// for HKDF expansion.
+type defaultHKDFExpander struct {
+	h func() hash.Hash
+}
+
+// newDefaultHKDFExpander creates an instance of the default HKDF expander
+// using the given hash function.
+func newDefaultHKDFExpander(h func() hash.Hash) hkdfExpander {
+	return &defaultHKDFExpander{h: h}
+}
+
+func (d *defaultHKDFExpander) expand(secret, label []byte, length int) ([]byte, error) {
+	outBuf := make([]byte, length)
+	n, err := hkdf.Expand(d.h, secret, label).Read(outBuf)
+	if err != nil {
+		return nil, fmt.Errorf("hkdf.Expand.Read failed with error: %v", err)
+	}
+	if n < length {
+		return nil, fmt.Errorf("hkdf.Expand.Read returned unexpected length, got %d, want %d", n, length)
+	}
+	return outBuf, nil
+}
diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/halfconn.go b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/halfconn.go
new file mode 100644
index 000000000..dff99ff59
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/halfconn.go
@@ -0,0 +1,193 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package halfconn manages the inbound or outbound traffic of a TLS 1.3
+// connection.
+package halfconn
+
+import (
+	"fmt"
+	"sync"
+
+	s2apb "github.com/google/s2a-go/internal/proto/common_go_proto"
+	"github.com/google/s2a-go/internal/record/internal/aeadcrypter"
+	"golang.org/x/crypto/cryptobyte"
+)
+
+// The constants below were taken from Section 7.2 and 7.3 in
+// https://tools.ietf.org/html/rfc8446#section-7. They are used as the label
+// in HKDF-Expand-Label.
+const (
+	tls13Key    = "tls13 key"
+	tls13Nonce  = "tls13 iv"
+	tls13Update = "tls13 traffic upd"
+)
+
+// S2AHalfConnection stores the state of the TLS 1.3 connection in the
+// inbound or outbound direction.
+type S2AHalfConnection struct {
+	cs       ciphersuite
+	expander hkdfExpander
+	// mutex guards sequence, aeadCrypter, trafficSecret, and nonce.
+	mutex         sync.Mutex
+	aeadCrypter   aeadcrypter.S2AAEADCrypter
+	sequence      counter
+	trafficSecret []byte
+	nonce         []byte
+}
+
+// New creates a new instance of S2AHalfConnection given a ciphersuite and a
+// traffic secret.
+func New(ciphersuite s2apb.Ciphersuite, trafficSecret []byte, sequence uint64) (*S2AHalfConnection, error) {
+	cs, err := newCiphersuite(ciphersuite)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create new ciphersuite: %v", ciphersuite)
+	}
+	if cs.trafficSecretSize() != len(trafficSecret) {
+		return nil, fmt.Errorf("supplied traffic secret must be %v bytes, given: %v bytes", cs.trafficSecretSize(), len(trafficSecret))
+	}
+
+	hc := &S2AHalfConnection{cs: cs, expander: newDefaultHKDFExpander(cs.hashFunction()), sequence: newCounter(sequence), trafficSecret: trafficSecret}
+	if err = hc.updateCrypterAndNonce(hc.trafficSecret); err != nil {
+		return nil, fmt.Errorf("failed to create half connection using traffic secret: %v", err)
+	}
+
+	return hc, nil
+}
+
+// Encrypt encrypts the plaintext and computes the tag of dst and plaintext.
+// dst and plaintext may fully overlap or not at all. Note that the sequence
+// number will still be incremented on failure, unless the sequence has
+// overflowed.
+func (hc *S2AHalfConnection) Encrypt(dst, plaintext, aad []byte) ([]byte, error) {
+	hc.mutex.Lock()
+	sequence, err := hc.getAndIncrementSequence()
+	if err != nil {
+		hc.mutex.Unlock()
+		return nil, err
+	}
+	nonce := hc.maskedNonce(sequence)
+	crypter := hc.aeadCrypter
+	hc.mutex.Unlock()
+	return crypter.Encrypt(dst, plaintext, nonce, aad)
+}
+
+// Decrypt decrypts ciphertext and verifies the tag. dst and ciphertext may
+// fully overlap or not at all. Note that the sequence number will still be
+// incremented on failure, unless the sequence has overflowed.
+func (hc *S2AHalfConnection) Decrypt(dst, ciphertext, aad []byte) ([]byte, error) {
+	hc.mutex.Lock()
+	sequence, err := hc.getAndIncrementSequence()
+	if err != nil {
+		hc.mutex.Unlock()
+		return nil, err
+	}
+	nonce := hc.maskedNonce(sequence)
+	crypter := hc.aeadCrypter
+	hc.mutex.Unlock()
+	return crypter.Decrypt(dst, ciphertext, nonce, aad)
+}
+
+// UpdateKey advances the traffic secret key, as specified in
+// https://tools.ietf.org/html/rfc8446#section-7.2. In addition, it derives
+// a new key and nonce, and resets the sequence number.
+func (hc *S2AHalfConnection) UpdateKey() error {
+	hc.mutex.Lock()
+	defer hc.mutex.Unlock()
+
+	var err error
+	hc.trafficSecret, err = hc.deriveSecret(hc.trafficSecret, []byte(tls13Update), hc.cs.trafficSecretSize())
+	if err != nil {
+		return fmt.Errorf("failed to derive traffic secret: %v", err)
+	}
+
+	if err = hc.updateCrypterAndNonce(hc.trafficSecret); err != nil {
+		return fmt.Errorf("failed to update half connection: %v", err)
+	}
+
+	hc.sequence.reset()
+	return nil
+}
+
+// TagSize returns the tag size in bytes of the underlying AEAD crypter.
+func (hc *S2AHalfConnection) TagSize() int {
+	return hc.aeadCrypter.TagSize()
+}
+
+// updateCrypterAndNonce takes a new traffic secret and updates the crypter
+// and nonce. Note that the mutex must be held while calling this function.
+func (hc *S2AHalfConnection) updateCrypterAndNonce(newTrafficSecret []byte) error {
+	key, err := hc.deriveSecret(newTrafficSecret, []byte(tls13Key), hc.cs.keySize())
+	if err != nil {
+		return fmt.Errorf("failed to update key: %v", err)
+	}
+
+	hc.nonce, err = hc.deriveSecret(newTrafficSecret, []byte(tls13Nonce), hc.cs.nonceSize())
+	if err != nil {
+		return fmt.Errorf("failed to update nonce: %v", err)
+	}
+
+	hc.aeadCrypter, err = hc.cs.aeadCrypter(key)
+	if err != nil {
+		return fmt.Errorf("failed to update AEAD crypter: %v", err)
+	}
+	return nil
+}
+
+// getAndIncrement returns the current sequence number and increments it. Note
+// that the mutex must be held while calling this function.
+func (hc *S2AHalfConnection) getAndIncrementSequence() (uint64, error) {
+	sequence, err := hc.sequence.value()
+	if err != nil {
+		return 0, err
+	}
+	hc.sequence.increment()
+	return sequence, nil
+}
+
+// maskedNonce creates a copy of the nonce that is masked with the sequence
+// number. Note that the mutex must be held while calling this function.
+func (hc *S2AHalfConnection) maskedNonce(sequence uint64) []byte {
+	const uint64Size = 8
+	nonce := make([]byte, len(hc.nonce))
+	copy(nonce, hc.nonce)
+	for i := 0; i < uint64Size; i++ {
+		nonce[aeadcrypter.NonceSize-uint64Size+i] ^= byte(sequence >> uint64(56-uint64Size*i))
+	}
+	return nonce
+}
+
+// deriveSecret implements the Derive-Secret function, as specified in
+// https://tools.ietf.org/html/rfc8446#section-7.1.
+func (hc *S2AHalfConnection) deriveSecret(secret, label []byte, length int) ([]byte, error) {
+	var hkdfLabel cryptobyte.Builder
+	hkdfLabel.AddUint16(uint16(length))
+	hkdfLabel.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
+		b.AddBytes(label)
+	})
+	// Append an empty `Context` field to the label, as specified in the RFC.
+	// The half connection does not use the `Context` field.
+	hkdfLabel.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
+		b.AddBytes([]byte(""))
+	})
+	hkdfLabelBytes, err := hkdfLabel.Bytes()
+	if err != nil {
+		return nil, fmt.Errorf("deriveSecret failed: %v", err)
+	}
+	return hc.expander.expand(secret, hkdfLabelBytes, length)
+}
diff --git a/vendor/github.com/google/s2a-go/internal/record/record.go b/vendor/github.com/google/s2a-go/internal/record/record.go
new file mode 100644
index 000000000..c60515510
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/record/record.go
@@ -0,0 +1,757 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package record implements the TLS 1.3 record protocol used by the S2A
+// transport credentials.
+package record
+
+import (
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"math"
+	"net"
+	"sync"
+
+	commonpb "github.com/google/s2a-go/internal/proto/common_go_proto"
+	"github.com/google/s2a-go/internal/record/internal/halfconn"
+	"github.com/google/s2a-go/internal/tokenmanager"
+	"google.golang.org/grpc/grpclog"
+)
+
+// recordType is the `ContentType` as described in
+// https://tools.ietf.org/html/rfc8446#section-5.1.
+type recordType byte
+
+const (
+	alert           recordType = 21
+	handshake       recordType = 22
+	applicationData recordType = 23
+)
+
+// keyUpdateRequest is the `KeyUpdateRequest` as described in
+// https://tools.ietf.org/html/rfc8446#section-4.6.3.
+type keyUpdateRequest byte
+
+const (
+	updateNotRequested keyUpdateRequest = 0
+	updateRequested    keyUpdateRequest = 1
+)
+
+// alertDescription is the `AlertDescription` as described in
+// https://tools.ietf.org/html/rfc8446#section-6.
+type alertDescription byte
+
+const (
+	closeNotify alertDescription = 0
+)
+
+// sessionTicketState is used to determine whether session tickets have not yet
+// been received, are in the process of being received, or have finished
+// receiving.
+type sessionTicketState byte
+
+const (
+	ticketsNotYetReceived sessionTicketState = 0
+	receivingTickets      sessionTicketState = 1
+	notReceivingTickets   sessionTicketState = 2
+)
+
+const (
+	// The TLS 1.3-specific constants below (tlsRecordMaxPlaintextSize,
+	// tlsRecordHeaderSize, tlsRecordTypeSize) were taken from
+	// https://tools.ietf.org/html/rfc8446#section-5.1.
+
+	// tlsRecordMaxPlaintextSize is the maximum size in bytes of the plaintext
+	// in a single TLS 1.3 record.
+	tlsRecordMaxPlaintextSize = 16384 // 2^14
+	// tlsRecordTypeSize is the size in bytes of the TLS 1.3 record type.
+	tlsRecordTypeSize = 1
+	// tlsTagSize is the size in bytes of the tag of the following three
+	// ciphersuites: AES-128-GCM-SHA256, AES-256-GCM-SHA384,
+	// CHACHA20-POLY1305-SHA256.
+	tlsTagSize = 16
+	// tlsRecordMaxPayloadSize is the maximum size in bytes of the payload in a
+	// single TLS 1.3 record. This is the maximum size of the plaintext plus the
+	// record type byte and 16 bytes of the tag.
+	tlsRecordMaxPayloadSize = tlsRecordMaxPlaintextSize + tlsRecordTypeSize + tlsTagSize
+	// tlsRecordHeaderTypeSize is the size in bytes of the TLS 1.3 record
+	// header type.
+	tlsRecordHeaderTypeSize = 1
+	// tlsRecordHeaderLegacyRecordVersionSize is the size in bytes of the TLS
+	// 1.3 record header legacy record version.
+	tlsRecordHeaderLegacyRecordVersionSize = 2
+	// tlsRecordHeaderPayloadLengthSize is the size in bytes of the TLS 1.3
+	// record header payload length.
+	tlsRecordHeaderPayloadLengthSize = 2
+	// tlsRecordHeaderSize is the size in bytes of the TLS 1.3 record header.
+	tlsRecordHeaderSize = tlsRecordHeaderTypeSize + tlsRecordHeaderLegacyRecordVersionSize + tlsRecordHeaderPayloadLengthSize
+	// tlsRecordMaxSize
+	tlsRecordMaxSize = tlsRecordMaxPayloadSize + tlsRecordHeaderSize
+	// tlsApplicationData is the application data type of the TLS 1.3 record
+	// header.
+	tlsApplicationData = 23
+	// tlsLegacyRecordVersion is the legacy record version of the TLS record.
+	tlsLegacyRecordVersion = 3
+	// tlsAlertSize is the size in bytes of an alert of TLS 1.3.
+	tlsAlertSize = 2
+)
+
+const (
+	// These are TLS 1.3 handshake-specific constants.
+
+	// tlsHandshakeNewSessionTicketType is the prefix of a handshake new session
+	// ticket message of TLS 1.3.
+	tlsHandshakeNewSessionTicketType = 4
+	// tlsHandshakeKeyUpdateType is the prefix of a handshake key update message
+	// of TLS 1.3.
+	tlsHandshakeKeyUpdateType = 24
+	// tlsHandshakeMsgTypeSize is the size in bytes of the TLS 1.3 handshake
+	// message type field.
+	tlsHandshakeMsgTypeSize = 1
+	// tlsHandshakeLengthSize is the size in bytes of the TLS 1.3 handshake
+	// message length field.
+	tlsHandshakeLengthSize = 3
+	// tlsHandshakeKeyUpdateMsgSize is the size in bytes of the TLS 1.3
+	// handshake key update message.
+	tlsHandshakeKeyUpdateMsgSize = 1
+	// tlsHandshakePrefixSize is the size in bytes of the prefix of the TLS 1.3
+	// handshake message.
+	tlsHandshakePrefixSize = 4
+	// tlsMaxSessionTicketSize is the maximum size of a NewSessionTicket message
+	// in TLS 1.3. This is the sum of the max sizes of all the fields in the
+	// NewSessionTicket struct specified in
+	// https://tools.ietf.org/html/rfc8446#section-4.6.1.
+	tlsMaxSessionTicketSize = 131338
+)
+
+const (
+	// outBufMaxRecords is the maximum number of records that can fit in the
+	// ourRecordsBuf buffer.
+	outBufMaxRecords = 16
+	// outBufMaxSize is the maximum size (in bytes) of the outRecordsBuf buffer.
+	outBufMaxSize = outBufMaxRecords * tlsRecordMaxSize
+	// maxAllowedTickets is the maximum number of session tickets that are
+	// allowed. The number of tickets are limited to ensure that the size of the
+	// ticket queue does not grow indefinitely. S2A also keeps a limit on the
+	// number of tickets that it caches.
+	maxAllowedTickets = 5
+)
+
+// preConstructedKeyUpdateMsg holds the key update message. This is needed as an
+// optimization so that the same message does not need to be constructed every
+// time a key update message is sent.
+var preConstructedKeyUpdateMsg = buildKeyUpdateRequest()
+
+// conn represents a secured TLS connection. It implements the net.Conn
+// interface.
+type conn struct {
+	net.Conn
+	// inConn is the half connection responsible for decrypting incoming bytes.
+	inConn *halfconn.S2AHalfConnection
+	// outConn is the half connection responsible for encrypting outgoing bytes.
+	outConn *halfconn.S2AHalfConnection
+	// pendingApplicationData holds data that has been read from the connection
+	// and decrypted, but has not yet been returned by Read.
+	pendingApplicationData []byte
+	// unusedBuf holds data read from the network that has not yet been
+	// decrypted. This data might not consist of a complete record. It may
+	// consist of several records, the last of which could be incomplete.
+	unusedBuf []byte
+	// outRecordsBuf is a buffer used to store outgoing TLS records before
+	// they are written to the network.
+	outRecordsBuf []byte
+	// nextRecord stores the next record info in the unusedBuf buffer.
+	nextRecord []byte
+	// overheadSize is the overhead size in bytes of each TLS 1.3 record, which
+	// is computed as overheadSize = header size + record type byte + tag size.
+	// Note that there is no padding by zeros in the overhead calculation.
+	overheadSize int
+	// readMutex guards against concurrent calls to Read. This is required since
+	// Close may be called during a Read.
+	readMutex sync.Mutex
+	// writeMutex guards against concurrent calls to Write. This is required
+	// since Close may be called during a Write, and also because a key update
+	// message may be written during a Read.
+	writeMutex sync.Mutex
+	// handshakeBuf holds handshake messages while they are being processed.
+	handshakeBuf []byte
+	// ticketState is the current processing state of the session tickets.
+	ticketState sessionTicketState
+	// sessionTickets holds the completed session tickets until they are sent to
+	// the handshaker service for processing.
+	sessionTickets [][]byte
+	// ticketSender sends session tickets to the S2A handshaker service.
+	ticketSender s2aTicketSender
+	// callComplete is a channel that blocks closing the record protocol until a
+	// pending call to the S2A completes.
+	callComplete chan bool
+}
+
+// ConnParameters holds the parameters used for creating a new conn object.
+type ConnParameters struct {
+	// NetConn is the TCP connection to the peer. This parameter is required.
+	NetConn net.Conn
+	// Ciphersuite is the TLS ciphersuite negotiated by the S2A handshaker
+	// service. This parameter is required.
+	Ciphersuite commonpb.Ciphersuite
+	// TLSVersion is the TLS version number negotiated by the S2A handshaker
+	// service. This parameter is required.
+	TLSVersion commonpb.TLSVersion
+	// InTrafficSecret is the traffic secret used to derive the session key for
+	// the inbound direction. This parameter is required.
+	InTrafficSecret []byte
+	// OutTrafficSecret is the traffic secret used to derive the session key
+	// for the outbound direction. This parameter is required.
+	OutTrafficSecret []byte
+	// UnusedBuf is the data read from the network that has not yet been
+	// decrypted. This parameter is optional. If not provided, then no
+	// application data was sent in the same flight of messages as the final
+	// handshake message.
+	UnusedBuf []byte
+	// InSequence is the sequence number of the next, incoming, TLS record.
+	// This parameter is required.
+	InSequence uint64
+	// OutSequence is the sequence number of the next, outgoing, TLS record.
+	// This parameter is required.
+	OutSequence uint64
+	// HSAddr stores the address of the S2A handshaker service. This parameter
+	// is optional. If not provided, then TLS resumption is disabled.
+	HSAddr string
+	// ConnectionId is the connection identifier that was created and sent by
+	// S2A at the end of a handshake.
+	ConnectionID uint64
+	// LocalIdentity is the local identity that was used by S2A during session
+	// setup and included in the session result.
+	LocalIdentity *commonpb.Identity
+	// EnsureProcessSessionTickets allows users to wait and ensure that all
+	// available session tickets are sent to S2A before a process completes.
+	EnsureProcessSessionTickets *sync.WaitGroup
+}
+
+// NewConn creates a TLS record protocol that wraps the TCP connection.
+func NewConn(o *ConnParameters) (net.Conn, error) {
+	if o == nil {
+		return nil, errors.New("conn options must not be nil")
+	}
+	if o.TLSVersion != commonpb.TLSVersion_TLS1_3 {
+		return nil, errors.New("TLS version must be TLS 1.3")
+	}
+
+	inConn, err := halfconn.New(o.Ciphersuite, o.InTrafficSecret, o.InSequence)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create inbound half connection: %v", err)
+	}
+	outConn, err := halfconn.New(o.Ciphersuite, o.OutTrafficSecret, o.OutSequence)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create outbound half connection: %v", err)
+	}
+
+	// The tag size for the in/out connections should be the same.
+	overheadSize := tlsRecordHeaderSize + tlsRecordTypeSize + inConn.TagSize()
+	var unusedBuf []byte
+	if o.UnusedBuf == nil {
+		// We pre-allocate unusedBuf to be of size
+		// 2*tlsRecordMaxSize-1 during initialization. We only read from the
+		// network into unusedBuf when unusedBuf does not contain a complete
+		// record and the incomplete record is at most tlsRecordMaxSize-1
+		// (bytes). And we read at most tlsRecordMaxSize bytes of data from the
+		// network into unusedBuf at one time. Therefore, 2*tlsRecordMaxSize-1
+		// is large enough to buffer data read from the network.
+		unusedBuf = make([]byte, 0, 2*tlsRecordMaxSize-1)
+	} else {
+		unusedBuf = make([]byte, len(o.UnusedBuf))
+		copy(unusedBuf, o.UnusedBuf)
+	}
+
+	tokenManager, err := tokenmanager.NewSingleTokenAccessTokenManager()
+	if err != nil {
+		grpclog.Infof("failed to create single token access token manager: %v", err)
+	}
+
+	s2aConn := &conn{
+		Conn:          o.NetConn,
+		inConn:        inConn,
+		outConn:       outConn,
+		unusedBuf:     unusedBuf,
+		outRecordsBuf: make([]byte, tlsRecordMaxSize),
+		nextRecord:    unusedBuf,
+		overheadSize:  overheadSize,
+		ticketState:   ticketsNotYetReceived,
+		// Pre-allocate the buffer for one session ticket message and the max
+		// plaintext size. This is the largest size that handshakeBuf will need
+		// to hold. The largest incomplete handshake message is the
+		// [handshake header size] + [max session ticket size] - 1.
+		// Then, tlsRecordMaxPlaintextSize is the maximum size that will be
+		// appended to the handshakeBuf before the handshake message is
+		// completed. Therefore, the buffer size below should be large enough to
+		// buffer any handshake messages.
+		handshakeBuf: make([]byte, 0, tlsHandshakePrefixSize+tlsMaxSessionTicketSize+tlsRecordMaxPlaintextSize-1),
+		ticketSender: &ticketSender{
+			hsAddr:                      o.HSAddr,
+			connectionID:                o.ConnectionID,
+			localIdentity:               o.LocalIdentity,
+			tokenManager:                tokenManager,
+			ensureProcessSessionTickets: o.EnsureProcessSessionTickets,
+		},
+		callComplete: make(chan bool),
+	}
+	return s2aConn, nil
+}
+
+// Read reads and decrypts a TLS 1.3 record from the underlying connection, and
+// copies any application data received from the peer into b. If the size of the
+// payload is greater than len(b), Read retains the remaining bytes in an
+// internal buffer, and subsequent calls to Read will read from this buffer
+// until it is exhausted. At most 1 TLS record worth of application data is
+// written to b for each call to Read.
+//
+// Note that for the user to efficiently call this method, the user should
+// ensure that the buffer b is allocated such that the buffer does not have any
+// unused segments. This can be done by calling Read via io.ReadFull, which
+// continually calls Read until the specified buffer has been filled. Also note
+// that the user should close the connection via Close() if an error is thrown
+// by a call to Read.
+func (p *conn) Read(b []byte) (n int, err error) {
+	p.readMutex.Lock()
+	defer p.readMutex.Unlock()
+	// Check if p.pendingApplication data has leftover application data from
+	// the previous call to Read.
+	if len(p.pendingApplicationData) == 0 {
+		// Read a full record from the wire.
+		record, err := p.readFullRecord()
+		if err != nil {
+			return 0, err
+		}
+		// Now we have a complete record, so split the header and validate it
+		// The TLS record is split into 2 pieces: the record header and the
+		// payload. The payload has the following form:
+		// [payload] = [ciphertext of application data]
+		//           + [ciphertext of record type byte]
+		//           + [(optionally) ciphertext of padding by zeros]
+		//           + [tag]
+		header, payload, err := splitAndValidateHeader(record)
+		if err != nil {
+			return 0, err
+		}
+		// Decrypt the ciphertext.
+		p.pendingApplicationData, err = p.inConn.Decrypt(payload[:0], payload, header)
+		if err != nil {
+			return 0, err
+		}
+		// Remove the padding by zeros and the record type byte from the
+		// p.pendingApplicationData buffer.
+		msgType, err := p.stripPaddingAndType()
+		if err != nil {
+			return 0, err
+		}
+		// Check that the length of the plaintext after stripping the padding
+		// and record type byte is under the maximum plaintext size.
+		if len(p.pendingApplicationData) > tlsRecordMaxPlaintextSize {
+			return 0, errors.New("plaintext size larger than maximum")
+		}
+		// The expected message types are application data, alert, and
+		// handshake. For application data, the bytes are directly copied into
+		// b. For an alert, the type of the alert is checked and the connection
+		// is closed on a close notify alert. For a handshake message, the
+		// handshake message type is checked. The handshake message type can be
+		// a key update type, for which we advance the traffic secret, and a
+		// new session ticket type, for which we send the received ticket to S2A
+		// for processing.
+		switch msgType {
+		case applicationData:
+			if len(p.handshakeBuf) > 0 {
+				return 0, errors.New("application data received while processing fragmented handshake messages")
+			}
+			if p.ticketState == receivingTickets {
+				p.ticketState = notReceivingTickets
+				grpclog.Infof("Sending session tickets to S2A.")
+				p.ticketSender.sendTicketsToS2A(p.sessionTickets, p.callComplete)
+			}
+		case alert:
+			return 0, p.handleAlertMessage()
+		case handshake:
+			if err = p.handleHandshakeMessage(); err != nil {
+				return 0, err
+			}
+			return 0, nil
+		default:
+			return 0, errors.New("unknown record type")
+		}
+	}
+	// Write as much application data as possible to b, the output buffer.
+	n = copy(b, p.pendingApplicationData)
+	p.pendingApplicationData = p.pendingApplicationData[n:]
+	return n, nil
+}
+
+// Write divides b into segments of size tlsRecordMaxPlaintextSize, builds a
+// TLS 1.3 record (of type "application data") from each segment, and sends
+// the record to the peer. It returns the number of plaintext bytes that were
+// successfully sent to the peer.
+func (p *conn) Write(b []byte) (n int, err error) {
+	p.writeMutex.Lock()
+	defer p.writeMutex.Unlock()
+	return p.writeTLSRecord(b, tlsApplicationData)
+}
+
+// writeTLSRecord divides b into segments of size maxPlaintextBytesPerRecord,
+// builds a TLS 1.3 record (of type recordType) from each segment, and sends
+// the record to the peer. It returns the number of plaintext bytes that were
+// successfully sent to the peer.
+func (p *conn) writeTLSRecord(b []byte, recordType byte) (n int, err error) {
+	// Create a record of only header, record type, and tag if given empty
+	// byte array.
+	if len(b) == 0 {
+		recordEndIndex, _, err := p.buildRecord(b, recordType, 0)
+		if err != nil {
+			return 0, err
+		}
+
+		// Write the bytes stored in outRecordsBuf to p.Conn. Since we return
+		// the number of plaintext bytes written without overhead, we will
+		// always return 0 while p.Conn.Write returns the entire record length.
+		_, err = p.Conn.Write(p.outRecordsBuf[:recordEndIndex])
+		return 0, err
+	}
+
+	numRecords := int(math.Ceil(float64(len(b)) / float64(tlsRecordMaxPlaintextSize)))
+	totalRecordsSize := len(b) + numRecords*p.overheadSize
+	partialBSize := len(b)
+	if totalRecordsSize > outBufMaxSize {
+		totalRecordsSize = outBufMaxSize
+		partialBSize = outBufMaxRecords * tlsRecordMaxPlaintextSize
+	}
+	if len(p.outRecordsBuf) < totalRecordsSize {
+		p.outRecordsBuf = make([]byte, totalRecordsSize)
+	}
+	for bStart := 0; bStart < len(b); bStart += partialBSize {
+		bEnd := bStart + partialBSize
+		if bEnd > len(b) {
+			bEnd = len(b)
+		}
+		partialB := b[bStart:bEnd]
+		recordEndIndex := 0
+		for len(partialB) > 0 {
+			recordEndIndex, partialB, err = p.buildRecord(partialB, recordType, recordEndIndex)
+			if err != nil {
+				// Return the amount of bytes written prior to the error.
+				return bStart, err
+			}
+		}
+		// Write the bytes stored in outRecordsBuf to p.Conn. If there is an
+		// error, calculate the total number of plaintext bytes of complete
+		// records successfully written to the peer and return it.
+		nn, err := p.Conn.Write(p.outRecordsBuf[:recordEndIndex])
+		if err != nil {
+			numberOfCompletedRecords := int(math.Floor(float64(nn) / float64(tlsRecordMaxSize)))
+			return bStart + numberOfCompletedRecords*tlsRecordMaxPlaintextSize, err
+		}
+	}
+	return len(b), nil
+}
+
+// buildRecord builds a TLS 1.3 record of type recordType from plaintext,
+// and writes the record to outRecordsBuf at recordStartIndex. The record will
+// have at most tlsRecordMaxPlaintextSize bytes of payload. It returns the
+// index of outRecordsBuf where the current record ends, as well as any
+// remaining plaintext bytes.
+func (p *conn) buildRecord(plaintext []byte, recordType byte, recordStartIndex int) (n int, remainingPlaintext []byte, err error) {
+	// Construct the payload, which consists of application data and record type.
+	dataLen := len(plaintext)
+	if dataLen > tlsRecordMaxPlaintextSize {
+		dataLen = tlsRecordMaxPlaintextSize
+	}
+	remainingPlaintext = plaintext[dataLen:]
+	newRecordBuf := p.outRecordsBuf[recordStartIndex:]
+
+	copy(newRecordBuf[tlsRecordHeaderSize:], plaintext[:dataLen])
+	newRecordBuf[tlsRecordHeaderSize+dataLen] = recordType
+	payload := newRecordBuf[tlsRecordHeaderSize : tlsRecordHeaderSize+dataLen+1] // 1 is for the recordType.
+	// Construct the header.
+	newRecordBuf[0] = tlsApplicationData
+	newRecordBuf[1] = tlsLegacyRecordVersion
+	newRecordBuf[2] = tlsLegacyRecordVersion
+	binary.BigEndian.PutUint16(newRecordBuf[3:], uint16(len(payload)+tlsTagSize))
+	header := newRecordBuf[:tlsRecordHeaderSize]
+
+	// Encrypt the payload using header as aad.
+	encryptedPayload, err := p.outConn.Encrypt(newRecordBuf[tlsRecordHeaderSize:][:0], payload, header)
+	if err != nil {
+		return 0, plaintext, err
+	}
+	recordStartIndex += len(header) + len(encryptedPayload)
+	return recordStartIndex, remainingPlaintext, nil
+}
+
+func (p *conn) Close() error {
+	p.readMutex.Lock()
+	defer p.readMutex.Unlock()
+	p.writeMutex.Lock()
+	defer p.writeMutex.Unlock()
+	// If p.ticketState is equal to notReceivingTickets, then S2A has
+	// been sent a flight of session tickets, and we must wait for the
+	// call to S2A to complete before closing the record protocol.
+	if p.ticketState == notReceivingTickets {
+		<-p.callComplete
+		grpclog.Infof("Safe to close the connection because sending tickets to S2A is (already) complete.")
+	}
+	return p.Conn.Close()
+}
+
+// stripPaddingAndType strips the padding by zeros and record type from
+// p.pendingApplicationData and returns the record type. Note that
+// p.pendingApplicationData should be of the form:
+// [application data] + [record type byte] + [trailing zeros]
+func (p *conn) stripPaddingAndType() (recordType, error) {
+	if len(p.pendingApplicationData) == 0 {
+		return 0, errors.New("application data had length 0")
+	}
+	i := len(p.pendingApplicationData) - 1
+	// Search for the index of the record type byte.
+	for i > 0 {
+		if p.pendingApplicationData[i] != 0 {
+			break
+		}
+		i--
+	}
+	rt := recordType(p.pendingApplicationData[i])
+	p.pendingApplicationData = p.pendingApplicationData[:i]
+	return rt, nil
+}
+
+// readFullRecord reads from the wire until a record is completed and returns
+// the full record.
+func (p *conn) readFullRecord() (fullRecord []byte, err error) {
+	fullRecord, p.nextRecord, err = parseReadBuffer(p.nextRecord, tlsRecordMaxPayloadSize)
+	if err != nil {
+		return nil, err
+	}
+	// Check whether the next record to be decrypted has been completely
+	// received.
+	if len(fullRecord) == 0 {
+		copy(p.unusedBuf, p.nextRecord)
+		p.unusedBuf = p.unusedBuf[:len(p.nextRecord)]
+		// Always copy next incomplete record to the beginning of the
+		// unusedBuf buffer and reset nextRecord to it.
+		p.nextRecord = p.unusedBuf
+	}
+	// Keep reading from the wire until we have a complete record.
+	for len(fullRecord) == 0 {
+		if len(p.unusedBuf) == cap(p.unusedBuf) {
+			tmp := make([]byte, len(p.unusedBuf), cap(p.unusedBuf)+tlsRecordMaxSize)
+			copy(tmp, p.unusedBuf)
+			p.unusedBuf = tmp
+		}
+		n, err := p.Conn.Read(p.unusedBuf[len(p.unusedBuf):min(cap(p.unusedBuf), len(p.unusedBuf)+tlsRecordMaxSize)])
+		if err != nil {
+			return nil, err
+		}
+		p.unusedBuf = p.unusedBuf[:len(p.unusedBuf)+n]
+		fullRecord, p.nextRecord, err = parseReadBuffer(p.unusedBuf, tlsRecordMaxPayloadSize)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return fullRecord, nil
+}
+
+// parseReadBuffer parses the provided buffer and returns a full record and any
+// remaining bytes in that buffer. If the record is incomplete, nil is returned
+// for the first return value and the given byte buffer is returned for the
+// second return value. The length of the payload specified by the header should
+// not be greater than maxLen, otherwise an error is returned. Note that this
+// function does not allocate or copy any buffers.
+func parseReadBuffer(b []byte, maxLen uint16) (fullRecord, remaining []byte, err error) {
+	// If the header is not complete, return the provided buffer as remaining
+	// buffer.
+	if len(b) < tlsRecordHeaderSize {
+		return nil, b, nil
+	}
+	msgLenField := b[tlsRecordHeaderTypeSize+tlsRecordHeaderLegacyRecordVersionSize : tlsRecordHeaderSize]
+	length := binary.BigEndian.Uint16(msgLenField)
+	if length > maxLen {
+		return nil, nil, fmt.Errorf("record length larger than the limit %d", maxLen)
+	}
+	if len(b) < int(length)+tlsRecordHeaderSize {
+		// Record is not complete yet.
+		return nil, b, nil
+	}
+	return b[:tlsRecordHeaderSize+length], b[tlsRecordHeaderSize+length:], nil
+}
+
+// splitAndValidateHeader splits the header from the payload in the TLS 1.3
+// record and returns them. Note that the header is checked for validity, and an
+// error is returned when an invalid header is parsed. Also note that this
+// function does not allocate or copy any buffers.
+func splitAndValidateHeader(record []byte) (header, payload []byte, err error) {
+	if len(record) < tlsRecordHeaderSize {
+		return nil, nil, fmt.Errorf("record was smaller than the header size")
+	}
+	header = record[:tlsRecordHeaderSize]
+	payload = record[tlsRecordHeaderSize:]
+	if header[0] != tlsApplicationData {
+		return nil, nil, fmt.Errorf("incorrect type in the header")
+	}
+	// Check the legacy record version, which should be 0x03, 0x03.
+	if header[1] != 0x03 || header[2] != 0x03 {
+		return nil, nil, fmt.Errorf("incorrect legacy record version in the header")
+	}
+	return header, payload, nil
+}
+
+// handleAlertMessage handles an alert message.
+func (p *conn) handleAlertMessage() error {
+	if len(p.pendingApplicationData) != tlsAlertSize {
+		return errors.New("invalid alert message size")
+	}
+	alertType := p.pendingApplicationData[1]
+	// Clear the body of the alert message.
+	p.pendingApplicationData = p.pendingApplicationData[:0]
+	if alertType == byte(closeNotify) {
+		return errors.New("received a close notify alert")
+	}
+	// TODO(matthewstevenson88): Add support for more alert types.
+	return fmt.Errorf("received an unrecognized alert type: %v", alertType)
+}
+
+// parseHandshakeHeader parses a handshake message from the handshake buffer.
+// It returns the message type, the message length, the message, the raw message
+// that includes the type and length bytes and a flag indicating whether the
+// handshake message has been fully parsed. i.e. whether the entire handshake
+// message was in the handshake buffer.
+func (p *conn) parseHandshakeMsg() (msgType byte, msgLen uint32, msg []byte, rawMsg []byte, ok bool) {
+	// Handle the case where the 4 byte handshake header is fragmented.
+	if len(p.handshakeBuf) < tlsHandshakePrefixSize {
+		return 0, 0, nil, nil, false
+	}
+	msgType = p.handshakeBuf[0]
+	msgLen = bigEndianInt24(p.handshakeBuf[tlsHandshakeMsgTypeSize : tlsHandshakeMsgTypeSize+tlsHandshakeLengthSize])
+	if msgLen > uint32(len(p.handshakeBuf)-tlsHandshakePrefixSize) {
+		return 0, 0, nil, nil, false
+	}
+	msg = p.handshakeBuf[tlsHandshakePrefixSize : tlsHandshakePrefixSize+msgLen]
+	rawMsg = p.handshakeBuf[:tlsHandshakeMsgTypeSize+tlsHandshakeLengthSize+msgLen]
+	p.handshakeBuf = p.handshakeBuf[tlsHandshakePrefixSize+msgLen:]
+	return msgType, msgLen, msg, rawMsg, true
+}
+
+// handleHandshakeMessage handles a handshake message. Note that the first
+// complete handshake message from the handshake buffer is removed, if it
+// exists.
+func (p *conn) handleHandshakeMessage() error {
+	// Copy the pending application data to the handshake buffer. At this point,
+	// we are guaranteed that the pending application data contains only parts
+	// of a handshake message.
+	p.handshakeBuf = append(p.handshakeBuf, p.pendingApplicationData...)
+	p.pendingApplicationData = p.pendingApplicationData[:0]
+	// Several handshake messages may be coalesced into a single record.
+	// Continue reading them until the handshake buffer is empty.
+	for len(p.handshakeBuf) > 0 {
+		handshakeMsgType, msgLen, msg, rawMsg, ok := p.parseHandshakeMsg()
+		if !ok {
+			// The handshake could not be fully parsed, so read in another
+			// record and try again later.
+			break
+		}
+		switch handshakeMsgType {
+		case tlsHandshakeKeyUpdateType:
+			if msgLen != tlsHandshakeKeyUpdateMsgSize {
+				return errors.New("invalid handshake key update message length")
+			}
+			if len(p.handshakeBuf) != 0 {
+				return errors.New("key update message must be the last message of a handshake record")
+			}
+			if err := p.handleKeyUpdateMsg(msg); err != nil {
+				return err
+			}
+		case tlsHandshakeNewSessionTicketType:
+			// Ignore tickets that are received after a batch of tickets has
+			// been sent to S2A.
+			if p.ticketState == notReceivingTickets {
+				continue
+			}
+			if p.ticketState == ticketsNotYetReceived {
+				p.ticketState = receivingTickets
+			}
+			p.sessionTickets = append(p.sessionTickets, rawMsg)
+			if len(p.sessionTickets) == maxAllowedTickets {
+				p.ticketState = notReceivingTickets
+				grpclog.Infof("Sending session tickets to S2A.")
+				p.ticketSender.sendTicketsToS2A(p.sessionTickets, p.callComplete)
+			}
+		default:
+			return errors.New("unknown handshake message type")
+		}
+	}
+	return nil
+}
+
+func buildKeyUpdateRequest() []byte {
+	b := make([]byte, tlsHandshakePrefixSize+tlsHandshakeKeyUpdateMsgSize)
+	b[0] = tlsHandshakeKeyUpdateType
+	b[1] = 0
+	b[2] = 0
+	b[3] = tlsHandshakeKeyUpdateMsgSize
+	b[4] = byte(updateNotRequested)
+	return b
+}
+
+// handleKeyUpdateMsg handles a key update message.
+func (p *conn) handleKeyUpdateMsg(msg []byte) error {
+	keyUpdateRequest := msg[0]
+	if keyUpdateRequest != byte(updateNotRequested) &&
+		keyUpdateRequest != byte(updateRequested) {
+		return errors.New("invalid handshake key update message")
+	}
+	if err := p.inConn.UpdateKey(); err != nil {
+		return err
+	}
+	// Send a key update message back to the peer if requested.
+	if keyUpdateRequest == byte(updateRequested) {
+		p.writeMutex.Lock()
+		defer p.writeMutex.Unlock()
+		n, err := p.writeTLSRecord(preConstructedKeyUpdateMsg, byte(handshake))
+		if err != nil {
+			return err
+		}
+		if n != tlsHandshakePrefixSize+tlsHandshakeKeyUpdateMsgSize {
+			return errors.New("key update request message wrote less bytes than expected")
+		}
+		if err = p.outConn.UpdateKey(); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// bidEndianInt24 converts the given byte buffer of at least size 3 and
+// outputs the resulting 24 bit integer as a uint32. This is needed because
+// TLS 1.3 requires 3 byte integers, and the binary.BigEndian package does
+// not provide a way to transform a byte buffer into a 3 byte integer.
+func bigEndianInt24(b []byte) uint32 {
+	_ = b[2] // bounds check hint to compiler; see golang.org/issue/14808
+	return uint32(b[2]) | uint32(b[1])<<8 | uint32(b[0])<<16
+}
+
+func min(a, b int) int {
+	if a < b {
+		return a
+	}
+	return b
+}
diff --git a/vendor/github.com/google/s2a-go/internal/record/ticketsender.go b/vendor/github.com/google/s2a-go/internal/record/ticketsender.go
new file mode 100644
index 000000000..33fa3c55d
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/record/ticketsender.go
@@ -0,0 +1,176 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package record
+
+import (
+	"context"
+	"fmt"
+	"sync"
+	"time"
+
+	"github.com/google/s2a-go/internal/handshaker/service"
+	commonpb "github.com/google/s2a-go/internal/proto/common_go_proto"
+	s2apb "github.com/google/s2a-go/internal/proto/s2a_go_proto"
+	"github.com/google/s2a-go/internal/tokenmanager"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/grpclog"
+)
+
+// sessionTimeout is the timeout for creating a session with the S2A handshaker
+// service.
+const sessionTimeout = time.Second * 5
+
+// s2aTicketSender sends session tickets to the S2A handshaker service.
+type s2aTicketSender interface {
+	// sendTicketsToS2A sends the given session tickets to the S2A handshaker
+	// service.
+	sendTicketsToS2A(sessionTickets [][]byte, callComplete chan bool)
+}
+
+// ticketStream is the stream used to send and receive session information.
+type ticketStream interface {
+	Send(*s2apb.SessionReq) error
+	Recv() (*s2apb.SessionResp, error)
+}
+
+type ticketSender struct {
+	// hsAddr stores the address of the S2A handshaker service.
+	hsAddr string
+	// connectionID is the connection identifier that was created and sent by
+	// S2A at the end of a handshake.
+	connectionID uint64
+	// localIdentity is the local identity that was used by S2A during session
+	// setup and included in the session result.
+	localIdentity *commonpb.Identity
+	// tokenManager manages access tokens for authenticating to S2A.
+	tokenManager tokenmanager.AccessTokenManager
+	// ensureProcessSessionTickets allows users to wait and ensure that all
+	// available session tickets are sent to S2A before a process completes.
+	ensureProcessSessionTickets *sync.WaitGroup
+}
+
+// sendTicketsToS2A sends the given sessionTickets to the S2A handshaker
+// service. This is done asynchronously and writes to the error logs if an error
+// occurs.
+func (t *ticketSender) sendTicketsToS2A(sessionTickets [][]byte, callComplete chan bool) {
+	// Note that the goroutine is in the function rather than at the caller
+	// because the fake ticket sender used for testing must run synchronously
+	// so that the session tickets can be accessed from it after the tests have
+	// been run.
+	if t.ensureProcessSessionTickets != nil {
+		t.ensureProcessSessionTickets.Add(1)
+	}
+	go func() {
+		if err := func() error {
+			defer func() {
+				if t.ensureProcessSessionTickets != nil {
+					t.ensureProcessSessionTickets.Done()
+				}
+			}()
+			hsConn, err := service.Dial(t.hsAddr)
+			if err != nil {
+				return err
+			}
+			client := s2apb.NewS2AServiceClient(hsConn)
+			ctx, cancel := context.WithTimeout(context.Background(), sessionTimeout)
+			defer cancel()
+			session, err := client.SetUpSession(ctx)
+			if err != nil {
+				return err
+			}
+			defer func() {
+				if err := session.CloseSend(); err != nil {
+					grpclog.Error(err)
+				}
+			}()
+			return t.writeTicketsToStream(session, sessionTickets)
+		}(); err != nil {
+			grpclog.Errorf("failed to send resumption tickets to S2A with identity: %v, %v",
+				t.localIdentity, err)
+		}
+		callComplete <- true
+		close(callComplete)
+	}()
+}
+
+// writeTicketsToStream writes the given session tickets to the given stream.
+func (t *ticketSender) writeTicketsToStream(stream ticketStream, sessionTickets [][]byte) error {
+	if err := stream.Send(
+		&s2apb.SessionReq{
+			ReqOneof: &s2apb.SessionReq_ResumptionTicket{
+				ResumptionTicket: &s2apb.ResumptionTicketReq{
+					InBytes:       sessionTickets,
+					ConnectionId:  t.connectionID,
+					LocalIdentity: t.localIdentity,
+				},
+			},
+			AuthMechanisms: t.getAuthMechanisms(),
+		},
+	); err != nil {
+		return err
+	}
+	sessionResp, err := stream.Recv()
+	if err != nil {
+		return err
+	}
+	if sessionResp.GetStatus().GetCode() != uint32(codes.OK) {
+		return fmt.Errorf("s2a session ticket response had error status: %v, %v",
+			sessionResp.GetStatus().GetCode(), sessionResp.GetStatus().GetDetails())
+	}
+	return nil
+}
+
+func (t *ticketSender) getAuthMechanisms() []*s2apb.AuthenticationMechanism {
+	if t.tokenManager == nil {
+		return nil
+	}
+	// First handle the special case when no local identity has been provided
+	// by the application. In this case, an AuthenticationMechanism with no local
+	// identity will be sent.
+	if t.localIdentity == nil {
+		token, err := t.tokenManager.DefaultToken()
+		if err != nil {
+			grpclog.Infof("unable to get token for empty local identity: %v", err)
+			return nil
+		}
+		return []*s2apb.AuthenticationMechanism{
+			{
+				MechanismOneof: &s2apb.AuthenticationMechanism_Token{
+					Token: token,
+				},
+			},
+		}
+	}
+
+	// Next, handle the case where the application (or the S2A) has specified
+	// a local identity.
+	token, err := t.tokenManager.Token(t.localIdentity)
+	if err != nil {
+		grpclog.Infof("unable to get token for local identity %v: %v", t.localIdentity, err)
+		return nil
+	}
+	return []*s2apb.AuthenticationMechanism{
+		{
+			Identity: t.localIdentity,
+			MechanismOneof: &s2apb.AuthenticationMechanism_Token{
+				Token: token,
+			},
+		},
+	}
+}
diff --git a/vendor/github.com/google/s2a-go/internal/tokenmanager/tokenmanager.go b/vendor/github.com/google/s2a-go/internal/tokenmanager/tokenmanager.go
new file mode 100644
index 000000000..ec96ba3b6
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/tokenmanager/tokenmanager.go
@@ -0,0 +1,70 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package tokenmanager provides tokens for authenticating to S2A.
+package tokenmanager
+
+import (
+	"fmt"
+	"os"
+
+	commonpb "github.com/google/s2a-go/internal/proto/common_go_proto"
+)
+
+const (
+	s2aAccessTokenEnvironmentVariable = "S2A_ACCESS_TOKEN"
+)
+
+// AccessTokenManager manages tokens for authenticating to S2A.
+type AccessTokenManager interface {
+	// DefaultToken returns a token that an application with no specified local
+	// identity must use to authenticate to S2A.
+	DefaultToken() (token string, err error)
+	// Token returns a token that an application with local identity equal to
+	// identity must use to authenticate to S2A.
+	Token(identity *commonpb.Identity) (token string, err error)
+}
+
+type singleTokenAccessTokenManager struct {
+	token string
+}
+
+// NewSingleTokenAccessTokenManager returns a new AccessTokenManager instance
+// that will always manage the same token.
+//
+// The token to be managed is read from the s2aAccessTokenEnvironmentVariable
+// environment variable. If this environment variable is not set, then this
+// function returns an error.
+func NewSingleTokenAccessTokenManager() (AccessTokenManager, error) {
+	token, variableExists := os.LookupEnv(s2aAccessTokenEnvironmentVariable)
+	if !variableExists {
+		return nil, fmt.Errorf("%s environment variable is not set", s2aAccessTokenEnvironmentVariable)
+	}
+	return &singleTokenAccessTokenManager{token: token}, nil
+}
+
+// DefaultToken always returns the token managed by the
+// singleTokenAccessTokenManager.
+func (m *singleTokenAccessTokenManager) DefaultToken() (string, error) {
+	return m.token, nil
+}
+
+// Token always returns the token managed by the singleTokenAccessTokenManager.
+func (m *singleTokenAccessTokenManager) Token(*commonpb.Identity) (string, error) {
+	return m.token, nil
+}
diff --git a/vendor/github.com/google/s2a-go/internal/v2/README.md b/vendor/github.com/google/s2a-go/internal/v2/README.md
new file mode 100644
index 000000000..3806d1e9c
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/README.md
@@ -0,0 +1 @@
+**This directory has the implementation of the S2Av2's gRPC-Go client libraries**
diff --git a/vendor/github.com/google/s2a-go/internal/v2/certverifier/certverifier.go b/vendor/github.com/google/s2a-go/internal/v2/certverifier/certverifier.go
new file mode 100644
index 000000000..cc811879b
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/certverifier/certverifier.go
@@ -0,0 +1,122 @@
+/*
+ *
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package certverifier offloads verifications to S2Av2.
+package certverifier
+
+import (
+	"crypto/x509"
+	"fmt"
+
+	"github.com/google/s2a-go/stream"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/grpclog"
+
+	s2av2pb "github.com/google/s2a-go/internal/proto/v2/s2a_go_proto"
+)
+
+// VerifyClientCertificateChain builds a SessionReq, sends it to S2Av2 and
+// receives a SessionResp.
+func VerifyClientCertificateChain(verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, s2AStream stream.S2AStream) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
+	return func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
+		// Offload verification to S2Av2.
+		if grpclog.V(1) {
+			grpclog.Infof("Sending request to S2Av2 for client peer cert chain validation.")
+		}
+		if err := s2AStream.Send(&s2av2pb.SessionReq{
+			ReqOneof: &s2av2pb.SessionReq_ValidatePeerCertificateChainReq{
+				ValidatePeerCertificateChainReq: &s2av2pb.ValidatePeerCertificateChainReq{
+					Mode: verificationMode,
+					PeerOneof: &s2av2pb.ValidatePeerCertificateChainReq_ClientPeer_{
+						ClientPeer: &s2av2pb.ValidatePeerCertificateChainReq_ClientPeer{
+							CertificateChain: rawCerts,
+						},
+					},
+				},
+			},
+		}); err != nil {
+			grpclog.Infof("Failed to send request to S2Av2 for client peer cert chain validation.")
+			return err
+		}
+
+		// Get the response from S2Av2.
+		resp, err := s2AStream.Recv()
+		if err != nil {
+			grpclog.Infof("Failed to receive client peer cert chain validation response from S2Av2.")
+			return err
+		}
+
+		// Parse the response.
+		if (resp.GetStatus() != nil) && (resp.GetStatus().Code != uint32(codes.OK)) {
+			return fmt.Errorf("failed to offload client cert verification to S2A: %d, %v", resp.GetStatus().Code, resp.GetStatus().Details)
+
+		}
+
+		if resp.GetValidatePeerCertificateChainResp().ValidationResult != s2av2pb.ValidatePeerCertificateChainResp_SUCCESS {
+			return fmt.Errorf("client cert verification failed: %v", resp.GetValidatePeerCertificateChainResp().ValidationDetails)
+		}
+
+		return nil
+	}
+}
+
+// VerifyServerCertificateChain builds a SessionReq, sends it to S2Av2 and
+// receives a SessionResp.
+func VerifyServerCertificateChain(hostname string, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, s2AStream stream.S2AStream, serverAuthorizationPolicy []byte) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
+	return func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
+		// Offload verification to S2Av2.
+		if grpclog.V(1) {
+			grpclog.Infof("Sending request to S2Av2 for server peer cert chain validation.")
+		}
+		if err := s2AStream.Send(&s2av2pb.SessionReq{
+			ReqOneof: &s2av2pb.SessionReq_ValidatePeerCertificateChainReq{
+				ValidatePeerCertificateChainReq: &s2av2pb.ValidatePeerCertificateChainReq{
+					Mode: verificationMode,
+					PeerOneof: &s2av2pb.ValidatePeerCertificateChainReq_ServerPeer_{
+						ServerPeer: &s2av2pb.ValidatePeerCertificateChainReq_ServerPeer{
+							CertificateChain:                   rawCerts,
+							ServerHostname:                     hostname,
+							SerializedUnrestrictedClientPolicy: serverAuthorizationPolicy,
+						},
+					},
+				},
+			},
+		}); err != nil {
+			grpclog.Infof("Failed to send request to S2Av2 for server peer cert chain validation.")
+			return err
+		}
+
+		// Get the response from S2Av2.
+		resp, err := s2AStream.Recv()
+		if err != nil {
+			grpclog.Infof("Failed to receive server peer cert chain validation response from S2Av2.")
+			return err
+		}
+
+		// Parse the response.
+		if (resp.GetStatus() != nil) && (resp.GetStatus().Code != uint32(codes.OK)) {
+			return fmt.Errorf("failed to offload server cert verification to S2A: %d, %v", resp.GetStatus().Code, resp.GetStatus().Details)
+		}
+
+		if resp.GetValidatePeerCertificateChainResp().ValidationResult != s2av2pb.ValidatePeerCertificateChainResp_SUCCESS {
+			return fmt.Errorf("server cert verification failed: %v", resp.GetValidatePeerCertificateChainResp().ValidationDetails)
+		}
+
+		return nil
+	}
+}
diff --git a/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/client_intermediate_cert.der b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/client_intermediate_cert.der
new file mode 100644
index 000000000..958f3cfad
Binary files /dev/null and b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/client_intermediate_cert.der differ
diff --git a/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/client_leaf_cert.der b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/client_leaf_cert.der
new file mode 100644
index 000000000..d2817641b
Binary files /dev/null and b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/client_leaf_cert.der differ
diff --git a/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/client_root_cert.der b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/client_root_cert.der
new file mode 100644
index 000000000..d8c3710c8
Binary files /dev/null and b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/client_root_cert.der differ
diff --git a/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/server_intermediate_cert.der b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/server_intermediate_cert.der
new file mode 100644
index 000000000..dae619c09
Binary files /dev/null and b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/server_intermediate_cert.der differ
diff --git a/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/server_leaf_cert.der b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/server_leaf_cert.der
new file mode 100644
index 000000000..ce7f8d31d
Binary files /dev/null and b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/server_leaf_cert.der differ
diff --git a/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/server_root_cert.der b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/server_root_cert.der
new file mode 100644
index 000000000..04b0d7360
Binary files /dev/null and b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/server_root_cert.der differ
diff --git a/vendor/github.com/google/s2a-go/internal/v2/remotesigner/remotesigner.go b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/remotesigner.go
new file mode 100644
index 000000000..e7478d43f
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/remotesigner.go
@@ -0,0 +1,186 @@
+/*
+ *
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package remotesigner offloads private key operations to S2Av2.
+package remotesigner
+
+import (
+	"crypto"
+	"crypto/rsa"
+	"crypto/x509"
+	"fmt"
+	"io"
+
+	"github.com/google/s2a-go/stream"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/grpclog"
+
+	s2av2pb "github.com/google/s2a-go/internal/proto/v2/s2a_go_proto"
+)
+
+// remoteSigner implementes the crypto.Signer interface.
+type remoteSigner struct {
+	leafCert  *x509.Certificate
+	s2AStream stream.S2AStream
+}
+
+// New returns an instance of RemoteSigner, an implementation of the
+// crypto.Signer interface.
+func New(leafCert *x509.Certificate, s2AStream stream.S2AStream) crypto.Signer {
+	return &remoteSigner{leafCert, s2AStream}
+}
+
+func (s *remoteSigner) Public() crypto.PublicKey {
+	return s.leafCert.PublicKey
+}
+
+func (s *remoteSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error) {
+	signatureAlgorithm, err := getSignatureAlgorithm(opts, s.leafCert)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := getSignReq(signatureAlgorithm, digest)
+	if err != nil {
+		return nil, err
+	}
+	if grpclog.V(1) {
+		grpclog.Infof("Sending request to S2Av2 for signing operation.")
+	}
+	if err := s.s2AStream.Send(&s2av2pb.SessionReq{
+		ReqOneof: &s2av2pb.SessionReq_OffloadPrivateKeyOperationReq{
+			OffloadPrivateKeyOperationReq: req,
+		},
+	}); err != nil {
+		grpclog.Infof("Failed to send request to S2Av2 for signing operation.")
+		return nil, err
+	}
+
+	resp, err := s.s2AStream.Recv()
+	if err != nil {
+		grpclog.Infof("Failed to receive signing operation response from S2Av2.")
+		return nil, err
+	}
+
+	if (resp.GetStatus() != nil) && (resp.GetStatus().Code != uint32(codes.OK)) {
+		return nil, fmt.Errorf("failed to offload signing with private key to S2A: %d, %v", resp.GetStatus().Code, resp.GetStatus().Details)
+	}
+
+	return resp.GetOffloadPrivateKeyOperationResp().GetOutBytes(), nil
+}
+
+// getCert returns the leafCert field in s.
+func (s *remoteSigner) getCert() *x509.Certificate {
+	return s.leafCert
+}
+
+// getStream returns the s2AStream field in s.
+func (s *remoteSigner) getStream() stream.S2AStream {
+	return s.s2AStream
+}
+
+func getSignReq(signatureAlgorithm s2av2pb.SignatureAlgorithm, digest []byte) (*s2av2pb.OffloadPrivateKeyOperationReq, error) {
+	if (signatureAlgorithm == s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_RSA_PKCS1_SHA256) || (signatureAlgorithm == s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256) || (signatureAlgorithm == s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256) {
+		return &s2av2pb.OffloadPrivateKeyOperationReq{
+			Operation:          s2av2pb.OffloadPrivateKeyOperationReq_SIGN,
+			SignatureAlgorithm: signatureAlgorithm,
+			InBytes: &s2av2pb.OffloadPrivateKeyOperationReq_Sha256Digest{
+				Sha256Digest: digest,
+			},
+		}, nil
+	} else if (signatureAlgorithm == s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_RSA_PKCS1_SHA384) || (signatureAlgorithm == s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384) || (signatureAlgorithm == s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384) {
+		return &s2av2pb.OffloadPrivateKeyOperationReq{
+			Operation:          s2av2pb.OffloadPrivateKeyOperationReq_SIGN,
+			SignatureAlgorithm: signatureAlgorithm,
+			InBytes: &s2av2pb.OffloadPrivateKeyOperationReq_Sha384Digest{
+				Sha384Digest: digest,
+			},
+		}, nil
+	} else if (signatureAlgorithm == s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_RSA_PKCS1_SHA512) || (signatureAlgorithm == s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512) || (signatureAlgorithm == s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512) || (signatureAlgorithm == s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_ED25519) {
+		return &s2av2pb.OffloadPrivateKeyOperationReq{
+			Operation:          s2av2pb.OffloadPrivateKeyOperationReq_SIGN,
+			SignatureAlgorithm: signatureAlgorithm,
+			InBytes: &s2av2pb.OffloadPrivateKeyOperationReq_Sha512Digest{
+				Sha512Digest: digest,
+			},
+		}, nil
+	} else {
+		return nil, fmt.Errorf("unknown signature algorithm: %v", signatureAlgorithm)
+	}
+}
+
+// getSignatureAlgorithm returns the signature algorithm that S2A must use when
+// performing a signing operation that has been offloaded by an application
+// using the crypto/tls libraries.
+func getSignatureAlgorithm(opts crypto.SignerOpts, leafCert *x509.Certificate) (s2av2pb.SignatureAlgorithm, error) {
+	if opts == nil || leafCert == nil {
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_UNSPECIFIED, fmt.Errorf("unknown signature algorithm")
+	}
+	switch leafCert.PublicKeyAlgorithm {
+	case x509.RSA:
+		if rsaPSSOpts, ok := opts.(*rsa.PSSOptions); ok {
+			return rsaPSSAlgorithm(rsaPSSOpts)
+		}
+		return rsaPPKCS1Algorithm(opts)
+	case x509.ECDSA:
+		return ecdsaAlgorithm(opts)
+	case x509.Ed25519:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_ED25519, nil
+	default:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_UNSPECIFIED, fmt.Errorf("unknown signature algorithm: %q", leafCert.PublicKeyAlgorithm)
+	}
+}
+
+func rsaPSSAlgorithm(opts *rsa.PSSOptions) (s2av2pb.SignatureAlgorithm, error) {
+	switch opts.HashFunc() {
+	case crypto.SHA256:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256, nil
+	case crypto.SHA384:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384, nil
+	case crypto.SHA512:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512, nil
+	default:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_UNSPECIFIED, fmt.Errorf("unknown signature algorithm")
+	}
+}
+
+func rsaPPKCS1Algorithm(opts crypto.SignerOpts) (s2av2pb.SignatureAlgorithm, error) {
+	switch opts.HashFunc() {
+	case crypto.SHA256:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_RSA_PKCS1_SHA256, nil
+	case crypto.SHA384:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_RSA_PKCS1_SHA384, nil
+	case crypto.SHA512:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_RSA_PKCS1_SHA512, nil
+	default:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_UNSPECIFIED, fmt.Errorf("unknown signature algorithm")
+	}
+}
+
+func ecdsaAlgorithm(opts crypto.SignerOpts) (s2av2pb.SignatureAlgorithm, error) {
+	switch opts.HashFunc() {
+	case crypto.SHA256:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256, nil
+	case crypto.SHA384:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384, nil
+	case crypto.SHA512:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512, nil
+	default:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_UNSPECIFIED, fmt.Errorf("unknown signature algorithm")
+	}
+}
diff --git a/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/client_cert.der b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/client_cert.der
new file mode 100644
index 000000000..d8c3710c8
Binary files /dev/null and b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/client_cert.der differ
diff --git a/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/client_cert.pem b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/client_cert.pem
new file mode 100644
index 000000000..493a5a264
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/client_cert.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIUKXNlBRVe6UepjQUijIFPZBd/4qYwDQYJKoZIhvcNAQEL
+BQAwgYcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2
+YWxlMRAwDgYDVQQKDAdDb21wYW55MREwDwYDVQQLDAhEaXZpc2lvbjEWMBQGA1UE
+AwwNczJhX3Rlc3RfY2VydDEaMBgGCSqGSIb3DQEJARYLeHl6QHh5ei5jb20wHhcN
+MjIwNTMxMjAwMzE1WhcNNDIwNTI2MjAwMzE1WjCBhzELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgMAkNBMRIwEAYDVQQHDAlTdW5ueXZhbGUxEDAOBgNVBAoMB0NvbXBhbnkx
+ETAPBgNVBAsMCERpdmlzaW9uMRYwFAYDVQQDDA1zMmFfdGVzdF9jZXJ0MRowGAYJ
+KoZIhvcNAQkBFgt4eXpAeHl6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAOOFuIucH7XXfohGxKd3uR/ihUA/LdduR9I8kfpUEbq5BOt8xZe5/Yn9
+a1ozEHVW6cOAbHbnwAR8tkSgZ/t42QIA2k77HWU1Jh2xiEIsJivo3imm4/kZWuR0
+OqPh7MhzxpR/hvNwpI5mJsAVBWFMa5KtecFZLnyZtwHylrRN1QXzuLrOxuKFufK3
+RKbTABScn5RbZL976H/jgfSeXrbt242NrIoBnVe6fRbekbq2DQ6zFArbQMUgHjHK
+P0UqBgdr1QmHfi9KytFyx9BTP3gXWnWIu+bY7/v7qKJMHFwGETo+dCLWYevJL316
+HnLfhApDMfP8U+Yv/y1N/YvgaSOSlEcCAwEAAaNTMFEwHQYDVR0OBBYEFKhAU4nu
+0h/lrnggbIGvx4ej0WklMB8GA1UdIwQYMBaAFKhAU4nu0h/lrnggbIGvx4ej0Wkl
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAE/6NghzQ5fu6yR6
+EHKbj/YMrFdT7aGn5n2sAf7wJ33LIhiFHkpWBsVlm7rDtZtwhe891ZK/P60anlg9
+/P0Ua53tSRVRmCvTnEbXWOVMN4is6MsR7BlmzUxl4AtIn7jbeifEwRL7B4xDYmdA
+QrQnsqoz45dLgS5xK4WDqXATP09Q91xQDuhud/b+A4jrvgwFASmL7rMIZbp4f1JQ
+nlnl/9VoTBQBvJiWkDUtQDMpRLtauddEkv4AGz75p5IspXWD6cOemuh2iQec11xD
+X20rs2WZbAcAiUa3nmy8OKYw435vmpj8gp39WYbX/Yx9TymrFFbVY92wYn+quTco
+pKklVz0=
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/client_key.pem b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/client_key.pem
new file mode 100644
index 000000000..55a7f10c7
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/client_key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEA44W4i5wftdd+iEbEp3e5H+KFQD8t125H0jyR+lQRurkE63zF
+l7n9if1rWjMQdVbpw4BsdufABHy2RKBn+3jZAgDaTvsdZTUmHbGIQiwmK+jeKabj
++Rla5HQ6o+HsyHPGlH+G83CkjmYmwBUFYUxrkq15wVkufJm3AfKWtE3VBfO4us7G
+4oW58rdEptMAFJyflFtkv3vof+OB9J5etu3bjY2sigGdV7p9Ft6RurYNDrMUCttA
+xSAeMco/RSoGB2vVCYd+L0rK0XLH0FM/eBdadYi75tjv+/uookwcXAYROj50ItZh
+68kvfXoect+ECkMx8/xT5i//LU39i+BpI5KURwIDAQABAoIBABgyjo/6iLzUMFbZ
+/+w3pW6orrdIgN2akvTfED9pVYFgUA+jc3hRhY95bkNnjuaL2cy7Cc4Tk65mfRQL
+Y0OxdJLr+EvSFSxAXM9npDA1ddHRsF8JqtFBSxNk8R+g1Yf0GDiO35Fgd3/ViWWA
+VtQkRoSRApP3oiQKTRZd8H04keFR+PvmDk/Lq11l3Kc24A1PevKIPX1oI990ggw9
+9i4uSV+cnuMxmcI9xxJtgwdDFdjr39l2arLOHr4s6LGoV2IOdXHNlv5xRqWUZ0FH
+MDHowkLgwDrdSTnNeaVNkce14Gqx+bd4hNaLCdKXMpedBTEmrut3f3hdV1kKjaKt
+aqRYr8ECgYEA/YDGZY2jvFoHHBywlqmEMFrrCvQGH51m5R1Ntpkzr+Rh3YCmrpvq
+xgwJXING0PUw3dz+xrH5lJICrfNE5Kt3fPu1rAEy+13mYsNowghtUq2Rtu0Hsjjx
+2E3Bf8vEB6RNBMmGkUpTTIAroGF5tpJoRvfnWax+k4pFdrKYFtyZdNcCgYEA5cNv
+EPltvOobjTXlUmtVP3n27KZN2aXexTcagLzRxE9CV4cYySENl3KuOMmccaZpIl6z
+aHk6BT4X+M0LqElNUczrInfVqI+SGAFLGy7W6CJaqSr6cpyFUP/fosKpm6wKGgLq
+udHfpvz5rckhKd8kJxFLvhGOK9yN5qpzih0gfhECgYAJfwRvk3G5wYmYpP58dlcs
+VIuPenqsPoI3PPTHTU/hW+XKnWIhElgmGRdUrto9Q6IT/Y5RtSMLTLjq+Tzwb/fm
+56rziYv2XJsfwgAvnI8z1Kqrto9ePsHYf3krJ1/thVsZPc9bq/QY3ohD1sLvcuaT
+GgBBnLOVJU3a12/ZE2RwOwKBgF0csWMAoj8/5IB6if+3ral2xOGsl7oPZVMo/J2V
+Z7EVqb4M6rd/pKFugTpUQgkwtkSOekhpcGD1hAN5HTNK2YG/+L5UMAsKe9sskwJm
+HgOfAHy0BSDzW3ey6i9skg2bT9Cww+0gJ3Hl7U1HSCBO5LjMYpSZSrNtwzfqdb5Q
+BX3xAoGARZdR28Ej3+/+0+fz47Yu2h4z0EI/EbrudLOWY936jIeAVwHckI3+BuqH
+qR4poj1gfbnMxNuI9UzIXzjEmGewx9kDZ7IYnvloZKqoVQODO5GlKF2ja6IcMNlh
+GCNdD6PSAS6HcmalmWo9sj+1YMkrl+GJikKZqVBHrHNwMGAG67w=
+-----END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/server_cert.der b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/server_cert.der
new file mode 100644
index 000000000..04b0d7360
Binary files /dev/null and b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/server_cert.der differ
diff --git a/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/server_cert.pem b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/server_cert.pem
new file mode 100644
index 000000000..0f98322c7
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/server_cert.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIUKCoDuLtiZXvhsBY2RoDm0ugizJ8wDQYJKoZIhvcNAQEL
+BQAwgYcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2
+YWxlMRAwDgYDVQQKDAdDb21wYW55MREwDwYDVQQLDAhEaXZpc2lvbjEWMBQGA1UE
+AwwNczJhX3Rlc3RfY2VydDEaMBgGCSqGSIb3DQEJARYLeHl6QHh5ei5jb20wHhcN
+MjIwNTMxMjAwODI1WhcNNDIwNTI2MjAwODI1WjCBhzELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgMAkNBMRIwEAYDVQQHDAlTdW5ueXZhbGUxEDAOBgNVBAoMB0NvbXBhbnkx
+ETAPBgNVBAsMCERpdmlzaW9uMRYwFAYDVQQDDA1zMmFfdGVzdF9jZXJ0MRowGAYJ
+KoZIhvcNAQkBFgt4eXpAeHl6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAKK1++PXQ+M3hjYH/v0K4UEYl5ljzpNM1i52eQM+gFooojT87PDSaphT
+fs0PXy/PTAjHBEvPhWpOpmQXfJNYzjwcCvg66hbqkv++/VTZiFLAsHagzkEz+FRJ
+qT5Eq7G5FLyw1izX1uxyPN7tAEWEEg7eqsiaXD3Cq8+TYN9cjirPeF7RZF8yFCYE
+xqvbo+Yc6RL6xw19iXVTfctRgQe581KQuIY5/LXo3dWDEilFdsADAe8XAEcO64es
+Ow0g1UvXLnpXSE151kXBFb3sKH/ZjCecDYMCIMEb4sWLSblkSxJ5sNSmXIG4wtr2
+Qnii7CXZgnVYraQE/Jyh+NMQANuoSdMCAwEAAaNTMFEwHQYDVR0OBBYEFAyQQQuM
+ab+YUQqjK8dVVOoHVFmXMB8GA1UdIwQYMBaAFAyQQQuMab+YUQqjK8dVVOoHVFmX
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADj0vQ6ykWhicoqR
+e6VZMwlEJV7/DSvWWKBd9MUjfKye0A4565ya5lmnzP3DiD3nqGe3miqmLsXKDs+X
+POqlPXTWIamP7D4MJ32XtSLwZB4ru+I+Ao/P/VngPepoRPQoBnzHe7jww0rokqxl
+AZERjlbTUwUAy/BPWPSzSJZ2j0tcs6ZLDNyYzpK4ao8R9/1VmQ92Tcp3feJs1QTg
+odRQc3om/AkWOwsll+oyX0UbJeHkFHiLanUPXbdh+/BkSvZJ8ynL+feSDdaurPe+
+PSfnqLtQft9/neecGRdEaQzzzSFVQUVQzTdK1Q7hA7b55b2HvIa3ktDiks+sJsYN
+Dhm6uZM=
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/server_key.pem b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/server_key.pem
new file mode 100644
index 000000000..81afea783
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/server_key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAorX749dD4zeGNgf+/QrhQRiXmWPOk0zWLnZ5Az6AWiiiNPzs
+8NJqmFN+zQ9fL89MCMcES8+Fak6mZBd8k1jOPBwK+DrqFuqS/779VNmIUsCwdqDO
+QTP4VEmpPkSrsbkUvLDWLNfW7HI83u0ARYQSDt6qyJpcPcKrz5Ng31yOKs94XtFk
+XzIUJgTGq9uj5hzpEvrHDX2JdVN9y1GBB7nzUpC4hjn8tejd1YMSKUV2wAMB7xcA
+Rw7rh6w7DSDVS9cueldITXnWRcEVvewof9mMJ5wNgwIgwRvixYtJuWRLEnmw1KZc
+gbjC2vZCeKLsJdmCdVitpAT8nKH40xAA26hJ0wIDAQABAoIBACaNR+lsD8G+XiZf
+LqN1+HkcAo9tfnyYMAdCOtnx7SdviT9Uzi8hK/B7mAeuJLeHPlS2EuaDfPD7QaFl
+jza6S+MiIdc+3kgfvESsVAnOoOY6kZUJ9NSuI6CU82y1iJjLaYZrv9NQMLRFPPb0
+4KOX709mosB1EnXvshW0rbc+jtDFhrm1SxMt+k9TuzmMxjbOeW4LOLXPgU8X1T3Q
+Xy0hMZZtcgBs9wFIo8yCtmOixax9pnFE8rRltgDxTodn9LLdz1FieyntNgDksZ0P
+nt4kV7Mqly7ELaea+Foaj244mKsesic2e3GhAlMRLun/VSunSf7mOCxfpITB8dp1
+drDhOYECgYEA19151dVxRcviuovN6Dar+QszMTnU8pDJ8BjLFjXjP/hNBBwMTHDE
+duMuWk2qnwZqMooI/shxrF/ufmTgS0CFrh2+ANBZu27vWConJNXcyNtdigI4wt50
+L0Y2qcZn2mg67qFXHwoR3QNwrwnPwEjRXA09at9CSRZzcwDQ0ETXhYsCgYEAwPaG
+06QdK8Zyly7TTzZJwxzv9uGiqzodmGtX6NEKjgij2JaCxHpukqZBJoqa0jKeK1cm
+eNVkOvT5ff9TMzarSHQLr3pZen2/oVLb5gaFkbcJt/klv9Fd+ZRilHY3i6QwS6pD
+uMiPOWS4DrLHDRVoVlAZTDjT1RVwwTs+P2NhJdkCgYEAsriXysbxBYyMp05gqEW7
+lHIFbFgpSrs9th+Q5U6wW6JEgYaHWDJ1NslY80MiZI93FWjbkbZ7BvBWESeL3EIL
+a+EMErht0pVCbIhZ6FF4foPAqia0wAJVx14mm+G80kNBp5jE/NnleEsE3KcO7nBb
+hg8gLn+x7bk81JZ0TDrzBYkCgYEAuQKluv47SeF3tSScTfKLPpvcKCWmxe1uutkQ
+7JShPhVioyOMNb39jnYBOWbjkm4d4QgqRuiytSR0oi3QI+Ziy5EYMyNn713qAk9j
+r2TJZDDPDKnBW+zt4YI4EohWMXk3JRUW4XDKggjjwJQA7bZ812TtHHvP/xoThfG7
+eSNb3eECgYBw6ssgCtMrdvQiEmjKVX/9yI38mvC2kSGyzbrQnGUfgqRGomRpeZuD
+B5E3kysA4td5pT5lvcLgSW0TbOz+YbiriXjwOihPIelCvc9gE2eOUI71/byUWPFz
+7u5F/xQ4NaGr5suLF+lBC6h7pSbM4El9lIHQAQadpuEdzHqrw+hs3g==
+-----END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/s2av2.go b/vendor/github.com/google/s2a-go/internal/v2/s2av2.go
new file mode 100644
index 000000000..ff172883f
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/s2av2.go
@@ -0,0 +1,354 @@
+/*
+ *
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package v2 provides the S2Av2 transport credentials used by a gRPC
+// application.
+package v2
+
+import (
+	"context"
+	"crypto/tls"
+	"errors"
+	"net"
+	"os"
+	"time"
+
+	"github.com/golang/protobuf/proto"
+	"github.com/google/s2a-go/fallback"
+	"github.com/google/s2a-go/internal/handshaker/service"
+	"github.com/google/s2a-go/internal/tokenmanager"
+	"github.com/google/s2a-go/internal/v2/tlsconfigstore"
+	"github.com/google/s2a-go/stream"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/grpclog"
+
+	commonpbv1 "github.com/google/s2a-go/internal/proto/common_go_proto"
+	s2av2pb "github.com/google/s2a-go/internal/proto/v2/s2a_go_proto"
+)
+
+const (
+	s2aSecurityProtocol = "tls"
+	defaultS2ATimeout   = 3 * time.Second
+)
+
+// An environment variable, which sets the timeout enforced on the connection to the S2A service for handshake.
+const s2aTimeoutEnv = "S2A_TIMEOUT"
+
+type s2av2TransportCreds struct {
+	info         *credentials.ProtocolInfo
+	isClient     bool
+	serverName   string
+	s2av2Address string
+	tokenManager *tokenmanager.AccessTokenManager
+	// localIdentity should only be used by the client.
+	localIdentity *commonpbv1.Identity
+	// localIdentities should only be used by the server.
+	localIdentities           []*commonpbv1.Identity
+	verificationMode          s2av2pb.ValidatePeerCertificateChainReq_VerificationMode
+	fallbackClientHandshake   fallback.ClientHandshake
+	getS2AStream              func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)
+	serverAuthorizationPolicy []byte
+}
+
+// NewClientCreds returns a client-side transport credentials object that uses
+// the S2Av2 to establish a secure connection with a server.
+func NewClientCreds(s2av2Address string, localIdentity *commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, fallbackClientHandshakeFunc fallback.ClientHandshake, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error), serverAuthorizationPolicy []byte) (credentials.TransportCredentials, error) {
+	// Create an AccessTokenManager instance to use to authenticate to S2Av2.
+	accessTokenManager, err := tokenmanager.NewSingleTokenAccessTokenManager()
+
+	creds := &s2av2TransportCreds{
+		info: &credentials.ProtocolInfo{
+			SecurityProtocol: s2aSecurityProtocol,
+		},
+		isClient:                  true,
+		serverName:                "",
+		s2av2Address:              s2av2Address,
+		localIdentity:             localIdentity,
+		verificationMode:          verificationMode,
+		fallbackClientHandshake:   fallbackClientHandshakeFunc,
+		getS2AStream:              getS2AStream,
+		serverAuthorizationPolicy: serverAuthorizationPolicy,
+	}
+	if err != nil {
+		creds.tokenManager = nil
+	} else {
+		creds.tokenManager = &accessTokenManager
+	}
+	if grpclog.V(1) {
+		grpclog.Info("Created client S2Av2 transport credentials.")
+	}
+	return creds, nil
+}
+
+// NewServerCreds returns a server-side transport credentials object that uses
+// the S2Av2 to establish a secure connection with a client.
+func NewServerCreds(s2av2Address string, localIdentities []*commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)) (credentials.TransportCredentials, error) {
+	// Create an AccessTokenManager instance to use to authenticate to S2Av2.
+	accessTokenManager, err := tokenmanager.NewSingleTokenAccessTokenManager()
+	creds := &s2av2TransportCreds{
+		info: &credentials.ProtocolInfo{
+			SecurityProtocol: s2aSecurityProtocol,
+		},
+		isClient:         false,
+		s2av2Address:     s2av2Address,
+		localIdentities:  localIdentities,
+		verificationMode: verificationMode,
+		getS2AStream:     getS2AStream,
+	}
+	if err != nil {
+		creds.tokenManager = nil
+	} else {
+		creds.tokenManager = &accessTokenManager
+	}
+	if grpclog.V(1) {
+		grpclog.Info("Created server S2Av2 transport credentials.")
+	}
+	return creds, nil
+}
+
+// ClientHandshake performs a client-side mTLS handshake using the S2Av2.
+func (c *s2av2TransportCreds) ClientHandshake(ctx context.Context, serverAuthority string, rawConn net.Conn) (net.Conn, credentials.AuthInfo, error) {
+	if !c.isClient {
+		return nil, nil, errors.New("client handshake called using server transport credentials")
+	}
+	// Remove the port from serverAuthority.
+	serverName := removeServerNamePort(serverAuthority)
+	timeoutCtx, cancel := context.WithTimeout(ctx, GetS2ATimeout())
+	defer cancel()
+	s2AStream, err := createStream(timeoutCtx, c.s2av2Address, c.getS2AStream)
+	if err != nil {
+		grpclog.Infof("Failed to connect to S2Av2: %v", err)
+		if c.fallbackClientHandshake != nil {
+			return c.fallbackClientHandshake(ctx, serverAuthority, rawConn, err)
+		}
+		return nil, nil, err
+	}
+	defer s2AStream.CloseSend()
+	if grpclog.V(1) {
+		grpclog.Infof("Connected to S2Av2.")
+	}
+	var config *tls.Config
+
+	var tokenManager tokenmanager.AccessTokenManager
+	if c.tokenManager == nil {
+		tokenManager = nil
+	} else {
+		tokenManager = *c.tokenManager
+	}
+
+	if c.serverName == "" {
+		config, err = tlsconfigstore.GetTLSConfigurationForClient(serverName, s2AStream, tokenManager, c.localIdentity, c.verificationMode, c.serverAuthorizationPolicy)
+		if err != nil {
+			grpclog.Info("Failed to get client TLS config from S2Av2: %v", err)
+			if c.fallbackClientHandshake != nil {
+				return c.fallbackClientHandshake(ctx, serverAuthority, rawConn, err)
+			}
+			return nil, nil, err
+		}
+	} else {
+		config, err = tlsconfigstore.GetTLSConfigurationForClient(c.serverName, s2AStream, tokenManager, c.localIdentity, c.verificationMode, c.serverAuthorizationPolicy)
+		if err != nil {
+			grpclog.Info("Failed to get client TLS config from S2Av2: %v", err)
+			if c.fallbackClientHandshake != nil {
+				return c.fallbackClientHandshake(ctx, serverAuthority, rawConn, err)
+			}
+			return nil, nil, err
+		}
+	}
+	if grpclog.V(1) {
+		grpclog.Infof("Got client TLS config from S2Av2.")
+	}
+	creds := credentials.NewTLS(config)
+
+	conn, authInfo, err := creds.ClientHandshake(ctx, serverName, rawConn)
+	if err != nil {
+		grpclog.Infof("Failed to do client handshake using S2Av2: %v", err)
+		if c.fallbackClientHandshake != nil {
+			return c.fallbackClientHandshake(ctx, serverAuthority, rawConn, err)
+		}
+		return nil, nil, err
+	}
+	grpclog.Infof("Successfully done client handshake using S2Av2 to: %s", serverName)
+
+	return conn, authInfo, err
+}
+
+// ServerHandshake performs a server-side mTLS handshake using the S2Av2.
+func (c *s2av2TransportCreds) ServerHandshake(rawConn net.Conn) (net.Conn, credentials.AuthInfo, error) {
+	if c.isClient {
+		return nil, nil, errors.New("server handshake called using client transport credentials")
+	}
+	ctx, cancel := context.WithTimeout(context.Background(), GetS2ATimeout())
+	defer cancel()
+	s2AStream, err := createStream(ctx, c.s2av2Address, c.getS2AStream)
+	if err != nil {
+		grpclog.Infof("Failed to connect to S2Av2: %v", err)
+		return nil, nil, err
+	}
+	defer s2AStream.CloseSend()
+	if grpclog.V(1) {
+		grpclog.Infof("Connected to S2Av2.")
+	}
+
+	var tokenManager tokenmanager.AccessTokenManager
+	if c.tokenManager == nil {
+		tokenManager = nil
+	} else {
+		tokenManager = *c.tokenManager
+	}
+
+	config, err := tlsconfigstore.GetTLSConfigurationForServer(s2AStream, tokenManager, c.localIdentities, c.verificationMode)
+	if err != nil {
+		grpclog.Infof("Failed to get server TLS config from S2Av2: %v", err)
+		return nil, nil, err
+	}
+	if grpclog.V(1) {
+		grpclog.Infof("Got server TLS config from S2Av2.")
+	}
+	creds := credentials.NewTLS(config)
+	return creds.ServerHandshake(rawConn)
+}
+
+// Info returns protocol info of s2av2TransportCreds.
+func (c *s2av2TransportCreds) Info() credentials.ProtocolInfo {
+	return *c.info
+}
+
+// Clone makes a deep copy of s2av2TransportCreds.
+func (c *s2av2TransportCreds) Clone() credentials.TransportCredentials {
+	info := *c.info
+	serverName := c.serverName
+	fallbackClientHandshake := c.fallbackClientHandshake
+
+	s2av2Address := c.s2av2Address
+	var tokenManager tokenmanager.AccessTokenManager
+	if c.tokenManager == nil {
+		tokenManager = nil
+	} else {
+		tokenManager = *c.tokenManager
+	}
+	verificationMode := c.verificationMode
+	var localIdentity *commonpbv1.Identity
+	if c.localIdentity != nil {
+		localIdentity = proto.Clone(c.localIdentity).(*commonpbv1.Identity)
+	}
+	var localIdentities []*commonpbv1.Identity
+	if c.localIdentities != nil {
+		localIdentities = make([]*commonpbv1.Identity, len(c.localIdentities))
+		for i, localIdentity := range c.localIdentities {
+			localIdentities[i] = proto.Clone(localIdentity).(*commonpbv1.Identity)
+		}
+	}
+	creds := &s2av2TransportCreds{
+		info:                    &info,
+		isClient:                c.isClient,
+		serverName:              serverName,
+		fallbackClientHandshake: fallbackClientHandshake,
+		s2av2Address:            s2av2Address,
+		localIdentity:           localIdentity,
+		localIdentities:         localIdentities,
+		verificationMode:        verificationMode,
+	}
+	if c.tokenManager == nil {
+		creds.tokenManager = nil
+	} else {
+		creds.tokenManager = &tokenManager
+	}
+	return creds
+}
+
+// NewClientTLSConfig returns a tls.Config instance that uses S2Av2 to establish a TLS connection as
+// a client. The tls.Config MUST only be used to establish a single TLS connection.
+func NewClientTLSConfig(
+	ctx context.Context,
+	s2av2Address string,
+	tokenManager tokenmanager.AccessTokenManager,
+	verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode,
+	serverName string,
+	serverAuthorizationPolicy []byte) (*tls.Config, error) {
+	s2AStream, err := createStream(ctx, s2av2Address, nil)
+	if err != nil {
+		grpclog.Infof("Failed to connect to S2Av2: %v", err)
+		return nil, err
+	}
+
+	return tlsconfigstore.GetTLSConfigurationForClient(removeServerNamePort(serverName), s2AStream, tokenManager, nil, verificationMode, serverAuthorizationPolicy)
+}
+
+// OverrideServerName sets the ServerName in the s2av2TransportCreds protocol
+// info. The ServerName MUST be a hostname.
+func (c *s2av2TransportCreds) OverrideServerName(serverNameOverride string) error {
+	serverName := removeServerNamePort(serverNameOverride)
+	c.info.ServerName = serverName
+	c.serverName = serverName
+	return nil
+}
+
+// Remove the trailing port from server name.
+func removeServerNamePort(serverName string) string {
+	name, _, err := net.SplitHostPort(serverName)
+	if err != nil {
+		name = serverName
+	}
+	return name
+}
+
+type s2AGrpcStream struct {
+	stream s2av2pb.S2AService_SetUpSessionClient
+}
+
+func (x s2AGrpcStream) Send(m *s2av2pb.SessionReq) error {
+	return x.stream.Send(m)
+}
+
+func (x s2AGrpcStream) Recv() (*s2av2pb.SessionResp, error) {
+	return x.stream.Recv()
+}
+
+func (x s2AGrpcStream) CloseSend() error {
+	return x.stream.CloseSend()
+}
+
+func createStream(ctx context.Context, s2av2Address string, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)) (stream.S2AStream, error) {
+	if getS2AStream != nil {
+		return getS2AStream(ctx, s2av2Address)
+	}
+	// TODO(rmehta19): Consider whether to close the connection to S2Av2.
+	conn, err := service.Dial(s2av2Address)
+	if err != nil {
+		return nil, err
+	}
+	client := s2av2pb.NewS2AServiceClient(conn)
+	gRPCStream, err := client.SetUpSession(ctx, []grpc.CallOption{}...)
+	if err != nil {
+		return nil, err
+	}
+	return &s2AGrpcStream{
+		stream: gRPCStream,
+	}, nil
+}
+
+// GetS2ATimeout returns the timeout enforced on the connection to the S2A service for handshake.
+func GetS2ATimeout() time.Duration {
+	timeout, err := time.ParseDuration(os.Getenv(s2aTimeoutEnv))
+	if err != nil {
+		return defaultS2ATimeout
+	}
+	return timeout
+}
diff --git a/vendor/github.com/google/s2a-go/internal/v2/testdata/client_cert.pem b/vendor/github.com/google/s2a-go/internal/v2/testdata/client_cert.pem
new file mode 100644
index 000000000..493a5a264
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/testdata/client_cert.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIUKXNlBRVe6UepjQUijIFPZBd/4qYwDQYJKoZIhvcNAQEL
+BQAwgYcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2
+YWxlMRAwDgYDVQQKDAdDb21wYW55MREwDwYDVQQLDAhEaXZpc2lvbjEWMBQGA1UE
+AwwNczJhX3Rlc3RfY2VydDEaMBgGCSqGSIb3DQEJARYLeHl6QHh5ei5jb20wHhcN
+MjIwNTMxMjAwMzE1WhcNNDIwNTI2MjAwMzE1WjCBhzELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgMAkNBMRIwEAYDVQQHDAlTdW5ueXZhbGUxEDAOBgNVBAoMB0NvbXBhbnkx
+ETAPBgNVBAsMCERpdmlzaW9uMRYwFAYDVQQDDA1zMmFfdGVzdF9jZXJ0MRowGAYJ
+KoZIhvcNAQkBFgt4eXpAeHl6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAOOFuIucH7XXfohGxKd3uR/ihUA/LdduR9I8kfpUEbq5BOt8xZe5/Yn9
+a1ozEHVW6cOAbHbnwAR8tkSgZ/t42QIA2k77HWU1Jh2xiEIsJivo3imm4/kZWuR0
+OqPh7MhzxpR/hvNwpI5mJsAVBWFMa5KtecFZLnyZtwHylrRN1QXzuLrOxuKFufK3
+RKbTABScn5RbZL976H/jgfSeXrbt242NrIoBnVe6fRbekbq2DQ6zFArbQMUgHjHK
+P0UqBgdr1QmHfi9KytFyx9BTP3gXWnWIu+bY7/v7qKJMHFwGETo+dCLWYevJL316
+HnLfhApDMfP8U+Yv/y1N/YvgaSOSlEcCAwEAAaNTMFEwHQYDVR0OBBYEFKhAU4nu
+0h/lrnggbIGvx4ej0WklMB8GA1UdIwQYMBaAFKhAU4nu0h/lrnggbIGvx4ej0Wkl
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAE/6NghzQ5fu6yR6
+EHKbj/YMrFdT7aGn5n2sAf7wJ33LIhiFHkpWBsVlm7rDtZtwhe891ZK/P60anlg9
+/P0Ua53tSRVRmCvTnEbXWOVMN4is6MsR7BlmzUxl4AtIn7jbeifEwRL7B4xDYmdA
+QrQnsqoz45dLgS5xK4WDqXATP09Q91xQDuhud/b+A4jrvgwFASmL7rMIZbp4f1JQ
+nlnl/9VoTBQBvJiWkDUtQDMpRLtauddEkv4AGz75p5IspXWD6cOemuh2iQec11xD
+X20rs2WZbAcAiUa3nmy8OKYw435vmpj8gp39WYbX/Yx9TymrFFbVY92wYn+quTco
+pKklVz0=
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/testdata/client_key.pem b/vendor/github.com/google/s2a-go/internal/v2/testdata/client_key.pem
new file mode 100644
index 000000000..55a7f10c7
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/testdata/client_key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEA44W4i5wftdd+iEbEp3e5H+KFQD8t125H0jyR+lQRurkE63zF
+l7n9if1rWjMQdVbpw4BsdufABHy2RKBn+3jZAgDaTvsdZTUmHbGIQiwmK+jeKabj
++Rla5HQ6o+HsyHPGlH+G83CkjmYmwBUFYUxrkq15wVkufJm3AfKWtE3VBfO4us7G
+4oW58rdEptMAFJyflFtkv3vof+OB9J5etu3bjY2sigGdV7p9Ft6RurYNDrMUCttA
+xSAeMco/RSoGB2vVCYd+L0rK0XLH0FM/eBdadYi75tjv+/uookwcXAYROj50ItZh
+68kvfXoect+ECkMx8/xT5i//LU39i+BpI5KURwIDAQABAoIBABgyjo/6iLzUMFbZ
+/+w3pW6orrdIgN2akvTfED9pVYFgUA+jc3hRhY95bkNnjuaL2cy7Cc4Tk65mfRQL
+Y0OxdJLr+EvSFSxAXM9npDA1ddHRsF8JqtFBSxNk8R+g1Yf0GDiO35Fgd3/ViWWA
+VtQkRoSRApP3oiQKTRZd8H04keFR+PvmDk/Lq11l3Kc24A1PevKIPX1oI990ggw9
+9i4uSV+cnuMxmcI9xxJtgwdDFdjr39l2arLOHr4s6LGoV2IOdXHNlv5xRqWUZ0FH
+MDHowkLgwDrdSTnNeaVNkce14Gqx+bd4hNaLCdKXMpedBTEmrut3f3hdV1kKjaKt
+aqRYr8ECgYEA/YDGZY2jvFoHHBywlqmEMFrrCvQGH51m5R1Ntpkzr+Rh3YCmrpvq
+xgwJXING0PUw3dz+xrH5lJICrfNE5Kt3fPu1rAEy+13mYsNowghtUq2Rtu0Hsjjx
+2E3Bf8vEB6RNBMmGkUpTTIAroGF5tpJoRvfnWax+k4pFdrKYFtyZdNcCgYEA5cNv
+EPltvOobjTXlUmtVP3n27KZN2aXexTcagLzRxE9CV4cYySENl3KuOMmccaZpIl6z
+aHk6BT4X+M0LqElNUczrInfVqI+SGAFLGy7W6CJaqSr6cpyFUP/fosKpm6wKGgLq
+udHfpvz5rckhKd8kJxFLvhGOK9yN5qpzih0gfhECgYAJfwRvk3G5wYmYpP58dlcs
+VIuPenqsPoI3PPTHTU/hW+XKnWIhElgmGRdUrto9Q6IT/Y5RtSMLTLjq+Tzwb/fm
+56rziYv2XJsfwgAvnI8z1Kqrto9ePsHYf3krJ1/thVsZPc9bq/QY3ohD1sLvcuaT
+GgBBnLOVJU3a12/ZE2RwOwKBgF0csWMAoj8/5IB6if+3ral2xOGsl7oPZVMo/J2V
+Z7EVqb4M6rd/pKFugTpUQgkwtkSOekhpcGD1hAN5HTNK2YG/+L5UMAsKe9sskwJm
+HgOfAHy0BSDzW3ey6i9skg2bT9Cww+0gJ3Hl7U1HSCBO5LjMYpSZSrNtwzfqdb5Q
+BX3xAoGARZdR28Ej3+/+0+fz47Yu2h4z0EI/EbrudLOWY936jIeAVwHckI3+BuqH
+qR4poj1gfbnMxNuI9UzIXzjEmGewx9kDZ7IYnvloZKqoVQODO5GlKF2ja6IcMNlh
+GCNdD6PSAS6HcmalmWo9sj+1YMkrl+GJikKZqVBHrHNwMGAG67w=
+-----END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/testdata/server_cert.pem b/vendor/github.com/google/s2a-go/internal/v2/testdata/server_cert.pem
new file mode 100644
index 000000000..0f98322c7
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/testdata/server_cert.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIUKCoDuLtiZXvhsBY2RoDm0ugizJ8wDQYJKoZIhvcNAQEL
+BQAwgYcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2
+YWxlMRAwDgYDVQQKDAdDb21wYW55MREwDwYDVQQLDAhEaXZpc2lvbjEWMBQGA1UE
+AwwNczJhX3Rlc3RfY2VydDEaMBgGCSqGSIb3DQEJARYLeHl6QHh5ei5jb20wHhcN
+MjIwNTMxMjAwODI1WhcNNDIwNTI2MjAwODI1WjCBhzELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgMAkNBMRIwEAYDVQQHDAlTdW5ueXZhbGUxEDAOBgNVBAoMB0NvbXBhbnkx
+ETAPBgNVBAsMCERpdmlzaW9uMRYwFAYDVQQDDA1zMmFfdGVzdF9jZXJ0MRowGAYJ
+KoZIhvcNAQkBFgt4eXpAeHl6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAKK1++PXQ+M3hjYH/v0K4UEYl5ljzpNM1i52eQM+gFooojT87PDSaphT
+fs0PXy/PTAjHBEvPhWpOpmQXfJNYzjwcCvg66hbqkv++/VTZiFLAsHagzkEz+FRJ
+qT5Eq7G5FLyw1izX1uxyPN7tAEWEEg7eqsiaXD3Cq8+TYN9cjirPeF7RZF8yFCYE
+xqvbo+Yc6RL6xw19iXVTfctRgQe581KQuIY5/LXo3dWDEilFdsADAe8XAEcO64es
+Ow0g1UvXLnpXSE151kXBFb3sKH/ZjCecDYMCIMEb4sWLSblkSxJ5sNSmXIG4wtr2
+Qnii7CXZgnVYraQE/Jyh+NMQANuoSdMCAwEAAaNTMFEwHQYDVR0OBBYEFAyQQQuM
+ab+YUQqjK8dVVOoHVFmXMB8GA1UdIwQYMBaAFAyQQQuMab+YUQqjK8dVVOoHVFmX
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADj0vQ6ykWhicoqR
+e6VZMwlEJV7/DSvWWKBd9MUjfKye0A4565ya5lmnzP3DiD3nqGe3miqmLsXKDs+X
+POqlPXTWIamP7D4MJ32XtSLwZB4ru+I+Ao/P/VngPepoRPQoBnzHe7jww0rokqxl
+AZERjlbTUwUAy/BPWPSzSJZ2j0tcs6ZLDNyYzpK4ao8R9/1VmQ92Tcp3feJs1QTg
+odRQc3om/AkWOwsll+oyX0UbJeHkFHiLanUPXbdh+/BkSvZJ8ynL+feSDdaurPe+
+PSfnqLtQft9/neecGRdEaQzzzSFVQUVQzTdK1Q7hA7b55b2HvIa3ktDiks+sJsYN
+Dhm6uZM=
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/testdata/server_key.pem b/vendor/github.com/google/s2a-go/internal/v2/testdata/server_key.pem
new file mode 100644
index 000000000..81afea783
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/testdata/server_key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAorX749dD4zeGNgf+/QrhQRiXmWPOk0zWLnZ5Az6AWiiiNPzs
+8NJqmFN+zQ9fL89MCMcES8+Fak6mZBd8k1jOPBwK+DrqFuqS/779VNmIUsCwdqDO
+QTP4VEmpPkSrsbkUvLDWLNfW7HI83u0ARYQSDt6qyJpcPcKrz5Ng31yOKs94XtFk
+XzIUJgTGq9uj5hzpEvrHDX2JdVN9y1GBB7nzUpC4hjn8tejd1YMSKUV2wAMB7xcA
+Rw7rh6w7DSDVS9cueldITXnWRcEVvewof9mMJ5wNgwIgwRvixYtJuWRLEnmw1KZc
+gbjC2vZCeKLsJdmCdVitpAT8nKH40xAA26hJ0wIDAQABAoIBACaNR+lsD8G+XiZf
+LqN1+HkcAo9tfnyYMAdCOtnx7SdviT9Uzi8hK/B7mAeuJLeHPlS2EuaDfPD7QaFl
+jza6S+MiIdc+3kgfvESsVAnOoOY6kZUJ9NSuI6CU82y1iJjLaYZrv9NQMLRFPPb0
+4KOX709mosB1EnXvshW0rbc+jtDFhrm1SxMt+k9TuzmMxjbOeW4LOLXPgU8X1T3Q
+Xy0hMZZtcgBs9wFIo8yCtmOixax9pnFE8rRltgDxTodn9LLdz1FieyntNgDksZ0P
+nt4kV7Mqly7ELaea+Foaj244mKsesic2e3GhAlMRLun/VSunSf7mOCxfpITB8dp1
+drDhOYECgYEA19151dVxRcviuovN6Dar+QszMTnU8pDJ8BjLFjXjP/hNBBwMTHDE
+duMuWk2qnwZqMooI/shxrF/ufmTgS0CFrh2+ANBZu27vWConJNXcyNtdigI4wt50
+L0Y2qcZn2mg67qFXHwoR3QNwrwnPwEjRXA09at9CSRZzcwDQ0ETXhYsCgYEAwPaG
+06QdK8Zyly7TTzZJwxzv9uGiqzodmGtX6NEKjgij2JaCxHpukqZBJoqa0jKeK1cm
+eNVkOvT5ff9TMzarSHQLr3pZen2/oVLb5gaFkbcJt/klv9Fd+ZRilHY3i6QwS6pD
+uMiPOWS4DrLHDRVoVlAZTDjT1RVwwTs+P2NhJdkCgYEAsriXysbxBYyMp05gqEW7
+lHIFbFgpSrs9th+Q5U6wW6JEgYaHWDJ1NslY80MiZI93FWjbkbZ7BvBWESeL3EIL
+a+EMErht0pVCbIhZ6FF4foPAqia0wAJVx14mm+G80kNBp5jE/NnleEsE3KcO7nBb
+hg8gLn+x7bk81JZ0TDrzBYkCgYEAuQKluv47SeF3tSScTfKLPpvcKCWmxe1uutkQ
+7JShPhVioyOMNb39jnYBOWbjkm4d4QgqRuiytSR0oi3QI+Ziy5EYMyNn713qAk9j
+r2TJZDDPDKnBW+zt4YI4EohWMXk3JRUW4XDKggjjwJQA7bZ812TtHHvP/xoThfG7
+eSNb3eECgYBw6ssgCtMrdvQiEmjKVX/9yI38mvC2kSGyzbrQnGUfgqRGomRpeZuD
+B5E3kysA4td5pT5lvcLgSW0TbOz+YbiriXjwOihPIelCvc9gE2eOUI71/byUWPFz
+7u5F/xQ4NaGr5suLF+lBC6h7pSbM4El9lIHQAQadpuEdzHqrw+hs3g==
+-----END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/client_cert.pem b/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/client_cert.pem
new file mode 100644
index 000000000..493a5a264
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/client_cert.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIUKXNlBRVe6UepjQUijIFPZBd/4qYwDQYJKoZIhvcNAQEL
+BQAwgYcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2
+YWxlMRAwDgYDVQQKDAdDb21wYW55MREwDwYDVQQLDAhEaXZpc2lvbjEWMBQGA1UE
+AwwNczJhX3Rlc3RfY2VydDEaMBgGCSqGSIb3DQEJARYLeHl6QHh5ei5jb20wHhcN
+MjIwNTMxMjAwMzE1WhcNNDIwNTI2MjAwMzE1WjCBhzELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgMAkNBMRIwEAYDVQQHDAlTdW5ueXZhbGUxEDAOBgNVBAoMB0NvbXBhbnkx
+ETAPBgNVBAsMCERpdmlzaW9uMRYwFAYDVQQDDA1zMmFfdGVzdF9jZXJ0MRowGAYJ
+KoZIhvcNAQkBFgt4eXpAeHl6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAOOFuIucH7XXfohGxKd3uR/ihUA/LdduR9I8kfpUEbq5BOt8xZe5/Yn9
+a1ozEHVW6cOAbHbnwAR8tkSgZ/t42QIA2k77HWU1Jh2xiEIsJivo3imm4/kZWuR0
+OqPh7MhzxpR/hvNwpI5mJsAVBWFMa5KtecFZLnyZtwHylrRN1QXzuLrOxuKFufK3
+RKbTABScn5RbZL976H/jgfSeXrbt242NrIoBnVe6fRbekbq2DQ6zFArbQMUgHjHK
+P0UqBgdr1QmHfi9KytFyx9BTP3gXWnWIu+bY7/v7qKJMHFwGETo+dCLWYevJL316
+HnLfhApDMfP8U+Yv/y1N/YvgaSOSlEcCAwEAAaNTMFEwHQYDVR0OBBYEFKhAU4nu
+0h/lrnggbIGvx4ej0WklMB8GA1UdIwQYMBaAFKhAU4nu0h/lrnggbIGvx4ej0Wkl
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAE/6NghzQ5fu6yR6
+EHKbj/YMrFdT7aGn5n2sAf7wJ33LIhiFHkpWBsVlm7rDtZtwhe891ZK/P60anlg9
+/P0Ua53tSRVRmCvTnEbXWOVMN4is6MsR7BlmzUxl4AtIn7jbeifEwRL7B4xDYmdA
+QrQnsqoz45dLgS5xK4WDqXATP09Q91xQDuhud/b+A4jrvgwFASmL7rMIZbp4f1JQ
+nlnl/9VoTBQBvJiWkDUtQDMpRLtauddEkv4AGz75p5IspXWD6cOemuh2iQec11xD
+X20rs2WZbAcAiUa3nmy8OKYw435vmpj8gp39WYbX/Yx9TymrFFbVY92wYn+quTco
+pKklVz0=
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/client_key.pem b/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/client_key.pem
new file mode 100644
index 000000000..55a7f10c7
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/client_key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEA44W4i5wftdd+iEbEp3e5H+KFQD8t125H0jyR+lQRurkE63zF
+l7n9if1rWjMQdVbpw4BsdufABHy2RKBn+3jZAgDaTvsdZTUmHbGIQiwmK+jeKabj
++Rla5HQ6o+HsyHPGlH+G83CkjmYmwBUFYUxrkq15wVkufJm3AfKWtE3VBfO4us7G
+4oW58rdEptMAFJyflFtkv3vof+OB9J5etu3bjY2sigGdV7p9Ft6RurYNDrMUCttA
+xSAeMco/RSoGB2vVCYd+L0rK0XLH0FM/eBdadYi75tjv+/uookwcXAYROj50ItZh
+68kvfXoect+ECkMx8/xT5i//LU39i+BpI5KURwIDAQABAoIBABgyjo/6iLzUMFbZ
+/+w3pW6orrdIgN2akvTfED9pVYFgUA+jc3hRhY95bkNnjuaL2cy7Cc4Tk65mfRQL
+Y0OxdJLr+EvSFSxAXM9npDA1ddHRsF8JqtFBSxNk8R+g1Yf0GDiO35Fgd3/ViWWA
+VtQkRoSRApP3oiQKTRZd8H04keFR+PvmDk/Lq11l3Kc24A1PevKIPX1oI990ggw9
+9i4uSV+cnuMxmcI9xxJtgwdDFdjr39l2arLOHr4s6LGoV2IOdXHNlv5xRqWUZ0FH
+MDHowkLgwDrdSTnNeaVNkce14Gqx+bd4hNaLCdKXMpedBTEmrut3f3hdV1kKjaKt
+aqRYr8ECgYEA/YDGZY2jvFoHHBywlqmEMFrrCvQGH51m5R1Ntpkzr+Rh3YCmrpvq
+xgwJXING0PUw3dz+xrH5lJICrfNE5Kt3fPu1rAEy+13mYsNowghtUq2Rtu0Hsjjx
+2E3Bf8vEB6RNBMmGkUpTTIAroGF5tpJoRvfnWax+k4pFdrKYFtyZdNcCgYEA5cNv
+EPltvOobjTXlUmtVP3n27KZN2aXexTcagLzRxE9CV4cYySENl3KuOMmccaZpIl6z
+aHk6BT4X+M0LqElNUczrInfVqI+SGAFLGy7W6CJaqSr6cpyFUP/fosKpm6wKGgLq
+udHfpvz5rckhKd8kJxFLvhGOK9yN5qpzih0gfhECgYAJfwRvk3G5wYmYpP58dlcs
+VIuPenqsPoI3PPTHTU/hW+XKnWIhElgmGRdUrto9Q6IT/Y5RtSMLTLjq+Tzwb/fm
+56rziYv2XJsfwgAvnI8z1Kqrto9ePsHYf3krJ1/thVsZPc9bq/QY3ohD1sLvcuaT
+GgBBnLOVJU3a12/ZE2RwOwKBgF0csWMAoj8/5IB6if+3ral2xOGsl7oPZVMo/J2V
+Z7EVqb4M6rd/pKFugTpUQgkwtkSOekhpcGD1hAN5HTNK2YG/+L5UMAsKe9sskwJm
+HgOfAHy0BSDzW3ey6i9skg2bT9Cww+0gJ3Hl7U1HSCBO5LjMYpSZSrNtwzfqdb5Q
+BX3xAoGARZdR28Ej3+/+0+fz47Yu2h4z0EI/EbrudLOWY936jIeAVwHckI3+BuqH
+qR4poj1gfbnMxNuI9UzIXzjEmGewx9kDZ7IYnvloZKqoVQODO5GlKF2ja6IcMNlh
+GCNdD6PSAS6HcmalmWo9sj+1YMkrl+GJikKZqVBHrHNwMGAG67w=
+-----END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/server_cert.pem b/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/server_cert.pem
new file mode 100644
index 000000000..0f98322c7
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/server_cert.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIUKCoDuLtiZXvhsBY2RoDm0ugizJ8wDQYJKoZIhvcNAQEL
+BQAwgYcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2
+YWxlMRAwDgYDVQQKDAdDb21wYW55MREwDwYDVQQLDAhEaXZpc2lvbjEWMBQGA1UE
+AwwNczJhX3Rlc3RfY2VydDEaMBgGCSqGSIb3DQEJARYLeHl6QHh5ei5jb20wHhcN
+MjIwNTMxMjAwODI1WhcNNDIwNTI2MjAwODI1WjCBhzELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgMAkNBMRIwEAYDVQQHDAlTdW5ueXZhbGUxEDAOBgNVBAoMB0NvbXBhbnkx
+ETAPBgNVBAsMCERpdmlzaW9uMRYwFAYDVQQDDA1zMmFfdGVzdF9jZXJ0MRowGAYJ
+KoZIhvcNAQkBFgt4eXpAeHl6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAKK1++PXQ+M3hjYH/v0K4UEYl5ljzpNM1i52eQM+gFooojT87PDSaphT
+fs0PXy/PTAjHBEvPhWpOpmQXfJNYzjwcCvg66hbqkv++/VTZiFLAsHagzkEz+FRJ
+qT5Eq7G5FLyw1izX1uxyPN7tAEWEEg7eqsiaXD3Cq8+TYN9cjirPeF7RZF8yFCYE
+xqvbo+Yc6RL6xw19iXVTfctRgQe581KQuIY5/LXo3dWDEilFdsADAe8XAEcO64es
+Ow0g1UvXLnpXSE151kXBFb3sKH/ZjCecDYMCIMEb4sWLSblkSxJ5sNSmXIG4wtr2
+Qnii7CXZgnVYraQE/Jyh+NMQANuoSdMCAwEAAaNTMFEwHQYDVR0OBBYEFAyQQQuM
+ab+YUQqjK8dVVOoHVFmXMB8GA1UdIwQYMBaAFAyQQQuMab+YUQqjK8dVVOoHVFmX
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADj0vQ6ykWhicoqR
+e6VZMwlEJV7/DSvWWKBd9MUjfKye0A4565ya5lmnzP3DiD3nqGe3miqmLsXKDs+X
+POqlPXTWIamP7D4MJ32XtSLwZB4ru+I+Ao/P/VngPepoRPQoBnzHe7jww0rokqxl
+AZERjlbTUwUAy/BPWPSzSJZ2j0tcs6ZLDNyYzpK4ao8R9/1VmQ92Tcp3feJs1QTg
+odRQc3om/AkWOwsll+oyX0UbJeHkFHiLanUPXbdh+/BkSvZJ8ynL+feSDdaurPe+
+PSfnqLtQft9/neecGRdEaQzzzSFVQUVQzTdK1Q7hA7b55b2HvIa3ktDiks+sJsYN
+Dhm6uZM=
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/server_key.pem b/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/server_key.pem
new file mode 100644
index 000000000..81afea783
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/server_key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAorX749dD4zeGNgf+/QrhQRiXmWPOk0zWLnZ5Az6AWiiiNPzs
+8NJqmFN+zQ9fL89MCMcES8+Fak6mZBd8k1jOPBwK+DrqFuqS/779VNmIUsCwdqDO
+QTP4VEmpPkSrsbkUvLDWLNfW7HI83u0ARYQSDt6qyJpcPcKrz5Ng31yOKs94XtFk
+XzIUJgTGq9uj5hzpEvrHDX2JdVN9y1GBB7nzUpC4hjn8tejd1YMSKUV2wAMB7xcA
+Rw7rh6w7DSDVS9cueldITXnWRcEVvewof9mMJ5wNgwIgwRvixYtJuWRLEnmw1KZc
+gbjC2vZCeKLsJdmCdVitpAT8nKH40xAA26hJ0wIDAQABAoIBACaNR+lsD8G+XiZf
+LqN1+HkcAo9tfnyYMAdCOtnx7SdviT9Uzi8hK/B7mAeuJLeHPlS2EuaDfPD7QaFl
+jza6S+MiIdc+3kgfvESsVAnOoOY6kZUJ9NSuI6CU82y1iJjLaYZrv9NQMLRFPPb0
+4KOX709mosB1EnXvshW0rbc+jtDFhrm1SxMt+k9TuzmMxjbOeW4LOLXPgU8X1T3Q
+Xy0hMZZtcgBs9wFIo8yCtmOixax9pnFE8rRltgDxTodn9LLdz1FieyntNgDksZ0P
+nt4kV7Mqly7ELaea+Foaj244mKsesic2e3GhAlMRLun/VSunSf7mOCxfpITB8dp1
+drDhOYECgYEA19151dVxRcviuovN6Dar+QszMTnU8pDJ8BjLFjXjP/hNBBwMTHDE
+duMuWk2qnwZqMooI/shxrF/ufmTgS0CFrh2+ANBZu27vWConJNXcyNtdigI4wt50
+L0Y2qcZn2mg67qFXHwoR3QNwrwnPwEjRXA09at9CSRZzcwDQ0ETXhYsCgYEAwPaG
+06QdK8Zyly7TTzZJwxzv9uGiqzodmGtX6NEKjgij2JaCxHpukqZBJoqa0jKeK1cm
+eNVkOvT5ff9TMzarSHQLr3pZen2/oVLb5gaFkbcJt/klv9Fd+ZRilHY3i6QwS6pD
+uMiPOWS4DrLHDRVoVlAZTDjT1RVwwTs+P2NhJdkCgYEAsriXysbxBYyMp05gqEW7
+lHIFbFgpSrs9th+Q5U6wW6JEgYaHWDJ1NslY80MiZI93FWjbkbZ7BvBWESeL3EIL
+a+EMErht0pVCbIhZ6FF4foPAqia0wAJVx14mm+G80kNBp5jE/NnleEsE3KcO7nBb
+hg8gLn+x7bk81JZ0TDrzBYkCgYEAuQKluv47SeF3tSScTfKLPpvcKCWmxe1uutkQ
+7JShPhVioyOMNb39jnYBOWbjkm4d4QgqRuiytSR0oi3QI+Ziy5EYMyNn713qAk9j
+r2TJZDDPDKnBW+zt4YI4EohWMXk3JRUW4XDKggjjwJQA7bZ812TtHHvP/xoThfG7
+eSNb3eECgYBw6ssgCtMrdvQiEmjKVX/9yI38mvC2kSGyzbrQnGUfgqRGomRpeZuD
+B5E3kysA4td5pT5lvcLgSW0TbOz+YbiriXjwOihPIelCvc9gE2eOUI71/byUWPFz
+7u5F/xQ4NaGr5suLF+lBC6h7pSbM4El9lIHQAQadpuEdzHqrw+hs3g==
+-----END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/tlsconfigstore.go b/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/tlsconfigstore.go
new file mode 100644
index 000000000..4d9191322
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/tlsconfigstore.go
@@ -0,0 +1,404 @@
+/*
+ *
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package tlsconfigstore offloads operations to S2Av2.
+package tlsconfigstore
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"encoding/pem"
+	"errors"
+	"fmt"
+
+	"github.com/google/s2a-go/internal/tokenmanager"
+	"github.com/google/s2a-go/internal/v2/certverifier"
+	"github.com/google/s2a-go/internal/v2/remotesigner"
+	"github.com/google/s2a-go/stream"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/grpclog"
+
+	commonpbv1 "github.com/google/s2a-go/internal/proto/common_go_proto"
+	commonpb "github.com/google/s2a-go/internal/proto/v2/common_go_proto"
+	s2av2pb "github.com/google/s2a-go/internal/proto/v2/s2a_go_proto"
+)
+
+const (
+	// HTTP/2
+	h2 = "h2"
+)
+
+// GetTLSConfigurationForClient returns a tls.Config instance for use by a client application.
+func GetTLSConfigurationForClient(serverHostname string, s2AStream stream.S2AStream, tokenManager tokenmanager.AccessTokenManager, localIdentity *commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, serverAuthorizationPolicy []byte) (*tls.Config, error) {
+	authMechanisms := getAuthMechanisms(tokenManager, []*commonpbv1.Identity{localIdentity})
+
+	if grpclog.V(1) {
+		grpclog.Infof("Sending request to S2Av2 for client TLS config.")
+	}
+	// Send request to S2Av2 for config.
+	if err := s2AStream.Send(&s2av2pb.SessionReq{
+		LocalIdentity:            localIdentity,
+		AuthenticationMechanisms: authMechanisms,
+		ReqOneof: &s2av2pb.SessionReq_GetTlsConfigurationReq{
+			GetTlsConfigurationReq: &s2av2pb.GetTlsConfigurationReq{
+				ConnectionSide: commonpb.ConnectionSide_CONNECTION_SIDE_CLIENT,
+			},
+		},
+	}); err != nil {
+		grpclog.Infof("Failed to send request to S2Av2 for client TLS config")
+		return nil, err
+	}
+
+	// Get the response containing config from S2Av2.
+	resp, err := s2AStream.Recv()
+	if err != nil {
+		grpclog.Infof("Failed to receive client TLS config response from S2Av2.")
+		return nil, err
+	}
+
+	// TODO(rmehta19): Add unit test for this if statement.
+	if (resp.GetStatus() != nil) && (resp.GetStatus().Code != uint32(codes.OK)) {
+		return nil, fmt.Errorf("failed to get TLS configuration from S2A: %d, %v", resp.GetStatus().Code, resp.GetStatus().Details)
+	}
+
+	// Extract TLS configiguration from SessionResp.
+	tlsConfig := resp.GetGetTlsConfigurationResp().GetClientTlsConfiguration()
+
+	var cert tls.Certificate
+	for i, v := range tlsConfig.CertificateChain {
+		// Populate Certificates field.
+		block, _ := pem.Decode([]byte(v))
+		if block == nil {
+			return nil, errors.New("certificate in CertificateChain obtained from S2Av2 is empty")
+		}
+		x509Cert, err := x509.ParseCertificate(block.Bytes)
+		if err != nil {
+			return nil, err
+		}
+		cert.Certificate = append(cert.Certificate, x509Cert.Raw)
+		if i == 0 {
+			cert.Leaf = x509Cert
+		}
+	}
+
+	if len(tlsConfig.CertificateChain) > 0 {
+		cert.PrivateKey = remotesigner.New(cert.Leaf, s2AStream)
+		if cert.PrivateKey == nil {
+			return nil, errors.New("failed to retrieve Private Key from Remote Signer Library")
+		}
+	}
+
+	minVersion, maxVersion, err := getTLSMinMaxVersionsClient(tlsConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	// Create mTLS credentials for client.
+	config := &tls.Config{
+		VerifyPeerCertificate:  certverifier.VerifyServerCertificateChain(serverHostname, verificationMode, s2AStream, serverAuthorizationPolicy),
+		ServerName:             serverHostname,
+		InsecureSkipVerify:     true, // NOLINT
+		ClientSessionCache:     nil,
+		SessionTicketsDisabled: true,
+		MinVersion:             minVersion,
+		MaxVersion:             maxVersion,
+		NextProtos:             []string{h2},
+	}
+	if len(tlsConfig.CertificateChain) > 0 {
+		config.Certificates = []tls.Certificate{cert}
+	}
+	return config, nil
+}
+
+// GetTLSConfigurationForServer returns a tls.Config instance for use by a server application.
+func GetTLSConfigurationForServer(s2AStream stream.S2AStream, tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode) (*tls.Config, error) {
+	return &tls.Config{
+		GetConfigForClient: ClientConfig(tokenManager, localIdentities, verificationMode, s2AStream),
+	}, nil
+}
+
+// ClientConfig builds a TLS config for a server to establish a secure
+// connection with a client, based on SNI communicated during ClientHello.
+// Ensures that server presents the correct certificate to establish a TLS
+// connection.
+func ClientConfig(tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, s2AStream stream.S2AStream) func(chi *tls.ClientHelloInfo) (*tls.Config, error) {
+	return func(chi *tls.ClientHelloInfo) (*tls.Config, error) {
+		tlsConfig, err := getServerConfigFromS2Av2(tokenManager, localIdentities, chi.ServerName, s2AStream)
+		if err != nil {
+			return nil, err
+		}
+
+		var cert tls.Certificate
+		for i, v := range tlsConfig.CertificateChain {
+			// Populate Certificates field.
+			block, _ := pem.Decode([]byte(v))
+			if block == nil {
+				return nil, errors.New("certificate in CertificateChain obtained from S2Av2 is empty")
+			}
+			x509Cert, err := x509.ParseCertificate(block.Bytes)
+			if err != nil {
+				return nil, err
+			}
+			cert.Certificate = append(cert.Certificate, x509Cert.Raw)
+			if i == 0 {
+				cert.Leaf = x509Cert
+			}
+		}
+
+		cert.PrivateKey = remotesigner.New(cert.Leaf, s2AStream)
+		if cert.PrivateKey == nil {
+			return nil, errors.New("failed to retrieve Private Key from Remote Signer Library")
+		}
+
+		minVersion, maxVersion, err := getTLSMinMaxVersionsServer(tlsConfig)
+		if err != nil {
+			return nil, err
+		}
+
+		clientAuth := getTLSClientAuthType(tlsConfig)
+
+		var cipherSuites []uint16
+		cipherSuites = getCipherSuites(tlsConfig.Ciphersuites)
+
+		// Create mTLS credentials for server.
+		return &tls.Config{
+			Certificates:           []tls.Certificate{cert},
+			VerifyPeerCertificate:  certverifier.VerifyClientCertificateChain(verificationMode, s2AStream),
+			ClientAuth:             clientAuth,
+			CipherSuites:           cipherSuites,
+			SessionTicketsDisabled: true,
+			MinVersion:             minVersion,
+			MaxVersion:             maxVersion,
+			NextProtos:             []string{h2},
+		}, nil
+	}
+}
+
+func getCipherSuites(tlsConfigCipherSuites []commonpb.Ciphersuite) []uint16 {
+	var tlsGoCipherSuites []uint16
+	for _, v := range tlsConfigCipherSuites {
+		s := getTLSCipherSuite(v)
+		if s != 0xffff {
+			tlsGoCipherSuites = append(tlsGoCipherSuites, s)
+		}
+	}
+	return tlsGoCipherSuites
+}
+
+func getTLSCipherSuite(tlsCipherSuite commonpb.Ciphersuite) uint16 {
+	switch tlsCipherSuite {
+	case commonpb.Ciphersuite_CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
+		return tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+	case commonpb.Ciphersuite_CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
+		return tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+	case commonpb.Ciphersuite_CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
+		return tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+	case commonpb.Ciphersuite_CIPHERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
+		return tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+	case commonpb.Ciphersuite_CIPHERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
+		return tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+	case commonpb.Ciphersuite_CIPHERSUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
+		return tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+	default:
+		return 0xffff
+	}
+}
+
+func getServerConfigFromS2Av2(tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpbv1.Identity, sni string, s2AStream stream.S2AStream) (*s2av2pb.GetTlsConfigurationResp_ServerTlsConfiguration, error) {
+	authMechanisms := getAuthMechanisms(tokenManager, localIdentities)
+	var locID *commonpbv1.Identity
+	if localIdentities != nil {
+		locID = localIdentities[0]
+	}
+
+	if err := s2AStream.Send(&s2av2pb.SessionReq{
+		LocalIdentity:            locID,
+		AuthenticationMechanisms: authMechanisms,
+		ReqOneof: &s2av2pb.SessionReq_GetTlsConfigurationReq{
+			GetTlsConfigurationReq: &s2av2pb.GetTlsConfigurationReq{
+				ConnectionSide: commonpb.ConnectionSide_CONNECTION_SIDE_SERVER,
+				Sni:            sni,
+			},
+		},
+	}); err != nil {
+		return nil, err
+	}
+
+	resp, err := s2AStream.Recv()
+	if err != nil {
+		return nil, err
+	}
+
+	// TODO(rmehta19): Add unit test for this if statement.
+	if (resp.GetStatus() != nil) && (resp.GetStatus().Code != uint32(codes.OK)) {
+		return nil, fmt.Errorf("failed to get TLS configuration from S2A: %d, %v", resp.GetStatus().Code, resp.GetStatus().Details)
+	}
+
+	return resp.GetGetTlsConfigurationResp().GetServerTlsConfiguration(), nil
+}
+
+func getTLSClientAuthType(tlsConfig *s2av2pb.GetTlsConfigurationResp_ServerTlsConfiguration) tls.ClientAuthType {
+	var clientAuth tls.ClientAuthType
+	switch x := tlsConfig.RequestClientCertificate; x {
+	case s2av2pb.GetTlsConfigurationResp_ServerTlsConfiguration_DONT_REQUEST_CLIENT_CERTIFICATE:
+		clientAuth = tls.NoClientCert
+	case s2av2pb.GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY:
+		clientAuth = tls.RequestClientCert
+	case s2av2pb.GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY:
+		// This case actually maps to tls.VerifyClientCertIfGiven. However this
+		// mapping triggers normal verification, followed by custom verification,
+		// specified in VerifyPeerCertificate. To bypass normal verification, and
+		// only do custom verification we set clientAuth to RequireAnyClientCert or
+		// RequestClientCert. See https://github.com/google/s2a-go/pull/43 for full
+		// discussion.
+		clientAuth = tls.RequireAnyClientCert
+	case s2av2pb.GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY:
+		clientAuth = tls.RequireAnyClientCert
+	case s2av2pb.GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY:
+		// This case actually maps to tls.RequireAndVerifyClientCert. However this
+		// mapping triggers normal verification, followed by custom verification,
+		// specified in VerifyPeerCertificate. To bypass normal verification, and
+		// only do custom verification we set clientAuth to RequireAnyClientCert or
+		// RequestClientCert. See https://github.com/google/s2a-go/pull/43 for full
+		// discussion.
+		clientAuth = tls.RequireAnyClientCert
+	default:
+		clientAuth = tls.RequireAnyClientCert
+	}
+	return clientAuth
+}
+
+func getAuthMechanisms(tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpbv1.Identity) []*s2av2pb.AuthenticationMechanism {
+	if tokenManager == nil {
+		return nil
+	}
+	if len(localIdentities) == 0 {
+		token, err := tokenManager.DefaultToken()
+		if err != nil {
+			grpclog.Infof("Unable to get token for empty local identity: %v", err)
+			return nil
+		}
+		return []*s2av2pb.AuthenticationMechanism{
+			{
+				MechanismOneof: &s2av2pb.AuthenticationMechanism_Token{
+					Token: token,
+				},
+			},
+		}
+	}
+	var authMechanisms []*s2av2pb.AuthenticationMechanism
+	for _, localIdentity := range localIdentities {
+		if localIdentity == nil {
+			token, err := tokenManager.DefaultToken()
+			if err != nil {
+				grpclog.Infof("Unable to get default token for local identity %v: %v", localIdentity, err)
+				continue
+			}
+			authMechanisms = append(authMechanisms, &s2av2pb.AuthenticationMechanism{
+				Identity: localIdentity,
+				MechanismOneof: &s2av2pb.AuthenticationMechanism_Token{
+					Token: token,
+				},
+			})
+		} else {
+			token, err := tokenManager.Token(localIdentity)
+			if err != nil {
+				grpclog.Infof("Unable to get token for local identity %v: %v", localIdentity, err)
+				continue
+			}
+			authMechanisms = append(authMechanisms, &s2av2pb.AuthenticationMechanism{
+				Identity: localIdentity,
+				MechanismOneof: &s2av2pb.AuthenticationMechanism_Token{
+					Token: token,
+				},
+			})
+		}
+	}
+	return authMechanisms
+}
+
+// TODO(rmehta19): refactor switch statements into a helper function.
+func getTLSMinMaxVersionsClient(tlsConfig *s2av2pb.GetTlsConfigurationResp_ClientTlsConfiguration) (uint16, uint16, error) {
+	// Map S2Av2 TLSVersion to consts defined in tls package.
+	var minVersion uint16
+	var maxVersion uint16
+	switch x := tlsConfig.MinTlsVersion; x {
+	case commonpb.TLSVersion_TLS_VERSION_1_0:
+		minVersion = tls.VersionTLS10
+	case commonpb.TLSVersion_TLS_VERSION_1_1:
+		minVersion = tls.VersionTLS11
+	case commonpb.TLSVersion_TLS_VERSION_1_2:
+		minVersion = tls.VersionTLS12
+	case commonpb.TLSVersion_TLS_VERSION_1_3:
+		minVersion = tls.VersionTLS13
+	default:
+		return minVersion, maxVersion, fmt.Errorf("S2Av2 provided invalid MinTlsVersion: %v", x)
+	}
+
+	switch x := tlsConfig.MaxTlsVersion; x {
+	case commonpb.TLSVersion_TLS_VERSION_1_0:
+		maxVersion = tls.VersionTLS10
+	case commonpb.TLSVersion_TLS_VERSION_1_1:
+		maxVersion = tls.VersionTLS11
+	case commonpb.TLSVersion_TLS_VERSION_1_2:
+		maxVersion = tls.VersionTLS12
+	case commonpb.TLSVersion_TLS_VERSION_1_3:
+		maxVersion = tls.VersionTLS13
+	default:
+		return minVersion, maxVersion, fmt.Errorf("S2Av2 provided invalid MaxTlsVersion: %v", x)
+	}
+	if minVersion > maxVersion {
+		return minVersion, maxVersion, errors.New("S2Av2 provided minVersion > maxVersion")
+	}
+	return minVersion, maxVersion, nil
+}
+
+func getTLSMinMaxVersionsServer(tlsConfig *s2av2pb.GetTlsConfigurationResp_ServerTlsConfiguration) (uint16, uint16, error) {
+	// Map S2Av2 TLSVersion to consts defined in tls package.
+	var minVersion uint16
+	var maxVersion uint16
+	switch x := tlsConfig.MinTlsVersion; x {
+	case commonpb.TLSVersion_TLS_VERSION_1_0:
+		minVersion = tls.VersionTLS10
+	case commonpb.TLSVersion_TLS_VERSION_1_1:
+		minVersion = tls.VersionTLS11
+	case commonpb.TLSVersion_TLS_VERSION_1_2:
+		minVersion = tls.VersionTLS12
+	case commonpb.TLSVersion_TLS_VERSION_1_3:
+		minVersion = tls.VersionTLS13
+	default:
+		return minVersion, maxVersion, fmt.Errorf("S2Av2 provided invalid MinTlsVersion: %v", x)
+	}
+
+	switch x := tlsConfig.MaxTlsVersion; x {
+	case commonpb.TLSVersion_TLS_VERSION_1_0:
+		maxVersion = tls.VersionTLS10
+	case commonpb.TLSVersion_TLS_VERSION_1_1:
+		maxVersion = tls.VersionTLS11
+	case commonpb.TLSVersion_TLS_VERSION_1_2:
+		maxVersion = tls.VersionTLS12
+	case commonpb.TLSVersion_TLS_VERSION_1_3:
+		maxVersion = tls.VersionTLS13
+	default:
+		return minVersion, maxVersion, fmt.Errorf("S2Av2 provided invalid MaxTlsVersion: %v", x)
+	}
+	if minVersion > maxVersion {
+		return minVersion, maxVersion, errors.New("S2Av2 provided minVersion > maxVersion")
+	}
+	return minVersion, maxVersion, nil
+}
diff --git a/vendor/github.com/google/s2a-go/s2a.go b/vendor/github.com/google/s2a-go/s2a.go
new file mode 100644
index 000000000..1c1349de4
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/s2a.go
@@ -0,0 +1,412 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package s2a provides the S2A transport credentials used by a gRPC
+// application.
+package s2a
+
+import (
+	"context"
+	"crypto/tls"
+	"errors"
+	"fmt"
+	"net"
+	"sync"
+	"time"
+
+	"github.com/golang/protobuf/proto"
+	"github.com/google/s2a-go/fallback"
+	"github.com/google/s2a-go/internal/handshaker"
+	"github.com/google/s2a-go/internal/handshaker/service"
+	"github.com/google/s2a-go/internal/tokenmanager"
+	"github.com/google/s2a-go/internal/v2"
+	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/grpclog"
+
+	commonpb "github.com/google/s2a-go/internal/proto/common_go_proto"
+	s2av2pb "github.com/google/s2a-go/internal/proto/v2/s2a_go_proto"
+)
+
+const (
+	s2aSecurityProtocol = "tls"
+	// defaultTimeout specifies the default server handshake timeout.
+	defaultTimeout = 30.0 * time.Second
+)
+
+// s2aTransportCreds are the transport credentials required for establishing
+// a secure connection using the S2A. They implement the
+// credentials.TransportCredentials interface.
+type s2aTransportCreds struct {
+	info          *credentials.ProtocolInfo
+	minTLSVersion commonpb.TLSVersion
+	maxTLSVersion commonpb.TLSVersion
+	// tlsCiphersuites contains the ciphersuites used in the S2A connection.
+	// Note that these are currently unconfigurable.
+	tlsCiphersuites []commonpb.Ciphersuite
+	// localIdentity should only be used by the client.
+	localIdentity *commonpb.Identity
+	// localIdentities should only be used by the server.
+	localIdentities []*commonpb.Identity
+	// targetIdentities should only be used by the client.
+	targetIdentities            []*commonpb.Identity
+	isClient                    bool
+	s2aAddr                     string
+	ensureProcessSessionTickets *sync.WaitGroup
+}
+
+// NewClientCreds returns a client-side transport credentials object that uses
+// the S2A to establish a secure connection with a server.
+func NewClientCreds(opts *ClientOptions) (credentials.TransportCredentials, error) {
+	if opts == nil {
+		return nil, errors.New("nil client options")
+	}
+	var targetIdentities []*commonpb.Identity
+	for _, targetIdentity := range opts.TargetIdentities {
+		protoTargetIdentity, err := toProtoIdentity(targetIdentity)
+		if err != nil {
+			return nil, err
+		}
+		targetIdentities = append(targetIdentities, protoTargetIdentity)
+	}
+	localIdentity, err := toProtoIdentity(opts.LocalIdentity)
+	if err != nil {
+		return nil, err
+	}
+	if opts.EnableLegacyMode {
+		return &s2aTransportCreds{
+			info: &credentials.ProtocolInfo{
+				SecurityProtocol: s2aSecurityProtocol,
+			},
+			minTLSVersion: commonpb.TLSVersion_TLS1_3,
+			maxTLSVersion: commonpb.TLSVersion_TLS1_3,
+			tlsCiphersuites: []commonpb.Ciphersuite{
+				commonpb.Ciphersuite_AES_128_GCM_SHA256,
+				commonpb.Ciphersuite_AES_256_GCM_SHA384,
+				commonpb.Ciphersuite_CHACHA20_POLY1305_SHA256,
+			},
+			localIdentity:               localIdentity,
+			targetIdentities:            targetIdentities,
+			isClient:                    true,
+			s2aAddr:                     opts.S2AAddress,
+			ensureProcessSessionTickets: opts.EnsureProcessSessionTickets,
+		}, nil
+	}
+	verificationMode := getVerificationMode(opts.VerificationMode)
+	var fallbackFunc fallback.ClientHandshake
+	if opts.FallbackOpts != nil && opts.FallbackOpts.FallbackClientHandshakeFunc != nil {
+		fallbackFunc = opts.FallbackOpts.FallbackClientHandshakeFunc
+	}
+	return v2.NewClientCreds(opts.S2AAddress, localIdentity, verificationMode, fallbackFunc, opts.getS2AStream, opts.serverAuthorizationPolicy)
+}
+
+// NewServerCreds returns a server-side transport credentials object that uses
+// the S2A to establish a secure connection with a client.
+func NewServerCreds(opts *ServerOptions) (credentials.TransportCredentials, error) {
+	if opts == nil {
+		return nil, errors.New("nil server options")
+	}
+	var localIdentities []*commonpb.Identity
+	for _, localIdentity := range opts.LocalIdentities {
+		protoLocalIdentity, err := toProtoIdentity(localIdentity)
+		if err != nil {
+			return nil, err
+		}
+		localIdentities = append(localIdentities, protoLocalIdentity)
+	}
+	if opts.EnableLegacyMode {
+		return &s2aTransportCreds{
+			info: &credentials.ProtocolInfo{
+				SecurityProtocol: s2aSecurityProtocol,
+			},
+			minTLSVersion: commonpb.TLSVersion_TLS1_3,
+			maxTLSVersion: commonpb.TLSVersion_TLS1_3,
+			tlsCiphersuites: []commonpb.Ciphersuite{
+				commonpb.Ciphersuite_AES_128_GCM_SHA256,
+				commonpb.Ciphersuite_AES_256_GCM_SHA384,
+				commonpb.Ciphersuite_CHACHA20_POLY1305_SHA256,
+			},
+			localIdentities: localIdentities,
+			isClient:        false,
+			s2aAddr:         opts.S2AAddress,
+		}, nil
+	}
+	verificationMode := getVerificationMode(opts.VerificationMode)
+	return v2.NewServerCreds(opts.S2AAddress, localIdentities, verificationMode, opts.getS2AStream)
+}
+
+// ClientHandshake initiates a client-side TLS handshake using the S2A.
+func (c *s2aTransportCreds) ClientHandshake(ctx context.Context, serverAuthority string, rawConn net.Conn) (net.Conn, credentials.AuthInfo, error) {
+	if !c.isClient {
+		return nil, nil, errors.New("client handshake called using server transport credentials")
+	}
+
+	// Connect to the S2A.
+	hsConn, err := service.Dial(c.s2aAddr)
+	if err != nil {
+		grpclog.Infof("Failed to connect to S2A: %v", err)
+		return nil, nil, err
+	}
+
+	var cancel context.CancelFunc
+	ctx, cancel = context.WithCancel(ctx)
+	defer cancel()
+
+	opts := &handshaker.ClientHandshakerOptions{
+		MinTLSVersion:               c.minTLSVersion,
+		MaxTLSVersion:               c.maxTLSVersion,
+		TLSCiphersuites:             c.tlsCiphersuites,
+		TargetIdentities:            c.targetIdentities,
+		LocalIdentity:               c.localIdentity,
+		TargetName:                  serverAuthority,
+		EnsureProcessSessionTickets: c.ensureProcessSessionTickets,
+	}
+	chs, err := handshaker.NewClientHandshaker(ctx, hsConn, rawConn, c.s2aAddr, opts)
+	if err != nil {
+		grpclog.Infof("Call to handshaker.NewClientHandshaker failed: %v", err)
+		return nil, nil, err
+	}
+	defer func() {
+		if err != nil {
+			if closeErr := chs.Close(); closeErr != nil {
+				grpclog.Infof("Close failed unexpectedly: %v", err)
+				err = fmt.Errorf("%v: close unexpectedly failed: %v", err, closeErr)
+			}
+		}
+	}()
+
+	secConn, authInfo, err := chs.ClientHandshake(context.Background())
+	if err != nil {
+		grpclog.Infof("Handshake failed: %v", err)
+		return nil, nil, err
+	}
+	return secConn, authInfo, nil
+}
+
+// ServerHandshake initiates a server-side TLS handshake using the S2A.
+func (c *s2aTransportCreds) ServerHandshake(rawConn net.Conn) (net.Conn, credentials.AuthInfo, error) {
+	if c.isClient {
+		return nil, nil, errors.New("server handshake called using client transport credentials")
+	}
+
+	// Connect to the S2A.
+	hsConn, err := service.Dial(c.s2aAddr)
+	if err != nil {
+		grpclog.Infof("Failed to connect to S2A: %v", err)
+		return nil, nil, err
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), defaultTimeout)
+	defer cancel()
+
+	opts := &handshaker.ServerHandshakerOptions{
+		MinTLSVersion:   c.minTLSVersion,
+		MaxTLSVersion:   c.maxTLSVersion,
+		TLSCiphersuites: c.tlsCiphersuites,
+		LocalIdentities: c.localIdentities,
+	}
+	shs, err := handshaker.NewServerHandshaker(ctx, hsConn, rawConn, c.s2aAddr, opts)
+	if err != nil {
+		grpclog.Infof("Call to handshaker.NewServerHandshaker failed: %v", err)
+		return nil, nil, err
+	}
+	defer func() {
+		if err != nil {
+			if closeErr := shs.Close(); closeErr != nil {
+				grpclog.Infof("Close failed unexpectedly: %v", err)
+				err = fmt.Errorf("%v: close unexpectedly failed: %v", err, closeErr)
+			}
+		}
+	}()
+
+	secConn, authInfo, err := shs.ServerHandshake(context.Background())
+	if err != nil {
+		grpclog.Infof("Handshake failed: %v", err)
+		return nil, nil, err
+	}
+	return secConn, authInfo, nil
+}
+
+func (c *s2aTransportCreds) Info() credentials.ProtocolInfo {
+	return *c.info
+}
+
+func (c *s2aTransportCreds) Clone() credentials.TransportCredentials {
+	info := *c.info
+	var localIdentity *commonpb.Identity
+	if c.localIdentity != nil {
+		localIdentity = proto.Clone(c.localIdentity).(*commonpb.Identity)
+	}
+	var localIdentities []*commonpb.Identity
+	if c.localIdentities != nil {
+		localIdentities = make([]*commonpb.Identity, len(c.localIdentities))
+		for i, localIdentity := range c.localIdentities {
+			localIdentities[i] = proto.Clone(localIdentity).(*commonpb.Identity)
+		}
+	}
+	var targetIdentities []*commonpb.Identity
+	if c.targetIdentities != nil {
+		targetIdentities = make([]*commonpb.Identity, len(c.targetIdentities))
+		for i, targetIdentity := range c.targetIdentities {
+			targetIdentities[i] = proto.Clone(targetIdentity).(*commonpb.Identity)
+		}
+	}
+	return &s2aTransportCreds{
+		info:             &info,
+		minTLSVersion:    c.minTLSVersion,
+		maxTLSVersion:    c.maxTLSVersion,
+		tlsCiphersuites:  c.tlsCiphersuites,
+		localIdentity:    localIdentity,
+		localIdentities:  localIdentities,
+		targetIdentities: targetIdentities,
+		isClient:         c.isClient,
+		s2aAddr:          c.s2aAddr,
+	}
+}
+
+func (c *s2aTransportCreds) OverrideServerName(serverNameOverride string) error {
+	c.info.ServerName = serverNameOverride
+	return nil
+}
+
+// TLSClientConfigOptions specifies parameters for creating client TLS config.
+type TLSClientConfigOptions struct {
+	// ServerName is required by s2a as the expected name when verifying the hostname found in server's certificate.
+	// 		tlsConfig, _ := factory.Build(ctx, &s2a.TLSClientConfigOptions{
+	//			ServerName: "example.com",
+	//		})
+	ServerName string
+}
+
+// TLSClientConfigFactory defines the interface for a client TLS config factory.
+type TLSClientConfigFactory interface {
+	Build(ctx context.Context, opts *TLSClientConfigOptions) (*tls.Config, error)
+}
+
+// NewTLSClientConfigFactory returns an instance of s2aTLSClientConfigFactory.
+func NewTLSClientConfigFactory(opts *ClientOptions) (TLSClientConfigFactory, error) {
+	if opts == nil {
+		return nil, fmt.Errorf("opts must be non-nil")
+	}
+	if opts.EnableLegacyMode {
+		return nil, fmt.Errorf("NewTLSClientConfigFactory only supports S2Av2")
+	}
+	tokenManager, err := tokenmanager.NewSingleTokenAccessTokenManager()
+	if err != nil {
+		// The only possible error is: access token not set in the environment,
+		// which is okay in environments other than serverless.
+		grpclog.Infof("Access token manager not initialized: %v", err)
+		return &s2aTLSClientConfigFactory{
+			s2av2Address:              opts.S2AAddress,
+			tokenManager:              nil,
+			verificationMode:          getVerificationMode(opts.VerificationMode),
+			serverAuthorizationPolicy: opts.serverAuthorizationPolicy,
+		}, nil
+	}
+	return &s2aTLSClientConfigFactory{
+		s2av2Address:              opts.S2AAddress,
+		tokenManager:              tokenManager,
+		verificationMode:          getVerificationMode(opts.VerificationMode),
+		serverAuthorizationPolicy: opts.serverAuthorizationPolicy,
+	}, nil
+}
+
+type s2aTLSClientConfigFactory struct {
+	s2av2Address              string
+	tokenManager              tokenmanager.AccessTokenManager
+	verificationMode          s2av2pb.ValidatePeerCertificateChainReq_VerificationMode
+	serverAuthorizationPolicy []byte
+}
+
+func (f *s2aTLSClientConfigFactory) Build(
+	ctx context.Context, opts *TLSClientConfigOptions) (*tls.Config, error) {
+	serverName := ""
+	if opts != nil && opts.ServerName != "" {
+		serverName = opts.ServerName
+	}
+	return v2.NewClientTLSConfig(ctx, f.s2av2Address, f.tokenManager, f.verificationMode, serverName, f.serverAuthorizationPolicy)
+}
+
+func getVerificationMode(verificationMode VerificationModeType) s2av2pb.ValidatePeerCertificateChainReq_VerificationMode {
+	switch verificationMode {
+	case ConnectToGoogle:
+		return s2av2pb.ValidatePeerCertificateChainReq_CONNECT_TO_GOOGLE
+	case Spiffe:
+		return s2av2pb.ValidatePeerCertificateChainReq_SPIFFE
+	default:
+		return s2av2pb.ValidatePeerCertificateChainReq_UNSPECIFIED
+	}
+}
+
+// NewS2ADialTLSContextFunc returns a dialer which establishes an MTLS connection using S2A.
+// Example use with http.RoundTripper:
+//
+//		dialTLSContext := s2a.NewS2aDialTLSContextFunc(&s2a.ClientOptions{
+//			S2AAddress:         s2aAddress, // required
+//		})
+//	 	transport := http.DefaultTransport
+//	 	transport.DialTLSContext = dialTLSContext
+func NewS2ADialTLSContextFunc(opts *ClientOptions) func(ctx context.Context, network, addr string) (net.Conn, error) {
+
+	return func(ctx context.Context, network, addr string) (net.Conn, error) {
+
+		fallback := func(err error) (net.Conn, error) {
+			if opts.FallbackOpts != nil && opts.FallbackOpts.FallbackDialer != nil &&
+				opts.FallbackOpts.FallbackDialer.Dialer != nil && opts.FallbackOpts.FallbackDialer.ServerAddr != "" {
+				fbDialer := opts.FallbackOpts.FallbackDialer
+				grpclog.Infof("fall back to dial: %s", fbDialer.ServerAddr)
+				fbConn, fbErr := fbDialer.Dialer.DialContext(ctx, network, fbDialer.ServerAddr)
+				if fbErr != nil {
+					return nil, fmt.Errorf("error fallback to %s: %v; S2A error: %w", fbDialer.ServerAddr, fbErr, err)
+				}
+				return fbConn, nil
+			}
+			return nil, err
+		}
+
+		factory, err := NewTLSClientConfigFactory(opts)
+		if err != nil {
+			grpclog.Infof("error creating S2A client config factory: %v", err)
+			return fallback(err)
+		}
+
+		serverName, _, err := net.SplitHostPort(addr)
+		if err != nil {
+			serverName = addr
+		}
+		timeoutCtx, cancel := context.WithTimeout(ctx, v2.GetS2ATimeout())
+		defer cancel()
+		s2aTLSConfig, err := factory.Build(timeoutCtx, &TLSClientConfigOptions{
+			ServerName: serverName,
+		})
+		if err != nil {
+			grpclog.Infof("error building S2A TLS config: %v", err)
+			return fallback(err)
+		}
+
+		s2aDialer := &tls.Dialer{
+			Config: s2aTLSConfig,
+		}
+		c, err := s2aDialer.DialContext(ctx, network, addr)
+		if err != nil {
+			grpclog.Infof("error dialing with S2A to %s: %v", addr, err)
+			return fallback(err)
+		}
+		grpclog.Infof("success dialing MTLS to %s with S2A", addr)
+		return c, nil
+	}
+}
diff --git a/vendor/github.com/google/s2a-go/s2a_options.go b/vendor/github.com/google/s2a-go/s2a_options.go
new file mode 100644
index 000000000..94feafb9c
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/s2a_options.go
@@ -0,0 +1,208 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package s2a
+
+import (
+	"context"
+	"crypto/tls"
+	"errors"
+	"sync"
+
+	"github.com/google/s2a-go/fallback"
+	"github.com/google/s2a-go/stream"
+
+	s2apb "github.com/google/s2a-go/internal/proto/common_go_proto"
+)
+
+// Identity is the interface for S2A identities.
+type Identity interface {
+	// Name returns the name of the identity.
+	Name() string
+}
+
+type spiffeID struct {
+	spiffeID string
+}
+
+func (s *spiffeID) Name() string { return s.spiffeID }
+
+// NewSpiffeID creates a SPIFFE ID from id.
+func NewSpiffeID(id string) Identity {
+	return &spiffeID{spiffeID: id}
+}
+
+type hostname struct {
+	hostname string
+}
+
+func (h *hostname) Name() string { return h.hostname }
+
+// NewHostname creates a hostname from name.
+func NewHostname(name string) Identity {
+	return &hostname{hostname: name}
+}
+
+type uid struct {
+	uid string
+}
+
+func (h *uid) Name() string { return h.uid }
+
+// NewUID creates a UID from name.
+func NewUID(name string) Identity {
+	return &uid{uid: name}
+}
+
+// VerificationModeType specifies the mode that S2A must use to verify the peer
+// certificate chain.
+type VerificationModeType int
+
+// Three types of verification modes.
+const (
+	Unspecified = iota
+	ConnectToGoogle
+	Spiffe
+)
+
+// ClientOptions contains the client-side options used to establish a secure
+// channel using the S2A handshaker service.
+type ClientOptions struct {
+	// TargetIdentities contains a list of allowed server identities. One of the
+	// target identities should match the peer identity in the handshake
+	// result; otherwise, the handshake fails.
+	TargetIdentities []Identity
+	// LocalIdentity is the local identity of the client application. If none is
+	// provided, then the S2A will choose the default identity, if one exists.
+	LocalIdentity Identity
+	// S2AAddress is the address of the S2A.
+	S2AAddress string
+	// EnsureProcessSessionTickets waits for all session tickets to be sent to
+	// S2A before a process completes.
+	//
+	// This functionality is crucial for processes that complete very soon after
+	// using S2A to establish a TLS connection, but it can be ignored for longer
+	// lived processes.
+	//
+	// Usage example:
+	//   func main() {
+	//     var ensureProcessSessionTickets sync.WaitGroup
+	//     clientOpts := &s2a.ClientOptions{
+	//       EnsureProcessSessionTickets: &ensureProcessSessionTickets,
+	//       // Set other members.
+	//     }
+	//     creds, _ := s2a.NewClientCreds(clientOpts)
+	//     conn, _ := grpc.Dial(serverAddr, grpc.WithTransportCredentials(creds))
+	//     defer conn.Close()
+	//
+	//     // Make RPC call.
+	//
+	//     // The process terminates right after the RPC call ends.
+	//     // ensureProcessSessionTickets can be used to ensure resumption
+	//     // tickets are fully processed. If the process is long-lived, using
+	//     // ensureProcessSessionTickets is not necessary.
+	//     ensureProcessSessionTickets.Wait()
+	//   }
+	EnsureProcessSessionTickets *sync.WaitGroup
+	// If true, enables the use of legacy S2Av1.
+	EnableLegacyMode bool
+	// VerificationMode specifies the mode that S2A must use to verify the
+	// peer certificate chain.
+	VerificationMode VerificationModeType
+
+	// Optional fallback after dialing with S2A fails.
+	FallbackOpts *FallbackOptions
+
+	// Generates an S2AStream interface for talking to the S2A server.
+	getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)
+
+	// Serialized user specified policy for server authorization.
+	serverAuthorizationPolicy []byte
+}
+
+// FallbackOptions prescribes the fallback logic that should be taken if the application fails to connect with S2A.
+type FallbackOptions struct {
+	// FallbackClientHandshakeFunc is used to specify fallback behavior when calling s2a.NewClientCreds().
+	// It will be called by ClientHandshake function, after handshake with S2A fails.
+	// s2a.NewClientCreds() ignores the other FallbackDialer field.
+	FallbackClientHandshakeFunc fallback.ClientHandshake
+
+	// FallbackDialer is used to specify fallback behavior when calling s2a.NewS2aDialTLSContextFunc().
+	// It passes in a custom fallback dialer and server address to use after dialing with S2A fails.
+	// s2a.NewS2aDialTLSContextFunc() ignores the other FallbackClientHandshakeFunc field.
+	FallbackDialer *FallbackDialer
+}
+
+// FallbackDialer contains a fallback tls.Dialer and a server address to connect to.
+type FallbackDialer struct {
+	// Dialer specifies a fallback tls.Dialer.
+	Dialer *tls.Dialer
+	// ServerAddr is used by Dialer to establish fallback connection.
+	ServerAddr string
+}
+
+// DefaultClientOptions returns the default client options.
+func DefaultClientOptions(s2aAddress string) *ClientOptions {
+	return &ClientOptions{
+		S2AAddress:       s2aAddress,
+		VerificationMode: ConnectToGoogle,
+	}
+}
+
+// ServerOptions contains the server-side options used to establish a secure
+// channel using the S2A handshaker service.
+type ServerOptions struct {
+	// LocalIdentities is the list of local identities that may be assumed by
+	// the server. If no local identity is specified, then the S2A chooses a
+	// default local identity, if one exists.
+	LocalIdentities []Identity
+	// S2AAddress is the address of the S2A.
+	S2AAddress string
+	// If true, enables the use of legacy S2Av1.
+	EnableLegacyMode bool
+	// VerificationMode specifies the mode that S2A must use to verify the
+	// peer certificate chain.
+	VerificationMode VerificationModeType
+
+	// Generates an S2AStream interface for talking to the S2A server.
+	getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)
+}
+
+// DefaultServerOptions returns the default server options.
+func DefaultServerOptions(s2aAddress string) *ServerOptions {
+	return &ServerOptions{
+		S2AAddress:       s2aAddress,
+		VerificationMode: ConnectToGoogle,
+	}
+}
+
+func toProtoIdentity(identity Identity) (*s2apb.Identity, error) {
+	if identity == nil {
+		return nil, nil
+	}
+	switch id := identity.(type) {
+	case *spiffeID:
+		return &s2apb.Identity{IdentityOneof: &s2apb.Identity_SpiffeId{SpiffeId: id.Name()}}, nil
+	case *hostname:
+		return &s2apb.Identity{IdentityOneof: &s2apb.Identity_Hostname{Hostname: id.Name()}}, nil
+	case *uid:
+		return &s2apb.Identity{IdentityOneof: &s2apb.Identity_Uid{Uid: id.Name()}}, nil
+	default:
+		return nil, errors.New("unrecognized identity type")
+	}
+}
diff --git a/vendor/github.com/google/s2a-go/s2a_utils.go b/vendor/github.com/google/s2a-go/s2a_utils.go
new file mode 100644
index 000000000..d649cc461
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/s2a_utils.go
@@ -0,0 +1,79 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package s2a
+
+import (
+	"context"
+	"errors"
+
+	commonpb "github.com/google/s2a-go/internal/proto/common_go_proto"
+	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/peer"
+)
+
+// AuthInfo exposes security information from the S2A to the application.
+type AuthInfo interface {
+	// AuthType returns the authentication type.
+	AuthType() string
+	// ApplicationProtocol returns the application protocol, e.g. "grpc".
+	ApplicationProtocol() string
+	// TLSVersion returns the TLS version negotiated during the handshake.
+	TLSVersion() commonpb.TLSVersion
+	// Ciphersuite returns the ciphersuite negotiated during the handshake.
+	Ciphersuite() commonpb.Ciphersuite
+	// PeerIdentity returns the authenticated identity of the peer.
+	PeerIdentity() *commonpb.Identity
+	// LocalIdentity returns the local identity of the application used during
+	// session setup.
+	LocalIdentity() *commonpb.Identity
+	// PeerCertFingerprint returns the SHA256 hash of the peer certificate used in
+	// the S2A handshake.
+	PeerCertFingerprint() []byte
+	// LocalCertFingerprint returns the SHA256 hash of the local certificate used
+	// in the S2A handshake.
+	LocalCertFingerprint() []byte
+	// IsHandshakeResumed returns true if a cached session was used to resume
+	// the handshake.
+	IsHandshakeResumed() bool
+	// SecurityLevel returns the security level of the connection.
+	SecurityLevel() credentials.SecurityLevel
+}
+
+// AuthInfoFromPeer extracts the authinfo.S2AAuthInfo object from the given
+// peer, if it exists. This API should be used by gRPC clients after
+// obtaining a peer object using the grpc.Peer() CallOption.
+func AuthInfoFromPeer(p *peer.Peer) (AuthInfo, error) {
+	s2aAuthInfo, ok := p.AuthInfo.(AuthInfo)
+	if !ok {
+		return nil, errors.New("no S2AAuthInfo found in Peer")
+	}
+	return s2aAuthInfo, nil
+}
+
+// AuthInfoFromContext extracts the authinfo.S2AAuthInfo object from the given
+// context, if it exists. This API should be used by gRPC server RPC handlers
+// to get information about the peer. On the client-side, use the grpc.Peer()
+// CallOption and the AuthInfoFromPeer function.
+func AuthInfoFromContext(ctx context.Context) (AuthInfo, error) {
+	p, ok := peer.FromContext(ctx)
+	if !ok {
+		return nil, errors.New("no Peer found in Context")
+	}
+	return AuthInfoFromPeer(p)
+}
diff --git a/vendor/github.com/google/s2a-go/stream/s2a_stream.go b/vendor/github.com/google/s2a-go/stream/s2a_stream.go
new file mode 100644
index 000000000..584bf32b1
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/stream/s2a_stream.go
@@ -0,0 +1,34 @@
+/*
+ *
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package stream provides an interface for bidirectional streaming to the S2A server.
+package stream
+
+import (
+	s2av2pb "github.com/google/s2a-go/internal/proto/v2/s2a_go_proto"
+)
+
+// S2AStream defines the operation for communicating with the S2A server over a bidirectional stream.
+type S2AStream interface {
+	// Send sends the message to the S2A server.
+	Send(*s2av2pb.SessionReq) error
+	// Recv receives the message from the S2A server.
+	Recv() (*s2av2pb.SessionResp, error)
+	// Closes the channel to the S2A server.
+	CloseSend() error
+}
diff --git a/vendor/github.com/google/s2a-go/testdata/client_cert.pem b/vendor/github.com/google/s2a-go/testdata/client_cert.pem
new file mode 100644
index 000000000..493a5a264
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/testdata/client_cert.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIUKXNlBRVe6UepjQUijIFPZBd/4qYwDQYJKoZIhvcNAQEL
+BQAwgYcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2
+YWxlMRAwDgYDVQQKDAdDb21wYW55MREwDwYDVQQLDAhEaXZpc2lvbjEWMBQGA1UE
+AwwNczJhX3Rlc3RfY2VydDEaMBgGCSqGSIb3DQEJARYLeHl6QHh5ei5jb20wHhcN
+MjIwNTMxMjAwMzE1WhcNNDIwNTI2MjAwMzE1WjCBhzELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgMAkNBMRIwEAYDVQQHDAlTdW5ueXZhbGUxEDAOBgNVBAoMB0NvbXBhbnkx
+ETAPBgNVBAsMCERpdmlzaW9uMRYwFAYDVQQDDA1zMmFfdGVzdF9jZXJ0MRowGAYJ
+KoZIhvcNAQkBFgt4eXpAeHl6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAOOFuIucH7XXfohGxKd3uR/ihUA/LdduR9I8kfpUEbq5BOt8xZe5/Yn9
+a1ozEHVW6cOAbHbnwAR8tkSgZ/t42QIA2k77HWU1Jh2xiEIsJivo3imm4/kZWuR0
+OqPh7MhzxpR/hvNwpI5mJsAVBWFMa5KtecFZLnyZtwHylrRN1QXzuLrOxuKFufK3
+RKbTABScn5RbZL976H/jgfSeXrbt242NrIoBnVe6fRbekbq2DQ6zFArbQMUgHjHK
+P0UqBgdr1QmHfi9KytFyx9BTP3gXWnWIu+bY7/v7qKJMHFwGETo+dCLWYevJL316
+HnLfhApDMfP8U+Yv/y1N/YvgaSOSlEcCAwEAAaNTMFEwHQYDVR0OBBYEFKhAU4nu
+0h/lrnggbIGvx4ej0WklMB8GA1UdIwQYMBaAFKhAU4nu0h/lrnggbIGvx4ej0Wkl
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAE/6NghzQ5fu6yR6
+EHKbj/YMrFdT7aGn5n2sAf7wJ33LIhiFHkpWBsVlm7rDtZtwhe891ZK/P60anlg9
+/P0Ua53tSRVRmCvTnEbXWOVMN4is6MsR7BlmzUxl4AtIn7jbeifEwRL7B4xDYmdA
+QrQnsqoz45dLgS5xK4WDqXATP09Q91xQDuhud/b+A4jrvgwFASmL7rMIZbp4f1JQ
+nlnl/9VoTBQBvJiWkDUtQDMpRLtauddEkv4AGz75p5IspXWD6cOemuh2iQec11xD
+X20rs2WZbAcAiUa3nmy8OKYw435vmpj8gp39WYbX/Yx9TymrFFbVY92wYn+quTco
+pKklVz0=
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/testdata/client_key.pem b/vendor/github.com/google/s2a-go/testdata/client_key.pem
new file mode 100644
index 000000000..55a7f10c7
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/testdata/client_key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEA44W4i5wftdd+iEbEp3e5H+KFQD8t125H0jyR+lQRurkE63zF
+l7n9if1rWjMQdVbpw4BsdufABHy2RKBn+3jZAgDaTvsdZTUmHbGIQiwmK+jeKabj
++Rla5HQ6o+HsyHPGlH+G83CkjmYmwBUFYUxrkq15wVkufJm3AfKWtE3VBfO4us7G
+4oW58rdEptMAFJyflFtkv3vof+OB9J5etu3bjY2sigGdV7p9Ft6RurYNDrMUCttA
+xSAeMco/RSoGB2vVCYd+L0rK0XLH0FM/eBdadYi75tjv+/uookwcXAYROj50ItZh
+68kvfXoect+ECkMx8/xT5i//LU39i+BpI5KURwIDAQABAoIBABgyjo/6iLzUMFbZ
+/+w3pW6orrdIgN2akvTfED9pVYFgUA+jc3hRhY95bkNnjuaL2cy7Cc4Tk65mfRQL
+Y0OxdJLr+EvSFSxAXM9npDA1ddHRsF8JqtFBSxNk8R+g1Yf0GDiO35Fgd3/ViWWA
+VtQkRoSRApP3oiQKTRZd8H04keFR+PvmDk/Lq11l3Kc24A1PevKIPX1oI990ggw9
+9i4uSV+cnuMxmcI9xxJtgwdDFdjr39l2arLOHr4s6LGoV2IOdXHNlv5xRqWUZ0FH
+MDHowkLgwDrdSTnNeaVNkce14Gqx+bd4hNaLCdKXMpedBTEmrut3f3hdV1kKjaKt
+aqRYr8ECgYEA/YDGZY2jvFoHHBywlqmEMFrrCvQGH51m5R1Ntpkzr+Rh3YCmrpvq
+xgwJXING0PUw3dz+xrH5lJICrfNE5Kt3fPu1rAEy+13mYsNowghtUq2Rtu0Hsjjx
+2E3Bf8vEB6RNBMmGkUpTTIAroGF5tpJoRvfnWax+k4pFdrKYFtyZdNcCgYEA5cNv
+EPltvOobjTXlUmtVP3n27KZN2aXexTcagLzRxE9CV4cYySENl3KuOMmccaZpIl6z
+aHk6BT4X+M0LqElNUczrInfVqI+SGAFLGy7W6CJaqSr6cpyFUP/fosKpm6wKGgLq
+udHfpvz5rckhKd8kJxFLvhGOK9yN5qpzih0gfhECgYAJfwRvk3G5wYmYpP58dlcs
+VIuPenqsPoI3PPTHTU/hW+XKnWIhElgmGRdUrto9Q6IT/Y5RtSMLTLjq+Tzwb/fm
+56rziYv2XJsfwgAvnI8z1Kqrto9ePsHYf3krJ1/thVsZPc9bq/QY3ohD1sLvcuaT
+GgBBnLOVJU3a12/ZE2RwOwKBgF0csWMAoj8/5IB6if+3ral2xOGsl7oPZVMo/J2V
+Z7EVqb4M6rd/pKFugTpUQgkwtkSOekhpcGD1hAN5HTNK2YG/+L5UMAsKe9sskwJm
+HgOfAHy0BSDzW3ey6i9skg2bT9Cww+0gJ3Hl7U1HSCBO5LjMYpSZSrNtwzfqdb5Q
+BX3xAoGARZdR28Ej3+/+0+fz47Yu2h4z0EI/EbrudLOWY936jIeAVwHckI3+BuqH
+qR4poj1gfbnMxNuI9UzIXzjEmGewx9kDZ7IYnvloZKqoVQODO5GlKF2ja6IcMNlh
+GCNdD6PSAS6HcmalmWo9sj+1YMkrl+GJikKZqVBHrHNwMGAG67w=
+-----END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/testdata/server_cert.pem b/vendor/github.com/google/s2a-go/testdata/server_cert.pem
new file mode 100644
index 000000000..0f98322c7
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/testdata/server_cert.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIUKCoDuLtiZXvhsBY2RoDm0ugizJ8wDQYJKoZIhvcNAQEL
+BQAwgYcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2
+YWxlMRAwDgYDVQQKDAdDb21wYW55MREwDwYDVQQLDAhEaXZpc2lvbjEWMBQGA1UE
+AwwNczJhX3Rlc3RfY2VydDEaMBgGCSqGSIb3DQEJARYLeHl6QHh5ei5jb20wHhcN
+MjIwNTMxMjAwODI1WhcNNDIwNTI2MjAwODI1WjCBhzELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgMAkNBMRIwEAYDVQQHDAlTdW5ueXZhbGUxEDAOBgNVBAoMB0NvbXBhbnkx
+ETAPBgNVBAsMCERpdmlzaW9uMRYwFAYDVQQDDA1zMmFfdGVzdF9jZXJ0MRowGAYJ
+KoZIhvcNAQkBFgt4eXpAeHl6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAKK1++PXQ+M3hjYH/v0K4UEYl5ljzpNM1i52eQM+gFooojT87PDSaphT
+fs0PXy/PTAjHBEvPhWpOpmQXfJNYzjwcCvg66hbqkv++/VTZiFLAsHagzkEz+FRJ
+qT5Eq7G5FLyw1izX1uxyPN7tAEWEEg7eqsiaXD3Cq8+TYN9cjirPeF7RZF8yFCYE
+xqvbo+Yc6RL6xw19iXVTfctRgQe581KQuIY5/LXo3dWDEilFdsADAe8XAEcO64es
+Ow0g1UvXLnpXSE151kXBFb3sKH/ZjCecDYMCIMEb4sWLSblkSxJ5sNSmXIG4wtr2
+Qnii7CXZgnVYraQE/Jyh+NMQANuoSdMCAwEAAaNTMFEwHQYDVR0OBBYEFAyQQQuM
+ab+YUQqjK8dVVOoHVFmXMB8GA1UdIwQYMBaAFAyQQQuMab+YUQqjK8dVVOoHVFmX
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADj0vQ6ykWhicoqR
+e6VZMwlEJV7/DSvWWKBd9MUjfKye0A4565ya5lmnzP3DiD3nqGe3miqmLsXKDs+X
+POqlPXTWIamP7D4MJ32XtSLwZB4ru+I+Ao/P/VngPepoRPQoBnzHe7jww0rokqxl
+AZERjlbTUwUAy/BPWPSzSJZ2j0tcs6ZLDNyYzpK4ao8R9/1VmQ92Tcp3feJs1QTg
+odRQc3om/AkWOwsll+oyX0UbJeHkFHiLanUPXbdh+/BkSvZJ8ynL+feSDdaurPe+
+PSfnqLtQft9/neecGRdEaQzzzSFVQUVQzTdK1Q7hA7b55b2HvIa3ktDiks+sJsYN
+Dhm6uZM=
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/testdata/server_key.pem b/vendor/github.com/google/s2a-go/testdata/server_key.pem
new file mode 100644
index 000000000..81afea783
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/testdata/server_key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAorX749dD4zeGNgf+/QrhQRiXmWPOk0zWLnZ5Az6AWiiiNPzs
+8NJqmFN+zQ9fL89MCMcES8+Fak6mZBd8k1jOPBwK+DrqFuqS/779VNmIUsCwdqDO
+QTP4VEmpPkSrsbkUvLDWLNfW7HI83u0ARYQSDt6qyJpcPcKrz5Ng31yOKs94XtFk
+XzIUJgTGq9uj5hzpEvrHDX2JdVN9y1GBB7nzUpC4hjn8tejd1YMSKUV2wAMB7xcA
+Rw7rh6w7DSDVS9cueldITXnWRcEVvewof9mMJ5wNgwIgwRvixYtJuWRLEnmw1KZc
+gbjC2vZCeKLsJdmCdVitpAT8nKH40xAA26hJ0wIDAQABAoIBACaNR+lsD8G+XiZf
+LqN1+HkcAo9tfnyYMAdCOtnx7SdviT9Uzi8hK/B7mAeuJLeHPlS2EuaDfPD7QaFl
+jza6S+MiIdc+3kgfvESsVAnOoOY6kZUJ9NSuI6CU82y1iJjLaYZrv9NQMLRFPPb0
+4KOX709mosB1EnXvshW0rbc+jtDFhrm1SxMt+k9TuzmMxjbOeW4LOLXPgU8X1T3Q
+Xy0hMZZtcgBs9wFIo8yCtmOixax9pnFE8rRltgDxTodn9LLdz1FieyntNgDksZ0P
+nt4kV7Mqly7ELaea+Foaj244mKsesic2e3GhAlMRLun/VSunSf7mOCxfpITB8dp1
+drDhOYECgYEA19151dVxRcviuovN6Dar+QszMTnU8pDJ8BjLFjXjP/hNBBwMTHDE
+duMuWk2qnwZqMooI/shxrF/ufmTgS0CFrh2+ANBZu27vWConJNXcyNtdigI4wt50
+L0Y2qcZn2mg67qFXHwoR3QNwrwnPwEjRXA09at9CSRZzcwDQ0ETXhYsCgYEAwPaG
+06QdK8Zyly7TTzZJwxzv9uGiqzodmGtX6NEKjgij2JaCxHpukqZBJoqa0jKeK1cm
+eNVkOvT5ff9TMzarSHQLr3pZen2/oVLb5gaFkbcJt/klv9Fd+ZRilHY3i6QwS6pD
+uMiPOWS4DrLHDRVoVlAZTDjT1RVwwTs+P2NhJdkCgYEAsriXysbxBYyMp05gqEW7
+lHIFbFgpSrs9th+Q5U6wW6JEgYaHWDJ1NslY80MiZI93FWjbkbZ7BvBWESeL3EIL
+a+EMErht0pVCbIhZ6FF4foPAqia0wAJVx14mm+G80kNBp5jE/NnleEsE3KcO7nBb
+hg8gLn+x7bk81JZ0TDrzBYkCgYEAuQKluv47SeF3tSScTfKLPpvcKCWmxe1uutkQ
+7JShPhVioyOMNb39jnYBOWbjkm4d4QgqRuiytSR0oi3QI+Ziy5EYMyNn713qAk9j
+r2TJZDDPDKnBW+zt4YI4EohWMXk3JRUW4XDKggjjwJQA7bZ812TtHHvP/xoThfG7
+eSNb3eECgYBw6ssgCtMrdvQiEmjKVX/9yI38mvC2kSGyzbrQnGUfgqRGomRpeZuD
+B5E3kysA4td5pT5lvcLgSW0TbOz+YbiriXjwOihPIelCvc9gE2eOUI71/byUWPFz
+7u5F/xQ4NaGr5suLF+lBC6h7pSbM4El9lIHQAQadpuEdzHqrw+hs3g==
+-----END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/googleapis/gax-go/v2/.release-please-manifest.json b/vendor/github.com/googleapis/gax-go/v2/.release-please-manifest.json
index d88960b7e..ef508417b 100644
--- a/vendor/github.com/googleapis/gax-go/v2/.release-please-manifest.json
+++ b/vendor/github.com/googleapis/gax-go/v2/.release-please-manifest.json
@@ -1,3 +1,3 @@
 {
-    "v2": "2.7.0"
+    "v2": "2.12.0"
 }
diff --git a/vendor/github.com/googleapis/gax-go/v2/CHANGES.md b/vendor/github.com/googleapis/gax-go/v2/CHANGES.md
index b75170f22..ae7114947 100644
--- a/vendor/github.com/googleapis/gax-go/v2/CHANGES.md
+++ b/vendor/github.com/googleapis/gax-go/v2/CHANGES.md
@@ -1,5 +1,65 @@
 # Changelog
 
+## [2.12.0](https://github.com/googleapis/gax-go/compare/v2.11.0...v2.12.0) (2023-06-26)
+
+
+### Features
+
+* **v2/callctx:** add new callctx package ([#291](https://github.com/googleapis/gax-go/issues/291)) ([11503ed](https://github.com/googleapis/gax-go/commit/11503ed98df4ae1bbdedf91ff64d47e63f187d68))
+* **v2:** add BuildHeaders and InsertMetadataIntoOutgoingContext to header  ([#290](https://github.com/googleapis/gax-go/issues/290)) ([6a4b89f](https://github.com/googleapis/gax-go/commit/6a4b89f5551a40262e7c3caf2e1bdc7321b76ea1))
+
+## [2.11.0](https://github.com/googleapis/gax-go/compare/v2.10.0...v2.11.0) (2023-06-13)
+
+
+### Features
+
+* **v2:** add GoVersion package variable ([#283](https://github.com/googleapis/gax-go/issues/283)) ([26553cc](https://github.com/googleapis/gax-go/commit/26553ccadb4016b189881f52e6c253b68bb3e3d5))
+
+
+### Bug Fixes
+
+* **v2:** handle space in non-devel go version ([#288](https://github.com/googleapis/gax-go/issues/288)) ([fd7bca0](https://github.com/googleapis/gax-go/commit/fd7bca029a1c5e63def8f0a5fd1ec3f725d92f75))
+
+## [2.10.0](https://github.com/googleapis/gax-go/compare/v2.9.1...v2.10.0) (2023-05-30)
+
+
+### Features
+
+* update dependencies ([#280](https://github.com/googleapis/gax-go/issues/280)) ([4514281](https://github.com/googleapis/gax-go/commit/4514281058590f3637c36bfd49baa65c4d3cfb21))
+
+## [2.9.1](https://github.com/googleapis/gax-go/compare/v2.9.0...v2.9.1) (2023-05-23)
+
+
+### Bug Fixes
+
+* **v2:** drop cloud lro test dep ([#276](https://github.com/googleapis/gax-go/issues/276)) ([c67eeba](https://github.com/googleapis/gax-go/commit/c67eeba0f10a3294b1d93c1b8fbe40211a55ae5f)), refs [#270](https://github.com/googleapis/gax-go/issues/270)
+
+## [2.9.0](https://github.com/googleapis/gax-go/compare/v2.8.0...v2.9.0) (2023-05-22)
+
+
+### Features
+
+* **apierror:** add method to return HTTP status code conditionally ([#274](https://github.com/googleapis/gax-go/issues/274)) ([5874431](https://github.com/googleapis/gax-go/commit/587443169acd10f7f86d1989dc8aaf189e645e98)), refs [#229](https://github.com/googleapis/gax-go/issues/229)
+
+
+### Documentation
+
+* add ref to usage with clients ([#272](https://github.com/googleapis/gax-go/issues/272)) ([ea4d72d](https://github.com/googleapis/gax-go/commit/ea4d72d514beba4de450868b5fb028601a29164e)), refs [#228](https://github.com/googleapis/gax-go/issues/228)
+
+## [2.8.0](https://github.com/googleapis/gax-go/compare/v2.7.1...v2.8.0) (2023-03-15)
+
+
+### Features
+
+* **v2:** add WithTimeout option ([#259](https://github.com/googleapis/gax-go/issues/259)) ([9a8da43](https://github.com/googleapis/gax-go/commit/9a8da43693002448b1e8758023699387481866d1))
+
+## [2.7.1](https://github.com/googleapis/gax-go/compare/v2.7.0...v2.7.1) (2023-03-06)
+
+
+### Bug Fixes
+
+* **v2/apierror:** return Unknown GRPCStatus when err source is HTTP ([#260](https://github.com/googleapis/gax-go/issues/260)) ([043b734](https://github.com/googleapis/gax-go/commit/043b73437a240a91229207fb3ee52a9935a36f23)), refs [#254](https://github.com/googleapis/gax-go/issues/254)
+
 ## [2.7.0](https://github.com/googleapis/gax-go/compare/v2.6.0...v2.7.0) (2022-11-02)
 
 
diff --git a/vendor/github.com/googleapis/gax-go/v2/apierror/apierror.go b/vendor/github.com/googleapis/gax-go/v2/apierror/apierror.go
index aa6be1304..d785a065c 100644
--- a/vendor/github.com/googleapis/gax-go/v2/apierror/apierror.go
+++ b/vendor/github.com/googleapis/gax-go/v2/apierror/apierror.go
@@ -29,6 +29,10 @@
 
 // Package apierror implements a wrapper error for parsing error details from
 // API calls. Both HTTP & gRPC status errors are supported.
+//
+// For examples of how to use [APIError] with client libraries please reference
+// [Inspecting errors](https://pkg.go.dev/cloud.google.com/go#hdr-Inspecting_errors)
+// in the client library documentation.
 package apierror
 
 import (
@@ -39,6 +43,7 @@ import (
 	jsonerror "github.com/googleapis/gax-go/v2/apierror/internal/proto"
 	"google.golang.org/api/googleapi"
 	"google.golang.org/genproto/googleapis/rpc/errdetails"
+	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/encoding/protojson"
 	"google.golang.org/protobuf/proto"
@@ -197,12 +202,12 @@ func (a *APIError) Unwrap() error {
 // Error returns a readable representation of the APIError.
 func (a *APIError) Error() string {
 	var msg string
-	if a.status != nil {
-		msg = a.err.Error()
-	} else if a.httpErr != nil {
+	if a.httpErr != nil {
 		// Truncate the googleapi.Error message because it dumps the Details in
 		// an ugly way.
 		msg = fmt.Sprintf("googleapi: Error %d: %s", a.httpErr.Code, a.httpErr.Message)
+	} else if a.status != nil {
+		msg = a.err.Error()
 	}
 	return strings.TrimSpace(fmt.Sprintf("%s\n%s", msg, a.details))
 }
@@ -236,6 +241,9 @@ func (a *APIError) Metadata() map[string]string {
 // setDetailsFromError parses a Status error or a googleapi.Error
 // and sets status and details or httpErr and details, respectively.
 // It returns false if neither Status nor googleapi.Error can be parsed.
+// When err is a googleapi.Error, the status of the returned error will
+// be set to an Unknown error, rather than nil, since a nil code is
+// interpreted as OK in the gRPC status package.
 func (a *APIError) setDetailsFromError(err error) bool {
 	st, isStatus := status.FromError(err)
 	var herr *googleapi.Error
@@ -248,6 +256,7 @@ func (a *APIError) setDetailsFromError(err error) bool {
 	case isHTTPErr:
 		a.httpErr = herr
 		a.details = parseHTTPDetails(herr)
+		a.status = status.New(codes.Unknown, herr.Message)
 	default:
 		return false
 	}
@@ -340,3 +349,13 @@ func parseHTTPDetails(gae *googleapi.Error) ErrDetails {
 
 	return parseDetails(details)
 }
+
+// HTTPCode returns the underlying HTTP response status code. This method returns
+// `-1` if the underlying error is a [google.golang.org/grpc/status.Status]. To
+// check gRPC error codes use [google.golang.org/grpc/status.Code].
+func (a *APIError) HTTPCode() int {
+	if a.httpErr == nil {
+		return -1
+	}
+	return a.httpErr.Code
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/call_option.go b/vendor/github.com/googleapis/gax-go/v2/call_option.go
index e09200556..c52e03f64 100644
--- a/vendor/github.com/googleapis/gax-go/v2/call_option.go
+++ b/vendor/github.com/googleapis/gax-go/v2/call_option.go
@@ -218,6 +218,14 @@ func (p pathOpt) Resolve(s *CallSettings) {
 	s.Path = p.p
 }
 
+type timeoutOpt struct {
+	t time.Duration
+}
+
+func (t timeoutOpt) Resolve(s *CallSettings) {
+	s.timeout = t.t
+}
+
 // WithPath applies a Path override to the HTTP-based APICall.
 //
 // This is for internal use only.
@@ -230,6 +238,15 @@ func WithGRPCOptions(opt ...grpc.CallOption) CallOption {
 	return grpcOpt(append([]grpc.CallOption(nil), opt...))
 }
 
+// WithTimeout is a convenience option for setting a context.WithTimeout on the
+// singular context.Context used for **all** APICall attempts. Calculated from
+// the start of the first APICall attempt.
+// If the context.Context provided to Invoke already has a Deadline set, that
+// will always be respected over the deadline calculated using this option.
+func WithTimeout(t time.Duration) CallOption {
+	return &timeoutOpt{t: t}
+}
+
 // CallSettings allow fine-grained control over how calls are made.
 type CallSettings struct {
 	// Retry returns a Retryer to be used to control retry logic of a method call.
@@ -241,4 +258,8 @@ type CallSettings struct {
 
 	// Path is an HTTP override for an APICall.
 	Path string
+
+	// Timeout defines the amount of time that Invoke has to complete.
+	// Unexported so it cannot be changed by the code in an APICall.
+	timeout time.Duration
 }
diff --git a/vendor/github.com/googleapis/gax-go/v2/callctx/callctx.go b/vendor/github.com/googleapis/gax-go/v2/callctx/callctx.go
new file mode 100644
index 000000000..af15fb582
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/callctx/callctx.go
@@ -0,0 +1,74 @@
+// Copyright 2023, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Package callctx provides helpers for storing and retrieving values out of
+// [context.Context]. These values are used by our client libraries in various
+// ways across the stack.
+package callctx
+
+import (
+	"context"
+	"fmt"
+)
+
+const (
+	headerKey = contextKey("header")
+)
+
+// contextKey is a private type used to store/retrieve context values.
+type contextKey string
+
+// HeadersFromContext retrieves headers set from [SetHeaders]. These headers
+// can then be cast to http.Header or metadata.MD to send along on requests.
+func HeadersFromContext(ctx context.Context) map[string][]string {
+	m, ok := ctx.Value(headerKey).(map[string][]string)
+	if !ok {
+		return nil
+	}
+	return m
+}
+
+// SetHeaders stores key value pairs in the returned context that can later
+// be retrieved by [HeadersFromContext]. Values stored in this manner will
+// automatically be retrieved by client libraries and sent as outgoing headers
+// on all requests. keyvals should have a corresponding value for every key
+// provided. If there is an odd number of keyvals this method will panic.
+func SetHeaders(ctx context.Context, keyvals ...string) context.Context {
+	if len(keyvals)%2 != 0 {
+		panic(fmt.Sprintf("callctx: an even number of key value pairs must be provided, got %d", len(keyvals)))
+	}
+	h, ok := ctx.Value(headerKey).(map[string][]string)
+	if !ok {
+		h = make(map[string][]string)
+	}
+	for i := 0; i < len(keyvals); i = i + 2 {
+		h[keyvals[i]] = append(h[keyvals[i]], keyvals[i+1])
+	}
+	return context.WithValue(ctx, headerKey, h)
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/header.go b/vendor/github.com/googleapis/gax-go/v2/header.go
index 139371a0b..453fab7ec 100644
--- a/vendor/github.com/googleapis/gax-go/v2/header.go
+++ b/vendor/github.com/googleapis/gax-go/v2/header.go
@@ -29,7 +29,79 @@
 
 package gax
 
-import "bytes"
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"net/http"
+	"runtime"
+	"strings"
+	"unicode"
+
+	"github.com/googleapis/gax-go/v2/callctx"
+	"google.golang.org/grpc/metadata"
+)
+
+var (
+	// GoVersion is a header-safe representation of the current runtime
+	// environment's Go version. This is for GAX consumers that need to
+	// report the Go runtime version in API calls.
+	GoVersion string
+	// version is a package internal global variable for testing purposes.
+	version = runtime.Version
+)
+
+// versionUnknown is only used when the runtime version cannot be determined.
+const versionUnknown = "UNKNOWN"
+
+func init() {
+	GoVersion = goVersion()
+}
+
+// goVersion returns a Go runtime version derived from the runtime environment
+// that is modified to be suitable for reporting in a header, meaning it has no
+// whitespace. If it is unable to determine the Go runtime version, it returns
+// versionUnknown.
+func goVersion() string {
+	const develPrefix = "devel +"
+
+	s := version()
+	if strings.HasPrefix(s, develPrefix) {
+		s = s[len(develPrefix):]
+		if p := strings.IndexFunc(s, unicode.IsSpace); p >= 0 {
+			s = s[:p]
+		}
+		return s
+	} else if p := strings.IndexFunc(s, unicode.IsSpace); p >= 0 {
+		s = s[:p]
+	}
+
+	notSemverRune := func(r rune) bool {
+		return !strings.ContainsRune("0123456789.", r)
+	}
+
+	if strings.HasPrefix(s, "go1") {
+		s = s[2:]
+		var prerelease string
+		if p := strings.IndexFunc(s, notSemverRune); p >= 0 {
+			s, prerelease = s[:p], s[p:]
+		}
+		if strings.HasSuffix(s, ".") {
+			s += "0"
+		} else if strings.Count(s, ".") < 2 {
+			s += ".0"
+		}
+		if prerelease != "" {
+			// Some release candidates already have a dash in them.
+			if !strings.HasPrefix(prerelease, "-") {
+				prerelease = "-" + prerelease
+			}
+			s += prerelease
+		}
+		return s
+	}
+	return "UNKNOWN"
+}
 
 // XGoogHeader is for use by the Google Cloud Libraries only.
 //
@@ -51,3 +123,46 @@ func XGoogHeader(keyval ...string) string {
 	}
 	return buf.String()[1:]
 }
+
+// InsertMetadataIntoOutgoingContext is for use by the Google Cloud Libraries
+// only.
+//
+// InsertMetadataIntoOutgoingContext returns a new context that merges the
+// provided keyvals metadata pairs with any existing metadata/headers in the
+// provided context. keyvals should have a corresponding value for every key
+// provided. If there is an odd number of keyvals this method will panic.
+// Existing values for keys will not be overwritten, instead provided values
+// will be appended to the list of existing values.
+func InsertMetadataIntoOutgoingContext(ctx context.Context, keyvals ...string) context.Context {
+	return metadata.NewOutgoingContext(ctx, insertMetadata(ctx, keyvals...))
+}
+
+// BuildHeaders is for use by the Google Cloud Libraries only.
+//
+// BuildHeaders returns a new http.Header that merges the provided
+// keyvals header pairs with any existing metadata/headers in the provided
+// context. keyvals should have a corresponding value for every key provided.
+// If there is an odd number of keyvals this method will panic.
+// Existing values for keys will not be overwritten, instead provided values
+// will be appended to the list of existing values.
+func BuildHeaders(ctx context.Context, keyvals ...string) http.Header {
+	return http.Header(insertMetadata(ctx, keyvals...))
+}
+
+func insertMetadata(ctx context.Context, keyvals ...string) metadata.MD {
+	if len(keyvals)%2 != 0 {
+		panic(fmt.Sprintf("gax: an even number of key value pairs must be provided, got %d", len(keyvals)))
+	}
+	out, ok := metadata.FromOutgoingContext(ctx)
+	if !ok {
+		out = metadata.MD(make(map[string][]string))
+	}
+	headers := callctx.HeadersFromContext(ctx)
+	for k, v := range headers {
+		out[k] = append(out[k], v...)
+	}
+	for i := 0; i < len(keyvals); i = i + 2 {
+		out[keyvals[i]] = append(out[keyvals[i]], keyvals[i+1])
+	}
+	return out
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/internal/version.go b/vendor/github.com/googleapis/gax-go/v2/internal/version.go
index 0ba5da1dd..7425b5ffb 100644
--- a/vendor/github.com/googleapis/gax-go/v2/internal/version.go
+++ b/vendor/github.com/googleapis/gax-go/v2/internal/version.go
@@ -30,4 +30,4 @@
 package internal
 
 // Version is the current tagged release of the library.
-const Version = "2.7.0"
+const Version = "2.12.0"
diff --git a/vendor/github.com/googleapis/gax-go/v2/invoke.go b/vendor/github.com/googleapis/gax-go/v2/invoke.go
index 9fcc29959..721d1af55 100644
--- a/vendor/github.com/googleapis/gax-go/v2/invoke.go
+++ b/vendor/github.com/googleapis/gax-go/v2/invoke.go
@@ -68,6 +68,16 @@ type sleeper func(ctx context.Context, d time.Duration) error
 // invoke implements Invoke, taking an additional sleeper argument for testing.
 func invoke(ctx context.Context, call APICall, settings CallSettings, sp sleeper) error {
 	var retryer Retryer
+
+	// Only use the value provided via WithTimeout if the context doesn't
+	// already have a deadline. This is important for backwards compatibility if
+	// the user already set a deadline on the context given to Invoke.
+	if _, ok := ctx.Deadline(); !ok && settings.timeout != 0 {
+		c, cc := context.WithTimeout(ctx, settings.timeout)
+		defer cc()
+		ctx = c
+	}
+
 	for {
 		err := call(ctx, settings)
 		if err == nil {
diff --git a/vendor/golang.org/x/crypto/LICENSE b/vendor/golang.org/x/crypto/LICENSE
new file mode 100644
index 000000000..6a66aea5e
--- /dev/null
+++ b/vendor/golang.org/x/crypto/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/golang.org/x/crypto/PATENTS b/vendor/golang.org/x/crypto/PATENTS
new file mode 100644
index 000000000..733099041
--- /dev/null
+++ b/vendor/golang.org/x/crypto/PATENTS
@@ -0,0 +1,22 @@
+Additional IP Rights Grant (Patents)
+
+"This implementation" means the copyrightable works distributed by
+Google as part of the Go project.
+
+Google hereby grants to You a perpetual, worldwide, non-exclusive,
+no-charge, royalty-free, irrevocable (except as stated in this section)
+patent license to make, have made, use, offer to sell, sell, import,
+transfer and otherwise run, modify and propagate the contents of this
+implementation of Go, where such license applies only to those patent
+claims, both currently owned or controlled by Google and acquired in
+the future, licensable by Google that are necessarily infringed by this
+implementation of Go.  This grant does not include claims that would be
+infringed only as a consequence of further modification of this
+implementation.  If you or your agent or exclusive licensee institute or
+order or agree to the institution of patent litigation against any
+entity (including a cross-claim or counterclaim in a lawsuit) alleging
+that this implementation of Go or any code incorporated within this
+implementation of Go constitutes direct or contributory patent
+infringement, or inducement of patent infringement, then any patent
+rights granted to you under this License for this implementation of Go
+shall terminate as of the date such litigation is filed.
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_arm64.go b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.go
new file mode 100644
index 000000000..5dfacbb98
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.go
@@ -0,0 +1,17 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+package chacha20
+
+const bufSize = 256
+
+//go:noescape
+func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)
+
+func (c *Cipher) xorKeyStreamBlocks(dst, src []byte) {
+	xorKeyStreamVX(dst, src, &c.key, &c.nonce, &c.counter)
+}
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s
new file mode 100644
index 000000000..f1f66230d
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s
@@ -0,0 +1,308 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+#include "textflag.h"
+
+#define NUM_ROUNDS 10
+
+// func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)
+TEXT ·xorKeyStreamVX(SB), NOSPLIT, $0
+	MOVD	dst+0(FP), R1
+	MOVD	src+24(FP), R2
+	MOVD	src_len+32(FP), R3
+	MOVD	key+48(FP), R4
+	MOVD	nonce+56(FP), R6
+	MOVD	counter+64(FP), R7
+
+	MOVD	$·constants(SB), R10
+	MOVD	$·incRotMatrix(SB), R11
+
+	MOVW	(R7), R20
+
+	AND	$~255, R3, R13
+	ADD	R2, R13, R12 // R12 for block end
+	AND	$255, R3, R13
+loop:
+	MOVD	$NUM_ROUNDS, R21
+	VLD1	(R11), [V30.S4, V31.S4]
+
+	// load contants
+	// VLD4R (R10), [V0.S4, V1.S4, V2.S4, V3.S4]
+	WORD	$0x4D60E940
+
+	// load keys
+	// VLD4R 16(R4), [V4.S4, V5.S4, V6.S4, V7.S4]
+	WORD	$0x4DFFE884
+	// VLD4R 16(R4), [V8.S4, V9.S4, V10.S4, V11.S4]
+	WORD	$0x4DFFE888
+	SUB	$32, R4
+
+	// load counter + nonce
+	// VLD1R (R7), [V12.S4]
+	WORD	$0x4D40C8EC
+
+	// VLD3R (R6), [V13.S4, V14.S4, V15.S4]
+	WORD	$0x4D40E8CD
+
+	// update counter
+	VADD	V30.S4, V12.S4, V12.S4
+
+chacha:
+	// V0..V3 += V4..V7
+	// V12..V15 <<<= ((V12..V15 XOR V0..V3), 16)
+	VADD	V0.S4, V4.S4, V0.S4
+	VADD	V1.S4, V5.S4, V1.S4
+	VADD	V2.S4, V6.S4, V2.S4
+	VADD	V3.S4, V7.S4, V3.S4
+	VEOR	V12.B16, V0.B16, V12.B16
+	VEOR	V13.B16, V1.B16, V13.B16
+	VEOR	V14.B16, V2.B16, V14.B16
+	VEOR	V15.B16, V3.B16, V15.B16
+	VREV32	V12.H8, V12.H8
+	VREV32	V13.H8, V13.H8
+	VREV32	V14.H8, V14.H8
+	VREV32	V15.H8, V15.H8
+	// V8..V11 += V12..V15
+	// V4..V7 <<<= ((V4..V7 XOR V8..V11), 12)
+	VADD	V8.S4, V12.S4, V8.S4
+	VADD	V9.S4, V13.S4, V9.S4
+	VADD	V10.S4, V14.S4, V10.S4
+	VADD	V11.S4, V15.S4, V11.S4
+	VEOR	V8.B16, V4.B16, V16.B16
+	VEOR	V9.B16, V5.B16, V17.B16
+	VEOR	V10.B16, V6.B16, V18.B16
+	VEOR	V11.B16, V7.B16, V19.B16
+	VSHL	$12, V16.S4, V4.S4
+	VSHL	$12, V17.S4, V5.S4
+	VSHL	$12, V18.S4, V6.S4
+	VSHL	$12, V19.S4, V7.S4
+	VSRI	$20, V16.S4, V4.S4
+	VSRI	$20, V17.S4, V5.S4
+	VSRI	$20, V18.S4, V6.S4
+	VSRI	$20, V19.S4, V7.S4
+
+	// V0..V3 += V4..V7
+	// V12..V15 <<<= ((V12..V15 XOR V0..V3), 8)
+	VADD	V0.S4, V4.S4, V0.S4
+	VADD	V1.S4, V5.S4, V1.S4
+	VADD	V2.S4, V6.S4, V2.S4
+	VADD	V3.S4, V7.S4, V3.S4
+	VEOR	V12.B16, V0.B16, V12.B16
+	VEOR	V13.B16, V1.B16, V13.B16
+	VEOR	V14.B16, V2.B16, V14.B16
+	VEOR	V15.B16, V3.B16, V15.B16
+	VTBL	V31.B16, [V12.B16], V12.B16
+	VTBL	V31.B16, [V13.B16], V13.B16
+	VTBL	V31.B16, [V14.B16], V14.B16
+	VTBL	V31.B16, [V15.B16], V15.B16
+
+	// V8..V11 += V12..V15
+	// V4..V7 <<<= ((V4..V7 XOR V8..V11), 7)
+	VADD	V12.S4, V8.S4, V8.S4
+	VADD	V13.S4, V9.S4, V9.S4
+	VADD	V14.S4, V10.S4, V10.S4
+	VADD	V15.S4, V11.S4, V11.S4
+	VEOR	V8.B16, V4.B16, V16.B16
+	VEOR	V9.B16, V5.B16, V17.B16
+	VEOR	V10.B16, V6.B16, V18.B16
+	VEOR	V11.B16, V7.B16, V19.B16
+	VSHL	$7, V16.S4, V4.S4
+	VSHL	$7, V17.S4, V5.S4
+	VSHL	$7, V18.S4, V6.S4
+	VSHL	$7, V19.S4, V7.S4
+	VSRI	$25, V16.S4, V4.S4
+	VSRI	$25, V17.S4, V5.S4
+	VSRI	$25, V18.S4, V6.S4
+	VSRI	$25, V19.S4, V7.S4
+
+	// V0..V3 += V5..V7, V4
+	// V15,V12-V14 <<<= ((V15,V12-V14 XOR V0..V3), 16)
+	VADD	V0.S4, V5.S4, V0.S4
+	VADD	V1.S4, V6.S4, V1.S4
+	VADD	V2.S4, V7.S4, V2.S4
+	VADD	V3.S4, V4.S4, V3.S4
+	VEOR	V15.B16, V0.B16, V15.B16
+	VEOR	V12.B16, V1.B16, V12.B16
+	VEOR	V13.B16, V2.B16, V13.B16
+	VEOR	V14.B16, V3.B16, V14.B16
+	VREV32	V12.H8, V12.H8
+	VREV32	V13.H8, V13.H8
+	VREV32	V14.H8, V14.H8
+	VREV32	V15.H8, V15.H8
+
+	// V10 += V15; V5 <<<= ((V10 XOR V5), 12)
+	// ...
+	VADD	V15.S4, V10.S4, V10.S4
+	VADD	V12.S4, V11.S4, V11.S4
+	VADD	V13.S4, V8.S4, V8.S4
+	VADD	V14.S4, V9.S4, V9.S4
+	VEOR	V10.B16, V5.B16, V16.B16
+	VEOR	V11.B16, V6.B16, V17.B16
+	VEOR	V8.B16, V7.B16, V18.B16
+	VEOR	V9.B16, V4.B16, V19.B16
+	VSHL	$12, V16.S4, V5.S4
+	VSHL	$12, V17.S4, V6.S4
+	VSHL	$12, V18.S4, V7.S4
+	VSHL	$12, V19.S4, V4.S4
+	VSRI	$20, V16.S4, V5.S4
+	VSRI	$20, V17.S4, V6.S4
+	VSRI	$20, V18.S4, V7.S4
+	VSRI	$20, V19.S4, V4.S4
+
+	// V0 += V5; V15 <<<= ((V0 XOR V15), 8)
+	// ...
+	VADD	V5.S4, V0.S4, V0.S4
+	VADD	V6.S4, V1.S4, V1.S4
+	VADD	V7.S4, V2.S4, V2.S4
+	VADD	V4.S4, V3.S4, V3.S4
+	VEOR	V0.B16, V15.B16, V15.B16
+	VEOR	V1.B16, V12.B16, V12.B16
+	VEOR	V2.B16, V13.B16, V13.B16
+	VEOR	V3.B16, V14.B16, V14.B16
+	VTBL	V31.B16, [V12.B16], V12.B16
+	VTBL	V31.B16, [V13.B16], V13.B16
+	VTBL	V31.B16, [V14.B16], V14.B16
+	VTBL	V31.B16, [V15.B16], V15.B16
+
+	// V10 += V15; V5 <<<= ((V10 XOR V5), 7)
+	// ...
+	VADD	V15.S4, V10.S4, V10.S4
+	VADD	V12.S4, V11.S4, V11.S4
+	VADD	V13.S4, V8.S4, V8.S4
+	VADD	V14.S4, V9.S4, V9.S4
+	VEOR	V10.B16, V5.B16, V16.B16
+	VEOR	V11.B16, V6.B16, V17.B16
+	VEOR	V8.B16, V7.B16, V18.B16
+	VEOR	V9.B16, V4.B16, V19.B16
+	VSHL	$7, V16.S4, V5.S4
+	VSHL	$7, V17.S4, V6.S4
+	VSHL	$7, V18.S4, V7.S4
+	VSHL	$7, V19.S4, V4.S4
+	VSRI	$25, V16.S4, V5.S4
+	VSRI	$25, V17.S4, V6.S4
+	VSRI	$25, V18.S4, V7.S4
+	VSRI	$25, V19.S4, V4.S4
+
+	SUB	$1, R21
+	CBNZ	R21, chacha
+
+	// VLD4R (R10), [V16.S4, V17.S4, V18.S4, V19.S4]
+	WORD	$0x4D60E950
+
+	// VLD4R 16(R4), [V20.S4, V21.S4, V22.S4, V23.S4]
+	WORD	$0x4DFFE894
+	VADD	V30.S4, V12.S4, V12.S4
+	VADD	V16.S4, V0.S4, V0.S4
+	VADD	V17.S4, V1.S4, V1.S4
+	VADD	V18.S4, V2.S4, V2.S4
+	VADD	V19.S4, V3.S4, V3.S4
+	// VLD4R 16(R4), [V24.S4, V25.S4, V26.S4, V27.S4]
+	WORD	$0x4DFFE898
+	// restore R4
+	SUB	$32, R4
+
+	// load counter + nonce
+	// VLD1R (R7), [V28.S4]
+	WORD	$0x4D40C8FC
+	// VLD3R (R6), [V29.S4, V30.S4, V31.S4]
+	WORD	$0x4D40E8DD
+
+	VADD	V20.S4, V4.S4, V4.S4
+	VADD	V21.S4, V5.S4, V5.S4
+	VADD	V22.S4, V6.S4, V6.S4
+	VADD	V23.S4, V7.S4, V7.S4
+	VADD	V24.S4, V8.S4, V8.S4
+	VADD	V25.S4, V9.S4, V9.S4
+	VADD	V26.S4, V10.S4, V10.S4
+	VADD	V27.S4, V11.S4, V11.S4
+	VADD	V28.S4, V12.S4, V12.S4
+	VADD	V29.S4, V13.S4, V13.S4
+	VADD	V30.S4, V14.S4, V14.S4
+	VADD	V31.S4, V15.S4, V15.S4
+
+	VZIP1	V1.S4, V0.S4, V16.S4
+	VZIP2	V1.S4, V0.S4, V17.S4
+	VZIP1	V3.S4, V2.S4, V18.S4
+	VZIP2	V3.S4, V2.S4, V19.S4
+	VZIP1	V5.S4, V4.S4, V20.S4
+	VZIP2	V5.S4, V4.S4, V21.S4
+	VZIP1	V7.S4, V6.S4, V22.S4
+	VZIP2	V7.S4, V6.S4, V23.S4
+	VZIP1	V9.S4, V8.S4, V24.S4
+	VZIP2	V9.S4, V8.S4, V25.S4
+	VZIP1	V11.S4, V10.S4, V26.S4
+	VZIP2	V11.S4, V10.S4, V27.S4
+	VZIP1	V13.S4, V12.S4, V28.S4
+	VZIP2	V13.S4, V12.S4, V29.S4
+	VZIP1	V15.S4, V14.S4, V30.S4
+	VZIP2	V15.S4, V14.S4, V31.S4
+	VZIP1	V18.D2, V16.D2, V0.D2
+	VZIP2	V18.D2, V16.D2, V4.D2
+	VZIP1	V19.D2, V17.D2, V8.D2
+	VZIP2	V19.D2, V17.D2, V12.D2
+	VLD1.P	64(R2), [V16.B16, V17.B16, V18.B16, V19.B16]
+
+	VZIP1	V22.D2, V20.D2, V1.D2
+	VZIP2	V22.D2, V20.D2, V5.D2
+	VZIP1	V23.D2, V21.D2, V9.D2
+	VZIP2	V23.D2, V21.D2, V13.D2
+	VLD1.P	64(R2), [V20.B16, V21.B16, V22.B16, V23.B16]
+	VZIP1	V26.D2, V24.D2, V2.D2
+	VZIP2	V26.D2, V24.D2, V6.D2
+	VZIP1	V27.D2, V25.D2, V10.D2
+	VZIP2	V27.D2, V25.D2, V14.D2
+	VLD1.P	64(R2), [V24.B16, V25.B16, V26.B16, V27.B16]
+	VZIP1	V30.D2, V28.D2, V3.D2
+	VZIP2	V30.D2, V28.D2, V7.D2
+	VZIP1	V31.D2, V29.D2, V11.D2
+	VZIP2	V31.D2, V29.D2, V15.D2
+	VLD1.P	64(R2), [V28.B16, V29.B16, V30.B16, V31.B16]
+	VEOR	V0.B16, V16.B16, V16.B16
+	VEOR	V1.B16, V17.B16, V17.B16
+	VEOR	V2.B16, V18.B16, V18.B16
+	VEOR	V3.B16, V19.B16, V19.B16
+	VST1.P	[V16.B16, V17.B16, V18.B16, V19.B16], 64(R1)
+	VEOR	V4.B16, V20.B16, V20.B16
+	VEOR	V5.B16, V21.B16, V21.B16
+	VEOR	V6.B16, V22.B16, V22.B16
+	VEOR	V7.B16, V23.B16, V23.B16
+	VST1.P	[V20.B16, V21.B16, V22.B16, V23.B16], 64(R1)
+	VEOR	V8.B16, V24.B16, V24.B16
+	VEOR	V9.B16, V25.B16, V25.B16
+	VEOR	V10.B16, V26.B16, V26.B16
+	VEOR	V11.B16, V27.B16, V27.B16
+	VST1.P	[V24.B16, V25.B16, V26.B16, V27.B16], 64(R1)
+	VEOR	V12.B16, V28.B16, V28.B16
+	VEOR	V13.B16, V29.B16, V29.B16
+	VEOR	V14.B16, V30.B16, V30.B16
+	VEOR	V15.B16, V31.B16, V31.B16
+	VST1.P	[V28.B16, V29.B16, V30.B16, V31.B16], 64(R1)
+
+	ADD	$4, R20
+	MOVW	R20, (R7) // update counter
+
+	CMP	R2, R12
+	BGT	loop
+
+	RET
+
+
+DATA	·constants+0x00(SB)/4, $0x61707865
+DATA	·constants+0x04(SB)/4, $0x3320646e
+DATA	·constants+0x08(SB)/4, $0x79622d32
+DATA	·constants+0x0c(SB)/4, $0x6b206574
+GLOBL	·constants(SB), NOPTR|RODATA, $32
+
+DATA	·incRotMatrix+0x00(SB)/4, $0x00000000
+DATA	·incRotMatrix+0x04(SB)/4, $0x00000001
+DATA	·incRotMatrix+0x08(SB)/4, $0x00000002
+DATA	·incRotMatrix+0x0c(SB)/4, $0x00000003
+DATA	·incRotMatrix+0x10(SB)/4, $0x02010003
+DATA	·incRotMatrix+0x14(SB)/4, $0x06050407
+DATA	·incRotMatrix+0x18(SB)/4, $0x0A09080B
+DATA	·incRotMatrix+0x1c(SB)/4, $0x0E0D0C0F
+GLOBL	·incRotMatrix(SB), NOPTR|RODATA, $32
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_generic.go b/vendor/golang.org/x/crypto/chacha20/chacha_generic.go
new file mode 100644
index 000000000..93eb5ae6d
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_generic.go
@@ -0,0 +1,398 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package chacha20 implements the ChaCha20 and XChaCha20 encryption algorithms
+// as specified in RFC 8439 and draft-irtf-cfrg-xchacha-01.
+package chacha20
+
+import (
+	"crypto/cipher"
+	"encoding/binary"
+	"errors"
+	"math/bits"
+
+	"golang.org/x/crypto/internal/alias"
+)
+
+const (
+	// KeySize is the size of the key used by this cipher, in bytes.
+	KeySize = 32
+
+	// NonceSize is the size of the nonce used with the standard variant of this
+	// cipher, in bytes.
+	//
+	// Note that this is too short to be safely generated at random if the same
+	// key is reused more than 2³² times.
+	NonceSize = 12
+
+	// NonceSizeX is the size of the nonce used with the XChaCha20 variant of
+	// this cipher, in bytes.
+	NonceSizeX = 24
+)
+
+// Cipher is a stateful instance of ChaCha20 or XChaCha20 using a particular key
+// and nonce. A *Cipher implements the cipher.Stream interface.
+type Cipher struct {
+	// The ChaCha20 state is 16 words: 4 constant, 8 of key, 1 of counter
+	// (incremented after each block), and 3 of nonce.
+	key     [8]uint32
+	counter uint32
+	nonce   [3]uint32
+
+	// The last len bytes of buf are leftover key stream bytes from the previous
+	// XORKeyStream invocation. The size of buf depends on how many blocks are
+	// computed at a time by xorKeyStreamBlocks.
+	buf [bufSize]byte
+	len int
+
+	// overflow is set when the counter overflowed, no more blocks can be
+	// generated, and the next XORKeyStream call should panic.
+	overflow bool
+
+	// The counter-independent results of the first round are cached after they
+	// are computed the first time.
+	precompDone      bool
+	p1, p5, p9, p13  uint32
+	p2, p6, p10, p14 uint32
+	p3, p7, p11, p15 uint32
+}
+
+var _ cipher.Stream = (*Cipher)(nil)
+
+// NewUnauthenticatedCipher creates a new ChaCha20 stream cipher with the given
+// 32 bytes key and a 12 or 24 bytes nonce. If a nonce of 24 bytes is provided,
+// the XChaCha20 construction will be used. It returns an error if key or nonce
+// have any other length.
+//
+// Note that ChaCha20, like all stream ciphers, is not authenticated and allows
+// attackers to silently tamper with the plaintext. For this reason, it is more
+// appropriate as a building block than as a standalone encryption mechanism.
+// Instead, consider using package golang.org/x/crypto/chacha20poly1305.
+func NewUnauthenticatedCipher(key, nonce []byte) (*Cipher, error) {
+	// This function is split into a wrapper so that the Cipher allocation will
+	// be inlined, and depending on how the caller uses the return value, won't
+	// escape to the heap.
+	c := &Cipher{}
+	return newUnauthenticatedCipher(c, key, nonce)
+}
+
+func newUnauthenticatedCipher(c *Cipher, key, nonce []byte) (*Cipher, error) {
+	if len(key) != KeySize {
+		return nil, errors.New("chacha20: wrong key size")
+	}
+	if len(nonce) == NonceSizeX {
+		// XChaCha20 uses the ChaCha20 core to mix 16 bytes of the nonce into a
+		// derived key, allowing it to operate on a nonce of 24 bytes. See
+		// draft-irtf-cfrg-xchacha-01, Section 2.3.
+		key, _ = HChaCha20(key, nonce[0:16])
+		cNonce := make([]byte, NonceSize)
+		copy(cNonce[4:12], nonce[16:24])
+		nonce = cNonce
+	} else if len(nonce) != NonceSize {
+		return nil, errors.New("chacha20: wrong nonce size")
+	}
+
+	key, nonce = key[:KeySize], nonce[:NonceSize] // bounds check elimination hint
+	c.key = [8]uint32{
+		binary.LittleEndian.Uint32(key[0:4]),
+		binary.LittleEndian.Uint32(key[4:8]),
+		binary.LittleEndian.Uint32(key[8:12]),
+		binary.LittleEndian.Uint32(key[12:16]),
+		binary.LittleEndian.Uint32(key[16:20]),
+		binary.LittleEndian.Uint32(key[20:24]),
+		binary.LittleEndian.Uint32(key[24:28]),
+		binary.LittleEndian.Uint32(key[28:32]),
+	}
+	c.nonce = [3]uint32{
+		binary.LittleEndian.Uint32(nonce[0:4]),
+		binary.LittleEndian.Uint32(nonce[4:8]),
+		binary.LittleEndian.Uint32(nonce[8:12]),
+	}
+	return c, nil
+}
+
+// The constant first 4 words of the ChaCha20 state.
+const (
+	j0 uint32 = 0x61707865 // expa
+	j1 uint32 = 0x3320646e // nd 3
+	j2 uint32 = 0x79622d32 // 2-by
+	j3 uint32 = 0x6b206574 // te k
+)
+
+const blockSize = 64
+
+// quarterRound is the core of ChaCha20. It shuffles the bits of 4 state words.
+// It's executed 4 times for each of the 20 ChaCha20 rounds, operating on all 16
+// words each round, in columnar or diagonal groups of 4 at a time.
+func quarterRound(a, b, c, d uint32) (uint32, uint32, uint32, uint32) {
+	a += b
+	d ^= a
+	d = bits.RotateLeft32(d, 16)
+	c += d
+	b ^= c
+	b = bits.RotateLeft32(b, 12)
+	a += b
+	d ^= a
+	d = bits.RotateLeft32(d, 8)
+	c += d
+	b ^= c
+	b = bits.RotateLeft32(b, 7)
+	return a, b, c, d
+}
+
+// SetCounter sets the Cipher counter. The next invocation of XORKeyStream will
+// behave as if (64 * counter) bytes had been encrypted so far.
+//
+// To prevent accidental counter reuse, SetCounter panics if counter is less
+// than the current value.
+//
+// Note that the execution time of XORKeyStream is not independent of the
+// counter value.
+func (s *Cipher) SetCounter(counter uint32) {
+	// Internally, s may buffer multiple blocks, which complicates this
+	// implementation slightly. When checking whether the counter has rolled
+	// back, we must use both s.counter and s.len to determine how many blocks
+	// we have already output.
+	outputCounter := s.counter - uint32(s.len)/blockSize
+	if s.overflow || counter < outputCounter {
+		panic("chacha20: SetCounter attempted to rollback counter")
+	}
+
+	// In the general case, we set the new counter value and reset s.len to 0,
+	// causing the next call to XORKeyStream to refill the buffer. However, if
+	// we're advancing within the existing buffer, we can save work by simply
+	// setting s.len.
+	if counter < s.counter {
+		s.len = int(s.counter-counter) * blockSize
+	} else {
+		s.counter = counter
+		s.len = 0
+	}
+}
+
+// XORKeyStream XORs each byte in the given slice with a byte from the
+// cipher's key stream. Dst and src must overlap entirely or not at all.
+//
+// If len(dst) < len(src), XORKeyStream will panic. It is acceptable
+// to pass a dst bigger than src, and in that case, XORKeyStream will
+// only update dst[:len(src)] and will not touch the rest of dst.
+//
+// Multiple calls to XORKeyStream behave as if the concatenation of
+// the src buffers was passed in a single run. That is, Cipher
+// maintains state and does not reset at each XORKeyStream call.
+func (s *Cipher) XORKeyStream(dst, src []byte) {
+	if len(src) == 0 {
+		return
+	}
+	if len(dst) < len(src) {
+		panic("chacha20: output smaller than input")
+	}
+	dst = dst[:len(src)]
+	if alias.InexactOverlap(dst, src) {
+		panic("chacha20: invalid buffer overlap")
+	}
+
+	// First, drain any remaining key stream from a previous XORKeyStream.
+	if s.len != 0 {
+		keyStream := s.buf[bufSize-s.len:]
+		if len(src) < len(keyStream) {
+			keyStream = keyStream[:len(src)]
+		}
+		_ = src[len(keyStream)-1] // bounds check elimination hint
+		for i, b := range keyStream {
+			dst[i] = src[i] ^ b
+		}
+		s.len -= len(keyStream)
+		dst, src = dst[len(keyStream):], src[len(keyStream):]
+	}
+	if len(src) == 0 {
+		return
+	}
+
+	// If we'd need to let the counter overflow and keep generating output,
+	// panic immediately. If instead we'd only reach the last block, remember
+	// not to generate any more output after the buffer is drained.
+	numBlocks := (uint64(len(src)) + blockSize - 1) / blockSize
+	if s.overflow || uint64(s.counter)+numBlocks > 1<<32 {
+		panic("chacha20: counter overflow")
+	} else if uint64(s.counter)+numBlocks == 1<<32 {
+		s.overflow = true
+	}
+
+	// xorKeyStreamBlocks implementations expect input lengths that are a
+	// multiple of bufSize. Platform-specific ones process multiple blocks at a
+	// time, so have bufSizes that are a multiple of blockSize.
+
+	full := len(src) - len(src)%bufSize
+	if full > 0 {
+		s.xorKeyStreamBlocks(dst[:full], src[:full])
+	}
+	dst, src = dst[full:], src[full:]
+
+	// If using a multi-block xorKeyStreamBlocks would overflow, use the generic
+	// one that does one block at a time.
+	const blocksPerBuf = bufSize / blockSize
+	if uint64(s.counter)+blocksPerBuf > 1<<32 {
+		s.buf = [bufSize]byte{}
+		numBlocks := (len(src) + blockSize - 1) / blockSize
+		buf := s.buf[bufSize-numBlocks*blockSize:]
+		copy(buf, src)
+		s.xorKeyStreamBlocksGeneric(buf, buf)
+		s.len = len(buf) - copy(dst, buf)
+		return
+	}
+
+	// If we have a partial (multi-)block, pad it for xorKeyStreamBlocks, and
+	// keep the leftover keystream for the next XORKeyStream invocation.
+	if len(src) > 0 {
+		s.buf = [bufSize]byte{}
+		copy(s.buf[:], src)
+		s.xorKeyStreamBlocks(s.buf[:], s.buf[:])
+		s.len = bufSize - copy(dst, s.buf[:])
+	}
+}
+
+func (s *Cipher) xorKeyStreamBlocksGeneric(dst, src []byte) {
+	if len(dst) != len(src) || len(dst)%blockSize != 0 {
+		panic("chacha20: internal error: wrong dst and/or src length")
+	}
+
+	// To generate each block of key stream, the initial cipher state
+	// (represented below) is passed through 20 rounds of shuffling,
+	// alternatively applying quarterRounds by columns (like 1, 5, 9, 13)
+	// or by diagonals (like 1, 6, 11, 12).
+	//
+	//      0:cccccccc   1:cccccccc   2:cccccccc   3:cccccccc
+	//      4:kkkkkkkk   5:kkkkkkkk   6:kkkkkkkk   7:kkkkkkkk
+	//      8:kkkkkkkk   9:kkkkkkkk  10:kkkkkkkk  11:kkkkkkkk
+	//     12:bbbbbbbb  13:nnnnnnnn  14:nnnnnnnn  15:nnnnnnnn
+	//
+	//            c=constant k=key b=blockcount n=nonce
+	var (
+		c0, c1, c2, c3   = j0, j1, j2, j3
+		c4, c5, c6, c7   = s.key[0], s.key[1], s.key[2], s.key[3]
+		c8, c9, c10, c11 = s.key[4], s.key[5], s.key[6], s.key[7]
+		_, c13, c14, c15 = s.counter, s.nonce[0], s.nonce[1], s.nonce[2]
+	)
+
+	// Three quarters of the first round don't depend on the counter, so we can
+	// calculate them here, and reuse them for multiple blocks in the loop, and
+	// for future XORKeyStream invocations.
+	if !s.precompDone {
+		s.p1, s.p5, s.p9, s.p13 = quarterRound(c1, c5, c9, c13)
+		s.p2, s.p6, s.p10, s.p14 = quarterRound(c2, c6, c10, c14)
+		s.p3, s.p7, s.p11, s.p15 = quarterRound(c3, c7, c11, c15)
+		s.precompDone = true
+	}
+
+	// A condition of len(src) > 0 would be sufficient, but this also
+	// acts as a bounds check elimination hint.
+	for len(src) >= 64 && len(dst) >= 64 {
+		// The remainder of the first column round.
+		fcr0, fcr4, fcr8, fcr12 := quarterRound(c0, c4, c8, s.counter)
+
+		// The second diagonal round.
+		x0, x5, x10, x15 := quarterRound(fcr0, s.p5, s.p10, s.p15)
+		x1, x6, x11, x12 := quarterRound(s.p1, s.p6, s.p11, fcr12)
+		x2, x7, x8, x13 := quarterRound(s.p2, s.p7, fcr8, s.p13)
+		x3, x4, x9, x14 := quarterRound(s.p3, fcr4, s.p9, s.p14)
+
+		// The remaining 18 rounds.
+		for i := 0; i < 9; i++ {
+			// Column round.
+			x0, x4, x8, x12 = quarterRound(x0, x4, x8, x12)
+			x1, x5, x9, x13 = quarterRound(x1, x5, x9, x13)
+			x2, x6, x10, x14 = quarterRound(x2, x6, x10, x14)
+			x3, x7, x11, x15 = quarterRound(x3, x7, x11, x15)
+
+			// Diagonal round.
+			x0, x5, x10, x15 = quarterRound(x0, x5, x10, x15)
+			x1, x6, x11, x12 = quarterRound(x1, x6, x11, x12)
+			x2, x7, x8, x13 = quarterRound(x2, x7, x8, x13)
+			x3, x4, x9, x14 = quarterRound(x3, x4, x9, x14)
+		}
+
+		// Add back the initial state to generate the key stream, then
+		// XOR the key stream with the source and write out the result.
+		addXor(dst[0:4], src[0:4], x0, c0)
+		addXor(dst[4:8], src[4:8], x1, c1)
+		addXor(dst[8:12], src[8:12], x2, c2)
+		addXor(dst[12:16], src[12:16], x3, c3)
+		addXor(dst[16:20], src[16:20], x4, c4)
+		addXor(dst[20:24], src[20:24], x5, c5)
+		addXor(dst[24:28], src[24:28], x6, c6)
+		addXor(dst[28:32], src[28:32], x7, c7)
+		addXor(dst[32:36], src[32:36], x8, c8)
+		addXor(dst[36:40], src[36:40], x9, c9)
+		addXor(dst[40:44], src[40:44], x10, c10)
+		addXor(dst[44:48], src[44:48], x11, c11)
+		addXor(dst[48:52], src[48:52], x12, s.counter)
+		addXor(dst[52:56], src[52:56], x13, c13)
+		addXor(dst[56:60], src[56:60], x14, c14)
+		addXor(dst[60:64], src[60:64], x15, c15)
+
+		s.counter += 1
+
+		src, dst = src[blockSize:], dst[blockSize:]
+	}
+}
+
+// HChaCha20 uses the ChaCha20 core to generate a derived key from a 32 bytes
+// key and a 16 bytes nonce. It returns an error if key or nonce have any other
+// length. It is used as part of the XChaCha20 construction.
+func HChaCha20(key, nonce []byte) ([]byte, error) {
+	// This function is split into a wrapper so that the slice allocation will
+	// be inlined, and depending on how the caller uses the return value, won't
+	// escape to the heap.
+	out := make([]byte, 32)
+	return hChaCha20(out, key, nonce)
+}
+
+func hChaCha20(out, key, nonce []byte) ([]byte, error) {
+	if len(key) != KeySize {
+		return nil, errors.New("chacha20: wrong HChaCha20 key size")
+	}
+	if len(nonce) != 16 {
+		return nil, errors.New("chacha20: wrong HChaCha20 nonce size")
+	}
+
+	x0, x1, x2, x3 := j0, j1, j2, j3
+	x4 := binary.LittleEndian.Uint32(key[0:4])
+	x5 := binary.LittleEndian.Uint32(key[4:8])
+	x6 := binary.LittleEndian.Uint32(key[8:12])
+	x7 := binary.LittleEndian.Uint32(key[12:16])
+	x8 := binary.LittleEndian.Uint32(key[16:20])
+	x9 := binary.LittleEndian.Uint32(key[20:24])
+	x10 := binary.LittleEndian.Uint32(key[24:28])
+	x11 := binary.LittleEndian.Uint32(key[28:32])
+	x12 := binary.LittleEndian.Uint32(nonce[0:4])
+	x13 := binary.LittleEndian.Uint32(nonce[4:8])
+	x14 := binary.LittleEndian.Uint32(nonce[8:12])
+	x15 := binary.LittleEndian.Uint32(nonce[12:16])
+
+	for i := 0; i < 10; i++ {
+		// Diagonal round.
+		x0, x4, x8, x12 = quarterRound(x0, x4, x8, x12)
+		x1, x5, x9, x13 = quarterRound(x1, x5, x9, x13)
+		x2, x6, x10, x14 = quarterRound(x2, x6, x10, x14)
+		x3, x7, x11, x15 = quarterRound(x3, x7, x11, x15)
+
+		// Column round.
+		x0, x5, x10, x15 = quarterRound(x0, x5, x10, x15)
+		x1, x6, x11, x12 = quarterRound(x1, x6, x11, x12)
+		x2, x7, x8, x13 = quarterRound(x2, x7, x8, x13)
+		x3, x4, x9, x14 = quarterRound(x3, x4, x9, x14)
+	}
+
+	_ = out[31] // bounds check elimination hint
+	binary.LittleEndian.PutUint32(out[0:4], x0)
+	binary.LittleEndian.PutUint32(out[4:8], x1)
+	binary.LittleEndian.PutUint32(out[8:12], x2)
+	binary.LittleEndian.PutUint32(out[12:16], x3)
+	binary.LittleEndian.PutUint32(out[16:20], x12)
+	binary.LittleEndian.PutUint32(out[20:24], x13)
+	binary.LittleEndian.PutUint32(out[24:28], x14)
+	binary.LittleEndian.PutUint32(out[28:32], x15)
+	return out, nil
+}
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go b/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go
new file mode 100644
index 000000000..02ff3d05e
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go
@@ -0,0 +1,14 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (!arm64 && !s390x && !ppc64le) || !gc || purego
+// +build !arm64,!s390x,!ppc64le !gc purego
+
+package chacha20
+
+const bufSize = blockSize
+
+func (s *Cipher) xorKeyStreamBlocks(dst, src []byte) {
+	s.xorKeyStreamBlocksGeneric(dst, src)
+}
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go b/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go
new file mode 100644
index 000000000..da420b2e9
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go
@@ -0,0 +1,17 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+package chacha20
+
+const bufSize = 256
+
+//go:noescape
+func chaCha20_ctr32_vsx(out, inp *byte, len int, key *[8]uint32, counter *uint32)
+
+func (c *Cipher) xorKeyStreamBlocks(dst, src []byte) {
+	chaCha20_ctr32_vsx(&dst[0], &src[0], len(src), &c.key, &c.counter)
+}
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s b/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s
new file mode 100644
index 000000000..5c0fed26f
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s
@@ -0,0 +1,450 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Based on CRYPTOGAMS code with the following comment:
+// # ====================================================================
+// # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+// # project. The module is, however, dual licensed under OpenSSL and
+// # CRYPTOGAMS licenses depending on where you obtain it. For further
+// # details see http://www.openssl.org/~appro/cryptogams/.
+// # ====================================================================
+
+// Code for the perl script that generates the ppc64 assembler
+// can be found in the cryptogams repository at the link below. It is based on
+// the original from openssl.
+
+// https://github.com/dot-asm/cryptogams/commit/a60f5b50ed908e91
+
+// The differences in this and the original implementation are
+// due to the calling conventions and initialization of constants.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+#include "textflag.h"
+
+#define OUT  R3
+#define INP  R4
+#define LEN  R5
+#define KEY  R6
+#define CNT  R7
+#define TMP  R15
+
+#define CONSTBASE  R16
+#define BLOCKS R17
+
+DATA consts<>+0x00(SB)/8, $0x3320646e61707865
+DATA consts<>+0x08(SB)/8, $0x6b20657479622d32
+DATA consts<>+0x10(SB)/8, $0x0000000000000001
+DATA consts<>+0x18(SB)/8, $0x0000000000000000
+DATA consts<>+0x20(SB)/8, $0x0000000000000004
+DATA consts<>+0x28(SB)/8, $0x0000000000000000
+DATA consts<>+0x30(SB)/8, $0x0a0b08090e0f0c0d
+DATA consts<>+0x38(SB)/8, $0x0203000106070405
+DATA consts<>+0x40(SB)/8, $0x090a0b080d0e0f0c
+DATA consts<>+0x48(SB)/8, $0x0102030005060704
+DATA consts<>+0x50(SB)/8, $0x6170786561707865
+DATA consts<>+0x58(SB)/8, $0x6170786561707865
+DATA consts<>+0x60(SB)/8, $0x3320646e3320646e
+DATA consts<>+0x68(SB)/8, $0x3320646e3320646e
+DATA consts<>+0x70(SB)/8, $0x79622d3279622d32
+DATA consts<>+0x78(SB)/8, $0x79622d3279622d32
+DATA consts<>+0x80(SB)/8, $0x6b2065746b206574
+DATA consts<>+0x88(SB)/8, $0x6b2065746b206574
+DATA consts<>+0x90(SB)/8, $0x0000000100000000
+DATA consts<>+0x98(SB)/8, $0x0000000300000002
+GLOBL consts<>(SB), RODATA, $0xa0
+
+//func chaCha20_ctr32_vsx(out, inp *byte, len int, key *[8]uint32, counter *uint32)
+TEXT ·chaCha20_ctr32_vsx(SB),NOSPLIT,$64-40
+	MOVD out+0(FP), OUT
+	MOVD inp+8(FP), INP
+	MOVD len+16(FP), LEN
+	MOVD key+24(FP), KEY
+	MOVD counter+32(FP), CNT
+
+	// Addressing for constants
+	MOVD $consts<>+0x00(SB), CONSTBASE
+	MOVD $16, R8
+	MOVD $32, R9
+	MOVD $48, R10
+	MOVD $64, R11
+	SRD $6, LEN, BLOCKS
+	// V16
+	LXVW4X (CONSTBASE)(R0), VS48
+	ADD $80,CONSTBASE
+
+	// Load key into V17,V18
+	LXVW4X (KEY)(R0), VS49
+	LXVW4X (KEY)(R8), VS50
+
+	// Load CNT, NONCE into V19
+	LXVW4X (CNT)(R0), VS51
+
+	// Clear V27
+	VXOR V27, V27, V27
+
+	// V28
+	LXVW4X (CONSTBASE)(R11), VS60
+
+	// splat slot from V19 -> V26
+	VSPLTW $0, V19, V26
+
+	VSLDOI $4, V19, V27, V19
+	VSLDOI $12, V27, V19, V19
+
+	VADDUWM V26, V28, V26
+
+	MOVD $10, R14
+	MOVD R14, CTR
+
+loop_outer_vsx:
+	// V0, V1, V2, V3
+	LXVW4X (R0)(CONSTBASE), VS32
+	LXVW4X (R8)(CONSTBASE), VS33
+	LXVW4X (R9)(CONSTBASE), VS34
+	LXVW4X (R10)(CONSTBASE), VS35
+
+	// splat values from V17, V18 into V4-V11
+	VSPLTW $0, V17, V4
+	VSPLTW $1, V17, V5
+	VSPLTW $2, V17, V6
+	VSPLTW $3, V17, V7
+	VSPLTW $0, V18, V8
+	VSPLTW $1, V18, V9
+	VSPLTW $2, V18, V10
+	VSPLTW $3, V18, V11
+
+	// VOR
+	VOR V26, V26, V12
+
+	// splat values from V19 -> V13, V14, V15
+	VSPLTW $1, V19, V13
+	VSPLTW $2, V19, V14
+	VSPLTW $3, V19, V15
+
+	// splat   const values
+	VSPLTISW $-16, V27
+	VSPLTISW $12, V28
+	VSPLTISW $8, V29
+	VSPLTISW $7, V30
+
+loop_vsx:
+	VADDUWM V0, V4, V0
+	VADDUWM V1, V5, V1
+	VADDUWM V2, V6, V2
+	VADDUWM V3, V7, V3
+
+	VXOR V12, V0, V12
+	VXOR V13, V1, V13
+	VXOR V14, V2, V14
+	VXOR V15, V3, V15
+
+	VRLW V12, V27, V12
+	VRLW V13, V27, V13
+	VRLW V14, V27, V14
+	VRLW V15, V27, V15
+
+	VADDUWM V8, V12, V8
+	VADDUWM V9, V13, V9
+	VADDUWM V10, V14, V10
+	VADDUWM V11, V15, V11
+
+	VXOR V4, V8, V4
+	VXOR V5, V9, V5
+	VXOR V6, V10, V6
+	VXOR V7, V11, V7
+
+	VRLW V4, V28, V4
+	VRLW V5, V28, V5
+	VRLW V6, V28, V6
+	VRLW V7, V28, V7
+
+	VADDUWM V0, V4, V0
+	VADDUWM V1, V5, V1
+	VADDUWM V2, V6, V2
+	VADDUWM V3, V7, V3
+
+	VXOR V12, V0, V12
+	VXOR V13, V1, V13
+	VXOR V14, V2, V14
+	VXOR V15, V3, V15
+
+	VRLW V12, V29, V12
+	VRLW V13, V29, V13
+	VRLW V14, V29, V14
+	VRLW V15, V29, V15
+
+	VADDUWM V8, V12, V8
+	VADDUWM V9, V13, V9
+	VADDUWM V10, V14, V10
+	VADDUWM V11, V15, V11
+
+	VXOR V4, V8, V4
+	VXOR V5, V9, V5
+	VXOR V6, V10, V6
+	VXOR V7, V11, V7
+
+	VRLW V4, V30, V4
+	VRLW V5, V30, V5
+	VRLW V6, V30, V6
+	VRLW V7, V30, V7
+
+	VADDUWM V0, V5, V0
+	VADDUWM V1, V6, V1
+	VADDUWM V2, V7, V2
+	VADDUWM V3, V4, V3
+
+	VXOR V15, V0, V15
+	VXOR V12, V1, V12
+	VXOR V13, V2, V13
+	VXOR V14, V3, V14
+
+	VRLW V15, V27, V15
+	VRLW V12, V27, V12
+	VRLW V13, V27, V13
+	VRLW V14, V27, V14
+
+	VADDUWM V10, V15, V10
+	VADDUWM V11, V12, V11
+	VADDUWM V8, V13, V8
+	VADDUWM V9, V14, V9
+
+	VXOR V5, V10, V5
+	VXOR V6, V11, V6
+	VXOR V7, V8, V7
+	VXOR V4, V9, V4
+
+	VRLW V5, V28, V5
+	VRLW V6, V28, V6
+	VRLW V7, V28, V7
+	VRLW V4, V28, V4
+
+	VADDUWM V0, V5, V0
+	VADDUWM V1, V6, V1
+	VADDUWM V2, V7, V2
+	VADDUWM V3, V4, V3
+
+	VXOR V15, V0, V15
+	VXOR V12, V1, V12
+	VXOR V13, V2, V13
+	VXOR V14, V3, V14
+
+	VRLW V15, V29, V15
+	VRLW V12, V29, V12
+	VRLW V13, V29, V13
+	VRLW V14, V29, V14
+
+	VADDUWM V10, V15, V10
+	VADDUWM V11, V12, V11
+	VADDUWM V8, V13, V8
+	VADDUWM V9, V14, V9
+
+	VXOR V5, V10, V5
+	VXOR V6, V11, V6
+	VXOR V7, V8, V7
+	VXOR V4, V9, V4
+
+	VRLW V5, V30, V5
+	VRLW V6, V30, V6
+	VRLW V7, V30, V7
+	VRLW V4, V30, V4
+	BC   16, LT, loop_vsx
+
+	VADDUWM V12, V26, V12
+
+	WORD $0x13600F8C		// VMRGEW V0, V1, V27
+	WORD $0x13821F8C		// VMRGEW V2, V3, V28
+
+	WORD $0x10000E8C		// VMRGOW V0, V1, V0
+	WORD $0x10421E8C		// VMRGOW V2, V3, V2
+
+	WORD $0x13A42F8C		// VMRGEW V4, V5, V29
+	WORD $0x13C63F8C		// VMRGEW V6, V7, V30
+
+	XXPERMDI VS32, VS34, $0, VS33
+	XXPERMDI VS32, VS34, $3, VS35
+	XXPERMDI VS59, VS60, $0, VS32
+	XXPERMDI VS59, VS60, $3, VS34
+
+	WORD $0x10842E8C		// VMRGOW V4, V5, V4
+	WORD $0x10C63E8C		// VMRGOW V6, V7, V6
+
+	WORD $0x13684F8C		// VMRGEW V8, V9, V27
+	WORD $0x138A5F8C		// VMRGEW V10, V11, V28
+
+	XXPERMDI VS36, VS38, $0, VS37
+	XXPERMDI VS36, VS38, $3, VS39
+	XXPERMDI VS61, VS62, $0, VS36
+	XXPERMDI VS61, VS62, $3, VS38
+
+	WORD $0x11084E8C		// VMRGOW V8, V9, V8
+	WORD $0x114A5E8C		// VMRGOW V10, V11, V10
+
+	WORD $0x13AC6F8C		// VMRGEW V12, V13, V29
+	WORD $0x13CE7F8C		// VMRGEW V14, V15, V30
+
+	XXPERMDI VS40, VS42, $0, VS41
+	XXPERMDI VS40, VS42, $3, VS43
+	XXPERMDI VS59, VS60, $0, VS40
+	XXPERMDI VS59, VS60, $3, VS42
+
+	WORD $0x118C6E8C		// VMRGOW V12, V13, V12
+	WORD $0x11CE7E8C		// VMRGOW V14, V15, V14
+
+	VSPLTISW $4, V27
+	VADDUWM V26, V27, V26
+
+	XXPERMDI VS44, VS46, $0, VS45
+	XXPERMDI VS44, VS46, $3, VS47
+	XXPERMDI VS61, VS62, $0, VS44
+	XXPERMDI VS61, VS62, $3, VS46
+
+	VADDUWM V0, V16, V0
+	VADDUWM V4, V17, V4
+	VADDUWM V8, V18, V8
+	VADDUWM V12, V19, V12
+
+	CMPU LEN, $64
+	BLT tail_vsx
+
+	// Bottom of loop
+	LXVW4X (INP)(R0), VS59
+	LXVW4X (INP)(R8), VS60
+	LXVW4X (INP)(R9), VS61
+	LXVW4X (INP)(R10), VS62
+
+	VXOR V27, V0, V27
+	VXOR V28, V4, V28
+	VXOR V29, V8, V29
+	VXOR V30, V12, V30
+
+	STXVW4X VS59, (OUT)(R0)
+	STXVW4X VS60, (OUT)(R8)
+	ADD     $64, INP
+	STXVW4X VS61, (OUT)(R9)
+	ADD     $-64, LEN
+	STXVW4X VS62, (OUT)(R10)
+	ADD     $64, OUT
+	BEQ     done_vsx
+
+	VADDUWM V1, V16, V0
+	VADDUWM V5, V17, V4
+	VADDUWM V9, V18, V8
+	VADDUWM V13, V19, V12
+
+	CMPU  LEN, $64
+	BLT   tail_vsx
+
+	LXVW4X (INP)(R0), VS59
+	LXVW4X (INP)(R8), VS60
+	LXVW4X (INP)(R9), VS61
+	LXVW4X (INP)(R10), VS62
+	VXOR   V27, V0, V27
+
+	VXOR V28, V4, V28
+	VXOR V29, V8, V29
+	VXOR V30, V12, V30
+
+	STXVW4X VS59, (OUT)(R0)
+	STXVW4X VS60, (OUT)(R8)
+	ADD     $64, INP
+	STXVW4X VS61, (OUT)(R9)
+	ADD     $-64, LEN
+	STXVW4X VS62, (OUT)(V10)
+	ADD     $64, OUT
+	BEQ     done_vsx
+
+	VADDUWM V2, V16, V0
+	VADDUWM V6, V17, V4
+	VADDUWM V10, V18, V8
+	VADDUWM V14, V19, V12
+
+	CMPU LEN, $64
+	BLT  tail_vsx
+
+	LXVW4X (INP)(R0), VS59
+	LXVW4X (INP)(R8), VS60
+	LXVW4X (INP)(R9), VS61
+	LXVW4X (INP)(R10), VS62
+
+	VXOR V27, V0, V27
+	VXOR V28, V4, V28
+	VXOR V29, V8, V29
+	VXOR V30, V12, V30
+
+	STXVW4X VS59, (OUT)(R0)
+	STXVW4X VS60, (OUT)(R8)
+	ADD     $64, INP
+	STXVW4X VS61, (OUT)(R9)
+	ADD     $-64, LEN
+	STXVW4X VS62, (OUT)(R10)
+	ADD     $64, OUT
+	BEQ     done_vsx
+
+	VADDUWM V3, V16, V0
+	VADDUWM V7, V17, V4
+	VADDUWM V11, V18, V8
+	VADDUWM V15, V19, V12
+
+	CMPU  LEN, $64
+	BLT   tail_vsx
+
+	LXVW4X (INP)(R0), VS59
+	LXVW4X (INP)(R8), VS60
+	LXVW4X (INP)(R9), VS61
+	LXVW4X (INP)(R10), VS62
+
+	VXOR V27, V0, V27
+	VXOR V28, V4, V28
+	VXOR V29, V8, V29
+	VXOR V30, V12, V30
+
+	STXVW4X VS59, (OUT)(R0)
+	STXVW4X VS60, (OUT)(R8)
+	ADD     $64, INP
+	STXVW4X VS61, (OUT)(R9)
+	ADD     $-64, LEN
+	STXVW4X VS62, (OUT)(R10)
+	ADD     $64, OUT
+
+	MOVD $10, R14
+	MOVD R14, CTR
+	BNE  loop_outer_vsx
+
+done_vsx:
+	// Increment counter by number of 64 byte blocks
+	MOVD (CNT), R14
+	ADD  BLOCKS, R14
+	MOVD R14, (CNT)
+	RET
+
+tail_vsx:
+	ADD  $32, R1, R11
+	MOVD LEN, CTR
+
+	// Save values on stack to copy from
+	STXVW4X VS32, (R11)(R0)
+	STXVW4X VS36, (R11)(R8)
+	STXVW4X VS40, (R11)(R9)
+	STXVW4X VS44, (R11)(R10)
+	ADD $-1, R11, R12
+	ADD $-1, INP
+	ADD $-1, OUT
+
+looptail_vsx:
+	// Copying the result to OUT
+	// in bytes.
+	MOVBZU 1(R12), KEY
+	MOVBZU 1(INP), TMP
+	XOR    KEY, TMP, KEY
+	MOVBU  KEY, 1(OUT)
+	BC     16, LT, looptail_vsx
+
+	// Clear the stack values
+	STXVW4X VS48, (R11)(R0)
+	STXVW4X VS48, (R11)(R8)
+	STXVW4X VS48, (R11)(R9)
+	STXVW4X VS48, (R11)(R10)
+	BR      done_vsx
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_s390x.go b/vendor/golang.org/x/crypto/chacha20/chacha_s390x.go
new file mode 100644
index 000000000..4652247b8
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_s390x.go
@@ -0,0 +1,28 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+package chacha20
+
+import "golang.org/x/sys/cpu"
+
+var haveAsm = cpu.S390X.HasVX
+
+const bufSize = 256
+
+// xorKeyStreamVX is an assembly implementation of XORKeyStream. It must only
+// be called when the vector facility is available. Implementation in asm_s390x.s.
+//
+//go:noescape
+func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)
+
+func (c *Cipher) xorKeyStreamBlocks(dst, src []byte) {
+	if cpu.S390X.HasVX {
+		xorKeyStreamVX(dst, src, &c.key, &c.nonce, &c.counter)
+	} else {
+		c.xorKeyStreamBlocksGeneric(dst, src)
+	}
+}
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_s390x.s b/vendor/golang.org/x/crypto/chacha20/chacha_s390x.s
new file mode 100644
index 000000000..f3ef5a019
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_s390x.s
@@ -0,0 +1,225 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+#include "go_asm.h"
+#include "textflag.h"
+
+// This is an implementation of the ChaCha20 encryption algorithm as
+// specified in RFC 7539. It uses vector instructions to compute
+// 4 keystream blocks in parallel (256 bytes) which are then XORed
+// with the bytes in the input slice.
+
+GLOBL ·constants<>(SB), RODATA|NOPTR, $32
+// BSWAP: swap bytes in each 4-byte element
+DATA ·constants<>+0x00(SB)/4, $0x03020100
+DATA ·constants<>+0x04(SB)/4, $0x07060504
+DATA ·constants<>+0x08(SB)/4, $0x0b0a0908
+DATA ·constants<>+0x0c(SB)/4, $0x0f0e0d0c
+// J0: [j0, j1, j2, j3]
+DATA ·constants<>+0x10(SB)/4, $0x61707865
+DATA ·constants<>+0x14(SB)/4, $0x3320646e
+DATA ·constants<>+0x18(SB)/4, $0x79622d32
+DATA ·constants<>+0x1c(SB)/4, $0x6b206574
+
+#define BSWAP V5
+#define J0    V6
+#define KEY0  V7
+#define KEY1  V8
+#define NONCE V9
+#define CTR   V10
+#define M0    V11
+#define M1    V12
+#define M2    V13
+#define M3    V14
+#define INC   V15
+#define X0    V16
+#define X1    V17
+#define X2    V18
+#define X3    V19
+#define X4    V20
+#define X5    V21
+#define X6    V22
+#define X7    V23
+#define X8    V24
+#define X9    V25
+#define X10   V26
+#define X11   V27
+#define X12   V28
+#define X13   V29
+#define X14   V30
+#define X15   V31
+
+#define NUM_ROUNDS 20
+
+#define ROUND4(a0, a1, a2, a3, b0, b1, b2, b3, c0, c1, c2, c3, d0, d1, d2, d3) \
+	VAF    a1, a0, a0  \
+	VAF    b1, b0, b0  \
+	VAF    c1, c0, c0  \
+	VAF    d1, d0, d0  \
+	VX     a0, a2, a2  \
+	VX     b0, b2, b2  \
+	VX     c0, c2, c2  \
+	VX     d0, d2, d2  \
+	VERLLF $16, a2, a2 \
+	VERLLF $16, b2, b2 \
+	VERLLF $16, c2, c2 \
+	VERLLF $16, d2, d2 \
+	VAF    a2, a3, a3  \
+	VAF    b2, b3, b3  \
+	VAF    c2, c3, c3  \
+	VAF    d2, d3, d3  \
+	VX     a3, a1, a1  \
+	VX     b3, b1, b1  \
+	VX     c3, c1, c1  \
+	VX     d3, d1, d1  \
+	VERLLF $12, a1, a1 \
+	VERLLF $12, b1, b1 \
+	VERLLF $12, c1, c1 \
+	VERLLF $12, d1, d1 \
+	VAF    a1, a0, a0  \
+	VAF    b1, b0, b0  \
+	VAF    c1, c0, c0  \
+	VAF    d1, d0, d0  \
+	VX     a0, a2, a2  \
+	VX     b0, b2, b2  \
+	VX     c0, c2, c2  \
+	VX     d0, d2, d2  \
+	VERLLF $8, a2, a2  \
+	VERLLF $8, b2, b2  \
+	VERLLF $8, c2, c2  \
+	VERLLF $8, d2, d2  \
+	VAF    a2, a3, a3  \
+	VAF    b2, b3, b3  \
+	VAF    c2, c3, c3  \
+	VAF    d2, d3, d3  \
+	VX     a3, a1, a1  \
+	VX     b3, b1, b1  \
+	VX     c3, c1, c1  \
+	VX     d3, d1, d1  \
+	VERLLF $7, a1, a1  \
+	VERLLF $7, b1, b1  \
+	VERLLF $7, c1, c1  \
+	VERLLF $7, d1, d1
+
+#define PERMUTE(mask, v0, v1, v2, v3) \
+	VPERM v0, v0, mask, v0 \
+	VPERM v1, v1, mask, v1 \
+	VPERM v2, v2, mask, v2 \
+	VPERM v3, v3, mask, v3
+
+#define ADDV(x, v0, v1, v2, v3) \
+	VAF x, v0, v0 \
+	VAF x, v1, v1 \
+	VAF x, v2, v2 \
+	VAF x, v3, v3
+
+#define XORV(off, dst, src, v0, v1, v2, v3) \
+	VLM  off(src), M0, M3          \
+	PERMUTE(BSWAP, v0, v1, v2, v3) \
+	VX   v0, M0, M0                \
+	VX   v1, M1, M1                \
+	VX   v2, M2, M2                \
+	VX   v3, M3, M3                \
+	VSTM M0, M3, off(dst)
+
+#define SHUFFLE(a, b, c, d, t, u, v, w) \
+	VMRHF a, c, t \ // t = {a[0], c[0], a[1], c[1]}
+	VMRHF b, d, u \ // u = {b[0], d[0], b[1], d[1]}
+	VMRLF a, c, v \ // v = {a[2], c[2], a[3], c[3]}
+	VMRLF b, d, w \ // w = {b[2], d[2], b[3], d[3]}
+	VMRHF t, u, a \ // a = {a[0], b[0], c[0], d[0]}
+	VMRLF t, u, b \ // b = {a[1], b[1], c[1], d[1]}
+	VMRHF v, w, c \ // c = {a[2], b[2], c[2], d[2]}
+	VMRLF v, w, d // d = {a[3], b[3], c[3], d[3]}
+
+// func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)
+TEXT ·xorKeyStreamVX(SB), NOSPLIT, $0
+	MOVD $·constants<>(SB), R1
+	MOVD dst+0(FP), R2         // R2=&dst[0]
+	LMG  src+24(FP), R3, R4    // R3=&src[0] R4=len(src)
+	MOVD key+48(FP), R5        // R5=key
+	MOVD nonce+56(FP), R6      // R6=nonce
+	MOVD counter+64(FP), R7    // R7=counter
+
+	// load BSWAP and J0
+	VLM (R1), BSWAP, J0
+
+	// setup
+	MOVD  $95, R0
+	VLM   (R5), KEY0, KEY1
+	VLL   R0, (R6), NONCE
+	VZERO M0
+	VLEIB $7, $32, M0
+	VSRLB M0, NONCE, NONCE
+
+	// initialize counter values
+	VLREPF (R7), CTR
+	VZERO  INC
+	VLEIF  $1, $1, INC
+	VLEIF  $2, $2, INC
+	VLEIF  $3, $3, INC
+	VAF    INC, CTR, CTR
+	VREPIF $4, INC
+
+chacha:
+	VREPF $0, J0, X0
+	VREPF $1, J0, X1
+	VREPF $2, J0, X2
+	VREPF $3, J0, X3
+	VREPF $0, KEY0, X4
+	VREPF $1, KEY0, X5
+	VREPF $2, KEY0, X6
+	VREPF $3, KEY0, X7
+	VREPF $0, KEY1, X8
+	VREPF $1, KEY1, X9
+	VREPF $2, KEY1, X10
+	VREPF $3, KEY1, X11
+	VLR   CTR, X12
+	VREPF $1, NONCE, X13
+	VREPF $2, NONCE, X14
+	VREPF $3, NONCE, X15
+
+	MOVD $(NUM_ROUNDS/2), R1
+
+loop:
+	ROUND4(X0, X4, X12,  X8, X1, X5, X13,  X9, X2, X6, X14, X10, X3, X7, X15, X11)
+	ROUND4(X0, X5, X15, X10, X1, X6, X12, X11, X2, X7, X13, X8,  X3, X4, X14, X9)
+
+	ADD $-1, R1
+	BNE loop
+
+	// decrement length
+	ADD $-256, R4
+
+	// rearrange vectors
+	SHUFFLE(X0, X1, X2, X3, M0, M1, M2, M3)
+	ADDV(J0, X0, X1, X2, X3)
+	SHUFFLE(X4, X5, X6, X7, M0, M1, M2, M3)
+	ADDV(KEY0, X4, X5, X6, X7)
+	SHUFFLE(X8, X9, X10, X11, M0, M1, M2, M3)
+	ADDV(KEY1, X8, X9, X10, X11)
+	VAF CTR, X12, X12
+	SHUFFLE(X12, X13, X14, X15, M0, M1, M2, M3)
+	ADDV(NONCE, X12, X13, X14, X15)
+
+	// increment counters
+	VAF INC, CTR, CTR
+
+	// xor keystream with plaintext
+	XORV(0*64, R2, R3, X0, X4,  X8, X12)
+	XORV(1*64, R2, R3, X1, X5,  X9, X13)
+	XORV(2*64, R2, R3, X2, X6, X10, X14)
+	XORV(3*64, R2, R3, X3, X7, X11, X15)
+
+	// increment pointers
+	MOVD $256(R2), R2
+	MOVD $256(R3), R3
+
+	CMPBNE  R4, $0, chacha
+
+	VSTEF $0, CTR, (R7)
+	RET
diff --git a/vendor/golang.org/x/crypto/chacha20/xor.go b/vendor/golang.org/x/crypto/chacha20/xor.go
new file mode 100644
index 000000000..c2d04851e
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/xor.go
@@ -0,0 +1,42 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found src the LICENSE file.
+
+package chacha20
+
+import "runtime"
+
+// Platforms that have fast unaligned 32-bit little endian accesses.
+const unaligned = runtime.GOARCH == "386" ||
+	runtime.GOARCH == "amd64" ||
+	runtime.GOARCH == "arm64" ||
+	runtime.GOARCH == "ppc64le" ||
+	runtime.GOARCH == "s390x"
+
+// addXor reads a little endian uint32 from src, XORs it with (a + b) and
+// places the result in little endian byte order in dst.
+func addXor(dst, src []byte, a, b uint32) {
+	_, _ = src[3], dst[3] // bounds check elimination hint
+	if unaligned {
+		// The compiler should optimize this code into
+		// 32-bit unaligned little endian loads and stores.
+		// TODO: delete once the compiler does a reliably
+		// good job with the generic code below.
+		// See issue #25111 for more details.
+		v := uint32(src[0])
+		v |= uint32(src[1]) << 8
+		v |= uint32(src[2]) << 16
+		v |= uint32(src[3]) << 24
+		v ^= a + b
+		dst[0] = byte(v)
+		dst[1] = byte(v >> 8)
+		dst[2] = byte(v >> 16)
+		dst[3] = byte(v >> 24)
+	} else {
+		a += b
+		dst[0] = src[0] ^ byte(a)
+		dst[1] = src[1] ^ byte(a>>8)
+		dst[2] = src[2] ^ byte(a>>16)
+		dst[3] = src[3] ^ byte(a>>24)
+	}
+}
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go
new file mode 100644
index 000000000..93da7322b
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go
@@ -0,0 +1,98 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package chacha20poly1305 implements the ChaCha20-Poly1305 AEAD and its
+// extended nonce variant XChaCha20-Poly1305, as specified in RFC 8439 and
+// draft-irtf-cfrg-xchacha-01.
+package chacha20poly1305 // import "golang.org/x/crypto/chacha20poly1305"
+
+import (
+	"crypto/cipher"
+	"errors"
+)
+
+const (
+	// KeySize is the size of the key used by this AEAD, in bytes.
+	KeySize = 32
+
+	// NonceSize is the size of the nonce used with the standard variant of this
+	// AEAD, in bytes.
+	//
+	// Note that this is too short to be safely generated at random if the same
+	// key is reused more than 2³² times.
+	NonceSize = 12
+
+	// NonceSizeX is the size of the nonce used with the XChaCha20-Poly1305
+	// variant of this AEAD, in bytes.
+	NonceSizeX = 24
+
+	// Overhead is the size of the Poly1305 authentication tag, and the
+	// difference between a ciphertext length and its plaintext.
+	Overhead = 16
+)
+
+type chacha20poly1305 struct {
+	key [KeySize]byte
+}
+
+// New returns a ChaCha20-Poly1305 AEAD that uses the given 256-bit key.
+func New(key []byte) (cipher.AEAD, error) {
+	if len(key) != KeySize {
+		return nil, errors.New("chacha20poly1305: bad key length")
+	}
+	ret := new(chacha20poly1305)
+	copy(ret.key[:], key)
+	return ret, nil
+}
+
+func (c *chacha20poly1305) NonceSize() int {
+	return NonceSize
+}
+
+func (c *chacha20poly1305) Overhead() int {
+	return Overhead
+}
+
+func (c *chacha20poly1305) Seal(dst, nonce, plaintext, additionalData []byte) []byte {
+	if len(nonce) != NonceSize {
+		panic("chacha20poly1305: bad nonce length passed to Seal")
+	}
+
+	if uint64(len(plaintext)) > (1<<38)-64 {
+		panic("chacha20poly1305: plaintext too large")
+	}
+
+	return c.seal(dst, nonce, plaintext, additionalData)
+}
+
+var errOpen = errors.New("chacha20poly1305: message authentication failed")
+
+func (c *chacha20poly1305) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
+	if len(nonce) != NonceSize {
+		panic("chacha20poly1305: bad nonce length passed to Open")
+	}
+	if len(ciphertext) < 16 {
+		return nil, errOpen
+	}
+	if uint64(len(ciphertext)) > (1<<38)-48 {
+		panic("chacha20poly1305: ciphertext too large")
+	}
+
+	return c.open(dst, nonce, ciphertext, additionalData)
+}
+
+// sliceForAppend takes a slice and a requested number of bytes. It returns a
+// slice with the contents of the given slice followed by that many bytes and a
+// second slice that aliases into it and contains only the extra bytes. If the
+// original slice has sufficient capacity then no allocation is performed.
+func sliceForAppend(in []byte, n int) (head, tail []byte) {
+	if total := len(in) + n; cap(in) >= total {
+		head = in[:total]
+	} else {
+		head = make([]byte, total)
+		copy(head, in)
+	}
+	tail = head[len(in):]
+	return
+}
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go
new file mode 100644
index 000000000..0c408c570
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go
@@ -0,0 +1,87 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+package chacha20poly1305
+
+import (
+	"encoding/binary"
+
+	"golang.org/x/crypto/internal/alias"
+	"golang.org/x/sys/cpu"
+)
+
+//go:noescape
+func chacha20Poly1305Open(dst []byte, key []uint32, src, ad []byte) bool
+
+//go:noescape
+func chacha20Poly1305Seal(dst []byte, key []uint32, src, ad []byte)
+
+var (
+	useAVX2 = cpu.X86.HasAVX2 && cpu.X86.HasBMI2
+)
+
+// setupState writes a ChaCha20 input matrix to state. See
+// https://tools.ietf.org/html/rfc7539#section-2.3.
+func setupState(state *[16]uint32, key *[32]byte, nonce []byte) {
+	state[0] = 0x61707865
+	state[1] = 0x3320646e
+	state[2] = 0x79622d32
+	state[3] = 0x6b206574
+
+	state[4] = binary.LittleEndian.Uint32(key[0:4])
+	state[5] = binary.LittleEndian.Uint32(key[4:8])
+	state[6] = binary.LittleEndian.Uint32(key[8:12])
+	state[7] = binary.LittleEndian.Uint32(key[12:16])
+	state[8] = binary.LittleEndian.Uint32(key[16:20])
+	state[9] = binary.LittleEndian.Uint32(key[20:24])
+	state[10] = binary.LittleEndian.Uint32(key[24:28])
+	state[11] = binary.LittleEndian.Uint32(key[28:32])
+
+	state[12] = 0
+	state[13] = binary.LittleEndian.Uint32(nonce[0:4])
+	state[14] = binary.LittleEndian.Uint32(nonce[4:8])
+	state[15] = binary.LittleEndian.Uint32(nonce[8:12])
+}
+
+func (c *chacha20poly1305) seal(dst, nonce, plaintext, additionalData []byte) []byte {
+	if !cpu.X86.HasSSSE3 {
+		return c.sealGeneric(dst, nonce, plaintext, additionalData)
+	}
+
+	var state [16]uint32
+	setupState(&state, &c.key, nonce)
+
+	ret, out := sliceForAppend(dst, len(plaintext)+16)
+	if alias.InexactOverlap(out, plaintext) {
+		panic("chacha20poly1305: invalid buffer overlap")
+	}
+	chacha20Poly1305Seal(out[:], state[:], plaintext, additionalData)
+	return ret
+}
+
+func (c *chacha20poly1305) open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
+	if !cpu.X86.HasSSSE3 {
+		return c.openGeneric(dst, nonce, ciphertext, additionalData)
+	}
+
+	var state [16]uint32
+	setupState(&state, &c.key, nonce)
+
+	ciphertext = ciphertext[:len(ciphertext)-16]
+	ret, out := sliceForAppend(dst, len(ciphertext))
+	if alias.InexactOverlap(out, ciphertext) {
+		panic("chacha20poly1305: invalid buffer overlap")
+	}
+	if !chacha20Poly1305Open(out, state[:], ciphertext, additionalData) {
+		for i := range out {
+			out[i] = 0
+		}
+		return nil, errOpen
+	}
+
+	return ret, nil
+}
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.s b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.s
new file mode 100644
index 000000000..867c181a1
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.s
@@ -0,0 +1,2696 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// This file was originally from https://golang.org/cl/24717 by Vlad Krasnov of CloudFlare.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+#include "textflag.h"
+// General register allocation
+#define oup DI
+#define inp SI
+#define inl BX
+#define adp CX // free to reuse, after we hash the additional data
+#define keyp R8 // free to reuse, when we copy the key to stack
+#define itr2 R9 // general iterator
+#define itr1 CX // general iterator
+#define acc0 R10
+#define acc1 R11
+#define acc2 R12
+#define t0 R13
+#define t1 R14
+#define t2 R15
+#define t3 R8
+// Register and stack allocation for the SSE code
+#define rStore (0*16)(BP)
+#define sStore (1*16)(BP)
+#define state1Store (2*16)(BP)
+#define state2Store (3*16)(BP)
+#define tmpStore (4*16)(BP)
+#define ctr0Store (5*16)(BP)
+#define ctr1Store (6*16)(BP)
+#define ctr2Store (7*16)(BP)
+#define ctr3Store (8*16)(BP)
+#define A0 X0
+#define A1 X1
+#define A2 X2
+#define B0 X3
+#define B1 X4
+#define B2 X5
+#define C0 X6
+#define C1 X7
+#define C2 X8
+#define D0 X9
+#define D1 X10
+#define D2 X11
+#define T0 X12
+#define T1 X13
+#define T2 X14
+#define T3 X15
+#define A3 T0
+#define B3 T1
+#define C3 T2
+#define D3 T3
+// Register and stack allocation for the AVX2 code
+#define rsStoreAVX2 (0*32)(BP)
+#define state1StoreAVX2 (1*32)(BP)
+#define state2StoreAVX2 (2*32)(BP)
+#define ctr0StoreAVX2 (3*32)(BP)
+#define ctr1StoreAVX2 (4*32)(BP)
+#define ctr2StoreAVX2 (5*32)(BP)
+#define ctr3StoreAVX2 (6*32)(BP)
+#define tmpStoreAVX2 (7*32)(BP) // 256 bytes on stack
+#define AA0 Y0
+#define AA1 Y5
+#define AA2 Y6
+#define AA3 Y7
+#define BB0 Y14
+#define BB1 Y9
+#define BB2 Y10
+#define BB3 Y11
+#define CC0 Y12
+#define CC1 Y13
+#define CC2 Y8
+#define CC3 Y15
+#define DD0 Y4
+#define DD1 Y1
+#define DD2 Y2
+#define DD3 Y3
+#define TT0 DD3
+#define TT1 AA3
+#define TT2 BB3
+#define TT3 CC3
+// ChaCha20 constants
+DATA ·chacha20Constants<>+0x00(SB)/4, $0x61707865
+DATA ·chacha20Constants<>+0x04(SB)/4, $0x3320646e
+DATA ·chacha20Constants<>+0x08(SB)/4, $0x79622d32
+DATA ·chacha20Constants<>+0x0c(SB)/4, $0x6b206574
+DATA ·chacha20Constants<>+0x10(SB)/4, $0x61707865
+DATA ·chacha20Constants<>+0x14(SB)/4, $0x3320646e
+DATA ·chacha20Constants<>+0x18(SB)/4, $0x79622d32
+DATA ·chacha20Constants<>+0x1c(SB)/4, $0x6b206574
+// <<< 16 with PSHUFB
+DATA ·rol16<>+0x00(SB)/8, $0x0504070601000302
+DATA ·rol16<>+0x08(SB)/8, $0x0D0C0F0E09080B0A
+DATA ·rol16<>+0x10(SB)/8, $0x0504070601000302
+DATA ·rol16<>+0x18(SB)/8, $0x0D0C0F0E09080B0A
+// <<< 8 with PSHUFB
+DATA ·rol8<>+0x00(SB)/8, $0x0605040702010003
+DATA ·rol8<>+0x08(SB)/8, $0x0E0D0C0F0A09080B
+DATA ·rol8<>+0x10(SB)/8, $0x0605040702010003
+DATA ·rol8<>+0x18(SB)/8, $0x0E0D0C0F0A09080B
+
+DATA ·avx2InitMask<>+0x00(SB)/8, $0x0
+DATA ·avx2InitMask<>+0x08(SB)/8, $0x0
+DATA ·avx2InitMask<>+0x10(SB)/8, $0x1
+DATA ·avx2InitMask<>+0x18(SB)/8, $0x0
+
+DATA ·avx2IncMask<>+0x00(SB)/8, $0x2
+DATA ·avx2IncMask<>+0x08(SB)/8, $0x0
+DATA ·avx2IncMask<>+0x10(SB)/8, $0x2
+DATA ·avx2IncMask<>+0x18(SB)/8, $0x0
+// Poly1305 key clamp
+DATA ·polyClampMask<>+0x00(SB)/8, $0x0FFFFFFC0FFFFFFF
+DATA ·polyClampMask<>+0x08(SB)/8, $0x0FFFFFFC0FFFFFFC
+DATA ·polyClampMask<>+0x10(SB)/8, $0xFFFFFFFFFFFFFFFF
+DATA ·polyClampMask<>+0x18(SB)/8, $0xFFFFFFFFFFFFFFFF
+
+DATA ·sseIncMask<>+0x00(SB)/8, $0x1
+DATA ·sseIncMask<>+0x08(SB)/8, $0x0
+// To load/store the last < 16 bytes in a buffer
+DATA ·andMask<>+0x00(SB)/8, $0x00000000000000ff
+DATA ·andMask<>+0x08(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x10(SB)/8, $0x000000000000ffff
+DATA ·andMask<>+0x18(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x20(SB)/8, $0x0000000000ffffff
+DATA ·andMask<>+0x28(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x30(SB)/8, $0x00000000ffffffff
+DATA ·andMask<>+0x38(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x40(SB)/8, $0x000000ffffffffff
+DATA ·andMask<>+0x48(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x50(SB)/8, $0x0000ffffffffffff
+DATA ·andMask<>+0x58(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x60(SB)/8, $0x00ffffffffffffff
+DATA ·andMask<>+0x68(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x70(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0x78(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x80(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0x88(SB)/8, $0x00000000000000ff
+DATA ·andMask<>+0x90(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0x98(SB)/8, $0x000000000000ffff
+DATA ·andMask<>+0xa0(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0xa8(SB)/8, $0x0000000000ffffff
+DATA ·andMask<>+0xb0(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0xb8(SB)/8, $0x00000000ffffffff
+DATA ·andMask<>+0xc0(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0xc8(SB)/8, $0x000000ffffffffff
+DATA ·andMask<>+0xd0(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0xd8(SB)/8, $0x0000ffffffffffff
+DATA ·andMask<>+0xe0(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0xe8(SB)/8, $0x00ffffffffffffff
+
+GLOBL ·chacha20Constants<>(SB), (NOPTR+RODATA), $32
+GLOBL ·rol16<>(SB), (NOPTR+RODATA), $32
+GLOBL ·rol8<>(SB), (NOPTR+RODATA), $32
+GLOBL ·sseIncMask<>(SB), (NOPTR+RODATA), $16
+GLOBL ·avx2IncMask<>(SB), (NOPTR+RODATA), $32
+GLOBL ·avx2InitMask<>(SB), (NOPTR+RODATA), $32
+GLOBL ·polyClampMask<>(SB), (NOPTR+RODATA), $32
+GLOBL ·andMask<>(SB), (NOPTR+RODATA), $240
+// No PALIGNR in Go ASM yet (but VPALIGNR is present).
+#define shiftB0Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xdb; BYTE $0x04 // PALIGNR $4, X3, X3
+#define shiftB1Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xe4; BYTE $0x04 // PALIGNR $4, X4, X4
+#define shiftB2Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xed; BYTE $0x04 // PALIGNR $4, X5, X5
+#define shiftB3Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xed; BYTE $0x04 // PALIGNR $4, X13, X13
+#define shiftC0Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xf6; BYTE $0x08 // PALIGNR $8, X6, X6
+#define shiftC1Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xff; BYTE $0x08 // PALIGNR $8, X7, X7
+#define shiftC2Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xc0; BYTE $0x08 // PALIGNR $8, X8, X8
+#define shiftC3Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xf6; BYTE $0x08 // PALIGNR $8, X14, X14
+#define shiftD0Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xc9; BYTE $0x0c // PALIGNR $12, X9, X9
+#define shiftD1Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xd2; BYTE $0x0c // PALIGNR $12, X10, X10
+#define shiftD2Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xdb; BYTE $0x0c // PALIGNR $12, X11, X11
+#define shiftD3Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xff; BYTE $0x0c // PALIGNR $12, X15, X15
+#define shiftB0Right BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xdb; BYTE $0x0c // PALIGNR $12, X3, X3
+#define shiftB1Right BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xe4; BYTE $0x0c // PALIGNR $12, X4, X4
+#define shiftB2Right BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xed; BYTE $0x0c // PALIGNR $12, X5, X5
+#define shiftB3Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xed; BYTE $0x0c // PALIGNR $12, X13, X13
+#define shiftC0Right shiftC0Left
+#define shiftC1Right shiftC1Left
+#define shiftC2Right shiftC2Left
+#define shiftC3Right shiftC3Left
+#define shiftD0Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xc9; BYTE $0x04 // PALIGNR $4, X9, X9
+#define shiftD1Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xd2; BYTE $0x04 // PALIGNR $4, X10, X10
+#define shiftD2Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xdb; BYTE $0x04 // PALIGNR $4, X11, X11
+#define shiftD3Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xff; BYTE $0x04 // PALIGNR $4, X15, X15
+// Some macros
+#define chachaQR(A, B, C, D, T) \
+	PADDD B, A; PXOR A, D; PSHUFB ·rol16<>(SB), D                            \
+	PADDD D, C; PXOR C, B; MOVO B, T; PSLLL $12, T; PSRLL $20, B; PXOR T, B \
+	PADDD B, A; PXOR A, D; PSHUFB ·rol8<>(SB), D                             \
+	PADDD D, C; PXOR C, B; MOVO B, T; PSLLL $7, T; PSRLL $25, B; PXOR T, B
+
+#define chachaQR_AVX2(A, B, C, D, T) \
+	VPADDD B, A, A; VPXOR A, D, D; VPSHUFB ·rol16<>(SB), D, D                         \
+	VPADDD D, C, C; VPXOR C, B, B; VPSLLD $12, B, T; VPSRLD $20, B, B; VPXOR T, B, B \
+	VPADDD B, A, A; VPXOR A, D, D; VPSHUFB ·rol8<>(SB), D, D                          \
+	VPADDD D, C, C; VPXOR C, B, B; VPSLLD $7, B, T; VPSRLD $25, B, B; VPXOR T, B, B
+
+#define polyAdd(S) ADDQ S, acc0; ADCQ 8+S, acc1; ADCQ $1, acc2
+#define polyMulStage1 MOVQ (0*8)(BP), AX; MOVQ AX, t2; MULQ acc0; MOVQ AX, t0; MOVQ DX, t1; MOVQ (0*8)(BP), AX; MULQ acc1; IMULQ acc2, t2; ADDQ AX, t1; ADCQ DX, t2
+#define polyMulStage2 MOVQ (1*8)(BP), AX; MOVQ AX, t3; MULQ acc0; ADDQ AX, t1; ADCQ $0, DX; MOVQ DX, acc0; MOVQ (1*8)(BP), AX; MULQ acc1; ADDQ AX, t2; ADCQ $0, DX
+#define polyMulStage3 IMULQ acc2, t3; ADDQ acc0, t2; ADCQ DX, t3
+#define polyMulReduceStage MOVQ t0, acc0; MOVQ t1, acc1; MOVQ t2, acc2; ANDQ $3, acc2; MOVQ t2, t0; ANDQ $-4, t0; MOVQ t3, t1; SHRQ $2, t3, t2; SHRQ $2, t3; ADDQ t0, acc0; ADCQ t1, acc1; ADCQ $0, acc2; ADDQ t2, acc0; ADCQ t3, acc1; ADCQ $0, acc2
+
+#define polyMulStage1_AVX2 MOVQ (0*8)(BP), DX; MOVQ DX, t2; MULXQ acc0, t0, t1; IMULQ acc2, t2; MULXQ acc1, AX, DX; ADDQ AX, t1; ADCQ DX, t2
+#define polyMulStage2_AVX2 MOVQ (1*8)(BP), DX; MULXQ acc0, acc0, AX; ADDQ acc0, t1; MULXQ acc1, acc1, t3; ADCQ acc1, t2; ADCQ $0, t3
+#define polyMulStage3_AVX2 IMULQ acc2, DX; ADDQ AX, t2; ADCQ DX, t3
+
+#define polyMul polyMulStage1; polyMulStage2; polyMulStage3; polyMulReduceStage
+#define polyMulAVX2 polyMulStage1_AVX2; polyMulStage2_AVX2; polyMulStage3_AVX2; polyMulReduceStage
+// ----------------------------------------------------------------------------
+TEXT polyHashADInternal<>(SB), NOSPLIT, $0
+	// adp points to beginning of additional data
+	// itr2 holds ad length
+	XORQ acc0, acc0
+	XORQ acc1, acc1
+	XORQ acc2, acc2
+	CMPQ itr2, $13
+	JNE  hashADLoop
+
+openFastTLSAD:
+	// Special treatment for the TLS case of 13 bytes
+	MOVQ (adp), acc0
+	MOVQ 5(adp), acc1
+	SHRQ $24, acc1
+	MOVQ $1, acc2
+	polyMul
+	RET
+
+hashADLoop:
+	// Hash in 16 byte chunks
+	CMPQ itr2, $16
+	JB   hashADTail
+	polyAdd(0(adp))
+	LEAQ (1*16)(adp), adp
+	SUBQ $16, itr2
+	polyMul
+	JMP  hashADLoop
+
+hashADTail:
+	CMPQ itr2, $0
+	JE   hashADDone
+
+	// Hash last < 16 byte tail
+	XORQ t0, t0
+	XORQ t1, t1
+	XORQ t2, t2
+	ADDQ itr2, adp
+
+hashADTailLoop:
+	SHLQ $8, t0, t1
+	SHLQ $8, t0
+	MOVB -1(adp), t2
+	XORQ t2, t0
+	DECQ adp
+	DECQ itr2
+	JNE  hashADTailLoop
+
+hashADTailFinish:
+	ADDQ t0, acc0; ADCQ t1, acc1; ADCQ $1, acc2
+	polyMul
+
+	// Finished AD
+hashADDone:
+	RET
+
+// ----------------------------------------------------------------------------
+// func chacha20Poly1305Open(dst, key, src, ad []byte) bool
+TEXT ·chacha20Poly1305Open(SB), 0, $288-97
+	// For aligned stack access
+	MOVQ SP, BP
+	ADDQ $32, BP
+	ANDQ $-32, BP
+	MOVQ dst+0(FP), oup
+	MOVQ key+24(FP), keyp
+	MOVQ src+48(FP), inp
+	MOVQ src_len+56(FP), inl
+	MOVQ ad+72(FP), adp
+
+	// Check for AVX2 support
+	CMPB ·useAVX2(SB), $1
+	JE   chacha20Poly1305Open_AVX2
+
+	// Special optimization, for very short buffers
+	CMPQ inl, $128
+	JBE  openSSE128 // About 16% faster
+
+	// For long buffers, prepare the poly key first
+	MOVOU ·chacha20Constants<>(SB), A0
+	MOVOU (1*16)(keyp), B0
+	MOVOU (2*16)(keyp), C0
+	MOVOU (3*16)(keyp), D0
+	MOVO  D0, T1
+
+	// Store state on stack for future use
+	MOVO B0, state1Store
+	MOVO C0, state2Store
+	MOVO D0, ctr3Store
+	MOVQ $10, itr2
+
+openSSEPreparePolyKey:
+	chachaQR(A0, B0, C0, D0, T0)
+	shiftB0Left;  shiftC0Left; shiftD0Left
+	chachaQR(A0, B0, C0, D0, T0)
+	shiftB0Right; shiftC0Right; shiftD0Right
+	DECQ          itr2
+	JNE           openSSEPreparePolyKey
+
+	// A0|B0 hold the Poly1305 32-byte key, C0,D0 can be discarded
+	PADDL ·chacha20Constants<>(SB), A0; PADDL state1Store, B0
+
+	// Clamp and store the key
+	PAND ·polyClampMask<>(SB), A0
+	MOVO A0, rStore; MOVO B0, sStore
+
+	// Hash AAD
+	MOVQ ad_len+80(FP), itr2
+	CALL polyHashADInternal<>(SB)
+
+openSSEMainLoop:
+	CMPQ inl, $256
+	JB   openSSEMainLoopDone
+
+	// Load state, increment counter blocks
+	MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0
+	MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
+	MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
+	MOVO A2, A3; MOVO B2, B3; MOVO C2, C3; MOVO D2, D3; PADDL ·sseIncMask<>(SB), D3
+
+	// Store counters
+	MOVO D0, ctr0Store; MOVO D1, ctr1Store; MOVO D2, ctr2Store; MOVO D3, ctr3Store
+
+	// There are 10 ChaCha20 iterations of 2QR each, so for 6 iterations we hash 2 blocks, and for the remaining 4 only 1 block - for a total of 16
+	MOVQ $4, itr1
+	MOVQ inp, itr2
+
+openSSEInternalLoop:
+	MOVO          C3, tmpStore
+	chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+	MOVO          tmpStore, C3
+	MOVO          C1, tmpStore
+	chachaQR(A3, B3, C3, D3, C1)
+	MOVO          tmpStore, C1
+	polyAdd(0(itr2))
+	shiftB0Left;  shiftB1Left; shiftB2Left; shiftB3Left
+	shiftC0Left;  shiftC1Left; shiftC2Left; shiftC3Left
+	shiftD0Left;  shiftD1Left; shiftD2Left; shiftD3Left
+	polyMulStage1
+	polyMulStage2
+	LEAQ          (2*8)(itr2), itr2
+	MOVO          C3, tmpStore
+	chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+	MOVO          tmpStore, C3
+	MOVO          C1, tmpStore
+	polyMulStage3
+	chachaQR(A3, B3, C3, D3, C1)
+	MOVO          tmpStore, C1
+	polyMulReduceStage
+	shiftB0Right; shiftB1Right; shiftB2Right; shiftB3Right
+	shiftC0Right; shiftC1Right; shiftC2Right; shiftC3Right
+	shiftD0Right; shiftD1Right; shiftD2Right; shiftD3Right
+	DECQ          itr1
+	JGE           openSSEInternalLoop
+
+	polyAdd(0(itr2))
+	polyMul
+	LEAQ (2*8)(itr2), itr2
+
+	CMPQ itr1, $-6
+	JG   openSSEInternalLoop
+
+	// Add in the state
+	PADDD ·chacha20Constants<>(SB), A0; PADDD ·chacha20Constants<>(SB), A1; PADDD ·chacha20Constants<>(SB), A2; PADDD ·chacha20Constants<>(SB), A3
+	PADDD state1Store, B0; PADDD state1Store, B1; PADDD state1Store, B2; PADDD state1Store, B3
+	PADDD state2Store, C0; PADDD state2Store, C1; PADDD state2Store, C2; PADDD state2Store, C3
+	PADDD ctr0Store, D0; PADDD ctr1Store, D1; PADDD ctr2Store, D2; PADDD ctr3Store, D3
+
+	// Load - xor - store
+	MOVO  D3, tmpStore
+	MOVOU (0*16)(inp), D3; PXOR D3, A0; MOVOU A0, (0*16)(oup)
+	MOVOU (1*16)(inp), D3; PXOR D3, B0; MOVOU B0, (1*16)(oup)
+	MOVOU (2*16)(inp), D3; PXOR D3, C0; MOVOU C0, (2*16)(oup)
+	MOVOU (3*16)(inp), D3; PXOR D3, D0; MOVOU D0, (3*16)(oup)
+	MOVOU (4*16)(inp), D0; PXOR D0, A1; MOVOU A1, (4*16)(oup)
+	MOVOU (5*16)(inp), D0; PXOR D0, B1; MOVOU B1, (5*16)(oup)
+	MOVOU (6*16)(inp), D0; PXOR D0, C1; MOVOU C1, (6*16)(oup)
+	MOVOU (7*16)(inp), D0; PXOR D0, D1; MOVOU D1, (7*16)(oup)
+	MOVOU (8*16)(inp), D0; PXOR D0, A2; MOVOU A2, (8*16)(oup)
+	MOVOU (9*16)(inp), D0; PXOR D0, B2; MOVOU B2, (9*16)(oup)
+	MOVOU (10*16)(inp), D0; PXOR D0, C2; MOVOU C2, (10*16)(oup)
+	MOVOU (11*16)(inp), D0; PXOR D0, D2; MOVOU D2, (11*16)(oup)
+	MOVOU (12*16)(inp), D0; PXOR D0, A3; MOVOU A3, (12*16)(oup)
+	MOVOU (13*16)(inp), D0; PXOR D0, B3; MOVOU B3, (13*16)(oup)
+	MOVOU (14*16)(inp), D0; PXOR D0, C3; MOVOU C3, (14*16)(oup)
+	MOVOU (15*16)(inp), D0; PXOR tmpStore, D0; MOVOU D0, (15*16)(oup)
+	LEAQ  256(inp), inp
+	LEAQ  256(oup), oup
+	SUBQ  $256, inl
+	JMP   openSSEMainLoop
+
+openSSEMainLoopDone:
+	// Handle the various tail sizes efficiently
+	TESTQ inl, inl
+	JE    openSSEFinalize
+	CMPQ  inl, $64
+	JBE   openSSETail64
+	CMPQ  inl, $128
+	JBE   openSSETail128
+	CMPQ  inl, $192
+	JBE   openSSETail192
+	JMP   openSSETail256
+
+openSSEFinalize:
+	// Hash in the PT, AAD lengths
+	ADDQ ad_len+80(FP), acc0; ADCQ src_len+56(FP), acc1; ADCQ $1, acc2
+	polyMul
+
+	// Final reduce
+	MOVQ    acc0, t0
+	MOVQ    acc1, t1
+	MOVQ    acc2, t2
+	SUBQ    $-5, acc0
+	SBBQ    $-1, acc1
+	SBBQ    $3, acc2
+	CMOVQCS t0, acc0
+	CMOVQCS t1, acc1
+	CMOVQCS t2, acc2
+
+	// Add in the "s" part of the key
+	ADDQ 0+sStore, acc0
+	ADCQ 8+sStore, acc1
+
+	// Finally, constant time compare to the tag at the end of the message
+	XORQ    AX, AX
+	MOVQ    $1, DX
+	XORQ    (0*8)(inp), acc0
+	XORQ    (1*8)(inp), acc1
+	ORQ     acc1, acc0
+	CMOVQEQ DX, AX
+
+	// Return true iff tags are equal
+	MOVB AX, ret+96(FP)
+	RET
+
+// ----------------------------------------------------------------------------
+// Special optimization for buffers smaller than 129 bytes
+openSSE128:
+	// For up to 128 bytes of ciphertext and 64 bytes for the poly key, we require to process three blocks
+	MOVOU ·chacha20Constants<>(SB), A0; MOVOU (1*16)(keyp), B0; MOVOU (2*16)(keyp), C0; MOVOU (3*16)(keyp), D0
+	MOVO  A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
+	MOVO  A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
+	MOVO  B0, T1; MOVO C0, T2; MOVO D1, T3
+	MOVQ  $10, itr2
+
+openSSE128InnerCipherLoop:
+	chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+	shiftB0Left;  shiftB1Left; shiftB2Left
+	shiftC0Left;  shiftC1Left; shiftC2Left
+	shiftD0Left;  shiftD1Left; shiftD2Left
+	chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+	shiftB0Right; shiftB1Right; shiftB2Right
+	shiftC0Right; shiftC1Right; shiftC2Right
+	shiftD0Right; shiftD1Right; shiftD2Right
+	DECQ          itr2
+	JNE           openSSE128InnerCipherLoop
+
+	// A0|B0 hold the Poly1305 32-byte key, C0,D0 can be discarded
+	PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1; PADDL ·chacha20Constants<>(SB), A2
+	PADDL T1, B0; PADDL T1, B1; PADDL T1, B2
+	PADDL T2, C1; PADDL T2, C2
+	PADDL T3, D1; PADDL ·sseIncMask<>(SB), T3; PADDL T3, D2
+
+	// Clamp and store the key
+	PAND  ·polyClampMask<>(SB), A0
+	MOVOU A0, rStore; MOVOU B0, sStore
+
+	// Hash
+	MOVQ ad_len+80(FP), itr2
+	CALL polyHashADInternal<>(SB)
+
+openSSE128Open:
+	CMPQ inl, $16
+	JB   openSSETail16
+	SUBQ $16, inl
+
+	// Load for hashing
+	polyAdd(0(inp))
+
+	// Load for decryption
+	MOVOU (inp), T0; PXOR T0, A1; MOVOU A1, (oup)
+	LEAQ  (1*16)(inp), inp
+	LEAQ  (1*16)(oup), oup
+	polyMul
+
+	// Shift the stream "left"
+	MOVO B1, A1
+	MOVO C1, B1
+	MOVO D1, C1
+	MOVO A2, D1
+	MOVO B2, A2
+	MOVO C2, B2
+	MOVO D2, C2
+	JMP  openSSE128Open
+
+openSSETail16:
+	TESTQ inl, inl
+	JE    openSSEFinalize
+
+	// We can safely load the CT from the end, because it is padded with the MAC
+	MOVQ   inl, itr2
+	SHLQ   $4, itr2
+	LEAQ   ·andMask<>(SB), t0
+	MOVOU  (inp), T0
+	ADDQ   inl, inp
+	PAND   -16(t0)(itr2*1), T0
+	MOVO   T0, 0+tmpStore
+	MOVQ   T0, t0
+	MOVQ   8+tmpStore, t1
+	PXOR   A1, T0
+
+	// We can only store one byte at a time, since plaintext can be shorter than 16 bytes
+openSSETail16Store:
+	MOVQ T0, t3
+	MOVB t3, (oup)
+	PSRLDQ $1, T0
+	INCQ   oup
+	DECQ   inl
+	JNE    openSSETail16Store
+	ADDQ   t0, acc0; ADCQ t1, acc1; ADCQ $1, acc2
+	polyMul
+	JMP    openSSEFinalize
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 64 bytes of ciphertext
+openSSETail64:
+	// Need to decrypt up to 64 bytes - prepare single block
+	MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr0Store
+	XORQ itr2, itr2
+	MOVQ inl, itr1
+	CMPQ itr1, $16
+	JB   openSSETail64LoopB
+
+openSSETail64LoopA:
+	// Perform ChaCha rounds, while hashing the remaining input
+	polyAdd(0(inp)(itr2*1))
+	polyMul
+	SUBQ $16, itr1
+
+openSSETail64LoopB:
+	ADDQ          $16, itr2
+	chachaQR(A0, B0, C0, D0, T0)
+	shiftB0Left;  shiftC0Left; shiftD0Left
+	chachaQR(A0, B0, C0, D0, T0)
+	shiftB0Right; shiftC0Right; shiftD0Right
+
+	CMPQ itr1, $16
+	JAE  openSSETail64LoopA
+
+	CMPQ itr2, $160
+	JNE  openSSETail64LoopB
+
+	PADDL ·chacha20Constants<>(SB), A0; PADDL state1Store, B0; PADDL state2Store, C0; PADDL ctr0Store, D0
+
+openSSETail64DecLoop:
+	CMPQ  inl, $16
+	JB    openSSETail64DecLoopDone
+	SUBQ  $16, inl
+	MOVOU (inp), T0
+	PXOR  T0, A0
+	MOVOU A0, (oup)
+	LEAQ  16(inp), inp
+	LEAQ  16(oup), oup
+	MOVO  B0, A0
+	MOVO  C0, B0
+	MOVO  D0, C0
+	JMP   openSSETail64DecLoop
+
+openSSETail64DecLoopDone:
+	MOVO A0, A1
+	JMP  openSSETail16
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 128 bytes of ciphertext
+openSSETail128:
+	// Need to decrypt up to 128 bytes - prepare two blocks
+	MOVO ·chacha20Constants<>(SB), A1; MOVO state1Store, B1; MOVO state2Store, C1; MOVO ctr3Store, D1; PADDL ·sseIncMask<>(SB), D1; MOVO D1, ctr0Store
+	MOVO A1, A0; MOVO B1, B0; MOVO C1, C0; MOVO D1, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr1Store
+	XORQ itr2, itr2
+	MOVQ inl, itr1
+	ANDQ $-16, itr1
+
+openSSETail128LoopA:
+	// Perform ChaCha rounds, while hashing the remaining input
+	polyAdd(0(inp)(itr2*1))
+	polyMul
+
+openSSETail128LoopB:
+	ADDQ          $16, itr2
+	chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0)
+	shiftB0Left;  shiftC0Left; shiftD0Left
+	shiftB1Left;  shiftC1Left; shiftD1Left
+	chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0)
+	shiftB0Right; shiftC0Right; shiftD0Right
+	shiftB1Right; shiftC1Right; shiftD1Right
+
+	CMPQ itr2, itr1
+	JB   openSSETail128LoopA
+
+	CMPQ itr2, $160
+	JNE  openSSETail128LoopB
+
+	PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1
+	PADDL state1Store, B0; PADDL state1Store, B1
+	PADDL state2Store, C0; PADDL state2Store, C1
+	PADDL ctr1Store, D0; PADDL ctr0Store, D1
+
+	MOVOU (0*16)(inp), T0; MOVOU (1*16)(inp), T1; MOVOU (2*16)(inp), T2; MOVOU (3*16)(inp), T3
+	PXOR  T0, A1; PXOR T1, B1; PXOR T2, C1; PXOR T3, D1
+	MOVOU A1, (0*16)(oup); MOVOU B1, (1*16)(oup); MOVOU C1, (2*16)(oup); MOVOU D1, (3*16)(oup)
+
+	SUBQ $64, inl
+	LEAQ 64(inp), inp
+	LEAQ 64(oup), oup
+	JMP  openSSETail64DecLoop
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 192 bytes of ciphertext
+openSSETail192:
+	// Need to decrypt up to 192 bytes - prepare three blocks
+	MOVO ·chacha20Constants<>(SB), A2; MOVO state1Store, B2; MOVO state2Store, C2; MOVO ctr3Store, D2; PADDL ·sseIncMask<>(SB), D2; MOVO D2, ctr0Store
+	MOVO A2, A1; MOVO B2, B1; MOVO C2, C1; MOVO D2, D1; PADDL ·sseIncMask<>(SB), D1; MOVO D1, ctr1Store
+	MOVO A1, A0; MOVO B1, B0; MOVO C1, C0; MOVO D1, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr2Store
+
+	MOVQ    inl, itr1
+	MOVQ    $160, itr2
+	CMPQ    itr1, $160
+	CMOVQGT itr2, itr1
+	ANDQ    $-16, itr1
+	XORQ    itr2, itr2
+
+openSSLTail192LoopA:
+	// Perform ChaCha rounds, while hashing the remaining input
+	polyAdd(0(inp)(itr2*1))
+	polyMul
+
+openSSLTail192LoopB:
+	ADDQ         $16, itr2
+	chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+	shiftB0Left; shiftC0Left; shiftD0Left
+	shiftB1Left; shiftC1Left; shiftD1Left
+	shiftB2Left; shiftC2Left; shiftD2Left
+
+	chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+	shiftB0Right; shiftC0Right; shiftD0Right
+	shiftB1Right; shiftC1Right; shiftD1Right
+	shiftB2Right; shiftC2Right; shiftD2Right
+
+	CMPQ itr2, itr1
+	JB   openSSLTail192LoopA
+
+	CMPQ itr2, $160
+	JNE  openSSLTail192LoopB
+
+	CMPQ inl, $176
+	JB   openSSLTail192Store
+
+	polyAdd(160(inp))
+	polyMul
+
+	CMPQ inl, $192
+	JB   openSSLTail192Store
+
+	polyAdd(176(inp))
+	polyMul
+
+openSSLTail192Store:
+	PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1; PADDL ·chacha20Constants<>(SB), A2
+	PADDL state1Store, B0; PADDL state1Store, B1; PADDL state1Store, B2
+	PADDL state2Store, C0; PADDL state2Store, C1; PADDL state2Store, C2
+	PADDL ctr2Store, D0; PADDL ctr1Store, D1; PADDL ctr0Store, D2
+
+	MOVOU (0*16)(inp), T0; MOVOU (1*16)(inp), T1; MOVOU (2*16)(inp), T2; MOVOU (3*16)(inp), T3
+	PXOR  T0, A2; PXOR T1, B2; PXOR T2, C2; PXOR T3, D2
+	MOVOU A2, (0*16)(oup); MOVOU B2, (1*16)(oup); MOVOU C2, (2*16)(oup); MOVOU D2, (3*16)(oup)
+
+	MOVOU (4*16)(inp), T0; MOVOU (5*16)(inp), T1; MOVOU (6*16)(inp), T2; MOVOU (7*16)(inp), T3
+	PXOR  T0, A1; PXOR T1, B1; PXOR T2, C1; PXOR T3, D1
+	MOVOU A1, (4*16)(oup); MOVOU B1, (5*16)(oup); MOVOU C1, (6*16)(oup); MOVOU D1, (7*16)(oup)
+
+	SUBQ $128, inl
+	LEAQ 128(inp), inp
+	LEAQ 128(oup), oup
+	JMP  openSSETail64DecLoop
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 256 bytes of ciphertext
+openSSETail256:
+	// Need to decrypt up to 256 bytes - prepare four blocks
+	MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0
+	MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
+	MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
+	MOVO A2, A3; MOVO B2, B3; MOVO C2, C3; MOVO D2, D3; PADDL ·sseIncMask<>(SB), D3
+
+	// Store counters
+	MOVO D0, ctr0Store; MOVO D1, ctr1Store; MOVO D2, ctr2Store; MOVO D3, ctr3Store
+	XORQ itr2, itr2
+
+openSSETail256Loop:
+	// This loop inteleaves 8 ChaCha quarter rounds with 1 poly multiplication
+	polyAdd(0(inp)(itr2*1))
+	MOVO          C3, tmpStore
+	chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+	MOVO          tmpStore, C3
+	MOVO          C1, tmpStore
+	chachaQR(A3, B3, C3, D3, C1)
+	MOVO          tmpStore, C1
+	shiftB0Left;  shiftB1Left; shiftB2Left; shiftB3Left
+	shiftC0Left;  shiftC1Left; shiftC2Left; shiftC3Left
+	shiftD0Left;  shiftD1Left; shiftD2Left; shiftD3Left
+	polyMulStage1
+	polyMulStage2
+	MOVO          C3, tmpStore
+	chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+	MOVO          tmpStore, C3
+	MOVO          C1, tmpStore
+	chachaQR(A3, B3, C3, D3, C1)
+	MOVO          tmpStore, C1
+	polyMulStage3
+	polyMulReduceStage
+	shiftB0Right; shiftB1Right; shiftB2Right; shiftB3Right
+	shiftC0Right; shiftC1Right; shiftC2Right; shiftC3Right
+	shiftD0Right; shiftD1Right; shiftD2Right; shiftD3Right
+	ADDQ          $2*8, itr2
+	CMPQ          itr2, $160
+	JB            openSSETail256Loop
+	MOVQ          inl, itr1
+	ANDQ          $-16, itr1
+
+openSSETail256HashLoop:
+	polyAdd(0(inp)(itr2*1))
+	polyMul
+	ADDQ $2*8, itr2
+	CMPQ itr2, itr1
+	JB   openSSETail256HashLoop
+
+	// Add in the state
+	PADDD ·chacha20Constants<>(SB), A0; PADDD ·chacha20Constants<>(SB), A1; PADDD ·chacha20Constants<>(SB), A2; PADDD ·chacha20Constants<>(SB), A3
+	PADDD state1Store, B0; PADDD state1Store, B1; PADDD state1Store, B2; PADDD state1Store, B3
+	PADDD state2Store, C0; PADDD state2Store, C1; PADDD state2Store, C2; PADDD state2Store, C3
+	PADDD ctr0Store, D0; PADDD ctr1Store, D1; PADDD ctr2Store, D2; PADDD ctr3Store, D3
+	MOVO  D3, tmpStore
+
+	// Load - xor - store
+	MOVOU (0*16)(inp), D3; PXOR D3, A0
+	MOVOU (1*16)(inp), D3; PXOR D3, B0
+	MOVOU (2*16)(inp), D3; PXOR D3, C0
+	MOVOU (3*16)(inp), D3; PXOR D3, D0
+	MOVOU A0, (0*16)(oup)
+	MOVOU B0, (1*16)(oup)
+	MOVOU C0, (2*16)(oup)
+	MOVOU D0, (3*16)(oup)
+	MOVOU (4*16)(inp), A0; MOVOU (5*16)(inp), B0; MOVOU (6*16)(inp), C0; MOVOU (7*16)(inp), D0
+	PXOR  A0, A1; PXOR B0, B1; PXOR C0, C1; PXOR D0, D1
+	MOVOU A1, (4*16)(oup); MOVOU B1, (5*16)(oup); MOVOU C1, (6*16)(oup); MOVOU D1, (7*16)(oup)
+	MOVOU (8*16)(inp), A0; MOVOU (9*16)(inp), B0; MOVOU (10*16)(inp), C0; MOVOU (11*16)(inp), D0
+	PXOR  A0, A2; PXOR B0, B2; PXOR C0, C2; PXOR D0, D2
+	MOVOU A2, (8*16)(oup); MOVOU B2, (9*16)(oup); MOVOU C2, (10*16)(oup); MOVOU D2, (11*16)(oup)
+	LEAQ  192(inp), inp
+	LEAQ  192(oup), oup
+	SUBQ  $192, inl
+	MOVO  A3, A0
+	MOVO  B3, B0
+	MOVO  C3, C0
+	MOVO  tmpStore, D0
+
+	JMP openSSETail64DecLoop
+
+// ----------------------------------------------------------------------------
+// ------------------------- AVX2 Code ----------------------------------------
+chacha20Poly1305Open_AVX2:
+	VZEROUPPER
+	VMOVDQU ·chacha20Constants<>(SB), AA0
+	BYTE    $0xc4; BYTE $0x42; BYTE $0x7d; BYTE $0x5a; BYTE $0x70; BYTE $0x10 // broadcasti128 16(r8), ymm14
+	BYTE    $0xc4; BYTE $0x42; BYTE $0x7d; BYTE $0x5a; BYTE $0x60; BYTE $0x20 // broadcasti128 32(r8), ymm12
+	BYTE    $0xc4; BYTE $0xc2; BYTE $0x7d; BYTE $0x5a; BYTE $0x60; BYTE $0x30 // broadcasti128 48(r8), ymm4
+	VPADDD  ·avx2InitMask<>(SB), DD0, DD0
+
+	// Special optimization, for very short buffers
+	CMPQ inl, $192
+	JBE  openAVX2192
+	CMPQ inl, $320
+	JBE  openAVX2320
+
+	// For the general key prepare the key first - as a byproduct we have 64 bytes of cipher stream
+	VMOVDQA BB0, state1StoreAVX2
+	VMOVDQA CC0, state2StoreAVX2
+	VMOVDQA DD0, ctr3StoreAVX2
+	MOVQ    $10, itr2
+
+openAVX2PreparePolyKey:
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0)
+	VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $12, DD0, DD0, DD0
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0)
+	VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $4, DD0, DD0, DD0
+	DECQ     itr2
+	JNE      openAVX2PreparePolyKey
+
+	VPADDD ·chacha20Constants<>(SB), AA0, AA0
+	VPADDD state1StoreAVX2, BB0, BB0
+	VPADDD state2StoreAVX2, CC0, CC0
+	VPADDD ctr3StoreAVX2, DD0, DD0
+
+	VPERM2I128 $0x02, AA0, BB0, TT0
+
+	// Clamp and store poly key
+	VPAND   ·polyClampMask<>(SB), TT0, TT0
+	VMOVDQA TT0, rsStoreAVX2
+
+	// Stream for the first 64 bytes
+	VPERM2I128 $0x13, AA0, BB0, AA0
+	VPERM2I128 $0x13, CC0, DD0, BB0
+
+	// Hash AD + first 64 bytes
+	MOVQ ad_len+80(FP), itr2
+	CALL polyHashADInternal<>(SB)
+	XORQ itr1, itr1
+
+openAVX2InitialHash64:
+	polyAdd(0(inp)(itr1*1))
+	polyMulAVX2
+	ADDQ $16, itr1
+	CMPQ itr1, $64
+	JNE  openAVX2InitialHash64
+
+	// Decrypt the first 64 bytes
+	VPXOR   (0*32)(inp), AA0, AA0
+	VPXOR   (1*32)(inp), BB0, BB0
+	VMOVDQU AA0, (0*32)(oup)
+	VMOVDQU BB0, (1*32)(oup)
+	LEAQ    (2*32)(inp), inp
+	LEAQ    (2*32)(oup), oup
+	SUBQ    $64, inl
+
+openAVX2MainLoop:
+	CMPQ inl, $512
+	JB   openAVX2MainLoopDone
+
+	// Load state, increment counter blocks, store the incremented counters
+	VMOVDQU ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
+	VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3
+	VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3
+	VMOVDQA ctr3StoreAVX2, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3
+	VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2
+	XORQ    itr1, itr1
+
+openAVX2InternalLoop:
+	// Lets just say this spaghetti loop interleaves 2 quarter rounds with 3 poly multiplications
+	// Effectively per 512 bytes of stream we hash 480 bytes of ciphertext
+	polyAdd(0*8(inp)(itr1*1))
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	polyMulStage1_AVX2
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+	polyMulStage2_AVX2
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	polyMulStage3_AVX2
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	polyMulReduceStage
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+	polyAdd(2*8(inp)(itr1*1))
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	polyMulStage1_AVX2
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	polyMulStage2_AVX2
+	VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $4, BB3, BB3, BB3
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+	VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2; VPALIGNR $12, DD3, DD3, DD3
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	polyMulStage3_AVX2
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+	polyMulReduceStage
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	polyAdd(4*8(inp)(itr1*1))
+	LEAQ     (6*8)(itr1), itr1
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	polyMulStage1_AVX2
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	polyMulStage2_AVX2
+	VPSHUFB  ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	polyMulStage3_AVX2
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	polyMulReduceStage
+	VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $12, BB3, BB3, BB3
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+	VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2; VPALIGNR $4, DD3, DD3, DD3
+	CMPQ     itr1, $480
+	JNE      openAVX2InternalLoop
+
+	VPADDD  ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3
+	VPADDD  state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3
+	VPADDD  state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3
+	VPADDD  ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3
+	VMOVDQA CC3, tmpStoreAVX2
+
+	// We only hashed 480 of the 512 bytes available - hash the remaining 32 here
+	polyAdd(480(inp))
+	polyMulAVX2
+	VPERM2I128 $0x02, AA0, BB0, CC3; VPERM2I128 $0x13, AA0, BB0, BB0; VPERM2I128 $0x02, CC0, DD0, AA0; VPERM2I128 $0x13, CC0, DD0, CC0
+	VPXOR      (0*32)(inp), CC3, CC3; VPXOR (1*32)(inp), AA0, AA0; VPXOR (2*32)(inp), BB0, BB0; VPXOR (3*32)(inp), CC0, CC0
+	VMOVDQU    CC3, (0*32)(oup); VMOVDQU AA0, (1*32)(oup); VMOVDQU BB0, (2*32)(oup); VMOVDQU CC0, (3*32)(oup)
+	VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
+	VPXOR      (4*32)(inp), AA0, AA0; VPXOR (5*32)(inp), BB0, BB0; VPXOR (6*32)(inp), CC0, CC0; VPXOR (7*32)(inp), DD0, DD0
+	VMOVDQU    AA0, (4*32)(oup); VMOVDQU BB0, (5*32)(oup); VMOVDQU CC0, (6*32)(oup); VMOVDQU DD0, (7*32)(oup)
+
+	// and here
+	polyAdd(496(inp))
+	polyMulAVX2
+	VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0
+	VPXOR      (8*32)(inp), AA0, AA0; VPXOR (9*32)(inp), BB0, BB0; VPXOR (10*32)(inp), CC0, CC0; VPXOR (11*32)(inp), DD0, DD0
+	VMOVDQU    AA0, (8*32)(oup); VMOVDQU BB0, (9*32)(oup); VMOVDQU CC0, (10*32)(oup); VMOVDQU DD0, (11*32)(oup)
+	VPERM2I128 $0x02, AA3, BB3, AA0; VPERM2I128 $0x02, tmpStoreAVX2, DD3, BB0; VPERM2I128 $0x13, AA3, BB3, CC0; VPERM2I128 $0x13, tmpStoreAVX2, DD3, DD0
+	VPXOR      (12*32)(inp), AA0, AA0; VPXOR (13*32)(inp), BB0, BB0; VPXOR (14*32)(inp), CC0, CC0; VPXOR (15*32)(inp), DD0, DD0
+	VMOVDQU    AA0, (12*32)(oup); VMOVDQU BB0, (13*32)(oup); VMOVDQU CC0, (14*32)(oup); VMOVDQU DD0, (15*32)(oup)
+	LEAQ       (32*16)(inp), inp
+	LEAQ       (32*16)(oup), oup
+	SUBQ       $(32*16), inl
+	JMP        openAVX2MainLoop
+
+openAVX2MainLoopDone:
+	// Handle the various tail sizes efficiently
+	TESTQ inl, inl
+	JE    openSSEFinalize
+	CMPQ  inl, $128
+	JBE   openAVX2Tail128
+	CMPQ  inl, $256
+	JBE   openAVX2Tail256
+	CMPQ  inl, $384
+	JBE   openAVX2Tail384
+	JMP   openAVX2Tail512
+
+// ----------------------------------------------------------------------------
+// Special optimization for buffers smaller than 193 bytes
+openAVX2192:
+	// For up to 192 bytes of ciphertext and 64 bytes for the poly key, we process four blocks
+	VMOVDQA AA0, AA1
+	VMOVDQA BB0, BB1
+	VMOVDQA CC0, CC1
+	VPADDD  ·avx2IncMask<>(SB), DD0, DD1
+	VMOVDQA AA0, AA2
+	VMOVDQA BB0, BB2
+	VMOVDQA CC0, CC2
+	VMOVDQA DD0, DD2
+	VMOVDQA DD1, TT3
+	MOVQ    $10, itr2
+
+openAVX2192InnerCipherLoop:
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+	VPALIGNR   $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1
+	VPALIGNR   $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+	VPALIGNR   $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+	VPALIGNR   $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1
+	VPALIGNR   $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+	VPALIGNR   $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1
+	DECQ       itr2
+	JNE        openAVX2192InnerCipherLoop
+	VPADDD     AA2, AA0, AA0; VPADDD AA2, AA1, AA1
+	VPADDD     BB2, BB0, BB0; VPADDD BB2, BB1, BB1
+	VPADDD     CC2, CC0, CC0; VPADDD CC2, CC1, CC1
+	VPADDD     DD2, DD0, DD0; VPADDD TT3, DD1, DD1
+	VPERM2I128 $0x02, AA0, BB0, TT0
+
+	// Clamp and store poly key
+	VPAND   ·polyClampMask<>(SB), TT0, TT0
+	VMOVDQA TT0, rsStoreAVX2
+
+	// Stream for up to 192 bytes
+	VPERM2I128 $0x13, AA0, BB0, AA0
+	VPERM2I128 $0x13, CC0, DD0, BB0
+	VPERM2I128 $0x02, AA1, BB1, CC0
+	VPERM2I128 $0x02, CC1, DD1, DD0
+	VPERM2I128 $0x13, AA1, BB1, AA1
+	VPERM2I128 $0x13, CC1, DD1, BB1
+
+openAVX2ShortOpen:
+	// Hash
+	MOVQ ad_len+80(FP), itr2
+	CALL polyHashADInternal<>(SB)
+
+openAVX2ShortOpenLoop:
+	CMPQ inl, $32
+	JB   openAVX2ShortTail32
+	SUBQ $32, inl
+
+	// Load for hashing
+	polyAdd(0*8(inp))
+	polyMulAVX2
+	polyAdd(2*8(inp))
+	polyMulAVX2
+
+	// Load for decryption
+	VPXOR   (inp), AA0, AA0
+	VMOVDQU AA0, (oup)
+	LEAQ    (1*32)(inp), inp
+	LEAQ    (1*32)(oup), oup
+
+	// Shift stream left
+	VMOVDQA BB0, AA0
+	VMOVDQA CC0, BB0
+	VMOVDQA DD0, CC0
+	VMOVDQA AA1, DD0
+	VMOVDQA BB1, AA1
+	VMOVDQA CC1, BB1
+	VMOVDQA DD1, CC1
+	VMOVDQA AA2, DD1
+	VMOVDQA BB2, AA2
+	JMP     openAVX2ShortOpenLoop
+
+openAVX2ShortTail32:
+	CMPQ    inl, $16
+	VMOVDQA A0, A1
+	JB      openAVX2ShortDone
+
+	SUBQ $16, inl
+
+	// Load for hashing
+	polyAdd(0*8(inp))
+	polyMulAVX2
+
+	// Load for decryption
+	VPXOR      (inp), A0, T0
+	VMOVDQU    T0, (oup)
+	LEAQ       (1*16)(inp), inp
+	LEAQ       (1*16)(oup), oup
+	VPERM2I128 $0x11, AA0, AA0, AA0
+	VMOVDQA    A0, A1
+
+openAVX2ShortDone:
+	VZEROUPPER
+	JMP openSSETail16
+
+// ----------------------------------------------------------------------------
+// Special optimization for buffers smaller than 321 bytes
+openAVX2320:
+	// For up to 320 bytes of ciphertext and 64 bytes for the poly key, we process six blocks
+	VMOVDQA AA0, AA1; VMOVDQA BB0, BB1; VMOVDQA CC0, CC1; VPADDD ·avx2IncMask<>(SB), DD0, DD1
+	VMOVDQA AA0, AA2; VMOVDQA BB0, BB2; VMOVDQA CC0, CC2; VPADDD ·avx2IncMask<>(SB), DD1, DD2
+	VMOVDQA BB0, TT1; VMOVDQA CC0, TT2; VMOVDQA DD0, TT3
+	MOVQ    $10, itr2
+
+openAVX2320InnerCipherLoop:
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+	VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+	VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+	VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+	VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2
+	DECQ     itr2
+	JNE      openAVX2320InnerCipherLoop
+
+	VMOVDQA ·chacha20Constants<>(SB), TT0
+	VPADDD  TT0, AA0, AA0; VPADDD TT0, AA1, AA1; VPADDD TT0, AA2, AA2
+	VPADDD  TT1, BB0, BB0; VPADDD TT1, BB1, BB1; VPADDD TT1, BB2, BB2
+	VPADDD  TT2, CC0, CC0; VPADDD TT2, CC1, CC1; VPADDD TT2, CC2, CC2
+	VMOVDQA ·avx2IncMask<>(SB), TT0
+	VPADDD  TT3, DD0, DD0; VPADDD TT0, TT3, TT3
+	VPADDD  TT3, DD1, DD1; VPADDD TT0, TT3, TT3
+	VPADDD  TT3, DD2, DD2
+
+	// Clamp and store poly key
+	VPERM2I128 $0x02, AA0, BB0, TT0
+	VPAND      ·polyClampMask<>(SB), TT0, TT0
+	VMOVDQA    TT0, rsStoreAVX2
+
+	// Stream for up to 320 bytes
+	VPERM2I128 $0x13, AA0, BB0, AA0
+	VPERM2I128 $0x13, CC0, DD0, BB0
+	VPERM2I128 $0x02, AA1, BB1, CC0
+	VPERM2I128 $0x02, CC1, DD1, DD0
+	VPERM2I128 $0x13, AA1, BB1, AA1
+	VPERM2I128 $0x13, CC1, DD1, BB1
+	VPERM2I128 $0x02, AA2, BB2, CC1
+	VPERM2I128 $0x02, CC2, DD2, DD1
+	VPERM2I128 $0x13, AA2, BB2, AA2
+	VPERM2I128 $0x13, CC2, DD2, BB2
+	JMP        openAVX2ShortOpen
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 128 bytes of ciphertext
+openAVX2Tail128:
+	// Need to decrypt up to 128 bytes - prepare two blocks
+	VMOVDQA ·chacha20Constants<>(SB), AA1
+	VMOVDQA state1StoreAVX2, BB1
+	VMOVDQA state2StoreAVX2, CC1
+	VMOVDQA ctr3StoreAVX2, DD1
+	VPADDD  ·avx2IncMask<>(SB), DD1, DD1
+	VMOVDQA DD1, DD0
+
+	XORQ  itr2, itr2
+	MOVQ  inl, itr1
+	ANDQ  $-16, itr1
+	TESTQ itr1, itr1
+	JE    openAVX2Tail128LoopB
+
+openAVX2Tail128LoopA:
+	// Perform ChaCha rounds, while hashing the remaining input
+	polyAdd(0(inp)(itr2*1))
+	polyMulAVX2
+
+openAVX2Tail128LoopB:
+	ADDQ     $16, itr2
+	chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+	VPALIGNR $4, BB1, BB1, BB1
+	VPALIGNR $8, CC1, CC1, CC1
+	VPALIGNR $12, DD1, DD1, DD1
+	chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+	VPALIGNR $12, BB1, BB1, BB1
+	VPALIGNR $8, CC1, CC1, CC1
+	VPALIGNR $4, DD1, DD1, DD1
+	CMPQ     itr2, itr1
+	JB       openAVX2Tail128LoopA
+	CMPQ     itr2, $160
+	JNE      openAVX2Tail128LoopB
+
+	VPADDD     ·chacha20Constants<>(SB), AA1, AA1
+	VPADDD     state1StoreAVX2, BB1, BB1
+	VPADDD     state2StoreAVX2, CC1, CC1
+	VPADDD     DD0, DD1, DD1
+	VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
+
+openAVX2TailLoop:
+	CMPQ inl, $32
+	JB   openAVX2Tail
+	SUBQ $32, inl
+
+	// Load for decryption
+	VPXOR   (inp), AA0, AA0
+	VMOVDQU AA0, (oup)
+	LEAQ    (1*32)(inp), inp
+	LEAQ    (1*32)(oup), oup
+	VMOVDQA BB0, AA0
+	VMOVDQA CC0, BB0
+	VMOVDQA DD0, CC0
+	JMP     openAVX2TailLoop
+
+openAVX2Tail:
+	CMPQ    inl, $16
+	VMOVDQA A0, A1
+	JB      openAVX2TailDone
+	SUBQ    $16, inl
+
+	// Load for decryption
+	VPXOR      (inp), A0, T0
+	VMOVDQU    T0, (oup)
+	LEAQ       (1*16)(inp), inp
+	LEAQ       (1*16)(oup), oup
+	VPERM2I128 $0x11, AA0, AA0, AA0
+	VMOVDQA    A0, A1
+
+openAVX2TailDone:
+	VZEROUPPER
+	JMP openSSETail16
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 256 bytes of ciphertext
+openAVX2Tail256:
+	// Need to decrypt up to 256 bytes - prepare four blocks
+	VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1
+	VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1
+	VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1
+	VMOVDQA ctr3StoreAVX2, DD0
+	VPADDD  ·avx2IncMask<>(SB), DD0, DD0
+	VPADDD  ·avx2IncMask<>(SB), DD0, DD1
+	VMOVDQA DD0, TT1
+	VMOVDQA DD1, TT2
+
+	// Compute the number of iterations that will hash data
+	MOVQ    inl, tmpStoreAVX2
+	MOVQ    inl, itr1
+	SUBQ    $128, itr1
+	SHRQ    $4, itr1
+	MOVQ    $10, itr2
+	CMPQ    itr1, $10
+	CMOVQGT itr2, itr1
+	MOVQ    inp, inl
+	XORQ    itr2, itr2
+
+openAVX2Tail256LoopA:
+	polyAdd(0(inl))
+	polyMulAVX2
+	LEAQ 16(inl), inl
+
+	// Perform ChaCha rounds, while hashing the remaining input
+openAVX2Tail256LoopB:
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+	VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+	VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1
+	INCQ     itr2
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+	VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+	VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1
+	CMPQ     itr2, itr1
+	JB       openAVX2Tail256LoopA
+
+	CMPQ itr2, $10
+	JNE  openAVX2Tail256LoopB
+
+	MOVQ inl, itr2
+	SUBQ inp, inl
+	MOVQ inl, itr1
+	MOVQ tmpStoreAVX2, inl
+
+	// Hash the remainder of data (if any)
+openAVX2Tail256Hash:
+	ADDQ $16, itr1
+	CMPQ itr1, inl
+	JGT  openAVX2Tail256HashEnd
+	polyAdd (0(itr2))
+	polyMulAVX2
+	LEAQ 16(itr2), itr2
+	JMP  openAVX2Tail256Hash
+
+// Store 128 bytes safely, then go to store loop
+openAVX2Tail256HashEnd:
+	VPADDD     ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1
+	VPADDD     state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1
+	VPADDD     state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1
+	VPADDD     TT1, DD0, DD0; VPADDD TT2, DD1, DD1
+	VPERM2I128 $0x02, AA0, BB0, AA2; VPERM2I128 $0x02, CC0, DD0, BB2; VPERM2I128 $0x13, AA0, BB0, CC2; VPERM2I128 $0x13, CC0, DD0, DD2
+	VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
+
+	VPXOR   (0*32)(inp), AA2, AA2; VPXOR (1*32)(inp), BB2, BB2; VPXOR (2*32)(inp), CC2, CC2; VPXOR (3*32)(inp), DD2, DD2
+	VMOVDQU AA2, (0*32)(oup); VMOVDQU BB2, (1*32)(oup); VMOVDQU CC2, (2*32)(oup); VMOVDQU DD2, (3*32)(oup)
+	LEAQ    (4*32)(inp), inp
+	LEAQ    (4*32)(oup), oup
+	SUBQ    $4*32, inl
+
+	JMP openAVX2TailLoop
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 384 bytes of ciphertext
+openAVX2Tail384:
+	// Need to decrypt up to 384 bytes - prepare six blocks
+	VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2
+	VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2
+	VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2
+	VMOVDQA ctr3StoreAVX2, DD0
+	VPADDD  ·avx2IncMask<>(SB), DD0, DD0
+	VPADDD  ·avx2IncMask<>(SB), DD0, DD1
+	VPADDD  ·avx2IncMask<>(SB), DD1, DD2
+	VMOVDQA DD0, ctr0StoreAVX2
+	VMOVDQA DD1, ctr1StoreAVX2
+	VMOVDQA DD2, ctr2StoreAVX2
+
+	// Compute the number of iterations that will hash two blocks of data
+	MOVQ    inl, tmpStoreAVX2
+	MOVQ    inl, itr1
+	SUBQ    $256, itr1
+	SHRQ    $4, itr1
+	ADDQ    $6, itr1
+	MOVQ    $10, itr2
+	CMPQ    itr1, $10
+	CMOVQGT itr2, itr1
+	MOVQ    inp, inl
+	XORQ    itr2, itr2
+
+	// Perform ChaCha rounds, while hashing the remaining input
+openAVX2Tail384LoopB:
+	polyAdd(0(inl))
+	polyMulAVX2
+	LEAQ 16(inl), inl
+
+openAVX2Tail384LoopA:
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+	VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+	VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2
+	polyAdd(0(inl))
+	polyMulAVX2
+	LEAQ     16(inl), inl
+	INCQ     itr2
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+	VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+	VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2
+
+	CMPQ itr2, itr1
+	JB   openAVX2Tail384LoopB
+
+	CMPQ itr2, $10
+	JNE  openAVX2Tail384LoopA
+
+	MOVQ inl, itr2
+	SUBQ inp, inl
+	MOVQ inl, itr1
+	MOVQ tmpStoreAVX2, inl
+
+openAVX2Tail384Hash:
+	ADDQ $16, itr1
+	CMPQ itr1, inl
+	JGT  openAVX2Tail384HashEnd
+	polyAdd(0(itr2))
+	polyMulAVX2
+	LEAQ 16(itr2), itr2
+	JMP  openAVX2Tail384Hash
+
+// Store 256 bytes safely, then go to store loop
+openAVX2Tail384HashEnd:
+	VPADDD     ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2
+	VPADDD     state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2
+	VPADDD     state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2
+	VPADDD     ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2
+	VPERM2I128 $0x02, AA0, BB0, TT0; VPERM2I128 $0x02, CC0, DD0, TT1; VPERM2I128 $0x13, AA0, BB0, TT2; VPERM2I128 $0x13, CC0, DD0, TT3
+	VPXOR      (0*32)(inp), TT0, TT0; VPXOR (1*32)(inp), TT1, TT1; VPXOR (2*32)(inp), TT2, TT2; VPXOR (3*32)(inp), TT3, TT3
+	VMOVDQU    TT0, (0*32)(oup); VMOVDQU TT1, (1*32)(oup); VMOVDQU TT2, (2*32)(oup); VMOVDQU TT3, (3*32)(oup)
+	VPERM2I128 $0x02, AA1, BB1, TT0; VPERM2I128 $0x02, CC1, DD1, TT1; VPERM2I128 $0x13, AA1, BB1, TT2; VPERM2I128 $0x13, CC1, DD1, TT3
+	VPXOR      (4*32)(inp), TT0, TT0; VPXOR (5*32)(inp), TT1, TT1; VPXOR (6*32)(inp), TT2, TT2; VPXOR (7*32)(inp), TT3, TT3
+	VMOVDQU    TT0, (4*32)(oup); VMOVDQU TT1, (5*32)(oup); VMOVDQU TT2, (6*32)(oup); VMOVDQU TT3, (7*32)(oup)
+	VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0
+	LEAQ       (8*32)(inp), inp
+	LEAQ       (8*32)(oup), oup
+	SUBQ       $8*32, inl
+	JMP        openAVX2TailLoop
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 512 bytes of ciphertext
+openAVX2Tail512:
+	VMOVDQU ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
+	VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3
+	VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3
+	VMOVDQA ctr3StoreAVX2, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3
+	VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2
+	XORQ    itr1, itr1
+	MOVQ    inp, itr2
+
+openAVX2Tail512LoopB:
+	polyAdd(0(itr2))
+	polyMulAVX2
+	LEAQ (2*8)(itr2), itr2
+
+openAVX2Tail512LoopA:
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	polyAdd(0*8(itr2))
+	polyMulAVX2
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $4, BB3, BB3, BB3
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+	VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2; VPALIGNR $12, DD3, DD3, DD3
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	polyAdd(2*8(itr2))
+	polyMulAVX2
+	LEAQ     (4*8)(itr2), itr2
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $12, BB3, BB3, BB3
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+	VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2; VPALIGNR $4, DD3, DD3, DD3
+	INCQ     itr1
+	CMPQ     itr1, $4
+	JLT      openAVX2Tail512LoopB
+
+	CMPQ itr1, $10
+	JNE  openAVX2Tail512LoopA
+
+	MOVQ inl, itr1
+	SUBQ $384, itr1
+	ANDQ $-16, itr1
+
+openAVX2Tail512HashLoop:
+	TESTQ itr1, itr1
+	JE    openAVX2Tail512HashEnd
+	polyAdd(0(itr2))
+	polyMulAVX2
+	LEAQ  16(itr2), itr2
+	SUBQ  $16, itr1
+	JMP   openAVX2Tail512HashLoop
+
+openAVX2Tail512HashEnd:
+	VPADDD     ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3
+	VPADDD     state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3
+	VPADDD     state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3
+	VPADDD     ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3
+	VMOVDQA    CC3, tmpStoreAVX2
+	VPERM2I128 $0x02, AA0, BB0, CC3; VPERM2I128 $0x13, AA0, BB0, BB0; VPERM2I128 $0x02, CC0, DD0, AA0; VPERM2I128 $0x13, CC0, DD0, CC0
+	VPXOR      (0*32)(inp), CC3, CC3; VPXOR (1*32)(inp), AA0, AA0; VPXOR (2*32)(inp), BB0, BB0; VPXOR (3*32)(inp), CC0, CC0
+	VMOVDQU    CC3, (0*32)(oup); VMOVDQU AA0, (1*32)(oup); VMOVDQU BB0, (2*32)(oup); VMOVDQU CC0, (3*32)(oup)
+	VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
+	VPXOR      (4*32)(inp), AA0, AA0; VPXOR (5*32)(inp), BB0, BB0; VPXOR (6*32)(inp), CC0, CC0; VPXOR (7*32)(inp), DD0, DD0
+	VMOVDQU    AA0, (4*32)(oup); VMOVDQU BB0, (5*32)(oup); VMOVDQU CC0, (6*32)(oup); VMOVDQU DD0, (7*32)(oup)
+	VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0
+	VPXOR      (8*32)(inp), AA0, AA0; VPXOR (9*32)(inp), BB0, BB0; VPXOR (10*32)(inp), CC0, CC0; VPXOR (11*32)(inp), DD0, DD0
+	VMOVDQU    AA0, (8*32)(oup); VMOVDQU BB0, (9*32)(oup); VMOVDQU CC0, (10*32)(oup); VMOVDQU DD0, (11*32)(oup)
+	VPERM2I128 $0x02, AA3, BB3, AA0; VPERM2I128 $0x02, tmpStoreAVX2, DD3, BB0; VPERM2I128 $0x13, AA3, BB3, CC0; VPERM2I128 $0x13, tmpStoreAVX2, DD3, DD0
+
+	LEAQ (12*32)(inp), inp
+	LEAQ (12*32)(oup), oup
+	SUBQ $12*32, inl
+
+	JMP openAVX2TailLoop
+
+// ----------------------------------------------------------------------------
+// ----------------------------------------------------------------------------
+// func chacha20Poly1305Seal(dst, key, src, ad []byte)
+TEXT ·chacha20Poly1305Seal(SB), 0, $288-96
+	// For aligned stack access
+	MOVQ SP, BP
+	ADDQ $32, BP
+	ANDQ $-32, BP
+	MOVQ dst+0(FP), oup
+	MOVQ key+24(FP), keyp
+	MOVQ src+48(FP), inp
+	MOVQ src_len+56(FP), inl
+	MOVQ ad+72(FP), adp
+
+	CMPB ·useAVX2(SB), $1
+	JE   chacha20Poly1305Seal_AVX2
+
+	// Special optimization, for very short buffers
+	CMPQ inl, $128
+	JBE  sealSSE128 // About 15% faster
+
+	// In the seal case - prepare the poly key + 3 blocks of stream in the first iteration
+	MOVOU ·chacha20Constants<>(SB), A0
+	MOVOU (1*16)(keyp), B0
+	MOVOU (2*16)(keyp), C0
+	MOVOU (3*16)(keyp), D0
+
+	// Store state on stack for future use
+	MOVO B0, state1Store
+	MOVO C0, state2Store
+
+	// Load state, increment counter blocks
+	MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
+	MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
+	MOVO A2, A3; MOVO B2, B3; MOVO C2, C3; MOVO D2, D3; PADDL ·sseIncMask<>(SB), D3
+
+	// Store counters
+	MOVO D0, ctr0Store; MOVO D1, ctr1Store; MOVO D2, ctr2Store; MOVO D3, ctr3Store
+	MOVQ $10, itr2
+
+sealSSEIntroLoop:
+	MOVO         C3, tmpStore
+	chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+	MOVO         tmpStore, C3
+	MOVO         C1, tmpStore
+	chachaQR(A3, B3, C3, D3, C1)
+	MOVO         tmpStore, C1
+	shiftB0Left; shiftB1Left; shiftB2Left; shiftB3Left
+	shiftC0Left; shiftC1Left; shiftC2Left; shiftC3Left
+	shiftD0Left; shiftD1Left; shiftD2Left; shiftD3Left
+
+	MOVO          C3, tmpStore
+	chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+	MOVO          tmpStore, C3
+	MOVO          C1, tmpStore
+	chachaQR(A3, B3, C3, D3, C1)
+	MOVO          tmpStore, C1
+	shiftB0Right; shiftB1Right; shiftB2Right; shiftB3Right
+	shiftC0Right; shiftC1Right; shiftC2Right; shiftC3Right
+	shiftD0Right; shiftD1Right; shiftD2Right; shiftD3Right
+	DECQ          itr2
+	JNE           sealSSEIntroLoop
+
+	// Add in the state
+	PADDD ·chacha20Constants<>(SB), A0; PADDD ·chacha20Constants<>(SB), A1; PADDD ·chacha20Constants<>(SB), A2; PADDD ·chacha20Constants<>(SB), A3
+	PADDD state1Store, B0; PADDD state1Store, B1; PADDD state1Store, B2; PADDD state1Store, B3
+	PADDD state2Store, C1; PADDD state2Store, C2; PADDD state2Store, C3
+	PADDD ctr1Store, D1; PADDD ctr2Store, D2; PADDD ctr3Store, D3
+
+	// Clamp and store the key
+	PAND ·polyClampMask<>(SB), A0
+	MOVO A0, rStore
+	MOVO B0, sStore
+
+	// Hash AAD
+	MOVQ ad_len+80(FP), itr2
+	CALL polyHashADInternal<>(SB)
+
+	MOVOU (0*16)(inp), A0; MOVOU (1*16)(inp), B0; MOVOU (2*16)(inp), C0; MOVOU (3*16)(inp), D0
+	PXOR  A0, A1; PXOR B0, B1; PXOR C0, C1; PXOR D0, D1
+	MOVOU A1, (0*16)(oup); MOVOU B1, (1*16)(oup); MOVOU C1, (2*16)(oup); MOVOU D1, (3*16)(oup)
+	MOVOU (4*16)(inp), A0; MOVOU (5*16)(inp), B0; MOVOU (6*16)(inp), C0; MOVOU (7*16)(inp), D0
+	PXOR  A0, A2; PXOR B0, B2; PXOR C0, C2; PXOR D0, D2
+	MOVOU A2, (4*16)(oup); MOVOU B2, (5*16)(oup); MOVOU C2, (6*16)(oup); MOVOU D2, (7*16)(oup)
+
+	MOVQ $128, itr1
+	SUBQ $128, inl
+	LEAQ 128(inp), inp
+
+	MOVO A3, A1; MOVO B3, B1; MOVO C3, C1; MOVO D3, D1
+
+	CMPQ inl, $64
+	JBE  sealSSE128SealHash
+
+	MOVOU (0*16)(inp), A0; MOVOU (1*16)(inp), B0; MOVOU (2*16)(inp), C0; MOVOU (3*16)(inp), D0
+	PXOR  A0, A3; PXOR B0, B3; PXOR C0, C3; PXOR D0, D3
+	MOVOU A3, (8*16)(oup); MOVOU B3, (9*16)(oup); MOVOU C3, (10*16)(oup); MOVOU D3, (11*16)(oup)
+
+	ADDQ $64, itr1
+	SUBQ $64, inl
+	LEAQ 64(inp), inp
+
+	MOVQ $2, itr1
+	MOVQ $8, itr2
+
+	CMPQ inl, $64
+	JBE  sealSSETail64
+	CMPQ inl, $128
+	JBE  sealSSETail128
+	CMPQ inl, $192
+	JBE  sealSSETail192
+
+sealSSEMainLoop:
+	// Load state, increment counter blocks
+	MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0
+	MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
+	MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
+	MOVO A2, A3; MOVO B2, B3; MOVO C2, C3; MOVO D2, D3; PADDL ·sseIncMask<>(SB), D3
+
+	// Store counters
+	MOVO D0, ctr0Store; MOVO D1, ctr1Store; MOVO D2, ctr2Store; MOVO D3, ctr3Store
+
+sealSSEInnerLoop:
+	MOVO          C3, tmpStore
+	chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+	MOVO          tmpStore, C3
+	MOVO          C1, tmpStore
+	chachaQR(A3, B3, C3, D3, C1)
+	MOVO          tmpStore, C1
+	polyAdd(0(oup))
+	shiftB0Left;  shiftB1Left; shiftB2Left; shiftB3Left
+	shiftC0Left;  shiftC1Left; shiftC2Left; shiftC3Left
+	shiftD0Left;  shiftD1Left; shiftD2Left; shiftD3Left
+	polyMulStage1
+	polyMulStage2
+	LEAQ          (2*8)(oup), oup
+	MOVO          C3, tmpStore
+	chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+	MOVO          tmpStore, C3
+	MOVO          C1, tmpStore
+	polyMulStage3
+	chachaQR(A3, B3, C3, D3, C1)
+	MOVO          tmpStore, C1
+	polyMulReduceStage
+	shiftB0Right; shiftB1Right; shiftB2Right; shiftB3Right
+	shiftC0Right; shiftC1Right; shiftC2Right; shiftC3Right
+	shiftD0Right; shiftD1Right; shiftD2Right; shiftD3Right
+	DECQ          itr2
+	JGE           sealSSEInnerLoop
+	polyAdd(0(oup))
+	polyMul
+	LEAQ          (2*8)(oup), oup
+	DECQ          itr1
+	JG            sealSSEInnerLoop
+
+	// Add in the state
+	PADDD ·chacha20Constants<>(SB), A0; PADDD ·chacha20Constants<>(SB), A1; PADDD ·chacha20Constants<>(SB), A2; PADDD ·chacha20Constants<>(SB), A3
+	PADDD state1Store, B0; PADDD state1Store, B1; PADDD state1Store, B2; PADDD state1Store, B3
+	PADDD state2Store, C0; PADDD state2Store, C1; PADDD state2Store, C2; PADDD state2Store, C3
+	PADDD ctr0Store, D0; PADDD ctr1Store, D1; PADDD ctr2Store, D2; PADDD ctr3Store, D3
+	MOVO  D3, tmpStore
+
+	// Load - xor - store
+	MOVOU (0*16)(inp), D3; PXOR D3, A0
+	MOVOU (1*16)(inp), D3; PXOR D3, B0
+	MOVOU (2*16)(inp), D3; PXOR D3, C0
+	MOVOU (3*16)(inp), D3; PXOR D3, D0
+	MOVOU A0, (0*16)(oup)
+	MOVOU B0, (1*16)(oup)
+	MOVOU C0, (2*16)(oup)
+	MOVOU D0, (3*16)(oup)
+	MOVO  tmpStore, D3
+
+	MOVOU (4*16)(inp), A0; MOVOU (5*16)(inp), B0; MOVOU (6*16)(inp), C0; MOVOU (7*16)(inp), D0
+	PXOR  A0, A1; PXOR B0, B1; PXOR C0, C1; PXOR D0, D1
+	MOVOU A1, (4*16)(oup); MOVOU B1, (5*16)(oup); MOVOU C1, (6*16)(oup); MOVOU D1, (7*16)(oup)
+	MOVOU (8*16)(inp), A0; MOVOU (9*16)(inp), B0; MOVOU (10*16)(inp), C0; MOVOU (11*16)(inp), D0
+	PXOR  A0, A2; PXOR B0, B2; PXOR C0, C2; PXOR D0, D2
+	MOVOU A2, (8*16)(oup); MOVOU B2, (9*16)(oup); MOVOU C2, (10*16)(oup); MOVOU D2, (11*16)(oup)
+	ADDQ  $192, inp
+	MOVQ  $192, itr1
+	SUBQ  $192, inl
+	MOVO  A3, A1
+	MOVO  B3, B1
+	MOVO  C3, C1
+	MOVO  D3, D1
+	CMPQ  inl, $64
+	JBE   sealSSE128SealHash
+	MOVOU (0*16)(inp), A0; MOVOU (1*16)(inp), B0; MOVOU (2*16)(inp), C0; MOVOU (3*16)(inp), D0
+	PXOR  A0, A3; PXOR B0, B3; PXOR C0, C3; PXOR D0, D3
+	MOVOU A3, (12*16)(oup); MOVOU B3, (13*16)(oup); MOVOU C3, (14*16)(oup); MOVOU D3, (15*16)(oup)
+	LEAQ  64(inp), inp
+	SUBQ  $64, inl
+	MOVQ  $6, itr1
+	MOVQ  $4, itr2
+	CMPQ  inl, $192
+	JG    sealSSEMainLoop
+
+	MOVQ  inl, itr1
+	TESTQ inl, inl
+	JE    sealSSE128SealHash
+	MOVQ  $6, itr1
+	CMPQ  inl, $64
+	JBE   sealSSETail64
+	CMPQ  inl, $128
+	JBE   sealSSETail128
+	JMP   sealSSETail192
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 64 bytes of plaintext
+sealSSETail64:
+	// Need to encrypt up to 64 bytes - prepare single block, hash 192 or 256 bytes
+	MOVO  ·chacha20Constants<>(SB), A1
+	MOVO  state1Store, B1
+	MOVO  state2Store, C1
+	MOVO  ctr3Store, D1
+	PADDL ·sseIncMask<>(SB), D1
+	MOVO  D1, ctr0Store
+
+sealSSETail64LoopA:
+	// Perform ChaCha rounds, while hashing the previously encrypted ciphertext
+	polyAdd(0(oup))
+	polyMul
+	LEAQ 16(oup), oup
+
+sealSSETail64LoopB:
+	chachaQR(A1, B1, C1, D1, T1)
+	shiftB1Left;  shiftC1Left; shiftD1Left
+	chachaQR(A1, B1, C1, D1, T1)
+	shiftB1Right; shiftC1Right; shiftD1Right
+	polyAdd(0(oup))
+	polyMul
+	LEAQ          16(oup), oup
+
+	DECQ itr1
+	JG   sealSSETail64LoopA
+
+	DECQ  itr2
+	JGE   sealSSETail64LoopB
+	PADDL ·chacha20Constants<>(SB), A1
+	PADDL state1Store, B1
+	PADDL state2Store, C1
+	PADDL ctr0Store, D1
+
+	JMP sealSSE128Seal
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 128 bytes of plaintext
+sealSSETail128:
+	// Need to encrypt up to 128 bytes - prepare two blocks, hash 192 or 256 bytes
+	MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr0Store
+	MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1; MOVO D1, ctr1Store
+
+sealSSETail128LoopA:
+	// Perform ChaCha rounds, while hashing the previously encrypted ciphertext
+	polyAdd(0(oup))
+	polyMul
+	LEAQ 16(oup), oup
+
+sealSSETail128LoopB:
+	chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0)
+	shiftB0Left;  shiftC0Left; shiftD0Left
+	shiftB1Left;  shiftC1Left; shiftD1Left
+	polyAdd(0(oup))
+	polyMul
+	LEAQ          16(oup), oup
+	chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0)
+	shiftB0Right; shiftC0Right; shiftD0Right
+	shiftB1Right; shiftC1Right; shiftD1Right
+
+	DECQ itr1
+	JG   sealSSETail128LoopA
+
+	DECQ itr2
+	JGE  sealSSETail128LoopB
+
+	PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1
+	PADDL state1Store, B0; PADDL state1Store, B1
+	PADDL state2Store, C0; PADDL state2Store, C1
+	PADDL ctr0Store, D0; PADDL ctr1Store, D1
+
+	MOVOU (0*16)(inp), T0; MOVOU (1*16)(inp), T1; MOVOU (2*16)(inp), T2; MOVOU (3*16)(inp), T3
+	PXOR  T0, A0; PXOR T1, B0; PXOR T2, C0; PXOR T3, D0
+	MOVOU A0, (0*16)(oup); MOVOU B0, (1*16)(oup); MOVOU C0, (2*16)(oup); MOVOU D0, (3*16)(oup)
+
+	MOVQ $64, itr1
+	LEAQ 64(inp), inp
+	SUBQ $64, inl
+
+	JMP sealSSE128SealHash
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 192 bytes of plaintext
+sealSSETail192:
+	// Need to encrypt up to 192 bytes - prepare three blocks, hash 192 or 256 bytes
+	MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr0Store
+	MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1; MOVO D1, ctr1Store
+	MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2; MOVO D2, ctr2Store
+
+sealSSETail192LoopA:
+	// Perform ChaCha rounds, while hashing the previously encrypted ciphertext
+	polyAdd(0(oup))
+	polyMul
+	LEAQ 16(oup), oup
+
+sealSSETail192LoopB:
+	chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+	shiftB0Left; shiftC0Left; shiftD0Left
+	shiftB1Left; shiftC1Left; shiftD1Left
+	shiftB2Left; shiftC2Left; shiftD2Left
+
+	polyAdd(0(oup))
+	polyMul
+	LEAQ 16(oup), oup
+
+	chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+	shiftB0Right; shiftC0Right; shiftD0Right
+	shiftB1Right; shiftC1Right; shiftD1Right
+	shiftB2Right; shiftC2Right; shiftD2Right
+
+	DECQ itr1
+	JG   sealSSETail192LoopA
+
+	DECQ itr2
+	JGE  sealSSETail192LoopB
+
+	PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1; PADDL ·chacha20Constants<>(SB), A2
+	PADDL state1Store, B0; PADDL state1Store, B1; PADDL state1Store, B2
+	PADDL state2Store, C0; PADDL state2Store, C1; PADDL state2Store, C2
+	PADDL ctr0Store, D0; PADDL ctr1Store, D1; PADDL ctr2Store, D2
+
+	MOVOU (0*16)(inp), T0; MOVOU (1*16)(inp), T1; MOVOU (2*16)(inp), T2; MOVOU (3*16)(inp), T3
+	PXOR  T0, A0; PXOR T1, B0; PXOR T2, C0; PXOR T3, D0
+	MOVOU A0, (0*16)(oup); MOVOU B0, (1*16)(oup); MOVOU C0, (2*16)(oup); MOVOU D0, (3*16)(oup)
+	MOVOU (4*16)(inp), T0; MOVOU (5*16)(inp), T1; MOVOU (6*16)(inp), T2; MOVOU (7*16)(inp), T3
+	PXOR  T0, A1; PXOR T1, B1; PXOR T2, C1; PXOR T3, D1
+	MOVOU A1, (4*16)(oup); MOVOU B1, (5*16)(oup); MOVOU C1, (6*16)(oup); MOVOU D1, (7*16)(oup)
+
+	MOVO A2, A1
+	MOVO B2, B1
+	MOVO C2, C1
+	MOVO D2, D1
+	MOVQ $128, itr1
+	LEAQ 128(inp), inp
+	SUBQ $128, inl
+
+	JMP sealSSE128SealHash
+
+// ----------------------------------------------------------------------------
+// Special seal optimization for buffers smaller than 129 bytes
+sealSSE128:
+	// For up to 128 bytes of ciphertext and 64 bytes for the poly key, we require to process three blocks
+	MOVOU ·chacha20Constants<>(SB), A0; MOVOU (1*16)(keyp), B0; MOVOU (2*16)(keyp), C0; MOVOU (3*16)(keyp), D0
+	MOVO  A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
+	MOVO  A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
+	MOVO  B0, T1; MOVO C0, T2; MOVO D1, T3
+	MOVQ  $10, itr2
+
+sealSSE128InnerCipherLoop:
+	chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+	shiftB0Left;  shiftB1Left; shiftB2Left
+	shiftC0Left;  shiftC1Left; shiftC2Left
+	shiftD0Left;  shiftD1Left; shiftD2Left
+	chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+	shiftB0Right; shiftB1Right; shiftB2Right
+	shiftC0Right; shiftC1Right; shiftC2Right
+	shiftD0Right; shiftD1Right; shiftD2Right
+	DECQ          itr2
+	JNE           sealSSE128InnerCipherLoop
+
+	// A0|B0 hold the Poly1305 32-byte key, C0,D0 can be discarded
+	PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1; PADDL ·chacha20Constants<>(SB), A2
+	PADDL T1, B0; PADDL T1, B1; PADDL T1, B2
+	PADDL T2, C1; PADDL T2, C2
+	PADDL T3, D1; PADDL ·sseIncMask<>(SB), T3; PADDL T3, D2
+	PAND  ·polyClampMask<>(SB), A0
+	MOVOU A0, rStore
+	MOVOU B0, sStore
+
+	// Hash
+	MOVQ ad_len+80(FP), itr2
+	CALL polyHashADInternal<>(SB)
+	XORQ itr1, itr1
+
+sealSSE128SealHash:
+	// itr1 holds the number of bytes encrypted but not yet hashed
+	CMPQ itr1, $16
+	JB   sealSSE128Seal
+	polyAdd(0(oup))
+	polyMul
+
+	SUBQ $16, itr1
+	ADDQ $16, oup
+
+	JMP sealSSE128SealHash
+
+sealSSE128Seal:
+	CMPQ inl, $16
+	JB   sealSSETail
+	SUBQ $16, inl
+
+	// Load for decryption
+	MOVOU (inp), T0
+	PXOR  T0, A1
+	MOVOU A1, (oup)
+	LEAQ  (1*16)(inp), inp
+	LEAQ  (1*16)(oup), oup
+
+	// Extract for hashing
+	MOVQ   A1, t0
+	PSRLDQ $8, A1
+	MOVQ A1, t1
+	ADDQ   t0, acc0; ADCQ t1, acc1; ADCQ $1, acc2
+	polyMul
+
+	// Shift the stream "left"
+	MOVO B1, A1
+	MOVO C1, B1
+	MOVO D1, C1
+	MOVO A2, D1
+	MOVO B2, A2
+	MOVO C2, B2
+	MOVO D2, C2
+	JMP  sealSSE128Seal
+
+sealSSETail:
+	TESTQ inl, inl
+	JE    sealSSEFinalize
+
+	// We can only load the PT one byte at a time to avoid read after end of buffer
+	MOVQ inl, itr2
+	SHLQ $4, itr2
+	LEAQ ·andMask<>(SB), t0
+	MOVQ inl, itr1
+	LEAQ -1(inp)(inl*1), inp
+	XORQ t2, t2
+	XORQ t3, t3
+	XORQ AX, AX
+
+sealSSETailLoadLoop:
+	SHLQ $8, t2, t3
+	SHLQ $8, t2
+	MOVB (inp), AX
+	XORQ AX, t2
+	LEAQ   -1(inp), inp
+	DECQ   itr1
+	JNE    sealSSETailLoadLoop
+	MOVQ t2, 0+tmpStore
+	MOVQ t3, 8+tmpStore
+	PXOR 0+tmpStore, A1
+	MOVOU  A1, (oup)
+	MOVOU  -16(t0)(itr2*1), T0
+	PAND   T0, A1
+	MOVQ   A1, t0
+	PSRLDQ $8, A1
+	MOVQ   A1, t1
+	ADDQ   t0, acc0; ADCQ t1, acc1; ADCQ $1, acc2
+	polyMul
+
+	ADDQ inl, oup
+
+sealSSEFinalize:
+	// Hash in the buffer lengths
+	ADDQ ad_len+80(FP), acc0
+	ADCQ src_len+56(FP), acc1
+	ADCQ $1, acc2
+	polyMul
+
+	// Final reduce
+	MOVQ    acc0, t0
+	MOVQ    acc1, t1
+	MOVQ    acc2, t2
+	SUBQ    $-5, acc0
+	SBBQ    $-1, acc1
+	SBBQ    $3, acc2
+	CMOVQCS t0, acc0
+	CMOVQCS t1, acc1
+	CMOVQCS t2, acc2
+
+	// Add in the "s" part of the key
+	ADDQ 0+sStore, acc0
+	ADCQ 8+sStore, acc1
+
+	// Finally store the tag at the end of the message
+	MOVQ acc0, (0*8)(oup)
+	MOVQ acc1, (1*8)(oup)
+	RET
+
+// ----------------------------------------------------------------------------
+// ------------------------- AVX2 Code ----------------------------------------
+chacha20Poly1305Seal_AVX2:
+	VZEROUPPER
+	VMOVDQU ·chacha20Constants<>(SB), AA0
+	BYTE    $0xc4; BYTE $0x42; BYTE $0x7d; BYTE $0x5a; BYTE $0x70; BYTE $0x10 // broadcasti128 16(r8), ymm14
+	BYTE    $0xc4; BYTE $0x42; BYTE $0x7d; BYTE $0x5a; BYTE $0x60; BYTE $0x20 // broadcasti128 32(r8), ymm12
+	BYTE    $0xc4; BYTE $0xc2; BYTE $0x7d; BYTE $0x5a; BYTE $0x60; BYTE $0x30 // broadcasti128 48(r8), ymm4
+	VPADDD  ·avx2InitMask<>(SB), DD0, DD0
+
+	// Special optimizations, for very short buffers
+	CMPQ inl, $192
+	JBE  seal192AVX2 // 33% faster
+	CMPQ inl, $320
+	JBE  seal320AVX2 // 17% faster
+
+	// For the general key prepare the key first - as a byproduct we have 64 bytes of cipher stream
+	VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
+	VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3; VMOVDQA BB0, state1StoreAVX2
+	VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3; VMOVDQA CC0, state2StoreAVX2
+	VPADDD  ·avx2IncMask<>(SB), DD0, DD1; VMOVDQA DD0, ctr0StoreAVX2
+	VPADDD  ·avx2IncMask<>(SB), DD1, DD2; VMOVDQA DD1, ctr1StoreAVX2
+	VPADDD  ·avx2IncMask<>(SB), DD2, DD3; VMOVDQA DD2, ctr2StoreAVX2
+	VMOVDQA DD3, ctr3StoreAVX2
+	MOVQ    $10, itr2
+
+sealAVX2IntroLoop:
+	VMOVDQA CC3, tmpStoreAVX2
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, CC3); chachaQR_AVX2(AA1, BB1, CC1, DD1, CC3); chachaQR_AVX2(AA2, BB2, CC2, DD2, CC3)
+	VMOVDQA tmpStoreAVX2, CC3
+	VMOVDQA CC1, tmpStoreAVX2
+	chachaQR_AVX2(AA3, BB3, CC3, DD3, CC1)
+	VMOVDQA tmpStoreAVX2, CC1
+
+	VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $12, DD0, DD0, DD0
+	VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $12, DD1, DD1, DD1
+	VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $12, DD2, DD2, DD2
+	VPALIGNR $4, BB3, BB3, BB3; VPALIGNR $8, CC3, CC3, CC3; VPALIGNR $12, DD3, DD3, DD3
+
+	VMOVDQA CC3, tmpStoreAVX2
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, CC3); chachaQR_AVX2(AA1, BB1, CC1, DD1, CC3); chachaQR_AVX2(AA2, BB2, CC2, DD2, CC3)
+	VMOVDQA tmpStoreAVX2, CC3
+	VMOVDQA CC1, tmpStoreAVX2
+	chachaQR_AVX2(AA3, BB3, CC3, DD3, CC1)
+	VMOVDQA tmpStoreAVX2, CC1
+
+	VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $4, DD0, DD0, DD0
+	VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $4, DD1, DD1, DD1
+	VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $4, DD2, DD2, DD2
+	VPALIGNR $12, BB3, BB3, BB3; VPALIGNR $8, CC3, CC3, CC3; VPALIGNR $4, DD3, DD3, DD3
+	DECQ     itr2
+	JNE      sealAVX2IntroLoop
+
+	VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3
+	VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3
+	VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3
+	VPADDD ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3
+
+	VPERM2I128 $0x13, CC0, DD0, CC0 // Stream bytes 96 - 127
+	VPERM2I128 $0x02, AA0, BB0, DD0 // The Poly1305 key
+	VPERM2I128 $0x13, AA0, BB0, AA0 // Stream bytes 64 - 95
+
+	// Clamp and store poly key
+	VPAND   ·polyClampMask<>(SB), DD0, DD0
+	VMOVDQA DD0, rsStoreAVX2
+
+	// Hash AD
+	MOVQ ad_len+80(FP), itr2
+	CALL polyHashADInternal<>(SB)
+
+	// Can store at least 320 bytes
+	VPXOR   (0*32)(inp), AA0, AA0
+	VPXOR   (1*32)(inp), CC0, CC0
+	VMOVDQU AA0, (0*32)(oup)
+	VMOVDQU CC0, (1*32)(oup)
+
+	VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
+	VPXOR      (2*32)(inp), AA0, AA0; VPXOR (3*32)(inp), BB0, BB0; VPXOR (4*32)(inp), CC0, CC0; VPXOR (5*32)(inp), DD0, DD0
+	VMOVDQU    AA0, (2*32)(oup); VMOVDQU BB0, (3*32)(oup); VMOVDQU CC0, (4*32)(oup); VMOVDQU DD0, (5*32)(oup)
+	VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0
+	VPXOR      (6*32)(inp), AA0, AA0; VPXOR (7*32)(inp), BB0, BB0; VPXOR (8*32)(inp), CC0, CC0; VPXOR (9*32)(inp), DD0, DD0
+	VMOVDQU    AA0, (6*32)(oup); VMOVDQU BB0, (7*32)(oup); VMOVDQU CC0, (8*32)(oup); VMOVDQU DD0, (9*32)(oup)
+
+	MOVQ $320, itr1
+	SUBQ $320, inl
+	LEAQ 320(inp), inp
+
+	VPERM2I128 $0x02, AA3, BB3, AA0; VPERM2I128 $0x02, CC3, DD3, BB0; VPERM2I128 $0x13, AA3, BB3, CC0; VPERM2I128 $0x13, CC3, DD3, DD0
+	CMPQ       inl, $128
+	JBE        sealAVX2SealHash
+
+	VPXOR   (0*32)(inp), AA0, AA0; VPXOR (1*32)(inp), BB0, BB0; VPXOR (2*32)(inp), CC0, CC0; VPXOR (3*32)(inp), DD0, DD0
+	VMOVDQU AA0, (10*32)(oup); VMOVDQU BB0, (11*32)(oup); VMOVDQU CC0, (12*32)(oup); VMOVDQU DD0, (13*32)(oup)
+	SUBQ    $128, inl
+	LEAQ    128(inp), inp
+
+	MOVQ $8, itr1
+	MOVQ $2, itr2
+
+	CMPQ inl, $128
+	JBE  sealAVX2Tail128
+	CMPQ inl, $256
+	JBE  sealAVX2Tail256
+	CMPQ inl, $384
+	JBE  sealAVX2Tail384
+	CMPQ inl, $512
+	JBE  sealAVX2Tail512
+
+	// We have 448 bytes to hash, but main loop hashes 512 bytes at a time - perform some rounds, before the main loop
+	VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
+	VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3
+	VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3
+	VMOVDQA ctr3StoreAVX2, DD0
+	VPADDD  ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3
+	VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2
+
+	VMOVDQA CC3, tmpStoreAVX2
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, CC3); chachaQR_AVX2(AA1, BB1, CC1, DD1, CC3); chachaQR_AVX2(AA2, BB2, CC2, DD2, CC3)
+	VMOVDQA tmpStoreAVX2, CC3
+	VMOVDQA CC1, tmpStoreAVX2
+	chachaQR_AVX2(AA3, BB3, CC3, DD3, CC1)
+	VMOVDQA tmpStoreAVX2, CC1
+
+	VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $12, DD0, DD0, DD0
+	VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $12, DD1, DD1, DD1
+	VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $12, DD2, DD2, DD2
+	VPALIGNR $4, BB3, BB3, BB3; VPALIGNR $8, CC3, CC3, CC3; VPALIGNR $12, DD3, DD3, DD3
+
+	VMOVDQA CC3, tmpStoreAVX2
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, CC3); chachaQR_AVX2(AA1, BB1, CC1, DD1, CC3); chachaQR_AVX2(AA2, BB2, CC2, DD2, CC3)
+	VMOVDQA tmpStoreAVX2, CC3
+	VMOVDQA CC1, tmpStoreAVX2
+	chachaQR_AVX2(AA3, BB3, CC3, DD3, CC1)
+	VMOVDQA tmpStoreAVX2, CC1
+
+	VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $4, DD0, DD0, DD0
+	VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $4, DD1, DD1, DD1
+	VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $4, DD2, DD2, DD2
+	VPALIGNR $12, BB3, BB3, BB3; VPALIGNR $8, CC3, CC3, CC3; VPALIGNR $4, DD3, DD3, DD3
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+
+	SUBQ $16, oup                  // Adjust the pointer
+	MOVQ $9, itr1
+	JMP  sealAVX2InternalLoopStart
+
+sealAVX2MainLoop:
+	// Load state, increment counter blocks, store the incremented counters
+	VMOVDQU ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
+	VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3
+	VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3
+	VMOVDQA ctr3StoreAVX2, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3
+	VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2
+	MOVQ    $10, itr1
+
+sealAVX2InternalLoop:
+	polyAdd(0*8(oup))
+	VPADDD  BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	polyMulStage1_AVX2
+	VPXOR   AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+	polyMulStage2_AVX2
+	VPADDD  DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	VPXOR   CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	polyMulStage3_AVX2
+	VMOVDQA CC3, tmpStoreAVX2
+	VPSLLD  $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD  $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD  $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD  $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA tmpStoreAVX2, CC3
+	polyMulReduceStage
+
+sealAVX2InternalLoopStart:
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+	polyAdd(2*8(oup))
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	polyMulStage1_AVX2
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	polyMulStage2_AVX2
+	VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $4, BB3, BB3, BB3
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+	VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2; VPALIGNR $12, DD3, DD3, DD3
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	polyMulStage3_AVX2
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+	polyMulReduceStage
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	polyAdd(4*8(oup))
+	LEAQ     (6*8)(oup), oup
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	polyMulStage1_AVX2
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	polyMulStage2_AVX2
+	VPSHUFB  ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	polyMulStage3_AVX2
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	polyMulReduceStage
+	VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $12, BB3, BB3, BB3
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+	VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2; VPALIGNR $4, DD3, DD3, DD3
+	DECQ     itr1
+	JNE      sealAVX2InternalLoop
+
+	VPADDD  ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3
+	VPADDD  state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3
+	VPADDD  state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3
+	VPADDD  ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3
+	VMOVDQA CC3, tmpStoreAVX2
+
+	// We only hashed 480 of the 512 bytes available - hash the remaining 32 here
+	polyAdd(0*8(oup))
+	polyMulAVX2
+	LEAQ       (4*8)(oup), oup
+	VPERM2I128 $0x02, AA0, BB0, CC3; VPERM2I128 $0x13, AA0, BB0, BB0; VPERM2I128 $0x02, CC0, DD0, AA0; VPERM2I128 $0x13, CC0, DD0, CC0
+	VPXOR      (0*32)(inp), CC3, CC3; VPXOR (1*32)(inp), AA0, AA0; VPXOR (2*32)(inp), BB0, BB0; VPXOR (3*32)(inp), CC0, CC0
+	VMOVDQU    CC3, (0*32)(oup); VMOVDQU AA0, (1*32)(oup); VMOVDQU BB0, (2*32)(oup); VMOVDQU CC0, (3*32)(oup)
+	VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
+	VPXOR      (4*32)(inp), AA0, AA0; VPXOR (5*32)(inp), BB0, BB0; VPXOR (6*32)(inp), CC0, CC0; VPXOR (7*32)(inp), DD0, DD0
+	VMOVDQU    AA0, (4*32)(oup); VMOVDQU BB0, (5*32)(oup); VMOVDQU CC0, (6*32)(oup); VMOVDQU DD0, (7*32)(oup)
+
+	// and here
+	polyAdd(-2*8(oup))
+	polyMulAVX2
+	VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0
+	VPXOR      (8*32)(inp), AA0, AA0; VPXOR (9*32)(inp), BB0, BB0; VPXOR (10*32)(inp), CC0, CC0; VPXOR (11*32)(inp), DD0, DD0
+	VMOVDQU    AA0, (8*32)(oup); VMOVDQU BB0, (9*32)(oup); VMOVDQU CC0, (10*32)(oup); VMOVDQU DD0, (11*32)(oup)
+	VPERM2I128 $0x02, AA3, BB3, AA0; VPERM2I128 $0x02, tmpStoreAVX2, DD3, BB0; VPERM2I128 $0x13, AA3, BB3, CC0; VPERM2I128 $0x13, tmpStoreAVX2, DD3, DD0
+	VPXOR      (12*32)(inp), AA0, AA0; VPXOR (13*32)(inp), BB0, BB0; VPXOR (14*32)(inp), CC0, CC0; VPXOR (15*32)(inp), DD0, DD0
+	VMOVDQU    AA0, (12*32)(oup); VMOVDQU BB0, (13*32)(oup); VMOVDQU CC0, (14*32)(oup); VMOVDQU DD0, (15*32)(oup)
+	LEAQ       (32*16)(inp), inp
+	SUBQ       $(32*16), inl
+	CMPQ       inl, $512
+	JG         sealAVX2MainLoop
+
+	// Tail can only hash 480 bytes
+	polyAdd(0*8(oup))
+	polyMulAVX2
+	polyAdd(2*8(oup))
+	polyMulAVX2
+	LEAQ 32(oup), oup
+
+	MOVQ $10, itr1
+	MOVQ $0, itr2
+	CMPQ inl, $128
+	JBE  sealAVX2Tail128
+	CMPQ inl, $256
+	JBE  sealAVX2Tail256
+	CMPQ inl, $384
+	JBE  sealAVX2Tail384
+	JMP  sealAVX2Tail512
+
+// ----------------------------------------------------------------------------
+// Special optimization for buffers smaller than 193 bytes
+seal192AVX2:
+	// For up to 192 bytes of ciphertext and 64 bytes for the poly key, we process four blocks
+	VMOVDQA AA0, AA1
+	VMOVDQA BB0, BB1
+	VMOVDQA CC0, CC1
+	VPADDD  ·avx2IncMask<>(SB), DD0, DD1
+	VMOVDQA AA0, AA2
+	VMOVDQA BB0, BB2
+	VMOVDQA CC0, CC2
+	VMOVDQA DD0, DD2
+	VMOVDQA DD1, TT3
+	MOVQ    $10, itr2
+
+sealAVX2192InnerCipherLoop:
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+	VPALIGNR   $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1
+	VPALIGNR   $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+	VPALIGNR   $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+	VPALIGNR   $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1
+	VPALIGNR   $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+	VPALIGNR   $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1
+	DECQ       itr2
+	JNE        sealAVX2192InnerCipherLoop
+	VPADDD     AA2, AA0, AA0; VPADDD AA2, AA1, AA1
+	VPADDD     BB2, BB0, BB0; VPADDD BB2, BB1, BB1
+	VPADDD     CC2, CC0, CC0; VPADDD CC2, CC1, CC1
+	VPADDD     DD2, DD0, DD0; VPADDD TT3, DD1, DD1
+	VPERM2I128 $0x02, AA0, BB0, TT0
+
+	// Clamp and store poly key
+	VPAND   ·polyClampMask<>(SB), TT0, TT0
+	VMOVDQA TT0, rsStoreAVX2
+
+	// Stream for up to 192 bytes
+	VPERM2I128 $0x13, AA0, BB0, AA0
+	VPERM2I128 $0x13, CC0, DD0, BB0
+	VPERM2I128 $0x02, AA1, BB1, CC0
+	VPERM2I128 $0x02, CC1, DD1, DD0
+	VPERM2I128 $0x13, AA1, BB1, AA1
+	VPERM2I128 $0x13, CC1, DD1, BB1
+
+sealAVX2ShortSeal:
+	// Hash aad
+	MOVQ ad_len+80(FP), itr2
+	CALL polyHashADInternal<>(SB)
+	XORQ itr1, itr1
+
+sealAVX2SealHash:
+	// itr1 holds the number of bytes encrypted but not yet hashed
+	CMPQ itr1, $16
+	JB   sealAVX2ShortSealLoop
+	polyAdd(0(oup))
+	polyMul
+	SUBQ $16, itr1
+	ADDQ $16, oup
+	JMP  sealAVX2SealHash
+
+sealAVX2ShortSealLoop:
+	CMPQ inl, $32
+	JB   sealAVX2ShortTail32
+	SUBQ $32, inl
+
+	// Load for encryption
+	VPXOR   (inp), AA0, AA0
+	VMOVDQU AA0, (oup)
+	LEAQ    (1*32)(inp), inp
+
+	// Now can hash
+	polyAdd(0*8(oup))
+	polyMulAVX2
+	polyAdd(2*8(oup))
+	polyMulAVX2
+	LEAQ (1*32)(oup), oup
+
+	// Shift stream left
+	VMOVDQA BB0, AA0
+	VMOVDQA CC0, BB0
+	VMOVDQA DD0, CC0
+	VMOVDQA AA1, DD0
+	VMOVDQA BB1, AA1
+	VMOVDQA CC1, BB1
+	VMOVDQA DD1, CC1
+	VMOVDQA AA2, DD1
+	VMOVDQA BB2, AA2
+	JMP     sealAVX2ShortSealLoop
+
+sealAVX2ShortTail32:
+	CMPQ    inl, $16
+	VMOVDQA A0, A1
+	JB      sealAVX2ShortDone
+
+	SUBQ $16, inl
+
+	// Load for encryption
+	VPXOR   (inp), A0, T0
+	VMOVDQU T0, (oup)
+	LEAQ    (1*16)(inp), inp
+
+	// Hash
+	polyAdd(0*8(oup))
+	polyMulAVX2
+	LEAQ       (1*16)(oup), oup
+	VPERM2I128 $0x11, AA0, AA0, AA0
+	VMOVDQA    A0, A1
+
+sealAVX2ShortDone:
+	VZEROUPPER
+	JMP sealSSETail
+
+// ----------------------------------------------------------------------------
+// Special optimization for buffers smaller than 321 bytes
+seal320AVX2:
+	// For up to 320 bytes of ciphertext and 64 bytes for the poly key, we process six blocks
+	VMOVDQA AA0, AA1; VMOVDQA BB0, BB1; VMOVDQA CC0, CC1; VPADDD ·avx2IncMask<>(SB), DD0, DD1
+	VMOVDQA AA0, AA2; VMOVDQA BB0, BB2; VMOVDQA CC0, CC2; VPADDD ·avx2IncMask<>(SB), DD1, DD2
+	VMOVDQA BB0, TT1; VMOVDQA CC0, TT2; VMOVDQA DD0, TT3
+	MOVQ    $10, itr2
+
+sealAVX2320InnerCipherLoop:
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+	VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+	VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+	VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+	VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2
+	DECQ     itr2
+	JNE      sealAVX2320InnerCipherLoop
+
+	VMOVDQA ·chacha20Constants<>(SB), TT0
+	VPADDD  TT0, AA0, AA0; VPADDD TT0, AA1, AA1; VPADDD TT0, AA2, AA2
+	VPADDD  TT1, BB0, BB0; VPADDD TT1, BB1, BB1; VPADDD TT1, BB2, BB2
+	VPADDD  TT2, CC0, CC0; VPADDD TT2, CC1, CC1; VPADDD TT2, CC2, CC2
+	VMOVDQA ·avx2IncMask<>(SB), TT0
+	VPADDD  TT3, DD0, DD0; VPADDD TT0, TT3, TT3
+	VPADDD  TT3, DD1, DD1; VPADDD TT0, TT3, TT3
+	VPADDD  TT3, DD2, DD2
+
+	// Clamp and store poly key
+	VPERM2I128 $0x02, AA0, BB0, TT0
+	VPAND      ·polyClampMask<>(SB), TT0, TT0
+	VMOVDQA    TT0, rsStoreAVX2
+
+	// Stream for up to 320 bytes
+	VPERM2I128 $0x13, AA0, BB0, AA0
+	VPERM2I128 $0x13, CC0, DD0, BB0
+	VPERM2I128 $0x02, AA1, BB1, CC0
+	VPERM2I128 $0x02, CC1, DD1, DD0
+	VPERM2I128 $0x13, AA1, BB1, AA1
+	VPERM2I128 $0x13, CC1, DD1, BB1
+	VPERM2I128 $0x02, AA2, BB2, CC1
+	VPERM2I128 $0x02, CC2, DD2, DD1
+	VPERM2I128 $0x13, AA2, BB2, AA2
+	VPERM2I128 $0x13, CC2, DD2, BB2
+	JMP        sealAVX2ShortSeal
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 128 bytes of ciphertext
+sealAVX2Tail128:
+	// Need to decrypt up to 128 bytes - prepare two blocks
+	// If we got here after the main loop - there are 512 encrypted bytes waiting to be hashed
+	// If we got here before the main loop - there are 448 encrpyred bytes waiting to be hashed
+	VMOVDQA ·chacha20Constants<>(SB), AA0
+	VMOVDQA state1StoreAVX2, BB0
+	VMOVDQA state2StoreAVX2, CC0
+	VMOVDQA ctr3StoreAVX2, DD0
+	VPADDD  ·avx2IncMask<>(SB), DD0, DD0
+	VMOVDQA DD0, DD1
+
+sealAVX2Tail128LoopA:
+	polyAdd(0(oup))
+	polyMul
+	LEAQ 16(oup), oup
+
+sealAVX2Tail128LoopB:
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0)
+	polyAdd(0(oup))
+	polyMul
+	VPALIGNR $4, BB0, BB0, BB0
+	VPALIGNR $8, CC0, CC0, CC0
+	VPALIGNR $12, DD0, DD0, DD0
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0)
+	polyAdd(16(oup))
+	polyMul
+	LEAQ     32(oup), oup
+	VPALIGNR $12, BB0, BB0, BB0
+	VPALIGNR $8, CC0, CC0, CC0
+	VPALIGNR $4, DD0, DD0, DD0
+	DECQ     itr1
+	JG       sealAVX2Tail128LoopA
+	DECQ     itr2
+	JGE      sealAVX2Tail128LoopB
+
+	VPADDD ·chacha20Constants<>(SB), AA0, AA1
+	VPADDD state1StoreAVX2, BB0, BB1
+	VPADDD state2StoreAVX2, CC0, CC1
+	VPADDD DD1, DD0, DD1
+
+	VPERM2I128 $0x02, AA1, BB1, AA0
+	VPERM2I128 $0x02, CC1, DD1, BB0
+	VPERM2I128 $0x13, AA1, BB1, CC0
+	VPERM2I128 $0x13, CC1, DD1, DD0
+	JMP        sealAVX2ShortSealLoop
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 256 bytes of ciphertext
+sealAVX2Tail256:
+	// Need to decrypt up to 256 bytes - prepare two blocks
+	// If we got here after the main loop - there are 512 encrypted bytes waiting to be hashed
+	// If we got here before the main loop - there are 448 encrpyred bytes waiting to be hashed
+	VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA ·chacha20Constants<>(SB), AA1
+	VMOVDQA state1StoreAVX2, BB0; VMOVDQA state1StoreAVX2, BB1
+	VMOVDQA state2StoreAVX2, CC0; VMOVDQA state2StoreAVX2, CC1
+	VMOVDQA ctr3StoreAVX2, DD0
+	VPADDD  ·avx2IncMask<>(SB), DD0, DD0
+	VPADDD  ·avx2IncMask<>(SB), DD0, DD1
+	VMOVDQA DD0, TT1
+	VMOVDQA DD1, TT2
+
+sealAVX2Tail256LoopA:
+	polyAdd(0(oup))
+	polyMul
+	LEAQ 16(oup), oup
+
+sealAVX2Tail256LoopB:
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+	polyAdd(0(oup))
+	polyMul
+	VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+	VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+	polyAdd(16(oup))
+	polyMul
+	LEAQ     32(oup), oup
+	VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+	VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1
+	DECQ     itr1
+	JG       sealAVX2Tail256LoopA
+	DECQ     itr2
+	JGE      sealAVX2Tail256LoopB
+
+	VPADDD     ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1
+	VPADDD     state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1
+	VPADDD     state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1
+	VPADDD     TT1, DD0, DD0; VPADDD TT2, DD1, DD1
+	VPERM2I128 $0x02, AA0, BB0, TT0
+	VPERM2I128 $0x02, CC0, DD0, TT1
+	VPERM2I128 $0x13, AA0, BB0, TT2
+	VPERM2I128 $0x13, CC0, DD0, TT3
+	VPXOR      (0*32)(inp), TT0, TT0; VPXOR (1*32)(inp), TT1, TT1; VPXOR (2*32)(inp), TT2, TT2; VPXOR (3*32)(inp), TT3, TT3
+	VMOVDQU    TT0, (0*32)(oup); VMOVDQU TT1, (1*32)(oup); VMOVDQU TT2, (2*32)(oup); VMOVDQU TT3, (3*32)(oup)
+	MOVQ       $128, itr1
+	LEAQ       128(inp), inp
+	SUBQ       $128, inl
+	VPERM2I128 $0x02, AA1, BB1, AA0
+	VPERM2I128 $0x02, CC1, DD1, BB0
+	VPERM2I128 $0x13, AA1, BB1, CC0
+	VPERM2I128 $0x13, CC1, DD1, DD0
+
+	JMP sealAVX2SealHash
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 384 bytes of ciphertext
+sealAVX2Tail384:
+	// Need to decrypt up to 384 bytes - prepare two blocks
+	// If we got here after the main loop - there are 512 encrypted bytes waiting to be hashed
+	// If we got here before the main loop - there are 448 encrpyred bytes waiting to be hashed
+	VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2
+	VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2
+	VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2
+	VMOVDQA ctr3StoreAVX2, DD0
+	VPADDD  ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2
+	VMOVDQA DD0, TT1; VMOVDQA DD1, TT2; VMOVDQA DD2, TT3
+
+sealAVX2Tail384LoopA:
+	polyAdd(0(oup))
+	polyMul
+	LEAQ 16(oup), oup
+
+sealAVX2Tail384LoopB:
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+	polyAdd(0(oup))
+	polyMul
+	VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+	VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+	polyAdd(16(oup))
+	polyMul
+	LEAQ     32(oup), oup
+	VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+	VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2
+	DECQ     itr1
+	JG       sealAVX2Tail384LoopA
+	DECQ     itr2
+	JGE      sealAVX2Tail384LoopB
+
+	VPADDD     ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2
+	VPADDD     state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2
+	VPADDD     state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2
+	VPADDD     TT1, DD0, DD0; VPADDD TT2, DD1, DD1; VPADDD TT3, DD2, DD2
+	VPERM2I128 $0x02, AA0, BB0, TT0
+	VPERM2I128 $0x02, CC0, DD0, TT1
+	VPERM2I128 $0x13, AA0, BB0, TT2
+	VPERM2I128 $0x13, CC0, DD0, TT3
+	VPXOR      (0*32)(inp), TT0, TT0; VPXOR (1*32)(inp), TT1, TT1; VPXOR (2*32)(inp), TT2, TT2; VPXOR (3*32)(inp), TT3, TT3
+	VMOVDQU    TT0, (0*32)(oup); VMOVDQU TT1, (1*32)(oup); VMOVDQU TT2, (2*32)(oup); VMOVDQU TT3, (3*32)(oup)
+	VPERM2I128 $0x02, AA1, BB1, TT0
+	VPERM2I128 $0x02, CC1, DD1, TT1
+	VPERM2I128 $0x13, AA1, BB1, TT2
+	VPERM2I128 $0x13, CC1, DD1, TT3
+	VPXOR      (4*32)(inp), TT0, TT0; VPXOR (5*32)(inp), TT1, TT1; VPXOR (6*32)(inp), TT2, TT2; VPXOR (7*32)(inp), TT3, TT3
+	VMOVDQU    TT0, (4*32)(oup); VMOVDQU TT1, (5*32)(oup); VMOVDQU TT2, (6*32)(oup); VMOVDQU TT3, (7*32)(oup)
+	MOVQ       $256, itr1
+	LEAQ       256(inp), inp
+	SUBQ       $256, inl
+	VPERM2I128 $0x02, AA2, BB2, AA0
+	VPERM2I128 $0x02, CC2, DD2, BB0
+	VPERM2I128 $0x13, AA2, BB2, CC0
+	VPERM2I128 $0x13, CC2, DD2, DD0
+
+	JMP sealAVX2SealHash
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 512 bytes of ciphertext
+sealAVX2Tail512:
+	// Need to decrypt up to 512 bytes - prepare two blocks
+	// If we got here after the main loop - there are 512 encrypted bytes waiting to be hashed
+	// If we got here before the main loop - there are 448 encrpyred bytes waiting to be hashed
+	VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
+	VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3
+	VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3
+	VMOVDQA ctr3StoreAVX2, DD0
+	VPADDD  ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3
+	VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2
+
+sealAVX2Tail512LoopA:
+	polyAdd(0(oup))
+	polyMul
+	LEAQ 16(oup), oup
+
+sealAVX2Tail512LoopB:
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	polyAdd(0*8(oup))
+	polyMulAVX2
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $4, BB3, BB3, BB3
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+	VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2; VPALIGNR $12, DD3, DD3, DD3
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	polyAdd(2*8(oup))
+	polyMulAVX2
+	LEAQ     (4*8)(oup), oup
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $12, BB3, BB3, BB3
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+	VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2; VPALIGNR $4, DD3, DD3, DD3
+
+	DECQ itr1
+	JG   sealAVX2Tail512LoopA
+	DECQ itr2
+	JGE  sealAVX2Tail512LoopB
+
+	VPADDD     ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3
+	VPADDD     state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3
+	VPADDD     state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3
+	VPADDD     ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3
+	VMOVDQA    CC3, tmpStoreAVX2
+	VPERM2I128 $0x02, AA0, BB0, CC3
+	VPXOR      (0*32)(inp), CC3, CC3
+	VMOVDQU    CC3, (0*32)(oup)
+	VPERM2I128 $0x02, CC0, DD0, CC3
+	VPXOR      (1*32)(inp), CC3, CC3
+	VMOVDQU    CC3, (1*32)(oup)
+	VPERM2I128 $0x13, AA0, BB0, CC3
+	VPXOR      (2*32)(inp), CC3, CC3
+	VMOVDQU    CC3, (2*32)(oup)
+	VPERM2I128 $0x13, CC0, DD0, CC3
+	VPXOR      (3*32)(inp), CC3, CC3
+	VMOVDQU    CC3, (3*32)(oup)
+
+	VPERM2I128 $0x02, AA1, BB1, AA0
+	VPERM2I128 $0x02, CC1, DD1, BB0
+	VPERM2I128 $0x13, AA1, BB1, CC0
+	VPERM2I128 $0x13, CC1, DD1, DD0
+	VPXOR      (4*32)(inp), AA0, AA0; VPXOR (5*32)(inp), BB0, BB0; VPXOR (6*32)(inp), CC0, CC0; VPXOR (7*32)(inp), DD0, DD0
+	VMOVDQU    AA0, (4*32)(oup); VMOVDQU BB0, (5*32)(oup); VMOVDQU CC0, (6*32)(oup); VMOVDQU DD0, (7*32)(oup)
+
+	VPERM2I128 $0x02, AA2, BB2, AA0
+	VPERM2I128 $0x02, CC2, DD2, BB0
+	VPERM2I128 $0x13, AA2, BB2, CC0
+	VPERM2I128 $0x13, CC2, DD2, DD0
+	VPXOR      (8*32)(inp), AA0, AA0; VPXOR (9*32)(inp), BB0, BB0; VPXOR (10*32)(inp), CC0, CC0; VPXOR (11*32)(inp), DD0, DD0
+	VMOVDQU    AA0, (8*32)(oup); VMOVDQU BB0, (9*32)(oup); VMOVDQU CC0, (10*32)(oup); VMOVDQU DD0, (11*32)(oup)
+
+	MOVQ       $384, itr1
+	LEAQ       384(inp), inp
+	SUBQ       $384, inl
+	VPERM2I128 $0x02, AA3, BB3, AA0
+	VPERM2I128 $0x02, tmpStoreAVX2, DD3, BB0
+	VPERM2I128 $0x13, AA3, BB3, CC0
+	VPERM2I128 $0x13, tmpStoreAVX2, DD3, DD0
+
+	JMP sealAVX2SealHash
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go
new file mode 100644
index 000000000..6313898f0
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go
@@ -0,0 +1,81 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package chacha20poly1305
+
+import (
+	"encoding/binary"
+
+	"golang.org/x/crypto/chacha20"
+	"golang.org/x/crypto/internal/alias"
+	"golang.org/x/crypto/internal/poly1305"
+)
+
+func writeWithPadding(p *poly1305.MAC, b []byte) {
+	p.Write(b)
+	if rem := len(b) % 16; rem != 0 {
+		var buf [16]byte
+		padLen := 16 - rem
+		p.Write(buf[:padLen])
+	}
+}
+
+func writeUint64(p *poly1305.MAC, n int) {
+	var buf [8]byte
+	binary.LittleEndian.PutUint64(buf[:], uint64(n))
+	p.Write(buf[:])
+}
+
+func (c *chacha20poly1305) sealGeneric(dst, nonce, plaintext, additionalData []byte) []byte {
+	ret, out := sliceForAppend(dst, len(plaintext)+poly1305.TagSize)
+	ciphertext, tag := out[:len(plaintext)], out[len(plaintext):]
+	if alias.InexactOverlap(out, plaintext) {
+		panic("chacha20poly1305: invalid buffer overlap")
+	}
+
+	var polyKey [32]byte
+	s, _ := chacha20.NewUnauthenticatedCipher(c.key[:], nonce)
+	s.XORKeyStream(polyKey[:], polyKey[:])
+	s.SetCounter(1) // set the counter to 1, skipping 32 bytes
+	s.XORKeyStream(ciphertext, plaintext)
+
+	p := poly1305.New(&polyKey)
+	writeWithPadding(p, additionalData)
+	writeWithPadding(p, ciphertext)
+	writeUint64(p, len(additionalData))
+	writeUint64(p, len(plaintext))
+	p.Sum(tag[:0])
+
+	return ret
+}
+
+func (c *chacha20poly1305) openGeneric(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
+	tag := ciphertext[len(ciphertext)-16:]
+	ciphertext = ciphertext[:len(ciphertext)-16]
+
+	var polyKey [32]byte
+	s, _ := chacha20.NewUnauthenticatedCipher(c.key[:], nonce)
+	s.XORKeyStream(polyKey[:], polyKey[:])
+	s.SetCounter(1) // set the counter to 1, skipping 32 bytes
+
+	p := poly1305.New(&polyKey)
+	writeWithPadding(p, additionalData)
+	writeWithPadding(p, ciphertext)
+	writeUint64(p, len(additionalData))
+	writeUint64(p, len(ciphertext))
+
+	ret, out := sliceForAppend(dst, len(ciphertext))
+	if alias.InexactOverlap(out, ciphertext) {
+		panic("chacha20poly1305: invalid buffer overlap")
+	}
+	if !p.Verify(tag) {
+		for i := range out {
+			out[i] = 0
+		}
+		return nil, errOpen
+	}
+
+	s.XORKeyStream(out, ciphertext)
+	return ret, nil
+}
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_noasm.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_noasm.go
new file mode 100644
index 000000000..f832b33d4
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_noasm.go
@@ -0,0 +1,16 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !amd64 || !gc || purego
+// +build !amd64 !gc purego
+
+package chacha20poly1305
+
+func (c *chacha20poly1305) seal(dst, nonce, plaintext, additionalData []byte) []byte {
+	return c.sealGeneric(dst, nonce, plaintext, additionalData)
+}
+
+func (c *chacha20poly1305) open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
+	return c.openGeneric(dst, nonce, ciphertext, additionalData)
+}
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/xchacha20poly1305.go b/vendor/golang.org/x/crypto/chacha20poly1305/xchacha20poly1305.go
new file mode 100644
index 000000000..1cebfe946
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20poly1305/xchacha20poly1305.go
@@ -0,0 +1,86 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package chacha20poly1305
+
+import (
+	"crypto/cipher"
+	"errors"
+
+	"golang.org/x/crypto/chacha20"
+)
+
+type xchacha20poly1305 struct {
+	key [KeySize]byte
+}
+
+// NewX returns a XChaCha20-Poly1305 AEAD that uses the given 256-bit key.
+//
+// XChaCha20-Poly1305 is a ChaCha20-Poly1305 variant that takes a longer nonce,
+// suitable to be generated randomly without risk of collisions. It should be
+// preferred when nonce uniqueness cannot be trivially ensured, or whenever
+// nonces are randomly generated.
+func NewX(key []byte) (cipher.AEAD, error) {
+	if len(key) != KeySize {
+		return nil, errors.New("chacha20poly1305: bad key length")
+	}
+	ret := new(xchacha20poly1305)
+	copy(ret.key[:], key)
+	return ret, nil
+}
+
+func (*xchacha20poly1305) NonceSize() int {
+	return NonceSizeX
+}
+
+func (*xchacha20poly1305) Overhead() int {
+	return Overhead
+}
+
+func (x *xchacha20poly1305) Seal(dst, nonce, plaintext, additionalData []byte) []byte {
+	if len(nonce) != NonceSizeX {
+		panic("chacha20poly1305: bad nonce length passed to Seal")
+	}
+
+	// XChaCha20-Poly1305 technically supports a 64-bit counter, so there is no
+	// size limit. However, since we reuse the ChaCha20-Poly1305 implementation,
+	// the second half of the counter is not available. This is unlikely to be
+	// an issue because the cipher.AEAD API requires the entire message to be in
+	// memory, and the counter overflows at 256 GB.
+	if uint64(len(plaintext)) > (1<<38)-64 {
+		panic("chacha20poly1305: plaintext too large")
+	}
+
+	c := new(chacha20poly1305)
+	hKey, _ := chacha20.HChaCha20(x.key[:], nonce[0:16])
+	copy(c.key[:], hKey)
+
+	// The first 4 bytes of the final nonce are unused counter space.
+	cNonce := make([]byte, NonceSize)
+	copy(cNonce[4:12], nonce[16:24])
+
+	return c.seal(dst, cNonce[:], plaintext, additionalData)
+}
+
+func (x *xchacha20poly1305) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
+	if len(nonce) != NonceSizeX {
+		panic("chacha20poly1305: bad nonce length passed to Open")
+	}
+	if len(ciphertext) < 16 {
+		return nil, errOpen
+	}
+	if uint64(len(ciphertext)) > (1<<38)-48 {
+		panic("chacha20poly1305: ciphertext too large")
+	}
+
+	c := new(chacha20poly1305)
+	hKey, _ := chacha20.HChaCha20(x.key[:], nonce[0:16])
+	copy(c.key[:], hKey)
+
+	// The first 4 bytes of the final nonce are unused counter space.
+	cNonce := make([]byte, NonceSize)
+	copy(cNonce[4:12], nonce[16:24])
+
+	return c.open(dst, cNonce[:], ciphertext, additionalData)
+}
diff --git a/vendor/golang.org/x/crypto/cryptobyte/asn1.go b/vendor/golang.org/x/crypto/cryptobyte/asn1.go
new file mode 100644
index 000000000..6fc2838a3
--- /dev/null
+++ b/vendor/golang.org/x/crypto/cryptobyte/asn1.go
@@ -0,0 +1,824 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cryptobyte
+
+import (
+	encoding_asn1 "encoding/asn1"
+	"fmt"
+	"math/big"
+	"reflect"
+	"time"
+
+	"golang.org/x/crypto/cryptobyte/asn1"
+)
+
+// This file contains ASN.1-related methods for String and Builder.
+
+// Builder
+
+// AddASN1Int64 appends a DER-encoded ASN.1 INTEGER.
+func (b *Builder) AddASN1Int64(v int64) {
+	b.addASN1Signed(asn1.INTEGER, v)
+}
+
+// AddASN1Int64WithTag appends a DER-encoded ASN.1 INTEGER with the
+// given tag.
+func (b *Builder) AddASN1Int64WithTag(v int64, tag asn1.Tag) {
+	b.addASN1Signed(tag, v)
+}
+
+// AddASN1Enum appends a DER-encoded ASN.1 ENUMERATION.
+func (b *Builder) AddASN1Enum(v int64) {
+	b.addASN1Signed(asn1.ENUM, v)
+}
+
+func (b *Builder) addASN1Signed(tag asn1.Tag, v int64) {
+	b.AddASN1(tag, func(c *Builder) {
+		length := 1
+		for i := v; i >= 0x80 || i < -0x80; i >>= 8 {
+			length++
+		}
+
+		for ; length > 0; length-- {
+			i := v >> uint((length-1)*8) & 0xff
+			c.AddUint8(uint8(i))
+		}
+	})
+}
+
+// AddASN1Uint64 appends a DER-encoded ASN.1 INTEGER.
+func (b *Builder) AddASN1Uint64(v uint64) {
+	b.AddASN1(asn1.INTEGER, func(c *Builder) {
+		length := 1
+		for i := v; i >= 0x80; i >>= 8 {
+			length++
+		}
+
+		for ; length > 0; length-- {
+			i := v >> uint((length-1)*8) & 0xff
+			c.AddUint8(uint8(i))
+		}
+	})
+}
+
+// AddASN1BigInt appends a DER-encoded ASN.1 INTEGER.
+func (b *Builder) AddASN1BigInt(n *big.Int) {
+	if b.err != nil {
+		return
+	}
+
+	b.AddASN1(asn1.INTEGER, func(c *Builder) {
+		if n.Sign() < 0 {
+			// A negative number has to be converted to two's-complement form. So we
+			// invert and subtract 1. If the most-significant-bit isn't set then
+			// we'll need to pad the beginning with 0xff in order to keep the number
+			// negative.
+			nMinus1 := new(big.Int).Neg(n)
+			nMinus1.Sub(nMinus1, bigOne)
+			bytes := nMinus1.Bytes()
+			for i := range bytes {
+				bytes[i] ^= 0xff
+			}
+			if len(bytes) == 0 || bytes[0]&0x80 == 0 {
+				c.add(0xff)
+			}
+			c.add(bytes...)
+		} else if n.Sign() == 0 {
+			c.add(0)
+		} else {
+			bytes := n.Bytes()
+			if bytes[0]&0x80 != 0 {
+				c.add(0)
+			}
+			c.add(bytes...)
+		}
+	})
+}
+
+// AddASN1OctetString appends a DER-encoded ASN.1 OCTET STRING.
+func (b *Builder) AddASN1OctetString(bytes []byte) {
+	b.AddASN1(asn1.OCTET_STRING, func(c *Builder) {
+		c.AddBytes(bytes)
+	})
+}
+
+const generalizedTimeFormatStr = "20060102150405Z0700"
+
+// AddASN1GeneralizedTime appends a DER-encoded ASN.1 GENERALIZEDTIME.
+func (b *Builder) AddASN1GeneralizedTime(t time.Time) {
+	if t.Year() < 0 || t.Year() > 9999 {
+		b.err = fmt.Errorf("cryptobyte: cannot represent %v as a GeneralizedTime", t)
+		return
+	}
+	b.AddASN1(asn1.GeneralizedTime, func(c *Builder) {
+		c.AddBytes([]byte(t.Format(generalizedTimeFormatStr)))
+	})
+}
+
+// AddASN1UTCTime appends a DER-encoded ASN.1 UTCTime.
+func (b *Builder) AddASN1UTCTime(t time.Time) {
+	b.AddASN1(asn1.UTCTime, func(c *Builder) {
+		// As utilized by the X.509 profile, UTCTime can only
+		// represent the years 1950 through 2049.
+		if t.Year() < 1950 || t.Year() >= 2050 {
+			b.err = fmt.Errorf("cryptobyte: cannot represent %v as a UTCTime", t)
+			return
+		}
+		c.AddBytes([]byte(t.Format(defaultUTCTimeFormatStr)))
+	})
+}
+
+// AddASN1BitString appends a DER-encoded ASN.1 BIT STRING. This does not
+// support BIT STRINGs that are not a whole number of bytes.
+func (b *Builder) AddASN1BitString(data []byte) {
+	b.AddASN1(asn1.BIT_STRING, func(b *Builder) {
+		b.AddUint8(0)
+		b.AddBytes(data)
+	})
+}
+
+func (b *Builder) addBase128Int(n int64) {
+	var length int
+	if n == 0 {
+		length = 1
+	} else {
+		for i := n; i > 0; i >>= 7 {
+			length++
+		}
+	}
+
+	for i := length - 1; i >= 0; i-- {
+		o := byte(n >> uint(i*7))
+		o &= 0x7f
+		if i != 0 {
+			o |= 0x80
+		}
+
+		b.add(o)
+	}
+}
+
+func isValidOID(oid encoding_asn1.ObjectIdentifier) bool {
+	if len(oid) < 2 {
+		return false
+	}
+
+	if oid[0] > 2 || (oid[0] <= 1 && oid[1] >= 40) {
+		return false
+	}
+
+	for _, v := range oid {
+		if v < 0 {
+			return false
+		}
+	}
+
+	return true
+}
+
+func (b *Builder) AddASN1ObjectIdentifier(oid encoding_asn1.ObjectIdentifier) {
+	b.AddASN1(asn1.OBJECT_IDENTIFIER, func(b *Builder) {
+		if !isValidOID(oid) {
+			b.err = fmt.Errorf("cryptobyte: invalid OID: %v", oid)
+			return
+		}
+
+		b.addBase128Int(int64(oid[0])*40 + int64(oid[1]))
+		for _, v := range oid[2:] {
+			b.addBase128Int(int64(v))
+		}
+	})
+}
+
+func (b *Builder) AddASN1Boolean(v bool) {
+	b.AddASN1(asn1.BOOLEAN, func(b *Builder) {
+		if v {
+			b.AddUint8(0xff)
+		} else {
+			b.AddUint8(0)
+		}
+	})
+}
+
+func (b *Builder) AddASN1NULL() {
+	b.add(uint8(asn1.NULL), 0)
+}
+
+// MarshalASN1 calls encoding_asn1.Marshal on its input and appends the result if
+// successful or records an error if one occurred.
+func (b *Builder) MarshalASN1(v interface{}) {
+	// NOTE(martinkr): This is somewhat of a hack to allow propagation of
+	// encoding_asn1.Marshal errors into Builder.err. N.B. if you call MarshalASN1 with a
+	// value embedded into a struct, its tag information is lost.
+	if b.err != nil {
+		return
+	}
+	bytes, err := encoding_asn1.Marshal(v)
+	if err != nil {
+		b.err = err
+		return
+	}
+	b.AddBytes(bytes)
+}
+
+// AddASN1 appends an ASN.1 object. The object is prefixed with the given tag.
+// Tags greater than 30 are not supported and result in an error (i.e.
+// low-tag-number form only). The child builder passed to the
+// BuilderContinuation can be used to build the content of the ASN.1 object.
+func (b *Builder) AddASN1(tag asn1.Tag, f BuilderContinuation) {
+	if b.err != nil {
+		return
+	}
+	// Identifiers with the low five bits set indicate high-tag-number format
+	// (two or more octets), which we don't support.
+	if tag&0x1f == 0x1f {
+		b.err = fmt.Errorf("cryptobyte: high-tag number identifier octects not supported: 0x%x", tag)
+		return
+	}
+	b.AddUint8(uint8(tag))
+	b.addLengthPrefixed(1, true, f)
+}
+
+// String
+
+// ReadASN1Boolean decodes an ASN.1 BOOLEAN and converts it to a boolean
+// representation into out and advances. It reports whether the read
+// was successful.
+func (s *String) ReadASN1Boolean(out *bool) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.BOOLEAN) || len(bytes) != 1 {
+		return false
+	}
+
+	switch bytes[0] {
+	case 0:
+		*out = false
+	case 0xff:
+		*out = true
+	default:
+		return false
+	}
+
+	return true
+}
+
+// ReadASN1Integer decodes an ASN.1 INTEGER into out and advances. If out does
+// not point to an integer, to a big.Int, or to a []byte it panics. Only
+// positive and zero values can be decoded into []byte, and they are returned as
+// big-endian binary values that share memory with s. Positive values will have
+// no leading zeroes, and zero will be returned as a single zero byte.
+// ReadASN1Integer reports whether the read was successful.
+func (s *String) ReadASN1Integer(out interface{}) bool {
+	switch out := out.(type) {
+	case *int, *int8, *int16, *int32, *int64:
+		var i int64
+		if !s.readASN1Int64(&i) || reflect.ValueOf(out).Elem().OverflowInt(i) {
+			return false
+		}
+		reflect.ValueOf(out).Elem().SetInt(i)
+		return true
+	case *uint, *uint8, *uint16, *uint32, *uint64:
+		var u uint64
+		if !s.readASN1Uint64(&u) || reflect.ValueOf(out).Elem().OverflowUint(u) {
+			return false
+		}
+		reflect.ValueOf(out).Elem().SetUint(u)
+		return true
+	case *big.Int:
+		return s.readASN1BigInt(out)
+	case *[]byte:
+		return s.readASN1Bytes(out)
+	default:
+		panic("out does not point to an integer type")
+	}
+}
+
+func checkASN1Integer(bytes []byte) bool {
+	if len(bytes) == 0 {
+		// An INTEGER is encoded with at least one octet.
+		return false
+	}
+	if len(bytes) == 1 {
+		return true
+	}
+	if bytes[0] == 0 && bytes[1]&0x80 == 0 || bytes[0] == 0xff && bytes[1]&0x80 == 0x80 {
+		// Value is not minimally encoded.
+		return false
+	}
+	return true
+}
+
+var bigOne = big.NewInt(1)
+
+func (s *String) readASN1BigInt(out *big.Int) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) {
+		return false
+	}
+	if bytes[0]&0x80 == 0x80 {
+		// Negative number.
+		neg := make([]byte, len(bytes))
+		for i, b := range bytes {
+			neg[i] = ^b
+		}
+		out.SetBytes(neg)
+		out.Add(out, bigOne)
+		out.Neg(out)
+	} else {
+		out.SetBytes(bytes)
+	}
+	return true
+}
+
+func (s *String) readASN1Bytes(out *[]byte) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) {
+		return false
+	}
+	if bytes[0]&0x80 == 0x80 {
+		return false
+	}
+	for len(bytes) > 1 && bytes[0] == 0 {
+		bytes = bytes[1:]
+	}
+	*out = bytes
+	return true
+}
+
+func (s *String) readASN1Int64(out *int64) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) || !asn1Signed(out, bytes) {
+		return false
+	}
+	return true
+}
+
+func asn1Signed(out *int64, n []byte) bool {
+	length := len(n)
+	if length > 8 {
+		return false
+	}
+	for i := 0; i < length; i++ {
+		*out <<= 8
+		*out |= int64(n[i])
+	}
+	// Shift up and down in order to sign extend the result.
+	*out <<= 64 - uint8(length)*8
+	*out >>= 64 - uint8(length)*8
+	return true
+}
+
+func (s *String) readASN1Uint64(out *uint64) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) || !asn1Unsigned(out, bytes) {
+		return false
+	}
+	return true
+}
+
+func asn1Unsigned(out *uint64, n []byte) bool {
+	length := len(n)
+	if length > 9 || length == 9 && n[0] != 0 {
+		// Too large for uint64.
+		return false
+	}
+	if n[0]&0x80 != 0 {
+		// Negative number.
+		return false
+	}
+	for i := 0; i < length; i++ {
+		*out <<= 8
+		*out |= uint64(n[i])
+	}
+	return true
+}
+
+// ReadASN1Int64WithTag decodes an ASN.1 INTEGER with the given tag into out
+// and advances. It reports whether the read was successful and resulted in a
+// value that can be represented in an int64.
+func (s *String) ReadASN1Int64WithTag(out *int64, tag asn1.Tag) bool {
+	var bytes String
+	return s.ReadASN1(&bytes, tag) && checkASN1Integer(bytes) && asn1Signed(out, bytes)
+}
+
+// ReadASN1Enum decodes an ASN.1 ENUMERATION into out and advances. It reports
+// whether the read was successful.
+func (s *String) ReadASN1Enum(out *int) bool {
+	var bytes String
+	var i int64
+	if !s.ReadASN1(&bytes, asn1.ENUM) || !checkASN1Integer(bytes) || !asn1Signed(&i, bytes) {
+		return false
+	}
+	if int64(int(i)) != i {
+		return false
+	}
+	*out = int(i)
+	return true
+}
+
+func (s *String) readBase128Int(out *int) bool {
+	ret := 0
+	for i := 0; len(*s) > 0; i++ {
+		if i == 5 {
+			return false
+		}
+		// Avoid overflowing int on a 32-bit platform.
+		// We don't want different behavior based on the architecture.
+		if ret >= 1<<(31-7) {
+			return false
+		}
+		ret <<= 7
+		b := s.read(1)[0]
+
+		// ITU-T X.690, section 8.19.2:
+		// The subidentifier shall be encoded in the fewest possible octets,
+		// that is, the leading octet of the subidentifier shall not have the value 0x80.
+		if i == 0 && b == 0x80 {
+			return false
+		}
+
+		ret |= int(b & 0x7f)
+		if b&0x80 == 0 {
+			*out = ret
+			return true
+		}
+	}
+	return false // truncated
+}
+
+// ReadASN1ObjectIdentifier decodes an ASN.1 OBJECT IDENTIFIER into out and
+// advances. It reports whether the read was successful.
+func (s *String) ReadASN1ObjectIdentifier(out *encoding_asn1.ObjectIdentifier) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.OBJECT_IDENTIFIER) || len(bytes) == 0 {
+		return false
+	}
+
+	// In the worst case, we get two elements from the first byte (which is
+	// encoded differently) and then every varint is a single byte long.
+	components := make([]int, len(bytes)+1)
+
+	// The first varint is 40*value1 + value2:
+	// According to this packing, value1 can take the values 0, 1 and 2 only.
+	// When value1 = 0 or value1 = 1, then value2 is <= 39. When value1 = 2,
+	// then there are no restrictions on value2.
+	var v int
+	if !bytes.readBase128Int(&v) {
+		return false
+	}
+	if v < 80 {
+		components[0] = v / 40
+		components[1] = v % 40
+	} else {
+		components[0] = 2
+		components[1] = v - 80
+	}
+
+	i := 2
+	for ; len(bytes) > 0; i++ {
+		if !bytes.readBase128Int(&v) {
+			return false
+		}
+		components[i] = v
+	}
+	*out = components[:i]
+	return true
+}
+
+// ReadASN1GeneralizedTime decodes an ASN.1 GENERALIZEDTIME into out and
+// advances. It reports whether the read was successful.
+func (s *String) ReadASN1GeneralizedTime(out *time.Time) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.GeneralizedTime) {
+		return false
+	}
+	t := string(bytes)
+	res, err := time.Parse(generalizedTimeFormatStr, t)
+	if err != nil {
+		return false
+	}
+	if serialized := res.Format(generalizedTimeFormatStr); serialized != t {
+		return false
+	}
+	*out = res
+	return true
+}
+
+const defaultUTCTimeFormatStr = "060102150405Z0700"
+
+// ReadASN1UTCTime decodes an ASN.1 UTCTime into out and advances.
+// It reports whether the read was successful.
+func (s *String) ReadASN1UTCTime(out *time.Time) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.UTCTime) {
+		return false
+	}
+	t := string(bytes)
+
+	formatStr := defaultUTCTimeFormatStr
+	var err error
+	res, err := time.Parse(formatStr, t)
+	if err != nil {
+		// Fallback to minute precision if we can't parse second
+		// precision. If we are following X.509 or X.690 we shouldn't
+		// support this, but we do.
+		formatStr = "0601021504Z0700"
+		res, err = time.Parse(formatStr, t)
+	}
+	if err != nil {
+		return false
+	}
+
+	if serialized := res.Format(formatStr); serialized != t {
+		return false
+	}
+
+	if res.Year() >= 2050 {
+		// UTCTime interprets the low order digits 50-99 as 1950-99.
+		// This only applies to its use in the X.509 profile.
+		// See https://tools.ietf.org/html/rfc5280#section-4.1.2.5.1
+		res = res.AddDate(-100, 0, 0)
+	}
+	*out = res
+	return true
+}
+
+// ReadASN1BitString decodes an ASN.1 BIT STRING into out and advances.
+// It reports whether the read was successful.
+func (s *String) ReadASN1BitString(out *encoding_asn1.BitString) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.BIT_STRING) || len(bytes) == 0 ||
+		len(bytes)*8/8 != len(bytes) {
+		return false
+	}
+
+	paddingBits := bytes[0]
+	bytes = bytes[1:]
+	if paddingBits > 7 ||
+		len(bytes) == 0 && paddingBits != 0 ||
+		len(bytes) > 0 && bytes[len(bytes)-1]&(1<<paddingBits-1) != 0 {
+		return false
+	}
+
+	out.BitLength = len(bytes)*8 - int(paddingBits)
+	out.Bytes = bytes
+	return true
+}
+
+// ReadASN1BitStringAsBytes decodes an ASN.1 BIT STRING into out and advances. It is
+// an error if the BIT STRING is not a whole number of bytes. It reports
+// whether the read was successful.
+func (s *String) ReadASN1BitStringAsBytes(out *[]byte) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.BIT_STRING) || len(bytes) == 0 {
+		return false
+	}
+
+	paddingBits := bytes[0]
+	if paddingBits != 0 {
+		return false
+	}
+	*out = bytes[1:]
+	return true
+}
+
+// ReadASN1Bytes reads the contents of a DER-encoded ASN.1 element (not including
+// tag and length bytes) into out, and advances. The element must match the
+// given tag. It reports whether the read was successful.
+func (s *String) ReadASN1Bytes(out *[]byte, tag asn1.Tag) bool {
+	return s.ReadASN1((*String)(out), tag)
+}
+
+// ReadASN1 reads the contents of a DER-encoded ASN.1 element (not including
+// tag and length bytes) into out, and advances. The element must match the
+// given tag. It reports whether the read was successful.
+//
+// Tags greater than 30 are not supported (i.e. low-tag-number format only).
+func (s *String) ReadASN1(out *String, tag asn1.Tag) bool {
+	var t asn1.Tag
+	if !s.ReadAnyASN1(out, &t) || t != tag {
+		return false
+	}
+	return true
+}
+
+// ReadASN1Element reads the contents of a DER-encoded ASN.1 element (including
+// tag and length bytes) into out, and advances. The element must match the
+// given tag. It reports whether the read was successful.
+//
+// Tags greater than 30 are not supported (i.e. low-tag-number format only).
+func (s *String) ReadASN1Element(out *String, tag asn1.Tag) bool {
+	var t asn1.Tag
+	if !s.ReadAnyASN1Element(out, &t) || t != tag {
+		return false
+	}
+	return true
+}
+
+// ReadAnyASN1 reads the contents of a DER-encoded ASN.1 element (not including
+// tag and length bytes) into out, sets outTag to its tag, and advances.
+// It reports whether the read was successful.
+//
+// Tags greater than 30 are not supported (i.e. low-tag-number format only).
+func (s *String) ReadAnyASN1(out *String, outTag *asn1.Tag) bool {
+	return s.readASN1(out, outTag, true /* skip header */)
+}
+
+// ReadAnyASN1Element reads the contents of a DER-encoded ASN.1 element
+// (including tag and length bytes) into out, sets outTag to is tag, and
+// advances. It reports whether the read was successful.
+//
+// Tags greater than 30 are not supported (i.e. low-tag-number format only).
+func (s *String) ReadAnyASN1Element(out *String, outTag *asn1.Tag) bool {
+	return s.readASN1(out, outTag, false /* include header */)
+}
+
+// PeekASN1Tag reports whether the next ASN.1 value on the string starts with
+// the given tag.
+func (s String) PeekASN1Tag(tag asn1.Tag) bool {
+	if len(s) == 0 {
+		return false
+	}
+	return asn1.Tag(s[0]) == tag
+}
+
+// SkipASN1 reads and discards an ASN.1 element with the given tag. It
+// reports whether the operation was successful.
+func (s *String) SkipASN1(tag asn1.Tag) bool {
+	var unused String
+	return s.ReadASN1(&unused, tag)
+}
+
+// ReadOptionalASN1 attempts to read the contents of a DER-encoded ASN.1
+// element (not including tag and length bytes) tagged with the given tag into
+// out. It stores whether an element with the tag was found in outPresent,
+// unless outPresent is nil. It reports whether the read was successful.
+func (s *String) ReadOptionalASN1(out *String, outPresent *bool, tag asn1.Tag) bool {
+	present := s.PeekASN1Tag(tag)
+	if outPresent != nil {
+		*outPresent = present
+	}
+	if present && !s.ReadASN1(out, tag) {
+		return false
+	}
+	return true
+}
+
+// SkipOptionalASN1 advances s over an ASN.1 element with the given tag, or
+// else leaves s unchanged. It reports whether the operation was successful.
+func (s *String) SkipOptionalASN1(tag asn1.Tag) bool {
+	if !s.PeekASN1Tag(tag) {
+		return true
+	}
+	var unused String
+	return s.ReadASN1(&unused, tag)
+}
+
+// ReadOptionalASN1Integer attempts to read an optional ASN.1 INTEGER explicitly
+// tagged with tag into out and advances. If no element with a matching tag is
+// present, it writes defaultValue into out instead. Otherwise, it behaves like
+// ReadASN1Integer.
+func (s *String) ReadOptionalASN1Integer(out interface{}, tag asn1.Tag, defaultValue interface{}) bool {
+	var present bool
+	var i String
+	if !s.ReadOptionalASN1(&i, &present, tag) {
+		return false
+	}
+	if !present {
+		switch out.(type) {
+		case *int, *int8, *int16, *int32, *int64,
+			*uint, *uint8, *uint16, *uint32, *uint64, *[]byte:
+			reflect.ValueOf(out).Elem().Set(reflect.ValueOf(defaultValue))
+		case *big.Int:
+			if defaultValue, ok := defaultValue.(*big.Int); ok {
+				out.(*big.Int).Set(defaultValue)
+			} else {
+				panic("out points to big.Int, but defaultValue does not")
+			}
+		default:
+			panic("invalid integer type")
+		}
+		return true
+	}
+	if !i.ReadASN1Integer(out) || !i.Empty() {
+		return false
+	}
+	return true
+}
+
+// ReadOptionalASN1OctetString attempts to read an optional ASN.1 OCTET STRING
+// explicitly tagged with tag into out and advances. If no element with a
+// matching tag is present, it sets "out" to nil instead. It reports
+// whether the read was successful.
+func (s *String) ReadOptionalASN1OctetString(out *[]byte, outPresent *bool, tag asn1.Tag) bool {
+	var present bool
+	var child String
+	if !s.ReadOptionalASN1(&child, &present, tag) {
+		return false
+	}
+	if outPresent != nil {
+		*outPresent = present
+	}
+	if present {
+		var oct String
+		if !child.ReadASN1(&oct, asn1.OCTET_STRING) || !child.Empty() {
+			return false
+		}
+		*out = oct
+	} else {
+		*out = nil
+	}
+	return true
+}
+
+// ReadOptionalASN1Boolean sets *out to the value of the next ASN.1 BOOLEAN or,
+// if the next bytes are not an ASN.1 BOOLEAN, to the value of defaultValue.
+// It reports whether the operation was successful.
+func (s *String) ReadOptionalASN1Boolean(out *bool, defaultValue bool) bool {
+	var present bool
+	var child String
+	if !s.ReadOptionalASN1(&child, &present, asn1.BOOLEAN) {
+		return false
+	}
+
+	if !present {
+		*out = defaultValue
+		return true
+	}
+
+	return s.ReadASN1Boolean(out)
+}
+
+func (s *String) readASN1(out *String, outTag *asn1.Tag, skipHeader bool) bool {
+	if len(*s) < 2 {
+		return false
+	}
+	tag, lenByte := (*s)[0], (*s)[1]
+
+	if tag&0x1f == 0x1f {
+		// ITU-T X.690 section 8.1.2
+		//
+		// An identifier octet with a tag part of 0x1f indicates a high-tag-number
+		// form identifier with two or more octets. We only support tags less than
+		// 31 (i.e. low-tag-number form, single octet identifier).
+		return false
+	}
+
+	if outTag != nil {
+		*outTag = asn1.Tag(tag)
+	}
+
+	// ITU-T X.690 section 8.1.3
+	//
+	// Bit 8 of the first length byte indicates whether the length is short- or
+	// long-form.
+	var length, headerLen uint32 // length includes headerLen
+	if lenByte&0x80 == 0 {
+		// Short-form length (section 8.1.3.4), encoded in bits 1-7.
+		length = uint32(lenByte) + 2
+		headerLen = 2
+	} else {
+		// Long-form length (section 8.1.3.5). Bits 1-7 encode the number of octets
+		// used to encode the length.
+		lenLen := lenByte & 0x7f
+		var len32 uint32
+
+		if lenLen == 0 || lenLen > 4 || len(*s) < int(2+lenLen) {
+			return false
+		}
+
+		lenBytes := String((*s)[2 : 2+lenLen])
+		if !lenBytes.readUnsigned(&len32, int(lenLen)) {
+			return false
+		}
+
+		// ITU-T X.690 section 10.1 (DER length forms) requires encoding the length
+		// with the minimum number of octets.
+		if len32 < 128 {
+			// Length should have used short-form encoding.
+			return false
+		}
+		if len32>>((lenLen-1)*8) == 0 {
+			// Leading octet is 0. Length should have been at least one byte shorter.
+			return false
+		}
+
+		headerLen = 2 + uint32(lenLen)
+		if headerLen+len32 < len32 {
+			// Overflow.
+			return false
+		}
+		length = headerLen + len32
+	}
+
+	if int(length) < 0 || !s.ReadBytes((*[]byte)(out), int(length)) {
+		return false
+	}
+	if skipHeader && !out.Skip(int(headerLen)) {
+		panic("cryptobyte: internal error")
+	}
+
+	return true
+}
diff --git a/vendor/golang.org/x/crypto/cryptobyte/asn1/asn1.go b/vendor/golang.org/x/crypto/cryptobyte/asn1/asn1.go
new file mode 100644
index 000000000..cda8e3edf
--- /dev/null
+++ b/vendor/golang.org/x/crypto/cryptobyte/asn1/asn1.go
@@ -0,0 +1,46 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package asn1 contains supporting types for parsing and building ASN.1
+// messages with the cryptobyte package.
+package asn1 // import "golang.org/x/crypto/cryptobyte/asn1"
+
+// Tag represents an ASN.1 identifier octet, consisting of a tag number
+// (indicating a type) and class (such as context-specific or constructed).
+//
+// Methods in the cryptobyte package only support the low-tag-number form, i.e.
+// a single identifier octet with bits 7-8 encoding the class and bits 1-6
+// encoding the tag number.
+type Tag uint8
+
+const (
+	classConstructed     = 0x20
+	classContextSpecific = 0x80
+)
+
+// Constructed returns t with the constructed class bit set.
+func (t Tag) Constructed() Tag { return t | classConstructed }
+
+// ContextSpecific returns t with the context-specific class bit set.
+func (t Tag) ContextSpecific() Tag { return t | classContextSpecific }
+
+// The following is a list of standard tag and class combinations.
+const (
+	BOOLEAN           = Tag(1)
+	INTEGER           = Tag(2)
+	BIT_STRING        = Tag(3)
+	OCTET_STRING      = Tag(4)
+	NULL              = Tag(5)
+	OBJECT_IDENTIFIER = Tag(6)
+	ENUM              = Tag(10)
+	UTF8String        = Tag(12)
+	SEQUENCE          = Tag(16 | classConstructed)
+	SET               = Tag(17 | classConstructed)
+	PrintableString   = Tag(19)
+	T61String         = Tag(20)
+	IA5String         = Tag(22)
+	UTCTime           = Tag(23)
+	GeneralizedTime   = Tag(24)
+	GeneralString     = Tag(27)
+)
diff --git a/vendor/golang.org/x/crypto/cryptobyte/builder.go b/vendor/golang.org/x/crypto/cryptobyte/builder.go
new file mode 100644
index 000000000..cf254f5f1
--- /dev/null
+++ b/vendor/golang.org/x/crypto/cryptobyte/builder.go
@@ -0,0 +1,350 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cryptobyte
+
+import (
+	"errors"
+	"fmt"
+)
+
+// A Builder builds byte strings from fixed-length and length-prefixed values.
+// Builders either allocate space as needed, or are ‘fixed’, which means that
+// they write into a given buffer and produce an error if it's exhausted.
+//
+// The zero value is a usable Builder that allocates space as needed.
+//
+// Simple values are marshaled and appended to a Builder using methods on the
+// Builder. Length-prefixed values are marshaled by providing a
+// BuilderContinuation, which is a function that writes the inner contents of
+// the value to a given Builder. See the documentation for BuilderContinuation
+// for details.
+type Builder struct {
+	err            error
+	result         []byte
+	fixedSize      bool
+	child          *Builder
+	offset         int
+	pendingLenLen  int
+	pendingIsASN1  bool
+	inContinuation *bool
+}
+
+// NewBuilder creates a Builder that appends its output to the given buffer.
+// Like append(), the slice will be reallocated if its capacity is exceeded.
+// Use Bytes to get the final buffer.
+func NewBuilder(buffer []byte) *Builder {
+	return &Builder{
+		result: buffer,
+	}
+}
+
+// NewFixedBuilder creates a Builder that appends its output into the given
+// buffer. This builder does not reallocate the output buffer. Writes that
+// would exceed the buffer's capacity are treated as an error.
+func NewFixedBuilder(buffer []byte) *Builder {
+	return &Builder{
+		result:    buffer,
+		fixedSize: true,
+	}
+}
+
+// SetError sets the value to be returned as the error from Bytes. Writes
+// performed after calling SetError are ignored.
+func (b *Builder) SetError(err error) {
+	b.err = err
+}
+
+// Bytes returns the bytes written by the builder or an error if one has
+// occurred during building.
+func (b *Builder) Bytes() ([]byte, error) {
+	if b.err != nil {
+		return nil, b.err
+	}
+	return b.result[b.offset:], nil
+}
+
+// BytesOrPanic returns the bytes written by the builder or panics if an error
+// has occurred during building.
+func (b *Builder) BytesOrPanic() []byte {
+	if b.err != nil {
+		panic(b.err)
+	}
+	return b.result[b.offset:]
+}
+
+// AddUint8 appends an 8-bit value to the byte string.
+func (b *Builder) AddUint8(v uint8) {
+	b.add(byte(v))
+}
+
+// AddUint16 appends a big-endian, 16-bit value to the byte string.
+func (b *Builder) AddUint16(v uint16) {
+	b.add(byte(v>>8), byte(v))
+}
+
+// AddUint24 appends a big-endian, 24-bit value to the byte string. The highest
+// byte of the 32-bit input value is silently truncated.
+func (b *Builder) AddUint24(v uint32) {
+	b.add(byte(v>>16), byte(v>>8), byte(v))
+}
+
+// AddUint32 appends a big-endian, 32-bit value to the byte string.
+func (b *Builder) AddUint32(v uint32) {
+	b.add(byte(v>>24), byte(v>>16), byte(v>>8), byte(v))
+}
+
+// AddUint48 appends a big-endian, 48-bit value to the byte string.
+func (b *Builder) AddUint48(v uint64) {
+	b.add(byte(v>>40), byte(v>>32), byte(v>>24), byte(v>>16), byte(v>>8), byte(v))
+}
+
+// AddUint64 appends a big-endian, 64-bit value to the byte string.
+func (b *Builder) AddUint64(v uint64) {
+	b.add(byte(v>>56), byte(v>>48), byte(v>>40), byte(v>>32), byte(v>>24), byte(v>>16), byte(v>>8), byte(v))
+}
+
+// AddBytes appends a sequence of bytes to the byte string.
+func (b *Builder) AddBytes(v []byte) {
+	b.add(v...)
+}
+
+// BuilderContinuation is a continuation-passing interface for building
+// length-prefixed byte sequences. Builder methods for length-prefixed
+// sequences (AddUint8LengthPrefixed etc) will invoke the BuilderContinuation
+// supplied to them. The child builder passed to the continuation can be used
+// to build the content of the length-prefixed sequence. For example:
+//
+//	parent := cryptobyte.NewBuilder()
+//	parent.AddUint8LengthPrefixed(func (child *Builder) {
+//	  child.AddUint8(42)
+//	  child.AddUint8LengthPrefixed(func (grandchild *Builder) {
+//	    grandchild.AddUint8(5)
+//	  })
+//	})
+//
+// It is an error to write more bytes to the child than allowed by the reserved
+// length prefix. After the continuation returns, the child must be considered
+// invalid, i.e. users must not store any copies or references of the child
+// that outlive the continuation.
+//
+// If the continuation panics with a value of type BuildError then the inner
+// error will be returned as the error from Bytes. If the child panics
+// otherwise then Bytes will repanic with the same value.
+type BuilderContinuation func(child *Builder)
+
+// BuildError wraps an error. If a BuilderContinuation panics with this value,
+// the panic will be recovered and the inner error will be returned from
+// Builder.Bytes.
+type BuildError struct {
+	Err error
+}
+
+// AddUint8LengthPrefixed adds a 8-bit length-prefixed byte sequence.
+func (b *Builder) AddUint8LengthPrefixed(f BuilderContinuation) {
+	b.addLengthPrefixed(1, false, f)
+}
+
+// AddUint16LengthPrefixed adds a big-endian, 16-bit length-prefixed byte sequence.
+func (b *Builder) AddUint16LengthPrefixed(f BuilderContinuation) {
+	b.addLengthPrefixed(2, false, f)
+}
+
+// AddUint24LengthPrefixed adds a big-endian, 24-bit length-prefixed byte sequence.
+func (b *Builder) AddUint24LengthPrefixed(f BuilderContinuation) {
+	b.addLengthPrefixed(3, false, f)
+}
+
+// AddUint32LengthPrefixed adds a big-endian, 32-bit length-prefixed byte sequence.
+func (b *Builder) AddUint32LengthPrefixed(f BuilderContinuation) {
+	b.addLengthPrefixed(4, false, f)
+}
+
+func (b *Builder) callContinuation(f BuilderContinuation, arg *Builder) {
+	if !*b.inContinuation {
+		*b.inContinuation = true
+
+		defer func() {
+			*b.inContinuation = false
+
+			r := recover()
+			if r == nil {
+				return
+			}
+
+			if buildError, ok := r.(BuildError); ok {
+				b.err = buildError.Err
+			} else {
+				panic(r)
+			}
+		}()
+	}
+
+	f(arg)
+}
+
+func (b *Builder) addLengthPrefixed(lenLen int, isASN1 bool, f BuilderContinuation) {
+	// Subsequent writes can be ignored if the builder has encountered an error.
+	if b.err != nil {
+		return
+	}
+
+	offset := len(b.result)
+	b.add(make([]byte, lenLen)...)
+
+	if b.inContinuation == nil {
+		b.inContinuation = new(bool)
+	}
+
+	b.child = &Builder{
+		result:         b.result,
+		fixedSize:      b.fixedSize,
+		offset:         offset,
+		pendingLenLen:  lenLen,
+		pendingIsASN1:  isASN1,
+		inContinuation: b.inContinuation,
+	}
+
+	b.callContinuation(f, b.child)
+	b.flushChild()
+	if b.child != nil {
+		panic("cryptobyte: internal error")
+	}
+}
+
+func (b *Builder) flushChild() {
+	if b.child == nil {
+		return
+	}
+	b.child.flushChild()
+	child := b.child
+	b.child = nil
+
+	if child.err != nil {
+		b.err = child.err
+		return
+	}
+
+	length := len(child.result) - child.pendingLenLen - child.offset
+
+	if length < 0 {
+		panic("cryptobyte: internal error") // result unexpectedly shrunk
+	}
+
+	if child.pendingIsASN1 {
+		// For ASN.1, we reserved a single byte for the length. If that turned out
+		// to be incorrect, we have to move the contents along in order to make
+		// space.
+		if child.pendingLenLen != 1 {
+			panic("cryptobyte: internal error")
+		}
+		var lenLen, lenByte uint8
+		if int64(length) > 0xfffffffe {
+			b.err = errors.New("pending ASN.1 child too long")
+			return
+		} else if length > 0xffffff {
+			lenLen = 5
+			lenByte = 0x80 | 4
+		} else if length > 0xffff {
+			lenLen = 4
+			lenByte = 0x80 | 3
+		} else if length > 0xff {
+			lenLen = 3
+			lenByte = 0x80 | 2
+		} else if length > 0x7f {
+			lenLen = 2
+			lenByte = 0x80 | 1
+		} else {
+			lenLen = 1
+			lenByte = uint8(length)
+			length = 0
+		}
+
+		// Insert the initial length byte, make space for successive length bytes,
+		// and adjust the offset.
+		child.result[child.offset] = lenByte
+		extraBytes := int(lenLen - 1)
+		if extraBytes != 0 {
+			child.add(make([]byte, extraBytes)...)
+			childStart := child.offset + child.pendingLenLen
+			copy(child.result[childStart+extraBytes:], child.result[childStart:])
+		}
+		child.offset++
+		child.pendingLenLen = extraBytes
+	}
+
+	l := length
+	for i := child.pendingLenLen - 1; i >= 0; i-- {
+		child.result[child.offset+i] = uint8(l)
+		l >>= 8
+	}
+	if l != 0 {
+		b.err = fmt.Errorf("cryptobyte: pending child length %d exceeds %d-byte length prefix", length, child.pendingLenLen)
+		return
+	}
+
+	if b.fixedSize && &b.result[0] != &child.result[0] {
+		panic("cryptobyte: BuilderContinuation reallocated a fixed-size buffer")
+	}
+
+	b.result = child.result
+}
+
+func (b *Builder) add(bytes ...byte) {
+	if b.err != nil {
+		return
+	}
+	if b.child != nil {
+		panic("cryptobyte: attempted write while child is pending")
+	}
+	if len(b.result)+len(bytes) < len(bytes) {
+		b.err = errors.New("cryptobyte: length overflow")
+	}
+	if b.fixedSize && len(b.result)+len(bytes) > cap(b.result) {
+		b.err = errors.New("cryptobyte: Builder is exceeding its fixed-size buffer")
+		return
+	}
+	b.result = append(b.result, bytes...)
+}
+
+// Unwrite rolls back non-negative n bytes written directly to the Builder.
+// An attempt by a child builder passed to a continuation to unwrite bytes
+// from its parent will panic.
+func (b *Builder) Unwrite(n int) {
+	if b.err != nil {
+		return
+	}
+	if b.child != nil {
+		panic("cryptobyte: attempted unwrite while child is pending")
+	}
+	length := len(b.result) - b.pendingLenLen - b.offset
+	if length < 0 {
+		panic("cryptobyte: internal error")
+	}
+	if n < 0 {
+		panic("cryptobyte: attempted to unwrite negative number of bytes")
+	}
+	if n > length {
+		panic("cryptobyte: attempted to unwrite more than was written")
+	}
+	b.result = b.result[:len(b.result)-n]
+}
+
+// A MarshalingValue marshals itself into a Builder.
+type MarshalingValue interface {
+	// Marshal is called by Builder.AddValue. It receives a pointer to a builder
+	// to marshal itself into. It may return an error that occurred during
+	// marshaling, such as unset or invalid values.
+	Marshal(b *Builder) error
+}
+
+// AddValue calls Marshal on v, passing a pointer to the builder to append to.
+// If Marshal returns an error, it is set on the Builder so that subsequent
+// appends don't have an effect.
+func (b *Builder) AddValue(v MarshalingValue) {
+	err := v.Marshal(b)
+	if err != nil {
+		b.err = err
+	}
+}
diff --git a/vendor/golang.org/x/crypto/cryptobyte/string.go b/vendor/golang.org/x/crypto/cryptobyte/string.go
new file mode 100644
index 000000000..10692a8a3
--- /dev/null
+++ b/vendor/golang.org/x/crypto/cryptobyte/string.go
@@ -0,0 +1,183 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package cryptobyte contains types that help with parsing and constructing
+// length-prefixed, binary messages, including ASN.1 DER. (The asn1 subpackage
+// contains useful ASN.1 constants.)
+//
+// The String type is for parsing. It wraps a []byte slice and provides helper
+// functions for consuming structures, value by value.
+//
+// The Builder type is for constructing messages. It providers helper functions
+// for appending values and also for appending length-prefixed submessages –
+// without having to worry about calculating the length prefix ahead of time.
+//
+// See the documentation and examples for the Builder and String types to get
+// started.
+package cryptobyte // import "golang.org/x/crypto/cryptobyte"
+
+// String represents a string of bytes. It provides methods for parsing
+// fixed-length and length-prefixed values from it.
+type String []byte
+
+// read advances a String by n bytes and returns them. If less than n bytes
+// remain, it returns nil.
+func (s *String) read(n int) []byte {
+	if len(*s) < n || n < 0 {
+		return nil
+	}
+	v := (*s)[:n]
+	*s = (*s)[n:]
+	return v
+}
+
+// Skip advances the String by n byte and reports whether it was successful.
+func (s *String) Skip(n int) bool {
+	return s.read(n) != nil
+}
+
+// ReadUint8 decodes an 8-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint8(out *uint8) bool {
+	v := s.read(1)
+	if v == nil {
+		return false
+	}
+	*out = uint8(v[0])
+	return true
+}
+
+// ReadUint16 decodes a big-endian, 16-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint16(out *uint16) bool {
+	v := s.read(2)
+	if v == nil {
+		return false
+	}
+	*out = uint16(v[0])<<8 | uint16(v[1])
+	return true
+}
+
+// ReadUint24 decodes a big-endian, 24-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint24(out *uint32) bool {
+	v := s.read(3)
+	if v == nil {
+		return false
+	}
+	*out = uint32(v[0])<<16 | uint32(v[1])<<8 | uint32(v[2])
+	return true
+}
+
+// ReadUint32 decodes a big-endian, 32-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint32(out *uint32) bool {
+	v := s.read(4)
+	if v == nil {
+		return false
+	}
+	*out = uint32(v[0])<<24 | uint32(v[1])<<16 | uint32(v[2])<<8 | uint32(v[3])
+	return true
+}
+
+// ReadUint48 decodes a big-endian, 48-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint48(out *uint64) bool {
+	v := s.read(6)
+	if v == nil {
+		return false
+	}
+	*out = uint64(v[0])<<40 | uint64(v[1])<<32 | uint64(v[2])<<24 | uint64(v[3])<<16 | uint64(v[4])<<8 | uint64(v[5])
+	return true
+}
+
+// ReadUint64 decodes a big-endian, 64-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint64(out *uint64) bool {
+	v := s.read(8)
+	if v == nil {
+		return false
+	}
+	*out = uint64(v[0])<<56 | uint64(v[1])<<48 | uint64(v[2])<<40 | uint64(v[3])<<32 | uint64(v[4])<<24 | uint64(v[5])<<16 | uint64(v[6])<<8 | uint64(v[7])
+	return true
+}
+
+func (s *String) readUnsigned(out *uint32, length int) bool {
+	v := s.read(length)
+	if v == nil {
+		return false
+	}
+	var result uint32
+	for i := 0; i < length; i++ {
+		result <<= 8
+		result |= uint32(v[i])
+	}
+	*out = result
+	return true
+}
+
+func (s *String) readLengthPrefixed(lenLen int, outChild *String) bool {
+	lenBytes := s.read(lenLen)
+	if lenBytes == nil {
+		return false
+	}
+	var length uint32
+	for _, b := range lenBytes {
+		length = length << 8
+		length = length | uint32(b)
+	}
+	v := s.read(int(length))
+	if v == nil {
+		return false
+	}
+	*outChild = v
+	return true
+}
+
+// ReadUint8LengthPrefixed reads the content of an 8-bit length-prefixed value
+// into out and advances over it. It reports whether the read was successful.
+func (s *String) ReadUint8LengthPrefixed(out *String) bool {
+	return s.readLengthPrefixed(1, out)
+}
+
+// ReadUint16LengthPrefixed reads the content of a big-endian, 16-bit
+// length-prefixed value into out and advances over it. It reports whether the
+// read was successful.
+func (s *String) ReadUint16LengthPrefixed(out *String) bool {
+	return s.readLengthPrefixed(2, out)
+}
+
+// ReadUint24LengthPrefixed reads the content of a big-endian, 24-bit
+// length-prefixed value into out and advances over it. It reports whether
+// the read was successful.
+func (s *String) ReadUint24LengthPrefixed(out *String) bool {
+	return s.readLengthPrefixed(3, out)
+}
+
+// ReadBytes reads n bytes into out and advances over them. It reports
+// whether the read was successful.
+func (s *String) ReadBytes(out *[]byte, n int) bool {
+	v := s.read(n)
+	if v == nil {
+		return false
+	}
+	*out = v
+	return true
+}
+
+// CopyBytes copies len(out) bytes into out and advances over them. It reports
+// whether the copy operation was successful
+func (s *String) CopyBytes(out []byte) bool {
+	n := len(out)
+	v := s.read(n)
+	if v == nil {
+		return false
+	}
+	return copy(out, v) == n
+}
+
+// Empty reports whether the string does not contain any bytes.
+func (s String) Empty() bool {
+	return len(s) == 0
+}
diff --git a/vendor/golang.org/x/crypto/hkdf/hkdf.go b/vendor/golang.org/x/crypto/hkdf/hkdf.go
new file mode 100644
index 000000000..dda3f143b
--- /dev/null
+++ b/vendor/golang.org/x/crypto/hkdf/hkdf.go
@@ -0,0 +1,93 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation
+// Function (HKDF) as defined in RFC 5869.
+//
+// HKDF is a cryptographic key derivation function (KDF) with the goal of
+// expanding limited input keying material into one or more cryptographically
+// strong secret keys.
+package hkdf // import "golang.org/x/crypto/hkdf"
+
+import (
+	"crypto/hmac"
+	"errors"
+	"hash"
+	"io"
+)
+
+// Extract generates a pseudorandom key for use with Expand from an input secret
+// and an optional independent salt.
+//
+// Only use this function if you need to reuse the extracted key with multiple
+// Expand invocations and different context values. Most common scenarios,
+// including the generation of multiple keys, should use New instead.
+func Extract(hash func() hash.Hash, secret, salt []byte) []byte {
+	if salt == nil {
+		salt = make([]byte, hash().Size())
+	}
+	extractor := hmac.New(hash, salt)
+	extractor.Write(secret)
+	return extractor.Sum(nil)
+}
+
+type hkdf struct {
+	expander hash.Hash
+	size     int
+
+	info    []byte
+	counter byte
+
+	prev []byte
+	buf  []byte
+}
+
+func (f *hkdf) Read(p []byte) (int, error) {
+	// Check whether enough data can be generated
+	need := len(p)
+	remains := len(f.buf) + int(255-f.counter+1)*f.size
+	if remains < need {
+		return 0, errors.New("hkdf: entropy limit reached")
+	}
+	// Read any leftover from the buffer
+	n := copy(p, f.buf)
+	p = p[n:]
+
+	// Fill the rest of the buffer
+	for len(p) > 0 {
+		f.expander.Reset()
+		f.expander.Write(f.prev)
+		f.expander.Write(f.info)
+		f.expander.Write([]byte{f.counter})
+		f.prev = f.expander.Sum(f.prev[:0])
+		f.counter++
+
+		// Copy the new batch into p
+		f.buf = f.prev
+		n = copy(p, f.buf)
+		p = p[n:]
+	}
+	// Save leftovers for next run
+	f.buf = f.buf[n:]
+
+	return need, nil
+}
+
+// Expand returns a Reader, from which keys can be read, using the given
+// pseudorandom key and optional context info, skipping the extraction step.
+//
+// The pseudorandomKey should have been generated by Extract, or be a uniformly
+// random or pseudorandom cryptographically strong key. See RFC 5869, Section
+// 3.3. Most common scenarios will want to use New instead.
+func Expand(hash func() hash.Hash, pseudorandomKey, info []byte) io.Reader {
+	expander := hmac.New(hash, pseudorandomKey)
+	return &hkdf{expander, expander.Size(), info, 1, nil, nil}
+}
+
+// New returns a Reader, from which keys can be read, using the given hash,
+// secret, salt and context info. Salt and info can be nil.
+func New(hash func() hash.Hash, secret, salt, info []byte) io.Reader {
+	prk := Extract(hash, secret, salt)
+	return Expand(hash, prk, info)
+}
diff --git a/vendor/golang.org/x/crypto/internal/alias/alias.go b/vendor/golang.org/x/crypto/internal/alias/alias.go
new file mode 100644
index 000000000..69c17f822
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/alias/alias.go
@@ -0,0 +1,32 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !purego
+// +build !purego
+
+// Package alias implements memory aliasing tests.
+package alias
+
+import "unsafe"
+
+// AnyOverlap reports whether x and y share memory at any (not necessarily
+// corresponding) index. The memory beyond the slice length is ignored.
+func AnyOverlap(x, y []byte) bool {
+	return len(x) > 0 && len(y) > 0 &&
+		uintptr(unsafe.Pointer(&x[0])) <= uintptr(unsafe.Pointer(&y[len(y)-1])) &&
+		uintptr(unsafe.Pointer(&y[0])) <= uintptr(unsafe.Pointer(&x[len(x)-1]))
+}
+
+// InexactOverlap reports whether x and y share memory at any non-corresponding
+// index. The memory beyond the slice length is ignored. Note that x and y can
+// have different lengths and still not have any inexact overlap.
+//
+// InexactOverlap can be used to implement the requirements of the crypto/cipher
+// AEAD, Block, BlockMode and Stream interfaces.
+func InexactOverlap(x, y []byte) bool {
+	if len(x) == 0 || len(y) == 0 || &x[0] == &y[0] {
+		return false
+	}
+	return AnyOverlap(x, y)
+}
diff --git a/vendor/golang.org/x/crypto/internal/alias/alias_purego.go b/vendor/golang.org/x/crypto/internal/alias/alias_purego.go
new file mode 100644
index 000000000..4775b0a43
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/alias/alias_purego.go
@@ -0,0 +1,35 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build purego
+// +build purego
+
+// Package alias implements memory aliasing tests.
+package alias
+
+// This is the Google App Engine standard variant based on reflect
+// because the unsafe package and cgo are disallowed.
+
+import "reflect"
+
+// AnyOverlap reports whether x and y share memory at any (not necessarily
+// corresponding) index. The memory beyond the slice length is ignored.
+func AnyOverlap(x, y []byte) bool {
+	return len(x) > 0 && len(y) > 0 &&
+		reflect.ValueOf(&x[0]).Pointer() <= reflect.ValueOf(&y[len(y)-1]).Pointer() &&
+		reflect.ValueOf(&y[0]).Pointer() <= reflect.ValueOf(&x[len(x)-1]).Pointer()
+}
+
+// InexactOverlap reports whether x and y share memory at any non-corresponding
+// index. The memory beyond the slice length is ignored. Note that x and y can
+// have different lengths and still not have any inexact overlap.
+//
+// InexactOverlap can be used to implement the requirements of the crypto/cipher
+// AEAD, Block, BlockMode and Stream interfaces.
+func InexactOverlap(x, y []byte) bool {
+	if len(x) == 0 || len(y) == 0 || &x[0] == &y[0] {
+		return false
+	}
+	return AnyOverlap(x, y)
+}
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/bits_compat.go b/vendor/golang.org/x/crypto/internal/poly1305/bits_compat.go
new file mode 100644
index 000000000..45b5c966b
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/poly1305/bits_compat.go
@@ -0,0 +1,40 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.13
+// +build !go1.13
+
+package poly1305
+
+// Generic fallbacks for the math/bits intrinsics, copied from
+// src/math/bits/bits.go. They were added in Go 1.12, but Add64 and Sum64 had
+// variable time fallbacks until Go 1.13.
+
+func bitsAdd64(x, y, carry uint64) (sum, carryOut uint64) {
+	sum = x + y + carry
+	carryOut = ((x & y) | ((x | y) &^ sum)) >> 63
+	return
+}
+
+func bitsSub64(x, y, borrow uint64) (diff, borrowOut uint64) {
+	diff = x - y - borrow
+	borrowOut = ((^x & y) | (^(x ^ y) & diff)) >> 63
+	return
+}
+
+func bitsMul64(x, y uint64) (hi, lo uint64) {
+	const mask32 = 1<<32 - 1
+	x0 := x & mask32
+	x1 := x >> 32
+	y0 := y & mask32
+	y1 := y >> 32
+	w0 := x0 * y0
+	t := x1*y0 + w0>>32
+	w1 := t & mask32
+	w2 := t >> 32
+	w1 += x0 * y1
+	hi = x1*y1 + w2 + w1>>32
+	lo = x * y
+	return
+}
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/bits_go1.13.go b/vendor/golang.org/x/crypto/internal/poly1305/bits_go1.13.go
new file mode 100644
index 000000000..ed52b3418
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/poly1305/bits_go1.13.go
@@ -0,0 +1,22 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.13
+// +build go1.13
+
+package poly1305
+
+import "math/bits"
+
+func bitsAdd64(x, y, carry uint64) (sum, carryOut uint64) {
+	return bits.Add64(x, y, carry)
+}
+
+func bitsSub64(x, y, borrow uint64) (diff, borrowOut uint64) {
+	return bits.Sub64(x, y, borrow)
+}
+
+func bitsMul64(x, y uint64) (hi, lo uint64) {
+	return bits.Mul64(x, y)
+}
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go b/vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go
new file mode 100644
index 000000000..f184b67d9
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go
@@ -0,0 +1,10 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (!amd64 && !ppc64le && !s390x) || !gc || purego
+// +build !amd64,!ppc64le,!s390x !gc purego
+
+package poly1305
+
+type mac struct{ macGeneric }
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/poly1305.go b/vendor/golang.org/x/crypto/internal/poly1305/poly1305.go
new file mode 100644
index 000000000..4aaea810a
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/poly1305/poly1305.go
@@ -0,0 +1,99 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package poly1305 implements Poly1305 one-time message authentication code as
+// specified in https://cr.yp.to/mac/poly1305-20050329.pdf.
+//
+// Poly1305 is a fast, one-time authentication function. It is infeasible for an
+// attacker to generate an authenticator for a message without the key. However, a
+// key must only be used for a single message. Authenticating two different
+// messages with the same key allows an attacker to forge authenticators for other
+// messages with the same key.
+//
+// Poly1305 was originally coupled with AES in order to make Poly1305-AES. AES was
+// used with a fixed key in order to generate one-time keys from an nonce.
+// However, in this package AES isn't used and the one-time key is specified
+// directly.
+package poly1305
+
+import "crypto/subtle"
+
+// TagSize is the size, in bytes, of a poly1305 authenticator.
+const TagSize = 16
+
+// Sum generates an authenticator for msg using a one-time key and puts the
+// 16-byte result into out. Authenticating two different messages with the same
+// key allows an attacker to forge messages at will.
+func Sum(out *[16]byte, m []byte, key *[32]byte) {
+	h := New(key)
+	h.Write(m)
+	h.Sum(out[:0])
+}
+
+// Verify returns true if mac is a valid authenticator for m with the given key.
+func Verify(mac *[16]byte, m []byte, key *[32]byte) bool {
+	var tmp [16]byte
+	Sum(&tmp, m, key)
+	return subtle.ConstantTimeCompare(tmp[:], mac[:]) == 1
+}
+
+// New returns a new MAC computing an authentication
+// tag of all data written to it with the given key.
+// This allows writing the message progressively instead
+// of passing it as a single slice. Common users should use
+// the Sum function instead.
+//
+// The key must be unique for each message, as authenticating
+// two different messages with the same key allows an attacker
+// to forge messages at will.
+func New(key *[32]byte) *MAC {
+	m := &MAC{}
+	initialize(key, &m.macState)
+	return m
+}
+
+// MAC is an io.Writer computing an authentication tag
+// of the data written to it.
+//
+// MAC cannot be used like common hash.Hash implementations,
+// because using a poly1305 key twice breaks its security.
+// Therefore writing data to a running MAC after calling
+// Sum or Verify causes it to panic.
+type MAC struct {
+	mac // platform-dependent implementation
+
+	finalized bool
+}
+
+// Size returns the number of bytes Sum will return.
+func (h *MAC) Size() int { return TagSize }
+
+// Write adds more data to the running message authentication code.
+// It never returns an error.
+//
+// It must not be called after the first call of Sum or Verify.
+func (h *MAC) Write(p []byte) (n int, err error) {
+	if h.finalized {
+		panic("poly1305: write to MAC after Sum or Verify")
+	}
+	return h.mac.Write(p)
+}
+
+// Sum computes the authenticator of all data written to the
+// message authentication code.
+func (h *MAC) Sum(b []byte) []byte {
+	var mac [TagSize]byte
+	h.mac.Sum(&mac)
+	h.finalized = true
+	return append(b, mac[:]...)
+}
+
+// Verify returns whether the authenticator of all data written to
+// the message authentication code matches the expected value.
+func (h *MAC) Verify(expected []byte) bool {
+	var mac [TagSize]byte
+	h.mac.Sum(&mac)
+	h.finalized = true
+	return subtle.ConstantTimeCompare(expected, mac[:]) == 1
+}
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.go b/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.go
new file mode 100644
index 000000000..6d522333f
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.go
@@ -0,0 +1,48 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+package poly1305
+
+//go:noescape
+func update(state *macState, msg []byte)
+
+// mac is a wrapper for macGeneric that redirects calls that would have gone to
+// updateGeneric to update.
+//
+// Its Write and Sum methods are otherwise identical to the macGeneric ones, but
+// using function pointers would carry a major performance cost.
+type mac struct{ macGeneric }
+
+func (h *mac) Write(p []byte) (int, error) {
+	nn := len(p)
+	if h.offset > 0 {
+		n := copy(h.buffer[h.offset:], p)
+		if h.offset+n < TagSize {
+			h.offset += n
+			return nn, nil
+		}
+		p = p[n:]
+		h.offset = 0
+		update(&h.macState, h.buffer[:])
+	}
+	if n := len(p) - (len(p) % TagSize); n > 0 {
+		update(&h.macState, p[:n])
+		p = p[n:]
+	}
+	if len(p) > 0 {
+		h.offset += copy(h.buffer[h.offset:], p)
+	}
+	return nn, nil
+}
+
+func (h *mac) Sum(out *[16]byte) {
+	state := h.macState
+	if h.offset > 0 {
+		update(&state, h.buffer[:h.offset])
+	}
+	finalize(out, &state.h, &state.s)
+}
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.s b/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.s
new file mode 100644
index 000000000..1d74f0f88
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.s
@@ -0,0 +1,109 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+#include "textflag.h"
+
+#define POLY1305_ADD(msg, h0, h1, h2) \
+	ADDQ 0(msg), h0;  \
+	ADCQ 8(msg), h1;  \
+	ADCQ $1, h2;      \
+	LEAQ 16(msg), msg
+
+#define POLY1305_MUL(h0, h1, h2, r0, r1, t0, t1, t2, t3) \
+	MOVQ  r0, AX;                  \
+	MULQ  h0;                      \
+	MOVQ  AX, t0;                  \
+	MOVQ  DX, t1;                  \
+	MOVQ  r0, AX;                  \
+	MULQ  h1;                      \
+	ADDQ  AX, t1;                  \
+	ADCQ  $0, DX;                  \
+	MOVQ  r0, t2;                  \
+	IMULQ h2, t2;                  \
+	ADDQ  DX, t2;                  \
+	                               \
+	MOVQ  r1, AX;                  \
+	MULQ  h0;                      \
+	ADDQ  AX, t1;                  \
+	ADCQ  $0, DX;                  \
+	MOVQ  DX, h0;                  \
+	MOVQ  r1, t3;                  \
+	IMULQ h2, t3;                  \
+	MOVQ  r1, AX;                  \
+	MULQ  h1;                      \
+	ADDQ  AX, t2;                  \
+	ADCQ  DX, t3;                  \
+	ADDQ  h0, t2;                  \
+	ADCQ  $0, t3;                  \
+	                               \
+	MOVQ  t0, h0;                  \
+	MOVQ  t1, h1;                  \
+	MOVQ  t2, h2;                  \
+	ANDQ  $3, h2;                  \
+	MOVQ  t2, t0;                  \
+	ANDQ  $0xFFFFFFFFFFFFFFFC, t0; \
+	ADDQ  t0, h0;                  \
+	ADCQ  t3, h1;                  \
+	ADCQ  $0, h2;                  \
+	SHRQ  $2, t3, t2;              \
+	SHRQ  $2, t3;                  \
+	ADDQ  t2, h0;                  \
+	ADCQ  t3, h1;                  \
+	ADCQ  $0, h2
+
+// func update(state *[7]uint64, msg []byte)
+TEXT ·update(SB), $0-32
+	MOVQ state+0(FP), DI
+	MOVQ msg_base+8(FP), SI
+	MOVQ msg_len+16(FP), R15
+
+	MOVQ 0(DI), R8   // h0
+	MOVQ 8(DI), R9   // h1
+	MOVQ 16(DI), R10 // h2
+	MOVQ 24(DI), R11 // r0
+	MOVQ 32(DI), R12 // r1
+
+	CMPQ R15, $16
+	JB   bytes_between_0_and_15
+
+loop:
+	POLY1305_ADD(SI, R8, R9, R10)
+
+multiply:
+	POLY1305_MUL(R8, R9, R10, R11, R12, BX, CX, R13, R14)
+	SUBQ $16, R15
+	CMPQ R15, $16
+	JAE  loop
+
+bytes_between_0_and_15:
+	TESTQ R15, R15
+	JZ    done
+	MOVQ  $1, BX
+	XORQ  CX, CX
+	XORQ  R13, R13
+	ADDQ  R15, SI
+
+flush_buffer:
+	SHLQ $8, BX, CX
+	SHLQ $8, BX
+	MOVB -1(SI), R13
+	XORQ R13, BX
+	DECQ SI
+	DECQ R15
+	JNZ  flush_buffer
+
+	ADDQ BX, R8
+	ADCQ CX, R9
+	ADCQ $0, R10
+	MOVQ $16, R15
+	JMP  multiply
+
+done:
+	MOVQ R8, 0(DI)
+	MOVQ R9, 8(DI)
+	MOVQ R10, 16(DI)
+	RET
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_generic.go b/vendor/golang.org/x/crypto/internal/poly1305/sum_generic.go
new file mode 100644
index 000000000..e041da5ea
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_generic.go
@@ -0,0 +1,309 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// This file provides the generic implementation of Sum and MAC. Other files
+// might provide optimized assembly implementations of some of this code.
+
+package poly1305
+
+import "encoding/binary"
+
+// Poly1305 [RFC 7539] is a relatively simple algorithm: the authentication tag
+// for a 64 bytes message is approximately
+//
+//     s + m[0:16] * r⁴ + m[16:32] * r³ + m[32:48] * r² + m[48:64] * r  mod  2¹³⁰ - 5
+//
+// for some secret r and s. It can be computed sequentially like
+//
+//     for len(msg) > 0:
+//         h += read(msg, 16)
+//         h *= r
+//         h %= 2¹³⁰ - 5
+//     return h + s
+//
+// All the complexity is about doing performant constant-time math on numbers
+// larger than any available numeric type.
+
+func sumGeneric(out *[TagSize]byte, msg []byte, key *[32]byte) {
+	h := newMACGeneric(key)
+	h.Write(msg)
+	h.Sum(out)
+}
+
+func newMACGeneric(key *[32]byte) macGeneric {
+	m := macGeneric{}
+	initialize(key, &m.macState)
+	return m
+}
+
+// macState holds numbers in saturated 64-bit little-endian limbs. That is,
+// the value of [x0, x1, x2] is x[0] + x[1] * 2⁶⁴ + x[2] * 2¹²⁸.
+type macState struct {
+	// h is the main accumulator. It is to be interpreted modulo 2¹³⁰ - 5, but
+	// can grow larger during and after rounds. It must, however, remain below
+	// 2 * (2¹³⁰ - 5).
+	h [3]uint64
+	// r and s are the private key components.
+	r [2]uint64
+	s [2]uint64
+}
+
+type macGeneric struct {
+	macState
+
+	buffer [TagSize]byte
+	offset int
+}
+
+// Write splits the incoming message into TagSize chunks, and passes them to
+// update. It buffers incomplete chunks.
+func (h *macGeneric) Write(p []byte) (int, error) {
+	nn := len(p)
+	if h.offset > 0 {
+		n := copy(h.buffer[h.offset:], p)
+		if h.offset+n < TagSize {
+			h.offset += n
+			return nn, nil
+		}
+		p = p[n:]
+		h.offset = 0
+		updateGeneric(&h.macState, h.buffer[:])
+	}
+	if n := len(p) - (len(p) % TagSize); n > 0 {
+		updateGeneric(&h.macState, p[:n])
+		p = p[n:]
+	}
+	if len(p) > 0 {
+		h.offset += copy(h.buffer[h.offset:], p)
+	}
+	return nn, nil
+}
+
+// Sum flushes the last incomplete chunk from the buffer, if any, and generates
+// the MAC output. It does not modify its state, in order to allow for multiple
+// calls to Sum, even if no Write is allowed after Sum.
+func (h *macGeneric) Sum(out *[TagSize]byte) {
+	state := h.macState
+	if h.offset > 0 {
+		updateGeneric(&state, h.buffer[:h.offset])
+	}
+	finalize(out, &state.h, &state.s)
+}
+
+// [rMask0, rMask1] is the specified Poly1305 clamping mask in little-endian. It
+// clears some bits of the secret coefficient to make it possible to implement
+// multiplication more efficiently.
+const (
+	rMask0 = 0x0FFFFFFC0FFFFFFF
+	rMask1 = 0x0FFFFFFC0FFFFFFC
+)
+
+// initialize loads the 256-bit key into the two 128-bit secret values r and s.
+func initialize(key *[32]byte, m *macState) {
+	m.r[0] = binary.LittleEndian.Uint64(key[0:8]) & rMask0
+	m.r[1] = binary.LittleEndian.Uint64(key[8:16]) & rMask1
+	m.s[0] = binary.LittleEndian.Uint64(key[16:24])
+	m.s[1] = binary.LittleEndian.Uint64(key[24:32])
+}
+
+// uint128 holds a 128-bit number as two 64-bit limbs, for use with the
+// bits.Mul64 and bits.Add64 intrinsics.
+type uint128 struct {
+	lo, hi uint64
+}
+
+func mul64(a, b uint64) uint128 {
+	hi, lo := bitsMul64(a, b)
+	return uint128{lo, hi}
+}
+
+func add128(a, b uint128) uint128 {
+	lo, c := bitsAdd64(a.lo, b.lo, 0)
+	hi, c := bitsAdd64(a.hi, b.hi, c)
+	if c != 0 {
+		panic("poly1305: unexpected overflow")
+	}
+	return uint128{lo, hi}
+}
+
+func shiftRightBy2(a uint128) uint128 {
+	a.lo = a.lo>>2 | (a.hi&3)<<62
+	a.hi = a.hi >> 2
+	return a
+}
+
+// updateGeneric absorbs msg into the state.h accumulator. For each chunk m of
+// 128 bits of message, it computes
+//
+//	h₊ = (h + m) * r  mod  2¹³⁰ - 5
+//
+// If the msg length is not a multiple of TagSize, it assumes the last
+// incomplete chunk is the final one.
+func updateGeneric(state *macState, msg []byte) {
+	h0, h1, h2 := state.h[0], state.h[1], state.h[2]
+	r0, r1 := state.r[0], state.r[1]
+
+	for len(msg) > 0 {
+		var c uint64
+
+		// For the first step, h + m, we use a chain of bits.Add64 intrinsics.
+		// The resulting value of h might exceed 2¹³⁰ - 5, but will be partially
+		// reduced at the end of the multiplication below.
+		//
+		// The spec requires us to set a bit just above the message size, not to
+		// hide leading zeroes. For full chunks, that's 1 << 128, so we can just
+		// add 1 to the most significant (2¹²⁸) limb, h2.
+		if len(msg) >= TagSize {
+			h0, c = bitsAdd64(h0, binary.LittleEndian.Uint64(msg[0:8]), 0)
+			h1, c = bitsAdd64(h1, binary.LittleEndian.Uint64(msg[8:16]), c)
+			h2 += c + 1
+
+			msg = msg[TagSize:]
+		} else {
+			var buf [TagSize]byte
+			copy(buf[:], msg)
+			buf[len(msg)] = 1
+
+			h0, c = bitsAdd64(h0, binary.LittleEndian.Uint64(buf[0:8]), 0)
+			h1, c = bitsAdd64(h1, binary.LittleEndian.Uint64(buf[8:16]), c)
+			h2 += c
+
+			msg = nil
+		}
+
+		// Multiplication of big number limbs is similar to elementary school
+		// columnar multiplication. Instead of digits, there are 64-bit limbs.
+		//
+		// We are multiplying a 3 limbs number, h, by a 2 limbs number, r.
+		//
+		//                        h2    h1    h0  x
+		//                              r1    r0  =
+		//                       ----------------
+		//                      h2r0  h1r0  h0r0     <-- individual 128-bit products
+		//            +   h2r1  h1r1  h0r1
+		//               ------------------------
+		//                 m3    m2    m1    m0      <-- result in 128-bit overlapping limbs
+		//               ------------------------
+		//         m3.hi m2.hi m1.hi m0.hi           <-- carry propagation
+		//     +         m3.lo m2.lo m1.lo m0.lo
+		//        -------------------------------
+		//           t4    t3    t2    t1    t0      <-- final result in 64-bit limbs
+		//
+		// The main difference from pen-and-paper multiplication is that we do
+		// carry propagation in a separate step, as if we wrote two digit sums
+		// at first (the 128-bit limbs), and then carried the tens all at once.
+
+		h0r0 := mul64(h0, r0)
+		h1r0 := mul64(h1, r0)
+		h2r0 := mul64(h2, r0)
+		h0r1 := mul64(h0, r1)
+		h1r1 := mul64(h1, r1)
+		h2r1 := mul64(h2, r1)
+
+		// Since h2 is known to be at most 7 (5 + 1 + 1), and r0 and r1 have their
+		// top 4 bits cleared by rMask{0,1}, we know that their product is not going
+		// to overflow 64 bits, so we can ignore the high part of the products.
+		//
+		// This also means that the product doesn't have a fifth limb (t4).
+		if h2r0.hi != 0 {
+			panic("poly1305: unexpected overflow")
+		}
+		if h2r1.hi != 0 {
+			panic("poly1305: unexpected overflow")
+		}
+
+		m0 := h0r0
+		m1 := add128(h1r0, h0r1) // These two additions don't overflow thanks again
+		m2 := add128(h2r0, h1r1) // to the 4 masked bits at the top of r0 and r1.
+		m3 := h2r1
+
+		t0 := m0.lo
+		t1, c := bitsAdd64(m1.lo, m0.hi, 0)
+		t2, c := bitsAdd64(m2.lo, m1.hi, c)
+		t3, _ := bitsAdd64(m3.lo, m2.hi, c)
+
+		// Now we have the result as 4 64-bit limbs, and we need to reduce it
+		// modulo 2¹³⁰ - 5. The special shape of this Crandall prime lets us do
+		// a cheap partial reduction according to the reduction identity
+		//
+		//     c * 2¹³⁰ + n  =  c * 5 + n  mod  2¹³⁰ - 5
+		//
+		// because 2¹³⁰ = 5 mod 2¹³⁰ - 5. Partial reduction since the result is
+		// likely to be larger than 2¹³⁰ - 5, but still small enough to fit the
+		// assumptions we make about h in the rest of the code.
+		//
+		// See also https://speakerdeck.com/gtank/engineering-prime-numbers?slide=23
+
+		// We split the final result at the 2¹³⁰ mark into h and cc, the carry.
+		// Note that the carry bits are effectively shifted left by 2, in other
+		// words, cc = c * 4 for the c in the reduction identity.
+		h0, h1, h2 = t0, t1, t2&maskLow2Bits
+		cc := uint128{t2 & maskNotLow2Bits, t3}
+
+		// To add c * 5 to h, we first add cc = c * 4, and then add (cc >> 2) = c.
+
+		h0, c = bitsAdd64(h0, cc.lo, 0)
+		h1, c = bitsAdd64(h1, cc.hi, c)
+		h2 += c
+
+		cc = shiftRightBy2(cc)
+
+		h0, c = bitsAdd64(h0, cc.lo, 0)
+		h1, c = bitsAdd64(h1, cc.hi, c)
+		h2 += c
+
+		// h2 is at most 3 + 1 + 1 = 5, making the whole of h at most
+		//
+		//     5 * 2¹²⁸ + (2¹²⁸ - 1) = 6 * 2¹²⁸ - 1
+	}
+
+	state.h[0], state.h[1], state.h[2] = h0, h1, h2
+}
+
+const (
+	maskLow2Bits    uint64 = 0x0000000000000003
+	maskNotLow2Bits uint64 = ^maskLow2Bits
+)
+
+// select64 returns x if v == 1 and y if v == 0, in constant time.
+func select64(v, x, y uint64) uint64 { return ^(v-1)&x | (v-1)&y }
+
+// [p0, p1, p2] is 2¹³⁰ - 5 in little endian order.
+const (
+	p0 = 0xFFFFFFFFFFFFFFFB
+	p1 = 0xFFFFFFFFFFFFFFFF
+	p2 = 0x0000000000000003
+)
+
+// finalize completes the modular reduction of h and computes
+//
+//	out = h + s  mod  2¹²⁸
+func finalize(out *[TagSize]byte, h *[3]uint64, s *[2]uint64) {
+	h0, h1, h2 := h[0], h[1], h[2]
+
+	// After the partial reduction in updateGeneric, h might be more than
+	// 2¹³⁰ - 5, but will be less than 2 * (2¹³⁰ - 5). To complete the reduction
+	// in constant time, we compute t = h - (2¹³⁰ - 5), and select h as the
+	// result if the subtraction underflows, and t otherwise.
+
+	hMinusP0, b := bitsSub64(h0, p0, 0)
+	hMinusP1, b := bitsSub64(h1, p1, b)
+	_, b = bitsSub64(h2, p2, b)
+
+	// h = h if h < p else h - p
+	h0 = select64(b, h0, hMinusP0)
+	h1 = select64(b, h1, hMinusP1)
+
+	// Finally, we compute the last Poly1305 step
+	//
+	//     tag = h + s  mod  2¹²⁸
+	//
+	// by just doing a wide addition with the 128 low bits of h and discarding
+	// the overflow.
+	h0, c := bitsAdd64(h0, s[0], 0)
+	h1, _ = bitsAdd64(h1, s[1], c)
+
+	binary.LittleEndian.PutUint64(out[0:8], h0)
+	binary.LittleEndian.PutUint64(out[8:16], h1)
+}
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.go b/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.go
new file mode 100644
index 000000000..4a069941a
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.go
@@ -0,0 +1,48 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+package poly1305
+
+//go:noescape
+func update(state *macState, msg []byte)
+
+// mac is a wrapper for macGeneric that redirects calls that would have gone to
+// updateGeneric to update.
+//
+// Its Write and Sum methods are otherwise identical to the macGeneric ones, but
+// using function pointers would carry a major performance cost.
+type mac struct{ macGeneric }
+
+func (h *mac) Write(p []byte) (int, error) {
+	nn := len(p)
+	if h.offset > 0 {
+		n := copy(h.buffer[h.offset:], p)
+		if h.offset+n < TagSize {
+			h.offset += n
+			return nn, nil
+		}
+		p = p[n:]
+		h.offset = 0
+		update(&h.macState, h.buffer[:])
+	}
+	if n := len(p) - (len(p) % TagSize); n > 0 {
+		update(&h.macState, p[:n])
+		p = p[n:]
+	}
+	if len(p) > 0 {
+		h.offset += copy(h.buffer[h.offset:], p)
+	}
+	return nn, nil
+}
+
+func (h *mac) Sum(out *[16]byte) {
+	state := h.macState
+	if h.offset > 0 {
+		update(&state, h.buffer[:h.offset])
+	}
+	finalize(out, &state.h, &state.s)
+}
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.s b/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.s
new file mode 100644
index 000000000..58422aad2
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.s
@@ -0,0 +1,182 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+#include "textflag.h"
+
+// This was ported from the amd64 implementation.
+
+#define POLY1305_ADD(msg, h0, h1, h2, t0, t1, t2) \
+	MOVD (msg), t0;  \
+	MOVD 8(msg), t1; \
+	MOVD $1, t2;     \
+	ADDC t0, h0, h0; \
+	ADDE t1, h1, h1; \
+	ADDE t2, h2;     \
+	ADD  $16, msg
+
+#define POLY1305_MUL(h0, h1, h2, r0, r1, t0, t1, t2, t3, t4, t5) \
+	MULLD  r0, h0, t0;  \
+	MULLD  r0, h1, t4;  \
+	MULHDU r0, h0, t1;  \
+	MULHDU r0, h1, t5;  \
+	ADDC   t4, t1, t1;  \
+	MULLD  r0, h2, t2;  \
+	ADDZE  t5;          \
+	MULHDU r1, h0, t4;  \
+	MULLD  r1, h0, h0;  \
+	ADD    t5, t2, t2;  \
+	ADDC   h0, t1, t1;  \
+	MULLD  h2, r1, t3;  \
+	ADDZE  t4, h0;      \
+	MULHDU r1, h1, t5;  \
+	MULLD  r1, h1, t4;  \
+	ADDC   t4, t2, t2;  \
+	ADDE   t5, t3, t3;  \
+	ADDC   h0, t2, t2;  \
+	MOVD   $-4, t4;     \
+	MOVD   t0, h0;      \
+	MOVD   t1, h1;      \
+	ADDZE  t3;          \
+	ANDCC  $3, t2, h2;  \
+	AND    t2, t4, t0;  \
+	ADDC   t0, h0, h0;  \
+	ADDE   t3, h1, h1;  \
+	SLD    $62, t3, t4; \
+	SRD    $2, t2;      \
+	ADDZE  h2;          \
+	OR     t4, t2, t2;  \
+	SRD    $2, t3;      \
+	ADDC   t2, h0, h0;  \
+	ADDE   t3, h1, h1;  \
+	ADDZE  h2
+
+DATA ·poly1305Mask<>+0x00(SB)/8, $0x0FFFFFFC0FFFFFFF
+DATA ·poly1305Mask<>+0x08(SB)/8, $0x0FFFFFFC0FFFFFFC
+GLOBL ·poly1305Mask<>(SB), RODATA, $16
+
+// func update(state *[7]uint64, msg []byte)
+TEXT ·update(SB), $0-32
+	MOVD state+0(FP), R3
+	MOVD msg_base+8(FP), R4
+	MOVD msg_len+16(FP), R5
+
+	MOVD 0(R3), R8   // h0
+	MOVD 8(R3), R9   // h1
+	MOVD 16(R3), R10 // h2
+	MOVD 24(R3), R11 // r0
+	MOVD 32(R3), R12 // r1
+
+	CMP R5, $16
+	BLT bytes_between_0_and_15
+
+loop:
+	POLY1305_ADD(R4, R8, R9, R10, R20, R21, R22)
+
+multiply:
+	POLY1305_MUL(R8, R9, R10, R11, R12, R16, R17, R18, R14, R20, R21)
+	ADD $-16, R5
+	CMP R5, $16
+	BGE loop
+
+bytes_between_0_and_15:
+	CMP  R5, $0
+	BEQ  done
+	MOVD $0, R16 // h0
+	MOVD $0, R17 // h1
+
+flush_buffer:
+	CMP R5, $8
+	BLE just1
+
+	MOVD $8, R21
+	SUB  R21, R5, R21
+
+	// Greater than 8 -- load the rightmost remaining bytes in msg
+	// and put into R17 (h1)
+	MOVD (R4)(R21), R17
+	MOVD $16, R22
+
+	// Find the offset to those bytes
+	SUB R5, R22, R22
+	SLD $3, R22
+
+	// Shift to get only the bytes in msg
+	SRD R22, R17, R17
+
+	// Put 1 at high end
+	MOVD $1, R23
+	SLD  $3, R21
+	SLD  R21, R23, R23
+	OR   R23, R17, R17
+
+	// Remainder is 8
+	MOVD $8, R5
+
+just1:
+	CMP R5, $8
+	BLT less8
+
+	// Exactly 8
+	MOVD (R4), R16
+
+	CMP R17, $0
+
+	// Check if we've already set R17; if not
+	// set 1 to indicate end of msg.
+	BNE  carry
+	MOVD $1, R17
+	BR   carry
+
+less8:
+	MOVD  $0, R16   // h0
+	MOVD  $0, R22   // shift count
+	CMP   R5, $4
+	BLT   less4
+	MOVWZ (R4), R16
+	ADD   $4, R4
+	ADD   $-4, R5
+	MOVD  $32, R22
+
+less4:
+	CMP   R5, $2
+	BLT   less2
+	MOVHZ (R4), R21
+	SLD   R22, R21, R21
+	OR    R16, R21, R16
+	ADD   $16, R22
+	ADD   $-2, R5
+	ADD   $2, R4
+
+less2:
+	CMP   R5, $0
+	BEQ   insert1
+	MOVBZ (R4), R21
+	SLD   R22, R21, R21
+	OR    R16, R21, R16
+	ADD   $8, R22
+
+insert1:
+	// Insert 1 at end of msg
+	MOVD $1, R21
+	SLD  R22, R21, R21
+	OR   R16, R21, R16
+
+carry:
+	// Add new values to h0, h1, h2
+	ADDC  R16, R8
+	ADDE  R17, R9
+	ADDZE R10, R10
+	MOVD  $16, R5
+	ADD   R5, R4
+	BR    multiply
+
+done:
+	// Save h0, h1, h2 in state
+	MOVD R8, 0(R3)
+	MOVD R9, 8(R3)
+	MOVD R10, 16(R3)
+	RET
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.go b/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.go
new file mode 100644
index 000000000..ec9596688
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.go
@@ -0,0 +1,77 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+package poly1305
+
+import (
+	"golang.org/x/sys/cpu"
+)
+
+// updateVX is an assembly implementation of Poly1305 that uses vector
+// instructions. It must only be called if the vector facility (vx) is
+// available.
+//
+//go:noescape
+func updateVX(state *macState, msg []byte)
+
+// mac is a replacement for macGeneric that uses a larger buffer and redirects
+// calls that would have gone to updateGeneric to updateVX if the vector
+// facility is installed.
+//
+// A larger buffer is required for good performance because the vector
+// implementation has a higher fixed cost per call than the generic
+// implementation.
+type mac struct {
+	macState
+
+	buffer [16 * TagSize]byte // size must be a multiple of block size (16)
+	offset int
+}
+
+func (h *mac) Write(p []byte) (int, error) {
+	nn := len(p)
+	if h.offset > 0 {
+		n := copy(h.buffer[h.offset:], p)
+		if h.offset+n < len(h.buffer) {
+			h.offset += n
+			return nn, nil
+		}
+		p = p[n:]
+		h.offset = 0
+		if cpu.S390X.HasVX {
+			updateVX(&h.macState, h.buffer[:])
+		} else {
+			updateGeneric(&h.macState, h.buffer[:])
+		}
+	}
+
+	tail := len(p) % len(h.buffer) // number of bytes to copy into buffer
+	body := len(p) - tail          // number of bytes to process now
+	if body > 0 {
+		if cpu.S390X.HasVX {
+			updateVX(&h.macState, p[:body])
+		} else {
+			updateGeneric(&h.macState, p[:body])
+		}
+	}
+	h.offset = copy(h.buffer[:], p[body:]) // copy tail bytes - can be 0
+	return nn, nil
+}
+
+func (h *mac) Sum(out *[TagSize]byte) {
+	state := h.macState
+	remainder := h.buffer[:h.offset]
+
+	// Use the generic implementation if we have 2 or fewer blocks left
+	// to sum. The vector implementation has a higher startup time.
+	if cpu.S390X.HasVX && len(remainder) > 2*TagSize {
+		updateVX(&state, remainder)
+	} else if len(remainder) > 0 {
+		updateGeneric(&state, remainder)
+	}
+	finalize(out, &state.h, &state.s)
+}
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.s b/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.s
new file mode 100644
index 000000000..aa9e0494c
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.s
@@ -0,0 +1,504 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+#include "textflag.h"
+
+// This implementation of Poly1305 uses the vector facility (vx)
+// to process up to 2 blocks (32 bytes) per iteration using an
+// algorithm based on the one described in:
+//
+// NEON crypto, Daniel J. Bernstein & Peter Schwabe
+// https://cryptojedi.org/papers/neoncrypto-20120320.pdf
+//
+// This algorithm uses 5 26-bit limbs to represent a 130-bit
+// value. These limbs are, for the most part, zero extended and
+// placed into 64-bit vector register elements. Each vector
+// register is 128-bits wide and so holds 2 of these elements.
+// Using 26-bit limbs allows us plenty of headroom to accommodate
+// accumulations before and after multiplication without
+// overflowing either 32-bits (before multiplication) or 64-bits
+// (after multiplication).
+//
+// In order to parallelise the operations required to calculate
+// the sum we use two separate accumulators and then sum those
+// in an extra final step. For compatibility with the generic
+// implementation we perform this summation at the end of every
+// updateVX call.
+//
+// To use two accumulators we must multiply the message blocks
+// by r² rather than r. Only the final message block should be
+// multiplied by r.
+//
+// Example:
+//
+// We want to calculate the sum (h) for a 64 byte message (m):
+//
+//   h = m[0:16]r⁴ + m[16:32]r³ + m[32:48]r² + m[48:64]r
+//
+// To do this we split the calculation into the even indices
+// and odd indices of the message. These form our SIMD 'lanes':
+//
+//   h = m[ 0:16]r⁴ + m[32:48]r² +   <- lane 0
+//       m[16:32]r³ + m[48:64]r      <- lane 1
+//
+// To calculate this iteratively we refactor so that both lanes
+// are written in terms of r² and r:
+//
+//   h = (m[ 0:16]r² + m[32:48])r² + <- lane 0
+//       (m[16:32]r² + m[48:64])r    <- lane 1
+//                ^             ^
+//                |             coefficients for second iteration
+//                coefficients for first iteration
+//
+// So in this case we would have two iterations. In the first
+// both lanes are multiplied by r². In the second only the
+// first lane is multiplied by r² and the second lane is
+// instead multiplied by r. This gives use the odd and even
+// powers of r that we need from the original equation.
+//
+// Notation:
+//
+//   h - accumulator
+//   r - key
+//   m - message
+//
+//   [a, b]       - SIMD register holding two 64-bit values
+//   [a, b, c, d] - SIMD register holding four 32-bit values
+//   xᵢ[n]        - limb n of variable x with bit width i
+//
+// Limbs are expressed in little endian order, so for 26-bit
+// limbs x₂₆[4] will be the most significant limb and x₂₆[0]
+// will be the least significant limb.
+
+// masking constants
+#define MOD24 V0 // [0x0000000000ffffff, 0x0000000000ffffff] - mask low 24-bits
+#define MOD26 V1 // [0x0000000003ffffff, 0x0000000003ffffff] - mask low 26-bits
+
+// expansion constants (see EXPAND macro)
+#define EX0 V2
+#define EX1 V3
+#define EX2 V4
+
+// key (r², r or 1 depending on context)
+#define R_0 V5
+#define R_1 V6
+#define R_2 V7
+#define R_3 V8
+#define R_4 V9
+
+// precalculated coefficients (5r², 5r or 0 depending on context)
+#define R5_1 V10
+#define R5_2 V11
+#define R5_3 V12
+#define R5_4 V13
+
+// message block (m)
+#define M_0 V14
+#define M_1 V15
+#define M_2 V16
+#define M_3 V17
+#define M_4 V18
+
+// accumulator (h)
+#define H_0 V19
+#define H_1 V20
+#define H_2 V21
+#define H_3 V22
+#define H_4 V23
+
+// temporary registers (for short-lived values)
+#define T_0 V24
+#define T_1 V25
+#define T_2 V26
+#define T_3 V27
+#define T_4 V28
+
+GLOBL ·constants<>(SB), RODATA, $0x30
+// EX0
+DATA ·constants<>+0x00(SB)/8, $0x0006050403020100
+DATA ·constants<>+0x08(SB)/8, $0x1016151413121110
+// EX1
+DATA ·constants<>+0x10(SB)/8, $0x060c0b0a09080706
+DATA ·constants<>+0x18(SB)/8, $0x161c1b1a19181716
+// EX2
+DATA ·constants<>+0x20(SB)/8, $0x0d0d0d0d0d0f0e0d
+DATA ·constants<>+0x28(SB)/8, $0x1d1d1d1d1d1f1e1d
+
+// MULTIPLY multiplies each lane of f and g, partially reduced
+// modulo 2¹³⁰ - 5. The result, h, consists of partial products
+// in each lane that need to be reduced further to produce the
+// final result.
+//
+//   h₁₃₀ = (f₁₃₀g₁₃₀) % 2¹³⁰ + (5f₁₃₀g₁₃₀) / 2¹³⁰
+//
+// Note that the multiplication by 5 of the high bits is
+// achieved by precalculating the multiplication of four of the
+// g coefficients by 5. These are g51-g54.
+#define MULTIPLY(f0, f1, f2, f3, f4, g0, g1, g2, g3, g4, g51, g52, g53, g54, h0, h1, h2, h3, h4) \
+	VMLOF  f0, g0, h0        \
+	VMLOF  f0, g3, h3        \
+	VMLOF  f0, g1, h1        \
+	VMLOF  f0, g4, h4        \
+	VMLOF  f0, g2, h2        \
+	VMLOF  f1, g54, T_0      \
+	VMLOF  f1, g2, T_3       \
+	VMLOF  f1, g0, T_1       \
+	VMLOF  f1, g3, T_4       \
+	VMLOF  f1, g1, T_2       \
+	VMALOF f2, g53, h0, h0   \
+	VMALOF f2, g1, h3, h3    \
+	VMALOF f2, g54, h1, h1   \
+	VMALOF f2, g2, h4, h4    \
+	VMALOF f2, g0, h2, h2    \
+	VMALOF f3, g52, T_0, T_0 \
+	VMALOF f3, g0, T_3, T_3  \
+	VMALOF f3, g53, T_1, T_1 \
+	VMALOF f3, g1, T_4, T_4  \
+	VMALOF f3, g54, T_2, T_2 \
+	VMALOF f4, g51, h0, h0   \
+	VMALOF f4, g54, h3, h3   \
+	VMALOF f4, g52, h1, h1   \
+	VMALOF f4, g0, h4, h4    \
+	VMALOF f4, g53, h2, h2   \
+	VAG    T_0, h0, h0       \
+	VAG    T_3, h3, h3       \
+	VAG    T_1, h1, h1       \
+	VAG    T_4, h4, h4       \
+	VAG    T_2, h2, h2
+
+// REDUCE performs the following carry operations in four
+// stages, as specified in Bernstein & Schwabe:
+//
+//   1: h₂₆[0]->h₂₆[1] h₂₆[3]->h₂₆[4]
+//   2: h₂₆[1]->h₂₆[2] h₂₆[4]->h₂₆[0]
+//   3: h₂₆[0]->h₂₆[1] h₂₆[2]->h₂₆[3]
+//   4: h₂₆[3]->h₂₆[4]
+//
+// The result is that all of the limbs are limited to 26-bits
+// except for h₂₆[1] and h₂₆[4] which are limited to 27-bits.
+//
+// Note that although each limb is aligned at 26-bit intervals
+// they may contain values that exceed 2²⁶ - 1, hence the need
+// to carry the excess bits in each limb.
+#define REDUCE(h0, h1, h2, h3, h4) \
+	VESRLG $26, h0, T_0  \
+	VESRLG $26, h3, T_1  \
+	VN     MOD26, h0, h0 \
+	VN     MOD26, h3, h3 \
+	VAG    T_0, h1, h1   \
+	VAG    T_1, h4, h4   \
+	VESRLG $26, h1, T_2  \
+	VESRLG $26, h4, T_3  \
+	VN     MOD26, h1, h1 \
+	VN     MOD26, h4, h4 \
+	VESLG  $2, T_3, T_4  \
+	VAG    T_3, T_4, T_4 \
+	VAG    T_2, h2, h2   \
+	VAG    T_4, h0, h0   \
+	VESRLG $26, h2, T_0  \
+	VESRLG $26, h0, T_1  \
+	VN     MOD26, h2, h2 \
+	VN     MOD26, h0, h0 \
+	VAG    T_0, h3, h3   \
+	VAG    T_1, h1, h1   \
+	VESRLG $26, h3, T_2  \
+	VN     MOD26, h3, h3 \
+	VAG    T_2, h4, h4
+
+// EXPAND splits the 128-bit little-endian values in0 and in1
+// into 26-bit big-endian limbs and places the results into
+// the first and second lane of d₂₆[0:4] respectively.
+//
+// The EX0, EX1 and EX2 constants are arrays of byte indices
+// for permutation. The permutation both reverses the bytes
+// in the input and ensures the bytes are copied into the
+// destination limb ready to be shifted into their final
+// position.
+#define EXPAND(in0, in1, d0, d1, d2, d3, d4) \
+	VPERM  in0, in1, EX0, d0 \
+	VPERM  in0, in1, EX1, d2 \
+	VPERM  in0, in1, EX2, d4 \
+	VESRLG $26, d0, d1       \
+	VESRLG $30, d2, d3       \
+	VESRLG $4, d2, d2        \
+	VN     MOD26, d0, d0     \ // [in0₂₆[0], in1₂₆[0]]
+	VN     MOD26, d3, d3     \ // [in0₂₆[3], in1₂₆[3]]
+	VN     MOD26, d1, d1     \ // [in0₂₆[1], in1₂₆[1]]
+	VN     MOD24, d4, d4     \ // [in0₂₆[4], in1₂₆[4]]
+	VN     MOD26, d2, d2     // [in0₂₆[2], in1₂₆[2]]
+
+// func updateVX(state *macState, msg []byte)
+TEXT ·updateVX(SB), NOSPLIT, $0
+	MOVD state+0(FP), R1
+	LMG  msg+8(FP), R2, R3 // R2=msg_base, R3=msg_len
+
+	// load EX0, EX1 and EX2
+	MOVD $·constants<>(SB), R5
+	VLM  (R5), EX0, EX2
+
+	// generate masks
+	VGMG $(64-24), $63, MOD24 // [0x00ffffff, 0x00ffffff]
+	VGMG $(64-26), $63, MOD26 // [0x03ffffff, 0x03ffffff]
+
+	// load h (accumulator) and r (key) from state
+	VZERO T_1               // [0, 0]
+	VL    0(R1), T_0        // [h₆₄[0], h₆₄[1]]
+	VLEG  $0, 16(R1), T_1   // [h₆₄[2], 0]
+	VL    24(R1), T_2       // [r₆₄[0], r₆₄[1]]
+	VPDI  $0, T_0, T_2, T_3 // [h₆₄[0], r₆₄[0]]
+	VPDI  $5, T_0, T_2, T_4 // [h₆₄[1], r₆₄[1]]
+
+	// unpack h and r into 26-bit limbs
+	// note: h₆₄[2] may have the low 3 bits set, so h₂₆[4] is a 27-bit value
+	VN     MOD26, T_3, H_0            // [h₂₆[0], r₂₆[0]]
+	VZERO  H_1                        // [0, 0]
+	VZERO  H_3                        // [0, 0]
+	VGMG   $(64-12-14), $(63-12), T_0 // [0x03fff000, 0x03fff000] - 26-bit mask with low 12 bits masked out
+	VESLG  $24, T_1, T_1              // [h₆₄[2]<<24, 0]
+	VERIMG $-26&63, T_3, MOD26, H_1   // [h₂₆[1], r₂₆[1]]
+	VESRLG $+52&63, T_3, H_2          // [h₂₆[2], r₂₆[2]] - low 12 bits only
+	VERIMG $-14&63, T_4, MOD26, H_3   // [h₂₆[1], r₂₆[1]]
+	VESRLG $40, T_4, H_4              // [h₂₆[4], r₂₆[4]] - low 24 bits only
+	VERIMG $+12&63, T_4, T_0, H_2     // [h₂₆[2], r₂₆[2]] - complete
+	VO     T_1, H_4, H_4              // [h₂₆[4], r₂₆[4]] - complete
+
+	// replicate r across all 4 vector elements
+	VREPF $3, H_0, R_0 // [r₂₆[0], r₂₆[0], r₂₆[0], r₂₆[0]]
+	VREPF $3, H_1, R_1 // [r₂₆[1], r₂₆[1], r₂₆[1], r₂₆[1]]
+	VREPF $3, H_2, R_2 // [r₂₆[2], r₂₆[2], r₂₆[2], r₂₆[2]]
+	VREPF $3, H_3, R_3 // [r₂₆[3], r₂₆[3], r₂₆[3], r₂₆[3]]
+	VREPF $3, H_4, R_4 // [r₂₆[4], r₂₆[4], r₂₆[4], r₂₆[4]]
+
+	// zero out lane 1 of h
+	VLEIG $1, $0, H_0 // [h₂₆[0], 0]
+	VLEIG $1, $0, H_1 // [h₂₆[1], 0]
+	VLEIG $1, $0, H_2 // [h₂₆[2], 0]
+	VLEIG $1, $0, H_3 // [h₂₆[3], 0]
+	VLEIG $1, $0, H_4 // [h₂₆[4], 0]
+
+	// calculate 5r (ignore least significant limb)
+	VREPIF $5, T_0
+	VMLF   T_0, R_1, R5_1 // [5r₂₆[1], 5r₂₆[1], 5r₂₆[1], 5r₂₆[1]]
+	VMLF   T_0, R_2, R5_2 // [5r₂₆[2], 5r₂₆[2], 5r₂₆[2], 5r₂₆[2]]
+	VMLF   T_0, R_3, R5_3 // [5r₂₆[3], 5r₂₆[3], 5r₂₆[3], 5r₂₆[3]]
+	VMLF   T_0, R_4, R5_4 // [5r₂₆[4], 5r₂₆[4], 5r₂₆[4], 5r₂₆[4]]
+
+	// skip r² calculation if we are only calculating one block
+	CMPBLE R3, $16, skip
+
+	// calculate r²
+	MULTIPLY(R_0, R_1, R_2, R_3, R_4, R_0, R_1, R_2, R_3, R_4, R5_1, R5_2, R5_3, R5_4, M_0, M_1, M_2, M_3, M_4)
+	REDUCE(M_0, M_1, M_2, M_3, M_4)
+	VGBM   $0x0f0f, T_0
+	VERIMG $0, M_0, T_0, R_0 // [r₂₆[0], r²₂₆[0], r₂₆[0], r²₂₆[0]]
+	VERIMG $0, M_1, T_0, R_1 // [r₂₆[1], r²₂₆[1], r₂₆[1], r²₂₆[1]]
+	VERIMG $0, M_2, T_0, R_2 // [r₂₆[2], r²₂₆[2], r₂₆[2], r²₂₆[2]]
+	VERIMG $0, M_3, T_0, R_3 // [r₂₆[3], r²₂₆[3], r₂₆[3], r²₂₆[3]]
+	VERIMG $0, M_4, T_0, R_4 // [r₂₆[4], r²₂₆[4], r₂₆[4], r²₂₆[4]]
+
+	// calculate 5r² (ignore least significant limb)
+	VREPIF $5, T_0
+	VMLF   T_0, R_1, R5_1 // [5r₂₆[1], 5r²₂₆[1], 5r₂₆[1], 5r²₂₆[1]]
+	VMLF   T_0, R_2, R5_2 // [5r₂₆[2], 5r²₂₆[2], 5r₂₆[2], 5r²₂₆[2]]
+	VMLF   T_0, R_3, R5_3 // [5r₂₆[3], 5r²₂₆[3], 5r₂₆[3], 5r²₂₆[3]]
+	VMLF   T_0, R_4, R5_4 // [5r₂₆[4], 5r²₂₆[4], 5r₂₆[4], 5r²₂₆[4]]
+
+loop:
+	CMPBLE R3, $32, b2 // 2 or fewer blocks remaining, need to change key coefficients
+
+	// load next 2 blocks from message
+	VLM (R2), T_0, T_1
+
+	// update message slice
+	SUB  $32, R3
+	MOVD $32(R2), R2
+
+	// unpack message blocks into 26-bit big-endian limbs
+	EXPAND(T_0, T_1, M_0, M_1, M_2, M_3, M_4)
+
+	// add 2¹²⁸ to each message block value
+	VLEIB $4, $1, M_4
+	VLEIB $12, $1, M_4
+
+multiply:
+	// accumulate the incoming message
+	VAG H_0, M_0, M_0
+	VAG H_3, M_3, M_3
+	VAG H_1, M_1, M_1
+	VAG H_4, M_4, M_4
+	VAG H_2, M_2, M_2
+
+	// multiply the accumulator by the key coefficient
+	MULTIPLY(M_0, M_1, M_2, M_3, M_4, R_0, R_1, R_2, R_3, R_4, R5_1, R5_2, R5_3, R5_4, H_0, H_1, H_2, H_3, H_4)
+
+	// carry and partially reduce the partial products
+	REDUCE(H_0, H_1, H_2, H_3, H_4)
+
+	CMPBNE R3, $0, loop
+
+finish:
+	// sum lane 0 and lane 1 and put the result in lane 1
+	VZERO  T_0
+	VSUMQG H_0, T_0, H_0
+	VSUMQG H_3, T_0, H_3
+	VSUMQG H_1, T_0, H_1
+	VSUMQG H_4, T_0, H_4
+	VSUMQG H_2, T_0, H_2
+
+	// reduce again after summation
+	// TODO(mundaym): there might be a more efficient way to do this
+	// now that we only have 1 active lane. For example, we could
+	// simultaneously pack the values as we reduce them.
+	REDUCE(H_0, H_1, H_2, H_3, H_4)
+
+	// carry h[1] through to h[4] so that only h[4] can exceed 2²⁶ - 1
+	// TODO(mundaym): in testing this final carry was unnecessary.
+	// Needs a proof before it can be removed though.
+	VESRLG $26, H_1, T_1
+	VN     MOD26, H_1, H_1
+	VAQ    T_1, H_2, H_2
+	VESRLG $26, H_2, T_2
+	VN     MOD26, H_2, H_2
+	VAQ    T_2, H_3, H_3
+	VESRLG $26, H_3, T_3
+	VN     MOD26, H_3, H_3
+	VAQ    T_3, H_4, H_4
+
+	// h is now < 2(2¹³⁰ - 5)
+	// Pack each lane in h₂₆[0:4] into h₁₂₈[0:1].
+	VESLG $26, H_1, H_1
+	VESLG $26, H_3, H_3
+	VO    H_0, H_1, H_0
+	VO    H_2, H_3, H_2
+	VESLG $4, H_2, H_2
+	VLEIB $7, $48, H_1
+	VSLB  H_1, H_2, H_2
+	VO    H_0, H_2, H_0
+	VLEIB $7, $104, H_1
+	VSLB  H_1, H_4, H_3
+	VO    H_3, H_0, H_0
+	VLEIB $7, $24, H_1
+	VSRLB H_1, H_4, H_1
+
+	// update state
+	VSTEG $1, H_0, 0(R1)
+	VSTEG $0, H_0, 8(R1)
+	VSTEG $1, H_1, 16(R1)
+	RET
+
+b2:  // 2 or fewer blocks remaining
+	CMPBLE R3, $16, b1
+
+	// Load the 2 remaining blocks (17-32 bytes remaining).
+	MOVD $-17(R3), R0    // index of final byte to load modulo 16
+	VL   (R2), T_0       // load full 16 byte block
+	VLL  R0, 16(R2), T_1 // load final (possibly partial) block and pad with zeros to 16 bytes
+
+	// The Poly1305 algorithm requires that a 1 bit be appended to
+	// each message block. If the final block is less than 16 bytes
+	// long then it is easiest to insert the 1 before the message
+	// block is split into 26-bit limbs. If, on the other hand, the
+	// final message block is 16 bytes long then we append the 1 bit
+	// after expansion as normal.
+	MOVBZ  $1, R0
+	MOVD   $-16(R3), R3   // index of byte in last block to insert 1 at (could be 16)
+	CMPBEQ R3, $16, 2(PC) // skip the insertion if the final block is 16 bytes long
+	VLVGB  R3, R0, T_1    // insert 1 into the byte at index R3
+
+	// Split both blocks into 26-bit limbs in the appropriate lanes.
+	EXPAND(T_0, T_1, M_0, M_1, M_2, M_3, M_4)
+
+	// Append a 1 byte to the end of the second to last block.
+	VLEIB $4, $1, M_4
+
+	// Append a 1 byte to the end of the last block only if it is a
+	// full 16 byte block.
+	CMPBNE R3, $16, 2(PC)
+	VLEIB  $12, $1, M_4
+
+	// Finally, set up the coefficients for the final multiplication.
+	// We have previously saved r and 5r in the 32-bit even indexes
+	// of the R_[0-4] and R5_[1-4] coefficient registers.
+	//
+	// We want lane 0 to be multiplied by r² so that can be kept the
+	// same. We want lane 1 to be multiplied by r so we need to move
+	// the saved r value into the 32-bit odd index in lane 1 by
+	// rotating the 64-bit lane by 32.
+	VGBM   $0x00ff, T_0         // [0, 0xffffffffffffffff] - mask lane 1 only
+	VERIMG $32, R_0, T_0, R_0   // [_,  r²₂₆[0], _,  r₂₆[0]]
+	VERIMG $32, R_1, T_0, R_1   // [_,  r²₂₆[1], _,  r₂₆[1]]
+	VERIMG $32, R_2, T_0, R_2   // [_,  r²₂₆[2], _,  r₂₆[2]]
+	VERIMG $32, R_3, T_0, R_3   // [_,  r²₂₆[3], _,  r₂₆[3]]
+	VERIMG $32, R_4, T_0, R_4   // [_,  r²₂₆[4], _,  r₂₆[4]]
+	VERIMG $32, R5_1, T_0, R5_1 // [_, 5r²₂₆[1], _, 5r₂₆[1]]
+	VERIMG $32, R5_2, T_0, R5_2 // [_, 5r²₂₆[2], _, 5r₂₆[2]]
+	VERIMG $32, R5_3, T_0, R5_3 // [_, 5r²₂₆[3], _, 5r₂₆[3]]
+	VERIMG $32, R5_4, T_0, R5_4 // [_, 5r²₂₆[4], _, 5r₂₆[4]]
+
+	MOVD $0, R3
+	BR   multiply
+
+skip:
+	CMPBEQ R3, $0, finish
+
+b1:  // 1 block remaining
+
+	// Load the final block (1-16 bytes). This will be placed into
+	// lane 0.
+	MOVD $-1(R3), R0
+	VLL  R0, (R2), T_0 // pad to 16 bytes with zeros
+
+	// The Poly1305 algorithm requires that a 1 bit be appended to
+	// each message block. If the final block is less than 16 bytes
+	// long then it is easiest to insert the 1 before the message
+	// block is split into 26-bit limbs. If, on the other hand, the
+	// final message block is 16 bytes long then we append the 1 bit
+	// after expansion as normal.
+	MOVBZ  $1, R0
+	CMPBEQ R3, $16, 2(PC)
+	VLVGB  R3, R0, T_0
+
+	// Set the message block in lane 1 to the value 0 so that it
+	// can be accumulated without affecting the final result.
+	VZERO T_1
+
+	// Split the final message block into 26-bit limbs in lane 0.
+	// Lane 1 will be contain 0.
+	EXPAND(T_0, T_1, M_0, M_1, M_2, M_3, M_4)
+
+	// Append a 1 byte to the end of the last block only if it is a
+	// full 16 byte block.
+	CMPBNE R3, $16, 2(PC)
+	VLEIB  $4, $1, M_4
+
+	// We have previously saved r and 5r in the 32-bit even indexes
+	// of the R_[0-4] and R5_[1-4] coefficient registers.
+	//
+	// We want lane 0 to be multiplied by r so we need to move the
+	// saved r value into the 32-bit odd index in lane 0. We want
+	// lane 1 to be set to the value 1. This makes multiplication
+	// a no-op. We do this by setting lane 1 in every register to 0
+	// and then just setting the 32-bit index 3 in R_0 to 1.
+	VZERO T_0
+	MOVD  $0, R0
+	MOVD  $0x10111213, R12
+	VLVGP R12, R0, T_1         // [_, 0x10111213, _, 0x00000000]
+	VPERM T_0, R_0, T_1, R_0   // [_,  r₂₆[0], _, 0]
+	VPERM T_0, R_1, T_1, R_1   // [_,  r₂₆[1], _, 0]
+	VPERM T_0, R_2, T_1, R_2   // [_,  r₂₆[2], _, 0]
+	VPERM T_0, R_3, T_1, R_3   // [_,  r₂₆[3], _, 0]
+	VPERM T_0, R_4, T_1, R_4   // [_,  r₂₆[4], _, 0]
+	VPERM T_0, R5_1, T_1, R5_1 // [_, 5r₂₆[1], _, 0]
+	VPERM T_0, R5_2, T_1, R5_2 // [_, 5r₂₆[2], _, 0]
+	VPERM T_0, R5_3, T_1, R5_3 // [_, 5r₂₆[3], _, 0]
+	VPERM T_0, R5_4, T_1, R5_4 // [_, 5r₂₆[4], _, 0]
+
+	// Set the value of lane 1 to be 1.
+	VLEIF $3, $1, R_0 // [_,  r₂₆[0], _, 1]
+
+	MOVD $0, R3
+	BR   multiply
diff --git a/vendor/golang.org/x/oauth2/README.md b/vendor/golang.org/x/oauth2/README.md
index 1473e1296..781770c20 100644
--- a/vendor/golang.org/x/oauth2/README.md
+++ b/vendor/golang.org/x/oauth2/README.md
@@ -19,7 +19,7 @@ See pkg.go.dev for further documentation and examples.
 * [pkg.go.dev/golang.org/x/oauth2](https://pkg.go.dev/golang.org/x/oauth2)
 * [pkg.go.dev/golang.org/x/oauth2/google](https://pkg.go.dev/golang.org/x/oauth2/google)
 
-## Policy for new packages
+## Policy for new endpoints
 
 We no longer accept new provider-specific packages in this repo if all
 they do is add a single endpoint variable. If you just want to add a
@@ -29,8 +29,12 @@ package.
 
 ## Report Issues / Send Patches
 
-This repository uses Gerrit for code changes. To learn how to submit changes to
-this repository, see https://golang.org/doc/contribute.html.
-
 The main issue tracker for the oauth2 repository is located at
 https://github.com/golang/oauth2/issues.
+
+This repository uses Gerrit for code changes. To learn how to submit changes to
+this repository, see https://golang.org/doc/contribute.html. In particular:
+
+* Excluding trivial changes, all contributions should be connected to an existing issue.
+* API changes must go through the [change proposal process](https://go.dev/s/proposal-process) before they can be accepted.
+* The code owners are listed at [dev.golang.org/owners](https://dev.golang.org/owners#:~:text=x/oauth2).
diff --git a/vendor/golang.org/x/oauth2/google/default.go b/vendor/golang.org/x/oauth2/google/default.go
index 7ed02cd41..2cf71f0f9 100644
--- a/vendor/golang.org/x/oauth2/google/default.go
+++ b/vendor/golang.org/x/oauth2/google/default.go
@@ -8,17 +8,19 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"net/http"
 	"os"
 	"path/filepath"
 	"runtime"
+	"time"
 
 	"cloud.google.com/go/compute/metadata"
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/authhandler"
 )
 
+const adcSetupURL = "https://cloud.google.com/docs/authentication/external/set-up-adc"
+
 // Credentials holds Google credentials, including "Application Default Credentials".
 // For more details, see:
 // https://developers.google.com/accounts/docs/application-default-credentials
@@ -62,6 +64,18 @@ type CredentialsParams struct {
 
 	// PKCE is used to support PKCE flow. Optional for 3LO flow.
 	PKCE *authhandler.PKCEParams
+
+	// The OAuth2 TokenURL default override. This value overrides the default TokenURL,
+	// unless explicitly specified by the credentials config file. Optional.
+	TokenURL string
+
+	// EarlyTokenRefresh is the amount of time before a token expires that a new
+	// token will be preemptively fetched. If unset the default value is 10
+	// seconds.
+	//
+	// Note: This option is currently only respected when using credentials
+	// fetched from the GCE metadata server.
+	EarlyTokenRefresh time.Duration
 }
 
 func (params CredentialsParams) deepCopy() CredentialsParams {
@@ -127,17 +141,15 @@ func FindDefaultCredentialsWithParams(ctx context.Context, params CredentialsPar
 
 	// Second, try a well-known file.
 	filename := wellKnownFile()
-	if creds, err := readCredentialsFile(ctx, filename, params); err == nil {
-		return creds, nil
-	} else if !os.IsNotExist(err) {
-		return nil, fmt.Errorf("google: error getting credentials using well-known file (%v): %v", filename, err)
+	if b, err := os.ReadFile(filename); err == nil {
+		return CredentialsFromJSONWithParams(ctx, b, params)
 	}
 
 	// Third, if we're on a Google App Engine standard first generation runtime (<= Go 1.9)
 	// use those credentials. App Engine standard second generation runtimes (>= Go 1.11)
 	// and App Engine flexible use ComputeTokenSource and the metadata server.
 	if appengineTokenFunc != nil {
-		return &DefaultCredentials{
+		return &Credentials{
 			ProjectID:   appengineAppIDFunc(ctx),
 			TokenSource: AppEngineTokenSource(ctx, params.Scopes...),
 		}, nil
@@ -147,15 +159,14 @@ func FindDefaultCredentialsWithParams(ctx context.Context, params CredentialsPar
 	// or App Engine flexible, use the metadata server.
 	if metadata.OnGCE() {
 		id, _ := metadata.ProjectID()
-		return &DefaultCredentials{
+		return &Credentials{
 			ProjectID:   id,
-			TokenSource: ComputeTokenSource("", params.Scopes...),
+			TokenSource: computeTokenSource("", params.EarlyTokenRefresh, params.Scopes...),
 		}, nil
 	}
 
 	// None are found; return helpful error.
-	const url = "https://developers.google.com/accounts/docs/application-default-credentials"
-	return nil, fmt.Errorf("google: could not find default credentials. See %v for more information.", url)
+	return nil, fmt.Errorf("google: could not find default credentials. See %v for more information", adcSetupURL)
 }
 
 // FindDefaultCredentials invokes FindDefaultCredentialsWithParams with the specified scopes.
@@ -194,7 +205,7 @@ func CredentialsFromJSONWithParams(ctx context.Context, jsonData []byte, params
 		return nil, err
 	}
 	ts = newErrWrappingTokenSource(ts)
-	return &DefaultCredentials{
+	return &Credentials{
 		ProjectID:   f.ProjectID,
 		TokenSource: ts,
 		JSON:        jsonData,
@@ -216,8 +227,8 @@ func wellKnownFile() string {
 	return filepath.Join(guessUnixHomeDir(), ".config", "gcloud", f)
 }
 
-func readCredentialsFile(ctx context.Context, filename string, params CredentialsParams) (*DefaultCredentials, error) {
-	b, err := ioutil.ReadFile(filename)
+func readCredentialsFile(ctx context.Context, filename string, params CredentialsParams) (*Credentials, error) {
+	b, err := os.ReadFile(filename)
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/golang.org/x/oauth2/google/doc.go b/vendor/golang.org/x/oauth2/google/doc.go
index b3e7bc85c..ca717634a 100644
--- a/vendor/golang.org/x/oauth2/google/doc.go
+++ b/vendor/golang.org/x/oauth2/google/doc.go
@@ -26,7 +26,7 @@
 //
 // Using workload identity federation, your application can access Google Cloud
 // resources from Amazon Web Services (AWS), Microsoft Azure or any identity
-// provider that supports OpenID Connect (OIDC).
+// provider that supports OpenID Connect (OIDC) or SAML 2.0.
 // Traditionally, applications running outside Google Cloud have used service
 // account keys to access Google Cloud resources. Using identity federation,
 // you can allow your workload to impersonate a service account.
@@ -36,26 +36,75 @@
 // Follow the detailed instructions on how to configure Workload Identity Federation
 // in various platforms:
 //
-//	Amazon Web Services (AWS): https://cloud.google.com/iam/docs/access-resources-aws
-//	Microsoft Azure: https://cloud.google.com/iam/docs/access-resources-azure
-//	OIDC identity provider: https://cloud.google.com/iam/docs/access-resources-oidc
+//	Amazon Web Services (AWS): https://cloud.google.com/iam/docs/workload-identity-federation-with-other-clouds#aws
+//	Microsoft Azure: https://cloud.google.com/iam/docs/workload-identity-federation-with-other-clouds#azure
+//	OIDC identity provider: https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#oidc
+//	SAML 2.0 identity provider: https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#saml
 //
 // For OIDC and SAML providers, the library can retrieve tokens in three ways:
 // from a local file location (file-sourced credentials), from a server
 // (URL-sourced credentials), or from a local executable (executable-sourced
 // credentials).
 // For file-sourced credentials, a background process needs to be continuously
-// refreshing the file location with a new OIDC token prior to expiration.
+// refreshing the file location with a new OIDC/SAML token prior to expiration.
 // For tokens with one hour lifetimes, the token needs to be updated in the file
 // every hour. The token can be stored directly as plain text or in JSON format.
 // For URL-sourced credentials, a local server needs to host a GET endpoint to
-// return the OIDC token. The response can be in plain text or JSON.
+// return the OIDC/SAML token. The response can be in plain text or JSON.
 // Additional required request headers can also be specified.
 // For executable-sourced credentials, an application needs to be available to
-// output the OIDC token and other information in a JSON format.
+// output the OIDC/SAML token and other information in a JSON format.
 // For more information on how these work (and how to implement
 // executable-sourced credentials), please check out:
-// https://cloud.google.com/iam/docs/using-workload-identity-federation#oidc
+// https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#create_a_credential_configuration
+//
+// Note that this library does not perform any validation on the token_url, token_info_url,
+// or service_account_impersonation_url fields of the credential configuration.
+// It is not recommended to use a credential configuration that you did not generate with
+// the gcloud CLI unless you verify that the URL fields point to a googleapis.com domain.
+//
+// # Workforce Identity Federation
+//
+// Workforce identity federation lets you use an external identity provider (IdP) to
+// authenticate and authorize a workforce—a group of users, such as employees, partners,
+// and contractors—using IAM, so that the users can access Google Cloud services.
+// Workforce identity federation extends Google Cloud's identity capabilities to support
+// syncless, attribute-based single sign on.
+//
+// With workforce identity federation, your workforce can access Google Cloud resources
+// using an external identity provider (IdP) that supports OpenID Connect (OIDC) or
+// SAML 2.0 such as Azure Active Directory (Azure AD), Active Directory Federation
+// Services (AD FS), Okta, and others.
+//
+// Follow the detailed instructions on how to configure Workload Identity Federation
+// in various platforms:
+//
+//	Azure AD: https://cloud.google.com/iam/docs/workforce-sign-in-azure-ad
+//	Okta: https://cloud.google.com/iam/docs/workforce-sign-in-okta
+//	OIDC identity provider: https://cloud.google.com/iam/docs/configuring-workforce-identity-federation#oidc
+//	SAML 2.0 identity provider: https://cloud.google.com/iam/docs/configuring-workforce-identity-federation#saml
+//
+// For workforce identity federation, the library can retrieve tokens in three ways:
+// from a local file location (file-sourced credentials), from a server
+// (URL-sourced credentials), or from a local executable (executable-sourced
+// credentials).
+// For file-sourced credentials, a background process needs to be continuously
+// refreshing the file location with a new OIDC/SAML token prior to expiration.
+// For tokens with one hour lifetimes, the token needs to be updated in the file
+// every hour. The token can be stored directly as plain text or in JSON format.
+// For URL-sourced credentials, a local server needs to host a GET endpoint to
+// return the OIDC/SAML token. The response can be in plain text or JSON.
+// Additional required request headers can also be specified.
+// For executable-sourced credentials, an application needs to be available to
+// output the OIDC/SAML token and other information in a JSON format.
+// For more information on how these work (and how to implement
+// executable-sourced credentials), please check out:
+// https://cloud.google.com/iam/docs/workforce-obtaining-short-lived-credentials#generate_a_configuration_file_for_non-interactive_sign-in
+//
+// Note that this library does not perform any validation on the token_url, token_info_url,
+// or service_account_impersonation_url fields of the credential configuration.
+// It is not recommended to use a credential configuration that you did not generate with
+// the gcloud CLI unless you verify that the URL fields point to a googleapis.com domain.
 //
 // # Credentials
 //
diff --git a/vendor/golang.org/x/oauth2/google/google.go b/vendor/golang.org/x/oauth2/google/google.go
index 8df0c493e..cc1223889 100644
--- a/vendor/golang.org/x/oauth2/google/google.go
+++ b/vendor/golang.org/x/oauth2/google/google.go
@@ -26,6 +26,9 @@ var Endpoint = oauth2.Endpoint{
 	AuthStyle: oauth2.AuthStyleInParams,
 }
 
+// MTLSTokenURL is Google's OAuth 2.0 default mTLS endpoint.
+const MTLSTokenURL = "https://oauth2.mtls.googleapis.com/token"
+
 // JWTTokenURL is Google's OAuth 2.0 token URL to use with the JWT flow.
 const JWTTokenURL = "https://oauth2.googleapis.com/token"
 
@@ -172,7 +175,11 @@ func (f *credentialsFile) tokenSource(ctx context.Context, params CredentialsPar
 			cfg.Endpoint.AuthURL = Endpoint.AuthURL
 		}
 		if cfg.Endpoint.TokenURL == "" {
-			cfg.Endpoint.TokenURL = Endpoint.TokenURL
+			if params.TokenURL != "" {
+				cfg.Endpoint.TokenURL = params.TokenURL
+			} else {
+				cfg.Endpoint.TokenURL = Endpoint.TokenURL
+			}
 		}
 		tok := &oauth2.Token{RefreshToken: f.RefreshToken}
 		return cfg.TokenSource(ctx, tok), nil
@@ -224,7 +231,11 @@ func (f *credentialsFile) tokenSource(ctx context.Context, params CredentialsPar
 // Further information about retrieving access tokens from the GCE metadata
 // server can be found at https://cloud.google.com/compute/docs/authentication.
 func ComputeTokenSource(account string, scope ...string) oauth2.TokenSource {
-	return oauth2.ReuseTokenSource(nil, computeSource{account: account, scopes: scope})
+	return computeTokenSource(account, 0, scope...)
+}
+
+func computeTokenSource(account string, earlyExpiry time.Duration, scope ...string) oauth2.TokenSource {
+	return oauth2.ReuseTokenSourceWithExpiry(nil, computeSource{account: account, scopes: scope}, earlyExpiry)
 }
 
 type computeSource struct {
diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccount/basecredentials.go b/vendor/golang.org/x/oauth2/google/internal/externalaccount/basecredentials.go
index 3eab8df7c..dcd252a61 100644
--- a/vendor/golang.org/x/oauth2/google/internal/externalaccount/basecredentials.go
+++ b/vendor/golang.org/x/oauth2/google/internal/externalaccount/basecredentials.go
@@ -67,22 +67,6 @@ type Config struct {
 // that include all elements in a given list, in that order.
 
 var (
-	validTokenURLPatterns = []*regexp.Regexp{
-		// The complicated part in the middle matches any number of characters that
-		// aren't period, spaces, or slashes.
-		regexp.MustCompile(`(?i)^[^\.\s\/\\]+\.sts\.googleapis\.com$`),
-		regexp.MustCompile(`(?i)^sts\.googleapis\.com$`),
-		regexp.MustCompile(`(?i)^sts\.[^\.\s\/\\]+\.googleapis\.com$`),
-		regexp.MustCompile(`(?i)^[^\.\s\/\\]+-sts\.googleapis\.com$`),
-		regexp.MustCompile(`(?i)^sts-[^\.\s\/\\]+\.p\.googleapis\.com$`),
-	}
-	validImpersonateURLPatterns = []*regexp.Regexp{
-		regexp.MustCompile(`^[^\.\s\/\\]+\.iamcredentials\.googleapis\.com$`),
-		regexp.MustCompile(`^iamcredentials\.googleapis\.com$`),
-		regexp.MustCompile(`^iamcredentials\.[^\.\s\/\\]+\.googleapis\.com$`),
-		regexp.MustCompile(`^[^\.\s\/\\]+-iamcredentials\.googleapis\.com$`),
-		regexp.MustCompile(`^iamcredentials-[^\.\s\/\\]+\.p\.googleapis\.com$`),
-	}
 	validWorkforceAudiencePattern *regexp.Regexp = regexp.MustCompile(`//iam\.googleapis\.com/locations/[^/]+/workforcePools/`)
 )
 
@@ -110,25 +94,13 @@ func validateWorkforceAudience(input string) bool {
 
 // TokenSource Returns an external account TokenSource struct. This is to be called by package google to construct a google.Credentials.
 func (c *Config) TokenSource(ctx context.Context) (oauth2.TokenSource, error) {
-	return c.tokenSource(ctx, validTokenURLPatterns, validImpersonateURLPatterns, "https")
+	return c.tokenSource(ctx, "https")
 }
 
 // tokenSource is a private function that's directly called by some of the tests,
 // because the unit test URLs are mocked, and would otherwise fail the
 // validity check.
-func (c *Config) tokenSource(ctx context.Context, tokenURLValidPats []*regexp.Regexp, impersonateURLValidPats []*regexp.Regexp, scheme string) (oauth2.TokenSource, error) {
-	valid := validateURL(c.TokenURL, tokenURLValidPats, scheme)
-	if !valid {
-		return nil, fmt.Errorf("oauth2/google: invalid TokenURL provided while constructing tokenSource")
-	}
-
-	if c.ServiceAccountImpersonationURL != "" {
-		valid := validateURL(c.ServiceAccountImpersonationURL, impersonateURLValidPats, scheme)
-		if !valid {
-			return nil, fmt.Errorf("oauth2/google: invalid ServiceAccountImpersonationURL provided while constructing tokenSource")
-		}
-	}
-
+func (c *Config) tokenSource(ctx context.Context, scheme string) (oauth2.TokenSource, error) {
 	if c.WorkforcePoolUserProject != "" {
 		valid := validateWorkforceAudience(c.Audience)
 		if !valid {
diff --git a/vendor/golang.org/x/oauth2/internal/oauth2.go b/vendor/golang.org/x/oauth2/internal/oauth2.go
index c0ab196cf..14989beaf 100644
--- a/vendor/golang.org/x/oauth2/internal/oauth2.go
+++ b/vendor/golang.org/x/oauth2/internal/oauth2.go
@@ -14,7 +14,7 @@ import (
 
 // ParseKey converts the binary contents of a private key file
 // to an *rsa.PrivateKey. It detects whether the private key is in a
-// PEM container or not. If so, it extracts the the private key
+// PEM container or not. If so, it extracts the private key
 // from PEM container before conversion. It only supports PEM
 // containers with no passphrase.
 func ParseKey(key []byte) (*rsa.PrivateKey, error) {
diff --git a/vendor/golang.org/x/oauth2/internal/token.go b/vendor/golang.org/x/oauth2/internal/token.go
index b4723fcac..58901bda5 100644
--- a/vendor/golang.org/x/oauth2/internal/token.go
+++ b/vendor/golang.org/x/oauth2/internal/token.go
@@ -55,12 +55,18 @@ type Token struct {
 }
 
 // tokenJSON is the struct representing the HTTP response from OAuth2
-// providers returning a token in JSON form.
+// providers returning a token or error in JSON form.
+// https://datatracker.ietf.org/doc/html/rfc6749#section-5.1
 type tokenJSON struct {
 	AccessToken  string         `json:"access_token"`
 	TokenType    string         `json:"token_type"`
 	RefreshToken string         `json:"refresh_token"`
 	ExpiresIn    expirationTime `json:"expires_in"` // at least PayPal returns string, while most return number
+	// error fields
+	// https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
+	ErrorCode        string `json:"error"`
+	ErrorDescription string `json:"error_description"`
+	ErrorURI         string `json:"error_uri"`
 }
 
 func (e *tokenJSON) expiry() (t time.Time) {
@@ -236,21 +242,29 @@ func doTokenRoundTrip(ctx context.Context, req *http.Request) (*Token, error) {
 	if err != nil {
 		return nil, fmt.Errorf("oauth2: cannot fetch token: %v", err)
 	}
-	if code := r.StatusCode; code < 200 || code > 299 {
-		return nil, &RetrieveError{
-			Response: r,
-			Body:     body,
-		}
+
+	failureStatus := r.StatusCode < 200 || r.StatusCode > 299
+	retrieveError := &RetrieveError{
+		Response: r,
+		Body:     body,
+		// attempt to populate error detail below
 	}
 
 	var token *Token
 	content, _, _ := mime.ParseMediaType(r.Header.Get("Content-Type"))
 	switch content {
 	case "application/x-www-form-urlencoded", "text/plain":
+		// some endpoints return a query string
 		vals, err := url.ParseQuery(string(body))
 		if err != nil {
-			return nil, err
+			if failureStatus {
+				return nil, retrieveError
+			}
+			return nil, fmt.Errorf("oauth2: cannot parse response: %v", err)
 		}
+		retrieveError.ErrorCode = vals.Get("error")
+		retrieveError.ErrorDescription = vals.Get("error_description")
+		retrieveError.ErrorURI = vals.Get("error_uri")
 		token = &Token{
 			AccessToken:  vals.Get("access_token"),
 			TokenType:    vals.Get("token_type"),
@@ -265,8 +279,14 @@ func doTokenRoundTrip(ctx context.Context, req *http.Request) (*Token, error) {
 	default:
 		var tj tokenJSON
 		if err = json.Unmarshal(body, &tj); err != nil {
-			return nil, err
+			if failureStatus {
+				return nil, retrieveError
+			}
+			return nil, fmt.Errorf("oauth2: cannot parse json: %v", err)
 		}
+		retrieveError.ErrorCode = tj.ErrorCode
+		retrieveError.ErrorDescription = tj.ErrorDescription
+		retrieveError.ErrorURI = tj.ErrorURI
 		token = &Token{
 			AccessToken:  tj.AccessToken,
 			TokenType:    tj.TokenType,
@@ -276,17 +296,37 @@ func doTokenRoundTrip(ctx context.Context, req *http.Request) (*Token, error) {
 		}
 		json.Unmarshal(body, &token.Raw) // no error checks for optional fields
 	}
+	// according to spec, servers should respond status 400 in error case
+	// https://www.rfc-editor.org/rfc/rfc6749#section-5.2
+	// but some unorthodox servers respond 200 in error case
+	if failureStatus || retrieveError.ErrorCode != "" {
+		return nil, retrieveError
+	}
 	if token.AccessToken == "" {
 		return nil, errors.New("oauth2: server response missing access_token")
 	}
 	return token, nil
 }
 
+// mirrors oauth2.RetrieveError
 type RetrieveError struct {
-	Response *http.Response
-	Body     []byte
+	Response         *http.Response
+	Body             []byte
+	ErrorCode        string
+	ErrorDescription string
+	ErrorURI         string
 }
 
 func (r *RetrieveError) Error() string {
+	if r.ErrorCode != "" {
+		s := fmt.Sprintf("oauth2: %q", r.ErrorCode)
+		if r.ErrorDescription != "" {
+			s += fmt.Sprintf(" %q", r.ErrorDescription)
+		}
+		if r.ErrorURI != "" {
+			s += fmt.Sprintf(" %q", r.ErrorURI)
+		}
+		return s
+	}
 	return fmt.Sprintf("oauth2: cannot fetch token: %v\nResponse: %s", r.Response.Status, r.Body)
 }
diff --git a/vendor/golang.org/x/oauth2/oauth2.go b/vendor/golang.org/x/oauth2/oauth2.go
index 291df5c83..9085fabe3 100644
--- a/vendor/golang.org/x/oauth2/oauth2.go
+++ b/vendor/golang.org/x/oauth2/oauth2.go
@@ -16,6 +16,7 @@ import (
 	"net/url"
 	"strings"
 	"sync"
+	"time"
 
 	"golang.org/x/oauth2/internal"
 )
@@ -140,7 +141,7 @@ func SetAuthURLParam(key, value string) AuthCodeOption {
 //
 // State is a token to protect the user from CSRF attacks. You must
 // always provide a non-empty string and validate that it matches the
-// the state query parameter on your redirect callback.
+// state query parameter on your redirect callback.
 // See http://tools.ietf.org/html/rfc6749#section-10.12 for more info.
 //
 // Opts may include AccessTypeOnline or AccessTypeOffline, as well
@@ -290,6 +291,8 @@ type reuseTokenSource struct {
 
 	mu sync.Mutex // guards t
 	t  *Token
+
+	expiryDelta time.Duration
 }
 
 // Token returns the current token if it's still valid, else will
@@ -305,6 +308,7 @@ func (s *reuseTokenSource) Token() (*Token, error) {
 	if err != nil {
 		return nil, err
 	}
+	t.expiryDelta = s.expiryDelta
 	s.t = t
 	return t, nil
 }
@@ -379,3 +383,30 @@ func ReuseTokenSource(t *Token, src TokenSource) TokenSource {
 		new: src,
 	}
 }
+
+// ReuseTokenSource returns a TokenSource that acts in the same manner as the
+// TokenSource returned by ReuseTokenSource, except the expiry buffer is
+// configurable. The expiration time of a token is calculated as
+// t.Expiry.Add(-earlyExpiry).
+func ReuseTokenSourceWithExpiry(t *Token, src TokenSource, earlyExpiry time.Duration) TokenSource {
+	// Don't wrap a reuseTokenSource in itself. That would work,
+	// but cause an unnecessary number of mutex operations.
+	// Just build the equivalent one.
+	if rt, ok := src.(*reuseTokenSource); ok {
+		if t == nil {
+			// Just use it directly, but set the expiryDelta to earlyExpiry,
+			// so the behavior matches what the user expects.
+			rt.expiryDelta = earlyExpiry
+			return rt
+		}
+		src = rt.new
+	}
+	if t != nil {
+		t.expiryDelta = earlyExpiry
+	}
+	return &reuseTokenSource{
+		t:           t,
+		new:         src,
+		expiryDelta: earlyExpiry,
+	}
+}
diff --git a/vendor/golang.org/x/oauth2/token.go b/vendor/golang.org/x/oauth2/token.go
index 822720341..5ffce9764 100644
--- a/vendor/golang.org/x/oauth2/token.go
+++ b/vendor/golang.org/x/oauth2/token.go
@@ -16,10 +16,10 @@ import (
 	"golang.org/x/oauth2/internal"
 )
 
-// expiryDelta determines how earlier a token should be considered
+// defaultExpiryDelta determines how earlier a token should be considered
 // expired than its actual expiration time. It is used to avoid late
 // expirations due to client-server time mismatches.
-const expiryDelta = 10 * time.Second
+const defaultExpiryDelta = 10 * time.Second
 
 // Token represents the credentials used to authorize
 // the requests to access protected resources on the OAuth 2.0
@@ -52,6 +52,11 @@ type Token struct {
 	// raw optionally contains extra metadata from the server
 	// when updating a token.
 	raw interface{}
+
+	// expiryDelta is used to calculate when a token is considered
+	// expired, by subtracting from Expiry. If zero, defaultExpiryDelta
+	// is used.
+	expiryDelta time.Duration
 }
 
 // Type returns t.TokenType if non-empty, else "Bearer".
@@ -127,6 +132,11 @@ func (t *Token) expired() bool {
 	if t.Expiry.IsZero() {
 		return false
 	}
+
+	expiryDelta := defaultExpiryDelta
+	if t.expiryDelta != 0 {
+		expiryDelta = t.expiryDelta
+	}
 	return t.Expiry.Round(0).Add(-expiryDelta).Before(timeNow())
 }
 
@@ -165,14 +175,31 @@ func retrieveToken(ctx context.Context, c *Config, v url.Values) (*Token, error)
 }
 
 // RetrieveError is the error returned when the token endpoint returns a
-// non-2XX HTTP status code.
+// non-2XX HTTP status code or populates RFC 6749's 'error' parameter.
+// https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
 type RetrieveError struct {
 	Response *http.Response
 	// Body is the body that was consumed by reading Response.Body.
 	// It may be truncated.
 	Body []byte
+	// ErrorCode is RFC 6749's 'error' parameter.
+	ErrorCode string
+	// ErrorDescription is RFC 6749's 'error_description' parameter.
+	ErrorDescription string
+	// ErrorURI is RFC 6749's 'error_uri' parameter.
+	ErrorURI string
 }
 
 func (r *RetrieveError) Error() string {
+	if r.ErrorCode != "" {
+		s := fmt.Sprintf("oauth2: %q", r.ErrorCode)
+		if r.ErrorDescription != "" {
+			s += fmt.Sprintf(" %q", r.ErrorDescription)
+		}
+		if r.ErrorURI != "" {
+			s += fmt.Sprintf(" %q", r.ErrorURI)
+		}
+		return s
+	}
 	return fmt.Sprintf("oauth2: cannot fetch token: %v\nResponse: %s", r.Response.Status, r.Body)
 }
diff --git a/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s b/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
new file mode 100644
index 000000000..db9171c2e
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
@@ -0,0 +1,18 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc
+// +build gc
+
+#include "textflag.h"
+
+//
+// System calls for ppc64, AIX are implemented in runtime/syscall_aix.go
+//
+
+TEXT ·syscall6(SB),NOSPLIT,$0-88
+	JMP	syscall·syscall6(SB)
+
+TEXT ·rawSyscall6(SB),NOSPLIT,$0-88
+	JMP	syscall·rawSyscall6(SB)
diff --git a/vendor/golang.org/x/sys/cpu/byteorder.go b/vendor/golang.org/x/sys/cpu/byteorder.go
new file mode 100644
index 000000000..271055be0
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/byteorder.go
@@ -0,0 +1,66 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+import (
+	"runtime"
+)
+
+// byteOrder is a subset of encoding/binary.ByteOrder.
+type byteOrder interface {
+	Uint32([]byte) uint32
+	Uint64([]byte) uint64
+}
+
+type littleEndian struct{}
+type bigEndian struct{}
+
+func (littleEndian) Uint32(b []byte) uint32 {
+	_ = b[3] // bounds check hint to compiler; see golang.org/issue/14808
+	return uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24
+}
+
+func (littleEndian) Uint64(b []byte) uint64 {
+	_ = b[7] // bounds check hint to compiler; see golang.org/issue/14808
+	return uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 |
+		uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56
+}
+
+func (bigEndian) Uint32(b []byte) uint32 {
+	_ = b[3] // bounds check hint to compiler; see golang.org/issue/14808
+	return uint32(b[3]) | uint32(b[2])<<8 | uint32(b[1])<<16 | uint32(b[0])<<24
+}
+
+func (bigEndian) Uint64(b []byte) uint64 {
+	_ = b[7] // bounds check hint to compiler; see golang.org/issue/14808
+	return uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 |
+		uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56
+}
+
+// hostByteOrder returns littleEndian on little-endian machines and
+// bigEndian on big-endian machines.
+func hostByteOrder() byteOrder {
+	switch runtime.GOARCH {
+	case "386", "amd64", "amd64p32",
+		"alpha",
+		"arm", "arm64",
+		"loong64",
+		"mipsle", "mips64le", "mips64p32le",
+		"nios2",
+		"ppc64le",
+		"riscv", "riscv64",
+		"sh":
+		return littleEndian{}
+	case "armbe", "arm64be",
+		"m68k",
+		"mips", "mips64", "mips64p32",
+		"ppc", "ppc64",
+		"s390", "s390x",
+		"shbe",
+		"sparc", "sparc64":
+		return bigEndian{}
+	}
+	panic("unknown architecture")
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu.go b/vendor/golang.org/x/sys/cpu/cpu.go
new file mode 100644
index 000000000..4756ad5f7
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu.go
@@ -0,0 +1,290 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package cpu implements processor feature detection for
+// various CPU architectures.
+package cpu
+
+import (
+	"os"
+	"strings"
+)
+
+// Initialized reports whether the CPU features were initialized.
+//
+// For some GOOS/GOARCH combinations initialization of the CPU features depends
+// on reading an operating specific file, e.g. /proc/self/auxv on linux/arm
+// Initialized will report false if reading the file fails.
+var Initialized bool
+
+// CacheLinePad is used to pad structs to avoid false sharing.
+type CacheLinePad struct{ _ [cacheLineSize]byte }
+
+// X86 contains the supported CPU features of the
+// current X86/AMD64 platform. If the current platform
+// is not X86/AMD64 then all feature flags are false.
+//
+// X86 is padded to avoid false sharing. Further the HasAVX
+// and HasAVX2 are only set if the OS supports XMM and YMM
+// registers in addition to the CPUID feature bit being set.
+var X86 struct {
+	_                   CacheLinePad
+	HasAES              bool // AES hardware implementation (AES NI)
+	HasADX              bool // Multi-precision add-carry instruction extensions
+	HasAVX              bool // Advanced vector extension
+	HasAVX2             bool // Advanced vector extension 2
+	HasAVX512           bool // Advanced vector extension 512
+	HasAVX512F          bool // Advanced vector extension 512 Foundation Instructions
+	HasAVX512CD         bool // Advanced vector extension 512 Conflict Detection Instructions
+	HasAVX512ER         bool // Advanced vector extension 512 Exponential and Reciprocal Instructions
+	HasAVX512PF         bool // Advanced vector extension 512 Prefetch Instructions
+	HasAVX512VL         bool // Advanced vector extension 512 Vector Length Extensions
+	HasAVX512BW         bool // Advanced vector extension 512 Byte and Word Instructions
+	HasAVX512DQ         bool // Advanced vector extension 512 Doubleword and Quadword Instructions
+	HasAVX512IFMA       bool // Advanced vector extension 512 Integer Fused Multiply Add
+	HasAVX512VBMI       bool // Advanced vector extension 512 Vector Byte Manipulation Instructions
+	HasAVX5124VNNIW     bool // Advanced vector extension 512 Vector Neural Network Instructions Word variable precision
+	HasAVX5124FMAPS     bool // Advanced vector extension 512 Fused Multiply Accumulation Packed Single precision
+	HasAVX512VPOPCNTDQ  bool // Advanced vector extension 512 Double and quad word population count instructions
+	HasAVX512VPCLMULQDQ bool // Advanced vector extension 512 Vector carry-less multiply operations
+	HasAVX512VNNI       bool // Advanced vector extension 512 Vector Neural Network Instructions
+	HasAVX512GFNI       bool // Advanced vector extension 512 Galois field New Instructions
+	HasAVX512VAES       bool // Advanced vector extension 512 Vector AES instructions
+	HasAVX512VBMI2      bool // Advanced vector extension 512 Vector Byte Manipulation Instructions 2
+	HasAVX512BITALG     bool // Advanced vector extension 512 Bit Algorithms
+	HasAVX512BF16       bool // Advanced vector extension 512 BFloat16 Instructions
+	HasAMXTile          bool // Advanced Matrix Extension Tile instructions
+	HasAMXInt8          bool // Advanced Matrix Extension Int8 instructions
+	HasAMXBF16          bool // Advanced Matrix Extension BFloat16 instructions
+	HasBMI1             bool // Bit manipulation instruction set 1
+	HasBMI2             bool // Bit manipulation instruction set 2
+	HasCX16             bool // Compare and exchange 16 Bytes
+	HasERMS             bool // Enhanced REP for MOVSB and STOSB
+	HasFMA              bool // Fused-multiply-add instructions
+	HasOSXSAVE          bool // OS supports XSAVE/XRESTOR for saving/restoring XMM registers.
+	HasPCLMULQDQ        bool // PCLMULQDQ instruction - most often used for AES-GCM
+	HasPOPCNT           bool // Hamming weight instruction POPCNT.
+	HasRDRAND           bool // RDRAND instruction (on-chip random number generator)
+	HasRDSEED           bool // RDSEED instruction (on-chip random number generator)
+	HasSSE2             bool // Streaming SIMD extension 2 (always available on amd64)
+	HasSSE3             bool // Streaming SIMD extension 3
+	HasSSSE3            bool // Supplemental streaming SIMD extension 3
+	HasSSE41            bool // Streaming SIMD extension 4 and 4.1
+	HasSSE42            bool // Streaming SIMD extension 4 and 4.2
+	_                   CacheLinePad
+}
+
+// ARM64 contains the supported CPU features of the
+// current ARMv8(aarch64) platform. If the current platform
+// is not arm64 then all feature flags are false.
+var ARM64 struct {
+	_           CacheLinePad
+	HasFP       bool // Floating-point instruction set (always available)
+	HasASIMD    bool // Advanced SIMD (always available)
+	HasEVTSTRM  bool // Event stream support
+	HasAES      bool // AES hardware implementation
+	HasPMULL    bool // Polynomial multiplication instruction set
+	HasSHA1     bool // SHA1 hardware implementation
+	HasSHA2     bool // SHA2 hardware implementation
+	HasCRC32    bool // CRC32 hardware implementation
+	HasATOMICS  bool // Atomic memory operation instruction set
+	HasFPHP     bool // Half precision floating-point instruction set
+	HasASIMDHP  bool // Advanced SIMD half precision instruction set
+	HasCPUID    bool // CPUID identification scheme registers
+	HasASIMDRDM bool // Rounding double multiply add/subtract instruction set
+	HasJSCVT    bool // Javascript conversion from floating-point to integer
+	HasFCMA     bool // Floating-point multiplication and addition of complex numbers
+	HasLRCPC    bool // Release Consistent processor consistent support
+	HasDCPOP    bool // Persistent memory support
+	HasSHA3     bool // SHA3 hardware implementation
+	HasSM3      bool // SM3 hardware implementation
+	HasSM4      bool // SM4 hardware implementation
+	HasASIMDDP  bool // Advanced SIMD double precision instruction set
+	HasSHA512   bool // SHA512 hardware implementation
+	HasSVE      bool // Scalable Vector Extensions
+	HasASIMDFHM bool // Advanced SIMD multiplication FP16 to FP32
+	_           CacheLinePad
+}
+
+// ARM contains the supported CPU features of the current ARM (32-bit) platform.
+// All feature flags are false if:
+//  1. the current platform is not arm, or
+//  2. the current operating system is not Linux.
+var ARM struct {
+	_           CacheLinePad
+	HasSWP      bool // SWP instruction support
+	HasHALF     bool // Half-word load and store support
+	HasTHUMB    bool // ARM Thumb instruction set
+	Has26BIT    bool // Address space limited to 26-bits
+	HasFASTMUL  bool // 32-bit operand, 64-bit result multiplication support
+	HasFPA      bool // Floating point arithmetic support
+	HasVFP      bool // Vector floating point support
+	HasEDSP     bool // DSP Extensions support
+	HasJAVA     bool // Java instruction set
+	HasIWMMXT   bool // Intel Wireless MMX technology support
+	HasCRUNCH   bool // MaverickCrunch context switching and handling
+	HasTHUMBEE  bool // Thumb EE instruction set
+	HasNEON     bool // NEON instruction set
+	HasVFPv3    bool // Vector floating point version 3 support
+	HasVFPv3D16 bool // Vector floating point version 3 D8-D15
+	HasTLS      bool // Thread local storage support
+	HasVFPv4    bool // Vector floating point version 4 support
+	HasIDIVA    bool // Integer divide instruction support in ARM mode
+	HasIDIVT    bool // Integer divide instruction support in Thumb mode
+	HasVFPD32   bool // Vector floating point version 3 D15-D31
+	HasLPAE     bool // Large Physical Address Extensions
+	HasEVTSTRM  bool // Event stream support
+	HasAES      bool // AES hardware implementation
+	HasPMULL    bool // Polynomial multiplication instruction set
+	HasSHA1     bool // SHA1 hardware implementation
+	HasSHA2     bool // SHA2 hardware implementation
+	HasCRC32    bool // CRC32 hardware implementation
+	_           CacheLinePad
+}
+
+// MIPS64X contains the supported CPU features of the current mips64/mips64le
+// platforms. If the current platform is not mips64/mips64le or the current
+// operating system is not Linux then all feature flags are false.
+var MIPS64X struct {
+	_      CacheLinePad
+	HasMSA bool // MIPS SIMD architecture
+	_      CacheLinePad
+}
+
+// PPC64 contains the supported CPU features of the current ppc64/ppc64le platforms.
+// If the current platform is not ppc64/ppc64le then all feature flags are false.
+//
+// For ppc64/ppc64le, it is safe to check only for ISA level starting on ISA v3.00,
+// since there are no optional categories. There are some exceptions that also
+// require kernel support to work (DARN, SCV), so there are feature bits for
+// those as well. The struct is padded to avoid false sharing.
+var PPC64 struct {
+	_        CacheLinePad
+	HasDARN  bool // Hardware random number generator (requires kernel enablement)
+	HasSCV   bool // Syscall vectored (requires kernel enablement)
+	IsPOWER8 bool // ISA v2.07 (POWER8)
+	IsPOWER9 bool // ISA v3.00 (POWER9), implies IsPOWER8
+	_        CacheLinePad
+}
+
+// S390X contains the supported CPU features of the current IBM Z
+// (s390x) platform. If the current platform is not IBM Z then all
+// feature flags are false.
+//
+// S390X is padded to avoid false sharing. Further HasVX is only set
+// if the OS supports vector registers in addition to the STFLE
+// feature bit being set.
+var S390X struct {
+	_         CacheLinePad
+	HasZARCH  bool // z/Architecture mode is active [mandatory]
+	HasSTFLE  bool // store facility list extended
+	HasLDISP  bool // long (20-bit) displacements
+	HasEIMM   bool // 32-bit immediates
+	HasDFP    bool // decimal floating point
+	HasETF3EH bool // ETF-3 enhanced
+	HasMSA    bool // message security assist (CPACF)
+	HasAES    bool // KM-AES{128,192,256} functions
+	HasAESCBC bool // KMC-AES{128,192,256} functions
+	HasAESCTR bool // KMCTR-AES{128,192,256} functions
+	HasAESGCM bool // KMA-GCM-AES{128,192,256} functions
+	HasGHASH  bool // KIMD-GHASH function
+	HasSHA1   bool // K{I,L}MD-SHA-1 functions
+	HasSHA256 bool // K{I,L}MD-SHA-256 functions
+	HasSHA512 bool // K{I,L}MD-SHA-512 functions
+	HasSHA3   bool // K{I,L}MD-SHA3-{224,256,384,512} and K{I,L}MD-SHAKE-{128,256} functions
+	HasVX     bool // vector facility
+	HasVXE    bool // vector-enhancements facility 1
+	_         CacheLinePad
+}
+
+func init() {
+	archInit()
+	initOptions()
+	processOptions()
+}
+
+// options contains the cpu debug options that can be used in GODEBUG.
+// Options are arch dependent and are added by the arch specific initOptions functions.
+// Features that are mandatory for the specific GOARCH should have the Required field set
+// (e.g. SSE2 on amd64).
+var options []option
+
+// Option names should be lower case. e.g. avx instead of AVX.
+type option struct {
+	Name      string
+	Feature   *bool
+	Specified bool // whether feature value was specified in GODEBUG
+	Enable    bool // whether feature should be enabled
+	Required  bool // whether feature is mandatory and can not be disabled
+}
+
+func processOptions() {
+	env := os.Getenv("GODEBUG")
+field:
+	for env != "" {
+		field := ""
+		i := strings.IndexByte(env, ',')
+		if i < 0 {
+			field, env = env, ""
+		} else {
+			field, env = env[:i], env[i+1:]
+		}
+		if len(field) < 4 || field[:4] != "cpu." {
+			continue
+		}
+		i = strings.IndexByte(field, '=')
+		if i < 0 {
+			print("GODEBUG sys/cpu: no value specified for \"", field, "\"\n")
+			continue
+		}
+		key, value := field[4:i], field[i+1:] // e.g. "SSE2", "on"
+
+		var enable bool
+		switch value {
+		case "on":
+			enable = true
+		case "off":
+			enable = false
+		default:
+			print("GODEBUG sys/cpu: value \"", value, "\" not supported for cpu option \"", key, "\"\n")
+			continue field
+		}
+
+		if key == "all" {
+			for i := range options {
+				options[i].Specified = true
+				options[i].Enable = enable || options[i].Required
+			}
+			continue field
+		}
+
+		for i := range options {
+			if options[i].Name == key {
+				options[i].Specified = true
+				options[i].Enable = enable
+				continue field
+			}
+		}
+
+		print("GODEBUG sys/cpu: unknown cpu feature \"", key, "\"\n")
+	}
+
+	for _, o := range options {
+		if !o.Specified {
+			continue
+		}
+
+		if o.Enable && !*o.Feature {
+			print("GODEBUG sys/cpu: can not enable \"", o.Name, "\", missing CPU support\n")
+			continue
+		}
+
+		if !o.Enable && o.Required {
+			print("GODEBUG sys/cpu: can not disable \"", o.Name, "\", required CPU feature\n")
+			continue
+		}
+
+		*o.Feature = o.Enable
+	}
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_aix.go b/vendor/golang.org/x/sys/cpu/cpu_aix.go
new file mode 100644
index 000000000..8aaeef545
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_aix.go
@@ -0,0 +1,34 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build aix
+// +build aix
+
+package cpu
+
+const (
+	// getsystemcfg constants
+	_SC_IMPL     = 2
+	_IMPL_POWER8 = 0x10000
+	_IMPL_POWER9 = 0x20000
+)
+
+func archInit() {
+	impl := getsystemcfg(_SC_IMPL)
+	if impl&_IMPL_POWER8 != 0 {
+		PPC64.IsPOWER8 = true
+	}
+	if impl&_IMPL_POWER9 != 0 {
+		PPC64.IsPOWER8 = true
+		PPC64.IsPOWER9 = true
+	}
+
+	Initialized = true
+}
+
+func getsystemcfg(label int) (n uint64) {
+	r0, _ := callgetsystemcfg(label)
+	n = uint64(r0)
+	return
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm.go b/vendor/golang.org/x/sys/cpu/cpu_arm.go
new file mode 100644
index 000000000..301b752e9
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm.go
@@ -0,0 +1,73 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+const cacheLineSize = 32
+
+// HWCAP/HWCAP2 bits.
+// These are specific to Linux.
+const (
+	hwcap_SWP       = 1 << 0
+	hwcap_HALF      = 1 << 1
+	hwcap_THUMB     = 1 << 2
+	hwcap_26BIT     = 1 << 3
+	hwcap_FAST_MULT = 1 << 4
+	hwcap_FPA       = 1 << 5
+	hwcap_VFP       = 1 << 6
+	hwcap_EDSP      = 1 << 7
+	hwcap_JAVA      = 1 << 8
+	hwcap_IWMMXT    = 1 << 9
+	hwcap_CRUNCH    = 1 << 10
+	hwcap_THUMBEE   = 1 << 11
+	hwcap_NEON      = 1 << 12
+	hwcap_VFPv3     = 1 << 13
+	hwcap_VFPv3D16  = 1 << 14
+	hwcap_TLS       = 1 << 15
+	hwcap_VFPv4     = 1 << 16
+	hwcap_IDIVA     = 1 << 17
+	hwcap_IDIVT     = 1 << 18
+	hwcap_VFPD32    = 1 << 19
+	hwcap_LPAE      = 1 << 20
+	hwcap_EVTSTRM   = 1 << 21
+
+	hwcap2_AES   = 1 << 0
+	hwcap2_PMULL = 1 << 1
+	hwcap2_SHA1  = 1 << 2
+	hwcap2_SHA2  = 1 << 3
+	hwcap2_CRC32 = 1 << 4
+)
+
+func initOptions() {
+	options = []option{
+		{Name: "pmull", Feature: &ARM.HasPMULL},
+		{Name: "sha1", Feature: &ARM.HasSHA1},
+		{Name: "sha2", Feature: &ARM.HasSHA2},
+		{Name: "swp", Feature: &ARM.HasSWP},
+		{Name: "thumb", Feature: &ARM.HasTHUMB},
+		{Name: "thumbee", Feature: &ARM.HasTHUMBEE},
+		{Name: "tls", Feature: &ARM.HasTLS},
+		{Name: "vfp", Feature: &ARM.HasVFP},
+		{Name: "vfpd32", Feature: &ARM.HasVFPD32},
+		{Name: "vfpv3", Feature: &ARM.HasVFPv3},
+		{Name: "vfpv3d16", Feature: &ARM.HasVFPv3D16},
+		{Name: "vfpv4", Feature: &ARM.HasVFPv4},
+		{Name: "half", Feature: &ARM.HasHALF},
+		{Name: "26bit", Feature: &ARM.Has26BIT},
+		{Name: "fastmul", Feature: &ARM.HasFASTMUL},
+		{Name: "fpa", Feature: &ARM.HasFPA},
+		{Name: "edsp", Feature: &ARM.HasEDSP},
+		{Name: "java", Feature: &ARM.HasJAVA},
+		{Name: "iwmmxt", Feature: &ARM.HasIWMMXT},
+		{Name: "crunch", Feature: &ARM.HasCRUNCH},
+		{Name: "neon", Feature: &ARM.HasNEON},
+		{Name: "idivt", Feature: &ARM.HasIDIVT},
+		{Name: "idiva", Feature: &ARM.HasIDIVA},
+		{Name: "lpae", Feature: &ARM.HasLPAE},
+		{Name: "evtstrm", Feature: &ARM.HasEVTSTRM},
+		{Name: "aes", Feature: &ARM.HasAES},
+		{Name: "crc32", Feature: &ARM.HasCRC32},
+	}
+
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_arm64.go
new file mode 100644
index 000000000..f3eb993bf
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.go
@@ -0,0 +1,172 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+import "runtime"
+
+// cacheLineSize is used to prevent false sharing of cache lines.
+// We choose 128 because Apple Silicon, a.k.a. M1, has 128-byte cache line size.
+// It doesn't cost much and is much more future-proof.
+const cacheLineSize = 128
+
+func initOptions() {
+	options = []option{
+		{Name: "fp", Feature: &ARM64.HasFP},
+		{Name: "asimd", Feature: &ARM64.HasASIMD},
+		{Name: "evstrm", Feature: &ARM64.HasEVTSTRM},
+		{Name: "aes", Feature: &ARM64.HasAES},
+		{Name: "fphp", Feature: &ARM64.HasFPHP},
+		{Name: "jscvt", Feature: &ARM64.HasJSCVT},
+		{Name: "lrcpc", Feature: &ARM64.HasLRCPC},
+		{Name: "pmull", Feature: &ARM64.HasPMULL},
+		{Name: "sha1", Feature: &ARM64.HasSHA1},
+		{Name: "sha2", Feature: &ARM64.HasSHA2},
+		{Name: "sha3", Feature: &ARM64.HasSHA3},
+		{Name: "sha512", Feature: &ARM64.HasSHA512},
+		{Name: "sm3", Feature: &ARM64.HasSM3},
+		{Name: "sm4", Feature: &ARM64.HasSM4},
+		{Name: "sve", Feature: &ARM64.HasSVE},
+		{Name: "crc32", Feature: &ARM64.HasCRC32},
+		{Name: "atomics", Feature: &ARM64.HasATOMICS},
+		{Name: "asimdhp", Feature: &ARM64.HasASIMDHP},
+		{Name: "cpuid", Feature: &ARM64.HasCPUID},
+		{Name: "asimrdm", Feature: &ARM64.HasASIMDRDM},
+		{Name: "fcma", Feature: &ARM64.HasFCMA},
+		{Name: "dcpop", Feature: &ARM64.HasDCPOP},
+		{Name: "asimddp", Feature: &ARM64.HasASIMDDP},
+		{Name: "asimdfhm", Feature: &ARM64.HasASIMDFHM},
+	}
+}
+
+func archInit() {
+	switch runtime.GOOS {
+	case "freebsd":
+		readARM64Registers()
+	case "linux", "netbsd", "openbsd":
+		doinit()
+	default:
+		// Many platforms don't seem to allow reading these registers.
+		setMinimalFeatures()
+	}
+}
+
+// setMinimalFeatures fakes the minimal ARM64 features expected by
+// TestARM64minimalFeatures.
+func setMinimalFeatures() {
+	ARM64.HasASIMD = true
+	ARM64.HasFP = true
+}
+
+func readARM64Registers() {
+	Initialized = true
+
+	parseARM64SystemRegisters(getisar0(), getisar1(), getpfr0())
+}
+
+func parseARM64SystemRegisters(isar0, isar1, pfr0 uint64) {
+	// ID_AA64ISAR0_EL1
+	switch extractBits(isar0, 4, 7) {
+	case 1:
+		ARM64.HasAES = true
+	case 2:
+		ARM64.HasAES = true
+		ARM64.HasPMULL = true
+	}
+
+	switch extractBits(isar0, 8, 11) {
+	case 1:
+		ARM64.HasSHA1 = true
+	}
+
+	switch extractBits(isar0, 12, 15) {
+	case 1:
+		ARM64.HasSHA2 = true
+	case 2:
+		ARM64.HasSHA2 = true
+		ARM64.HasSHA512 = true
+	}
+
+	switch extractBits(isar0, 16, 19) {
+	case 1:
+		ARM64.HasCRC32 = true
+	}
+
+	switch extractBits(isar0, 20, 23) {
+	case 2:
+		ARM64.HasATOMICS = true
+	}
+
+	switch extractBits(isar0, 28, 31) {
+	case 1:
+		ARM64.HasASIMDRDM = true
+	}
+
+	switch extractBits(isar0, 32, 35) {
+	case 1:
+		ARM64.HasSHA3 = true
+	}
+
+	switch extractBits(isar0, 36, 39) {
+	case 1:
+		ARM64.HasSM3 = true
+	}
+
+	switch extractBits(isar0, 40, 43) {
+	case 1:
+		ARM64.HasSM4 = true
+	}
+
+	switch extractBits(isar0, 44, 47) {
+	case 1:
+		ARM64.HasASIMDDP = true
+	}
+
+	// ID_AA64ISAR1_EL1
+	switch extractBits(isar1, 0, 3) {
+	case 1:
+		ARM64.HasDCPOP = true
+	}
+
+	switch extractBits(isar1, 12, 15) {
+	case 1:
+		ARM64.HasJSCVT = true
+	}
+
+	switch extractBits(isar1, 16, 19) {
+	case 1:
+		ARM64.HasFCMA = true
+	}
+
+	switch extractBits(isar1, 20, 23) {
+	case 1:
+		ARM64.HasLRCPC = true
+	}
+
+	// ID_AA64PFR0_EL1
+	switch extractBits(pfr0, 16, 19) {
+	case 0:
+		ARM64.HasFP = true
+	case 1:
+		ARM64.HasFP = true
+		ARM64.HasFPHP = true
+	}
+
+	switch extractBits(pfr0, 20, 23) {
+	case 0:
+		ARM64.HasASIMD = true
+	case 1:
+		ARM64.HasASIMD = true
+		ARM64.HasASIMDHP = true
+	}
+
+	switch extractBits(pfr0, 32, 35) {
+	case 1:
+		ARM64.HasSVE = true
+	}
+}
+
+func extractBits(data uint64, start, end uint) uint {
+	return (uint)(data>>start) & ((1 << (end - start + 1)) - 1)
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.s b/vendor/golang.org/x/sys/cpu/cpu_arm64.s
new file mode 100644
index 000000000..c61f95a05
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.s
@@ -0,0 +1,32 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc
+// +build gc
+
+#include "textflag.h"
+
+// func getisar0() uint64
+TEXT ·getisar0(SB),NOSPLIT,$0-8
+	// get Instruction Set Attributes 0 into x0
+	// mrs x0, ID_AA64ISAR0_EL1 = d5380600
+	WORD	$0xd5380600
+	MOVD	R0, ret+0(FP)
+	RET
+
+// func getisar1() uint64
+TEXT ·getisar1(SB),NOSPLIT,$0-8
+	// get Instruction Set Attributes 1 into x0
+	// mrs x0, ID_AA64ISAR1_EL1 = d5380620
+	WORD	$0xd5380620
+	MOVD	R0, ret+0(FP)
+	RET
+
+// func getpfr0() uint64
+TEXT ·getpfr0(SB),NOSPLIT,$0-8
+	// get Processor Feature Register 0 into x0
+	// mrs x0, ID_AA64PFR0_EL1 = d5380400
+	WORD	$0xd5380400
+	MOVD	R0, ret+0(FP)
+	RET
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
new file mode 100644
index 000000000..ccf542a73
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
@@ -0,0 +1,12 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc
+// +build gc
+
+package cpu
+
+func getisar0() uint64
+func getisar1() uint64
+func getpfr0() uint64
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
new file mode 100644
index 000000000..0af2f2484
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
@@ -0,0 +1,22 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc
+// +build gc
+
+package cpu
+
+// haveAsmFunctions reports whether the other functions in this file can
+// be safely called.
+func haveAsmFunctions() bool { return true }
+
+// The following feature detection functions are defined in cpu_s390x.s.
+// They are likely to be expensive to call so the results should be cached.
+func stfle() facilityList
+func kmQuery() queryResult
+func kmcQuery() queryResult
+func kmctrQuery() queryResult
+func kmaQuery() queryResult
+func kimdQuery() queryResult
+func klmdQuery() queryResult
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
new file mode 100644
index 000000000..fa7cdb9bc
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
@@ -0,0 +1,17 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (386 || amd64 || amd64p32) && gc
+// +build 386 amd64 amd64p32
+// +build gc
+
+package cpu
+
+// cpuid is implemented in cpu_x86.s for gc compiler
+// and in cpu_gccgo.c for gccgo.
+func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32)
+
+// xgetbv with ecx = 0 is implemented in cpu_x86.s for gc compiler
+// and in cpu_gccgo.c for gccgo.
+func xgetbv() (eax, edx uint32)
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go
new file mode 100644
index 000000000..2aff31891
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go
@@ -0,0 +1,12 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gccgo
+// +build gccgo
+
+package cpu
+
+func getisar0() uint64 { return 0 }
+func getisar1() uint64 { return 0 }
+func getpfr0() uint64  { return 0 }
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go
new file mode 100644
index 000000000..4bfbda619
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go
@@ -0,0 +1,23 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gccgo
+// +build gccgo
+
+package cpu
+
+// haveAsmFunctions reports whether the other functions in this file can
+// be safely called.
+func haveAsmFunctions() bool { return false }
+
+// TODO(mundaym): the following feature detection functions are currently
+// stubs. See https://golang.org/cl/162887 for how to fix this.
+// They are likely to be expensive to call so the results should be cached.
+func stfle() facilityList     { panic("not implemented for gccgo") }
+func kmQuery() queryResult    { panic("not implemented for gccgo") }
+func kmcQuery() queryResult   { panic("not implemented for gccgo") }
+func kmctrQuery() queryResult { panic("not implemented for gccgo") }
+func kmaQuery() queryResult   { panic("not implemented for gccgo") }
+func kimdQuery() queryResult  { panic("not implemented for gccgo") }
+func klmdQuery() queryResult  { panic("not implemented for gccgo") }
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c
new file mode 100644
index 000000000..6cc73109f
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c
@@ -0,0 +1,39 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (386 || amd64 || amd64p32) && gccgo
+// +build 386 amd64 amd64p32
+// +build gccgo
+
+#include <cpuid.h>
+#include <stdint.h>
+#include <x86intrin.h>
+
+// Need to wrap __get_cpuid_count because it's declared as static.
+int
+gccgoGetCpuidCount(uint32_t leaf, uint32_t subleaf,
+                   uint32_t *eax, uint32_t *ebx,
+                   uint32_t *ecx, uint32_t *edx)
+{
+	return __get_cpuid_count(leaf, subleaf, eax, ebx, ecx, edx);
+}
+
+#pragma GCC diagnostic ignored "-Wunknown-pragmas"
+#pragma GCC push_options
+#pragma GCC target("xsave")
+#pragma clang attribute push (__attribute__((target("xsave"))), apply_to=function)
+
+// xgetbv reads the contents of an XCR (Extended Control Register)
+// specified in the ECX register into registers EDX:EAX.
+// Currently, the only supported value for XCR is 0.
+void
+gccgoXgetbv(uint32_t *eax, uint32_t *edx)
+{
+	uint64_t v = _xgetbv(0);
+	*eax = v & 0xffffffff;
+	*edx = v >> 32;
+}
+
+#pragma clang attribute pop
+#pragma GCC pop_options
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go
new file mode 100644
index 000000000..863d415ab
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go
@@ -0,0 +1,33 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (386 || amd64 || amd64p32) && gccgo
+// +build 386 amd64 amd64p32
+// +build gccgo
+
+package cpu
+
+//extern gccgoGetCpuidCount
+func gccgoGetCpuidCount(eaxArg, ecxArg uint32, eax, ebx, ecx, edx *uint32)
+
+func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32) {
+	var a, b, c, d uint32
+	gccgoGetCpuidCount(eaxArg, ecxArg, &a, &b, &c, &d)
+	return a, b, c, d
+}
+
+//extern gccgoXgetbv
+func gccgoXgetbv(eax, edx *uint32)
+
+func xgetbv() (eax, edx uint32) {
+	var a, d uint32
+	gccgoXgetbv(&a, &d)
+	return a, d
+}
+
+// gccgo doesn't build on Darwin, per:
+// https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/gcc.rb#L76
+func darwinSupportsAVX512() bool {
+	return false
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux.go b/vendor/golang.org/x/sys/cpu/cpu_linux.go
new file mode 100644
index 000000000..159a686f6
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux.go
@@ -0,0 +1,16 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !386 && !amd64 && !amd64p32 && !arm64
+// +build !386,!amd64,!amd64p32,!arm64
+
+package cpu
+
+func archInit() {
+	if err := readHWCAP(); err != nil {
+		return
+	}
+	doinit()
+	Initialized = true
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_arm.go b/vendor/golang.org/x/sys/cpu/cpu_linux_arm.go
new file mode 100644
index 000000000..2057006dc
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_arm.go
@@ -0,0 +1,39 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+func doinit() {
+	ARM.HasSWP = isSet(hwCap, hwcap_SWP)
+	ARM.HasHALF = isSet(hwCap, hwcap_HALF)
+	ARM.HasTHUMB = isSet(hwCap, hwcap_THUMB)
+	ARM.Has26BIT = isSet(hwCap, hwcap_26BIT)
+	ARM.HasFASTMUL = isSet(hwCap, hwcap_FAST_MULT)
+	ARM.HasFPA = isSet(hwCap, hwcap_FPA)
+	ARM.HasVFP = isSet(hwCap, hwcap_VFP)
+	ARM.HasEDSP = isSet(hwCap, hwcap_EDSP)
+	ARM.HasJAVA = isSet(hwCap, hwcap_JAVA)
+	ARM.HasIWMMXT = isSet(hwCap, hwcap_IWMMXT)
+	ARM.HasCRUNCH = isSet(hwCap, hwcap_CRUNCH)
+	ARM.HasTHUMBEE = isSet(hwCap, hwcap_THUMBEE)
+	ARM.HasNEON = isSet(hwCap, hwcap_NEON)
+	ARM.HasVFPv3 = isSet(hwCap, hwcap_VFPv3)
+	ARM.HasVFPv3D16 = isSet(hwCap, hwcap_VFPv3D16)
+	ARM.HasTLS = isSet(hwCap, hwcap_TLS)
+	ARM.HasVFPv4 = isSet(hwCap, hwcap_VFPv4)
+	ARM.HasIDIVA = isSet(hwCap, hwcap_IDIVA)
+	ARM.HasIDIVT = isSet(hwCap, hwcap_IDIVT)
+	ARM.HasVFPD32 = isSet(hwCap, hwcap_VFPD32)
+	ARM.HasLPAE = isSet(hwCap, hwcap_LPAE)
+	ARM.HasEVTSTRM = isSet(hwCap, hwcap_EVTSTRM)
+	ARM.HasAES = isSet(hwCap2, hwcap2_AES)
+	ARM.HasPMULL = isSet(hwCap2, hwcap2_PMULL)
+	ARM.HasSHA1 = isSet(hwCap2, hwcap2_SHA1)
+	ARM.HasSHA2 = isSet(hwCap2, hwcap2_SHA2)
+	ARM.HasCRC32 = isSet(hwCap2, hwcap2_CRC32)
+}
+
+func isSet(hwc uint, value uint) bool {
+	return hwc&value != 0
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_linux_arm64.go
new file mode 100644
index 000000000..a968b80fa
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_arm64.go
@@ -0,0 +1,111 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+import (
+	"strings"
+	"syscall"
+)
+
+// HWCAP/HWCAP2 bits. These are exposed by Linux.
+const (
+	hwcap_FP       = 1 << 0
+	hwcap_ASIMD    = 1 << 1
+	hwcap_EVTSTRM  = 1 << 2
+	hwcap_AES      = 1 << 3
+	hwcap_PMULL    = 1 << 4
+	hwcap_SHA1     = 1 << 5
+	hwcap_SHA2     = 1 << 6
+	hwcap_CRC32    = 1 << 7
+	hwcap_ATOMICS  = 1 << 8
+	hwcap_FPHP     = 1 << 9
+	hwcap_ASIMDHP  = 1 << 10
+	hwcap_CPUID    = 1 << 11
+	hwcap_ASIMDRDM = 1 << 12
+	hwcap_JSCVT    = 1 << 13
+	hwcap_FCMA     = 1 << 14
+	hwcap_LRCPC    = 1 << 15
+	hwcap_DCPOP    = 1 << 16
+	hwcap_SHA3     = 1 << 17
+	hwcap_SM3      = 1 << 18
+	hwcap_SM4      = 1 << 19
+	hwcap_ASIMDDP  = 1 << 20
+	hwcap_SHA512   = 1 << 21
+	hwcap_SVE      = 1 << 22
+	hwcap_ASIMDFHM = 1 << 23
+)
+
+// linuxKernelCanEmulateCPUID reports whether we're running
+// on Linux 4.11+. Ideally we'd like to ask the question about
+// whether the current kernel contains
+// https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=77c97b4ee21290f5f083173d957843b615abbff2
+// but the version number will have to do.
+func linuxKernelCanEmulateCPUID() bool {
+	var un syscall.Utsname
+	syscall.Uname(&un)
+	var sb strings.Builder
+	for _, b := range un.Release[:] {
+		if b == 0 {
+			break
+		}
+		sb.WriteByte(byte(b))
+	}
+	major, minor, _, ok := parseRelease(sb.String())
+	return ok && (major > 4 || major == 4 && minor >= 11)
+}
+
+func doinit() {
+	if err := readHWCAP(); err != nil {
+		// We failed to read /proc/self/auxv. This can happen if the binary has
+		// been given extra capabilities(7) with /bin/setcap.
+		//
+		// When this happens, we have two options. If the Linux kernel is new
+		// enough (4.11+), we can read the arm64 registers directly which'll
+		// trap into the kernel and then return back to userspace.
+		//
+		// But on older kernels, such as Linux 4.4.180 as used on many Synology
+		// devices, calling readARM64Registers (specifically getisar0) will
+		// cause a SIGILL and we'll die. So for older kernels, parse /proc/cpuinfo
+		// instead.
+		//
+		// See golang/go#57336.
+		if linuxKernelCanEmulateCPUID() {
+			readARM64Registers()
+		} else {
+			readLinuxProcCPUInfo()
+		}
+		return
+	}
+
+	// HWCAP feature bits
+	ARM64.HasFP = isSet(hwCap, hwcap_FP)
+	ARM64.HasASIMD = isSet(hwCap, hwcap_ASIMD)
+	ARM64.HasEVTSTRM = isSet(hwCap, hwcap_EVTSTRM)
+	ARM64.HasAES = isSet(hwCap, hwcap_AES)
+	ARM64.HasPMULL = isSet(hwCap, hwcap_PMULL)
+	ARM64.HasSHA1 = isSet(hwCap, hwcap_SHA1)
+	ARM64.HasSHA2 = isSet(hwCap, hwcap_SHA2)
+	ARM64.HasCRC32 = isSet(hwCap, hwcap_CRC32)
+	ARM64.HasATOMICS = isSet(hwCap, hwcap_ATOMICS)
+	ARM64.HasFPHP = isSet(hwCap, hwcap_FPHP)
+	ARM64.HasASIMDHP = isSet(hwCap, hwcap_ASIMDHP)
+	ARM64.HasCPUID = isSet(hwCap, hwcap_CPUID)
+	ARM64.HasASIMDRDM = isSet(hwCap, hwcap_ASIMDRDM)
+	ARM64.HasJSCVT = isSet(hwCap, hwcap_JSCVT)
+	ARM64.HasFCMA = isSet(hwCap, hwcap_FCMA)
+	ARM64.HasLRCPC = isSet(hwCap, hwcap_LRCPC)
+	ARM64.HasDCPOP = isSet(hwCap, hwcap_DCPOP)
+	ARM64.HasSHA3 = isSet(hwCap, hwcap_SHA3)
+	ARM64.HasSM3 = isSet(hwCap, hwcap_SM3)
+	ARM64.HasSM4 = isSet(hwCap, hwcap_SM4)
+	ARM64.HasASIMDDP = isSet(hwCap, hwcap_ASIMDDP)
+	ARM64.HasSHA512 = isSet(hwCap, hwcap_SHA512)
+	ARM64.HasSVE = isSet(hwCap, hwcap_SVE)
+	ARM64.HasASIMDFHM = isSet(hwCap, hwcap_ASIMDFHM)
+}
+
+func isSet(hwc uint, value uint) bool {
+	return hwc&value != 0
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go
new file mode 100644
index 000000000..6000db4cd
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go
@@ -0,0 +1,24 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build linux && (mips64 || mips64le)
+// +build linux
+// +build mips64 mips64le
+
+package cpu
+
+// HWCAP bits. These are exposed by the Linux kernel 5.4.
+const (
+	// CPU features
+	hwcap_MIPS_MSA = 1 << 1
+)
+
+func doinit() {
+	// HWCAP feature bits
+	MIPS64X.HasMSA = isSet(hwCap, hwcap_MIPS_MSA)
+}
+
+func isSet(hwc uint, value uint) bool {
+	return hwc&value != 0
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go b/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go
new file mode 100644
index 000000000..f4992b1a5
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go
@@ -0,0 +1,10 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build linux && !arm && !arm64 && !mips64 && !mips64le && !ppc64 && !ppc64le && !s390x
+// +build linux,!arm,!arm64,!mips64,!mips64le,!ppc64,!ppc64le,!s390x
+
+package cpu
+
+func doinit() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go b/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go
new file mode 100644
index 000000000..021356d6d
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go
@@ -0,0 +1,32 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build linux && (ppc64 || ppc64le)
+// +build linux
+// +build ppc64 ppc64le
+
+package cpu
+
+// HWCAP/HWCAP2 bits. These are exposed by the kernel.
+const (
+	// ISA Level
+	_PPC_FEATURE2_ARCH_2_07 = 0x80000000
+	_PPC_FEATURE2_ARCH_3_00 = 0x00800000
+
+	// CPU features
+	_PPC_FEATURE2_DARN = 0x00200000
+	_PPC_FEATURE2_SCV  = 0x00100000
+)
+
+func doinit() {
+	// HWCAP2 feature bits
+	PPC64.IsPOWER8 = isSet(hwCap2, _PPC_FEATURE2_ARCH_2_07)
+	PPC64.IsPOWER9 = isSet(hwCap2, _PPC_FEATURE2_ARCH_3_00)
+	PPC64.HasDARN = isSet(hwCap2, _PPC_FEATURE2_DARN)
+	PPC64.HasSCV = isSet(hwCap2, _PPC_FEATURE2_SCV)
+}
+
+func isSet(hwc uint, value uint) bool {
+	return hwc&value != 0
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_linux_s390x.go
new file mode 100644
index 000000000..1517ac61d
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_s390x.go
@@ -0,0 +1,40 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+const (
+	// bit mask values from /usr/include/bits/hwcap.h
+	hwcap_ZARCH  = 2
+	hwcap_STFLE  = 4
+	hwcap_MSA    = 8
+	hwcap_LDISP  = 16
+	hwcap_EIMM   = 32
+	hwcap_DFP    = 64
+	hwcap_ETF3EH = 256
+	hwcap_VX     = 2048
+	hwcap_VXE    = 8192
+)
+
+func initS390Xbase() {
+	// test HWCAP bit vector
+	has := func(featureMask uint) bool {
+		return hwCap&featureMask == featureMask
+	}
+
+	// mandatory
+	S390X.HasZARCH = has(hwcap_ZARCH)
+
+	// optional
+	S390X.HasSTFLE = has(hwcap_STFLE)
+	S390X.HasLDISP = has(hwcap_LDISP)
+	S390X.HasEIMM = has(hwcap_EIMM)
+	S390X.HasETF3EH = has(hwcap_ETF3EH)
+	S390X.HasDFP = has(hwcap_DFP)
+	S390X.HasMSA = has(hwcap_MSA)
+	S390X.HasVX = has(hwcap_VX)
+	if S390X.HasVX {
+		S390X.HasVXE = has(hwcap_VXE)
+	}
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_loong64.go b/vendor/golang.org/x/sys/cpu/cpu_loong64.go
new file mode 100644
index 000000000..0f57b05bd
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_loong64.go
@@ -0,0 +1,13 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build loong64
+// +build loong64
+
+package cpu
+
+const cacheLineSize = 64
+
+func initOptions() {
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
new file mode 100644
index 000000000..f4063c664
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
@@ -0,0 +1,16 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build mips64 || mips64le
+// +build mips64 mips64le
+
+package cpu
+
+const cacheLineSize = 32
+
+func initOptions() {
+	options = []option{
+		{Name: "msa", Feature: &MIPS64X.HasMSA},
+	}
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_mipsx.go b/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
new file mode 100644
index 000000000..07c4e36d8
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
@@ -0,0 +1,12 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build mips || mipsle
+// +build mips mipsle
+
+package cpu
+
+const cacheLineSize = 32
+
+func initOptions() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go
new file mode 100644
index 000000000..ebfb3fc8e
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go
@@ -0,0 +1,173 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+// Minimal copy of functionality from x/sys/unix so the cpu package can call
+// sysctl without depending on x/sys/unix.
+
+const (
+	_CTL_QUERY = -2
+
+	_SYSCTL_VERS_1 = 0x1000000
+)
+
+var _zero uintptr
+
+func sysctl(mib []int32, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, errno := syscall.Syscall6(
+		syscall.SYS___SYSCTL,
+		uintptr(_p0),
+		uintptr(len(mib)),
+		uintptr(unsafe.Pointer(old)),
+		uintptr(unsafe.Pointer(oldlen)),
+		uintptr(unsafe.Pointer(new)),
+		uintptr(newlen))
+	if errno != 0 {
+		return errno
+	}
+	return nil
+}
+
+type sysctlNode struct {
+	Flags          uint32
+	Num            int32
+	Name           [32]int8
+	Ver            uint32
+	__rsvd         uint32
+	Un             [16]byte
+	_sysctl_size   [8]byte
+	_sysctl_func   [8]byte
+	_sysctl_parent [8]byte
+	_sysctl_desc   [8]byte
+}
+
+func sysctlNodes(mib []int32) ([]sysctlNode, error) {
+	var olen uintptr
+
+	// Get a list of all sysctl nodes below the given MIB by performing
+	// a sysctl for the given MIB with CTL_QUERY appended.
+	mib = append(mib, _CTL_QUERY)
+	qnode := sysctlNode{Flags: _SYSCTL_VERS_1}
+	qp := (*byte)(unsafe.Pointer(&qnode))
+	sz := unsafe.Sizeof(qnode)
+	if err := sysctl(mib, nil, &olen, qp, sz); err != nil {
+		return nil, err
+	}
+
+	// Now that we know the size, get the actual nodes.
+	nodes := make([]sysctlNode, olen/sz)
+	np := (*byte)(unsafe.Pointer(&nodes[0]))
+	if err := sysctl(mib, np, &olen, qp, sz); err != nil {
+		return nil, err
+	}
+
+	return nodes, nil
+}
+
+func nametomib(name string) ([]int32, error) {
+	// Split name into components.
+	var parts []string
+	last := 0
+	for i := 0; i < len(name); i++ {
+		if name[i] == '.' {
+			parts = append(parts, name[last:i])
+			last = i + 1
+		}
+	}
+	parts = append(parts, name[last:])
+
+	mib := []int32{}
+	// Discover the nodes and construct the MIB OID.
+	for partno, part := range parts {
+		nodes, err := sysctlNodes(mib)
+		if err != nil {
+			return nil, err
+		}
+		for _, node := range nodes {
+			n := make([]byte, 0)
+			for i := range node.Name {
+				if node.Name[i] != 0 {
+					n = append(n, byte(node.Name[i]))
+				}
+			}
+			if string(n) == part {
+				mib = append(mib, int32(node.Num))
+				break
+			}
+		}
+		if len(mib) != partno+1 {
+			return nil, err
+		}
+	}
+
+	return mib, nil
+}
+
+// aarch64SysctlCPUID is struct aarch64_sysctl_cpu_id from NetBSD's <aarch64/armreg.h>
+type aarch64SysctlCPUID struct {
+	midr      uint64 /* Main ID Register */
+	revidr    uint64 /* Revision ID Register */
+	mpidr     uint64 /* Multiprocessor Affinity Register */
+	aa64dfr0  uint64 /* A64 Debug Feature Register 0 */
+	aa64dfr1  uint64 /* A64 Debug Feature Register 1 */
+	aa64isar0 uint64 /* A64 Instruction Set Attribute Register 0 */
+	aa64isar1 uint64 /* A64 Instruction Set Attribute Register 1 */
+	aa64mmfr0 uint64 /* A64 Memory Model Feature Register 0 */
+	aa64mmfr1 uint64 /* A64 Memory Model Feature Register 1 */
+	aa64mmfr2 uint64 /* A64 Memory Model Feature Register 2 */
+	aa64pfr0  uint64 /* A64 Processor Feature Register 0 */
+	aa64pfr1  uint64 /* A64 Processor Feature Register 1 */
+	aa64zfr0  uint64 /* A64 SVE Feature ID Register 0 */
+	mvfr0     uint32 /* Media and VFP Feature Register 0 */
+	mvfr1     uint32 /* Media and VFP Feature Register 1 */
+	mvfr2     uint32 /* Media and VFP Feature Register 2 */
+	pad       uint32
+	clidr     uint64 /* Cache Level ID Register */
+	ctr       uint64 /* Cache Type Register */
+}
+
+func sysctlCPUID(name string) (*aarch64SysctlCPUID, error) {
+	mib, err := nametomib(name)
+	if err != nil {
+		return nil, err
+	}
+
+	out := aarch64SysctlCPUID{}
+	n := unsafe.Sizeof(out)
+	_, _, errno := syscall.Syscall6(
+		syscall.SYS___SYSCTL,
+		uintptr(unsafe.Pointer(&mib[0])),
+		uintptr(len(mib)),
+		uintptr(unsafe.Pointer(&out)),
+		uintptr(unsafe.Pointer(&n)),
+		uintptr(0),
+		uintptr(0))
+	if errno != 0 {
+		return nil, errno
+	}
+	return &out, nil
+}
+
+func doinit() {
+	cpuid, err := sysctlCPUID("machdep.cpu0.cpu_id")
+	if err != nil {
+		setMinimalFeatures()
+		return
+	}
+	parseARM64SystemRegisters(cpuid.aa64isar0, cpuid.aa64isar1, cpuid.aa64pfr0)
+
+	Initialized = true
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go
new file mode 100644
index 000000000..85b64d5cc
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go
@@ -0,0 +1,65 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+// Minimal copy of functionality from x/sys/unix so the cpu package can call
+// sysctl without depending on x/sys/unix.
+
+const (
+	// From OpenBSD's sys/sysctl.h.
+	_CTL_MACHDEP = 7
+
+	// From OpenBSD's machine/cpu.h.
+	_CPU_ID_AA64ISAR0 = 2
+	_CPU_ID_AA64ISAR1 = 3
+)
+
+// Implemented in the runtime package (runtime/sys_openbsd3.go)
+func syscall_syscall6(fn, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err syscall.Errno)
+
+//go:linkname syscall_syscall6 syscall.syscall6
+
+func sysctl(mib []uint32, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	_, _, errno := syscall_syscall6(libc_sysctl_trampoline_addr, uintptr(unsafe.Pointer(&mib[0])), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if errno != 0 {
+		return errno
+	}
+	return nil
+}
+
+var libc_sysctl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sysctl sysctl "libc.so"
+
+func sysctlUint64(mib []uint32) (uint64, bool) {
+	var out uint64
+	nout := unsafe.Sizeof(out)
+	if err := sysctl(mib, (*byte)(unsafe.Pointer(&out)), &nout, nil, 0); err != nil {
+		return 0, false
+	}
+	return out, true
+}
+
+func doinit() {
+	setMinimalFeatures()
+
+	// Get ID_AA64ISAR0 and ID_AA64ISAR1 from sysctl.
+	isar0, ok := sysctlUint64([]uint32{_CTL_MACHDEP, _CPU_ID_AA64ISAR0})
+	if !ok {
+		return
+	}
+	isar1, ok := sysctlUint64([]uint32{_CTL_MACHDEP, _CPU_ID_AA64ISAR1})
+	if !ok {
+		return
+	}
+	parseARM64SystemRegisters(isar0, isar1, 0)
+
+	Initialized = true
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.s b/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.s
new file mode 100644
index 000000000..054ba05d6
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.s
@@ -0,0 +1,11 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+#include "textflag.h"
+
+TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sysctl(SB)
+
+GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $8
+DATA	·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_arm.go b/vendor/golang.org/x/sys/cpu/cpu_other_arm.go
new file mode 100644
index 000000000..d7b4fb4cc
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_arm.go
@@ -0,0 +1,10 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !linux && arm
+// +build !linux,arm
+
+package cpu
+
+func archInit() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
new file mode 100644
index 000000000..f3cde129b
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
@@ -0,0 +1,10 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !linux && !netbsd && !openbsd && arm64
+// +build !linux,!netbsd,!openbsd,arm64
+
+package cpu
+
+func doinit() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go
new file mode 100644
index 000000000..0dafe9644
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go
@@ -0,0 +1,13 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !linux && (mips64 || mips64le)
+// +build !linux
+// +build mips64 mips64le
+
+package cpu
+
+func archInit() {
+	Initialized = true
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go b/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go
new file mode 100644
index 000000000..060d46b6e
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go
@@ -0,0 +1,15 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !aix && !linux && (ppc64 || ppc64le)
+// +build !aix
+// +build !linux
+// +build ppc64 ppc64le
+
+package cpu
+
+func archInit() {
+	PPC64.IsPOWER8 = true
+	Initialized = true
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go b/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go
new file mode 100644
index 000000000..dd10eb79f
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go
@@ -0,0 +1,12 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !linux && riscv64
+// +build !linux,riscv64
+
+package cpu
+
+func archInit() {
+	Initialized = true
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go b/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
new file mode 100644
index 000000000..4e8acd165
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
@@ -0,0 +1,17 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ppc64 || ppc64le
+// +build ppc64 ppc64le
+
+package cpu
+
+const cacheLineSize = 128
+
+func initOptions() {
+	options = []option{
+		{Name: "darn", Feature: &PPC64.HasDARN},
+		{Name: "scv", Feature: &PPC64.HasSCV},
+	}
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_riscv64.go b/vendor/golang.org/x/sys/cpu/cpu_riscv64.go
new file mode 100644
index 000000000..ff7da60eb
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_riscv64.go
@@ -0,0 +1,12 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build riscv64
+// +build riscv64
+
+package cpu
+
+const cacheLineSize = 64
+
+func initOptions() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_s390x.go
new file mode 100644
index 000000000..5881b8833
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_s390x.go
@@ -0,0 +1,172 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+const cacheLineSize = 256
+
+func initOptions() {
+	options = []option{
+		{Name: "zarch", Feature: &S390X.HasZARCH, Required: true},
+		{Name: "stfle", Feature: &S390X.HasSTFLE, Required: true},
+		{Name: "ldisp", Feature: &S390X.HasLDISP, Required: true},
+		{Name: "eimm", Feature: &S390X.HasEIMM, Required: true},
+		{Name: "dfp", Feature: &S390X.HasDFP},
+		{Name: "etf3eh", Feature: &S390X.HasETF3EH},
+		{Name: "msa", Feature: &S390X.HasMSA},
+		{Name: "aes", Feature: &S390X.HasAES},
+		{Name: "aescbc", Feature: &S390X.HasAESCBC},
+		{Name: "aesctr", Feature: &S390X.HasAESCTR},
+		{Name: "aesgcm", Feature: &S390X.HasAESGCM},
+		{Name: "ghash", Feature: &S390X.HasGHASH},
+		{Name: "sha1", Feature: &S390X.HasSHA1},
+		{Name: "sha256", Feature: &S390X.HasSHA256},
+		{Name: "sha3", Feature: &S390X.HasSHA3},
+		{Name: "sha512", Feature: &S390X.HasSHA512},
+		{Name: "vx", Feature: &S390X.HasVX},
+		{Name: "vxe", Feature: &S390X.HasVXE},
+	}
+}
+
+// bitIsSet reports whether the bit at index is set. The bit index
+// is in big endian order, so bit index 0 is the leftmost bit.
+func bitIsSet(bits []uint64, index uint) bool {
+	return bits[index/64]&((1<<63)>>(index%64)) != 0
+}
+
+// facility is a bit index for the named facility.
+type facility uint8
+
+const (
+	// mandatory facilities
+	zarch  facility = 1  // z architecture mode is active
+	stflef facility = 7  // store-facility-list-extended
+	ldisp  facility = 18 // long-displacement
+	eimm   facility = 21 // extended-immediate
+
+	// miscellaneous facilities
+	dfp    facility = 42 // decimal-floating-point
+	etf3eh facility = 30 // extended-translation 3 enhancement
+
+	// cryptography facilities
+	msa  facility = 17  // message-security-assist
+	msa3 facility = 76  // message-security-assist extension 3
+	msa4 facility = 77  // message-security-assist extension 4
+	msa5 facility = 57  // message-security-assist extension 5
+	msa8 facility = 146 // message-security-assist extension 8
+	msa9 facility = 155 // message-security-assist extension 9
+
+	// vector facilities
+	vx   facility = 129 // vector facility
+	vxe  facility = 135 // vector-enhancements 1
+	vxe2 facility = 148 // vector-enhancements 2
+)
+
+// facilityList contains the result of an STFLE call.
+// Bits are numbered in big endian order so the
+// leftmost bit (the MSB) is at index 0.
+type facilityList struct {
+	bits [4]uint64
+}
+
+// Has reports whether the given facilities are present.
+func (s *facilityList) Has(fs ...facility) bool {
+	if len(fs) == 0 {
+		panic("no facility bits provided")
+	}
+	for _, f := range fs {
+		if !bitIsSet(s.bits[:], uint(f)) {
+			return false
+		}
+	}
+	return true
+}
+
+// function is the code for the named cryptographic function.
+type function uint8
+
+const (
+	// KM{,A,C,CTR} function codes
+	aes128 function = 18 // AES-128
+	aes192 function = 19 // AES-192
+	aes256 function = 20 // AES-256
+
+	// K{I,L}MD function codes
+	sha1     function = 1  // SHA-1
+	sha256   function = 2  // SHA-256
+	sha512   function = 3  // SHA-512
+	sha3_224 function = 32 // SHA3-224
+	sha3_256 function = 33 // SHA3-256
+	sha3_384 function = 34 // SHA3-384
+	sha3_512 function = 35 // SHA3-512
+	shake128 function = 36 // SHAKE-128
+	shake256 function = 37 // SHAKE-256
+
+	// KLMD function codes
+	ghash function = 65 // GHASH
+)
+
+// queryResult contains the result of a Query function
+// call. Bits are numbered in big endian order so the
+// leftmost bit (the MSB) is at index 0.
+type queryResult struct {
+	bits [2]uint64
+}
+
+// Has reports whether the given functions are present.
+func (q *queryResult) Has(fns ...function) bool {
+	if len(fns) == 0 {
+		panic("no function codes provided")
+	}
+	for _, f := range fns {
+		if !bitIsSet(q.bits[:], uint(f)) {
+			return false
+		}
+	}
+	return true
+}
+
+func doinit() {
+	initS390Xbase()
+
+	// We need implementations of stfle, km and so on
+	// to detect cryptographic features.
+	if !haveAsmFunctions() {
+		return
+	}
+
+	// optional cryptographic functions
+	if S390X.HasMSA {
+		aes := []function{aes128, aes192, aes256}
+
+		// cipher message
+		km, kmc := kmQuery(), kmcQuery()
+		S390X.HasAES = km.Has(aes...)
+		S390X.HasAESCBC = kmc.Has(aes...)
+		if S390X.HasSTFLE {
+			facilities := stfle()
+			if facilities.Has(msa4) {
+				kmctr := kmctrQuery()
+				S390X.HasAESCTR = kmctr.Has(aes...)
+			}
+			if facilities.Has(msa8) {
+				kma := kmaQuery()
+				S390X.HasAESGCM = kma.Has(aes...)
+			}
+		}
+
+		// compute message digest
+		kimd := kimdQuery() // intermediate (no padding)
+		klmd := klmdQuery() // last (padding)
+		S390X.HasSHA1 = kimd.Has(sha1) && klmd.Has(sha1)
+		S390X.HasSHA256 = kimd.Has(sha256) && klmd.Has(sha256)
+		S390X.HasSHA512 = kimd.Has(sha512) && klmd.Has(sha512)
+		S390X.HasGHASH = kimd.Has(ghash) // KLMD-GHASH does not exist
+		sha3 := []function{
+			sha3_224, sha3_256, sha3_384, sha3_512,
+			shake128, shake256,
+		}
+		S390X.HasSHA3 = kimd.Has(sha3...) && klmd.Has(sha3...)
+	}
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_s390x.s b/vendor/golang.org/x/sys/cpu/cpu_s390x.s
new file mode 100644
index 000000000..96f81e209
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_s390x.s
@@ -0,0 +1,58 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc
+// +build gc
+
+#include "textflag.h"
+
+// func stfle() facilityList
+TEXT ·stfle(SB), NOSPLIT|NOFRAME, $0-32
+	MOVD $ret+0(FP), R1
+	MOVD $3, R0          // last doubleword index to store
+	XC   $32, (R1), (R1) // clear 4 doublewords (32 bytes)
+	WORD $0xb2b01000     // store facility list extended (STFLE)
+	RET
+
+// func kmQuery() queryResult
+TEXT ·kmQuery(SB), NOSPLIT|NOFRAME, $0-16
+	MOVD $0, R0         // set function code to 0 (KM-Query)
+	MOVD $ret+0(FP), R1 // address of 16-byte return value
+	WORD $0xB92E0024    // cipher message (KM)
+	RET
+
+// func kmcQuery() queryResult
+TEXT ·kmcQuery(SB), NOSPLIT|NOFRAME, $0-16
+	MOVD $0, R0         // set function code to 0 (KMC-Query)
+	MOVD $ret+0(FP), R1 // address of 16-byte return value
+	WORD $0xB92F0024    // cipher message with chaining (KMC)
+	RET
+
+// func kmctrQuery() queryResult
+TEXT ·kmctrQuery(SB), NOSPLIT|NOFRAME, $0-16
+	MOVD $0, R0         // set function code to 0 (KMCTR-Query)
+	MOVD $ret+0(FP), R1 // address of 16-byte return value
+	WORD $0xB92D4024    // cipher message with counter (KMCTR)
+	RET
+
+// func kmaQuery() queryResult
+TEXT ·kmaQuery(SB), NOSPLIT|NOFRAME, $0-16
+	MOVD $0, R0         // set function code to 0 (KMA-Query)
+	MOVD $ret+0(FP), R1 // address of 16-byte return value
+	WORD $0xb9296024    // cipher message with authentication (KMA)
+	RET
+
+// func kimdQuery() queryResult
+TEXT ·kimdQuery(SB), NOSPLIT|NOFRAME, $0-16
+	MOVD $0, R0         // set function code to 0 (KIMD-Query)
+	MOVD $ret+0(FP), R1 // address of 16-byte return value
+	WORD $0xB93E0024    // compute intermediate message digest (KIMD)
+	RET
+
+// func klmdQuery() queryResult
+TEXT ·klmdQuery(SB), NOSPLIT|NOFRAME, $0-16
+	MOVD $0, R0         // set function code to 0 (KLMD-Query)
+	MOVD $ret+0(FP), R1 // address of 16-byte return value
+	WORD $0xB93F0024    // compute last message digest (KLMD)
+	RET
diff --git a/vendor/golang.org/x/sys/cpu/cpu_wasm.go b/vendor/golang.org/x/sys/cpu/cpu_wasm.go
new file mode 100644
index 000000000..7747d888a
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_wasm.go
@@ -0,0 +1,18 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build wasm
+// +build wasm
+
+package cpu
+
+// We're compiling the cpu package for an unknown (software-abstracted) CPU.
+// Make CacheLinePad an empty struct and hope that the usual struct alignment
+// rules are good enough.
+
+const cacheLineSize = 0
+
+func initOptions() {}
+
+func archInit() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.go b/vendor/golang.org/x/sys/cpu/cpu_x86.go
new file mode 100644
index 000000000..2dcde8285
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_x86.go
@@ -0,0 +1,152 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build 386 || amd64 || amd64p32
+// +build 386 amd64 amd64p32
+
+package cpu
+
+import "runtime"
+
+const cacheLineSize = 64
+
+func initOptions() {
+	options = []option{
+		{Name: "adx", Feature: &X86.HasADX},
+		{Name: "aes", Feature: &X86.HasAES},
+		{Name: "avx", Feature: &X86.HasAVX},
+		{Name: "avx2", Feature: &X86.HasAVX2},
+		{Name: "avx512", Feature: &X86.HasAVX512},
+		{Name: "avx512f", Feature: &X86.HasAVX512F},
+		{Name: "avx512cd", Feature: &X86.HasAVX512CD},
+		{Name: "avx512er", Feature: &X86.HasAVX512ER},
+		{Name: "avx512pf", Feature: &X86.HasAVX512PF},
+		{Name: "avx512vl", Feature: &X86.HasAVX512VL},
+		{Name: "avx512bw", Feature: &X86.HasAVX512BW},
+		{Name: "avx512dq", Feature: &X86.HasAVX512DQ},
+		{Name: "avx512ifma", Feature: &X86.HasAVX512IFMA},
+		{Name: "avx512vbmi", Feature: &X86.HasAVX512VBMI},
+		{Name: "avx512vnniw", Feature: &X86.HasAVX5124VNNIW},
+		{Name: "avx5124fmaps", Feature: &X86.HasAVX5124FMAPS},
+		{Name: "avx512vpopcntdq", Feature: &X86.HasAVX512VPOPCNTDQ},
+		{Name: "avx512vpclmulqdq", Feature: &X86.HasAVX512VPCLMULQDQ},
+		{Name: "avx512vnni", Feature: &X86.HasAVX512VNNI},
+		{Name: "avx512gfni", Feature: &X86.HasAVX512GFNI},
+		{Name: "avx512vaes", Feature: &X86.HasAVX512VAES},
+		{Name: "avx512vbmi2", Feature: &X86.HasAVX512VBMI2},
+		{Name: "avx512bitalg", Feature: &X86.HasAVX512BITALG},
+		{Name: "avx512bf16", Feature: &X86.HasAVX512BF16},
+		{Name: "amxtile", Feature: &X86.HasAMXTile},
+		{Name: "amxint8", Feature: &X86.HasAMXInt8},
+		{Name: "amxbf16", Feature: &X86.HasAMXBF16},
+		{Name: "bmi1", Feature: &X86.HasBMI1},
+		{Name: "bmi2", Feature: &X86.HasBMI2},
+		{Name: "cx16", Feature: &X86.HasCX16},
+		{Name: "erms", Feature: &X86.HasERMS},
+		{Name: "fma", Feature: &X86.HasFMA},
+		{Name: "osxsave", Feature: &X86.HasOSXSAVE},
+		{Name: "pclmulqdq", Feature: &X86.HasPCLMULQDQ},
+		{Name: "popcnt", Feature: &X86.HasPOPCNT},
+		{Name: "rdrand", Feature: &X86.HasRDRAND},
+		{Name: "rdseed", Feature: &X86.HasRDSEED},
+		{Name: "sse3", Feature: &X86.HasSSE3},
+		{Name: "sse41", Feature: &X86.HasSSE41},
+		{Name: "sse42", Feature: &X86.HasSSE42},
+		{Name: "ssse3", Feature: &X86.HasSSSE3},
+
+		// These capabilities should always be enabled on amd64:
+		{Name: "sse2", Feature: &X86.HasSSE2, Required: runtime.GOARCH == "amd64"},
+	}
+}
+
+func archInit() {
+
+	Initialized = true
+
+	maxID, _, _, _ := cpuid(0, 0)
+
+	if maxID < 1 {
+		return
+	}
+
+	_, _, ecx1, edx1 := cpuid(1, 0)
+	X86.HasSSE2 = isSet(26, edx1)
+
+	X86.HasSSE3 = isSet(0, ecx1)
+	X86.HasPCLMULQDQ = isSet(1, ecx1)
+	X86.HasSSSE3 = isSet(9, ecx1)
+	X86.HasFMA = isSet(12, ecx1)
+	X86.HasCX16 = isSet(13, ecx1)
+	X86.HasSSE41 = isSet(19, ecx1)
+	X86.HasSSE42 = isSet(20, ecx1)
+	X86.HasPOPCNT = isSet(23, ecx1)
+	X86.HasAES = isSet(25, ecx1)
+	X86.HasOSXSAVE = isSet(27, ecx1)
+	X86.HasRDRAND = isSet(30, ecx1)
+
+	var osSupportsAVX, osSupportsAVX512 bool
+	// For XGETBV, OSXSAVE bit is required and sufficient.
+	if X86.HasOSXSAVE {
+		eax, _ := xgetbv()
+		// Check if XMM and YMM registers have OS support.
+		osSupportsAVX = isSet(1, eax) && isSet(2, eax)
+
+		if runtime.GOOS == "darwin" {
+			// Darwin doesn't save/restore AVX-512 mask registers correctly across signal handlers.
+			// Since users can't rely on mask register contents, let's not advertise AVX-512 support.
+			// See issue 49233.
+			osSupportsAVX512 = false
+		} else {
+			// Check if OPMASK and ZMM registers have OS support.
+			osSupportsAVX512 = osSupportsAVX && isSet(5, eax) && isSet(6, eax) && isSet(7, eax)
+		}
+	}
+
+	X86.HasAVX = isSet(28, ecx1) && osSupportsAVX
+
+	if maxID < 7 {
+		return
+	}
+
+	_, ebx7, ecx7, edx7 := cpuid(7, 0)
+	X86.HasBMI1 = isSet(3, ebx7)
+	X86.HasAVX2 = isSet(5, ebx7) && osSupportsAVX
+	X86.HasBMI2 = isSet(8, ebx7)
+	X86.HasERMS = isSet(9, ebx7)
+	X86.HasRDSEED = isSet(18, ebx7)
+	X86.HasADX = isSet(19, ebx7)
+
+	X86.HasAVX512 = isSet(16, ebx7) && osSupportsAVX512 // Because avx-512 foundation is the core required extension
+	if X86.HasAVX512 {
+		X86.HasAVX512F = true
+		X86.HasAVX512CD = isSet(28, ebx7)
+		X86.HasAVX512ER = isSet(27, ebx7)
+		X86.HasAVX512PF = isSet(26, ebx7)
+		X86.HasAVX512VL = isSet(31, ebx7)
+		X86.HasAVX512BW = isSet(30, ebx7)
+		X86.HasAVX512DQ = isSet(17, ebx7)
+		X86.HasAVX512IFMA = isSet(21, ebx7)
+		X86.HasAVX512VBMI = isSet(1, ecx7)
+		X86.HasAVX5124VNNIW = isSet(2, edx7)
+		X86.HasAVX5124FMAPS = isSet(3, edx7)
+		X86.HasAVX512VPOPCNTDQ = isSet(14, ecx7)
+		X86.HasAVX512VPCLMULQDQ = isSet(10, ecx7)
+		X86.HasAVX512VNNI = isSet(11, ecx7)
+		X86.HasAVX512GFNI = isSet(8, ecx7)
+		X86.HasAVX512VAES = isSet(9, ecx7)
+		X86.HasAVX512VBMI2 = isSet(6, ecx7)
+		X86.HasAVX512BITALG = isSet(12, ecx7)
+
+		eax71, _, _, _ := cpuid(7, 1)
+		X86.HasAVX512BF16 = isSet(5, eax71)
+	}
+
+	X86.HasAMXTile = isSet(24, edx7)
+	X86.HasAMXInt8 = isSet(25, edx7)
+	X86.HasAMXBF16 = isSet(22, edx7)
+}
+
+func isSet(bitpos uint, value uint32) bool {
+	return value&(1<<bitpos) != 0
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.s b/vendor/golang.org/x/sys/cpu/cpu_x86.s
new file mode 100644
index 000000000..39acab2ff
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_x86.s
@@ -0,0 +1,28 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (386 || amd64 || amd64p32) && gc
+// +build 386 amd64 amd64p32
+// +build gc
+
+#include "textflag.h"
+
+// func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32)
+TEXT ·cpuid(SB), NOSPLIT, $0-24
+	MOVL eaxArg+0(FP), AX
+	MOVL ecxArg+4(FP), CX
+	CPUID
+	MOVL AX, eax+8(FP)
+	MOVL BX, ebx+12(FP)
+	MOVL CX, ecx+16(FP)
+	MOVL DX, edx+20(FP)
+	RET
+
+// func xgetbv() (eax, edx uint32)
+TEXT ·xgetbv(SB),NOSPLIT,$0-8
+	MOVL $0, CX
+	XGETBV
+	MOVL AX, eax+0(FP)
+	MOVL DX, edx+4(FP)
+	RET
diff --git a/vendor/golang.org/x/sys/cpu/cpu_zos.go b/vendor/golang.org/x/sys/cpu/cpu_zos.go
new file mode 100644
index 000000000..5f54683a2
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_zos.go
@@ -0,0 +1,10 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+func archInit() {
+	doinit()
+	Initialized = true
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_zos_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_zos_s390x.go
new file mode 100644
index 000000000..ccb1b708a
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_zos_s390x.go
@@ -0,0 +1,25 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+func initS390Xbase() {
+	// get the facilities list
+	facilities := stfle()
+
+	// mandatory
+	S390X.HasZARCH = facilities.Has(zarch)
+	S390X.HasSTFLE = facilities.Has(stflef)
+	S390X.HasLDISP = facilities.Has(ldisp)
+	S390X.HasEIMM = facilities.Has(eimm)
+
+	// optional
+	S390X.HasETF3EH = facilities.Has(etf3eh)
+	S390X.HasDFP = facilities.Has(dfp)
+	S390X.HasMSA = facilities.Has(msa)
+	S390X.HasVX = facilities.Has(vx)
+	if S390X.HasVX {
+		S390X.HasVXE = facilities.Has(vxe)
+	}
+}
diff --git a/vendor/golang.org/x/sys/cpu/endian_big.go b/vendor/golang.org/x/sys/cpu/endian_big.go
new file mode 100644
index 000000000..93ce03a34
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/endian_big.go
@@ -0,0 +1,11 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build armbe || arm64be || m68k || mips || mips64 || mips64p32 || ppc || ppc64 || s390 || s390x || shbe || sparc || sparc64
+// +build armbe arm64be m68k mips mips64 mips64p32 ppc ppc64 s390 s390x shbe sparc sparc64
+
+package cpu
+
+// IsBigEndian records whether the GOARCH's byte order is big endian.
+const IsBigEndian = true
diff --git a/vendor/golang.org/x/sys/cpu/endian_little.go b/vendor/golang.org/x/sys/cpu/endian_little.go
new file mode 100644
index 000000000..55db853ef
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/endian_little.go
@@ -0,0 +1,11 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build 386 || amd64 || amd64p32 || alpha || arm || arm64 || loong64 || mipsle || mips64le || mips64p32le || nios2 || ppc64le || riscv || riscv64 || sh || wasm
+// +build 386 amd64 amd64p32 alpha arm arm64 loong64 mipsle mips64le mips64p32le nios2 ppc64le riscv riscv64 sh wasm
+
+package cpu
+
+// IsBigEndian records whether the GOARCH's byte order is big endian.
+const IsBigEndian = false
diff --git a/vendor/golang.org/x/sys/cpu/hwcap_linux.go b/vendor/golang.org/x/sys/cpu/hwcap_linux.go
new file mode 100644
index 000000000..34e49f955
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/hwcap_linux.go
@@ -0,0 +1,71 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+import (
+	"os"
+)
+
+const (
+	_AT_HWCAP  = 16
+	_AT_HWCAP2 = 26
+
+	procAuxv = "/proc/self/auxv"
+
+	uintSize = int(32 << (^uint(0) >> 63))
+)
+
+// For those platforms don't have a 'cpuid' equivalent we use HWCAP/HWCAP2
+// These are initialized in cpu_$GOARCH.go
+// and should not be changed after they are initialized.
+var hwCap uint
+var hwCap2 uint
+
+func readHWCAP() error {
+	// For Go 1.21+, get auxv from the Go runtime.
+	if a := getAuxv(); len(a) > 0 {
+		for len(a) >= 2 {
+			tag, val := a[0], uint(a[1])
+			a = a[2:]
+			switch tag {
+			case _AT_HWCAP:
+				hwCap = val
+			case _AT_HWCAP2:
+				hwCap2 = val
+			}
+		}
+		return nil
+	}
+
+	buf, err := os.ReadFile(procAuxv)
+	if err != nil {
+		// e.g. on android /proc/self/auxv is not accessible, so silently
+		// ignore the error and leave Initialized = false. On some
+		// architectures (e.g. arm64) doinit() implements a fallback
+		// readout and will set Initialized = true again.
+		return err
+	}
+	bo := hostByteOrder()
+	for len(buf) >= 2*(uintSize/8) {
+		var tag, val uint
+		switch uintSize {
+		case 32:
+			tag = uint(bo.Uint32(buf[0:]))
+			val = uint(bo.Uint32(buf[4:]))
+			buf = buf[8:]
+		case 64:
+			tag = uint(bo.Uint64(buf[0:]))
+			val = uint(bo.Uint64(buf[8:]))
+			buf = buf[16:]
+		}
+		switch tag {
+		case _AT_HWCAP:
+			hwCap = val
+		case _AT_HWCAP2:
+			hwCap2 = val
+		}
+	}
+	return nil
+}
diff --git a/vendor/golang.org/x/sys/cpu/parse.go b/vendor/golang.org/x/sys/cpu/parse.go
new file mode 100644
index 000000000..762b63d68
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/parse.go
@@ -0,0 +1,43 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+import "strconv"
+
+// parseRelease parses a dot-separated version number. It follows the semver
+// syntax, but allows the minor and patch versions to be elided.
+//
+// This is a copy of the Go runtime's parseRelease from
+// https://golang.org/cl/209597.
+func parseRelease(rel string) (major, minor, patch int, ok bool) {
+	// Strip anything after a dash or plus.
+	for i := 0; i < len(rel); i++ {
+		if rel[i] == '-' || rel[i] == '+' {
+			rel = rel[:i]
+			break
+		}
+	}
+
+	next := func() (int, bool) {
+		for i := 0; i < len(rel); i++ {
+			if rel[i] == '.' {
+				ver, err := strconv.Atoi(rel[:i])
+				rel = rel[i+1:]
+				return ver, err == nil
+			}
+		}
+		ver, err := strconv.Atoi(rel)
+		rel = ""
+		return ver, err == nil
+	}
+	if major, ok = next(); !ok || rel == "" {
+		return
+	}
+	if minor, ok = next(); !ok || rel == "" {
+		return
+	}
+	patch, ok = next()
+	return
+}
diff --git a/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go b/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go
new file mode 100644
index 000000000..d87bd6b3e
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go
@@ -0,0 +1,54 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build linux && arm64
+// +build linux,arm64
+
+package cpu
+
+import (
+	"errors"
+	"io"
+	"os"
+	"strings"
+)
+
+func readLinuxProcCPUInfo() error {
+	f, err := os.Open("/proc/cpuinfo")
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+
+	var buf [1 << 10]byte // enough for first CPU
+	n, err := io.ReadFull(f, buf[:])
+	if err != nil && err != io.ErrUnexpectedEOF {
+		return err
+	}
+	in := string(buf[:n])
+	const features = "\nFeatures	: "
+	i := strings.Index(in, features)
+	if i == -1 {
+		return errors.New("no CPU features found")
+	}
+	in = in[i+len(features):]
+	if i := strings.Index(in, "\n"); i != -1 {
+		in = in[:i]
+	}
+	m := map[string]*bool{}
+
+	initOptions() // need it early here; it's harmless to call twice
+	for _, o := range options {
+		m[o.Name] = o.Feature
+	}
+	// The EVTSTRM field has alias "evstrm" in Go, but Linux calls it "evtstrm".
+	m["evtstrm"] = &ARM64.HasEVTSTRM
+
+	for _, f := range strings.Fields(in) {
+		if p, ok := m[f]; ok {
+			*p = true
+		}
+	}
+	return nil
+}
diff --git a/vendor/golang.org/x/sys/cpu/runtime_auxv.go b/vendor/golang.org/x/sys/cpu/runtime_auxv.go
new file mode 100644
index 000000000..5f92ac9a2
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/runtime_auxv.go
@@ -0,0 +1,16 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+// getAuxvFn is non-nil on Go 1.21+ (via runtime_auxv_go121.go init)
+// on platforms that use auxv.
+var getAuxvFn func() []uintptr
+
+func getAuxv() []uintptr {
+	if getAuxvFn == nil {
+		return nil
+	}
+	return getAuxvFn()
+}
diff --git a/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go b/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go
new file mode 100644
index 000000000..b975ea2a0
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go
@@ -0,0 +1,19 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.21
+// +build go1.21
+
+package cpu
+
+import (
+	_ "unsafe" // for linkname
+)
+
+//go:linkname runtime_getAuxv runtime.getAuxv
+func runtime_getAuxv() []uintptr
+
+func init() {
+	getAuxvFn = runtime_getAuxv
+}
diff --git a/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go b/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go
new file mode 100644
index 000000000..96134157a
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go
@@ -0,0 +1,27 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Recreate a getsystemcfg syscall handler instead of
+// using the one provided by x/sys/unix to avoid having
+// the dependency between them. (See golang.org/issue/32102)
+// Moreover, this file will be used during the building of
+// gccgo's libgo and thus must not used a CGo method.
+
+//go:build aix && gccgo
+// +build aix,gccgo
+
+package cpu
+
+import (
+	"syscall"
+)
+
+//extern getsystemcfg
+func gccgoGetsystemcfg(label uint32) (r uint64)
+
+func callgetsystemcfg(label int) (r1 uintptr, e1 syscall.Errno) {
+	r1 = uintptr(gccgoGetsystemcfg(uint32(label)))
+	e1 = syscall.GetErrno()
+	return
+}
diff --git a/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go b/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
new file mode 100644
index 000000000..904be42ff
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
@@ -0,0 +1,36 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Minimal copy of x/sys/unix so the cpu package can make a
+// system call on AIX without depending on x/sys/unix.
+// (See golang.org/issue/32102)
+
+//go:build aix && ppc64 && gc
+// +build aix,ppc64,gc
+
+package cpu
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+//go:cgo_import_dynamic libc_getsystemcfg getsystemcfg "libc.a/shr_64.o"
+
+//go:linkname libc_getsystemcfg libc_getsystemcfg
+
+type syscallFunc uintptr
+
+var libc_getsystemcfg syscallFunc
+
+type errno = syscall.Errno
+
+// Implemented in runtime/syscall_aix.go.
+func rawSyscall6(trap, nargs, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err errno)
+func syscall6(trap, nargs, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err errno)
+
+func callgetsystemcfg(label int) (r1 uintptr, e1 errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_getsystemcfg)), 1, uintptr(label), 0, 0, 0, 0, 0)
+	return
+}
diff --git a/vendor/google.golang.org/api/cloudresourcemanager/v1/cloudresourcemanager-gen.go b/vendor/google.golang.org/api/cloudresourcemanager/v1/cloudresourcemanager-gen.go
index 2e8496259..a94af0185 100644
--- a/vendor/google.golang.org/api/cloudresourcemanager/v1/cloudresourcemanager-gen.go
+++ b/vendor/google.golang.org/api/cloudresourcemanager/v1/cloudresourcemanager-gen.go
@@ -75,6 +75,7 @@ var _ = errors.New
 var _ = strings.Replace
 var _ = context.Canceled
 var _ = internaloption.WithDefaultEndpoint
+var _ = internal.Version
 
 const apiId = "cloudresourcemanager:v1"
 const apiName = "cloudresourcemanager"
diff --git a/vendor/google.golang.org/api/compute/v0.alpha/compute-api.json b/vendor/google.golang.org/api/compute/v0.alpha/compute-api.json
index 42123cf77..2b26e29a5 100644
--- a/vendor/google.golang.org/api/compute/v0.alpha/compute-api.json
+++ b/vendor/google.golang.org/api/compute/v0.alpha/compute-api.json
@@ -808,7 +808,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified autoscaler resource. Gets a list of available autoscalers by making a list() request.",
+          "description": "Returns the specified autoscaler resource.",
           "flatPath": "projects/{project}/zones/{zone}/autoscalers/{autoscaler}",
           "httpMethod": "GET",
           "id": "compute.autoscalers.get",
@@ -1227,7 +1227,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified BackendBucket resource. Gets a list of available backend buckets by making a list() request.",
+          "description": "Returns the specified BackendBucket resource.",
           "flatPath": "projects/{project}/global/backendBuckets/{backendBucket}",
           "httpMethod": "GET",
           "id": "compute.backendBuckets.get",
@@ -1781,7 +1781,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified BackendService resource. Gets a list of available backend services.",
+          "description": "Returns the specified BackendService resource.",
           "flatPath": "projects/{project}/global/backendServices/{backendService}",
           "httpMethod": "GET",
           "id": "compute.backendServices.get",
@@ -2225,6 +2225,93 @@
         }
       }
     },
+    "diskSettings": {
+      "methods": {
+        "get": {
+          "description": "Get Zonal Disk Settings.",
+          "flatPath": "projects/{project}/zones/{zone}/diskSettings",
+          "httpMethod": "GET",
+          "id": "compute.diskSettings.get",
+          "parameterOrder": [
+            "project",
+            "zone"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "zone": {
+              "description": "Name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/diskSettings",
+          "response": {
+            "$ref": "DiskSettings"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "patch": {
+          "description": "Patch Zonal Disk Settings",
+          "flatPath": "projects/{project}/zones/{zone}/diskSettings",
+          "httpMethod": "PATCH",
+          "id": "compute.diskSettings.patch",
+          "parameterOrder": [
+            "project",
+            "zone"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "updateMask": {
+              "description": "update_mask indicates fields to be updated as part of this request.",
+              "format": "google-fieldmask",
+              "location": "query",
+              "type": "string"
+            },
+            "zone": {
+              "description": "The name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/diskSettings",
+          "request": {
+            "$ref": "DiskSettings"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        }
+      }
+    },
     "diskTypes": {
       "methods": {
         "aggregatedList": {
@@ -2288,7 +2375,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified disk type. Gets a list of available disk types by making a list() request.",
+          "description": "Returns the specified disk type.",
           "flatPath": "projects/{project}/zones/{zone}/diskTypes/{diskType}",
           "httpMethod": "GET",
           "id": "compute.diskTypes.get",
@@ -2651,7 +2738,7 @@
           ]
         },
         "get": {
-          "description": "Returns a specified persistent disk. Gets a list of available persistent disks by making a list() request.",
+          "description": "Returns the specified persistent disk.",
           "flatPath": "projects/{project}/zones/{zone}/disks/{disk}",
           "httpMethod": "GET",
           "id": "compute.disks.get",
@@ -3136,9 +3223,6 @@
             }
           },
           "path": "projects/{project}/zones/{zone}/disks/{disk}/stopAsyncReplication",
-          "request": {
-            "$ref": "DisksStopAsyncReplicationRequest"
-          },
           "response": {
             "$ref": "Operation"
           },
@@ -3866,7 +3950,7 @@
               "type": "string"
             },
             "parentId": {
-              "description": "Parent ID for this request.",
+              "description": "Parent ID for this request. The ID can be either be \"folders/[FOLDER_ID]\" if the parent is a folder or \"organizations/[ORGANIZATION_ID]\" if the parent is an organization.",
               "location": "query",
               "type": "string"
             },
@@ -3925,7 +4009,7 @@
               "type": "string"
             },
             "parentId": {
-              "description": "The new parent of the firewall policy.",
+              "description": "The new parent of the firewall policy. The ID can be either be \"folders/[FOLDER_ID]\" if the parent is a folder or \"organizations/[ORGANIZATION_ID]\" if the parent is an organization.",
               "location": "query",
               "type": "string"
             },
@@ -5295,7 +5379,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified address resource. Gets a list of available addresses by making a list() request.",
+          "description": "Returns the specified address resource.",
           "flatPath": "projects/{project}/global/addresses/{address}",
           "httpMethod": "GET",
           "id": "compute.globalAddresses.get",
@@ -5339,7 +5423,7 @@
           ],
           "parameters": {
             "ipAddress": {
-              "description": "The ip_address could be external IPv4, or internal IPv4 within IPv6 form of virtual_network_id with internal IPv4. IPv6 is not supported yet.",
+              "description": "The VM IP address.",
               "location": "query",
               "type": "string"
             },
@@ -6018,7 +6102,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified network endpoint group. Gets a list of available network endpoint groups by making a list() request.",
+          "description": "Returns the specified network endpoint group.",
           "flatPath": "projects/{project}/global/networkEndpointGroups/{networkEndpointGroup}",
           "httpMethod": "GET",
           "id": "compute.globalNetworkEndpointGroups.get",
@@ -6849,7 +6933,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified HealthCheck resource. Gets a list of available health checks by making a list() request.",
+          "description": "Returns the specified HealthCheck resource.",
           "flatPath": "projects/{project}/global/healthChecks/{healthCheck}",
           "httpMethod": "GET",
           "id": "compute.healthChecks.get",
@@ -7138,7 +7222,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified HttpHealthCheck resource. Gets a list of available HTTP health checks by making a list() request.",
+          "description": "Returns the specified HttpHealthCheck resource.",
           "flatPath": "projects/{project}/global/httpHealthChecks/{httpHealthCheck}",
           "httpMethod": "GET",
           "id": "compute.httpHealthChecks.get",
@@ -7427,7 +7511,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified HttpsHealthCheck resource. Gets a list of available HTTPS health checks by making a list() request.",
+          "description": "Returns the specified HttpsHealthCheck resource.",
           "flatPath": "projects/{project}/global/httpsHealthChecks/{httpsHealthCheck}",
           "httpMethod": "GET",
           "id": "compute.httpsHealthChecks.get",
@@ -7805,7 +7889,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified image. Gets a list of available images by making a list() request.",
+          "description": "Returns the specified image.",
           "flatPath": "projects/{project}/global/images/{image}",
           "httpMethod": "GET",
           "id": "compute.images.get",
@@ -8176,8 +8260,60 @@
     },
     "instanceGroupManagerResizeRequests": {
       "methods": {
+        "cancel": {
+          "description": "Cancels the specified resize request and removes it from the queue. Cancelled resize request does no longer wait for the resources to be provisioned. Cancel is only possible for requests that are accepted in the queue.",
+          "flatPath": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests/{resizeRequest}/cancel",
+          "httpMethod": "POST",
+          "id": "compute.instanceGroupManagerResizeRequests.cancel",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "instanceGroupManager",
+            "resizeRequest"
+          ],
+          "parameters": {
+            "instanceGroupManager": {
+              "description": "The name of the managed instance group. The name should conform to RFC1035 or be a resource ID.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "resizeRequest": {
+              "description": "The name of the resize request to cancel. The name should conform to RFC1035 or be a resource ID.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "zone": {
+              "description": "The name of the zone where the managed instance group is located. The name should conform to RFC1035.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests/{resizeRequest}/cancel",
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "delete": {
-          "description": "Deletes the specified resize request.",
+          "description": "Deletes the specified, inactive resize request. Requests that are still active cannot be deleted. Deleting request does not delete instances that were provisioned previously.",
           "flatPath": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests/{resizeRequest}",
           "httpMethod": "DELETE",
           "id": "compute.instanceGroupManagerResizeRequests.delete",
@@ -8733,7 +8869,7 @@
           ]
         },
         "get": {
-          "description": "Returns all of the details about the specified managed instance group. Gets a list of available managed instance groups by making a list() request.",
+          "description": "Returns all of the details about the specified managed instance group.",
           "flatPath": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}",
           "httpMethod": "GET",
           "id": "compute.instanceGroupManagers.get",
@@ -9377,6 +9513,7 @@
           ]
         },
         "setAutoHealingPolicies": {
+          "deprecated": true,
           "description": "Motifies the autohealing policy for the instances in this managed instance group. [Deprecated] This method is deprecated. Use instanceGroupManagers.patch instead.",
           "flatPath": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/setAutoHealingPolicies",
           "httpMethod": "POST",
@@ -10323,6 +10460,92 @@
         }
       }
     },
+    "instanceSettings": {
+      "methods": {
+        "get": {
+          "description": "Get Instance settings.",
+          "flatPath": "projects/{project}/zones/{zone}/instanceSettings",
+          "httpMethod": "GET",
+          "id": "compute.instanceSettings.get",
+          "parameterOrder": [
+            "project",
+            "zone"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "zone": {
+              "description": "Name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/instanceSettings",
+          "response": {
+            "$ref": "InstanceSettings"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "patch": {
+          "description": "Patch Instance settings",
+          "flatPath": "projects/{project}/zones/{zone}/instanceSettings",
+          "httpMethod": "PATCH",
+          "id": "compute.instanceSettings.patch",
+          "parameterOrder": [
+            "project",
+            "zone"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "updateMask": {
+              "description": "update_mask indicates fields to be updated as part of this request.",
+              "format": "google-fieldmask",
+              "location": "query",
+              "type": "string"
+            },
+            "zone": {
+              "description": "The zone scoping this request. It should conform to RFC1035.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/instanceSettings",
+          "request": {
+            "$ref": "InstanceSettings"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        }
+      }
+    },
     "instanceTemplates": {
       "methods": {
         "aggregatedList": {
@@ -10425,7 +10648,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified instance template. Gets a list of available instance templates by making a list() request.",
+          "description": "Returns the specified instance template.",
           "flatPath": "projects/{project}/global/instanceTemplates/{instanceTemplate}",
           "httpMethod": "GET",
           "id": "compute.instanceTemplates.get",
@@ -10447,6 +10670,21 @@
               "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
               "required": true,
               "type": "string"
+            },
+            "view": {
+              "description": "View of the instance template.",
+              "enum": [
+                "BASIC",
+                "FULL",
+                "INSTANCE_VIEW_UNSPECIFIED"
+              ],
+              "enumDescriptions": [
+                "Include everything except Partner Metadata.",
+                "Include everything.",
+                "The default / unset value. The API will default to the BASIC view."
+              ],
+              "location": "query",
+              "type": "string"
             }
           },
           "path": "projects/{project}/global/instanceTemplates/{instanceTemplate}",
@@ -10577,6 +10815,21 @@
               "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
               "location": "query",
               "type": "boolean"
+            },
+            "view": {
+              "description": "View of the instance template.",
+              "enum": [
+                "BASIC",
+                "FULL",
+                "INSTANCE_VIEW_UNSPECIFIED"
+              ],
+              "enumDescriptions": [
+                "Include everything except Partner Metadata.",
+                "Include everything.",
+                "The default / unset value. The API will default to the BASIC view."
+              ],
+              "location": "query",
+              "type": "string"
             }
           },
           "path": "projects/{project}/global/instanceTemplates",
@@ -11095,7 +11348,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified Instance resource. Gets a list of available instances by making a list() request.",
+          "description": "Returns the specified Instance resource.",
           "flatPath": "projects/{project}/zones/{zone}/instances/{instance}",
           "httpMethod": "GET",
           "id": "compute.instances.get",
@@ -11119,6 +11372,21 @@
               "required": true,
               "type": "string"
             },
+            "view": {
+              "description": "View of the instance.",
+              "enum": [
+                "BASIC",
+                "FULL",
+                "INSTANCE_VIEW_UNSPECIFIED"
+              ],
+              "enumDescriptions": [
+                "Include everything except Partner Metadata.",
+                "Include everything.",
+                "The default / unset value. The API will default to the BASIC view."
+              ],
+              "location": "query",
+              "type": "string"
+            },
             "zone": {
               "description": "The name of the zone for this request.",
               "location": "path",
@@ -11289,6 +11557,54 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
+        "getPartnerMetadata": {
+          "description": "Gets partner metadata of the specified instance and namespaces.",
+          "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/getPartnerMetadata",
+          "httpMethod": "GET",
+          "id": "compute.instances.getPartnerMetadata",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "instance"
+          ],
+          "parameters": {
+            "instance": {
+              "description": "Name of the instance scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "namespaces": {
+              "description": "Comma separated partner metadata namespaces.",
+              "location": "query",
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "zone": {
+              "description": "The name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/instances/{instance}/getPartnerMetadata",
+          "response": {
+            "$ref": "PartnerMetadata"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
         "getScreenshot": {
           "description": "Returns the screenshot from the specified instance.",
           "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/screenshot",
@@ -11573,6 +11889,21 @@
               "location": "query",
               "type": "boolean"
             },
+            "view": {
+              "description": "View of the instance.",
+              "enum": [
+                "BASIC",
+                "FULL",
+                "INSTANCE_VIEW_UNSPECIFIED"
+              ],
+              "enumDescriptions": [
+                "Include everything except Partner Metadata.",
+                "Include everything.",
+                "The default / unset value. The API will default to the BASIC view."
+              ],
+              "location": "query",
+              "type": "string"
+            },
             "zone": {
               "description": "The name of the zone for this request.",
               "location": "path",
@@ -11662,6 +11993,56 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
+        "patchPartnerMetadata": {
+          "description": "Patches partner metadata of the specified instance.",
+          "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/patchPartnerMetadata",
+          "httpMethod": "POST",
+          "id": "compute.instances.patchPartnerMetadata",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "instance"
+          ],
+          "parameters": {
+            "instance": {
+              "description": "Name of the instance scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "zone": {
+              "description": "The name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/instances/{instance}/patchPartnerMetadata",
+          "request": {
+            "$ref": "PartnerMetadata"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "performMaintenance": {
           "description": "Perform a manual maintenance on the instance.",
           "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/performMaintenance",
@@ -12405,6 +12786,55 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
+        "setSecurityPolicy": {
+          "description": "Sets the Google Cloud Armor security policy for the specified instance. For more information, see Google Cloud Armor Overview",
+          "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/setSecurityPolicy",
+          "httpMethod": "POST",
+          "id": "compute.instances.setSecurityPolicy",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "instance"
+          ],
+          "parameters": {
+            "instance": {
+              "description": "Name of the Instance resource to which the security policy should be set. The name should conform to RFC1035.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "zone": {
+              "description": "Name of the zone scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/instances/{instance}/setSecurityPolicy",
+          "request": {
+            "$ref": "InstancesSetSecurityPolicyRequest"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "setServiceAccount": {
           "description": "Sets the service account on the instance. For more information, read Changing the service account and access scopes for an instance.",
           "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/setServiceAccount",
@@ -15441,7 +15871,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified machine image. Gets a list of available machine images by making a list() request.",
+          "description": "Returns the specified machine image.",
           "flatPath": "projects/{project}/global/machineImages/{machineImage}",
           "httpMethod": "GET",
           "id": "compute.machineImages.get",
@@ -15750,7 +16180,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified machine type. Gets a list of available machine types by making a list() request.",
+          "description": "Returns the specified machine type.",
           "flatPath": "projects/{project}/zones/{zone}/machineTypes/{machineType}",
           "httpMethod": "GET",
           "id": "compute.machineTypes.get",
@@ -16163,6 +16593,56 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
+        "patch": {
+          "description": "Patches the specified NetworkAttachment resource with the data included in the request. This method supports PATCH semantics and uses JSON merge patch format and processing rules.",
+          "flatPath": "projects/{project}/regions/{region}/networkAttachments/{networkAttachment}",
+          "httpMethod": "PATCH",
+          "id": "compute.networkAttachments.patch",
+          "parameterOrder": [
+            "project",
+            "region",
+            "networkAttachment"
+          ],
+          "parameters": {
+            "networkAttachment": {
+              "description": "Name of the NetworkAttachment resource to patch.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000). end_interface: MixerMutationRequestBuilder",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/networkAttachments/{networkAttachment}",
+          "request": {
+            "$ref": "NetworkAttachment"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "setIamPolicy": {
           "description": "Sets the access control policy on the specified resource. Replaces any existing policy.",
           "flatPath": "projects/{project}/regions/{region}/networkAttachments/{resource}/setIamPolicy",
@@ -16722,7 +17202,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified network endpoint group. Gets a list of available network endpoint groups by making a list() request.",
+          "description": "Returns the specified network endpoint group.",
           "flatPath": "projects/{project}/zones/{zone}/networkEndpointGroups/{networkEndpointGroup}",
           "httpMethod": "GET",
           "id": "compute.networkEndpointGroups.get",
@@ -17757,7 +18237,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified network. Gets a list of available networks by making a list() request.",
+          "description": "Returns the specified network.",
           "flatPath": "projects/{project}/global/networks/{network}",
           "httpMethod": "GET",
           "id": "compute.networks.get",
@@ -18899,6 +19379,56 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
+        "performMaintenance": {
+          "description": "Perform maintenance on a subset of nodes in the node group.",
+          "flatPath": "projects/{project}/zones/{zone}/nodeGroups/{nodeGroup}/performMaintenance",
+          "httpMethod": "POST",
+          "id": "compute.nodeGroups.performMaintenance",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "nodeGroup"
+          ],
+          "parameters": {
+            "nodeGroup": {
+              "description": "Name of the node group scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "zone": {
+              "description": "The name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/nodeGroups/{nodeGroup}/performMaintenance",
+          "request": {
+            "$ref": "NodeGroupsPerformMaintenanceRequest"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "setIamPolicy": {
           "description": "Sets the access control policy on the specified resource. Replaces any existing policy.",
           "flatPath": "projects/{project}/zones/{zone}/nodeGroups/{resource}/setIamPolicy",
@@ -19202,7 +19732,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified node template. Gets a list of available node templates by making a list() request.",
+          "description": "Returns the specified node template.",
           "flatPath": "projects/{project}/regions/{region}/nodeTemplates/{nodeTemplate}",
           "httpMethod": "GET",
           "id": "compute.nodeTemplates.get",
@@ -19554,7 +20084,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified node type. Gets a list of available node types by making a list() request.",
+          "description": "Returns the specified node type.",
           "flatPath": "projects/{project}/zones/{zone}/nodeTypes/{nodeType}",
           "httpMethod": "GET",
           "id": "compute.nodeTypes.get",
@@ -20867,7 +21397,8 @@
           ]
         },
         "moveInstance": {
-          "description": "Moves an instance and its attached persistent disks from one zone to another. *Note*: Moving VMs or disks by using this method might cause unexpected behavior. For more information, see the [known issue](/compute/docs/troubleshooting/known-issues#moving_vms_or_disks_using_the_moveinstance_api_or_the_causes_unexpected_behavior).",
+          "deprecated": true,
+          "description": "Moves an instance and its attached persistent disks from one zone to another. *Note*: Moving VMs or disks by using this method might cause unexpected behavior. For more information, see the [known issue](/compute/docs/troubleshooting/known-issues#moving_vms_or_disks_using_the_moveinstance_api_or_the_causes_unexpected_behavior). [Deprecated] This method is deprecated. See [moving instance across zones](/compute/docs/instances/moving-instance-across-zones) instead.",
           "flatPath": "projects/{project}/moveInstance",
           "httpMethod": "POST",
           "id": "compute.projects.moveInstance",
@@ -21002,6 +21533,40 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
+        "setManagedProtectionTier": {
+          "description": "Sets the Cloud Armor Managed Protection (CAMP) tier of the project. To set PLUS or above the billing account of the project must be subscribed to Managed Protection Plus. See Subscribing to Managed Protection Plus for more information.",
+          "flatPath": "projects/{project}/setManagedProtectionTier",
+          "httpMethod": "POST",
+          "id": "compute.projects.setManagedProtectionTier",
+          "parameterOrder": [
+            "project"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/setManagedProtectionTier",
+          "request": {
+            "$ref": "ProjectsSetManagedProtectionTierRequest"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "setUsageExportBucket": {
           "description": "Enables the usage export feature and sets the usage export bucket where reports are stored. If you provide an empty request body using this method, the usage export feature will be disabled.",
           "flatPath": "projects/{project}/setUsageExportBucket",
@@ -22357,6 +22922,68 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
+        "listUsable": {
+          "description": "Retrieves an aggregated list of all usable backend services in the specified project in the given region.",
+          "flatPath": "projects/{project}/regions/{region}/backendServices/listUsable",
+          "httpMethod": "GET",
+          "id": "compute.regionBackendServices.listUsable",
+          "parameterOrder": [
+            "project",
+            "region"
+          ],
+          "parameters": {
+            "filter": {
+              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+              "location": "query",
+              "type": "string"
+            },
+            "maxResults": {
+              "default": "500",
+              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+              "format": "uint32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "orderBy": {
+              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+              "location": "query",
+              "type": "string"
+            },
+            "pageToken": {
+              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+              "location": "query",
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region scoping this request. It must be a string that meets the requirements in RFC1035.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "returnPartialSuccess": {
+              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+              "location": "query",
+              "type": "boolean"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/backendServices/listUsable",
+          "response": {
+            "$ref": "BackendServiceListUsable"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
         "patch": {
           "description": "Updates the specified regional BackendService resource with the data included in the request. For more information, see Understanding backend services This method supports PATCH semantics and uses the JSON merge patch format and processing rules.",
           "flatPath": "projects/{project}/regions/{region}/backendServices/{backendService}",
@@ -22661,8 +23288,102 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
+        "calculateCancellationFee": {
+          "description": "Calculate cancellation fee for the specified commitment.",
+          "flatPath": "projects/{project}/regions/{region}/commitments/{commitment}/calculateCancellationFee",
+          "httpMethod": "POST",
+          "id": "compute.regionCommitments.calculateCancellationFee",
+          "parameterOrder": [
+            "project",
+            "region",
+            "commitment"
+          ],
+          "parameters": {
+            "commitment": {
+              "description": "Name of the commitment to delete.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/commitments/{commitment}/calculateCancellationFee",
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "cancel": {
+          "description": "Cancel the specified commitment.",
+          "flatPath": "projects/{project}/regions/{region}/commitments/{commitment}/cancel",
+          "httpMethod": "POST",
+          "id": "compute.regionCommitments.cancel",
+          "parameterOrder": [
+            "project",
+            "region",
+            "commitment"
+          ],
+          "parameters": {
+            "commitment": {
+              "description": "Name of the commitment to delete.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/commitments/{commitment}/cancel",
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "get": {
-          "description": "Returns the specified commitment resource. Gets a list of available commitments by making a list() request.",
+          "description": "Returns the specified commitment resource.",
           "flatPath": "projects/{project}/regions/{region}/commitments/{commitment}",
           "httpMethod": "GET",
           "id": "compute.regionCommitments.get",
@@ -22968,10 +23689,97 @@
         }
       }
     },
+    "regionDiskSettings": {
+      "methods": {
+        "get": {
+          "description": "Get Regional Disk Settings.",
+          "flatPath": "projects/{project}/regions/{region}/diskSettings",
+          "httpMethod": "GET",
+          "id": "compute.regionDiskSettings.get",
+          "parameterOrder": [
+            "project",
+            "region"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/diskSettings",
+          "response": {
+            "$ref": "DiskSettings"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "patch": {
+          "description": "Patch Regional Disk Settings",
+          "flatPath": "projects/{project}/regions/{region}/diskSettings",
+          "httpMethod": "PATCH",
+          "id": "compute.regionDiskSettings.patch",
+          "parameterOrder": [
+            "project",
+            "region"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "updateMask": {
+              "description": "update_mask indicates fields to be updated as part of this request.",
+              "format": "google-fieldmask",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/diskSettings",
+          "request": {
+            "$ref": "DiskSettings"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        }
+      }
+    },
     "regionDiskTypes": {
       "methods": {
         "get": {
-          "description": "Returns the specified regional disk type. Gets a list of available disk types by making a list() request.",
+          "description": "Returns the specified regional disk type.",
           "flatPath": "projects/{project}/regions/{region}/diskTypes/{diskType}",
           "httpMethod": "GET",
           "id": "compute.regionDiskTypes.get",
@@ -23759,9 +24567,6 @@
             }
           },
           "path": "projects/{project}/regions/{region}/disks/{disk}/stopAsyncReplication",
-          "request": {
-            "$ref": "RegionDisksStopAsyncReplicationRequest"
-          },
           "response": {
             "$ref": "Operation"
           },
@@ -24323,7 +25128,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified HealthCheck resource. Gets a list of available health checks by making a list() request.",
+          "description": "Returns the specified HealthCheck resource.",
           "flatPath": "projects/{project}/regions/{region}/healthChecks/{healthCheck}",
           "httpMethod": "GET",
           "id": "compute.regionHealthChecks.get",
@@ -25541,6 +26346,7 @@
           ]
         },
         "setAutoHealingPolicies": {
+          "deprecated": true,
           "description": "Modifies the autohealing policy for the instances in this managed instance group. [Deprecated] This method is deprecated. Use regionInstanceGroupManagers.patch instead.",
           "flatPath": "projects/{project}/regions/{region}/instanceGroupManagers/{instanceGroupManager}/setAutoHealingPolicies",
           "httpMethod": "POST",
@@ -26295,7 +27101,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified instance template. Gets a list of available instance templates by making a list() request.",
+          "description": "Returns the specified instance template.",
           "flatPath": "projects/{project}/regions/{region}/instanceTemplates/{instanceTemplate}",
           "httpMethod": "GET",
           "id": "compute.regionInstanceTemplates.get",
@@ -26325,6 +27131,21 @@
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
               "type": "string"
+            },
+            "view": {
+              "description": "View of the instance template.",
+              "enum": [
+                "BASIC",
+                "FULL",
+                "INSTANCE_VIEW_UNSPECIFIED"
+              ],
+              "enumDescriptions": [
+                "Include everything except Partner Metadata.",
+                "Include everything.",
+                "The default / unset value. The API will default to the BASIC view."
+              ],
+              "location": "query",
+              "type": "string"
             }
           },
           "path": "projects/{project}/regions/{region}/instanceTemplates/{instanceTemplate}",
@@ -26430,6 +27251,21 @@
               "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
               "location": "query",
               "type": "boolean"
+            },
+            "view": {
+              "description": "View of the instance template.",
+              "enum": [
+                "BASIC",
+                "FULL",
+                "INSTANCE_VIEW_UNSPECIFIED"
+              ],
+              "enumDescriptions": [
+                "Include everything except Partner Metadata.",
+                "Include everything.",
+                "The default / unset value. The API will default to the BASIC view."
+              ],
+              "location": "query",
+              "type": "string"
             }
           },
           "path": "projects/{project}/regions/{region}/instanceTemplates",
@@ -27073,7 +27909,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified network endpoint group. Gets a list of available network endpoint groups by making a list() request.",
+          "description": "Returns the specified network endpoint group.",
           "flatPath": "projects/{project}/regions/{region}/networkEndpointGroups/{networkEndpointGroup}",
           "httpMethod": "GET",
           "id": "compute.regionNetworkEndpointGroups.get",
@@ -27891,6 +28727,56 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
+        "patchAssociation": {
+          "description": "Updates an association for the specified network firewall policy.",
+          "flatPath": "projects/{project}/regions/{region}/firewallPolicies/{firewallPolicy}/patchAssociation",
+          "httpMethod": "POST",
+          "id": "compute.regionNetworkFirewallPolicies.patchAssociation",
+          "parameterOrder": [
+            "project",
+            "region",
+            "firewallPolicy"
+          ],
+          "parameters": {
+            "firewallPolicy": {
+              "description": "Name of the firewall policy to update.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/firewallPolicies/{firewallPolicy}/patchAssociation",
+          "request": {
+            "$ref": "FirewallPolicyAssociation"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "patchRule": {
           "description": "Patches a rule of the specified priority.",
           "flatPath": "projects/{project}/regions/{region}/firewallPolicies/{firewallPolicy}/patchRule",
@@ -28944,7 +29830,7 @@
           ]
         },
         "patch": {
-          "description": "Patches the specified policy with the data included in the request. To clear fields in the rule, leave the fields empty and specify them in the updateMask. This cannot be used to be update the rules in the policy. Please use the per rule methods like addRule, patchRule, and removeRule instead.",
+          "description": "Patches the specified policy with the data included in the request. To clear fields in the policy, leave the fields empty and specify them in the updateMask. This cannot be used to be update the rules in the policy. Please use the per rule methods like addRule, patchRule, and removeRule instead.",
           "flatPath": "projects/{project}/regions/{region}/securityPolicies/{securityPolicy}",
           "httpMethod": "PATCH",
           "id": "compute.regionSecurityPolicies.patch",
@@ -29766,7 +30652,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified TargetHttpProxy resource in the specified region. Gets a list of available target HTTP proxies by making a list() request.",
+          "description": "Returns the specified TargetHttpProxy resource in the specified region.",
           "flatPath": "projects/{project}/regions/{region}/targetHttpProxies/{targetHttpProxy}",
           "httpMethod": "GET",
           "id": "compute.regionTargetHttpProxies.get",
@@ -30061,7 +30947,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified TargetHttpsProxy resource in the specified region. Gets a list of available target HTTP proxies by making a list() request.",
+          "description": "Returns the specified TargetHttpsProxy resource in the specified region.",
           "flatPath": "projects/{project}/regions/{region}/targetHttpsProxies/{targetHttpsProxy}",
           "httpMethod": "GET",
           "id": "compute.regionTargetHttpsProxies.get",
@@ -30701,7 +31587,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified UrlMap resource. Gets a list of available URL maps by making a list() request.",
+          "description": "Returns the specified UrlMap resource.",
           "flatPath": "projects/{project}/regions/{region}/urlMaps/{urlMap}",
           "httpMethod": "GET",
           "id": "compute.regionUrlMaps.get",
@@ -31091,51 +31977,118 @@
         }
       }
     },
-    "regions": {
+    "regionZones": {
       "methods": {
-        "get": {
-          "description": "Returns the specified Region resource. Gets a list of available regions by making a list() request. To decrease latency for this method, you can optionally omit any unneeded information from the response by using a field mask. This practice is especially recommended for unused quota information (the `quotas` field). To exclude one or more fields, set your request's `fields` query parameter to only include the fields you need. For example, to only include the `id` and `selfLink` fields, add the query parameter `?fields=id,selfLink` to your request.",
-          "flatPath": "projects/{project}/regions/{region}",
+        "list": {
+          "description": "Retrieves the list of Zone resources under the specific region available to the specified project.",
+          "flatPath": "projects/{project}/regions/{region}/zones",
           "httpMethod": "GET",
-          "id": "compute.regions.get",
+          "id": "compute.regionZones.list",
           "parameterOrder": [
             "project",
             "region"
           ],
-          "parameters": {
-            "project": {
-              "description": "Project ID for this request.",
-              "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-              "required": true,
-              "type": "string"
-            },
-            "region": {
-              "description": "Name of the region resource to return.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "projects/{project}/regions/{region}",
-          "response": {
-            "$ref": "Region"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
-          ]
-        },
-        "list": {
-          "description": "Retrieves the list of region resources available to the specified project. To decrease latency for this method, you can optionally omit any unneeded information from the response by using a field mask. This practice is especially recommended for unused quota information (the `items.quotas` field). To exclude one or more fields, set your request's `fields` query parameter to only include the fields you need. For example, to only include the `id` and `selfLink` fields, add the query parameter `?fields=id,selfLink` to your request.",
-          "flatPath": "projects/{project}/regions",
-          "httpMethod": "GET",
-          "id": "compute.regions.list",
-          "parameterOrder": [
-            "project"
-          ],
+          "parameters": {
+            "filter": {
+              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+              "location": "query",
+              "type": "string"
+            },
+            "maxResults": {
+              "default": "500",
+              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+              "format": "uint32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "orderBy": {
+              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+              "location": "query",
+              "type": "string"
+            },
+            "pageToken": {
+              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+              "location": "query",
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "returnPartialSuccess": {
+              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+              "location": "query",
+              "type": "boolean"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/zones",
+          "response": {
+            "$ref": "ZoneList"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        }
+      }
+    },
+    "regions": {
+      "methods": {
+        "get": {
+          "description": "Returns the specified Region resource. To decrease latency for this method, you can optionally omit any unneeded information from the response by using a field mask. This practice is especially recommended for unused quota information (the `quotas` field). To exclude one or more fields, set your request's `fields` query parameter to only include the fields you need. For example, to only include the `id` and `selfLink` fields, add the query parameter `?fields=id,selfLink` to your request.",
+          "flatPath": "projects/{project}/regions/{region}",
+          "httpMethod": "GET",
+          "id": "compute.regions.get",
+          "parameterOrder": [
+            "project",
+            "region"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region resource to return.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}",
+          "response": {
+            "$ref": "Region"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "list": {
+          "description": "Retrieves the list of region resources available to the specified project. To decrease latency for this method, you can optionally omit any unneeded information from the response by using a field mask. This practice is especially recommended for unused quota information (the `items.quotas` field). To exclude one or more fields, set your request's `fields` query parameter to only include the fields you need. For example, to only include the `id` and `selfLink` fields, add the query parameter `?fields=id,selfLink` to your request.",
+          "flatPath": "projects/{project}/regions",
+          "httpMethod": "GET",
+          "id": "compute.regions.list",
+          "parameterOrder": [
+            "project"
+          ],
           "parameters": {
             "filter": {
               "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
@@ -32265,7 +33218,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified Router resource. Gets a list of available routers by making a list() request.",
+          "description": "Returns the specified Router resource.",
           "flatPath": "projects/{project}/regions/{region}/routers/{router}",
           "httpMethod": "GET",
           "id": "compute.routers.get",
@@ -32307,42 +33260,19 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
-        "getNatMappingInfo": {
-          "description": "Retrieves runtime Nat mapping information of VM endpoints.",
-          "flatPath": "projects/{project}/regions/{region}/routers/{router}/getNatMappingInfo",
+        "getNatIpInfo": {
+          "description": "Retrieves runtime NAT IP information.",
+          "flatPath": "projects/{project}/regions/{region}/routers/{router}/getNatIpInfo",
           "httpMethod": "GET",
-          "id": "compute.routers.getNatMappingInfo",
+          "id": "compute.routers.getNatIpInfo",
           "parameterOrder": [
             "project",
             "region",
             "router"
           ],
           "parameters": {
-            "filter": {
-              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
-              "location": "query",
-              "type": "string"
-            },
-            "maxResults": {
-              "default": "500",
-              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
-              "format": "uint32",
-              "location": "query",
-              "minimum": "0",
-              "type": "integer"
-            },
             "natName": {
-              "description": "Name of the nat service to filter the Nat Mapping information. If it is omitted, all nats for this router will be returned. Name should conform to RFC1035.",
-              "location": "query",
-              "type": "string"
-            },
-            "orderBy": {
-              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
-              "location": "query",
-              "type": "string"
-            },
-            "pageToken": {
-              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+              "description": "Name of the nat service to filter the NAT IP information. If it is omitted, all nats for this router will be returned. Name should conform to RFC1035.",
               "location": "query",
               "type": "string"
             },
@@ -32360,22 +33290,16 @@
               "required": true,
               "type": "string"
             },
-            "returnPartialSuccess": {
-              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
-              "location": "query",
-              "type": "boolean"
-            },
             "router": {
-              "description": "Name of the Router resource to query for Nat Mapping information of VM endpoints.",
+              "description": "Name of the Router resource to query for Nat IP information. The name should conform to RFC1035.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/routers/{router}/getNatMappingInfo",
+          "path": "projects/{project}/regions/{region}/routers/{router}/getNatIpInfo",
           "response": {
-            "$ref": "VmEndpointNatMappingsList"
+            "$ref": "NatIpInfoResponse"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -32383,100 +33307,16 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
-        "getRouterStatus": {
-          "description": "Retrieves runtime information of the specified router.",
-          "flatPath": "projects/{project}/regions/{region}/routers/{router}/getRouterStatus",
+        "getNatMappingInfo": {
+          "description": "Retrieves runtime Nat mapping information of VM endpoints.",
+          "flatPath": "projects/{project}/regions/{region}/routers/{router}/getNatMappingInfo",
           "httpMethod": "GET",
-          "id": "compute.routers.getRouterStatus",
+          "id": "compute.routers.getNatMappingInfo",
           "parameterOrder": [
             "project",
             "region",
             "router"
           ],
-          "parameters": {
-            "project": {
-              "description": "Project ID for this request.",
-              "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-              "required": true,
-              "type": "string"
-            },
-            "region": {
-              "description": "Name of the region for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
-            "router": {
-              "description": "Name of the Router resource to query.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "projects/{project}/regions/{region}/routers/{router}/getRouterStatus",
-          "response": {
-            "$ref": "RouterStatusResponse"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
-          ]
-        },
-        "insert": {
-          "description": "Creates a Router resource in the specified project and region using the data included in the request.",
-          "flatPath": "projects/{project}/regions/{region}/routers",
-          "httpMethod": "POST",
-          "id": "compute.routers.insert",
-          "parameterOrder": [
-            "project",
-            "region"
-          ],
-          "parameters": {
-            "project": {
-              "description": "Project ID for this request.",
-              "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-              "required": true,
-              "type": "string"
-            },
-            "region": {
-              "description": "Name of the region for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
-            "requestId": {
-              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "projects/{project}/regions/{region}/routers",
-          "request": {
-            "$ref": "Router"
-          },
-          "response": {
-            "$ref": "Operation"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute"
-          ]
-        },
-        "list": {
-          "description": "Retrieves a list of Router resources available to the specified project.",
-          "flatPath": "projects/{project}/regions/{region}/routers",
-          "httpMethod": "GET",
-          "id": "compute.routers.list",
-          "parameterOrder": [
-            "project",
-            "region"
-          ],
           "parameters": {
             "filter": {
               "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
@@ -32491,6 +33331,11 @@
               "minimum": "0",
               "type": "integer"
             },
+            "natName": {
+              "description": "Name of the nat service to filter the Nat Mapping information. If it is omitted, all nats for this router will be returned. Name should conform to RFC1035.",
+              "location": "query",
+              "type": "string"
+            },
             "orderBy": {
               "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
               "location": "query",
@@ -32519,73 +33364,228 @@
               "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
               "location": "query",
               "type": "boolean"
-            }
-          },
-          "path": "projects/{project}/regions/{region}/routers",
-          "response": {
-            "$ref": "RouterList"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
-          ]
-        },
-        "patch": {
-          "description": "Patches the specified Router resource with the data included in the request. This method supports PATCH semantics and uses JSON merge patch format and processing rules.",
-          "flatPath": "projects/{project}/regions/{region}/routers/{router}",
-          "httpMethod": "PATCH",
-          "id": "compute.routers.patch",
-          "parameterOrder": [
-            "project",
-            "region",
-            "router"
-          ],
-          "parameters": {
-            "project": {
-              "description": "Project ID for this request.",
-              "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-              "required": true,
-              "type": "string"
-            },
-            "region": {
-              "description": "Name of the region for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
-            "requestId": {
-              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
-              "location": "query",
-              "type": "string"
             },
             "router": {
-              "description": "Name of the Router resource to patch.",
+              "description": "Name of the Router resource to query for Nat Mapping information of VM endpoints.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/routers/{router}",
-          "request": {
-            "$ref": "Router"
-          },
+          "path": "projects/{project}/regions/{region}/routers/{router}/getNatMappingInfo",
           "response": {
-            "$ref": "Operation"
+            "$ref": "VmEndpointNatMappingsList"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute"
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
-        "preview": {
-          "description": "Preview fields auto-generated during router create and update operations. Calling this method does NOT create or update the router.",
-          "flatPath": "projects/{project}/regions/{region}/routers/{router}/preview",
-          "httpMethod": "POST",
-          "id": "compute.routers.preview",
+        "getRouterStatus": {
+          "description": "Retrieves runtime information of the specified router.",
+          "flatPath": "projects/{project}/regions/{region}/routers/{router}/getRouterStatus",
+          "httpMethod": "GET",
+          "id": "compute.routers.getRouterStatus",
+          "parameterOrder": [
+            "project",
+            "region",
+            "router"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "router": {
+              "description": "Name of the Router resource to query.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/routers/{router}/getRouterStatus",
+          "response": {
+            "$ref": "RouterStatusResponse"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "insert": {
+          "description": "Creates a Router resource in the specified project and region using the data included in the request.",
+          "flatPath": "projects/{project}/regions/{region}/routers",
+          "httpMethod": "POST",
+          "id": "compute.routers.insert",
+          "parameterOrder": [
+            "project",
+            "region"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/routers",
+          "request": {
+            "$ref": "Router"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "list": {
+          "description": "Retrieves a list of Router resources available to the specified project.",
+          "flatPath": "projects/{project}/regions/{region}/routers",
+          "httpMethod": "GET",
+          "id": "compute.routers.list",
+          "parameterOrder": [
+            "project",
+            "region"
+          ],
+          "parameters": {
+            "filter": {
+              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+              "location": "query",
+              "type": "string"
+            },
+            "maxResults": {
+              "default": "500",
+              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+              "format": "uint32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "orderBy": {
+              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+              "location": "query",
+              "type": "string"
+            },
+            "pageToken": {
+              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+              "location": "query",
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "returnPartialSuccess": {
+              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+              "location": "query",
+              "type": "boolean"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/routers",
+          "response": {
+            "$ref": "RouterList"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "patch": {
+          "description": "Patches the specified Router resource with the data included in the request. This method supports PATCH semantics and uses JSON merge patch format and processing rules.",
+          "flatPath": "projects/{project}/regions/{region}/routers/{router}",
+          "httpMethod": "PATCH",
+          "id": "compute.routers.patch",
+          "parameterOrder": [
+            "project",
+            "region",
+            "router"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "router": {
+              "description": "Name of the Router resource to patch.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/routers/{router}",
+          "request": {
+            "$ref": "Router"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "preview": {
+          "description": "Preview fields auto-generated during router create and update operations. Calling this method does NOT create or update the router.",
+          "flatPath": "projects/{project}/regions/{region}/routers/{router}/preview",
+          "httpMethod": "POST",
+          "id": "compute.routers.preview",
           "parameterOrder": [
             "project",
             "region",
@@ -32767,7 +33767,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified Route resource. Gets a list of available routes by making a list() request.",
+          "description": "Returns the specified Route resource.",
           "flatPath": "projects/{project}/global/routes/{route}",
           "httpMethod": "GET",
           "id": "compute.routes.get",
@@ -33299,7 +34299,7 @@
           ]
         },
         "patch": {
-          "description": "Patches the specified policy with the data included in the request. To clear fields in the rule, leave the fields empty and specify them in the updateMask. This cannot be used to be update the rules in the policy. Please use the per rule methods like addRule, patchRule, and removeRule instead.",
+          "description": "Patches the specified policy with the data included in the request. To clear fields in the policy, leave the fields empty and specify them in the updateMask. This cannot be used to be update the rules in the policy. Please use the per rule methods like addRule, patchRule, and removeRule instead.",
           "flatPath": "projects/{project}/global/securityPolicies/{securityPolicy}",
           "httpMethod": "PATCH",
           "id": "compute.securityPolicies.patch",
@@ -33352,7 +34352,7 @@
           ]
         },
         "patchRule": {
-          "description": "Patches a rule at the specified priority.",
+          "description": "Patches a rule at the specified priority. To clear fields in the rule, leave the fields empty and specify them in the updateMask.",
           "flatPath": "projects/{project}/global/securityPolicies/{securityPolicy}/patchRule",
           "httpMethod": "POST",
           "id": "compute.securityPolicies.patchRule",
@@ -33381,6 +34381,12 @@
               "required": true,
               "type": "string"
             },
+            "updateMask": {
+              "description": "Indicates fields to be cleared as part of this request.",
+              "format": "google-fieldmask",
+              "location": "query",
+              "type": "string"
+            },
             "validateOnly": {
               "description": "If true, the request will not be committed.",
               "location": "query",
@@ -33963,6 +34969,77 @@
         }
       }
     },
+    "snapshotSettings": {
+      "methods": {
+        "get": {
+          "description": "Get snapshot settings.",
+          "flatPath": "projects/{project}/global/snapshotSettings",
+          "httpMethod": "GET",
+          "id": "compute.snapshotSettings.get",
+          "parameterOrder": [
+            "project"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/global/snapshotSettings",
+          "response": {
+            "$ref": "SnapshotSettings"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "patch": {
+          "description": "Patch snapshot settings.",
+          "flatPath": "projects/{project}/global/snapshotSettings",
+          "httpMethod": "PATCH",
+          "id": "compute.snapshotSettings.patch",
+          "parameterOrder": [
+            "project"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "updateMask": {
+              "description": "update_mask indicates fields to be updated as part of this request.",
+              "format": "google-fieldmask",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/global/snapshotSettings",
+          "request": {
+            "$ref": "SnapshotSettings"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        }
+      }
+    },
     "snapshots": {
       "methods": {
         "delete": {
@@ -34005,7 +35082,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified Snapshot resource. Gets a list of available snapshots by making a list() request.",
+          "description": "Returns the specified Snapshot resource.",
           "flatPath": "projects/{project}/global/snapshots/{snapshot}",
           "httpMethod": "GET",
           "id": "compute.snapshots.get",
@@ -34385,7 +35462,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified SslCertificate resource. Gets a list of available SSL certificates by making a list() request.",
+          "description": "Returns the specified SslCertificate resource.",
           "flatPath": "projects/{project}/global/sslCertificates/{sslCertificate}",
           "httpMethod": "GET",
           "id": "compute.sslCertificates.get",
@@ -34683,7 +35760,7 @@
           ]
         },
         "insert": {
-          "description": "Returns the specified SSL policy resource. Gets a list of available SSL policies by making a list() request.",
+          "description": "Returns the specified SSL policy resource.",
           "flatPath": "projects/{project}/global/sslPolicies",
           "httpMethod": "POST",
           "id": "compute.sslPolicies.insert",
@@ -34907,13 +35984,13 @@
         }
       }
     },
-    "subnetworks": {
+    "storagePools": {
       "methods": {
         "aggregatedList": {
-          "description": "Retrieves an aggregated list of subnetworks.",
-          "flatPath": "projects/{project}/aggregated/subnetworks",
+          "description": "Retrieves an aggregated list of storage pools.",
+          "flatPath": "projects/{project}/aggregated/storagePools",
           "httpMethod": "GET",
-          "id": "compute.subnetworks.aggregatedList",
+          "id": "compute.storagePools.aggregatedList",
           "parameterOrder": [
             "project"
           ],
@@ -34959,9 +36036,9 @@
               "type": "boolean"
             }
           },
-          "path": "projects/{project}/aggregated/subnetworks",
+          "path": "projects/{project}/aggregated/storagePools",
           "response": {
-            "$ref": "SubnetworkAggregatedList"
+            "$ref": "StoragePoolAggregatedList"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -34970,14 +36047,14 @@
           ]
         },
         "delete": {
-          "description": "Deletes the specified subnetwork.",
-          "flatPath": "projects/{project}/regions/{region}/subnetworks/{subnetwork}",
+          "description": "Deletes the specified storage pool. Deleting a storagePool removes its data permanently and is irreversible. However, deleting a storagePool does not delete any snapshots previously made from the storagePool. You must separately delete snapshots.",
+          "flatPath": "projects/{project}/zones/{zone}/storagePools/{storagePool}",
           "httpMethod": "DELETE",
-          "id": "compute.subnetworks.delete",
+          "id": "compute.storagePools.delete",
           "parameterOrder": [
             "project",
-            "region",
-            "subnetwork"
+            "zone",
+            "storagePool"
           ],
           "parameters": {
             "project": {
@@ -34987,77 +36064,26 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region scoping this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
             "requestId": {
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
             },
-            "subnetwork": {
-              "description": "Name of the Subnetwork resource to delete.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "projects/{project}/regions/{region}/subnetworks/{subnetwork}",
-          "response": {
-            "$ref": "Operation"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute"
-          ]
-        },
-        "expandIpCidrRange": {
-          "description": "Expands the IP CIDR range of the subnetwork to a specified value.",
-          "flatPath": "projects/{project}/regions/{region}/subnetworks/{subnetwork}/expandIpCidrRange",
-          "httpMethod": "POST",
-          "id": "compute.subnetworks.expandIpCidrRange",
-          "parameterOrder": [
-            "project",
-            "region",
-            "subnetwork"
-          ],
-          "parameters": {
-            "project": {
-              "description": "Project ID for this request.",
+            "storagePool": {
+              "description": "Name of the storage pool to delete.",
               "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region scoping this request.",
+            "zone": {
+              "description": "The name of the zone for this request.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
               "type": "string"
-            },
-            "requestId": {
-              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
-              "location": "query",
-              "type": "string"
-            },
-            "subnetwork": {
-              "description": "Name of the Subnetwork resource to update.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-              "required": true,
-              "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/subnetworks/{subnetwork}/expandIpCidrRange",
-          "request": {
-            "$ref": "SubnetworksExpandIpCidrRangeRequest"
-          },
+          "path": "projects/{project}/zones/{zone}/storagePools/{storagePool}",
           "response": {
             "$ref": "Operation"
           },
@@ -35067,14 +36093,14 @@
           ]
         },
         "get": {
-          "description": "Returns the specified subnetwork. Gets a list of available subnetworks list() request.",
-          "flatPath": "projects/{project}/regions/{region}/subnetworks/{subnetwork}",
+          "description": "Returns a specified storage pool. Gets a list of available storage pools by making a list() request.",
+          "flatPath": "projects/{project}/zones/{zone}/storagePools/{storagePool}",
           "httpMethod": "GET",
-          "id": "compute.subnetworks.get",
+          "id": "compute.storagePools.get",
           "parameterOrder": [
             "project",
-            "region",
-            "subnetwork"
+            "zone",
+            "storagePool"
           ],
           "parameters": {
             "project": {
@@ -35084,24 +36110,24 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region scoping this request.",
+            "storagePool": {
+              "description": "Name of the storage pool to return.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             },
-            "subnetwork": {
-              "description": "Name of the Subnetwork resource to return.",
+            "zone": {
+              "description": "The name of the zone for this request.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/subnetworks/{subnetwork}",
+          "path": "projects/{project}/zones/{zone}/storagePools/{storagePool}",
           "response": {
-            "$ref": "Subnetwork"
+            "$ref": "StoragePool"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -35111,12 +36137,12 @@
         },
         "getIamPolicy": {
           "description": "Gets the access control policy for a resource. May be empty if no such policy or resource exists.",
-          "flatPath": "projects/{project}/regions/{region}/subnetworks/{resource}/getIamPolicy",
+          "flatPath": "projects/{project}/zones/{zone}/storagePools/{resource}/getIamPolicy",
           "httpMethod": "GET",
-          "id": "compute.subnetworks.getIamPolicy",
+          "id": "compute.storagePools.getIamPolicy",
           "parameterOrder": [
             "project",
-            "region",
+            "zone",
             "resource"
           ],
           "parameters": {
@@ -35133,22 +36159,22 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "The name of the region for this request.",
+            "resource": {
+              "description": "Name or id of the resource for this request.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             },
-            "resource": {
-              "description": "Name or id of the resource for this request.",
+            "zone": {
+              "description": "The name of the zone for this request.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/subnetworks/{resource}/getIamPolicy",
+          "path": "projects/{project}/zones/{zone}/storagePools/{resource}/getIamPolicy",
           "response": {
             "$ref": "Policy"
           },
@@ -35159,13 +36185,13 @@
           ]
         },
         "insert": {
-          "description": "Creates a subnetwork in the specified project using the data included in the request.",
-          "flatPath": "projects/{project}/regions/{region}/subnetworks",
+          "description": "Creates a storage pool in the specified project using the data in the request.",
+          "flatPath": "projects/{project}/zones/{zone}/storagePools",
           "httpMethod": "POST",
-          "id": "compute.subnetworks.insert",
+          "id": "compute.storagePools.insert",
           "parameterOrder": [
             "project",
-            "region"
+            "zone"
           ],
           "parameters": {
             "project": {
@@ -35175,22 +36201,22 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region scoping this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
             "requestId": {
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
+            },
+            "zone": {
+              "description": "The name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/subnetworks",
+          "path": "projects/{project}/zones/{zone}/storagePools",
           "request": {
-            "$ref": "Subnetwork"
+            "$ref": "StoragePool"
           },
           "response": {
             "$ref": "Operation"
@@ -35201,13 +36227,13 @@
           ]
         },
         "list": {
-          "description": "Retrieves a list of subnetworks available to the specified project.",
-          "flatPath": "projects/{project}/regions/{region}/subnetworks",
+          "description": "Retrieves a list of storage pools contained within the specified zone.",
+          "flatPath": "projects/{project}/zones/{zone}/storagePools",
           "httpMethod": "GET",
-          "id": "compute.subnetworks.list",
+          "id": "compute.storagePools.list",
           "parameterOrder": [
             "project",
-            "region"
+            "zone"
           ],
           "parameters": {
             "filter": {
@@ -35240,22 +36266,22 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region scoping this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
             "returnPartialSuccess": {
               "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
               "location": "query",
               "type": "boolean"
+            },
+            "zone": {
+              "description": "The name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/subnetworks",
+          "path": "projects/{project}/zones/{zone}/storagePools",
           "response": {
-            "$ref": "SubnetworkList"
+            "$ref": "StoragePoolList"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -35263,13 +36289,15 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
-        "listUsable": {
-          "description": "Retrieves an aggregated list of all usable subnetworks in the project.",
-          "flatPath": "projects/{project}/aggregated/subnetworks/listUsable",
+        "listDisks": {
+          "description": "Lists the disks in a specified storage pool.",
+          "flatPath": "projects/{project}/zones/{zone}/storagePools/{storagePool}/listDisks",
           "httpMethod": "GET",
-          "id": "compute.subnetworks.listUsable",
+          "id": "compute.storagePools.listDisks",
           "parameterOrder": [
-            "project"
+            "project",
+            "zone",
+            "storagePool"
           ],
           "parameters": {
             "filter": {
@@ -35307,86 +36335,39 @@
               "location": "query",
               "type": "boolean"
             },
-            "serviceProject": {
-              "description": "The project id or project number in which the subnetwork is intended to be used. Only applied for Shared VPC. See [Shared VPC documentation](https://cloud.google.com/vpc/docs/shared-vpc/)",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "projects/{project}/aggregated/subnetworks/listUsable",
-          "response": {
-            "$ref": "UsableSubnetworksAggregatedList"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
-          ]
-        },
-        "patch": {
-          "description": "Patches the specified subnetwork with the data included in the request. Only certain fields can be updated with a patch request as indicated in the field descriptions. You must specify the current fingerprint of the subnetwork resource being patched.",
-          "flatPath": "projects/{project}/regions/{region}/subnetworks/{subnetwork}",
-          "httpMethod": "PATCH",
-          "id": "compute.subnetworks.patch",
-          "parameterOrder": [
-            "project",
-            "region",
-            "subnetwork"
-          ],
-          "parameters": {
-            "drainTimeoutSeconds": {
-              "description": "The drain timeout specifies the upper bound in seconds on the amount of time allowed to drain connections from the current ACTIVE subnetwork to the current BACKUP subnetwork. The drain timeout is only applicable when the following conditions are true: - the subnetwork being patched has purpose = INTERNAL_HTTPS_LOAD_BALANCER - the subnetwork being patched has role = BACKUP - the patch request is setting the role to ACTIVE. Note that after this patch operation the roles of the ACTIVE and BACKUP subnetworks will be swapped.",
-              "format": "int32",
-              "location": "query",
-              "type": "integer"
-            },
-            "project": {
-              "description": "Project ID for this request.",
+            "storagePool": {
+              "description": "Name of the storage pool to list disks of.",
               "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region scoping this request.",
+            "zone": {
+              "description": "The name of the zone for this request.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
               "type": "string"
-            },
-            "requestId": {
-              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
-              "location": "query",
-              "type": "string"
-            },
-            "subnetwork": {
-              "description": "Name of the Subnetwork resource to patch.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-              "required": true,
-              "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/subnetworks/{subnetwork}",
-          "request": {
-            "$ref": "Subnetwork"
-          },
+          "path": "projects/{project}/zones/{zone}/storagePools/{storagePool}/listDisks",
           "response": {
-            "$ref": "Operation"
+            "$ref": "StoragePoolListDisks"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute"
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
         "setIamPolicy": {
           "description": "Sets the access control policy on the specified resource. Replaces any existing policy.",
-          "flatPath": "projects/{project}/regions/{region}/subnetworks/{resource}/setIamPolicy",
+          "flatPath": "projects/{project}/zones/{zone}/storagePools/{resource}/setIamPolicy",
           "httpMethod": "POST",
-          "id": "compute.subnetworks.setIamPolicy",
+          "id": "compute.storagePools.setIamPolicy",
           "parameterOrder": [
             "project",
-            "region",
+            "zone",
             "resource"
           ],
           "parameters": {
@@ -35397,24 +36378,24 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "The name of the region for this request.",
+            "resource": {
+              "description": "Name or id of the resource for this request.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             },
-            "resource": {
-              "description": "Name or id of the resource for this request.",
+            "zone": {
+              "description": "The name of the zone for this request.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/subnetworks/{resource}/setIamPolicy",
+          "path": "projects/{project}/zones/{zone}/storagePools/{resource}/setIamPolicy",
           "request": {
-            "$ref": "RegionSetPolicyRequest"
+            "$ref": "ZoneSetPolicyRequest"
           },
           "response": {
             "$ref": "Policy"
@@ -35424,15 +36405,15 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "setPrivateIpGoogleAccess": {
-          "description": "Set whether VMs in this subnet can access Google services without assigning external IP addresses through Private Google Access.",
-          "flatPath": "projects/{project}/regions/{region}/subnetworks/{subnetwork}/setPrivateIpGoogleAccess",
+        "setLabels": {
+          "description": "Sets the labels on a storage pools. To learn more about labels, read the Labeling Resources documentation.",
+          "flatPath": "projects/{project}/zones/{zone}/storagePools/{resource}/setLabels",
           "httpMethod": "POST",
-          "id": "compute.subnetworks.setPrivateIpGoogleAccess",
+          "id": "compute.storagePools.setLabels",
           "parameterOrder": [
             "project",
-            "region",
-            "subnetwork"
+            "zone",
+            "resource"
           ],
           "parameters": {
             "project": {
@@ -35442,29 +36423,29 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region scoping this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
             "requestId": {
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
             },
-            "subnetwork": {
-              "description": "Name of the Subnetwork resource.",
+            "resource": {
+              "description": "Name or id of the resource for this request.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
+            },
+            "zone": {
+              "description": "The name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/subnetworks/{subnetwork}/setPrivateIpGoogleAccess",
+          "path": "projects/{project}/zones/{zone}/storagePools/{resource}/setLabels",
           "request": {
-            "$ref": "SubnetworksSetPrivateIpGoogleAccessRequest"
+            "$ref": "ZoneSetLabelsRequest"
           },
           "response": {
             "$ref": "Operation"
@@ -35476,12 +36457,12 @@
         },
         "testIamPermissions": {
           "description": "Returns permissions that a caller has on the specified resource.",
-          "flatPath": "projects/{project}/regions/{region}/subnetworks/{resource}/testIamPermissions",
+          "flatPath": "projects/{project}/zones/{zone}/storagePools/{resource}/testIamPermissions",
           "httpMethod": "POST",
-          "id": "compute.subnetworks.testIamPermissions",
+          "id": "compute.storagePools.testIamPermissions",
           "parameterOrder": [
             "project",
-            "region",
+            "zone",
             "resource"
           ],
           "parameters": {
@@ -35492,22 +36473,22 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "The name of the region for this request.",
+            "resource": {
+              "description": "Name or id of the resource for this request.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             },
-            "resource": {
-              "description": "Name or id of the resource for this request.",
+            "zone": {
+              "description": "The name of the zone for this request.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/subnetworks/{resource}/testIamPermissions",
+          "path": "projects/{project}/zones/{zone}/storagePools/{resource}/testIamPermissions",
           "request": {
             "$ref": "TestPermissionsRequest"
           },
@@ -35519,19 +36500,16 @@
             "https://www.googleapis.com/auth/compute",
             "https://www.googleapis.com/auth/compute.readonly"
           ]
-        }
-      }
-    },
-    "targetGrpcProxies": {
-      "methods": {
-        "delete": {
-          "description": "Deletes the specified TargetGrpcProxy in the given scope",
-          "flatPath": "projects/{project}/global/targetGrpcProxies/{targetGrpcProxy}",
-          "httpMethod": "DELETE",
-          "id": "compute.targetGrpcProxies.delete",
+        },
+        "update": {
+          "description": "Updates the specified storagePool with the data included in the request. The update is performed only on selected fields included as part of update-mask. Only the following fields can be modified: size_tb and provisioned_iops.",
+          "flatPath": "projects/{project}/zones/{zone}/storagePools/{storagePool}",
+          "httpMethod": "PATCH",
+          "id": "compute.storagePools.update",
           "parameterOrder": [
             "project",
-            "targetGrpcProxy"
+            "zone",
+            "storagePool"
           ],
           "parameters": {
             "project": {
@@ -35546,83 +36524,30 @@
               "location": "query",
               "type": "string"
             },
-            "targetGrpcProxy": {
-              "description": "Name of the TargetGrpcProxy resource to delete.",
+            "storagePool": {
+              "description": "The storagePool name for this request.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
-            }
-          },
-          "path": "projects/{project}/global/targetGrpcProxies/{targetGrpcProxy}",
-          "response": {
-            "$ref": "Operation"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute"
-          ]
-        },
-        "get": {
-          "description": "Returns the specified TargetGrpcProxy resource in the given scope.",
-          "flatPath": "projects/{project}/global/targetGrpcProxies/{targetGrpcProxy}",
-          "httpMethod": "GET",
-          "id": "compute.targetGrpcProxies.get",
-          "parameterOrder": [
-            "project",
-            "targetGrpcProxy"
-          ],
-          "parameters": {
-            "project": {
-              "description": "Project ID for this request.",
-              "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-              "required": true,
-              "type": "string"
             },
-            "targetGrpcProxy": {
-              "description": "Name of the TargetGrpcProxy resource to return.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-              "required": true,
+            "updateMask": {
+              "description": "update_mask indicates fields to be updated as part of this request.",
+              "format": "google-fieldmask",
+              "location": "query",
               "type": "string"
-            }
-          },
-          "path": "projects/{project}/global/targetGrpcProxies/{targetGrpcProxy}",
-          "response": {
-            "$ref": "TargetGrpcProxy"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
-          ]
-        },
-        "insert": {
-          "description": "Creates a TargetGrpcProxy in the specified project in the given scope using the parameters that are included in the request.",
-          "flatPath": "projects/{project}/global/targetGrpcProxies",
-          "httpMethod": "POST",
-          "id": "compute.targetGrpcProxies.insert",
-          "parameterOrder": [
-            "project"
-          ],
-          "parameters": {
-            "project": {
-              "description": "Project ID for this request.",
+            },
+            "zone": {
+              "description": "The name of the zone for this request.",
               "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
               "type": "string"
-            },
-            "requestId": {
-              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
-              "location": "query",
-              "type": "string"
             }
           },
-          "path": "projects/{project}/global/targetGrpcProxies",
+          "path": "projects/{project}/zones/{zone}/storagePools/{storagePool}",
           "request": {
-            "$ref": "TargetGrpcProxy"
+            "$ref": "StoragePool"
           },
           "response": {
             "$ref": "Operation"
@@ -35631,12 +36556,16 @@
             "https://www.googleapis.com/auth/cloud-platform",
             "https://www.googleapis.com/auth/compute"
           ]
-        },
-        "list": {
-          "description": "Lists the TargetGrpcProxies for a project in the given scope.",
-          "flatPath": "projects/{project}/global/targetGrpcProxies",
+        }
+      }
+    },
+    "subnetworks": {
+      "methods": {
+        "aggregatedList": {
+          "description": "Retrieves an aggregated list of subnetworks.",
+          "flatPath": "projects/{project}/aggregated/subnetworks",
           "httpMethod": "GET",
-          "id": "compute.targetGrpcProxies.list",
+          "id": "compute.subnetworks.aggregatedList",
           "parameterOrder": [
             "project"
           ],
@@ -35646,6 +36575,11 @@
               "location": "query",
               "type": "string"
             },
+            "includeAllScopes": {
+              "description": "Indicates whether every visible scope for each scope type (zone, region, global) should be included in the response. For new resource types added after this field, the flag has no effect as new resource types will always include every visible scope for each scope type in response. For resource types which predate this field, if this flag is omitted or false, only scopes of the scope types where the resource type is expected to be found will be included.",
+              "location": "query",
+              "type": "boolean"
+            },
             "maxResults": {
               "default": "500",
               "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
@@ -35677,9 +36611,9 @@
               "type": "boolean"
             }
           },
-          "path": "projects/{project}/global/targetGrpcProxies",
+          "path": "projects/{project}/aggregated/subnetworks",
           "response": {
-            "$ref": "TargetGrpcProxyList"
+            "$ref": "SubnetworkAggregatedList"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -35687,14 +36621,15 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
-        "patch": {
-          "description": "Patches the specified TargetGrpcProxy resource with the data included in the request. This method supports PATCH semantics and uses JSON merge patch format and processing rules.",
-          "flatPath": "projects/{project}/global/targetGrpcProxies/{targetGrpcProxy}",
-          "httpMethod": "PATCH",
-          "id": "compute.targetGrpcProxies.patch",
+        "delete": {
+          "description": "Deletes the specified subnetwork.",
+          "flatPath": "projects/{project}/regions/{region}/subnetworks/{subnetwork}",
+          "httpMethod": "DELETE",
+          "id": "compute.subnetworks.delete",
           "parameterOrder": [
             "project",
-            "targetGrpcProxy"
+            "region",
+            "subnetwork"
           ],
           "parameters": {
             "project": {
@@ -35704,23 +36639,27 @@
               "required": true,
               "type": "string"
             },
+            "region": {
+              "description": "Name of the region scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
             "requestId": {
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
             },
-            "targetGrpcProxy": {
-              "description": "Name of the TargetGrpcProxy resource to patch.",
+            "subnetwork": {
+              "description": "Name of the Subnetwork resource to delete.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/global/targetGrpcProxies/{targetGrpcProxy}",
-          "request": {
-            "$ref": "TargetGrpcProxy"
-          },
+          "path": "projects/{project}/regions/{region}/subnetworks/{subnetwork}",
           "response": {
             "$ref": "Operation"
           },
@@ -35729,14 +36668,15 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "testIamPermissions": {
-          "description": "Returns permissions that a caller has on the specified resource.",
-          "flatPath": "projects/{project}/global/targetGrpcProxies/{resource}/testIamPermissions",
+        "expandIpCidrRange": {
+          "description": "Expands the IP CIDR range of the subnetwork to a specified value.",
+          "flatPath": "projects/{project}/regions/{region}/subnetworks/{subnetwork}/expandIpCidrRange",
           "httpMethod": "POST",
-          "id": "compute.targetGrpcProxies.testIamPermissions",
+          "id": "compute.subnetworks.expandIpCidrRange",
           "parameterOrder": [
             "project",
-            "resource"
+            "region",
+            "subnetwork"
           ],
           "parameters": {
             "project": {
@@ -35746,84 +36686,74 @@
               "required": true,
               "type": "string"
             },
-            "resource": {
-              "description": "Name or id of the resource for this request.",
+            "region": {
+              "description": "Name of the region scoping this request.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9_]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "subnetwork": {
+              "description": "Name of the Subnetwork resource to update.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/global/targetGrpcProxies/{resource}/testIamPermissions",
+          "path": "projects/{project}/regions/{region}/subnetworks/{subnetwork}/expandIpCidrRange",
           "request": {
-            "$ref": "TestPermissionsRequest"
+            "$ref": "SubnetworksExpandIpCidrRangeRequest"
           },
           "response": {
-            "$ref": "TestPermissionsResponse"
+            "$ref": "Operation"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
+            "https://www.googleapis.com/auth/compute"
           ]
-        }
-      }
-    },
-    "targetHttpProxies": {
-      "methods": {
-        "aggregatedList": {
-          "description": "Retrieves the list of all TargetHttpProxy resources, regional and global, available to the specified project.",
-          "flatPath": "projects/{project}/aggregated/targetHttpProxies",
+        },
+        "get": {
+          "description": "Returns the specified subnetwork.",
+          "flatPath": "projects/{project}/regions/{region}/subnetworks/{subnetwork}",
           "httpMethod": "GET",
-          "id": "compute.targetHttpProxies.aggregatedList",
+          "id": "compute.subnetworks.get",
           "parameterOrder": [
-            "project"
+            "project",
+            "region",
+            "subnetwork"
           ],
           "parameters": {
-            "filter": {
-              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
-              "location": "query",
-              "type": "string"
-            },
-            "includeAllScopes": {
-              "description": "Indicates whether every visible scope for each scope type (zone, region, global) should be included in the response. For new resource types added after this field, the flag has no effect as new resource types will always include every visible scope for each scope type in response. For resource types which predate this field, if this flag is omitted or false, only scopes of the scope types where the resource type is expected to be found will be included.",
-              "location": "query",
-              "type": "boolean"
-            },
-            "maxResults": {
-              "default": "500",
-              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
-              "format": "uint32",
-              "location": "query",
-              "minimum": "0",
-              "type": "integer"
-            },
-            "orderBy": {
-              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
-              "location": "query",
-              "type": "string"
-            },
-            "pageToken": {
-              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
-              "location": "query",
-              "type": "string"
-            },
             "project": {
-              "description": "Name of the project scoping this request.",
+              "description": "Project ID for this request.",
               "location": "path",
               "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
               "required": true,
               "type": "string"
             },
-            "returnPartialSuccess": {
-              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
-              "location": "query",
-              "type": "boolean"
-            }
-          },
-          "path": "projects/{project}/aggregated/targetHttpProxies",
+            "region": {
+              "description": "Name of the region scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "subnetwork": {
+              "description": "Name of the Subnetwork resource to return.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/subnetworks/{subnetwork}",
           "response": {
-            "$ref": "TargetHttpProxyAggregatedList"
+            "$ref": "Subnetwork"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -35831,16 +36761,23 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
-        "delete": {
-          "description": "Deletes the specified TargetHttpProxy resource.",
-          "flatPath": "projects/{project}/global/targetHttpProxies/{targetHttpProxy}",
-          "httpMethod": "DELETE",
-          "id": "compute.targetHttpProxies.delete",
+        "getIamPolicy": {
+          "description": "Gets the access control policy for a resource. May be empty if no such policy or resource exists.",
+          "flatPath": "projects/{project}/regions/{region}/subnetworks/{resource}/getIamPolicy",
+          "httpMethod": "GET",
+          "id": "compute.subnetworks.getIamPolicy",
           "parameterOrder": [
             "project",
-            "targetHttpProxy"
+            "region",
+            "resource"
           ],
           "parameters": {
+            "optionsRequestedPolicyVersion": {
+              "description": "Requested IAM Policy version.",
+              "format": "int32",
+              "location": "query",
+              "type": "integer"
+            },
             "project": {
               "description": "Project ID for this request.",
               "location": "path",
@@ -35848,36 +36785,39 @@
               "required": true,
               "type": "string"
             },
-            "requestId": {
-              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
-              "location": "query",
+            "region": {
+              "description": "The name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
               "type": "string"
             },
-            "targetHttpProxy": {
-              "description": "Name of the TargetHttpProxy resource to delete.",
+            "resource": {
+              "description": "Name or id of the resource for this request.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/global/targetHttpProxies/{targetHttpProxy}",
+          "path": "projects/{project}/regions/{region}/subnetworks/{resource}/getIamPolicy",
           "response": {
-            "$ref": "Operation"
+            "$ref": "Policy"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute"
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
-        "get": {
-          "description": "Returns the specified TargetHttpProxy resource. Gets a list of available target HTTP proxies by making a list() request.",
-          "flatPath": "projects/{project}/global/targetHttpProxies/{targetHttpProxy}",
-          "httpMethod": "GET",
-          "id": "compute.targetHttpProxies.get",
+        "insert": {
+          "description": "Creates a subnetwork in the specified project using the data included in the request.",
+          "flatPath": "projects/{project}/regions/{region}/subnetworks",
+          "httpMethod": "POST",
+          "id": "compute.subnetworks.insert",
           "parameterOrder": [
             "project",
-            "targetHttpProxy"
+            "region"
           ],
           "parameters": {
             "project": {
@@ -35887,33 +36827,64 @@
               "required": true,
               "type": "string"
             },
-            "targetHttpProxy": {
-              "description": "Name of the TargetHttpProxy resource to return.",
+            "region": {
+              "description": "Name of the region scoping this request.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
               "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
             }
           },
-          "path": "projects/{project}/global/targetHttpProxies/{targetHttpProxy}",
+          "path": "projects/{project}/regions/{region}/subnetworks",
+          "request": {
+            "$ref": "Subnetwork"
+          },
           "response": {
-            "$ref": "TargetHttpProxy"
+            "$ref": "Operation"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
+            "https://www.googleapis.com/auth/compute"
           ]
         },
-        "insert": {
-          "description": "Creates a TargetHttpProxy resource in the specified project using the data included in the request.",
-          "flatPath": "projects/{project}/global/targetHttpProxies",
-          "httpMethod": "POST",
-          "id": "compute.targetHttpProxies.insert",
+        "list": {
+          "description": "Retrieves a list of subnetworks available to the specified project.",
+          "flatPath": "projects/{project}/regions/{region}/subnetworks",
+          "httpMethod": "GET",
+          "id": "compute.subnetworks.list",
           "parameterOrder": [
-            "project"
+            "project",
+            "region"
           ],
           "parameters": {
+            "filter": {
+              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+              "location": "query",
+              "type": "string"
+            },
+            "maxResults": {
+              "default": "500",
+              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+              "format": "uint32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "orderBy": {
+              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+              "location": "query",
+              "type": "string"
+            },
+            "pageToken": {
+              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+              "location": "query",
+              "type": "string"
+            },
             "project": {
               "description": "Project ID for this request.",
               "location": "path",
@@ -35921,29 +36892,34 @@
               "required": true,
               "type": "string"
             },
-            "requestId": {
-              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
-              "location": "query",
+            "region": {
+              "description": "Name of the region scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
               "type": "string"
+            },
+            "returnPartialSuccess": {
+              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+              "location": "query",
+              "type": "boolean"
             }
           },
-          "path": "projects/{project}/global/targetHttpProxies",
-          "request": {
-            "$ref": "TargetHttpProxy"
-          },
+          "path": "projects/{project}/regions/{region}/subnetworks",
           "response": {
-            "$ref": "Operation"
+            "$ref": "SubnetworkList"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute"
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
-        "list": {
-          "description": "Retrieves the list of TargetHttpProxy resources available to the specified project.",
-          "flatPath": "projects/{project}/global/targetHttpProxies",
+        "listUsable": {
+          "description": "Retrieves an aggregated list of all usable subnetworks in the project.",
+          "flatPath": "projects/{project}/aggregated/subnetworks/listUsable",
           "httpMethod": "GET",
-          "id": "compute.targetHttpProxies.list",
+          "id": "compute.subnetworks.listUsable",
           "parameterOrder": [
             "project"
           ],
@@ -35982,11 +36958,16 @@
               "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
               "location": "query",
               "type": "boolean"
+            },
+            "serviceProject": {
+              "description": "The project id or project number in which the subnetwork is intended to be used. Only applied for Shared VPC. See [Shared VPC documentation](https://cloud.google.com/vpc/docs/shared-vpc/)",
+              "location": "query",
+              "type": "string"
             }
           },
-          "path": "projects/{project}/global/targetHttpProxies",
+          "path": "projects/{project}/aggregated/subnetworks/listUsable",
           "response": {
-            "$ref": "TargetHttpProxyList"
+            "$ref": "UsableSubnetworksAggregatedList"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -35995,15 +36976,22 @@
           ]
         },
         "patch": {
-          "description": "Patches the specified TargetHttpProxy resource with the data included in the request. This method supports PATCH semantics and uses JSON merge patch format and processing rules.",
-          "flatPath": "projects/{project}/global/targetHttpProxies/{targetHttpProxy}",
+          "description": "Patches the specified subnetwork with the data included in the request. Only certain fields can be updated with a patch request as indicated in the field descriptions. You must specify the current fingerprint of the subnetwork resource being patched.",
+          "flatPath": "projects/{project}/regions/{region}/subnetworks/{subnetwork}",
           "httpMethod": "PATCH",
-          "id": "compute.targetHttpProxies.patch",
+          "id": "compute.subnetworks.patch",
           "parameterOrder": [
             "project",
-            "targetHttpProxy"
+            "region",
+            "subnetwork"
           ],
           "parameters": {
+            "drainTimeoutSeconds": {
+              "description": "The drain timeout specifies the upper bound in seconds on the amount of time allowed to drain connections from the current ACTIVE subnetwork to the current BACKUP subnetwork. The drain timeout is only applicable when the following conditions are true: - the subnetwork being patched has purpose = INTERNAL_HTTPS_LOAD_BALANCER - the subnetwork being patched has role = BACKUP - the patch request is setting the role to ACTIVE. Note that after this patch operation the roles of the ACTIVE and BACKUP subnetworks will be swapped.",
+              "format": "int32",
+              "location": "query",
+              "type": "integer"
+            },
             "project": {
               "description": "Project ID for this request.",
               "location": "path",
@@ -36011,22 +36999,29 @@
               "required": true,
               "type": "string"
             },
+            "region": {
+              "description": "Name of the region scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
             "requestId": {
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
             },
-            "targetHttpProxy": {
-              "description": "Name of the TargetHttpProxy resource to patch.",
+            "subnetwork": {
+              "description": "Name of the Subnetwork resource to patch.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/global/targetHttpProxies/{targetHttpProxy}",
+          "path": "projects/{project}/regions/{region}/subnetworks/{subnetwork}",
           "request": {
-            "$ref": "TargetHttpProxy"
+            "$ref": "Subnetwork"
           },
           "response": {
             "$ref": "Operation"
@@ -36036,14 +37031,15 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "setUrlMap": {
-          "description": "Changes the URL map for TargetHttpProxy.",
-          "flatPath": "projects/{project}/targetHttpProxies/{targetHttpProxy}/setUrlMap",
+        "setIamPolicy": {
+          "description": "Sets the access control policy on the specified resource. Replaces any existing policy.",
+          "flatPath": "projects/{project}/regions/{region}/subnetworks/{resource}/setIamPolicy",
           "httpMethod": "POST",
-          "id": "compute.targetHttpProxies.setUrlMap",
+          "id": "compute.subnetworks.setIamPolicy",
           "parameterOrder": [
             "project",
-            "targetHttpProxy"
+            "region",
+            "resource"
           ],
           "parameters": {
             "project": {
@@ -36053,39 +37049,42 @@
               "required": true,
               "type": "string"
             },
-            "requestId": {
-              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
-              "location": "query",
+            "region": {
+              "description": "The name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
               "type": "string"
             },
-            "targetHttpProxy": {
-              "description": "Name of the TargetHttpProxy to set a URL map for.",
+            "resource": {
+              "description": "Name or id of the resource for this request.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/targetHttpProxies/{targetHttpProxy}/setUrlMap",
+          "path": "projects/{project}/regions/{region}/subnetworks/{resource}/setIamPolicy",
           "request": {
-            "$ref": "UrlMapReference"
+            "$ref": "RegionSetPolicyRequest"
           },
           "response": {
-            "$ref": "Operation"
+            "$ref": "Policy"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "testIamPermissions": {
-          "description": "Returns permissions that a caller has on the specified resource.",
-          "flatPath": "projects/{project}/global/targetHttpProxies/{resource}/testIamPermissions",
+        "setPrivateIpGoogleAccess": {
+          "description": "Set whether VMs in this subnet can access Google services without assigning external IP addresses through Private Google Access.",
+          "flatPath": "projects/{project}/regions/{region}/subnetworks/{subnetwork}/setPrivateIpGoogleAccess",
           "httpMethod": "POST",
-          "id": "compute.targetHttpProxies.testIamPermissions",
+          "id": "compute.subnetworks.setPrivateIpGoogleAccess",
           "parameterOrder": [
             "project",
-            "resource"
+            "region",
+            "subnetwork"
           ],
           "parameters": {
             "project": {
@@ -36095,99 +37094,96 @@
               "required": true,
               "type": "string"
             },
-            "resource": {
-              "description": "Name or id of the resource for this request.",
+            "region": {
+              "description": "Name of the region scoping this request.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9_]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "subnetwork": {
+              "description": "Name of the Subnetwork resource.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/global/targetHttpProxies/{resource}/testIamPermissions",
+          "path": "projects/{project}/regions/{region}/subnetworks/{subnetwork}/setPrivateIpGoogleAccess",
           "request": {
-            "$ref": "TestPermissionsRequest"
+            "$ref": "SubnetworksSetPrivateIpGoogleAccessRequest"
           },
           "response": {
-            "$ref": "TestPermissionsResponse"
+            "$ref": "Operation"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
+            "https://www.googleapis.com/auth/compute"
           ]
-        }
-      }
-    },
-    "targetHttpsProxies": {
-      "methods": {
-        "aggregatedList": {
-          "description": "Retrieves the list of all TargetHttpsProxy resources, regional and global, available to the specified project.",
-          "flatPath": "projects/{project}/aggregated/targetHttpsProxies",
-          "httpMethod": "GET",
-          "id": "compute.targetHttpsProxies.aggregatedList",
+        },
+        "testIamPermissions": {
+          "description": "Returns permissions that a caller has on the specified resource.",
+          "flatPath": "projects/{project}/regions/{region}/subnetworks/{resource}/testIamPermissions",
+          "httpMethod": "POST",
+          "id": "compute.subnetworks.testIamPermissions",
           "parameterOrder": [
-            "project"
+            "project",
+            "region",
+            "resource"
           ],
           "parameters": {
-            "filter": {
-              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
-              "location": "query",
-              "type": "string"
-            },
-            "includeAllScopes": {
-              "description": "Indicates whether every visible scope for each scope type (zone, region, global) should be included in the response. For new resource types added after this field, the flag has no effect as new resource types will always include every visible scope for each scope type in response. For resource types which predate this field, if this flag is omitted or false, only scopes of the scope types where the resource type is expected to be found will be included.",
-              "location": "query",
-              "type": "boolean"
-            },
-            "maxResults": {
-              "default": "500",
-              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
-              "format": "uint32",
-              "location": "query",
-              "minimum": "0",
-              "type": "integer"
-            },
-            "orderBy": {
-              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
-              "location": "query",
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
               "type": "string"
             },
-            "pageToken": {
-              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
-              "location": "query",
+            "region": {
+              "description": "The name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
               "type": "string"
             },
-            "project": {
-              "description": "Name of the project scoping this request.",
+            "resource": {
+              "description": "Name or id of the resource for this request.",
               "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
-            },
-            "returnPartialSuccess": {
-              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
-              "location": "query",
-              "type": "boolean"
             }
           },
-          "path": "projects/{project}/aggregated/targetHttpsProxies",
+          "path": "projects/{project}/regions/{region}/subnetworks/{resource}/testIamPermissions",
+          "request": {
+            "$ref": "TestPermissionsRequest"
+          },
           "response": {
-            "$ref": "TargetHttpsProxyAggregatedList"
+            "$ref": "TestPermissionsResponse"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
             "https://www.googleapis.com/auth/compute",
             "https://www.googleapis.com/auth/compute.readonly"
           ]
-        },
+        }
+      }
+    },
+    "targetGrpcProxies": {
+      "methods": {
         "delete": {
-          "description": "Deletes the specified TargetHttpsProxy resource.",
-          "flatPath": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}",
+          "description": "Deletes the specified TargetGrpcProxy in the given scope",
+          "flatPath": "projects/{project}/global/targetGrpcProxies/{targetGrpcProxy}",
           "httpMethod": "DELETE",
-          "id": "compute.targetHttpsProxies.delete",
+          "id": "compute.targetGrpcProxies.delete",
           "parameterOrder": [
             "project",
-            "targetHttpsProxy"
+            "targetGrpcProxy"
           ],
           "parameters": {
             "project": {
@@ -36202,15 +37198,15 @@
               "location": "query",
               "type": "string"
             },
-            "targetHttpsProxy": {
-              "description": "Name of the TargetHttpsProxy resource to delete.",
+            "targetGrpcProxy": {
+              "description": "Name of the TargetGrpcProxy resource to delete.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}",
+          "path": "projects/{project}/global/targetGrpcProxies/{targetGrpcProxy}",
           "response": {
             "$ref": "Operation"
           },
@@ -36220,13 +37216,13 @@
           ]
         },
         "get": {
-          "description": "Returns the specified TargetHttpsProxy resource. Gets a list of available target HTTPS proxies by making a list() request.",
-          "flatPath": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}",
+          "description": "Returns the specified TargetGrpcProxy resource in the given scope.",
+          "flatPath": "projects/{project}/global/targetGrpcProxies/{targetGrpcProxy}",
           "httpMethod": "GET",
-          "id": "compute.targetHttpsProxies.get",
+          "id": "compute.targetGrpcProxies.get",
           "parameterOrder": [
             "project",
-            "targetHttpsProxy"
+            "targetGrpcProxy"
           ],
           "parameters": {
             "project": {
@@ -36236,17 +37232,17 @@
               "required": true,
               "type": "string"
             },
-            "targetHttpsProxy": {
-              "description": "Name of the TargetHttpsProxy resource to return.",
+            "targetGrpcProxy": {
+              "description": "Name of the TargetGrpcProxy resource to return.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}",
+          "path": "projects/{project}/global/targetGrpcProxies/{targetGrpcProxy}",
           "response": {
-            "$ref": "TargetHttpsProxy"
+            "$ref": "TargetGrpcProxy"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -36255,10 +37251,10 @@
           ]
         },
         "insert": {
-          "description": "Creates a TargetHttpsProxy resource in the specified project using the data included in the request.",
-          "flatPath": "projects/{project}/global/targetHttpsProxies",
+          "description": "Creates a TargetGrpcProxy in the specified project in the given scope using the parameters that are included in the request.",
+          "flatPath": "projects/{project}/global/targetGrpcProxies",
           "httpMethod": "POST",
-          "id": "compute.targetHttpsProxies.insert",
+          "id": "compute.targetGrpcProxies.insert",
           "parameterOrder": [
             "project"
           ],
@@ -36276,9 +37272,9 @@
               "type": "string"
             }
           },
-          "path": "projects/{project}/global/targetHttpsProxies",
+          "path": "projects/{project}/global/targetGrpcProxies",
           "request": {
-            "$ref": "TargetHttpsProxy"
+            "$ref": "TargetGrpcProxy"
           },
           "response": {
             "$ref": "Operation"
@@ -36289,10 +37285,10 @@
           ]
         },
         "list": {
-          "description": "Retrieves the list of TargetHttpsProxy resources available to the specified project.",
-          "flatPath": "projects/{project}/global/targetHttpsProxies",
+          "description": "Lists the TargetGrpcProxies for a project in the given scope.",
+          "flatPath": "projects/{project}/global/targetGrpcProxies",
           "httpMethod": "GET",
-          "id": "compute.targetHttpsProxies.list",
+          "id": "compute.targetGrpcProxies.list",
           "parameterOrder": [
             "project"
           ],
@@ -36333,9 +37329,9 @@
               "type": "boolean"
             }
           },
-          "path": "projects/{project}/global/targetHttpsProxies",
+          "path": "projects/{project}/global/targetGrpcProxies",
           "response": {
-            "$ref": "TargetHttpsProxyList"
+            "$ref": "TargetGrpcProxyList"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -36344,13 +37340,13 @@
           ]
         },
         "patch": {
-          "description": "Patches the specified TargetHttpsProxy resource with the data included in the request. This method supports PATCH semantics and uses JSON merge patch format and processing rules.",
-          "flatPath": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}",
+          "description": "Patches the specified TargetGrpcProxy resource with the data included in the request. This method supports PATCH semantics and uses JSON merge patch format and processing rules.",
+          "flatPath": "projects/{project}/global/targetGrpcProxies/{targetGrpcProxy}",
           "httpMethod": "PATCH",
-          "id": "compute.targetHttpsProxies.patch",
+          "id": "compute.targetGrpcProxies.patch",
           "parameterOrder": [
             "project",
-            "targetHttpsProxy"
+            "targetGrpcProxy"
           ],
           "parameters": {
             "project": {
@@ -36365,17 +37361,17 @@
               "location": "query",
               "type": "string"
             },
-            "targetHttpsProxy": {
-              "description": "Name of the TargetHttpsProxy resource to patch.",
+            "targetGrpcProxy": {
+              "description": "Name of the TargetGrpcProxy resource to patch.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}",
+          "path": "projects/{project}/global/targetGrpcProxies/{targetGrpcProxy}",
           "request": {
-            "$ref": "TargetHttpsProxy"
+            "$ref": "TargetGrpcProxy"
           },
           "response": {
             "$ref": "Operation"
@@ -36385,14 +37381,14 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "setCertificateMap": {
-          "description": "Changes the Certificate Map for TargetHttpsProxy.",
-          "flatPath": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}/setCertificateMap",
+        "testIamPermissions": {
+          "description": "Returns permissions that a caller has on the specified resource.",
+          "flatPath": "projects/{project}/global/targetGrpcProxies/{resource}/testIamPermissions",
           "httpMethod": "POST",
-          "id": "compute.targetHttpsProxies.setCertificateMap",
+          "id": "compute.targetGrpcProxies.testIamPermissions",
           "parameterOrder": [
             "project",
-            "targetHttpsProxy"
+            "resource"
           ],
           "parameters": {
             "project": {
@@ -36402,38 +37398,99 @@
               "required": true,
               "type": "string"
             },
-            "requestId": {
-              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+            "resource": {
+              "description": "Name or id of the resource for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9_]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/global/targetGrpcProxies/{resource}/testIamPermissions",
+          "request": {
+            "$ref": "TestPermissionsRequest"
+          },
+          "response": {
+            "$ref": "TestPermissionsResponse"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        }
+      }
+    },
+    "targetHttpProxies": {
+      "methods": {
+        "aggregatedList": {
+          "description": "Retrieves the list of all TargetHttpProxy resources, regional and global, available to the specified project.",
+          "flatPath": "projects/{project}/aggregated/targetHttpProxies",
+          "httpMethod": "GET",
+          "id": "compute.targetHttpProxies.aggregatedList",
+          "parameterOrder": [
+            "project"
+          ],
+          "parameters": {
+            "filter": {
+              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
               "location": "query",
               "type": "string"
             },
-            "targetHttpsProxy": {
-              "description": "Name of the TargetHttpsProxy resource whose CertificateMap is to be set. The name must be 1-63 characters long, and comply with RFC1035.",
+            "includeAllScopes": {
+              "description": "Indicates whether every visible scope for each scope type (zone, region, global) should be included in the response. For new resource types added after this field, the flag has no effect as new resource types will always include every visible scope for each scope type in response. For resource types which predate this field, if this flag is omitted or false, only scopes of the scope types where the resource type is expected to be found will be included.",
+              "location": "query",
+              "type": "boolean"
+            },
+            "maxResults": {
+              "default": "500",
+              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+              "format": "uint32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "orderBy": {
+              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+              "location": "query",
+              "type": "string"
+            },
+            "pageToken": {
+              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+              "location": "query",
+              "type": "string"
+            },
+            "project": {
+              "description": "Name of the project scoping this request.",
               "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
               "required": true,
               "type": "string"
+            },
+            "returnPartialSuccess": {
+              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+              "location": "query",
+              "type": "boolean"
             }
           },
-          "path": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}/setCertificateMap",
-          "request": {
-            "$ref": "TargetHttpsProxiesSetCertificateMapRequest"
-          },
+          "path": "projects/{project}/aggregated/targetHttpProxies",
           "response": {
-            "$ref": "Operation"
+            "$ref": "TargetHttpProxyAggregatedList"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute"
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
-        "setQuicOverride": {
-          "description": "Sets the QUIC override policy for TargetHttpsProxy.",
-          "flatPath": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}/setQuicOverride",
-          "httpMethod": "POST",
-          "id": "compute.targetHttpsProxies.setQuicOverride",
+        "delete": {
+          "description": "Deletes the specified TargetHttpProxy resource.",
+          "flatPath": "projects/{project}/global/targetHttpProxies/{targetHttpProxy}",
+          "httpMethod": "DELETE",
+          "id": "compute.targetHttpProxies.delete",
           "parameterOrder": [
             "project",
-            "targetHttpsProxy"
+            "targetHttpProxy"
           ],
           "parameters": {
             "project": {
@@ -36448,17 +37505,15 @@
               "location": "query",
               "type": "string"
             },
-            "targetHttpsProxy": {
-              "description": "Name of the TargetHttpsProxy resource to set the QUIC override policy for. The name should conform to RFC1035.",
+            "targetHttpProxy": {
+              "description": "Name of the TargetHttpProxy resource to delete.",
               "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}/setQuicOverride",
-          "request": {
-            "$ref": "TargetHttpsProxiesSetQuicOverrideRequest"
-          },
+          "path": "projects/{project}/global/targetHttpProxies/{targetHttpProxy}",
           "response": {
             "$ref": "Operation"
           },
@@ -36467,14 +37522,14 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "setSslCertificates": {
-          "description": "Replaces SslCertificates for TargetHttpsProxy.",
-          "flatPath": "projects/{project}/targetHttpsProxies/{targetHttpsProxy}/setSslCertificates",
-          "httpMethod": "POST",
-          "id": "compute.targetHttpsProxies.setSslCertificates",
+        "get": {
+          "description": "Returns the specified TargetHttpProxy resource.",
+          "flatPath": "projects/{project}/global/targetHttpProxies/{targetHttpProxy}",
+          "httpMethod": "GET",
+          "id": "compute.targetHttpProxies.get",
           "parameterOrder": [
             "project",
-            "targetHttpsProxy"
+            "targetHttpProxy"
           ],
           "parameters": {
             "project": {
@@ -36484,22 +37539,49 @@
               "required": true,
               "type": "string"
             },
-            "requestId": {
-              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
-              "location": "query",
-              "type": "string"
-            },
-            "targetHttpsProxy": {
-              "description": "Name of the TargetHttpsProxy resource to set an SslCertificates resource for.",
+            "targetHttpProxy": {
+              "description": "Name of the TargetHttpProxy resource to return.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/targetHttpsProxies/{targetHttpsProxy}/setSslCertificates",
+          "path": "projects/{project}/global/targetHttpProxies/{targetHttpProxy}",
+          "response": {
+            "$ref": "TargetHttpProxy"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "insert": {
+          "description": "Creates a TargetHttpProxy resource in the specified project using the data included in the request.",
+          "flatPath": "projects/{project}/global/targetHttpProxies",
+          "httpMethod": "POST",
+          "id": "compute.targetHttpProxies.insert",
+          "parameterOrder": [
+            "project"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/global/targetHttpProxies",
           "request": {
-            "$ref": "TargetHttpsProxiesSetSslCertificatesRequest"
+            "$ref": "TargetHttpProxy"
           },
           "response": {
             "$ref": "Operation"
@@ -36509,14 +37591,69 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "setSslPolicy": {
-          "description": "Sets the SSL policy for TargetHttpsProxy. The SSL policy specifies the server-side support for SSL features. This affects connections between clients and the HTTPS proxy load balancer. They do not affect the connection between the load balancer and the backends.",
-          "flatPath": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}/setSslPolicy",
-          "httpMethod": "POST",
-          "id": "compute.targetHttpsProxies.setSslPolicy",
+        "list": {
+          "description": "Retrieves the list of TargetHttpProxy resources available to the specified project.",
+          "flatPath": "projects/{project}/global/targetHttpProxies",
+          "httpMethod": "GET",
+          "id": "compute.targetHttpProxies.list",
+          "parameterOrder": [
+            "project"
+          ],
+          "parameters": {
+            "filter": {
+              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+              "location": "query",
+              "type": "string"
+            },
+            "maxResults": {
+              "default": "500",
+              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+              "format": "uint32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "orderBy": {
+              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+              "location": "query",
+              "type": "string"
+            },
+            "pageToken": {
+              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+              "location": "query",
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "returnPartialSuccess": {
+              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+              "location": "query",
+              "type": "boolean"
+            }
+          },
+          "path": "projects/{project}/global/targetHttpProxies",
+          "response": {
+            "$ref": "TargetHttpProxyList"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "patch": {
+          "description": "Patches the specified TargetHttpProxy resource with the data included in the request. This method supports PATCH semantics and uses JSON merge patch format and processing rules.",
+          "flatPath": "projects/{project}/global/targetHttpProxies/{targetHttpProxy}",
+          "httpMethod": "PATCH",
+          "id": "compute.targetHttpProxies.patch",
           "parameterOrder": [
             "project",
-            "targetHttpsProxy"
+            "targetHttpProxy"
           ],
           "parameters": {
             "project": {
@@ -36531,16 +37668,17 @@
               "location": "query",
               "type": "string"
             },
-            "targetHttpsProxy": {
-              "description": "Name of the TargetHttpsProxy resource whose SSL policy is to be set. The name must be 1-63 characters long, and comply with RFC1035.",
+            "targetHttpProxy": {
+              "description": "Name of the TargetHttpProxy resource to patch.",
               "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}/setSslPolicy",
+          "path": "projects/{project}/global/targetHttpProxies/{targetHttpProxy}",
           "request": {
-            "$ref": "SslPolicyReference"
+            "$ref": "TargetHttpProxy"
           },
           "response": {
             "$ref": "Operation"
@@ -36551,13 +37689,13 @@
           ]
         },
         "setUrlMap": {
-          "description": "Changes the URL map for TargetHttpsProxy.",
-          "flatPath": "projects/{project}/targetHttpsProxies/{targetHttpsProxy}/setUrlMap",
+          "description": "Changes the URL map for TargetHttpProxy.",
+          "flatPath": "projects/{project}/targetHttpProxies/{targetHttpProxy}/setUrlMap",
           "httpMethod": "POST",
-          "id": "compute.targetHttpsProxies.setUrlMap",
+          "id": "compute.targetHttpProxies.setUrlMap",
           "parameterOrder": [
             "project",
-            "targetHttpsProxy"
+            "targetHttpProxy"
           ],
           "parameters": {
             "project": {
@@ -36572,15 +37710,15 @@
               "location": "query",
               "type": "string"
             },
-            "targetHttpsProxy": {
-              "description": "Name of the TargetHttpsProxy resource whose URL map is to be set.",
+            "targetHttpProxy": {
+              "description": "Name of the TargetHttpProxy to set a URL map for.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/targetHttpsProxies/{targetHttpsProxy}/setUrlMap",
+          "path": "projects/{project}/targetHttpProxies/{targetHttpProxy}/setUrlMap",
           "request": {
             "$ref": "UrlMapReference"
           },
@@ -36594,9 +37732,9 @@
         },
         "testIamPermissions": {
           "description": "Returns permissions that a caller has on the specified resource.",
-          "flatPath": "projects/{project}/global/targetHttpsProxies/{resource}/testIamPermissions",
+          "flatPath": "projects/{project}/global/targetHttpProxies/{resource}/testIamPermissions",
           "httpMethod": "POST",
-          "id": "compute.targetHttpsProxies.testIamPermissions",
+          "id": "compute.targetHttpProxies.testIamPermissions",
           "parameterOrder": [
             "project",
             "resource"
@@ -36617,7 +37755,7 @@
               "type": "string"
             }
           },
-          "path": "projects/{project}/global/targetHttpsProxies/{resource}/testIamPermissions",
+          "path": "projects/{project}/global/targetHttpProxies/{resource}/testIamPermissions",
           "request": {
             "$ref": "TestPermissionsRequest"
           },
@@ -36632,13 +37770,13 @@
         }
       }
     },
-    "targetInstances": {
+    "targetHttpsProxies": {
       "methods": {
         "aggregatedList": {
-          "description": "Retrieves an aggregated list of target instances.",
-          "flatPath": "projects/{project}/aggregated/targetInstances",
+          "description": "Retrieves the list of all TargetHttpsProxy resources, regional and global, available to the specified project.",
+          "flatPath": "projects/{project}/aggregated/targetHttpsProxies",
           "httpMethod": "GET",
-          "id": "compute.targetInstances.aggregatedList",
+          "id": "compute.targetHttpsProxies.aggregatedList",
           "parameterOrder": [
             "project"
           ],
@@ -36672,7 +37810,7 @@
               "type": "string"
             },
             "project": {
-              "description": "Project ID for this request.",
+              "description": "Name of the project scoping this request.",
               "location": "path",
               "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
               "required": true,
@@ -36684,9 +37822,9 @@
               "type": "boolean"
             }
           },
-          "path": "projects/{project}/aggregated/targetInstances",
+          "path": "projects/{project}/aggregated/targetHttpsProxies",
           "response": {
-            "$ref": "TargetInstanceAggregatedList"
+            "$ref": "TargetHttpsProxyAggregatedList"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -36695,14 +37833,13 @@
           ]
         },
         "delete": {
-          "description": "Deletes the specified TargetInstance resource.",
-          "flatPath": "projects/{project}/zones/{zone}/targetInstances/{targetInstance}",
+          "description": "Deletes the specified TargetHttpsProxy resource.",
+          "flatPath": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}",
           "httpMethod": "DELETE",
-          "id": "compute.targetInstances.delete",
+          "id": "compute.targetHttpsProxies.delete",
           "parameterOrder": [
             "project",
-            "zone",
-            "targetInstance"
+            "targetHttpsProxy"
           ],
           "parameters": {
             "project": {
@@ -36717,22 +37854,15 @@
               "location": "query",
               "type": "string"
             },
-            "targetInstance": {
-              "description": "Name of the TargetInstance resource to delete.",
+            "targetHttpsProxy": {
+              "description": "Name of the TargetHttpsProxy resource to delete.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
-            },
-            "zone": {
-              "description": "Name of the zone scoping this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
             }
           },
-          "path": "projects/{project}/zones/{zone}/targetInstances/{targetInstance}",
+          "path": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}",
           "response": {
             "$ref": "Operation"
           },
@@ -36742,14 +37872,13 @@
           ]
         },
         "get": {
-          "description": "Returns the specified TargetInstance resource. Gets a list of available target instances by making a list() request.",
-          "flatPath": "projects/{project}/zones/{zone}/targetInstances/{targetInstance}",
+          "description": "Returns the specified TargetHttpsProxy resource.",
+          "flatPath": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}",
           "httpMethod": "GET",
-          "id": "compute.targetInstances.get",
+          "id": "compute.targetHttpsProxies.get",
           "parameterOrder": [
             "project",
-            "zone",
-            "targetInstance"
+            "targetHttpsProxy"
           ],
           "parameters": {
             "project": {
@@ -36759,24 +37888,17 @@
               "required": true,
               "type": "string"
             },
-            "targetInstance": {
-              "description": "Name of the TargetInstance resource to return.",
+            "targetHttpsProxy": {
+              "description": "Name of the TargetHttpsProxy resource to return.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
-            },
-            "zone": {
-              "description": "Name of the zone scoping this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
             }
           },
-          "path": "projects/{project}/zones/{zone}/targetInstances/{targetInstance}",
+          "path": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}",
           "response": {
-            "$ref": "TargetInstance"
+            "$ref": "TargetHttpsProxy"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -36785,13 +37907,12 @@
           ]
         },
         "insert": {
-          "description": "Creates a TargetInstance resource in the specified project and zone using the data included in the request.",
-          "flatPath": "projects/{project}/zones/{zone}/targetInstances",
+          "description": "Creates a TargetHttpsProxy resource in the specified project using the data included in the request.",
+          "flatPath": "projects/{project}/global/targetHttpsProxies",
           "httpMethod": "POST",
-          "id": "compute.targetInstances.insert",
+          "id": "compute.targetHttpsProxies.insert",
           "parameterOrder": [
-            "project",
-            "zone"
+            "project"
           ],
           "parameters": {
             "project": {
@@ -36805,18 +37926,11 @@
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
-            },
-            "zone": {
-              "description": "Name of the zone scoping this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
             }
           },
-          "path": "projects/{project}/zones/{zone}/targetInstances",
+          "path": "projects/{project}/global/targetHttpsProxies",
           "request": {
-            "$ref": "TargetInstance"
+            "$ref": "TargetHttpsProxy"
           },
           "response": {
             "$ref": "Operation"
@@ -36827,13 +37941,12 @@
           ]
         },
         "list": {
-          "description": "Retrieves a list of TargetInstance resources available to the specified project and zone.",
-          "flatPath": "projects/{project}/zones/{zone}/targetInstances",
+          "description": "Retrieves the list of TargetHttpsProxy resources available to the specified project.",
+          "flatPath": "projects/{project}/global/targetHttpsProxies",
           "httpMethod": "GET",
-          "id": "compute.targetInstances.list",
+          "id": "compute.targetHttpsProxies.list",
           "parameterOrder": [
-            "project",
-            "zone"
+            "project"
           ],
           "parameters": {
             "filter": {
@@ -36870,18 +37983,11 @@
               "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
               "location": "query",
               "type": "boolean"
-            },
-            "zone": {
-              "description": "Name of the zone scoping this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
             }
           },
-          "path": "projects/{project}/zones/{zone}/targetInstances",
+          "path": "projects/{project}/global/targetHttpsProxies",
           "response": {
-            "$ref": "TargetInstanceList"
+            "$ref": "TargetHttpsProxyList"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -36889,15 +37995,14 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
-        "testIamPermissions": {
-          "description": "Returns permissions that a caller has on the specified resource.",
-          "flatPath": "projects/{project}/zones/{zone}/targetInstances/{resource}/testIamPermissions",
-          "httpMethod": "POST",
-          "id": "compute.targetInstances.testIamPermissions",
+        "patch": {
+          "description": "Patches the specified TargetHttpsProxy resource with the data included in the request. This method supports PATCH semantics and uses JSON merge patch format and processing rules.",
+          "flatPath": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}",
+          "httpMethod": "PATCH",
+          "id": "compute.targetHttpsProxies.patch",
           "parameterOrder": [
             "project",
-            "zone",
-            "resource"
+            "targetHttpsProxy"
           ],
           "parameters": {
             "project": {
@@ -36907,47 +38012,39 @@
               "required": true,
               "type": "string"
             },
-            "resource": {
-              "description": "Name or id of the resource for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-              "required": true,
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
               "type": "string"
             },
-            "zone": {
-              "description": "The name of the zone for this request.",
+            "targetHttpsProxy": {
+              "description": "Name of the TargetHttpsProxy resource to patch.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/zones/{zone}/targetInstances/{resource}/testIamPermissions",
+          "path": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}",
           "request": {
-            "$ref": "TestPermissionsRequest"
+            "$ref": "TargetHttpsProxy"
           },
           "response": {
-            "$ref": "TestPermissionsResponse"
+            "$ref": "Operation"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
+            "https://www.googleapis.com/auth/compute"
           ]
-        }
-      }
-    },
-    "targetPools": {
-      "methods": {
-        "addHealthCheck": {
-          "description": "Adds health check URLs to a target pool.",
-          "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}/addHealthCheck",
+        },
+        "setCertificateMap": {
+          "description": "Changes the Certificate Map for TargetHttpsProxy.",
+          "flatPath": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}/setCertificateMap",
           "httpMethod": "POST",
-          "id": "compute.targetPools.addHealthCheck",
+          "id": "compute.targetHttpsProxies.setCertificateMap",
           "parameterOrder": [
             "project",
-            "region",
-            "targetPool"
+            "targetHttpsProxy"
           ],
           "parameters": {
             "project": {
@@ -36957,29 +38054,21 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region scoping this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
             "requestId": {
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
             },
-            "targetPool": {
-              "description": "Name of the target pool to add a health check to.",
+            "targetHttpsProxy": {
+              "description": "Name of the TargetHttpsProxy resource whose CertificateMap is to be set. The name must be 1-63 characters long, and comply with RFC1035.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/targetPools/{targetPool}/addHealthCheck",
+          "path": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}/setCertificateMap",
           "request": {
-            "$ref": "TargetPoolsAddHealthCheckRequest"
+            "$ref": "TargetHttpsProxiesSetCertificateMapRequest"
           },
           "response": {
             "$ref": "Operation"
@@ -36989,15 +38078,14 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "addInstance": {
-          "description": "Adds an instance to a target pool.",
-          "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}/addInstance",
+        "setQuicOverride": {
+          "description": "Sets the QUIC override policy for TargetHttpsProxy.",
+          "flatPath": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}/setQuicOverride",
           "httpMethod": "POST",
-          "id": "compute.targetPools.addInstance",
+          "id": "compute.targetHttpsProxies.setQuicOverride",
           "parameterOrder": [
             "project",
-            "region",
-            "targetPool"
+            "targetHttpsProxy"
           ],
           "parameters": {
             "project": {
@@ -37007,29 +38095,21 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region scoping this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
             "requestId": {
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
             },
-            "targetPool": {
-              "description": "Name of the TargetPool resource to add instances to.",
+            "targetHttpsProxy": {
+              "description": "Name of the TargetHttpsProxy resource to set the QUIC override policy for. The name should conform to RFC1035.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/targetPools/{targetPool}/addInstance",
+          "path": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}/setQuicOverride",
           "request": {
-            "$ref": "TargetPoolsAddInstanceRequest"
+            "$ref": "TargetHttpsProxiesSetQuicOverrideRequest"
           },
           "response": {
             "$ref": "Operation"
@@ -37039,43 +38119,16 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "aggregatedList": {
-          "description": "Retrieves an aggregated list of target pools.",
-          "flatPath": "projects/{project}/aggregated/targetPools",
-          "httpMethod": "GET",
-          "id": "compute.targetPools.aggregatedList",
+        "setSslCertificates": {
+          "description": "Replaces SslCertificates for TargetHttpsProxy.",
+          "flatPath": "projects/{project}/targetHttpsProxies/{targetHttpsProxy}/setSslCertificates",
+          "httpMethod": "POST",
+          "id": "compute.targetHttpsProxies.setSslCertificates",
           "parameterOrder": [
-            "project"
+            "project",
+            "targetHttpsProxy"
           ],
           "parameters": {
-            "filter": {
-              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
-              "location": "query",
-              "type": "string"
-            },
-            "includeAllScopes": {
-              "description": "Indicates whether every visible scope for each scope type (zone, region, global) should be included in the response. For new resource types added after this field, the flag has no effect as new resource types will always include every visible scope for each scope type in response. For resource types which predate this field, if this flag is omitted or false, only scopes of the scope types where the resource type is expected to be found will be included.",
-              "location": "query",
-              "type": "boolean"
-            },
-            "maxResults": {
-              "default": "500",
-              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
-              "format": "uint32",
-              "location": "query",
-              "minimum": "0",
-              "type": "integer"
-            },
-            "orderBy": {
-              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
-              "location": "query",
-              "type": "string"
-            },
-            "pageToken": {
-              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
-              "location": "query",
-              "type": "string"
-            },
             "project": {
               "description": "Project ID for this request.",
               "location": "path",
@@ -37083,31 +38136,39 @@
               "required": true,
               "type": "string"
             },
-            "returnPartialSuccess": {
-              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
-              "type": "boolean"
+              "type": "string"
+            },
+            "targetHttpsProxy": {
+              "description": "Name of the TargetHttpsProxy resource to set an SslCertificates resource for.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
             }
           },
-          "path": "projects/{project}/aggregated/targetPools",
+          "path": "projects/{project}/targetHttpsProxies/{targetHttpsProxy}/setSslCertificates",
+          "request": {
+            "$ref": "TargetHttpsProxiesSetSslCertificatesRequest"
+          },
           "response": {
-            "$ref": "TargetPoolAggregatedList"
+            "$ref": "Operation"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
+            "https://www.googleapis.com/auth/compute"
           ]
         },
-        "delete": {
-          "description": "Deletes the specified target pool.",
-          "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}",
-          "httpMethod": "DELETE",
-          "id": "compute.targetPools.delete",
+        "setSslPolicy": {
+          "description": "Sets the SSL policy for TargetHttpsProxy. The SSL policy specifies the server-side support for SSL features. This affects connections between clients and the HTTPS proxy load balancer. They do not affect the connection between the load balancer and the backends.",
+          "flatPath": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}/setSslPolicy",
+          "httpMethod": "POST",
+          "id": "compute.targetHttpsProxies.setSslPolicy",
           "parameterOrder": [
             "project",
-            "region",
-            "targetPool"
+            "targetHttpsProxy"
           ],
           "parameters": {
             "project": {
@@ -37117,27 +38178,22 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region scoping this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
             "requestId": {
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
             },
-            "targetPool": {
-              "description": "Name of the TargetPool resource to delete.",
+            "targetHttpsProxy": {
+              "description": "Name of the TargetHttpsProxy resource whose SSL policy is to be set. The name must be 1-63 characters long, and comply with RFC1035.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/targetPools/{targetPool}",
+          "path": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}/setSslPolicy",
+          "request": {
+            "$ref": "SslPolicyReference"
+          },
           "response": {
             "$ref": "Operation"
           },
@@ -37146,15 +38202,14 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "get": {
-          "description": "Returns the specified target pool. Gets a list of available target pools by making a list() request.",
-          "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}",
-          "httpMethod": "GET",
-          "id": "compute.targetPools.get",
+        "setUrlMap": {
+          "description": "Changes the URL map for TargetHttpsProxy.",
+          "flatPath": "projects/{project}/targetHttpsProxies/{targetHttpsProxy}/setUrlMap",
+          "httpMethod": "POST",
+          "id": "compute.targetHttpsProxies.setUrlMap",
           "parameterOrder": [
             "project",
-            "region",
-            "targetPool"
+            "targetHttpsProxy"
           ],
           "parameters": {
             "project": {
@@ -37164,40 +38219,39 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region scoping this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
               "type": "string"
             },
-            "targetPool": {
-              "description": "Name of the TargetPool resource to return.",
+            "targetHttpsProxy": {
+              "description": "Name of the TargetHttpsProxy resource whose URL map is to be set.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/targetPools/{targetPool}",
+          "path": "projects/{project}/targetHttpsProxies/{targetHttpsProxy}/setUrlMap",
+          "request": {
+            "$ref": "UrlMapReference"
+          },
           "response": {
-            "$ref": "TargetPool"
+            "$ref": "Operation"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
+            "https://www.googleapis.com/auth/compute"
           ]
         },
-        "getHealth": {
-          "description": "Gets the most recent health check results for each IP for the instance that is referenced by the given target pool.",
-          "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}/getHealth",
+        "testIamPermissions": {
+          "description": "Returns permissions that a caller has on the specified resource.",
+          "flatPath": "projects/{project}/global/targetHttpsProxies/{resource}/testIamPermissions",
           "httpMethod": "POST",
-          "id": "compute.targetPools.getHealth",
+          "id": "compute.targetHttpsProxies.testIamPermissions",
           "parameterOrder": [
             "project",
-            "region",
-            "targetPool"
+            "resource"
           ],
           "parameters": {
             "project": {
@@ -37207,84 +38261,38 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region scoping this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
-            "targetPool": {
-              "description": "Name of the TargetPool resource to which the queried instance belongs.",
+            "resource": {
+              "description": "Name or id of the resource for this request.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "pattern": "[a-z](?:[-a-z0-9_]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/targetPools/{targetPool}/getHealth",
+          "path": "projects/{project}/global/targetHttpsProxies/{resource}/testIamPermissions",
           "request": {
-            "$ref": "InstanceReference"
+            "$ref": "TestPermissionsRequest"
           },
           "response": {
-            "$ref": "TargetPoolInstanceHealth"
+            "$ref": "TestPermissionsResponse"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
             "https://www.googleapis.com/auth/compute",
             "https://www.googleapis.com/auth/compute.readonly"
           ]
-        },
-        "insert": {
-          "description": "Creates a target pool in the specified project and region using the data included in the request.",
-          "flatPath": "projects/{project}/regions/{region}/targetPools",
-          "httpMethod": "POST",
-          "id": "compute.targetPools.insert",
-          "parameterOrder": [
-            "project",
-            "region"
-          ],
-          "parameters": {
-            "project": {
-              "description": "Project ID for this request.",
-              "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-              "required": true,
-              "type": "string"
-            },
-            "region": {
-              "description": "Name of the region scoping this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
-            "requestId": {
-              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
-              "location": "query",
-              "type": "string"
-            }
-          },
-          "path": "projects/{project}/regions/{region}/targetPools",
-          "request": {
-            "$ref": "TargetPool"
-          },
-          "response": {
-            "$ref": "Operation"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute"
-          ]
-        },
-        "list": {
-          "description": "Retrieves a list of target pools available to the specified project and region.",
-          "flatPath": "projects/{project}/regions/{region}/targetPools",
+        }
+      }
+    },
+    "targetInstances": {
+      "methods": {
+        "aggregatedList": {
+          "description": "Retrieves an aggregated list of target instances.",
+          "flatPath": "projects/{project}/aggregated/targetInstances",
           "httpMethod": "GET",
-          "id": "compute.targetPools.list",
+          "id": "compute.targetInstances.aggregatedList",
           "parameterOrder": [
-            "project",
-            "region"
+            "project"
           ],
           "parameters": {
             "filter": {
@@ -37292,6 +38300,11 @@
               "location": "query",
               "type": "string"
             },
+            "includeAllScopes": {
+              "description": "Indicates whether every visible scope for each scope type (zone, region, global) should be included in the response. For new resource types added after this field, the flag has no effect as new resource types will always include every visible scope for each scope type in response. For resource types which predate this field, if this flag is omitted or false, only scopes of the scope types where the resource type is expected to be found will be included.",
+              "location": "query",
+              "type": "boolean"
+            },
             "maxResults": {
               "default": "500",
               "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
@@ -37317,22 +38330,15 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region scoping this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
             "returnPartialSuccess": {
               "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
               "location": "query",
               "type": "boolean"
             }
           },
-          "path": "projects/{project}/regions/{region}/targetPools",
+          "path": "projects/{project}/aggregated/targetInstances",
           "response": {
-            "$ref": "TargetPoolList"
+            "$ref": "TargetInstanceAggregatedList"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -37340,15 +38346,15 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
-        "removeHealthCheck": {
-          "description": "Removes health check URL from a target pool.",
-          "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}/removeHealthCheck",
-          "httpMethod": "POST",
-          "id": "compute.targetPools.removeHealthCheck",
+        "delete": {
+          "description": "Deletes the specified TargetInstance resource.",
+          "flatPath": "projects/{project}/zones/{zone}/targetInstances/{targetInstance}",
+          "httpMethod": "DELETE",
+          "id": "compute.targetInstances.delete",
           "parameterOrder": [
             "project",
-            "region",
-            "targetPool"
+            "zone",
+            "targetInstance"
           ],
           "parameters": {
             "project": {
@@ -37358,30 +38364,27 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
             "requestId": {
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
             },
-            "targetPool": {
-              "description": "Name of the target pool to remove health checks from.",
+            "targetInstance": {
+              "description": "Name of the TargetInstance resource to delete.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
+            },
+            "zone": {
+              "description": "Name of the zone scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/targetPools/{targetPool}/removeHealthCheck",
-          "request": {
-            "$ref": "TargetPoolsRemoveHealthCheckRequest"
-          },
+          "path": "projects/{project}/zones/{zone}/targetInstances/{targetInstance}",
           "response": {
             "$ref": "Operation"
           },
@@ -37390,15 +38393,15 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "removeInstance": {
-          "description": "Removes instance URL from a target pool.",
-          "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}/removeInstance",
-          "httpMethod": "POST",
-          "id": "compute.targetPools.removeInstance",
+        "get": {
+          "description": "Returns the specified TargetInstance resource.",
+          "flatPath": "projects/{project}/zones/{zone}/targetInstances/{targetInstance}",
+          "httpMethod": "GET",
+          "id": "compute.targetInstances.get",
           "parameterOrder": [
             "project",
-            "region",
-            "targetPool"
+            "zone",
+            "targetInstance"
           ],
           "parameters": {
             "project": {
@@ -37408,29 +38411,64 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region scoping this request.",
+            "targetInstance": {
+              "description": "Name of the TargetInstance resource to return.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "zone": {
+              "description": "Name of the zone scoping this request.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
               "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/targetInstances/{targetInstance}",
+          "response": {
+            "$ref": "TargetInstance"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "insert": {
+          "description": "Creates a TargetInstance resource in the specified project and zone using the data included in the request.",
+          "flatPath": "projects/{project}/zones/{zone}/targetInstances",
+          "httpMethod": "POST",
+          "id": "compute.targetInstances.insert",
+          "parameterOrder": [
+            "project",
+            "zone"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
             },
             "requestId": {
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
             },
-            "targetPool": {
-              "description": "Name of the TargetPool resource to remove instances from.",
+            "zone": {
+              "description": "Name of the zone scoping this request.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/targetPools/{targetPool}/removeInstance",
+          "path": "projects/{project}/zones/{zone}/targetInstances",
           "request": {
-            "$ref": "TargetPoolsRemoveInstanceRequest"
+            "$ref": "TargetInstance"
           },
           "response": {
             "$ref": "Operation"
@@ -37440,22 +38478,38 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "setBackup": {
-          "description": "Changes a backup target pool's configurations.",
-          "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}/setBackup",
-          "httpMethod": "POST",
-          "id": "compute.targetPools.setBackup",
+        "list": {
+          "description": "Retrieves a list of TargetInstance resources available to the specified project and zone.",
+          "flatPath": "projects/{project}/zones/{zone}/targetInstances",
+          "httpMethod": "GET",
+          "id": "compute.targetInstances.list",
           "parameterOrder": [
             "project",
-            "region",
-            "targetPool"
+            "zone"
           ],
           "parameters": {
-            "failoverRatio": {
-              "description": "New failoverRatio value for the target pool.",
-              "format": "float",
+            "filter": {
+              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
               "location": "query",
-              "type": "number"
+              "type": "string"
+            },
+            "maxResults": {
+              "default": "500",
+              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+              "format": "uint32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "orderBy": {
+              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+              "location": "query",
+              "type": "string"
+            },
+            "pageToken": {
+              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+              "location": "query",
+              "type": "string"
             },
             "project": {
               "description": "Project ID for this request.",
@@ -37464,29 +38518,69 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region scoping this request.",
+            "returnPartialSuccess": {
+              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+              "location": "query",
+              "type": "boolean"
+            },
+            "zone": {
+              "description": "Name of the zone scoping this request.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
               "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/targetInstances",
+          "response": {
+            "$ref": "TargetInstanceList"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "setSecurityPolicy": {
+          "description": "Sets the Google Cloud Armor security policy for the specified target instance. For more information, see Google Cloud Armor Overview",
+          "flatPath": "projects/{project}/zones/{zone}/targetInstances/{targetInstance}/setSecurityPolicy",
+          "httpMethod": "POST",
+          "id": "compute.targetInstances.setSecurityPolicy",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "targetInstance"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
             },
             "requestId": {
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
             },
-            "targetPool": {
-              "description": "Name of the TargetPool resource to set a backup pool for.",
+            "targetInstance": {
+              "description": "Name of the TargetInstance resource to which the security policy should be set. The name should conform to RFC1035.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "zone": {
+              "description": "Name of the zone scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/targetPools/{targetPool}/setBackup",
+          "path": "projects/{project}/zones/{zone}/targetInstances/{targetInstance}/setSecurityPolicy",
           "request": {
-            "$ref": "TargetReference"
+            "$ref": "SecurityPolicyReference"
           },
           "response": {
             "$ref": "Operation"
@@ -37498,12 +38592,12 @@
         },
         "testIamPermissions": {
           "description": "Returns permissions that a caller has on the specified resource.",
-          "flatPath": "projects/{project}/regions/{region}/targetPools/{resource}/testIamPermissions",
+          "flatPath": "projects/{project}/zones/{zone}/targetInstances/{resource}/testIamPermissions",
           "httpMethod": "POST",
-          "id": "compute.targetPools.testIamPermissions",
+          "id": "compute.targetInstances.testIamPermissions",
           "parameterOrder": [
             "project",
-            "region",
+            "zone",
             "resource"
           ],
           "parameters": {
@@ -37514,22 +38608,22 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "The name of the region for this request.",
+            "resource": {
+              "description": "Name or id of the resource for this request.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             },
-            "resource": {
-              "description": "Name or id of the resource for this request.",
+            "zone": {
+              "description": "The name of the zone for this request.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/targetPools/{resource}/testIamPermissions",
+          "path": "projects/{project}/zones/{zone}/targetInstances/{resource}/testIamPermissions",
           "request": {
             "$ref": "TestPermissionsRequest"
           },
@@ -37544,16 +38638,17 @@
         }
       }
     },
-    "targetSslProxies": {
+    "targetPools": {
       "methods": {
-        "delete": {
-          "description": "Deletes the specified TargetSslProxy resource.",
-          "flatPath": "projects/{project}/global/targetSslProxies/{targetSslProxy}",
-          "httpMethod": "DELETE",
-          "id": "compute.targetSslProxies.delete",
+        "addHealthCheck": {
+          "description": "Adds health check URLs to a target pool.",
+          "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}/addHealthCheck",
+          "httpMethod": "POST",
+          "id": "compute.targetPools.addHealthCheck",
           "parameterOrder": [
             "project",
-            "targetSslProxy"
+            "region",
+            "targetPool"
           ],
           "parameters": {
             "project": {
@@ -37563,20 +38658,30 @@
               "required": true,
               "type": "string"
             },
+            "region": {
+              "description": "Name of the region scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
             "requestId": {
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
             },
-            "targetSslProxy": {
-              "description": "Name of the TargetSslProxy resource to delete.",
+            "targetPool": {
+              "description": "Name of the target pool to add a health check to.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/global/targetSslProxies/{targetSslProxy}",
+          "path": "projects/{project}/regions/{region}/targetPools/{targetPool}/addHealthCheck",
+          "request": {
+            "$ref": "TargetPoolsAddHealthCheckRequest"
+          },
           "response": {
             "$ref": "Operation"
           },
@@ -37585,14 +38690,15 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "get": {
-          "description": "Returns the specified TargetSslProxy resource. Gets a list of available target SSL proxies by making a list() request.",
-          "flatPath": "projects/{project}/global/targetSslProxies/{targetSslProxy}",
-          "httpMethod": "GET",
-          "id": "compute.targetSslProxies.get",
+        "addInstance": {
+          "description": "Adds an instance to a target pool.",
+          "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}/addInstance",
+          "httpMethod": "POST",
+          "id": "compute.targetPools.addInstance",
           "parameterOrder": [
             "project",
-            "targetSslProxy"
+            "region",
+            "targetPool"
           ],
           "parameters": {
             "project": {
@@ -37602,37 +38708,10 @@
               "required": true,
               "type": "string"
             },
-            "targetSslProxy": {
-              "description": "Name of the TargetSslProxy resource to return.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "projects/{project}/global/targetSslProxies/{targetSslProxy}",
-          "response": {
-            "$ref": "TargetSslProxy"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
-          ]
-        },
-        "insert": {
-          "description": "Creates a TargetSslProxy resource in the specified project using the data included in the request.",
-          "flatPath": "projects/{project}/global/targetSslProxies",
-          "httpMethod": "POST",
-          "id": "compute.targetSslProxies.insert",
-          "parameterOrder": [
-            "project"
-          ],
-          "parameters": {
-            "project": {
-              "description": "Project ID for this request.",
+            "region": {
+              "description": "Name of the region scoping this request.",
               "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
               "type": "string"
             },
@@ -37640,11 +38719,18 @@
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
+            },
+            "targetPool": {
+              "description": "Name of the TargetPool resource to add instances to.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
             }
           },
-          "path": "projects/{project}/global/targetSslProxies",
+          "path": "projects/{project}/regions/{region}/targetPools/{targetPool}/addInstance",
           "request": {
-            "$ref": "TargetSslProxy"
+            "$ref": "TargetPoolsAddInstanceRequest"
           },
           "response": {
             "$ref": "Operation"
@@ -37654,11 +38740,11 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "list": {
-          "description": "Retrieves the list of TargetSslProxy resources available to the specified project.",
-          "flatPath": "projects/{project}/global/targetSslProxies",
+        "aggregatedList": {
+          "description": "Retrieves an aggregated list of target pools.",
+          "flatPath": "projects/{project}/aggregated/targetPools",
           "httpMethod": "GET",
-          "id": "compute.targetSslProxies.list",
+          "id": "compute.targetPools.aggregatedList",
           "parameterOrder": [
             "project"
           ],
@@ -37668,6 +38754,11 @@
               "location": "query",
               "type": "string"
             },
+            "includeAllScopes": {
+              "description": "Indicates whether every visible scope for each scope type (zone, region, global) should be included in the response. For new resource types added after this field, the flag has no effect as new resource types will always include every visible scope for each scope type in response. For resource types which predate this field, if this flag is omitted or false, only scopes of the scope types where the resource type is expected to be found will be included.",
+              "location": "query",
+              "type": "boolean"
+            },
             "maxResults": {
               "default": "500",
               "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
@@ -37699,9 +38790,9 @@
               "type": "boolean"
             }
           },
-          "path": "projects/{project}/global/targetSslProxies",
+          "path": "projects/{project}/aggregated/targetPools",
           "response": {
-            "$ref": "TargetSslProxyList"
+            "$ref": "TargetPoolAggregatedList"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -37709,14 +38800,15 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
-        "setBackendService": {
-          "description": "Changes the BackendService for TargetSslProxy.",
-          "flatPath": "projects/{project}/global/targetSslProxies/{targetSslProxy}/setBackendService",
-          "httpMethod": "POST",
-          "id": "compute.targetSslProxies.setBackendService",
+        "delete": {
+          "description": "Deletes the specified target pool.",
+          "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}",
+          "httpMethod": "DELETE",
+          "id": "compute.targetPools.delete",
           "parameterOrder": [
             "project",
-            "targetSslProxy"
+            "region",
+            "targetPool"
           ],
           "parameters": {
             "project": {
@@ -37726,23 +38818,27 @@
               "required": true,
               "type": "string"
             },
+            "region": {
+              "description": "Name of the region scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
             "requestId": {
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
             },
-            "targetSslProxy": {
-              "description": "Name of the TargetSslProxy resource whose BackendService resource is to be set.",
+            "targetPool": {
+              "description": "Name of the TargetPool resource to delete.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/global/targetSslProxies/{targetSslProxy}/setBackendService",
-          "request": {
-            "$ref": "TargetSslProxiesSetBackendServiceRequest"
-          },
+          "path": "projects/{project}/regions/{region}/targetPools/{targetPool}",
           "response": {
             "$ref": "Operation"
           },
@@ -37751,14 +38847,15 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "setCertificateMap": {
-          "description": "Changes the Certificate Map for TargetSslProxy.",
-          "flatPath": "projects/{project}/global/targetSslProxies/{targetSslProxy}/setCertificateMap",
-          "httpMethod": "POST",
-          "id": "compute.targetSslProxies.setCertificateMap",
+        "get": {
+          "description": "Returns the specified target pool.",
+          "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}",
+          "httpMethod": "GET",
+          "id": "compute.targetPools.get",
           "parameterOrder": [
             "project",
-            "targetSslProxy"
+            "region",
+            "targetPool"
           ],
           "parameters": {
             "project": {
@@ -37768,38 +38865,40 @@
               "required": true,
               "type": "string"
             },
-            "requestId": {
-              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
-              "location": "query",
+            "region": {
+              "description": "Name of the region scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
               "type": "string"
             },
-            "targetSslProxy": {
-              "description": "Name of the TargetSslProxy resource whose CertificateMap is to be set. The name must be 1-63 characters long, and comply with RFC1035.",
+            "targetPool": {
+              "description": "Name of the TargetPool resource to return.",
               "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/global/targetSslProxies/{targetSslProxy}/setCertificateMap",
-          "request": {
-            "$ref": "TargetSslProxiesSetCertificateMapRequest"
-          },
+          "path": "projects/{project}/regions/{region}/targetPools/{targetPool}",
           "response": {
-            "$ref": "Operation"
+            "$ref": "TargetPool"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute"
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
-        "setProxyHeader": {
-          "description": "Changes the ProxyHeaderType for TargetSslProxy.",
-          "flatPath": "projects/{project}/global/targetSslProxies/{targetSslProxy}/setProxyHeader",
+        "getHealth": {
+          "description": "Gets the most recent health check results for each IP for the instance that is referenced by the given target pool.",
+          "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}/getHealth",
           "httpMethod": "POST",
-          "id": "compute.targetSslProxies.setProxyHeader",
+          "id": "compute.targetPools.getHealth",
           "parameterOrder": [
             "project",
-            "targetSslProxy"
+            "region",
+            "targetPool"
           ],
           "parameters": {
             "project": {
@@ -37809,39 +38908,42 @@
               "required": true,
               "type": "string"
             },
-            "requestId": {
-              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
-              "location": "query",
+            "region": {
+              "description": "Name of the region scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
               "type": "string"
             },
-            "targetSslProxy": {
-              "description": "Name of the TargetSslProxy resource whose ProxyHeader is to be set.",
+            "targetPool": {
+              "description": "Name of the TargetPool resource to which the queried instance belongs.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/global/targetSslProxies/{targetSslProxy}/setProxyHeader",
+          "path": "projects/{project}/regions/{region}/targetPools/{targetPool}/getHealth",
           "request": {
-            "$ref": "TargetSslProxiesSetProxyHeaderRequest"
+            "$ref": "InstanceReference"
           },
           "response": {
-            "$ref": "Operation"
+            "$ref": "TargetPoolInstanceHealth"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute"
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
-        "setSslCertificates": {
-          "description": "Changes SslCertificates for TargetSslProxy.",
-          "flatPath": "projects/{project}/global/targetSslProxies/{targetSslProxy}/setSslCertificates",
+        "insert": {
+          "description": "Creates a target pool in the specified project and region using the data included in the request.",
+          "flatPath": "projects/{project}/regions/{region}/targetPools",
           "httpMethod": "POST",
-          "id": "compute.targetSslProxies.setSslCertificates",
+          "id": "compute.targetPools.insert",
           "parameterOrder": [
             "project",
-            "targetSslProxy"
+            "region"
           ],
           "parameters": {
             "project": {
@@ -37851,22 +38953,22 @@
               "required": true,
               "type": "string"
             },
+            "region": {
+              "description": "Name of the region scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
             "requestId": {
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
-            },
-            "targetSslProxy": {
-              "description": "Name of the TargetSslProxy resource whose SslCertificate resource is to be set.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-              "required": true,
-              "type": "string"
             }
           },
-          "path": "projects/{project}/global/targetSslProxies/{targetSslProxy}/setSslCertificates",
+          "path": "projects/{project}/regions/{region}/targetPools",
           "request": {
-            "$ref": "TargetSslProxiesSetSslCertificatesRequest"
+            "$ref": "TargetPool"
           },
           "response": {
             "$ref": "Operation"
@@ -37876,96 +38978,14 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "setSslPolicy": {
-          "description": "Sets the SSL policy for TargetSslProxy. The SSL policy specifies the server-side support for SSL features. This affects connections between clients and the SSL proxy load balancer. They do not affect the connection between the load balancer and the backends.",
-          "flatPath": "projects/{project}/global/targetSslProxies/{targetSslProxy}/setSslPolicy",
-          "httpMethod": "POST",
-          "id": "compute.targetSslProxies.setSslPolicy",
-          "parameterOrder": [
-            "project",
-            "targetSslProxy"
-          ],
-          "parameters": {
-            "project": {
-              "description": "Project ID for this request.",
-              "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-              "required": true,
-              "type": "string"
-            },
-            "requestId": {
-              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
-              "location": "query",
-              "type": "string"
-            },
-            "targetSslProxy": {
-              "description": "Name of the TargetSslProxy resource whose SSL policy is to be set. The name must be 1-63 characters long, and comply with RFC1035.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "projects/{project}/global/targetSslProxies/{targetSslProxy}/setSslPolicy",
-          "request": {
-            "$ref": "SslPolicyReference"
-          },
-          "response": {
-            "$ref": "Operation"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute"
-          ]
-        },
-        "testIamPermissions": {
-          "description": "Returns permissions that a caller has on the specified resource.",
-          "flatPath": "projects/{project}/global/targetSslProxies/{resource}/testIamPermissions",
-          "httpMethod": "POST",
-          "id": "compute.targetSslProxies.testIamPermissions",
-          "parameterOrder": [
-            "project",
-            "resource"
-          ],
-          "parameters": {
-            "project": {
-              "description": "Project ID for this request.",
-              "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-              "required": true,
-              "type": "string"
-            },
-            "resource": {
-              "description": "Name or id of the resource for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9_]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "projects/{project}/global/targetSslProxies/{resource}/testIamPermissions",
-          "request": {
-            "$ref": "TestPermissionsRequest"
-          },
-          "response": {
-            "$ref": "TestPermissionsResponse"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
-          ]
-        }
-      }
-    },
-    "targetTcpProxies": {
-      "methods": {
-        "aggregatedList": {
-          "description": "Retrieves the list of all TargetTcpProxy resources, regional and global, available to the specified project.",
-          "flatPath": "projects/{project}/aggregated/targetTcpProxies",
+        "list": {
+          "description": "Retrieves a list of target pools available to the specified project and region.",
+          "flatPath": "projects/{project}/regions/{region}/targetPools",
           "httpMethod": "GET",
-          "id": "compute.targetTcpProxies.aggregatedList",
+          "id": "compute.targetPools.list",
           "parameterOrder": [
-            "project"
+            "project",
+            "region"
           ],
           "parameters": {
             "filter": {
@@ -37973,11 +38993,6 @@
               "location": "query",
               "type": "string"
             },
-            "includeAllScopes": {
-              "description": "Indicates whether every visible scope for each scope type (zone, region, global) should be included in the response. For new resource types added after this field, the flag has no effect as new resource types will always include every visible scope for each scope type in response. For resource types which predate this field, if this flag is omitted or false, only scopes of the scope types where the resource type is expected to be found will be included.",
-              "location": "query",
-              "type": "boolean"
-            },
             "maxResults": {
               "default": "500",
               "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
@@ -37997,21 +39012,28 @@
               "type": "string"
             },
             "project": {
-              "description": "Name of the project scoping this request.",
+              "description": "Project ID for this request.",
               "location": "path",
               "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
               "required": true,
               "type": "string"
             },
+            "region": {
+              "description": "Name of the region scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
             "returnPartialSuccess": {
               "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
               "location": "query",
               "type": "boolean"
             }
           },
-          "path": "projects/{project}/aggregated/targetTcpProxies",
+          "path": "projects/{project}/regions/{region}/targetPools",
           "response": {
-            "$ref": "TargetTcpProxyAggregatedList"
+            "$ref": "TargetPoolList"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -38019,14 +39041,15 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
-        "delete": {
-          "description": "Deletes the specified TargetTcpProxy resource.",
-          "flatPath": "projects/{project}/global/targetTcpProxies/{targetTcpProxy}",
-          "httpMethod": "DELETE",
-          "id": "compute.targetTcpProxies.delete",
+        "removeHealthCheck": {
+          "description": "Removes health check URL from a target pool.",
+          "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}/removeHealthCheck",
+          "httpMethod": "POST",
+          "id": "compute.targetPools.removeHealthCheck",
           "parameterOrder": [
             "project",
-            "targetTcpProxy"
+            "region",
+            "targetPool"
           ],
           "parameters": {
             "project": {
@@ -38036,20 +39059,30 @@
               "required": true,
               "type": "string"
             },
+            "region": {
+              "description": "Name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
             "requestId": {
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
             },
-            "targetTcpProxy": {
-              "description": "Name of the TargetTcpProxy resource to delete.",
+            "targetPool": {
+              "description": "Name of the target pool to remove health checks from.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/global/targetTcpProxies/{targetTcpProxy}",
+          "path": "projects/{project}/regions/{region}/targetPools/{targetPool}/removeHealthCheck",
+          "request": {
+            "$ref": "TargetPoolsRemoveHealthCheckRequest"
+          },
           "response": {
             "$ref": "Operation"
           },
@@ -38058,14 +39091,15 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "get": {
-          "description": "Returns the specified TargetTcpProxy resource. Gets a list of available target TCP proxies by making a list() request.",
-          "flatPath": "projects/{project}/global/targetTcpProxies/{targetTcpProxy}",
-          "httpMethod": "GET",
-          "id": "compute.targetTcpProxies.get",
+        "removeInstance": {
+          "description": "Removes instance URL from a target pool.",
+          "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}/removeInstance",
+          "httpMethod": "POST",
+          "id": "compute.targetPools.removeInstance",
           "parameterOrder": [
             "project",
-            "targetTcpProxy"
+            "region",
+            "targetPool"
           ],
           "parameters": {
             "project": {
@@ -38075,37 +39109,10 @@
               "required": true,
               "type": "string"
             },
-            "targetTcpProxy": {
-              "description": "Name of the TargetTcpProxy resource to return.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "projects/{project}/global/targetTcpProxies/{targetTcpProxy}",
-          "response": {
-            "$ref": "TargetTcpProxy"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
-          ]
-        },
-        "insert": {
-          "description": "Creates a TargetTcpProxy resource in the specified project using the data included in the request.",
-          "flatPath": "projects/{project}/global/targetTcpProxies",
-          "httpMethod": "POST",
-          "id": "compute.targetTcpProxies.insert",
-          "parameterOrder": [
-            "project"
-          ],
-          "parameters": {
-            "project": {
-              "description": "Project ID for this request.",
+            "region": {
+              "description": "Name of the region scoping this request.",
               "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
               "type": "string"
             },
@@ -38113,11 +39120,18 @@
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
+            },
+            "targetPool": {
+              "description": "Name of the TargetPool resource to remove instances from.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
             }
           },
-          "path": "projects/{project}/global/targetTcpProxies",
+          "path": "projects/{project}/regions/{region}/targetPools/{targetPool}/removeInstance",
           "request": {
-            "$ref": "TargetTcpProxy"
+            "$ref": "TargetPoolsRemoveInstanceRequest"
           },
           "response": {
             "$ref": "Operation"
@@ -38127,37 +39141,22 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "list": {
-          "description": "Retrieves the list of TargetTcpProxy resources available to the specified project.",
-          "flatPath": "projects/{project}/global/targetTcpProxies",
-          "httpMethod": "GET",
-          "id": "compute.targetTcpProxies.list",
+        "setBackup": {
+          "description": "Changes a backup target pool's configurations.",
+          "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}/setBackup",
+          "httpMethod": "POST",
+          "id": "compute.targetPools.setBackup",
           "parameterOrder": [
-            "project"
+            "project",
+            "region",
+            "targetPool"
           ],
           "parameters": {
-            "filter": {
-              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
-              "location": "query",
-              "type": "string"
-            },
-            "maxResults": {
-              "default": "500",
-              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
-              "format": "uint32",
-              "location": "query",
-              "minimum": "0",
-              "type": "integer"
-            },
-            "orderBy": {
-              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
-              "location": "query",
-              "type": "string"
-            },
-            "pageToken": {
-              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+            "failoverRatio": {
+              "description": "New failoverRatio value for the target pool.",
+              "format": "float",
               "location": "query",
-              "type": "string"
+              "type": "number"
             },
             "project": {
               "description": "Project ID for this request.",
@@ -38166,36 +39165,10 @@
               "required": true,
               "type": "string"
             },
-            "returnPartialSuccess": {
-              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
-              "location": "query",
-              "type": "boolean"
-            }
-          },
-          "path": "projects/{project}/global/targetTcpProxies",
-          "response": {
-            "$ref": "TargetTcpProxyList"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
-          ]
-        },
-        "setBackendService": {
-          "description": "Changes the BackendService for TargetTcpProxy.",
-          "flatPath": "projects/{project}/global/targetTcpProxies/{targetTcpProxy}/setBackendService",
-          "httpMethod": "POST",
-          "id": "compute.targetTcpProxies.setBackendService",
-          "parameterOrder": [
-            "project",
-            "targetTcpProxy"
-          ],
-          "parameters": {
-            "project": {
-              "description": "Project ID for this request.",
+            "region": {
+              "description": "Name of the region scoping this request.",
               "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
               "type": "string"
             },
@@ -38204,17 +39177,17 @@
               "location": "query",
               "type": "string"
             },
-            "targetTcpProxy": {
-              "description": "Name of the TargetTcpProxy resource whose BackendService resource is to be set.",
+            "targetPool": {
+              "description": "Name of the TargetPool resource to set a backup pool for.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/global/targetTcpProxies/{targetTcpProxy}/setBackendService",
+          "path": "projects/{project}/regions/{region}/targetPools/{targetPool}/setBackup",
           "request": {
-            "$ref": "TargetTcpProxiesSetBackendServiceRequest"
+            "$ref": "TargetReference"
           },
           "response": {
             "$ref": "Operation"
@@ -38224,14 +39197,15 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "setProxyHeader": {
-          "description": "Changes the ProxyHeaderType for TargetTcpProxy.",
-          "flatPath": "projects/{project}/global/targetTcpProxies/{targetTcpProxy}/setProxyHeader",
+        "setSecurityPolicy": {
+          "description": "Sets the Google Cloud Armor security policy for the specified target pool. For more information, see Google Cloud Armor Overview",
+          "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}/setSecurityPolicy",
           "httpMethod": "POST",
-          "id": "compute.targetTcpProxies.setProxyHeader",
+          "id": "compute.targetPools.setSecurityPolicy",
           "parameterOrder": [
             "project",
-            "targetTcpProxy"
+            "region",
+            "targetPool"
           ],
           "parameters": {
             "project": {
@@ -38241,22 +39215,28 @@
               "required": true,
               "type": "string"
             },
+            "region": {
+              "description": "Name of the region scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
             "requestId": {
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
             },
-            "targetTcpProxy": {
-              "description": "Name of the TargetTcpProxy resource whose ProxyHeader is to be set.",
+            "targetPool": {
+              "description": "Name of the TargetPool resource to which the security policy should be set. The name should conform to RFC1035.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/global/targetTcpProxies/{targetTcpProxy}/setProxyHeader",
+          "path": "projects/{project}/regions/{region}/targetPools/{targetPool}/setSecurityPolicy",
           "request": {
-            "$ref": "TargetTcpProxiesSetProxyHeaderRequest"
+            "$ref": "SecurityPolicyReference"
           },
           "response": {
             "$ref": "Operation"
@@ -38268,11 +39248,12 @@
         },
         "testIamPermissions": {
           "description": "Returns permissions that a caller has on the specified resource.",
-          "flatPath": "projects/{project}/global/targetTcpProxies/{resource}/testIamPermissions",
+          "flatPath": "projects/{project}/regions/{region}/targetPools/{resource}/testIamPermissions",
           "httpMethod": "POST",
-          "id": "compute.targetTcpProxies.testIamPermissions",
+          "id": "compute.targetPools.testIamPermissions",
           "parameterOrder": [
             "project",
+            "region",
             "resource"
           ],
           "parameters": {
@@ -38283,15 +39264,22 @@
               "required": true,
               "type": "string"
             },
+            "region": {
+              "description": "The name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
             "resource": {
               "description": "Name or id of the resource for this request.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9_]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/global/targetTcpProxies/{resource}/testIamPermissions",
+          "path": "projects/{project}/regions/{region}/targetPools/{resource}/testIamPermissions",
           "request": {
             "$ref": "TestPermissionsRequest"
           },
@@ -38306,77 +39294,16 @@
         }
       }
     },
-    "targetVpnGateways": {
+    "targetSslProxies": {
       "methods": {
-        "aggregatedList": {
-          "description": "Retrieves an aggregated list of target VPN gateways.",
-          "flatPath": "projects/{project}/aggregated/targetVpnGateways",
-          "httpMethod": "GET",
-          "id": "compute.targetVpnGateways.aggregatedList",
-          "parameterOrder": [
-            "project"
-          ],
-          "parameters": {
-            "filter": {
-              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
-              "location": "query",
-              "type": "string"
-            },
-            "includeAllScopes": {
-              "description": "Indicates whether every visible scope for each scope type (zone, region, global) should be included in the response. For new resource types added after this field, the flag has no effect as new resource types will always include every visible scope for each scope type in response. For resource types which predate this field, if this flag is omitted or false, only scopes of the scope types where the resource type is expected to be found will be included.",
-              "location": "query",
-              "type": "boolean"
-            },
-            "maxResults": {
-              "default": "500",
-              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
-              "format": "uint32",
-              "location": "query",
-              "minimum": "0",
-              "type": "integer"
-            },
-            "orderBy": {
-              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
-              "location": "query",
-              "type": "string"
-            },
-            "pageToken": {
-              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
-              "location": "query",
-              "type": "string"
-            },
-            "project": {
-              "description": "Project ID for this request.",
-              "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-              "required": true,
-              "type": "string"
-            },
-            "returnPartialSuccess": {
-              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
-              "location": "query",
-              "type": "boolean"
-            }
-          },
-          "path": "projects/{project}/aggregated/targetVpnGateways",
-          "response": {
-            "$ref": "TargetVpnGatewayAggregatedList"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
-          ]
-        },
         "delete": {
-          "description": "Deletes the specified target VPN gateway.",
-          "flatPath": "projects/{project}/regions/{region}/targetVpnGateways/{targetVpnGateway}",
+          "description": "Deletes the specified TargetSslProxy resource.",
+          "flatPath": "projects/{project}/global/targetSslProxies/{targetSslProxy}",
           "httpMethod": "DELETE",
-          "id": "compute.targetVpnGateways.delete",
+          "id": "compute.targetSslProxies.delete",
           "parameterOrder": [
             "project",
-            "region",
-            "targetVpnGateway"
+            "targetSslProxy"
           ],
           "parameters": {
             "project": {
@@ -38386,27 +39313,20 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
             "requestId": {
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
             },
-            "targetVpnGateway": {
-              "description": "Name of the target VPN gateway to delete.",
+            "targetSslProxy": {
+              "description": "Name of the TargetSslProxy resource to delete.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/targetVpnGateways/{targetVpnGateway}",
+          "path": "projects/{project}/global/targetSslProxies/{targetSslProxy}",
           "response": {
             "$ref": "Operation"
           },
@@ -38416,14 +39336,13 @@
           ]
         },
         "get": {
-          "description": "Returns the specified target VPN gateway. Gets a list of available target VPN gateways by making a list() request.",
-          "flatPath": "projects/{project}/regions/{region}/targetVpnGateways/{targetVpnGateway}",
+          "description": "Returns the specified TargetSslProxy resource.",
+          "flatPath": "projects/{project}/global/targetSslProxies/{targetSslProxy}",
           "httpMethod": "GET",
-          "id": "compute.targetVpnGateways.get",
+          "id": "compute.targetSslProxies.get",
           "parameterOrder": [
             "project",
-            "region",
-            "targetVpnGateway"
+            "targetSslProxy"
           ],
           "parameters": {
             "project": {
@@ -38433,24 +39352,17 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
-            "targetVpnGateway": {
-              "description": "Name of the target VPN gateway to return.",
+            "targetSslProxy": {
+              "description": "Name of the TargetSslProxy resource to return.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/targetVpnGateways/{targetVpnGateway}",
+          "path": "projects/{project}/global/targetSslProxies/{targetSslProxy}",
           "response": {
-            "$ref": "TargetVpnGateway"
+            "$ref": "TargetSslProxy"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -38459,13 +39371,12 @@
           ]
         },
         "insert": {
-          "description": "Creates a target VPN gateway in the specified project and region using the data included in the request.",
-          "flatPath": "projects/{project}/regions/{region}/targetVpnGateways",
+          "description": "Creates a TargetSslProxy resource in the specified project using the data included in the request.",
+          "flatPath": "projects/{project}/global/targetSslProxies",
           "httpMethod": "POST",
-          "id": "compute.targetVpnGateways.insert",
+          "id": "compute.targetSslProxies.insert",
           "parameterOrder": [
-            "project",
-            "region"
+            "project"
           ],
           "parameters": {
             "project": {
@@ -38475,22 +39386,15 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
             "requestId": {
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/targetVpnGateways",
+          "path": "projects/{project}/global/targetSslProxies",
           "request": {
-            "$ref": "TargetVpnGateway"
+            "$ref": "TargetSslProxy"
           },
           "response": {
             "$ref": "Operation"
@@ -38501,13 +39405,12 @@
           ]
         },
         "list": {
-          "description": "Retrieves a list of target VPN gateways available to the specified project and region.",
-          "flatPath": "projects/{project}/regions/{region}/targetVpnGateways",
+          "description": "Retrieves the list of TargetSslProxy resources available to the specified project.",
+          "flatPath": "projects/{project}/global/targetSslProxies",
           "httpMethod": "GET",
-          "id": "compute.targetVpnGateways.list",
+          "id": "compute.targetSslProxies.list",
           "parameterOrder": [
-            "project",
-            "region"
+            "project"
           ],
           "parameters": {
             "filter": {
@@ -38540,22 +39443,15 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
             "returnPartialSuccess": {
               "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
               "location": "query",
               "type": "boolean"
             }
           },
-          "path": "projects/{project}/regions/{region}/targetVpnGateways",
+          "path": "projects/{project}/global/targetSslProxies",
           "response": {
-            "$ref": "TargetVpnGatewayList"
+            "$ref": "TargetSslProxyList"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -38563,15 +39459,14 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
-        "setLabels": {
-          "description": "Sets the labels on a TargetVpnGateway. To learn more about labels, read the Labeling Resources documentation.",
-          "flatPath": "projects/{project}/regions/{region}/targetVpnGateways/{resource}/setLabels",
+        "setBackendService": {
+          "description": "Changes the BackendService for TargetSslProxy.",
+          "flatPath": "projects/{project}/global/targetSslProxies/{targetSslProxy}/setBackendService",
           "httpMethod": "POST",
-          "id": "compute.targetVpnGateways.setLabels",
+          "id": "compute.targetSslProxies.setBackendService",
           "parameterOrder": [
             "project",
-            "region",
-            "resource"
+            "targetSslProxy"
           ],
           "parameters": {
             "project": {
@@ -38581,29 +39476,22 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "The region for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
             "requestId": {
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
             },
-            "resource": {
-              "description": "Name or id of the resource for this request.",
+            "targetSslProxy": {
+              "description": "Name of the TargetSslProxy resource whose BackendService resource is to be set.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/targetVpnGateways/{resource}/setLabels",
+          "path": "projects/{project}/global/targetSslProxies/{targetSslProxy}/setBackendService",
           "request": {
-            "$ref": "RegionSetLabelsRequest"
+            "$ref": "TargetSslProxiesSetBackendServiceRequest"
           },
           "response": {
             "$ref": "Operation"
@@ -38613,15 +39501,14 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "testIamPermissions": {
-          "description": "Returns permissions that a caller has on the specified resource.",
-          "flatPath": "projects/{project}/regions/{region}/targetVpnGateways/{resource}/testIamPermissions",
+        "setCertificateMap": {
+          "description": "Changes the Certificate Map for TargetSslProxy.",
+          "flatPath": "projects/{project}/global/targetSslProxies/{targetSslProxy}/setCertificateMap",
           "httpMethod": "POST",
-          "id": "compute.targetVpnGateways.testIamPermissions",
+          "id": "compute.targetSslProxies.setCertificateMap",
           "parameterOrder": [
             "project",
-            "region",
-            "resource"
+            "targetSslProxy"
           ],
           "parameters": {
             "project": {
@@ -38631,43 +39518,202 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "The name of the region for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
               "type": "string"
             },
-            "resource": {
-              "description": "Name or id of the resource for this request.",
+            "targetSslProxy": {
+              "description": "Name of the TargetSslProxy resource whose CertificateMap is to be set. The name must be 1-63 characters long, and comply with RFC1035.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/targetVpnGateways/{resource}/testIamPermissions",
+          "path": "projects/{project}/global/targetSslProxies/{targetSslProxy}/setCertificateMap",
           "request": {
-            "$ref": "TestPermissionsRequest"
+            "$ref": "TargetSslProxiesSetCertificateMapRequest"
           },
           "response": {
-            "$ref": "TestPermissionsResponse"
+            "$ref": "Operation"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "setProxyHeader": {
+          "description": "Changes the ProxyHeaderType for TargetSslProxy.",
+          "flatPath": "projects/{project}/global/targetSslProxies/{targetSslProxy}/setProxyHeader",
+          "httpMethod": "POST",
+          "id": "compute.targetSslProxies.setProxyHeader",
+          "parameterOrder": [
+            "project",
+            "targetSslProxy"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "targetSslProxy": {
+              "description": "Name of the TargetSslProxy resource whose ProxyHeader is to be set.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/global/targetSslProxies/{targetSslProxy}/setProxyHeader",
+          "request": {
+            "$ref": "TargetSslProxiesSetProxyHeaderRequest"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "setSslCertificates": {
+          "description": "Changes SslCertificates for TargetSslProxy.",
+          "flatPath": "projects/{project}/global/targetSslProxies/{targetSslProxy}/setSslCertificates",
+          "httpMethod": "POST",
+          "id": "compute.targetSslProxies.setSslCertificates",
+          "parameterOrder": [
+            "project",
+            "targetSslProxy"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "targetSslProxy": {
+              "description": "Name of the TargetSslProxy resource whose SslCertificate resource is to be set.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/global/targetSslProxies/{targetSslProxy}/setSslCertificates",
+          "request": {
+            "$ref": "TargetSslProxiesSetSslCertificatesRequest"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "setSslPolicy": {
+          "description": "Sets the SSL policy for TargetSslProxy. The SSL policy specifies the server-side support for SSL features. This affects connections between clients and the SSL proxy load balancer. They do not affect the connection between the load balancer and the backends.",
+          "flatPath": "projects/{project}/global/targetSslProxies/{targetSslProxy}/setSslPolicy",
+          "httpMethod": "POST",
+          "id": "compute.targetSslProxies.setSslPolicy",
+          "parameterOrder": [
+            "project",
+            "targetSslProxy"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "targetSslProxy": {
+              "description": "Name of the TargetSslProxy resource whose SSL policy is to be set. The name must be 1-63 characters long, and comply with RFC1035.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/global/targetSslProxies/{targetSslProxy}/setSslPolicy",
+          "request": {
+            "$ref": "SslPolicyReference"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "testIamPermissions": {
+          "description": "Returns permissions that a caller has on the specified resource.",
+          "flatPath": "projects/{project}/global/targetSslProxies/{resource}/testIamPermissions",
+          "httpMethod": "POST",
+          "id": "compute.targetSslProxies.testIamPermissions",
+          "parameterOrder": [
+            "project",
+            "resource"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "resource": {
+              "description": "Name or id of the resource for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9_]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/global/targetSslProxies/{resource}/testIamPermissions",
+          "request": {
+            "$ref": "TestPermissionsRequest"
+          },
+          "response": {
+            "$ref": "TestPermissionsResponse"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
           ]
         }
       }
     },
-    "urlMaps": {
+    "targetTcpProxies": {
       "methods": {
         "aggregatedList": {
-          "description": "Retrieves the list of all UrlMap resources, regional and global, available to the specified project.",
-          "flatPath": "projects/{project}/aggregated/urlMaps",
+          "description": "Retrieves the list of all TargetTcpProxy resources, regional and global, available to the specified project.",
+          "flatPath": "projects/{project}/aggregated/targetTcpProxies",
           "httpMethod": "GET",
-          "id": "compute.urlMaps.aggregatedList",
+          "id": "compute.targetTcpProxies.aggregatedList",
           "parameterOrder": [
             "project"
           ],
@@ -38713,9 +39759,9 @@
               "type": "boolean"
             }
           },
-          "path": "projects/{project}/aggregated/urlMaps",
+          "path": "projects/{project}/aggregated/targetTcpProxies",
           "response": {
-            "$ref": "UrlMapsAggregatedList"
+            "$ref": "TargetTcpProxyAggregatedList"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -38724,13 +39770,13 @@
           ]
         },
         "delete": {
-          "description": "Deletes the specified UrlMap resource.",
-          "flatPath": "projects/{project}/global/urlMaps/{urlMap}",
+          "description": "Deletes the specified TargetTcpProxy resource.",
+          "flatPath": "projects/{project}/global/targetTcpProxies/{targetTcpProxy}",
           "httpMethod": "DELETE",
-          "id": "compute.urlMaps.delete",
+          "id": "compute.targetTcpProxies.delete",
           "parameterOrder": [
             "project",
-            "urlMap"
+            "targetTcpProxy"
           ],
           "parameters": {
             "project": {
@@ -38745,15 +39791,15 @@
               "location": "query",
               "type": "string"
             },
-            "urlMap": {
-              "description": "Name of the UrlMap resource to delete.",
+            "targetTcpProxy": {
+              "description": "Name of the TargetTcpProxy resource to delete.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/global/urlMaps/{urlMap}",
+          "path": "projects/{project}/global/targetTcpProxies/{targetTcpProxy}",
           "response": {
             "$ref": "Operation"
           },
@@ -38763,13 +39809,13 @@
           ]
         },
         "get": {
-          "description": "Returns the specified UrlMap resource. Gets a list of available URL maps by making a list() request.",
-          "flatPath": "projects/{project}/global/urlMaps/{urlMap}",
+          "description": "Returns the specified TargetTcpProxy resource.",
+          "flatPath": "projects/{project}/global/targetTcpProxies/{targetTcpProxy}",
           "httpMethod": "GET",
-          "id": "compute.urlMaps.get",
+          "id": "compute.targetTcpProxies.get",
           "parameterOrder": [
             "project",
-            "urlMap"
+            "targetTcpProxy"
           ],
           "parameters": {
             "project": {
@@ -38779,17 +39825,17 @@
               "required": true,
               "type": "string"
             },
-            "urlMap": {
-              "description": "Name of the UrlMap resource to return.",
+            "targetTcpProxy": {
+              "description": "Name of the TargetTcpProxy resource to return.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/global/urlMaps/{urlMap}",
+          "path": "projects/{project}/global/targetTcpProxies/{targetTcpProxy}",
           "response": {
-            "$ref": "UrlMap"
+            "$ref": "TargetTcpProxy"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -38798,10 +39844,10 @@
           ]
         },
         "insert": {
-          "description": "Creates a UrlMap resource in the specified project using the data included in the request.",
-          "flatPath": "projects/{project}/global/urlMaps",
+          "description": "Creates a TargetTcpProxy resource in the specified project using the data included in the request.",
+          "flatPath": "projects/{project}/global/targetTcpProxies",
           "httpMethod": "POST",
-          "id": "compute.urlMaps.insert",
+          "id": "compute.targetTcpProxies.insert",
           "parameterOrder": [
             "project"
           ],
@@ -38819,51 +39865,9 @@
               "type": "string"
             }
           },
-          "path": "projects/{project}/global/urlMaps",
-          "request": {
-            "$ref": "UrlMap"
-          },
-          "response": {
-            "$ref": "Operation"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute"
-          ]
-        },
-        "invalidateCache": {
-          "description": "Initiates a cache invalidation operation, invalidating the specified path, scoped to the specified UrlMap. For more information, see [Invalidating cached content](/cdn/docs/invalidating-cached-content).",
-          "flatPath": "projects/{project}/global/urlMaps/{urlMap}/invalidateCache",
-          "httpMethod": "POST",
-          "id": "compute.urlMaps.invalidateCache",
-          "parameterOrder": [
-            "project",
-            "urlMap"
-          ],
-          "parameters": {
-            "project": {
-              "description": "Project ID for this request.",
-              "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-              "required": true,
-              "type": "string"
-            },
-            "requestId": {
-              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
-              "location": "query",
-              "type": "string"
-            },
-            "urlMap": {
-              "description": "Name of the UrlMap scoping this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "projects/{project}/global/urlMaps/{urlMap}/invalidateCache",
+          "path": "projects/{project}/global/targetTcpProxies",
           "request": {
-            "$ref": "CacheInvalidationRule"
+            "$ref": "TargetTcpProxy"
           },
           "response": {
             "$ref": "Operation"
@@ -38874,10 +39878,10 @@
           ]
         },
         "list": {
-          "description": "Retrieves the list of UrlMap resources available to the specified project.",
-          "flatPath": "projects/{project}/global/urlMaps",
+          "description": "Retrieves the list of TargetTcpProxy resources available to the specified project.",
+          "flatPath": "projects/{project}/global/targetTcpProxies",
           "httpMethod": "GET",
-          "id": "compute.urlMaps.list",
+          "id": "compute.targetTcpProxies.list",
           "parameterOrder": [
             "project"
           ],
@@ -38918,9 +39922,9 @@
               "type": "boolean"
             }
           },
-          "path": "projects/{project}/global/urlMaps",
+          "path": "projects/{project}/global/targetTcpProxies",
           "response": {
-            "$ref": "UrlMapList"
+            "$ref": "TargetTcpProxyList"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -38928,14 +39932,14 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
-        "patch": {
-          "description": "Patches the specified UrlMap resource with the data included in the request. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.",
-          "flatPath": "projects/{project}/global/urlMaps/{urlMap}",
-          "httpMethod": "PATCH",
-          "id": "compute.urlMaps.patch",
+        "setBackendService": {
+          "description": "Changes the BackendService for TargetTcpProxy.",
+          "flatPath": "projects/{project}/global/targetTcpProxies/{targetTcpProxy}/setBackendService",
+          "httpMethod": "POST",
+          "id": "compute.targetTcpProxies.setBackendService",
           "parameterOrder": [
             "project",
-            "urlMap"
+            "targetTcpProxy"
           ],
           "parameters": {
             "project": {
@@ -38950,17 +39954,17 @@
               "location": "query",
               "type": "string"
             },
-            "urlMap": {
-              "description": "Name of the UrlMap resource to patch.",
+            "targetTcpProxy": {
+              "description": "Name of the TargetTcpProxy resource whose BackendService resource is to be set.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/global/urlMaps/{urlMap}",
+          "path": "projects/{project}/global/targetTcpProxies/{targetTcpProxy}/setBackendService",
           "request": {
-            "$ref": "UrlMap"
+            "$ref": "TargetTcpProxiesSetBackendServiceRequest"
           },
           "response": {
             "$ref": "Operation"
@@ -38970,52 +39974,14 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "testIamPermissions": {
-          "description": "Returns permissions that a caller has on the specified resource.",
-          "flatPath": "projects/{project}/global/urlMaps/{resource}/testIamPermissions",
+        "setProxyHeader": {
+          "description": "Changes the ProxyHeaderType for TargetTcpProxy.",
+          "flatPath": "projects/{project}/global/targetTcpProxies/{targetTcpProxy}/setProxyHeader",
           "httpMethod": "POST",
-          "id": "compute.urlMaps.testIamPermissions",
-          "parameterOrder": [
-            "project",
-            "resource"
-          ],
-          "parameters": {
-            "project": {
-              "description": "Project ID for this request.",
-              "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-              "required": true,
-              "type": "string"
-            },
-            "resource": {
-              "description": "Name or id of the resource for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9_]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "projects/{project}/global/urlMaps/{resource}/testIamPermissions",
-          "request": {
-            "$ref": "TestPermissionsRequest"
-          },
-          "response": {
-            "$ref": "TestPermissionsResponse"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
-          ]
-        },
-        "update": {
-          "description": "Updates the specified UrlMap resource with the data included in the request.",
-          "flatPath": "projects/{project}/global/urlMaps/{urlMap}",
-          "httpMethod": "PUT",
-          "id": "compute.urlMaps.update",
+          "id": "compute.targetTcpProxies.setProxyHeader",
           "parameterOrder": [
             "project",
-            "urlMap"
+            "targetTcpProxy"
           ],
           "parameters": {
             "project": {
@@ -39030,17 +39996,17 @@
               "location": "query",
               "type": "string"
             },
-            "urlMap": {
-              "description": "Name of the UrlMap resource to update.",
+            "targetTcpProxy": {
+              "description": "Name of the TargetTcpProxy resource whose ProxyHeader is to be set.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/global/urlMaps/{urlMap}",
+          "path": "projects/{project}/global/targetTcpProxies/{targetTcpProxy}/setProxyHeader",
           "request": {
-            "$ref": "UrlMap"
+            "$ref": "TargetTcpProxiesSetProxyHeaderRequest"
           },
           "response": {
             "$ref": "Operation"
@@ -39050,14 +40016,14 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "validate": {
-          "description": "Runs static validation for the UrlMap. In particular, the tests of the provided UrlMap will be run. Calling this method does NOT create the UrlMap.",
-          "flatPath": "projects/{project}/global/urlMaps/{urlMap}/validate",
+        "testIamPermissions": {
+          "description": "Returns permissions that a caller has on the specified resource.",
+          "flatPath": "projects/{project}/global/targetTcpProxies/{resource}/testIamPermissions",
           "httpMethod": "POST",
-          "id": "compute.urlMaps.validate",
+          "id": "compute.targetTcpProxies.testIamPermissions",
           "parameterOrder": [
             "project",
-            "urlMap"
+            "resource"
           ],
           "parameters": {
             "project": {
@@ -39067,35 +40033,36 @@
               "required": true,
               "type": "string"
             },
-            "urlMap": {
-              "description": "Name of the UrlMap resource to be validated as.",
+            "resource": {
+              "description": "Name or id of the resource for this request.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "pattern": "[a-z](?:[-a-z0-9_]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/global/urlMaps/{urlMap}/validate",
+          "path": "projects/{project}/global/targetTcpProxies/{resource}/testIamPermissions",
           "request": {
-            "$ref": "UrlMapsValidateRequest"
+            "$ref": "TestPermissionsRequest"
           },
           "response": {
-            "$ref": "UrlMapsValidateResponse"
+            "$ref": "TestPermissionsResponse"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute"
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
           ]
         }
       }
     },
-    "vpnGateways": {
+    "targetVpnGateways": {
       "methods": {
         "aggregatedList": {
-          "description": "Retrieves an aggregated list of VPN gateways.",
-          "flatPath": "projects/{project}/aggregated/vpnGateways",
+          "description": "Retrieves an aggregated list of target VPN gateways.",
+          "flatPath": "projects/{project}/aggregated/targetVpnGateways",
           "httpMethod": "GET",
-          "id": "compute.vpnGateways.aggregatedList",
+          "id": "compute.targetVpnGateways.aggregatedList",
           "parameterOrder": [
             "project"
           ],
@@ -39141,9 +40108,9 @@
               "type": "boolean"
             }
           },
-          "path": "projects/{project}/aggregated/vpnGateways",
+          "path": "projects/{project}/aggregated/targetVpnGateways",
           "response": {
-            "$ref": "VpnGatewayAggregatedList"
+            "$ref": "TargetVpnGatewayAggregatedList"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -39152,14 +40119,14 @@
           ]
         },
         "delete": {
-          "description": "Deletes the specified VPN gateway.",
-          "flatPath": "projects/{project}/regions/{region}/vpnGateways/{vpnGateway}",
+          "description": "Deletes the specified target VPN gateway.",
+          "flatPath": "projects/{project}/regions/{region}/targetVpnGateways/{targetVpnGateway}",
           "httpMethod": "DELETE",
-          "id": "compute.vpnGateways.delete",
+          "id": "compute.targetVpnGateways.delete",
           "parameterOrder": [
             "project",
             "region",
-            "vpnGateway"
+            "targetVpnGateway"
           ],
           "parameters": {
             "project": {
@@ -39181,15 +40148,15 @@
               "location": "query",
               "type": "string"
             },
-            "vpnGateway": {
-              "description": "Name of the VPN gateway to delete.",
+            "targetVpnGateway": {
+              "description": "Name of the target VPN gateway to delete.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/vpnGateways/{vpnGateway}",
+          "path": "projects/{project}/regions/{region}/targetVpnGateways/{targetVpnGateway}",
           "response": {
             "$ref": "Operation"
           },
@@ -39199,57 +40166,14 @@
           ]
         },
         "get": {
-          "description": "Returns the specified VPN gateway. Gets a list of available VPN gateways by making a list() request.",
-          "flatPath": "projects/{project}/regions/{region}/vpnGateways/{vpnGateway}",
-          "httpMethod": "GET",
-          "id": "compute.vpnGateways.get",
-          "parameterOrder": [
-            "project",
-            "region",
-            "vpnGateway"
-          ],
-          "parameters": {
-            "project": {
-              "description": "Project ID for this request.",
-              "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-              "required": true,
-              "type": "string"
-            },
-            "region": {
-              "description": "Name of the region for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
-            "vpnGateway": {
-              "description": "Name of the VPN gateway to return.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "projects/{project}/regions/{region}/vpnGateways/{vpnGateway}",
-          "response": {
-            "$ref": "VpnGateway"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
-          ]
-        },
-        "getStatus": {
-          "description": "Returns the status for the specified VPN gateway.",
-          "flatPath": "projects/{project}/regions/{region}/vpnGateways/{vpnGateway}/getStatus",
+          "description": "Returns the specified target VPN gateway.",
+          "flatPath": "projects/{project}/regions/{region}/targetVpnGateways/{targetVpnGateway}",
           "httpMethod": "GET",
-          "id": "compute.vpnGateways.getStatus",
+          "id": "compute.targetVpnGateways.get",
           "parameterOrder": [
             "project",
             "region",
-            "vpnGateway"
+            "targetVpnGateway"
           ],
           "parameters": {
             "project": {
@@ -39266,17 +40190,17 @@
               "required": true,
               "type": "string"
             },
-            "vpnGateway": {
-              "description": "Name of the VPN gateway to return.",
+            "targetVpnGateway": {
+              "description": "Name of the target VPN gateway to return.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/vpnGateways/{vpnGateway}/getStatus",
+          "path": "projects/{project}/regions/{region}/targetVpnGateways/{targetVpnGateway}",
           "response": {
-            "$ref": "VpnGatewaysGetStatusResponse"
+            "$ref": "TargetVpnGateway"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -39285,10 +40209,10 @@
           ]
         },
         "insert": {
-          "description": "Creates a VPN gateway in the specified project and region using the data included in the request.",
-          "flatPath": "projects/{project}/regions/{region}/vpnGateways",
+          "description": "Creates a target VPN gateway in the specified project and region using the data included in the request.",
+          "flatPath": "projects/{project}/regions/{region}/targetVpnGateways",
           "httpMethod": "POST",
-          "id": "compute.vpnGateways.insert",
+          "id": "compute.targetVpnGateways.insert",
           "parameterOrder": [
             "project",
             "region"
@@ -39314,9 +40238,9 @@
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/vpnGateways",
+          "path": "projects/{project}/regions/{region}/targetVpnGateways",
           "request": {
-            "$ref": "VpnGateway"
+            "$ref": "TargetVpnGateway"
           },
           "response": {
             "$ref": "Operation"
@@ -39327,10 +40251,10 @@
           ]
         },
         "list": {
-          "description": "Retrieves a list of VPN gateways available to the specified project and region.",
-          "flatPath": "projects/{project}/regions/{region}/vpnGateways",
+          "description": "Retrieves a list of target VPN gateways available to the specified project and region.",
+          "flatPath": "projects/{project}/regions/{region}/targetVpnGateways",
           "httpMethod": "GET",
-          "id": "compute.vpnGateways.list",
+          "id": "compute.targetVpnGateways.list",
           "parameterOrder": [
             "project",
             "region"
@@ -39379,9 +40303,9 @@
               "type": "boolean"
             }
           },
-          "path": "projects/{project}/regions/{region}/vpnGateways",
+          "path": "projects/{project}/regions/{region}/targetVpnGateways",
           "response": {
-            "$ref": "VpnGatewayList"
+            "$ref": "TargetVpnGatewayList"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -39390,10 +40314,10 @@
           ]
         },
         "setLabels": {
-          "description": "Sets the labels on a VpnGateway. To learn more about labels, read the Labeling Resources documentation.",
-          "flatPath": "projects/{project}/regions/{region}/vpnGateways/{resource}/setLabels",
+          "description": "Sets the labels on a TargetVpnGateway. To learn more about labels, read the Labeling Resources documentation.",
+          "flatPath": "projects/{project}/regions/{region}/targetVpnGateways/{resource}/setLabels",
           "httpMethod": "POST",
-          "id": "compute.vpnGateways.setLabels",
+          "id": "compute.targetVpnGateways.setLabels",
           "parameterOrder": [
             "project",
             "region",
@@ -39427,7 +40351,7 @@
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/vpnGateways/{resource}/setLabels",
+          "path": "projects/{project}/regions/{region}/targetVpnGateways/{resource}/setLabels",
           "request": {
             "$ref": "RegionSetLabelsRequest"
           },
@@ -39441,9 +40365,9 @@
         },
         "testIamPermissions": {
           "description": "Returns permissions that a caller has on the specified resource.",
-          "flatPath": "projects/{project}/regions/{region}/vpnGateways/{resource}/testIamPermissions",
+          "flatPath": "projects/{project}/regions/{region}/targetVpnGateways/{resource}/testIamPermissions",
           "httpMethod": "POST",
-          "id": "compute.vpnGateways.testIamPermissions",
+          "id": "compute.targetVpnGateways.testIamPermissions",
           "parameterOrder": [
             "project",
             "region",
@@ -39472,7 +40396,7 @@
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/vpnGateways/{resource}/testIamPermissions",
+          "path": "projects/{project}/regions/{region}/targetVpnGateways/{resource}/testIamPermissions",
           "request": {
             "$ref": "TestPermissionsRequest"
           },
@@ -39487,13 +40411,13 @@
         }
       }
     },
-    "vpnTunnels": {
+    "urlMaps": {
       "methods": {
         "aggregatedList": {
-          "description": "Retrieves an aggregated list of VPN tunnels.",
-          "flatPath": "projects/{project}/aggregated/vpnTunnels",
+          "description": "Retrieves the list of all UrlMap resources, regional and global, available to the specified project.",
+          "flatPath": "projects/{project}/aggregated/urlMaps",
           "httpMethod": "GET",
-          "id": "compute.vpnTunnels.aggregatedList",
+          "id": "compute.urlMaps.aggregatedList",
           "parameterOrder": [
             "project"
           ],
@@ -39527,7 +40451,7 @@
               "type": "string"
             },
             "project": {
-              "description": "Project ID for this request.",
+              "description": "Name of the project scoping this request.",
               "location": "path",
               "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
               "required": true,
@@ -39539,9 +40463,9 @@
               "type": "boolean"
             }
           },
-          "path": "projects/{project}/aggregated/vpnTunnels",
+          "path": "projects/{project}/aggregated/urlMaps",
           "response": {
-            "$ref": "VpnTunnelAggregatedList"
+            "$ref": "UrlMapsAggregatedList"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -39550,14 +40474,13 @@
           ]
         },
         "delete": {
-          "description": "Deletes the specified VpnTunnel resource.",
-          "flatPath": "projects/{project}/regions/{region}/vpnTunnels/{vpnTunnel}",
+          "description": "Deletes the specified UrlMap resource.",
+          "flatPath": "projects/{project}/global/urlMaps/{urlMap}",
           "httpMethod": "DELETE",
-          "id": "compute.vpnTunnels.delete",
+          "id": "compute.urlMaps.delete",
           "parameterOrder": [
             "project",
-            "region",
-            "vpnTunnel"
+            "urlMap"
           ],
           "parameters": {
             "project": {
@@ -39567,27 +40490,20 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
             "requestId": {
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
             },
-            "vpnTunnel": {
-              "description": "Name of the VpnTunnel resource to delete.",
+            "urlMap": {
+              "description": "Name of the UrlMap resource to delete.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/vpnTunnels/{vpnTunnel}",
+          "path": "projects/{project}/global/urlMaps/{urlMap}",
           "response": {
             "$ref": "Operation"
           },
@@ -39597,14 +40513,13 @@
           ]
         },
         "get": {
-          "description": "Returns the specified VpnTunnel resource. Gets a list of available VPN tunnels by making a list() request.",
-          "flatPath": "projects/{project}/regions/{region}/vpnTunnels/{vpnTunnel}",
+          "description": "Returns the specified UrlMap resource.",
+          "flatPath": "projects/{project}/global/urlMaps/{urlMap}",
           "httpMethod": "GET",
-          "id": "compute.vpnTunnels.get",
+          "id": "compute.urlMaps.get",
           "parameterOrder": [
             "project",
-            "region",
-            "vpnTunnel"
+            "urlMap"
           ],
           "parameters": {
             "project": {
@@ -39614,24 +40529,17 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
-            "vpnTunnel": {
-              "description": "Name of the VpnTunnel resource to return.",
+            "urlMap": {
+              "description": "Name of the UrlMap resource to return.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/vpnTunnels/{vpnTunnel}",
+          "path": "projects/{project}/global/urlMaps/{urlMap}",
           "response": {
-            "$ref": "VpnTunnel"
+            "$ref": "UrlMap"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -39640,13 +40548,12 @@
           ]
         },
         "insert": {
-          "description": "Creates a VpnTunnel resource in the specified project and region using the data included in the request.",
-          "flatPath": "projects/{project}/regions/{region}/vpnTunnels",
+          "description": "Creates a UrlMap resource in the specified project using the data included in the request.",
+          "flatPath": "projects/{project}/global/urlMaps",
           "httpMethod": "POST",
-          "id": "compute.vpnTunnels.insert",
+          "id": "compute.urlMaps.insert",
           "parameterOrder": [
-            "project",
-            "region"
+            "project"
           ],
           "parameters": {
             "project": {
@@ -39656,10 +40563,38 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region for this request.",
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/global/urlMaps",
+          "request": {
+            "$ref": "UrlMap"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "invalidateCache": {
+          "description": "Initiates a cache invalidation operation, invalidating the specified path, scoped to the specified UrlMap. For more information, see [Invalidating cached content](/cdn/docs/invalidating-cached-content).",
+          "flatPath": "projects/{project}/global/urlMaps/{urlMap}/invalidateCache",
+          "httpMethod": "POST",
+          "id": "compute.urlMaps.invalidateCache",
+          "parameterOrder": [
+            "project",
+            "urlMap"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
               "required": true,
               "type": "string"
             },
@@ -39667,11 +40602,18 @@
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
+            },
+            "urlMap": {
+              "description": "Name of the UrlMap scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/vpnTunnels",
+          "path": "projects/{project}/global/urlMaps/{urlMap}/invalidateCache",
           "request": {
-            "$ref": "VpnTunnel"
+            "$ref": "CacheInvalidationRule"
           },
           "response": {
             "$ref": "Operation"
@@ -39682,13 +40624,12 @@
           ]
         },
         "list": {
-          "description": "Retrieves a list of VpnTunnel resources contained in the specified project and region.",
-          "flatPath": "projects/{project}/regions/{region}/vpnTunnels",
+          "description": "Retrieves the list of UrlMap resources available to the specified project.",
+          "flatPath": "projects/{project}/global/urlMaps",
           "httpMethod": "GET",
-          "id": "compute.vpnTunnels.list",
+          "id": "compute.urlMaps.list",
           "parameterOrder": [
-            "project",
-            "region"
+            "project"
           ],
           "parameters": {
             "filter": {
@@ -39721,22 +40662,15 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
             "returnPartialSuccess": {
               "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
               "location": "query",
               "type": "boolean"
             }
           },
-          "path": "projects/{project}/regions/{region}/vpnTunnels",
+          "path": "projects/{project}/global/urlMaps",
           "response": {
-            "$ref": "VpnTunnelList"
+            "$ref": "UrlMapList"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -39744,15 +40678,14 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
-        "setLabels": {
-          "description": "Sets the labels on a VpnTunnel. To learn more about labels, read the Labeling Resources documentation.",
-          "flatPath": "projects/{project}/regions/{region}/vpnTunnels/{resource}/setLabels",
-          "httpMethod": "POST",
-          "id": "compute.vpnTunnels.setLabels",
+        "patch": {
+          "description": "Patches the specified UrlMap resource with the data included in the request. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.",
+          "flatPath": "projects/{project}/global/urlMaps/{urlMap}",
+          "httpMethod": "PATCH",
+          "id": "compute.urlMaps.patch",
           "parameterOrder": [
             "project",
-            "region",
-            "resource"
+            "urlMap"
           ],
           "parameters": {
             "project": {
@@ -39762,29 +40695,22 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "The region for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
             "requestId": {
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
             },
-            "resource": {
-              "description": "Name or id of the resource for this request.",
+            "urlMap": {
+              "description": "Name of the UrlMap resource to patch.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/vpnTunnels/{resource}/setLabels",
+          "path": "projects/{project}/global/urlMaps/{urlMap}",
           "request": {
-            "$ref": "RegionSetLabelsRequest"
+            "$ref": "UrlMap"
           },
           "response": {
             "$ref": "Operation"
@@ -39796,12 +40722,11 @@
         },
         "testIamPermissions": {
           "description": "Returns permissions that a caller has on the specified resource.",
-          "flatPath": "projects/{project}/regions/{region}/vpnTunnels/{resource}/testIamPermissions",
+          "flatPath": "projects/{project}/global/urlMaps/{resource}/testIamPermissions",
           "httpMethod": "POST",
-          "id": "compute.vpnTunnels.testIamPermissions",
+          "id": "compute.urlMaps.testIamPermissions",
           "parameterOrder": [
             "project",
-            "region",
             "resource"
           ],
           "parameters": {
@@ -39812,22 +40737,15 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "The name of the region for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
             "resource": {
               "description": "Name or id of the resource for this request.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "pattern": "[a-z](?:[-a-z0-9_]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/vpnTunnels/{resource}/testIamPermissions",
+          "path": "projects/{project}/global/urlMaps/{resource}/testIamPermissions",
           "request": {
             "$ref": "TestPermissionsRequest"
           },
@@ -39839,68 +40757,17 @@
             "https://www.googleapis.com/auth/compute",
             "https://www.googleapis.com/auth/compute.readonly"
           ]
-        }
-      }
-    },
-    "zoneOperations": {
-      "methods": {
-        "delete": {
-          "description": "Deletes the specified zone-specific Operations resource.",
-          "flatPath": "projects/{project}/zones/{zone}/operations/{operation}",
-          "httpMethod": "DELETE",
-          "id": "compute.zoneOperations.delete",
-          "parameterOrder": [
-            "project",
-            "zone",
-            "operation"
-          ],
-          "parameters": {
-            "operation": {
-              "description": "Name of the Operations resource to delete.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-              "required": true,
-              "type": "string"
-            },
-            "project": {
-              "description": "Project ID for this request.",
-              "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-              "required": true,
-              "type": "string"
-            },
-            "zone": {
-              "description": "Name of the zone for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "projects/{project}/zones/{zone}/operations/{operation}",
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute"
-          ]
         },
-        "get": {
-          "description": "Retrieves the specified zone-specific Operations resource.",
-          "flatPath": "projects/{project}/zones/{zone}/operations/{operation}",
-          "httpMethod": "GET",
-          "id": "compute.zoneOperations.get",
+        "update": {
+          "description": "Updates the specified UrlMap resource with the data included in the request.",
+          "flatPath": "projects/{project}/global/urlMaps/{urlMap}",
+          "httpMethod": "PUT",
+          "id": "compute.urlMaps.update",
           "parameterOrder": [
             "project",
-            "zone",
-            "operation"
+            "urlMap"
           ],
           "parameters": {
-            "operation": {
-              "description": "Name of the Operations resource to return.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-              "required": true,
-              "type": "string"
-            },
             "project": {
               "description": "Project ID for this request.",
               "location": "path",
@@ -39908,105 +40775,41 @@
               "required": true,
               "type": "string"
             },
-            "zone": {
-              "description": "Name of the zone for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "projects/{project}/zones/{zone}/operations/{operation}",
-          "response": {
-            "$ref": "Operation"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
-          ]
-        },
-        "list": {
-          "description": "Retrieves a list of Operation resources contained within the specified zone.",
-          "flatPath": "projects/{project}/zones/{zone}/operations",
-          "httpMethod": "GET",
-          "id": "compute.zoneOperations.list",
-          "parameterOrder": [
-            "project",
-            "zone"
-          ],
-          "parameters": {
-            "filter": {
-              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
-              "location": "query",
-              "type": "string"
-            },
-            "maxResults": {
-              "default": "500",
-              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
-              "format": "uint32",
-              "location": "query",
-              "minimum": "0",
-              "type": "integer"
-            },
-            "orderBy": {
-              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
-              "location": "query",
-              "type": "string"
-            },
-            "pageToken": {
-              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
             },
-            "project": {
-              "description": "Project ID for this request.",
-              "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-              "required": true,
-              "type": "string"
-            },
-            "returnPartialSuccess": {
-              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
-              "location": "query",
-              "type": "boolean"
-            },
-            "zone": {
-              "description": "Name of the zone for request.",
+            "urlMap": {
+              "description": "Name of the UrlMap resource to update.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/zones/{zone}/operations",
+          "path": "projects/{project}/global/urlMaps/{urlMap}",
+          "request": {
+            "$ref": "UrlMap"
+          },
           "response": {
-            "$ref": "OperationList"
+            "$ref": "Operation"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
+            "https://www.googleapis.com/auth/compute"
           ]
         },
-        "wait": {
-          "description": "Waits for the specified Operation resource to return as `DONE` or for the request to approach the 2 minute deadline, and retrieves the specified Operation resource. This method waits for no more than the 2 minutes and then returns the current state of the operation, which might be `DONE` or still in progress. This method is called on a best-effort basis. Specifically: - In uncommon cases, when the server is overloaded, the request might return before the default deadline is reached, or might return after zero seconds. - If the default deadline is reached, there is no guarantee that the operation is actually done when the method returns. Be prepared to retry if the operation is not `DONE`. ",
-          "flatPath": "projects/{project}/zones/{zone}/operations/{operation}/wait",
+        "validate": {
+          "description": "Runs static validation for the UrlMap. In particular, the tests of the provided UrlMap will be run. Calling this method does NOT create the UrlMap.",
+          "flatPath": "projects/{project}/global/urlMaps/{urlMap}/validate",
           "httpMethod": "POST",
-          "id": "compute.zoneOperations.wait",
+          "id": "compute.urlMaps.validate",
           "parameterOrder": [
             "project",
-            "zone",
-            "operation"
+            "urlMap"
           ],
           "parameters": {
-            "operation": {
-              "description": "Name of the Operations resource to return.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-              "required": true,
-              "type": "string"
-            },
             "project": {
               "description": "Project ID for this request.",
               "location": "path",
@@ -40014,33 +40817,35 @@
               "required": true,
               "type": "string"
             },
-            "zone": {
-              "description": "Name of the zone for this request.",
+            "urlMap": {
+              "description": "Name of the UrlMap resource to be validated as.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/zones/{zone}/operations/{operation}/wait",
+          "path": "projects/{project}/global/urlMaps/{urlMap}/validate",
+          "request": {
+            "$ref": "UrlMapsValidateRequest"
+          },
           "response": {
-            "$ref": "Operation"
+            "$ref": "UrlMapsValidateResponse"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
+            "https://www.googleapis.com/auth/compute"
           ]
         }
       }
     },
-    "zoneQueuedResources": {
+    "vpnGateways": {
       "methods": {
         "aggregatedList": {
-          "description": "Retrieves an aggregated list of all of the queued resources in a project across all zones.",
-          "flatPath": "projects/{project}/aggregated/queuedResources",
+          "description": "Retrieves an aggregated list of VPN gateways.",
+          "flatPath": "projects/{project}/aggregated/vpnGateways",
           "httpMethod": "GET",
-          "id": "compute.zoneQueuedResources.aggregatedList",
+          "id": "compute.vpnGateways.aggregatedList",
           "parameterOrder": [
             "project"
           ],
@@ -40086,9 +40891,9 @@
               "type": "boolean"
             }
           },
-          "path": "projects/{project}/aggregated/queuedResources",
+          "path": "projects/{project}/aggregated/vpnGateways",
           "response": {
-            "$ref": "QueuedResourcesAggregatedList"
+            "$ref": "VpnGatewayAggregatedList"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -40096,15 +40901,15 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
-        "cancel": {
-          "description": "Cancels a QueuedResource. Only a resource in ACCEPTED state may be cancelled.",
-          "flatPath": "projects/{project}/zones/{zone}/queuedResources/{queuedResource}/cancel",
-          "httpMethod": "POST",
-          "id": "compute.zoneQueuedResources.cancel",
+        "delete": {
+          "description": "Deletes the specified VPN gateway.",
+          "flatPath": "projects/{project}/regions/{region}/vpnGateways/{vpnGateway}",
+          "httpMethod": "DELETE",
+          "id": "compute.vpnGateways.delete",
           "parameterOrder": [
             "project",
-            "zone",
-            "queuedResource"
+            "region",
+            "vpnGateway"
           ],
           "parameters": {
             "project": {
@@ -40114,9 +40919,10 @@
               "required": true,
               "type": "string"
             },
-            "queuedResource": {
-              "description": "Name of the QueuedResource to cancel.",
+            "region": {
+              "description": "Name of the region for this request.",
               "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
               "type": "string"
             },
@@ -40125,15 +40931,15 @@
               "location": "query",
               "type": "string"
             },
-            "zone": {
-              "description": "Name of the zone for this request.",
+            "vpnGateway": {
+              "description": "Name of the VPN gateway to delete.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/zones/{zone}/queuedResources/{queuedResource}/cancel",
+          "path": "projects/{project}/regions/{region}/vpnGateways/{vpnGateway}",
           "response": {
             "$ref": "Operation"
           },
@@ -40142,15 +40948,15 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "delete": {
-          "description": "Deletes a QueuedResource. For a QueuedResource in ACCEPTED state, call cancel on the resource before deleting, to make sure no VMs have been provisioned and may require cleaning up. For a QueuedResource in PROVISIONING state the request to delete is registered for execution following the provisioning.",
-          "flatPath": "projects/{project}/zones/{zone}/queuedResources/{queuedResource}",
-          "httpMethod": "DELETE",
-          "id": "compute.zoneQueuedResources.delete",
+        "get": {
+          "description": "Returns the specified VPN gateway.",
+          "flatPath": "projects/{project}/regions/{region}/vpnGateways/{vpnGateway}",
+          "httpMethod": "GET",
+          "id": "compute.vpnGateways.get",
           "parameterOrder": [
             "project",
-            "zone",
-            "queuedResource"
+            "region",
+            "vpnGateway"
           ],
           "parameters": {
             "project": {
@@ -40160,43 +40966,40 @@
               "required": true,
               "type": "string"
             },
-            "queuedResource": {
-              "description": "Name of the QueuedResource to delete.",
+            "region": {
+              "description": "Name of the region for this request.",
               "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
               "type": "string"
             },
-            "requestId": {
-              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
-              "location": "query",
-              "type": "string"
-            },
-            "zone": {
-              "description": "Name of the zone for this request.",
+            "vpnGateway": {
+              "description": "Name of the VPN gateway to return.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/zones/{zone}/queuedResources/{queuedResource}",
+          "path": "projects/{project}/regions/{region}/vpnGateways/{vpnGateway}",
           "response": {
-            "$ref": "Operation"
+            "$ref": "VpnGateway"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute"
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
-        "get": {
-          "description": "Returns the specified QueuedResource resource.",
-          "flatPath": "projects/{project}/zones/{zone}/queuedResources/{queuedResource}",
+        "getStatus": {
+          "description": "Returns the status for the specified VPN gateway.",
+          "flatPath": "projects/{project}/regions/{region}/vpnGateways/{vpnGateway}/getStatus",
           "httpMethod": "GET",
-          "id": "compute.zoneQueuedResources.get",
+          "id": "compute.vpnGateways.getStatus",
           "parameterOrder": [
             "project",
-            "zone",
-            "queuedResource"
+            "region",
+            "vpnGateway"
           ],
           "parameters": {
             "project": {
@@ -40206,24 +41009,24 @@
               "required": true,
               "type": "string"
             },
-            "queuedResource": {
-              "description": "Name of the QueuedResource resource to return.",
+            "region": {
+              "description": "Name of the region for this request.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
               "type": "string"
             },
-            "zone": {
-              "description": "Name of the zone for this request.",
+            "vpnGateway": {
+              "description": "Name of the VPN gateway to return.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/zones/{zone}/queuedResources/{queuedResource}",
+          "path": "projects/{project}/regions/{region}/vpnGateways/{vpnGateway}/getStatus",
           "response": {
-            "$ref": "QueuedResource"
+            "$ref": "VpnGatewaysGetStatusResponse"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -40232,13 +41035,13 @@
           ]
         },
         "insert": {
-          "description": "Creates a QueuedResource.",
-          "flatPath": "projects/{project}/zones/{zone}/queuedResources",
+          "description": "Creates a VPN gateway in the specified project and region using the data included in the request.",
+          "flatPath": "projects/{project}/regions/{region}/vpnGateways",
           "httpMethod": "POST",
-          "id": "compute.zoneQueuedResources.insert",
+          "id": "compute.vpnGateways.insert",
           "parameterOrder": [
             "project",
-            "zone"
+            "region"
           ],
           "parameters": {
             "project": {
@@ -40248,22 +41051,22 @@
               "required": true,
               "type": "string"
             },
-            "requestId": {
-              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
-              "location": "query",
-              "type": "string"
-            },
-            "zone": {
-              "description": "Name of the zone for this request.",
+            "region": {
+              "description": "Name of the region for this request.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
               "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
             }
           },
-          "path": "projects/{project}/zones/{zone}/queuedResources",
+          "path": "projects/{project}/regions/{region}/vpnGateways",
           "request": {
-            "$ref": "QueuedResource"
+            "$ref": "VpnGateway"
           },
           "response": {
             "$ref": "Operation"
@@ -40274,13 +41077,13 @@
           ]
         },
         "list": {
-          "description": "Retrieves the list of QueuedResource resources.",
-          "flatPath": "projects/{project}/zones/{zone}/queuedResources",
+          "description": "Retrieves a list of VPN gateways available to the specified project and region.",
+          "flatPath": "projects/{project}/regions/{region}/vpnGateways",
           "httpMethod": "GET",
-          "id": "compute.zoneQueuedResources.list",
+          "id": "compute.vpnGateways.list",
           "parameterOrder": [
             "project",
-            "zone"
+            "region"
           ],
           "parameters": {
             "filter": {
@@ -40313,41 +41116,38 @@
               "required": true,
               "type": "string"
             },
-            "returnPartialSuccess": {
-              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
-              "location": "query",
-              "type": "boolean"
-            },
-            "zone": {
-              "description": "Name of the zone for this request.",
+            "region": {
+              "description": "Name of the region for this request.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
               "type": "string"
+            },
+            "returnPartialSuccess": {
+              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+              "location": "query",
+              "type": "boolean"
             }
           },
-          "path": "projects/{project}/zones/{zone}/queuedResources",
+          "path": "projects/{project}/regions/{region}/vpnGateways",
           "response": {
-            "$ref": "QueuedResourceList"
+            "$ref": "VpnGatewayList"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
             "https://www.googleapis.com/auth/compute",
             "https://www.googleapis.com/auth/compute.readonly"
           ]
-        }
-      }
-    },
-    "zones": {
-      "methods": {
-        "get": {
-          "description": "Returns the specified Zone resource. Gets a list of available zones by making a list() request.",
-          "flatPath": "projects/{project}/zones/{zone}",
-          "httpMethod": "GET",
-          "id": "compute.zones.get",
+        },
+        "setLabels": {
+          "description": "Sets the labels on a VpnGateway. To learn more about labels, read the Labeling Resources documentation.",
+          "flatPath": "projects/{project}/regions/{region}/vpnGateways/{resource}/setLabels",
+          "httpMethod": "POST",
+          "id": "compute.vpnGateways.setLabels",
           "parameterOrder": [
             "project",
-            "zone"
+            "region",
+            "resource"
           ],
           "parameters": {
             "project": {
@@ -40357,29 +41157,93 @@
               "required": true,
               "type": "string"
             },
-            "zone": {
-              "description": "Name of the zone resource to return.",
+            "region": {
+              "description": "The region for this request.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
               "type": "string"
-            }
-          },
-          "path": "projects/{project}/zones/{zone}",
-          "response": {
-            "$ref": "Zone"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "resource": {
+              "description": "Name or id of the resource for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/vpnGateways/{resource}/setLabels",
+          "request": {
+            "$ref": "RegionSetLabelsRequest"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
           ]
         },
-        "list": {
-          "description": "Retrieves the list of Zone resources available to the specified project.",
-          "flatPath": "projects/{project}/zones",
+        "testIamPermissions": {
+          "description": "Returns permissions that a caller has on the specified resource.",
+          "flatPath": "projects/{project}/regions/{region}/vpnGateways/{resource}/testIamPermissions",
+          "httpMethod": "POST",
+          "id": "compute.vpnGateways.testIamPermissions",
+          "parameterOrder": [
+            "project",
+            "region",
+            "resource"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "The name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "resource": {
+              "description": "Name or id of the resource for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/vpnGateways/{resource}/testIamPermissions",
+          "request": {
+            "$ref": "TestPermissionsRequest"
+          },
+          "response": {
+            "$ref": "TestPermissionsResponse"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        }
+      }
+    },
+    "vpnTunnels": {
+      "methods": {
+        "aggregatedList": {
+          "description": "Retrieves an aggregated list of VPN tunnels.",
+          "flatPath": "projects/{project}/aggregated/vpnTunnels",
           "httpMethod": "GET",
-          "id": "compute.zones.list",
+          "id": "compute.vpnTunnels.aggregatedList",
           "parameterOrder": [
             "project"
           ],
@@ -40389,6 +41253,11 @@
               "location": "query",
               "type": "string"
             },
+            "includeAllScopes": {
+              "description": "Indicates whether every visible scope for each scope type (zone, region, global) should be included in the response. For new resource types added after this field, the flag has no effect as new resource types will always include every visible scope for each scope type in response. For resource types which predate this field, if this flag is omitted or false, only scopes of the scope types where the resource type is expected to be found will be included.",
+              "location": "query",
+              "type": "boolean"
+            },
             "maxResults": {
               "default": "500",
               "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
@@ -40420,385 +41289,4475 @@
               "type": "boolean"
             }
           },
-          "path": "projects/{project}/zones",
+          "path": "projects/{project}/aggregated/vpnTunnels",
           "response": {
-            "$ref": "ZoneList"
+            "$ref": "VpnTunnelAggregatedList"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
             "https://www.googleapis.com/auth/compute",
             "https://www.googleapis.com/auth/compute.readonly"
           ]
-        }
-      }
-    }
-  },
-  "revision": "20230210",
-  "rootUrl": "https://compute.googleapis.com/",
-  "schemas": {
-    "AWSV4Signature": {
-      "description": "Contains the configurations necessary to generate a signature for access to private storage buckets that support Signature Version 4 for authentication. The service name for generating the authentication header will always default to 's3'.",
-      "id": "AWSV4Signature",
-      "properties": {
-        "accessKey": {
-          "description": "The access key used for s3 bucket authentication. Required for updating or creating a backend that uses AWS v4 signature authentication, but will not be returned as part of the configuration when queried with a REST API GET request. @InputOnly",
-          "type": "string"
-        },
-        "accessKeyId": {
-          "description": "The identifier of an access key used for s3 bucket authentication.",
-          "type": "string"
-        },
-        "accessKeyVersion": {
-          "description": "The optional version identifier for the access key. You can use this to keep track of different iterations of your access key.",
-          "type": "string"
-        },
-        "originRegion": {
-          "description": "The name of the cloud region of your origin. This is a free-form field with the name of the region your cloud uses to host your origin. For example, \"us-east-1\" for AWS or \"us-ashburn-1\" for OCI.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "AcceleratorConfig": {
-      "description": "A specification of the type and number of accelerator cards attached to the instance.",
-      "id": "AcceleratorConfig",
-      "properties": {
-        "acceleratorCount": {
-          "description": "The number of the guest accelerator cards exposed to this instance.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "acceleratorType": {
-          "description": "Full or partial URL of the accelerator type resource to attach to this instance. For example: projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100 If you are creating an instance template, specify only the accelerator name. See GPUs on Compute Engine for a full list of accelerator types.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "AcceleratorType": {
-      "description": "Represents an Accelerator Type resource. Google Cloud Platform provides graphics processing units (accelerators) that you can add to VM instances to improve or accelerate performance when working with intensive workloads. For more information, read GPUs on Compute Engine.",
-      "id": "AcceleratorType",
-      "properties": {
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
-          "type": "string"
-        },
-        "deprecated": {
-          "$ref": "DeprecationStatus",
-          "description": "[Output Only] The deprecation status associated with this accelerator type."
-        },
-        "description": {
-          "description": "[Output Only] An optional textual description of the resource.",
-          "type": "string"
-        },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "kind": {
-          "default": "compute#acceleratorType",
-          "description": "[Output Only] The type of the resource. Always compute#acceleratorType for accelerator types.",
-          "type": "string"
-        },
-        "maximumCardsPerInstance": {
-          "description": "[Output Only] Maximum number of accelerator cards allowed per instance.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "name": {
-          "description": "[Output Only] Name of the resource.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined, fully qualified URL for this resource.",
-          "type": "string"
-        },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource's resource id.",
-          "type": "string"
-        },
-        "zone": {
-          "description": "[Output Only] The name of the zone where the accelerator type resides, such as us-central1-a. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "AcceleratorTypeAggregatedList": {
-      "id": "AcceleratorTypeAggregatedList",
-      "properties": {
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
-          "type": "string"
-        },
-        "items": {
-          "additionalProperties": {
-            "$ref": "AcceleratorTypesScopedList",
-            "description": "[Output Only] Name of the scope containing this set of accelerator types."
-          },
-          "description": "A list of AcceleratorTypesScopedList resources.",
-          "type": "object"
-        },
-        "kind": {
-          "default": "compute#acceleratorTypeAggregatedList",
-          "description": "[Output Only] Type of resource. Always compute#acceleratorTypeAggregatedList for aggregated lists of accelerator types.",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
-          "type": "string"
-        },
-        "unreachables": {
-          "description": "[Output Only] Unreachable resources.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
         },
-        "warning": {
-          "description": "[Output Only] Informational warning message.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
-              ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
+        "delete": {
+          "description": "Deletes the specified VpnTunnel resource.",
+          "flatPath": "projects/{project}/regions/{region}/vpnTunnels/{vpnTunnel}",
+          "httpMethod": "DELETE",
+          "id": "compute.vpnTunnels.delete",
+          "parameterOrder": [
+            "project",
+            "region",
+            "vpnTunnel"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
               "type": "string"
             },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
+            "region": {
+              "description": "Name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
             },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "vpnTunnel": {
+              "description": "Name of the VpnTunnel resource to delete.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
               "type": "string"
             }
           },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "AcceleratorTypeList": {
-      "description": "Contains a list of accelerator types.",
-      "id": "AcceleratorTypeList",
-      "properties": {
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
-          "type": "string"
-        },
-        "items": {
-          "description": "A list of AcceleratorType resources.",
-          "items": {
-            "$ref": "AcceleratorType"
+          "path": "projects/{project}/regions/{region}/vpnTunnels/{vpnTunnel}",
+          "response": {
+            "$ref": "Operation"
           },
-          "type": "array"
-        },
-        "kind": {
-          "default": "compute#acceleratorTypeList",
-          "description": "[Output Only] Type of resource. Always compute#acceleratorTypeList for lists of accelerator types.",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
-          "type": "string"
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
         },
-        "warning": {
-          "description": "[Output Only] Informational warning message.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
-              ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
+        "get": {
+          "description": "Returns the specified VpnTunnel resource.",
+          "flatPath": "projects/{project}/regions/{region}/vpnTunnels/{vpnTunnel}",
+          "httpMethod": "GET",
+          "id": "compute.vpnTunnels.get",
+          "parameterOrder": [
+            "project",
+            "region",
+            "vpnTunnel"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
               "type": "string"
             },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
+            "region": {
+              "description": "Name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
             },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
+            "vpnTunnel": {
+              "description": "Name of the VpnTunnel resource to return.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
               "type": "string"
             }
           },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "AcceleratorTypesScopedList": {
-      "id": "AcceleratorTypesScopedList",
-      "properties": {
-        "acceleratorTypes": {
-          "description": "[Output Only] A list of accelerator types contained in this scope.",
-          "items": {
-            "$ref": "AcceleratorType"
+          "path": "projects/{project}/regions/{region}/vpnTunnels/{vpnTunnel}",
+          "response": {
+            "$ref": "VpnTunnel"
           },
-          "type": "array"
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
         },
-        "warning": {
-          "description": "[Output Only] An informational warning that appears when the accelerator types list is empty.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
+        "insert": {
+          "description": "Creates a VpnTunnel resource in the specified project and region using the data included in the request.",
+          "flatPath": "projects/{project}/regions/{region}/vpnTunnels",
+          "httpMethod": "POST",
+          "id": "compute.vpnTunnels.insert",
+          "parameterOrder": [
+            "project",
+            "region"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/vpnTunnels",
+          "request": {
+            "$ref": "VpnTunnel"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "list": {
+          "description": "Retrieves a list of VpnTunnel resources contained in the specified project and region.",
+          "flatPath": "projects/{project}/regions/{region}/vpnTunnels",
+          "httpMethod": "GET",
+          "id": "compute.vpnTunnels.list",
+          "parameterOrder": [
+            "project",
+            "region"
+          ],
+          "parameters": {
+            "filter": {
+              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+              "location": "query",
+              "type": "string"
+            },
+            "maxResults": {
+              "default": "500",
+              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+              "format": "uint32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "orderBy": {
+              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+              "location": "query",
+              "type": "string"
+            },
+            "pageToken": {
+              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+              "location": "query",
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "returnPartialSuccess": {
+              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+              "location": "query",
+              "type": "boolean"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/vpnTunnels",
+          "response": {
+            "$ref": "VpnTunnelList"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "setLabels": {
+          "description": "Sets the labels on a VpnTunnel. To learn more about labels, read the Labeling Resources documentation.",
+          "flatPath": "projects/{project}/regions/{region}/vpnTunnels/{resource}/setLabels",
+          "httpMethod": "POST",
+          "id": "compute.vpnTunnels.setLabels",
+          "parameterOrder": [
+            "project",
+            "region",
+            "resource"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "The region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "resource": {
+              "description": "Name or id of the resource for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/vpnTunnels/{resource}/setLabels",
+          "request": {
+            "$ref": "RegionSetLabelsRequest"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "testIamPermissions": {
+          "description": "Returns permissions that a caller has on the specified resource.",
+          "flatPath": "projects/{project}/regions/{region}/vpnTunnels/{resource}/testIamPermissions",
+          "httpMethod": "POST",
+          "id": "compute.vpnTunnels.testIamPermissions",
+          "parameterOrder": [
+            "project",
+            "region",
+            "resource"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "The name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "resource": {
+              "description": "Name or id of the resource for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/vpnTunnels/{resource}/testIamPermissions",
+          "request": {
+            "$ref": "TestPermissionsRequest"
+          },
+          "response": {
+            "$ref": "TestPermissionsResponse"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        }
+      }
+    },
+    "zoneOperations": {
+      "methods": {
+        "delete": {
+          "description": "Deletes the specified zone-specific Operations resource.",
+          "flatPath": "projects/{project}/zones/{zone}/operations/{operation}",
+          "httpMethod": "DELETE",
+          "id": "compute.zoneOperations.delete",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "operation"
+          ],
+          "parameters": {
+            "operation": {
+              "description": "Name of the Operations resource to delete.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "zone": {
+              "description": "Name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/operations/{operation}",
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "get": {
+          "description": "Retrieves the specified zone-specific Operations resource.",
+          "flatPath": "projects/{project}/zones/{zone}/operations/{operation}",
+          "httpMethod": "GET",
+          "id": "compute.zoneOperations.get",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "operation"
+          ],
+          "parameters": {
+            "operation": {
+              "description": "Name of the Operations resource to return.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "zone": {
+              "description": "Name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/operations/{operation}",
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "list": {
+          "description": "Retrieves a list of Operation resources contained within the specified zone.",
+          "flatPath": "projects/{project}/zones/{zone}/operations",
+          "httpMethod": "GET",
+          "id": "compute.zoneOperations.list",
+          "parameterOrder": [
+            "project",
+            "zone"
+          ],
+          "parameters": {
+            "filter": {
+              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+              "location": "query",
+              "type": "string"
+            },
+            "maxResults": {
+              "default": "500",
+              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+              "format": "uint32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "orderBy": {
+              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+              "location": "query",
+              "type": "string"
+            },
+            "pageToken": {
+              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+              "location": "query",
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "returnPartialSuccess": {
+              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+              "location": "query",
+              "type": "boolean"
+            },
+            "zone": {
+              "description": "Name of the zone for request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/operations",
+          "response": {
+            "$ref": "OperationList"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "wait": {
+          "description": "Waits for the specified Operation resource to return as `DONE` or for the request to approach the 2 minute deadline, and retrieves the specified Operation resource. This method waits for no more than the 2 minutes and then returns the current state of the operation, which might be `DONE` or still in progress. This method is called on a best-effort basis. Specifically: - In uncommon cases, when the server is overloaded, the request might return before the default deadline is reached, or might return after zero seconds. - If the default deadline is reached, there is no guarantee that the operation is actually done when the method returns. Be prepared to retry if the operation is not `DONE`. ",
+          "flatPath": "projects/{project}/zones/{zone}/operations/{operation}/wait",
+          "httpMethod": "POST",
+          "id": "compute.zoneOperations.wait",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "operation"
+          ],
+          "parameters": {
+            "operation": {
+              "description": "Name of the Operations resource to return.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "zone": {
+              "description": "Name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/operations/{operation}/wait",
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        }
+      }
+    },
+    "zoneQueuedResources": {
+      "methods": {
+        "aggregatedList": {
+          "description": "Retrieves an aggregated list of all of the queued resources in a project across all zones.",
+          "flatPath": "projects/{project}/aggregated/queuedResources",
+          "httpMethod": "GET",
+          "id": "compute.zoneQueuedResources.aggregatedList",
+          "parameterOrder": [
+            "project"
+          ],
+          "parameters": {
+            "filter": {
+              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+              "location": "query",
+              "type": "string"
+            },
+            "includeAllScopes": {
+              "description": "Indicates whether every visible scope for each scope type (zone, region, global) should be included in the response. For new resource types added after this field, the flag has no effect as new resource types will always include every visible scope for each scope type in response. For resource types which predate this field, if this flag is omitted or false, only scopes of the scope types where the resource type is expected to be found will be included.",
+              "location": "query",
+              "type": "boolean"
+            },
+            "maxResults": {
+              "default": "500",
+              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+              "format": "uint32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "orderBy": {
+              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+              "location": "query",
+              "type": "string"
+            },
+            "pageToken": {
+              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+              "location": "query",
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "returnPartialSuccess": {
+              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+              "location": "query",
+              "type": "boolean"
+            }
+          },
+          "path": "projects/{project}/aggregated/queuedResources",
+          "response": {
+            "$ref": "QueuedResourcesAggregatedList"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "cancel": {
+          "description": "Cancels a QueuedResource. Only a resource in ACCEPTED state may be cancelled.",
+          "flatPath": "projects/{project}/zones/{zone}/queuedResources/{queuedResource}/cancel",
+          "httpMethod": "POST",
+          "id": "compute.zoneQueuedResources.cancel",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "queuedResource"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "queuedResource": {
+              "description": "Name of the QueuedResource to cancel.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "zone": {
+              "description": "Name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/queuedResources/{queuedResource}/cancel",
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "delete": {
+          "description": "Deletes a QueuedResource. For a QueuedResource in ACCEPTED state, call cancel on the resource before deleting, to make sure no VMs have been provisioned and may require cleaning up. For a QueuedResource in PROVISIONING state the request to delete is registered for execution following the provisioning.",
+          "flatPath": "projects/{project}/zones/{zone}/queuedResources/{queuedResource}",
+          "httpMethod": "DELETE",
+          "id": "compute.zoneQueuedResources.delete",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "queuedResource"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "queuedResource": {
+              "description": "Name of the QueuedResource to delete.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "zone": {
+              "description": "Name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/queuedResources/{queuedResource}",
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "get": {
+          "description": "Returns the specified QueuedResource resource.",
+          "flatPath": "projects/{project}/zones/{zone}/queuedResources/{queuedResource}",
+          "httpMethod": "GET",
+          "id": "compute.zoneQueuedResources.get",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "queuedResource"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "queuedResource": {
+              "description": "Name of the QueuedResource resource to return.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "zone": {
+              "description": "Name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/queuedResources/{queuedResource}",
+          "response": {
+            "$ref": "QueuedResource"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "insert": {
+          "description": "Creates a QueuedResource.",
+          "flatPath": "projects/{project}/zones/{zone}/queuedResources",
+          "httpMethod": "POST",
+          "id": "compute.zoneQueuedResources.insert",
+          "parameterOrder": [
+            "project",
+            "zone"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "zone": {
+              "description": "Name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/queuedResources",
+          "request": {
+            "$ref": "QueuedResource"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "list": {
+          "description": "Retrieves the list of QueuedResource resources.",
+          "flatPath": "projects/{project}/zones/{zone}/queuedResources",
+          "httpMethod": "GET",
+          "id": "compute.zoneQueuedResources.list",
+          "parameterOrder": [
+            "project",
+            "zone"
+          ],
+          "parameters": {
+            "filter": {
+              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+              "location": "query",
+              "type": "string"
+            },
+            "maxResults": {
+              "default": "500",
+              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+              "format": "uint32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "orderBy": {
+              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+              "location": "query",
+              "type": "string"
+            },
+            "pageToken": {
+              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+              "location": "query",
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "returnPartialSuccess": {
+              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+              "location": "query",
+              "type": "boolean"
+            },
+            "zone": {
+              "description": "Name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/queuedResources",
+          "response": {
+            "$ref": "QueuedResourceList"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        }
+      }
+    },
+    "zones": {
+      "methods": {
+        "get": {
+          "description": "Returns the specified Zone resource.",
+          "flatPath": "projects/{project}/zones/{zone}",
+          "httpMethod": "GET",
+          "id": "compute.zones.get",
+          "parameterOrder": [
+            "project",
+            "zone"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "zone": {
+              "description": "Name of the zone resource to return.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}",
+          "response": {
+            "$ref": "Zone"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "list": {
+          "description": "Retrieves the list of Zone resources available to the specified project.",
+          "flatPath": "projects/{project}/zones",
+          "httpMethod": "GET",
+          "id": "compute.zones.list",
+          "parameterOrder": [
+            "project"
+          ],
+          "parameters": {
+            "filter": {
+              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+              "location": "query",
+              "type": "string"
+            },
+            "maxResults": {
+              "default": "500",
+              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+              "format": "uint32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "orderBy": {
+              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+              "location": "query",
+              "type": "string"
+            },
+            "pageToken": {
+              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+              "location": "query",
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "returnPartialSuccess": {
+              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+              "location": "query",
+              "type": "boolean"
+            }
+          },
+          "path": "projects/{project}/zones",
+          "response": {
+            "$ref": "ZoneList"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        }
+      }
+    }
+  },
+  "revision": "20230720",
+  "rootUrl": "https://compute.googleapis.com/",
+  "schemas": {
+    "AWSV4Signature": {
+      "description": "Contains the configurations necessary to generate a signature for access to private storage buckets that support Signature Version 4 for authentication. The service name for generating the authentication header will always default to 's3'.",
+      "id": "AWSV4Signature",
+      "properties": {
+        "accessKey": {
+          "description": "The access key used for s3 bucket authentication. Required for updating or creating a backend that uses AWS v4 signature authentication, but will not be returned as part of the configuration when queried with a REST API GET request. @InputOnly",
+          "type": "string"
+        },
+        "accessKeyId": {
+          "description": "The identifier of an access key used for s3 bucket authentication.",
+          "type": "string"
+        },
+        "accessKeyVersion": {
+          "description": "The optional version identifier for the access key. You can use this to keep track of different iterations of your access key.",
+          "type": "string"
+        },
+        "originRegion": {
+          "description": "The name of the cloud region of your origin. This is a free-form field with the name of the region your cloud uses to host your origin. For example, \"us-east-1\" for AWS or \"us-ashburn-1\" for OCI.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "AcceleratorConfig": {
+      "description": "A specification of the type and number of accelerator cards attached to the instance.",
+      "id": "AcceleratorConfig",
+      "properties": {
+        "acceleratorCount": {
+          "description": "The number of the guest accelerator cards exposed to this instance.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "acceleratorType": {
+          "description": "Full or partial URL of the accelerator type resource to attach to this instance. For example: projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100 If you are creating an instance template, specify only the accelerator name. See GPUs on Compute Engine for a full list of accelerator types.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "AcceleratorType": {
+      "description": "Represents an Accelerator Type resource. Google Cloud Platform provides graphics processing units (accelerators) that you can add to VM instances to improve or accelerate performance when working with intensive workloads. For more information, read GPUs on Compute Engine.",
+      "id": "AcceleratorType",
+      "properties": {
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
+        },
+        "deprecated": {
+          "$ref": "DeprecationStatus",
+          "description": "[Output Only] The deprecation status associated with this accelerator type."
+        },
+        "description": {
+          "description": "[Output Only] An optional textual description of the resource.",
+          "type": "string"
+        },
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "kind": {
+          "default": "compute#acceleratorType",
+          "description": "[Output Only] The type of the resource. Always compute#acceleratorType for accelerator types.",
+          "type": "string"
+        },
+        "maximumCardsPerInstance": {
+          "description": "[Output Only] Maximum number of accelerator cards allowed per instance.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "name": {
+          "description": "[Output Only] Name of the resource.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined, fully qualified URL for this resource.",
+          "type": "string"
+        },
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource's resource id.",
+          "type": "string"
+        },
+        "zone": {
+          "description": "[Output Only] The name of the zone where the accelerator type resides, such as us-central1-a. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "AcceleratorTypeAggregatedList": {
+      "id": "AcceleratorTypeAggregatedList",
+      "properties": {
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "type": "string"
+        },
+        "items": {
+          "additionalProperties": {
+            "$ref": "AcceleratorTypesScopedList",
+            "description": "[Output Only] Name of the scope containing this set of accelerator types."
+          },
+          "description": "A list of AcceleratorTypesScopedList resources.",
+          "type": "object"
+        },
+        "kind": {
+          "default": "compute#acceleratorTypeAggregatedList",
+          "description": "[Output Only] Type of resource. Always compute#acceleratorTypeAggregatedList for aggregated lists of accelerator types.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "warning": {
+          "description": "[Output Only] Informational warning message.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "AcceleratorTypeList": {
+      "description": "Contains a list of accelerator types.",
+      "id": "AcceleratorTypeList",
+      "properties": {
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "type": "string"
+        },
+        "items": {
+          "description": "A list of AcceleratorType resources.",
+          "items": {
+            "$ref": "AcceleratorType"
+          },
+          "type": "array"
+        },
+        "kind": {
+          "default": "compute#acceleratorTypeList",
+          "description": "[Output Only] Type of resource. Always compute#acceleratorTypeList for lists of accelerator types.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
+        "warning": {
+          "description": "[Output Only] Informational warning message.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "AcceleratorTypesScopedList": {
+      "id": "AcceleratorTypesScopedList",
+      "properties": {
+        "acceleratorTypes": {
+          "description": "[Output Only] A list of accelerator types contained in this scope.",
+          "items": {
+            "$ref": "AcceleratorType"
+          },
+          "type": "array"
+        },
+        "warning": {
+          "description": "[Output Only] An informational warning that appears when the accelerator types list is empty.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "AccessConfig": {
+      "description": "An access configuration attached to an instance's network interface. Only one access config per instance is supported.",
+      "id": "AccessConfig",
+      "properties": {
+        "externalIpv6": {
+          "description": "Applies to ipv6AccessConfigs only. The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. To use a static external IP address, it must be unused and in the same region as the instance's zone. If not specified, Google Cloud will automatically assign an external IPv6 address from the instance's subnetwork.",
+          "type": "string"
+        },
+        "externalIpv6PrefixLength": {
+          "description": "Applies to ipv6AccessConfigs only. The prefix length of the external IPv6 range.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "kind": {
+          "default": "compute#accessConfig",
+          "description": "[Output Only] Type of the resource. Always compute#accessConfig for access configs.",
+          "type": "string"
+        },
+        "name": {
+          "description": "The name of this access configuration. In accessConfigs (IPv4), the default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. In ipv6AccessConfigs, the recommend name is External IPv6.",
+          "type": "string"
+        },
+        "natIP": {
+          "description": "Applies to accessConfigs (IPv4) only. An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.",
+          "type": "string"
+        },
+        "networkTier": {
+          "description": "This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.",
+          "enum": [
+            "FIXED_STANDARD",
+            "PREMIUM",
+            "SELECT",
+            "STANDARD",
+            "STANDARD_OVERRIDES_FIXED_STANDARD"
+          ],
+          "enumDescriptions": [
+            "Public internet quality with fixed bandwidth.",
+            "High quality, Google-grade network tier, support for all networking products.",
+            "Price competitive network tier, support for all networking products.",
+            "Public internet quality, only limited support for other networking products.",
+            "(Output only) Temporary tier for FIXED_STANDARD when fixed standard tier is expired or not configured."
+          ],
+          "type": "string"
+        },
+        "publicDnsName": {
+          "description": "[Output Only] The public DNS domain name for the instance.",
+          "type": "string"
+        },
+        "publicPtrDomainName": {
+          "description": "The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.",
+          "type": "string"
+        },
+        "securityPolicy": {
+          "description": "[Output Only] The resource URL for the security policy associated with this access config.",
+          "type": "string"
+        },
+        "setPublicDns": {
+          "description": "Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.",
+          "type": "boolean"
+        },
+        "setPublicPtr": {
+          "description": "Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.",
+          "type": "boolean"
+        },
+        "type": {
+          "description": "The type of configuration. In accessConfigs (IPv4), the default and only option is ONE_TO_ONE_NAT. In ipv6AccessConfigs, the default and only option is DIRECT_IPV6.",
+          "enum": [
+            "DIRECT_IPV6",
+            "ONE_TO_ONE_NAT"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "Address": {
+      "description": "Represents an IP Address resource. Google Compute Engine has two IP Address resources: * [Global (external and internal)](https://cloud.google.com/compute/docs/reference/rest/alpha/globalAddresses) * [Regional (external and internal)](https://cloud.google.com/compute/docs/reference/rest/alpha/addresses) For more information, see Reserving a static external IP address.",
+      "id": "Address",
+      "properties": {
+        "address": {
+          "description": "The static IP address represented by this resource.",
+          "type": "string"
+        },
+        "addressType": {
+          "description": "The type of address to reserve, either INTERNAL or EXTERNAL. If unspecified, defaults to EXTERNAL.",
+          "enum": [
+            "DNS_FORWARDING",
+            "EXTERNAL",
+            "INTERNAL",
+            "UNSPECIFIED_TYPE"
+          ],
+          "enumDescriptions": [
+            "DNS resolver address in the subnetwork.",
+            "A publicly visible external IP address.",
+            "A private network IP address, for use with an Instance or Internal Load Balancer forwarding rule.",
+            ""
+          ],
+          "type": "string"
+        },
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
+        },
+        "description": {
+          "description": "An optional description of this resource. Provide this field when you create the resource.",
+          "type": "string"
+        },
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "ipVersion": {
+          "description": "The IP version that will be used by this address. Valid options are IPV4 or IPV6.",
+          "enum": [
+            "IPV4",
+            "IPV6",
+            "UNSPECIFIED_VERSION"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "ipv6EndpointType": {
+          "description": "The endpoint type of this address, which should be VM or NETLB. This is used for deciding which type of endpoint this address can be used after the external IPv6 address reservation.",
+          "enum": [
+            "NETLB",
+            "VM"
+          ],
+          "enumDescriptions": [
+            "Reserved IPv6 address can be used on network load balancer.",
+            "Reserved IPv6 address can be used on VM."
+          ],
+          "type": "string"
+        },
+        "kind": {
+          "default": "compute#address",
+          "description": "[Output Only] Type of the resource. Always compute#address for addresses.",
+          "type": "string"
+        },
+        "labelFingerprint": {
+          "description": "A fingerprint for the labels being applied to this Address, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve an Address.",
+          "format": "byte",
+          "type": "string"
+        },
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.",
+          "type": "object"
+        },
+        "name": {
+          "annotations": {
+            "required": [
+              "compute.addresses.insert"
+            ]
+          },
+          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "network": {
+          "description": "The URL of the network in which to reserve the address. This field can only be used with INTERNAL type with the VPC_PEERING purpose.",
+          "type": "string"
+        },
+        "networkTier": {
+          "description": "This signifies the networking tier used for configuring this address and can only take the following values: PREMIUM or STANDARD. Internal IP addresses are always Premium Tier; global external IP addresses are always Premium Tier; regional external IP addresses can be either Standard or Premium Tier. If this field is not specified, it is assumed to be PREMIUM.",
+          "enum": [
+            "FIXED_STANDARD",
+            "PREMIUM",
+            "SELECT",
+            "STANDARD",
+            "STANDARD_OVERRIDES_FIXED_STANDARD"
+          ],
+          "enumDescriptions": [
+            "Public internet quality with fixed bandwidth.",
+            "High quality, Google-grade network tier, support for all networking products.",
+            "Price competitive network tier, support for all networking products.",
+            "Public internet quality, only limited support for other networking products.",
+            "(Output only) Temporary tier for FIXED_STANDARD when fixed standard tier is expired or not configured."
+          ],
+          "type": "string"
+        },
+        "prefixLength": {
+          "description": "The prefix length if the resource represents an IP range.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "purpose": {
+          "description": "The purpose of this resource, which can be one of the following values: - GCE_ENDPOINT for addresses that are used by VM instances, alias IP ranges, load balancers, and similar resources. - DNS_RESOLVER for a DNS resolver address in a subnetwork for a Cloud DNS inbound forwarder IP addresses (regional internal IP address in a subnet of a VPC network) - VPC_PEERING for global internal IP addresses used for private services access allocated ranges. - NAT_AUTO for the regional external IP addresses used by Cloud NAT when allocating addresses using automatic NAT IP address allocation. - IPSEC_INTERCONNECT for addresses created from a private IP range that are reserved for a VLAN attachment in an *HA VPN over Cloud Interconnect* configuration. These addresses are regional resources. - `SHARED_LOADBALANCER_VIP` for an internal IP address that is assigned to multiple internal forwarding rules. - `PRIVATE_SERVICE_CONNECT` for a private network address that is used to configure Private Service Connect. Only global internal addresses can use this purpose. ",
+          "enum": [
+            "DNS_RESOLVER",
+            "GCE_ENDPOINT",
+            "IPSEC_INTERCONNECT",
+            "NAT_AUTO",
+            "PRIVATE_SERVICE_CONNECT",
+            "SERVERLESS",
+            "SHARED_LOADBALANCER_VIP",
+            "VPC_PEERING"
+          ],
+          "enumDescriptions": [
+            "DNS resolver address in the subnetwork.",
+            "VM internal/alias IP, Internal LB service IP, etc.",
+            "A regional internal IP address range reserved for the VLAN attachment that is used in HA VPN over Cloud Interconnect. This regional internal IP address range must not overlap with any IP address range of subnet/route in the VPC network and its peering networks. After the VLAN attachment is created with the reserved IP address range, when creating a new VPN gateway, its interface IP address is allocated from the associated VLAN attachment’s IP address range.",
+            "External IP automatically reserved for Cloud NAT.",
+            "A private network IP address that can be used to configure Private Service Connect. This purpose can be specified only for GLOBAL addresses of Type INTERNAL",
+            "A regional internal IP address range reserved for Serverless.",
+            "A private network IP address that can be shared by multiple Internal Load Balancer forwarding rules.",
+            "IP range for peer networks."
+          ],
+          "type": "string"
+        },
+        "region": {
+          "description": "[Output Only] The URL of the region where a regional address resides. For regional addresses, you must specify the region as a path parameter in the HTTP request URL. *This field is not applicable to global addresses.*",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
+          "type": "string"
+        },
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "type": "string"
+        },
+        "status": {
+          "description": "[Output Only] The status of the address, which can be one of RESERVING, RESERVED, or IN_USE. An address that is RESERVING is currently in the process of being reserved. A RESERVED address is currently reserved and available to use. An IN_USE address is currently being used by another resource and is not available.",
+          "enum": [
+            "IN_USE",
+            "RESERVED",
+            "RESERVING"
+          ],
+          "enumDescriptions": [
+            "Address is being used by another resource and is not available.",
+            "Address is reserved and available to use.",
+            "Address is being reserved."
+          ],
+          "type": "string"
+        },
+        "subnetwork": {
+          "description": "The URL of the subnetwork in which to reserve the address. If an IP address is specified, it must be within the subnetwork's IP range. This field can only be used with INTERNAL type with a GCE_ENDPOINT or DNS_RESOLVER purpose.",
+          "type": "string"
+        },
+        "users": {
+          "description": "[Output Only] The URLs of the resources that are using this address.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "AddressAggregatedList": {
+      "id": "AddressAggregatedList",
+      "properties": {
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "type": "string"
+        },
+        "items": {
+          "additionalProperties": {
+            "$ref": "AddressesScopedList",
+            "description": "[Output Only] Name of the scope containing this set of addresses."
+          },
+          "description": "A list of AddressesScopedList resources.",
+          "type": "object"
+        },
+        "kind": {
+          "default": "compute#addressAggregatedList",
+          "description": "[Output Only] Type of resource. Always compute#addressAggregatedList for aggregated lists of addresses.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "warning": {
+          "description": "[Output Only] Informational warning message.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "AddressList": {
+      "description": "Contains a list of addresses.",
+      "id": "AddressList",
+      "properties": {
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "type": "string"
+        },
+        "items": {
+          "description": "A list of Address resources.",
+          "items": {
+            "$ref": "Address"
+          },
+          "type": "array"
+        },
+        "kind": {
+          "default": "compute#addressList",
+          "description": "[Output Only] Type of resource. Always compute#addressList for lists of addresses.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
+        "warning": {
+          "description": "[Output Only] Informational warning message.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "AddressesScopedList": {
+      "id": "AddressesScopedList",
+      "properties": {
+        "addresses": {
+          "description": "[Output Only] A list of addresses contained in this scope.",
+          "items": {
+            "$ref": "Address"
+          },
+          "type": "array"
+        },
+        "warning": {
+          "description": "[Output Only] Informational warning which replaces the list of addresses when the list is empty.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "AdvancedMachineFeatures": {
+      "description": "Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled).",
+      "id": "AdvancedMachineFeatures",
+      "properties": {
+        "enableNestedVirtualization": {
+          "description": "Whether to enable nested virtualization or not (default is false).",
+          "type": "boolean"
+        },
+        "enableUefiNetworking": {
+          "description": "Whether to enable UEFI networking for instance creation.",
+          "type": "boolean"
+        },
+        "numaNodeCount": {
+          "description": "The number of vNUMA nodes.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "performanceMonitoringUnit": {
+          "description": "Type of Performance Monitoring Unit requested on instance.",
+          "enum": [
+            "ARCHITECTURAL",
+            "ENHANCED",
+            "PERFORMANCE_MONITORING_UNIT_UNSPECIFIED",
+            "STANDARD"
+          ],
+          "enumDescriptions": [
+            "Architecturally defined non-LLC events.",
+            "Most documented core/L2 and LLC events.",
+            "",
+            "Most documented core/L2 events."
+          ],
+          "type": "string"
+        },
+        "threadsPerCore": {
+          "description": "The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "visibleCoreCount": {
+          "description": "The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance's nominal CPU count and the underlying platform's SMT width.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "AliasIpRange": {
+      "description": "An alias IP range attached to an instance's network interface.",
+      "id": "AliasIpRange",
+      "properties": {
+        "ipCidrRange": {
+          "description": "The IP alias ranges to allocate for this interface. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. This range may be a single IP address (such as 10.2.3.4), a netmask (such as /24) or a CIDR-formatted string (such as 10.1.2.0/24).",
+          "type": "string"
+        },
+        "subnetworkRangeName": {
+          "description": "The name of a subnetwork secondary IP range from which to allocate an IP alias range. If not specified, the primary range of the subnetwork is used.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "AllocationAggregateReservation": {
+      "description": "This reservation type is specified by total resource amounts (e.g. total count of CPUs) and can account for multiple instance SKUs. In other words, one can create instances of varying shapes against this reservation.",
+      "id": "AllocationAggregateReservation",
+      "properties": {
+        "inUseResources": {
+          "description": "[Output only] List of resources currently in use.",
+          "items": {
+            "$ref": "AllocationAggregateReservationReservedResourceInfo"
+          },
+          "type": "array"
+        },
+        "reservedResources": {
+          "description": "List of reserved resources (CPUs, memory, accelerators).",
+          "items": {
+            "$ref": "AllocationAggregateReservationReservedResourceInfo"
+          },
+          "type": "array"
+        },
+        "vmFamily": {
+          "description": "The VM family that all instances scheduled against this reservation must belong to.",
+          "enum": [
+            "VM_FAMILY_CLOUD_TPU_LITE_DEVICE_CT5L",
+            "VM_FAMILY_CLOUD_TPU_LITE_POD_SLICE_CT5LP",
+            "VM_FAMILY_CLOUD_TPU_POD_SLICE_CT4P",
+            "VM_FAMILY_COMPUTE_OPTIMIZED_C3",
+            "VM_FAMILY_GENERAL_PURPOSE_T2D",
+            "VM_FAMILY_MEMORY_OPTIMIZED_M3"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            "",
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "workloadType": {
+          "description": "The workload type of the instances that will target this reservation.",
+          "enum": [
+            "BATCH",
+            "SERVING",
+            "UNSPECIFIED"
+          ],
+          "enumDescriptions": [
+            "Reserved resources will be optimized for BATCH workloads, such as ML training.",
+            "Reserved resources will be optimized for SERVING workloads, such as ML inference.",
+            ""
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "AllocationAggregateReservationReservedResourceInfo": {
+      "id": "AllocationAggregateReservationReservedResourceInfo",
+      "properties": {
+        "accelerator": {
+          "$ref": "AllocationAggregateReservationReservedResourceInfoAccelerator",
+          "description": "Properties of accelerator resources in this reservation."
+        }
+      },
+      "type": "object"
+    },
+    "AllocationAggregateReservationReservedResourceInfoAccelerator": {
+      "id": "AllocationAggregateReservationReservedResourceInfoAccelerator",
+      "properties": {
+        "acceleratorCount": {
+          "description": "Number of accelerators of specified type.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "acceleratorType": {
+          "description": "Full or partial URL to accelerator type. e.g. \"projects/{PROJECT}/zones/{ZONE}/acceleratorTypes/ct4l\"",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "AllocationResourceStatus": {
+      "description": "[Output Only] Contains output only fields.",
+      "id": "AllocationResourceStatus",
+      "properties": {
+        "specificSkuAllocation": {
+          "$ref": "AllocationResourceStatusSpecificSKUAllocation",
+          "description": "Allocation Properties of this reservation."
+        }
+      },
+      "type": "object"
+    },
+    "AllocationResourceStatusSpecificSKUAllocation": {
+      "description": "Contains Properties set for the reservation.",
+      "id": "AllocationResourceStatusSpecificSKUAllocation",
+      "properties": {
+        "sourceInstanceTemplateId": {
+          "description": "ID of the instance template used to populate reservation properties.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "AllocationSpecificSKUAllocationAllocatedInstancePropertiesReservedDisk": {
+      "id": "AllocationSpecificSKUAllocationAllocatedInstancePropertiesReservedDisk",
+      "properties": {
+        "diskSizeGb": {
+          "description": "Specifies the size of the disk in base-2 GB.",
+          "format": "int64",
+          "type": "string"
+        },
+        "interface": {
+          "description": "Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI. For performance characteristics of SCSI over NVMe, see Local SSD performance.",
+          "enum": [
+            "NVDIMM",
+            "NVME",
+            "SCSI"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "AllocationSpecificSKUAllocationReservedInstanceProperties": {
+      "description": "Properties of the SKU instances being reserved. Next ID: 9",
+      "id": "AllocationSpecificSKUAllocationReservedInstanceProperties",
+      "properties": {
+        "guestAccelerators": {
+          "description": "Specifies accelerator type and count.",
+          "items": {
+            "$ref": "AcceleratorConfig"
+          },
+          "type": "array"
+        },
+        "localSsds": {
+          "description": "Specifies amount of local ssd to reserve with each instance. The type of disk is local-ssd.",
+          "items": {
+            "$ref": "AllocationSpecificSKUAllocationAllocatedInstancePropertiesReservedDisk"
+          },
+          "type": "array"
+        },
+        "locationHint": {
+          "description": "An opaque location hint used to place the allocation close to other resources. This field is for use by internal tools that use the public API.",
+          "type": "string"
+        },
+        "machineType": {
+          "description": "Specifies type of machine (name only) which has fixed number of vCPUs and fixed amount of memory. This also includes specifying custom machine type following custom-NUMBER_OF_CPUS-AMOUNT_OF_MEMORY pattern.",
+          "type": "string"
+        },
+        "maintenanceFreezeDurationHours": {
+          "description": "Specifies the number of hours after reservation creation where instances using the reservation won't be scheduled for maintenance.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "maintenanceInterval": {
+          "description": "Specifies the frequency of planned maintenance events. The accepted values are: `PERIODIC`.",
+          "enum": [
+            "AS_NEEDED",
+            "PERIODIC",
+            "RECURRENT"
+          ],
+          "enumDescriptions": [
+            "VMs are eligible to receive infrastructure and hypervisor updates as they become available. This may result in more maintenance operations (live migrations or terminations) for the VM than the PERIODIC and RECURRENT options.",
+            "VMs receive infrastructure and hypervisor updates on a periodic basis, minimizing the number of maintenance operations (live migrations or terminations) on an individual VM. This may mean a VM will take longer to receive an update than if it was configured for AS_NEEDED. Security updates will still be applied as soon as they are available.",
+            "VMs receive infrastructure and hypervisor updates on a periodic basis, minimizing the number of maintenance operations (live migrations or terminations) on an individual VM. This may mean a VM will take longer to receive an update than if it was configured for AS_NEEDED. Security updates will still be applied as soon as they are available. RECURRENT is used for GEN3 and Slice of Hardware VMs."
+          ],
+          "type": "string"
+        },
+        "minCpuPlatform": {
+          "description": "Minimum cpu platform the reservation.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "AllocationSpecificSKUReservation": {
+      "description": "This reservation type allows to pre allocate specific instance configuration. Next ID: 6",
+      "id": "AllocationSpecificSKUReservation",
+      "properties": {
+        "assuredCount": {
+          "description": "[Output Only] Indicates how many instances are actually usable currently.",
+          "format": "int64",
+          "type": "string"
+        },
+        "count": {
+          "description": "Specifies the number of resources that are allocated.",
+          "format": "int64",
+          "type": "string"
+        },
+        "inUseCount": {
+          "description": "[Output Only] Indicates how many instances are in use.",
+          "format": "int64",
+          "type": "string"
+        },
+        "instanceProperties": {
+          "$ref": "AllocationSpecificSKUAllocationReservedInstanceProperties",
+          "description": "The instance properties for the reservation."
+        },
+        "sourceInstanceTemplate": {
+          "description": "Specifies the instance template to create the reservation. If you use this field, you must exclude the instanceProperties field. This field is optional, and it can be a full or partial URL. For example, the following are all valid URLs to an instance template: - https://www.googleapis.com/compute/v1/projects/project /global/instanceTemplates/instanceTemplate - projects/project/global/instanceTemplates/instanceTemplate - global/instanceTemplates/instanceTemplate ",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "AttachedDisk": {
+      "description": "An instance-attached disk resource.",
+      "id": "AttachedDisk",
+      "properties": {
+        "architecture": {
+          "description": "[Output Only] The architecture of the attached disk. Valid values are ARM64 or X86_64.",
+          "enum": [
+            "ARCHITECTURE_UNSPECIFIED",
+            "ARM64",
+            "X86_64"
+          ],
+          "enumDescriptions": [
+            "Default value indicating Architecture is not set.",
+            "Machines with architecture ARM64",
+            "Machines with architecture X86_64"
+          ],
+          "type": "string"
+        },
+        "autoDelete": {
+          "description": "Specifies whether the disk will be auto-deleted when the instance is deleted (but not when the disk is detached from the instance).",
+          "type": "boolean"
+        },
+        "boot": {
+          "description": "Indicates that this is a boot disk. The virtual machine will use the first partition of the disk for its root filesystem.",
+          "type": "boolean"
+        },
+        "deviceName": {
+          "description": "Specifies a unique device name of your choice that is reflected into the /dev/disk/by-id/google-* tree of a Linux operating system running within the instance. This name can be used to reference the device for mounting, resizing, and so on, from within the instance. If not specified, the server chooses a default device name to apply to this disk, in the form persistent-disk-x, where x is a number assigned by Google Compute Engine. This field is only applicable for persistent disks.",
+          "type": "string"
+        },
+        "diskEncryptionKey": {
+          "$ref": "CustomerEncryptionKey",
+          "description": "Encrypts or decrypts a disk using a customer-supplied encryption key. If you are creating a new disk, this field encrypts the new disk using an encryption key that you provide. If you are attaching an existing disk that is already encrypted, this field decrypts the disk using the customer-supplied encryption key. If you encrypt a disk using a customer-supplied key, you must provide the same key again when you attempt to use this resource at a later time. For example, you must provide the key when you create a snapshot or an image from the disk or when you attach the disk to a virtual machine instance. If you do not provide an encryption key, then the disk will be encrypted using an automatically generated key and you do not need to provide a key to use the disk later. Instance templates do not store customer-supplied encryption keys, so you cannot use your own keys to encrypt disks in a managed instance group."
+        },
+        "diskSizeGb": {
+          "description": "The size of the disk in GB.",
+          "format": "int64",
+          "type": "string"
+        },
+        "forceAttach": {
+          "description": "[Input Only] Whether to force attach the regional disk even if it's currently attached to another instance. If you try to force attach a zonal disk to an instance, you will receive an error.",
+          "type": "boolean"
+        },
+        "guestOsFeatures": {
+          "description": "A list of features to enable on the guest operating system. Applicable only for bootable images. Read Enabling guest operating system features to see a list of available options.",
+          "items": {
+            "$ref": "GuestOsFeature"
+          },
+          "type": "array"
+        },
+        "index": {
+          "description": "[Output Only] A zero-based index to this disk, where 0 is reserved for the boot disk. If you have many disks attached to an instance, each disk would have a unique index number.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "initializeParams": {
+          "$ref": "AttachedDiskInitializeParams",
+          "description": "[Input Only] Specifies the parameters for a new disk that will be created alongside the new instance. Use initialization parameters to create boot disks or local SSDs attached to the new instance. This property is mutually exclusive with the source property; you can only define one or the other, but not both."
+        },
+        "interface": {
+          "description": "Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. For most machine types, the default is SCSI. Local SSDs can use either NVME or SCSI. In certain configurations, persistent disks can use NVMe. For more information, see About persistent disks.",
+          "enum": [
+            "NVDIMM",
+            "NVME",
+            "SCSI"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "kind": {
+          "default": "compute#attachedDisk",
+          "description": "[Output Only] Type of the resource. Always compute#attachedDisk for attached disks.",
+          "type": "string"
+        },
+        "licenses": {
+          "description": "[Output Only] Any valid publicly visible licenses.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "locked": {
+          "description": "[Output Only] Whether to indicate the attached disk is locked. The locked disk is not allowed to be detached from the instance, or to be used as the source of the snapshot creation, and the image creation. The instance with at least one locked attached disk is not allow to be used as source of machine image creation, instant snapshot creation, and not allowed to be deleted with --keep-disk parameter set to true for locked disks.",
+          "type": "boolean"
+        },
+        "mode": {
+          "description": "The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If not specified, the default is to attach the disk in READ_WRITE mode.",
+          "enum": [
+            "READ_ONLY",
+            "READ_WRITE"
+          ],
+          "enumDescriptions": [
+            "Attaches this disk in read-only mode. Multiple virtual machines can use a disk in read-only mode at a time.",
+            "*[Default]* Attaches this disk in read-write mode. Only one virtual machine at a time can be attached to a disk in read-write mode."
+          ],
+          "type": "string"
+        },
+        "savedState": {
+          "description": "For LocalSSD disks on VM Instances in STOPPED or SUSPENDED state, this field is set to PRESERVED if the LocalSSD data has been saved to a persistent location by customer request. (see the discard_local_ssd option on Stop/Suspend). Read-only in the api.",
+          "enum": [
+            "DISK_SAVED_STATE_UNSPECIFIED",
+            "PRESERVED"
+          ],
+          "enumDescriptions": [
+            "*[Default]* Disk state has not been preserved.",
+            "Disk state has been preserved."
+          ],
+          "type": "string"
+        },
+        "shieldedInstanceInitialState": {
+          "$ref": "InitialStateConfig",
+          "description": "[Output Only] shielded vm initial state stored on disk"
+        },
+        "source": {
+          "description": "Specifies a valid partial or full URL to an existing Persistent Disk resource. When creating a new instance, one of initializeParams.sourceImage or initializeParams.sourceSnapshot or disks.source is required except for local SSD. If desired, you can also attach existing non-root persistent disks using this property. This field is only applicable for persistent disks. Note that for InstanceTemplate, specify the disk name for zonal disk, and the URL for regional disk.",
+          "type": "string"
+        },
+        "type": {
+          "description": "Specifies the type of the disk, either SCRATCH or PERSISTENT. If not specified, the default is PERSISTENT.",
+          "enum": [
+            "PERSISTENT",
+            "SCRATCH"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "userLicenses": {
+          "description": "[Output Only] A list of user provided licenses. It represents a list of URLs to the license resource. Unlike regular licenses, user provided licenses can be modified after the disk is created.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "AttachedDiskInitializeParams": {
+      "description": "[Input Only] Specifies the parameters for a new disk that will be created alongside the new instance. Use initialization parameters to create boot disks or local SSDs attached to the new instance. This field is persisted and returned for instanceTemplate and not returned in the context of instance. This property is mutually exclusive with the source property; you can only define one or the other, but not both.",
+      "id": "AttachedDiskInitializeParams",
+      "properties": {
+        "architecture": {
+          "description": "The architecture of the attached disk. Valid values are arm64 or x86_64.",
+          "enum": [
+            "ARCHITECTURE_UNSPECIFIED",
+            "ARM64",
+            "X86_64"
+          ],
+          "enumDescriptions": [
+            "Default value indicating Architecture is not set.",
+            "Machines with architecture ARM64",
+            "Machines with architecture X86_64"
+          ],
+          "type": "string"
+        },
+        "description": {
+          "description": "An optional description. Provide this property when creating the disk.",
+          "type": "string"
+        },
+        "diskName": {
+          "description": "Specifies the disk name. If not specified, the default is to use the name of the instance. If a disk with the same name already exists in the given region, the existing disk is attached to the new instance and the new disk is not created.",
+          "type": "string"
+        },
+        "diskSizeGb": {
+          "description": "Specifies the size of the disk in base-2 GB. The size must be at least 10 GB. If you specify a sourceImage, which is required for boot disks, the default size is the size of the sourceImage. If you do not specify a sourceImage, the default disk size is 500 GB.",
+          "format": "int64",
+          "type": "string"
+        },
+        "diskType": {
+          "description": "Specifies the disk type to use to create the instance. If not specified, the default is pd-standard, specified using the full URL. For example: https://www.googleapis.com/compute/v1/projects/project/zones/zone /diskTypes/pd-standard For a full list of acceptable values, see Persistent disk types. If you specify this field when creating a VM, you can provide either the full or partial URL. For example, the following values are valid: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /diskTypes/diskType - projects/project/zones/zone/diskTypes/diskType - zones/zone/diskTypes/diskType If you specify this field when creating or updating an instance template or all-instances configuration, specify the type of the disk, not the URL. For example: pd-standard.",
+          "type": "string"
+        },
+        "enableConfidentialCompute": {
+          "description": "Whether this disk is using confidential compute mode.",
+          "type": "boolean"
+        },
+        "guestOsFeatures": {
+          "description": "A list of features to enable on the guest operating system. Applicable only for bootable images. Read Enabling guest operating system features to see a list of available options. Guest OS features are applied by merging initializeParams.guestOsFeatures and disks.guestOsFeatures",
+          "items": {
+            "$ref": "GuestOsFeature"
+          },
+          "type": "array"
+        },
+        "interface": {
+          "deprecated": true,
+          "description": "[Deprecated] Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI.",
+          "enum": [
+            "NVME",
+            "SCSI",
+            "UNSPECIFIED"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Labels to apply to this disk. These can be later modified by the disks.setLabels method. This field is only applicable for persistent disks.",
+          "type": "object"
+        },
+        "licenseCodes": {
+          "description": "Integer license codes indicating which licenses are attached to this disk.",
+          "items": {
+            "format": "int64",
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "licenses": {
+          "description": "A list of publicly visible licenses. Reserved for Google's use.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "multiWriter": {
+          "description": "Indicates whether or not the disk can be read/write attached to more than one instance.",
+          "type": "boolean"
+        },
+        "onUpdateAction": {
+          "description": "Specifies which action to take on instance update with this disk. Default is to use the existing disk.",
+          "enum": [
+            "RECREATE_DISK",
+            "RECREATE_DISK_IF_SOURCE_CHANGED",
+            "USE_EXISTING_DISK"
+          ],
+          "enumDescriptions": [
+            "Always recreate the disk.",
+            "Recreate the disk if source (image, snapshot) of this disk is different from source of existing disk.",
+            "Use the existing disk, this is the default behaviour."
+          ],
+          "type": "string"
+        },
+        "provisionedIops": {
+          "description": "Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle. Values must be between 10,000 and 120,000. For more details, see the Extreme persistent disk documentation.",
+          "format": "int64",
+          "type": "string"
+        },
+        "provisionedThroughput": {
+          "description": "Indicates how much throughput to provision for the disk. This sets the number of throughput mb per second that the disk can handle. Values must be between 1 and 7,124.",
+          "format": "int64",
+          "type": "string"
+        },
+        "replicaZones": {
+          "description": "Required for each regional disk associated with the instance. Specify the URLs of the zones where the disk should be replicated to. You must provide exactly two replica zones, and one zone must be the same as the instance zone.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "resourceManagerTags": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Resource manager tags to be bound to the disk. Tag keys and values have the same definition as resource manager tags. Keys must be in the format `tagKeys/{tag_key_id}`, and values are in the format `tagValues/456`. The field is ignored (both PUT \u0026 PATCH) when empty.",
+          "type": "object"
+        },
+        "resourcePolicies": {
+          "description": "Resource policies applied to this disk for automatic snapshot creations. Specified using the full or partial URL. For instance template, specify only the resource policy name.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "sourceImage": {
+          "description": "The source image to create this disk. When creating a new instance, one of initializeParams.sourceImage or initializeParams.sourceSnapshot or disks.source is required except for local SSD. To create a disk with one of the public operating system images, specify the image by its family name. For example, specify family/debian-9 to use the latest Debian 9 image: projects/debian-cloud/global/images/family/debian-9 Alternatively, use a specific version of a public operating system image: projects/debian-cloud/global/images/debian-9-stretch-vYYYYMMDD To create a disk with a custom image that you created, specify the image name in the following format: global/images/my-custom-image You can also specify a custom image by its image family, which returns the latest version of the image in that family. Replace the image name with family/family-name: global/images/family/my-image-family If the source image is deleted later, this field will not be set.",
+          "type": "string"
+        },
+        "sourceImageEncryptionKey": {
+          "$ref": "CustomerEncryptionKey",
+          "description": "The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key. InstanceTemplate and InstancePropertiesPatch do not store customer-supplied encryption keys, so you cannot create disks for instances in a managed instance group if the source images are encrypted with your own keys."
+        },
+        "sourceInstantSnapshot": {
+          "description": "The source instant-snapshot to create this disk. When creating a new instance, one of initializeParams.sourceSnapshot or initializeParams.sourceInstantSnapshot initializeParams.sourceImage or disks.source is required except for local SSD. To create a disk with a snapshot that you created, specify the snapshot name in the following format: us-central1-a/instantSnapshots/my-backup If the source instant-snapshot is deleted later, this field will not be set.",
+          "type": "string"
+        },
+        "sourceSnapshot": {
+          "description": "The source snapshot to create this disk. When creating a new instance, one of initializeParams.sourceSnapshot or initializeParams.sourceImage or disks.source is required except for local SSD. To create a disk with a snapshot that you created, specify the snapshot name in the following format: global/snapshots/my-backup If the source snapshot is deleted later, this field will not be set.",
+          "type": "string"
+        },
+        "sourceSnapshotEncryptionKey": {
+          "$ref": "CustomerEncryptionKey",
+          "description": "The customer-supplied encryption key of the source snapshot."
+        },
+        "storagePool": {
+          "description": "The storage pool in which the new disk is created. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /storagePools/storagePool - projects/project/zones/zone/storagePools/storagePool - zones/zone/storagePools/storagePool ",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "AuditConfig": {
+      "description": "Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { \"audit_configs\": [ { \"service\": \"allServices\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\", \"exempted_members\": [ \"user:jose@example.com\" ] }, { \"log_type\": \"DATA_WRITE\" }, { \"log_type\": \"ADMIN_READ\" } ] }, { \"service\": \"sampleservice.googleapis.com\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\" }, { \"log_type\": \"DATA_WRITE\", \"exempted_members\": [ \"user:aliya@example.com\" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.",
+      "id": "AuditConfig",
+      "properties": {
+        "auditLogConfigs": {
+          "description": "The configuration for logging of each type of permission.",
+          "items": {
+            "$ref": "AuditLogConfig"
+          },
+          "type": "array"
+        },
+        "exemptedMembers": {
+          "description": "This is deprecated and has no effect. Do not use.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "service": {
+          "description": "Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "AuditLogConfig": {
+      "description": "Provides the configuration for logging a type of permissions. Example: { \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\", \"exempted_members\": [ \"user:jose@example.com\" ] }, { \"log_type\": \"DATA_WRITE\" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.",
+      "id": "AuditLogConfig",
+      "properties": {
+        "exemptedMembers": {
+          "description": "Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "ignoreChildExemptions": {
+          "description": "This is deprecated and has no effect. Do not use.",
+          "type": "boolean"
+        },
+        "logType": {
+          "description": "The log type that this config enables.",
+          "enum": [
+            "ADMIN_READ",
+            "DATA_READ",
+            "DATA_WRITE",
+            "LOG_TYPE_UNSPECIFIED"
+          ],
+          "enumDescriptions": [
+            "Admin reads. Example: CloudIAM getIamPolicy",
+            "Data reads. Example: CloudSQL Users list",
+            "Data writes. Example: CloudSQL Users create",
+            "Default case. Should never be this."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "AuthenticationPolicy": {
+      "description": "[Deprecated] The authentication settings for the backend service. The authentication settings for the backend service.",
+      "id": "AuthenticationPolicy",
+      "properties": {
+        "origins": {
+          "description": "List of authentication methods that can be used for origin authentication. Similar to peers, these will be evaluated in order the first valid one will be used to set origin identity. If none of these methods pass, the request will be rejected with authentication failed error (401). Leave the list empty if origin authentication is not required.",
+          "items": {
+            "$ref": "OriginAuthenticationMethod"
+          },
+          "type": "array"
+        },
+        "peers": {
+          "description": "List of authentication methods that can be used for peer authentication. They will be evaluated in order the first valid one will be used to set peer identity. If none of these methods pass, the request will be rejected with authentication failed error (401). Leave the list empty if peer authentication is not required.",
+          "items": {
+            "$ref": "PeerAuthenticationMethod"
+          },
+          "type": "array"
+        },
+        "principalBinding": {
+          "description": "Define whether peer or origin identity should be used for principal. Default value is USE_PEER. If peer (or origin) identity is not available, either because peer/origin authentication is not defined, or failed, principal will be left unset. In other words, binding rule does not affect the decision to accept or reject request. This field can be set to one of the following: USE_PEER: Principal will be set to the identity from peer authentication. USE_ORIGIN: Principal will be set to the identity from origin authentication.",
+          "enum": [
+            "INVALID",
+            "USE_ORIGIN",
+            "USE_PEER"
+          ],
+          "enumDescriptions": [
+            "",
+            "Principal will be set to the identity from origin authentication.",
+            "Principal will be set to the identity from peer authentication."
+          ],
+          "type": "string"
+        },
+        "serverTlsContext": {
+          "$ref": "TlsContext",
+          "description": "Configures the mechanism to obtain server-side security certificates and identity information."
+        }
+      },
+      "type": "object"
+    },
+    "AuthorizationConfig": {
+      "description": "[Deprecated] Authorization configuration provides service-level and method-level access control for a service. control for a service.",
+      "id": "AuthorizationConfig",
+      "properties": {
+        "policies": {
+          "description": "List of RbacPolicies.",
+          "items": {
+            "$ref": "RbacPolicy"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "AuthorizationLoggingOptions": {
+      "description": "This is deprecated and has no effect. Do not use.",
+      "id": "AuthorizationLoggingOptions",
+      "properties": {
+        "permissionType": {
+          "description": "This is deprecated and has no effect. Do not use.",
+          "enum": [
+            "ADMIN_READ",
+            "ADMIN_WRITE",
+            "DATA_READ",
+            "DATA_WRITE",
+            "PERMISSION_TYPE_UNSPECIFIED"
+          ],
+          "enumDescriptions": [
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "Autoscaler": {
+      "description": "Represents an Autoscaler resource. Google Compute Engine has two Autoscaler resources: * [Zonal](/compute/docs/reference/rest/alpha/autoscalers) * [Regional](/compute/docs/reference/rest/alpha/regionAutoscalers) Use autoscalers to automatically add or delete instances from a managed instance group according to your defined autoscaling policy. For more information, read Autoscaling Groups of Instances. For zonal managed instance groups resource, use the autoscaler resource. For regional managed instance groups, use the regionAutoscalers resource.",
+      "id": "Autoscaler",
+      "properties": {
+        "autoscalingPolicy": {
+          "$ref": "AutoscalingPolicy",
+          "description": "The configuration parameters for the autoscaling algorithm. You can define one or more signals for an autoscaler: cpuUtilization, customMetricUtilizations, and loadBalancingUtilization. If none of these are specified, the default will be to autoscale based on cpuUtilization to 0.6 or 60%."
+        },
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
+        },
+        "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
+          "type": "string"
+        },
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "kind": {
+          "default": "compute#autoscaler",
+          "description": "[Output Only] Type of the resource. Always compute#autoscaler for autoscalers.",
+          "type": "string"
+        },
+        "name": {
+          "annotations": {
+            "required": [
+              "compute.autoscalers.insert"
+            ]
+          },
+          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "recommendedSize": {
+          "description": "[Output Only] Target recommended MIG size (number of instances) computed by autoscaler. Autoscaler calculates the recommended MIG size even when the autoscaling policy mode is different from ON. This field is empty when autoscaler is not connected to an existing managed instance group or autoscaler did not generate its prediction.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "region": {
+          "description": "[Output Only] URL of the region where the instance group resides (for autoscalers living in regional scope).",
+          "type": "string"
+        },
+        "scalingScheduleStatus": {
+          "additionalProperties": {
+            "$ref": "ScalingScheduleStatus"
+          },
+          "description": "[Output Only] Status information of existing scaling schedules.",
+          "type": "object"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
+          "type": "string"
+        },
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "type": "string"
+        },
+        "status": {
+          "description": "[Output Only] The status of the autoscaler configuration. Current set of possible values: - PENDING: Autoscaler backend hasn't read new/updated configuration. - DELETING: Configuration is being deleted. - ACTIVE: Configuration is acknowledged to be effective. Some warnings might be present in the statusDetails field. - ERROR: Configuration has errors. Actionable for users. Details are present in the statusDetails field. New values might be added in the future.",
+          "enum": [
+            "ACTIVE",
+            "DELETING",
+            "ERROR",
+            "PENDING"
+          ],
+          "enumDescriptions": [
+            "Configuration is acknowledged to be effective",
+            "Configuration is being deleted",
+            "Configuration has errors. Actionable for users.",
+            "Autoscaler backend hasn't read new/updated configuration"
+          ],
+          "type": "string"
+        },
+        "statusDetails": {
+          "description": "[Output Only] Human-readable details about the current state of the autoscaler. Read the documentation for Commonly returned status messages for examples of status messages you might encounter.",
+          "items": {
+            "$ref": "AutoscalerStatusDetails"
+          },
+          "type": "array"
+        },
+        "target": {
+          "description": "URL of the managed instance group that this autoscaler will scale. This field is required when creating an autoscaler.",
+          "type": "string"
+        },
+        "zone": {
+          "description": "[Output Only] URL of the zone where the instance group resides (for autoscalers living in zonal scope).",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "AutoscalerAggregatedList": {
+      "id": "AutoscalerAggregatedList",
+      "properties": {
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "type": "string"
+        },
+        "items": {
+          "additionalProperties": {
+            "$ref": "AutoscalersScopedList",
+            "description": "[Output Only] Name of the scope containing this set of autoscalers."
+          },
+          "description": "A list of AutoscalersScopedList resources.",
+          "type": "object"
+        },
+        "kind": {
+          "default": "compute#autoscalerAggregatedList",
+          "description": "[Output Only] Type of resource. Always compute#autoscalerAggregatedList for aggregated lists of autoscalers.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources. end_interface: MixerListResponseWithEtagBuilder",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "warning": {
+          "description": "[Output Only] Informational warning message.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "AutoscalerList": {
+      "description": "Contains a list of Autoscaler resources.",
+      "id": "AutoscalerList",
+      "properties": {
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "type": "string"
+        },
+        "items": {
+          "description": "A list of Autoscaler resources.",
+          "items": {
+            "$ref": "Autoscaler"
+          },
+          "type": "array"
+        },
+        "kind": {
+          "default": "compute#autoscalerList",
+          "description": "[Output Only] Type of resource. Always compute#autoscalerList for lists of autoscalers.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
+        "warning": {
+          "description": "[Output Only] Informational warning message.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "AutoscalerStatusDetails": {
+      "id": "AutoscalerStatusDetails",
+      "properties": {
+        "message": {
+          "description": "The status message.",
+          "type": "string"
+        },
+        "type": {
+          "description": "The type of error, warning, or notice returned. Current set of possible values: - ALL_INSTANCES_UNHEALTHY (WARNING): All instances in the instance group are unhealthy (not in RUNNING state). - BACKEND_SERVICE_DOES_NOT_EXIST (ERROR): There is no backend service attached to the instance group. - CAPPED_AT_MAX_NUM_REPLICAS (WARNING): Autoscaler recommends a size greater than maxNumReplicas. - CUSTOM_METRIC_DATA_POINTS_TOO_SPARSE (WARNING): The custom metric samples are not exported often enough to be a credible base for autoscaling. - CUSTOM_METRIC_INVALID (ERROR): The custom metric that was specified does not exist or does not have the necessary labels. - MIN_EQUALS_MAX (WARNING): The minNumReplicas is equal to maxNumReplicas. This means the autoscaler cannot add or remove instances from the instance group. - MISSING_CUSTOM_METRIC_DATA_POINTS (WARNING): The autoscaler did not receive any data from the custom metric configured for autoscaling. - MISSING_LOAD_BALANCING_DATA_POINTS (WARNING): The autoscaler is configured to scale based on a load balancing signal but the instance group has not received any requests from the load balancer. - MODE_OFF (WARNING): Autoscaling is turned off. The number of instances in the group won't change automatically. The autoscaling configuration is preserved. - MODE_ONLY_UP (WARNING): Autoscaling is in the \"Autoscale only out\" mode. The autoscaler can add instances but not remove any. - MORE_THAN_ONE_BACKEND_SERVICE (ERROR): The instance group cannot be autoscaled because it has more than one backend service attached to it. - NOT_ENOUGH_QUOTA_AVAILABLE (ERROR): There is insufficient quota for the necessary resources, such as CPU or number of instances. - REGION_RESOURCE_STOCKOUT (ERROR): Shown only for regional autoscalers: there is a resource stockout in the chosen region. - SCALING_TARGET_DOES_NOT_EXIST (ERROR): The target to be scaled does not exist. - UNSUPPORTED_MAX_RATE_LOAD_BALANCING_CONFIGURATION (ERROR): Autoscaling does not work with an HTTP/S load balancer that has been configured for maxRate. - ZONE_RESOURCE_STOCKOUT (ERROR): For zonal autoscalers: there is a resource stockout in the chosen zone. For regional autoscalers: in at least one of the zones you're using there is a resource stockout. New values might be added in the future. Some of the values might not be available in all API versions.",
+          "enum": [
+            "ALL_INSTANCES_UNHEALTHY",
+            "BACKEND_SERVICE_DOES_NOT_EXIST",
+            "CAPPED_AT_MAX_NUM_REPLICAS",
+            "CUSTOM_METRIC_DATA_POINTS_TOO_SPARSE",
+            "CUSTOM_METRIC_INVALID",
+            "MIN_EQUALS_MAX",
+            "MISSING_CUSTOM_METRIC_DATA_POINTS",
+            "MISSING_LOAD_BALANCING_DATA_POINTS",
+            "MODE_OFF",
+            "MODE_ONLY_SCALE_OUT",
+            "MODE_ONLY_UP",
+            "MORE_THAN_ONE_BACKEND_SERVICE",
+            "NOT_ENOUGH_QUOTA_AVAILABLE",
+            "REGION_RESOURCE_STOCKOUT",
+            "SCALING_TARGET_DOES_NOT_EXIST",
+            "SCHEDULED_INSTANCES_GREATER_THAN_AUTOSCALER_MAX",
+            "SCHEDULED_INSTANCES_LESS_THAN_AUTOSCALER_MIN",
+            "UNKNOWN",
+            "UNSUPPORTED_MAX_RATE_LOAD_BALANCING_CONFIGURATION",
+            "ZONE_RESOURCE_STOCKOUT"
+          ],
+          "enumDescriptions": [
+            "All instances in the instance group are unhealthy (not in RUNNING state).",
+            "There is no backend service attached to the instance group.",
+            "Autoscaler recommends a size greater than maxNumReplicas.",
+            "The custom metric samples are not exported often enough to be a credible base for autoscaling.",
+            "The custom metric that was specified does not exist or does not have the necessary labels.",
+            "The minNumReplicas is equal to maxNumReplicas. This means the autoscaler cannot add or remove instances from the instance group.",
+            "The autoscaler did not receive any data from the custom metric configured for autoscaling.",
+            "The autoscaler is configured to scale based on a load balancing signal but the instance group has not received any requests from the load balancer.",
+            "Autoscaling is turned off. The number of instances in the group won't change automatically. The autoscaling configuration is preserved.",
+            "Autoscaling is in the \"Autoscale only scale out\" mode. Instances in the group will be only added.",
+            "Autoscaling is in the \"Autoscale only out\" mode. Instances in the group will be only added.",
+            "The instance group cannot be autoscaled because it has more than one backend service attached to it.",
+            "There is insufficient quota for the necessary resources, such as CPU or number of instances.",
+            "Showed only for regional autoscalers: there is a resource stockout in the chosen region.",
+            "The target to be scaled does not exist.",
+            "For some scaling schedules minRequiredReplicas is greater than maxNumReplicas. Autoscaler always recommends at most maxNumReplicas instances.",
+            "For some scaling schedules minRequiredReplicas is less than minNumReplicas. Autoscaler always recommends at least minNumReplicas instances.",
+            "",
+            "Autoscaling does not work with an HTTP/S load balancer that has been configured for maxRate.",
+            "For zonal autoscalers: there is a resource stockout in the chosen zone. For regional autoscalers: in at least one of the zones you're using there is a resource stockout."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "AutoscalersScopedList": {
+      "id": "AutoscalersScopedList",
+      "properties": {
+        "autoscalers": {
+          "description": "[Output Only] A list of autoscalers contained in this scope.",
+          "items": {
+            "$ref": "Autoscaler"
+          },
+          "type": "array"
+        },
+        "warning": {
+          "description": "[Output Only] Informational warning which replaces the list of autoscalers when the list is empty.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "AutoscalingPolicy": {
+      "description": "Cloud Autoscaler policy.",
+      "id": "AutoscalingPolicy",
+      "properties": {
+        "coolDownPeriodSec": {
+          "description": "The number of seconds that your application takes to initialize on a VM instance. This is referred to as the [initialization period](/compute/docs/autoscaler#cool_down_period). Specifying an accurate initialization period improves autoscaler decisions. For example, when scaling out, the autoscaler ignores data from VMs that are still initializing because those VMs might not yet represent normal usage of your application. The default initialization period is 60 seconds. Initialization periods might vary because of numerous factors. We recommend that you test how long your application takes to initialize. To do this, create a VM and time your application's startup process.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "cpuUtilization": {
+          "$ref": "AutoscalingPolicyCpuUtilization",
+          "description": "Defines the CPU utilization policy that allows the autoscaler to scale based on the average CPU utilization of a managed instance group."
+        },
+        "customMetricUtilizations": {
+          "description": "Configuration parameters of autoscaling based on a custom metric.",
+          "items": {
+            "$ref": "AutoscalingPolicyCustomMetricUtilization"
+          },
+          "type": "array"
+        },
+        "loadBalancingUtilization": {
+          "$ref": "AutoscalingPolicyLoadBalancingUtilization",
+          "description": "Configuration parameters of autoscaling based on load balancer."
+        },
+        "maxNumReplicas": {
+          "description": "The maximum number of instances that the autoscaler can scale out to. This is required when creating or updating an autoscaler. The maximum number of replicas must not be lower than minimal number of replicas.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "minNumReplicas": {
+          "description": "The minimum number of replicas that the autoscaler can scale in to. This cannot be less than 0. If not provided, autoscaler chooses a default value depending on maximum number of instances allowed.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "mode": {
+          "description": "Defines the operating mode for this policy. The following modes are available: - OFF: Disables the autoscaler but maintains its configuration. - ONLY_SCALE_OUT: Restricts the autoscaler to add VM instances only. - ON: Enables all autoscaler activities according to its policy. For more information, see \"Turning off or restricting an autoscaler\"",
+          "enum": [
+            "OFF",
+            "ON",
+            "ONLY_SCALE_OUT",
+            "ONLY_UP"
+          ],
+          "enumDescriptions": [
+            "Do not automatically scale the MIG in or out. The recommended_size field contains the size of MIG that would be set if the actuation mode was enabled.",
+            "Automatically scale the MIG in and out according to the policy.",
+            "Automatically create VMs according to the policy, but do not scale the MIG in.",
+            "Automatically create VMs according to the policy, but do not scale the MIG in."
+          ],
+          "type": "string"
+        },
+        "scaleDownControl": {
+          "$ref": "AutoscalingPolicyScaleDownControl"
+        },
+        "scaleInControl": {
+          "$ref": "AutoscalingPolicyScaleInControl"
+        },
+        "scalingSchedules": {
+          "additionalProperties": {
+            "$ref": "AutoscalingPolicyScalingSchedule"
+          },
+          "description": "Scaling schedules defined for an autoscaler. Multiple schedules can be set on an autoscaler, and they can overlap. During overlapping periods the greatest min_required_replicas of all scaling schedules is applied. Up to 128 scaling schedules are allowed.",
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "AutoscalingPolicyCpuUtilization": {
+      "description": "CPU utilization policy.",
+      "id": "AutoscalingPolicyCpuUtilization",
+      "properties": {
+        "predictiveMethod": {
+          "description": "Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: * NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. * OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand.",
+          "enum": [
+            "NONE",
+            "OPTIMIZE_AVAILABILITY",
+            "PREDICTIVE_METHOD_UNSPECIFIED",
+            "STANDARD"
+          ],
+          "enumDescriptions": [
+            "No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics",
+            "Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand.",
+            "",
+            "Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. This value is being DEPRECATED - it won't be promoted to beta and v1. Use OPTIMIZE_AVAILABILITY instead."
+          ],
+          "type": "string"
+        },
+        "utilizationTarget": {
+          "description": "The target CPU utilization that the autoscaler maintains. Must be a float value in the range (0, 1]. If not specified, the default is 0.6. If the CPU level is below the target utilization, the autoscaler scales in the number of instances until it reaches the minimum number of instances you specified or until the average CPU of your instances reaches the target utilization. If the average CPU is above the target utilization, the autoscaler scales out until it reaches the maximum number of instances you specified or until the average utilization reaches the target utilization.",
+          "format": "double",
+          "type": "number"
+        }
+      },
+      "type": "object"
+    },
+    "AutoscalingPolicyCustomMetricUtilization": {
+      "description": "Custom utilization metric policy.",
+      "id": "AutoscalingPolicyCustomMetricUtilization",
+      "properties": {
+        "filter": {
+          "description": "A filter string, compatible with a Stackdriver Monitoring filter string for TimeSeries.list API call. This filter is used to select a specific TimeSeries for the purpose of autoscaling and to determine whether the metric is exporting per-instance or per-group data. For the filter to be valid for autoscaling purposes, the following rules apply: - You can only use the AND operator for joining selectors. - You can only use direct equality comparison operator (=) without any functions for each selector. - You can specify the metric in both the filter string and in the metric field. However, if specified in both places, the metric must be identical. - The monitored resource type determines what kind of values are expected for the metric. If it is a gce_instance, the autoscaler expects the metric to include a separate TimeSeries for each instance in a group. In such a case, you cannot filter on resource labels. If the resource type is any other value, the autoscaler expects this metric to contain values that apply to the entire autoscaled instance group and resource label filtering can be performed to point autoscaler at the correct TimeSeries to scale upon. This is called a *per-group metric* for the purpose of autoscaling. If not specified, the type defaults to gce_instance. Try to provide a filter that is selective enough to pick just one TimeSeries for the autoscaled group or for each of the instances (if you are using gce_instance resource type). If multiple TimeSeries are returned upon the query execution, the autoscaler will sum their respective values to obtain its scaling value.",
+          "type": "string"
+        },
+        "metric": {
+          "description": "The identifier (type) of the Stackdriver Monitoring metric. The metric cannot have negative values. The metric must have a value type of INT64 or DOUBLE.",
+          "type": "string"
+        },
+        "singleInstanceAssignment": {
+          "description": "If scaling is based on a per-group metric value that represents the total amount of work to be done or resource usage, set this value to an amount assigned for a single instance of the scaled group. Autoscaler keeps the number of instances proportional to the value of this metric. The metric itself does not change value due to group resizing. A good metric to use with the target is for example pubsub.googleapis.com/subscription/num_undelivered_messages or a custom metric exporting the total number of requests coming to your instances. A bad example would be a metric exporting an average or median latency, since this value can't include a chunk assignable to a single instance, it could be better used with utilization_target instead.",
+          "format": "double",
+          "type": "number"
+        },
+        "utilizationTarget": {
+          "description": "The target value of the metric that autoscaler maintains. This must be a positive value. A utilization metric scales number of virtual machines handling requests to increase or decrease proportionally to the metric. For example, a good metric to use as a utilization_target is https://www.googleapis.com/compute/v1/instance/network/received_bytes_count. The autoscaler works to keep this value constant for each of the instances.",
+          "format": "double",
+          "type": "number"
+        },
+        "utilizationTargetType": {
+          "description": "Defines how target utilization value is expressed for a Stackdriver Monitoring metric. Either GAUGE, DELTA_PER_SECOND, or DELTA_PER_MINUTE.",
+          "enum": [
+            "DELTA_PER_MINUTE",
+            "DELTA_PER_SECOND",
+            "GAUGE"
+          ],
+          "enumDescriptions": [
+            "Sets the utilization target value for a cumulative or delta metric, expressed as the rate of growth per minute.",
+            "Sets the utilization target value for a cumulative or delta metric, expressed as the rate of growth per second.",
+            "Sets the utilization target value for a gauge metric. The autoscaler will collect the average utilization of the virtual machines from the last couple of minutes, and compare the value to the utilization target value to perform autoscaling."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "AutoscalingPolicyLoadBalancingUtilization": {
+      "description": "Configuration parameters of autoscaling based on load balancing.",
+      "id": "AutoscalingPolicyLoadBalancingUtilization",
+      "properties": {
+        "utilizationTarget": {
+          "description": "Fraction of backend capacity utilization (set in HTTP(S) load balancing configuration) that the autoscaler maintains. Must be a positive float value. If not defined, the default is 0.8.",
+          "format": "double",
+          "type": "number"
+        }
+      },
+      "type": "object"
+    },
+    "AutoscalingPolicyScaleDownControl": {
+      "description": "Configuration that allows for slower scale in so that even if Autoscaler recommends an abrupt scale in of a MIG, it will be throttled as specified by the parameters below.",
+      "id": "AutoscalingPolicyScaleDownControl",
+      "properties": {
+        "maxScaledDownReplicas": {
+          "$ref": "FixedOrPercent",
+          "description": "Maximum allowed number (or %) of VMs that can be deducted from the peak recommendation during the window autoscaler looks at when computing recommendations. Possibly all these VMs can be deleted at once so user service needs to be prepared to lose that many VMs in one step."
+        },
+        "timeWindowSec": {
+          "description": "How far back autoscaling looks when computing recommendations to include directives regarding slower scale in, as described above.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "AutoscalingPolicyScaleInControl": {
+      "description": "Configuration that allows for slower scale in so that even if Autoscaler recommends an abrupt scale in of a MIG, it will be throttled as specified by the parameters below.",
+      "id": "AutoscalingPolicyScaleInControl",
+      "properties": {
+        "maxScaledInReplicas": {
+          "$ref": "FixedOrPercent",
+          "description": "Maximum allowed number (or %) of VMs that can be deducted from the peak recommendation during the window autoscaler looks at when computing recommendations. Possibly all these VMs can be deleted at once so user service needs to be prepared to lose that many VMs in one step."
+        },
+        "timeWindowSec": {
+          "description": "How far back autoscaling looks when computing recommendations to include directives regarding slower scale in, as described above.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "AutoscalingPolicyScalingSchedule": {
+      "description": "Scaling based on user-defined schedule. The message describes a single scaling schedule. A scaling schedule changes the minimum number of VM instances an autoscaler can recommend, which can trigger scaling out.",
+      "id": "AutoscalingPolicyScalingSchedule",
+      "properties": {
+        "description": {
+          "description": "A description of a scaling schedule.",
+          "type": "string"
+        },
+        "disabled": {
+          "description": "A boolean value that specifies whether a scaling schedule can influence autoscaler recommendations. If set to true, then a scaling schedule has no effect. This field is optional, and its value is false by default.",
+          "type": "boolean"
+        },
+        "durationSec": {
+          "description": "The duration of time intervals, in seconds, for which this scaling schedule is to run. The minimum allowed value is 300. This field is required.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "minRequiredReplicas": {
+          "description": "The minimum number of VM instances that the autoscaler will recommend in time intervals starting according to schedule. This field is required.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "schedule": {
+          "description": "The start timestamps of time intervals when this scaling schedule is to provide a scaling signal. This field uses the extended cron format (with an optional year field). The expression can describe a single timestamp if the optional year is set, in which case the scaling schedule runs once. The schedule is interpreted with respect to time_zone. This field is required. Note: These timestamps only describe when autoscaler starts providing the scaling signal. The VMs need additional time to become serving.",
+          "type": "string"
+        },
+        "timeZone": {
+          "description": "The time zone to use when interpreting the schedule. The value of this field must be a time zone name from the tz database: http://en.wikipedia.org/wiki/Tz_database. This field is assigned a default value of “UTC” if left empty.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "Backend": {
+      "description": "Message containing information of one individual backend.",
+      "id": "Backend",
+      "properties": {
+        "balancingMode": {
+          "description": "Specifies how to determine whether the backend of a load balancer can handle additional traffic or is fully loaded. For usage guidelines, see Connection balancing mode. Backends must use compatible balancing modes. For more information, see Supported balancing modes and target capacity settings and Restrictions and guidance for instance groups. Note: Currently, if you use the API to configure incompatible balancing modes, the configuration might be accepted even though it has no impact and is ignored. Specifically, Backend.maxUtilization is ignored when Backend.balancingMode is RATE. In the future, this incompatible combination will be rejected.",
+          "enum": [
+            "CONNECTION",
+            "RATE",
+            "UTILIZATION"
+          ],
+          "enumDescriptions": [
+            "Balance based on the number of simultaneous connections.",
+            "Balance based on requests per second (RPS).",
+            "Balance based on the backend utilization."
+          ],
+          "type": "string"
+        },
+        "capacityScaler": {
+          "description": "A multiplier applied to the backend's target capacity of its balancing mode. The default value is 1, which means the group serves up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available capacity. The valid ranges are 0.0 and [0.1,1.0]. You cannot configure a setting larger than 0 and smaller than 0.1. You cannot configure a setting of 0 when there is only one backend attached to the backend service. Not available with backends that don't support using a balancingMode. This includes backends such as global internet NEGs, regional serverless NEGs, and PSC NEGs.",
+          "format": "float",
+          "type": "number"
+        },
+        "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
+          "type": "string"
+        },
+        "failover": {
+          "description": "This field designates whether this is a failover backend. More than one failover backend can be configured for a given BackendService.",
+          "type": "boolean"
+        },
+        "group": {
+          "description": "The fully-qualified URL of an instance group or network endpoint group (NEG) resource. To determine what types of backends a load balancer supports, see the [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service#backends). You must use the *fully-qualified* URL (starting with https://www.googleapis.com/) to specify the instance group or NEG. Partial URLs are not supported.",
+          "type": "string"
+        },
+        "maxConnections": {
+          "description": "Defines a target maximum number of simultaneous connections. For usage guidelines, see Connection balancing mode and Utilization balancing mode. Not available if the backend's balancingMode is RATE.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "maxConnectionsPerEndpoint": {
+          "description": "Defines a target maximum number of simultaneous connections. For usage guidelines, see Connection balancing mode and Utilization balancing mode. Not available if the backend's balancingMode is RATE.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "maxConnectionsPerInstance": {
+          "description": "Defines a target maximum number of simultaneous connections. For usage guidelines, see Connection balancing mode and Utilization balancing mode. Not available if the backend's balancingMode is RATE.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "maxRate": {
+          "description": "Defines a maximum number of HTTP requests per second (RPS). For usage guidelines, see Rate balancing mode and Utilization balancing mode. Not available if the backend's balancingMode is CONNECTION.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "maxRatePerEndpoint": {
+          "description": "Defines a maximum target for requests per second (RPS). For usage guidelines, see Rate balancing mode and Utilization balancing mode. Not available if the backend's balancingMode is CONNECTION.",
+          "format": "float",
+          "type": "number"
+        },
+        "maxRatePerInstance": {
+          "description": "Defines a maximum target for requests per second (RPS). For usage guidelines, see Rate balancing mode and Utilization balancing mode. Not available if the backend's balancingMode is CONNECTION.",
+          "format": "float",
+          "type": "number"
+        },
+        "maxUtilization": {
+          "description": "Optional parameter to define a target capacity for the UTILIZATION balancing mode. The valid range is [0.0, 1.0]. For usage guidelines, see Utilization balancing mode.",
+          "format": "float",
+          "type": "number"
+        },
+        "preference": {
+          "description": "This field indicates whether this backend should be fully utilized before sending traffic to backends with default preference. The possible values are: - PREFERRED: Backends with this preference level will be filled up to their capacity limits first, based on RTT. - DEFAULT: If preferred backends don't have enough capacity, backends in this layer would be used and traffic would be assigned based on the load balancing algorithm you use. This is the default ",
+          "enum": [
+            "DEFAULT",
+            "PREFERENCE_UNSPECIFIED",
+            "PREFERRED"
+          ],
+          "enumDescriptions": [
+            "No preference.",
+            "If preference is unspecified, we set it to the DEFAULT value",
+            "Traffic will be sent to this backend first."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "BackendBucket": {
+      "description": "Represents a Cloud Storage Bucket resource. This Cloud Storage bucket resource is referenced by a URL map of a load balancer. For more information, read Backend Buckets.",
+      "id": "BackendBucket",
+      "properties": {
+        "bucketName": {
+          "description": "Cloud Storage bucket name.",
+          "type": "string"
+        },
+        "cdnPolicy": {
+          "$ref": "BackendBucketCdnPolicy",
+          "description": "Cloud CDN configuration for this BackendBucket."
+        },
+        "compressionMode": {
+          "description": "Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header.",
+          "enum": [
+            "AUTOMATIC",
+            "DISABLED"
+          ],
+          "enumDescriptions": [
+            "Automatically uses the best compression based on the Accept-Encoding header sent by the client.",
+            "Disables compression. Existing compressed responses cached by Cloud CDN will not be served to clients."
+          ],
+          "type": "string"
+        },
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
+        },
+        "customResponseHeaders": {
+          "description": "Headers that the Application Load Balancer should add to proxied responses.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "description": {
+          "description": "An optional textual description of the resource; provided by the client when the resource is created.",
+          "type": "string"
+        },
+        "edgeSecurityPolicy": {
+          "description": "[Output Only] The resource URL for the edge security policy associated with this backend bucket.",
+          "type": "string"
+        },
+        "enableCdn": {
+          "description": "If true, enable Cloud CDN for this BackendBucket.",
+          "type": "boolean"
+        },
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "kind": {
+          "default": "compute#backendBucket",
+          "description": "Type of the resource.",
+          "type": "string"
+        },
+        "name": {
+          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
+          "type": "string"
+        },
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "BackendBucketCdnPolicy": {
+      "description": "Message containing Cloud CDN configuration for a backend bucket.",
+      "id": "BackendBucketCdnPolicy",
+      "properties": {
+        "bypassCacheOnRequestHeaders": {
+          "description": "Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings.",
+          "items": {
+            "$ref": "BackendBucketCdnPolicyBypassCacheOnRequestHeader"
+          },
+          "type": "array"
+        },
+        "cacheKeyPolicy": {
+          "$ref": "BackendBucketCdnPolicyCacheKeyPolicy",
+          "description": "The CacheKeyPolicy for this CdnPolicy."
+        },
+        "cacheMode": {
+          "description": "Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any \"private\", \"no-store\" or \"no-cache\" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.",
+          "enum": [
+            "CACHE_ALL_STATIC",
+            "FORCE_CACHE_ALL",
+            "INVALID_CACHE_MODE",
+            "USE_ORIGIN_HEADERS"
+          ],
+          "enumDescriptions": [
+            "Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.",
+            "Cache all content, ignoring any \"private\", \"no-store\" or \"no-cache\" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content.",
+            "",
+            "Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server."
+          ],
+          "type": "string"
+        },
+        "clientTtl": {
+          "description": "Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a \"public\" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a \"public\" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).",
+          "format": "int32",
+          "type": "integer"
+        },
+        "defaultTtl": {
+          "description": "Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of \"0\" means \"always revalidate\". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "maxTtl": {
+          "description": "Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of \"0\" means \"always revalidate\". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "negativeCaching": {
+          "description": "Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.",
+          "type": "boolean"
+        },
+        "negativeCachingPolicy": {
+          "description": "Sets a cache TTL for the specified HTTP status code. negative_caching must be enabled to configure negative_caching_policy. Omitting the policy and leaving negative_caching enabled will use Cloud CDN's default cache TTLs. Note that when specifying an explicit negative_caching_policy, you should take care to specify a cache TTL for all response codes that you wish to cache. Cloud CDN will not apply any default negative caching when a policy exists.",
+          "items": {
+            "$ref": "BackendBucketCdnPolicyNegativeCachingPolicy"
+          },
+          "type": "array"
+        },
+        "requestCoalescing": {
+          "description": "If true then Cloud CDN will combine multiple concurrent cache fill requests into a small number of requests to the origin.",
+          "type": "boolean"
+        },
+        "serveWhileStale": {
+          "description": "Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache. This setting defines the default \"max-stale\" duration for any cached responses that do not specify a max-stale directive. Stale responses that exceed the TTL configured here will not be served. The default limit (max-stale) is 86400s (1 day), which will allow stale content to be served up to this limit beyond the max-age (or s-max-age) of a cached response. The maximum allowed value is 604800 (1 week). Set this to zero (0) to disable serve-while-stale.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "signedUrlCacheMaxAgeSec": {
+          "description": "Maximum number of seconds the response to a signed URL request will be considered fresh. After this time period, the response will be revalidated before being served. Defaults to 1hr (3600s). When serving responses to signed URL requests, Cloud CDN will internally behave as though all responses from this backend had a \"Cache-Control: public, max-age=[TTL]\" header, regardless of any existing Cache-Control header. The actual headers served in responses will not be altered.",
+          "format": "int64",
+          "type": "string"
+        },
+        "signedUrlKeyNames": {
+          "description": "[Output Only] Names of the keys for signing request URLs.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "BackendBucketCdnPolicyBypassCacheOnRequestHeader": {
+      "description": "Bypass the cache when the specified request headers are present, e.g. Pragma or Authorization headers. Values are case insensitive. The presence of such a header overrides the cache_mode setting.",
+      "id": "BackendBucketCdnPolicyBypassCacheOnRequestHeader",
+      "properties": {
+        "headerName": {
+          "description": "The header field name to match on when bypassing cache. Values are case-insensitive.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "BackendBucketCdnPolicyCacheKeyPolicy": {
+      "description": "Message containing what to include in the cache key for a request for Cloud CDN.",
+      "id": "BackendBucketCdnPolicyCacheKeyPolicy",
+      "properties": {
+        "includeHttpHeaders": {
+          "description": "Allows HTTP request headers (by name) to be used in the cache key.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "queryStringWhitelist": {
+          "description": "Names of query string parameters to include in cache keys. Default parameters are always included. '\u0026' and '=' will be percent encoded and not treated as delimiters.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "BackendBucketCdnPolicyNegativeCachingPolicy": {
+      "description": "Specify CDN TTLs for response error codes.",
+      "id": "BackendBucketCdnPolicyNegativeCachingPolicy",
+      "properties": {
+        "code": {
+          "description": "The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 302, 307, 308, 404, 405, 410, 421, 451 and 501 are can be specified as values, and you cannot specify a status code more than once.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "ttl": {
+          "description": "The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "BackendBucketList": {
+      "description": "Contains a list of BackendBucket resources.",
+      "id": "BackendBucketList",
+      "properties": {
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "type": "string"
+        },
+        "items": {
+          "description": "A list of BackendBucket resources.",
+          "items": {
+            "$ref": "BackendBucket"
+          },
+          "type": "array"
+        },
+        "kind": {
+          "default": "compute#backendBucketList",
+          "description": "Type of resource.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
+        "warning": {
+          "description": "[Output Only] Informational warning message.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "BackendService": {
+      "description": "Represents a Backend Service resource. A backend service defines how Google Cloud load balancers distribute traffic. The backend service configuration contains a set of values, such as the protocol used to connect to backends, various distribution and session settings, health checks, and timeouts. These settings provide fine-grained control over how your load balancer behaves. Most of the settings have default values that allow for easy configuration if you need to get started quickly. Backend services in Google Compute Engine can be either regionally or globally scoped. * [Global](https://cloud.google.com/compute/docs/reference/rest/alpha/backendServices) * [Regional](https://cloud.google.com/compute/docs/reference/rest/alpha/regionBackendServices) For more information, see Backend Services.",
+      "id": "BackendService",
+      "properties": {
+        "affinityCookieTtlSec": {
+          "description": "Lifetime of cookies in seconds. This setting is applicable to external and internal HTTP(S) load balancers and Traffic Director and requires GENERATED_COOKIE or HTTP_COOKIE session affinity. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value is two weeks (1,209,600). Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "backends": {
+          "description": "The list of backends that serve this BackendService.",
+          "items": {
+            "$ref": "Backend"
+          },
+          "type": "array"
+        },
+        "cdnPolicy": {
+          "$ref": "BackendServiceCdnPolicy",
+          "description": "Cloud CDN configuration for this BackendService. Only available for specified load balancer types."
+        },
+        "circuitBreakers": {
+          "$ref": "CircuitBreakers"
+        },
+        "compressionMode": {
+          "description": "Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header.",
+          "enum": [
+            "AUTOMATIC",
+            "DISABLED"
+          ],
+          "enumDescriptions": [
+            "Automatically uses the best compression based on the Accept-Encoding header sent by the client.",
+            "Disables compression. Existing compressed responses cached by Cloud CDN will not be served to clients."
+          ],
+          "type": "string"
+        },
+        "connectionDraining": {
+          "$ref": "ConnectionDraining"
+        },
+        "connectionTrackingPolicy": {
+          "$ref": "BackendServiceConnectionTrackingPolicy",
+          "description": "Connection Tracking configuration for this BackendService. Connection tracking policy settings are only available for Network Load Balancing and Internal TCP/UDP Load Balancing."
+        },
+        "consistentHash": {
+          "$ref": "ConsistentHashLoadBalancerSettings",
+          "description": "Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field is only applicable when localityLbPolicy is set to MAGLEV or RING_HASH. This field is applicable to either: - A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED. - A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. "
+        },
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
+        },
+        "customRequestHeaders": {
+          "description": "Headers that the load balancer adds to proxied requests. See [Creating custom headers](https://cloud.google.com/load-balancing/docs/custom-headers).",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "customResponseHeaders": {
+          "description": "Headers that the load balancer adds to proxied responses. See [Creating custom headers](https://cloud.google.com/load-balancing/docs/custom-headers).",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
+          "type": "string"
+        },
+        "edgeSecurityPolicy": {
+          "description": "[Output Only] The resource URL for the edge security policy associated with this backend service.",
+          "type": "string"
+        },
+        "enableCDN": {
+          "description": "If true, enables Cloud CDN for the backend service of an external HTTP(S) load balancer.",
+          "type": "boolean"
+        },
+        "failoverPolicy": {
+          "$ref": "BackendServiceFailoverPolicy",
+          "description": "Requires at least one backend instance group to be defined as a backup (failover) backend. For load balancers that have configurable failover: [Internal TCP/UDP Load Balancing](https://cloud.google.com/load-balancing/docs/internal/failover-overview) and [external TCP/UDP Load Balancing](https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview)."
+        },
+        "fingerprint": {
+          "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a BackendService. An up-to-date fingerprint must be provided in order to update the BackendService, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a BackendService.",
+          "format": "byte",
+          "type": "string"
+        },
+        "healthChecks": {
+          "description": "The list of URLs to the healthChecks, httpHealthChecks (legacy), or httpsHealthChecks (legacy) resource for health checking this backend service. Not all backend services support legacy health checks. See Load balancer guide. Currently, at most one health check can be specified for each backend service. Backend services with instance group or zonal NEG backends must have a health check. Backend services with internet or serverless NEG backends must not have a health check.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "iap": {
+          "$ref": "BackendServiceIAP",
+          "description": "The configurations for Identity-Aware Proxy on this resource. Not available for Internal TCP/UDP Load Balancing and Network Load Balancing."
+        },
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "ipAddressSelectionPolicy": {
+          "description": "Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). The possible values are: - IPV4_ONLY: Only send IPv4 traffic to the backends of the Backend Service (Instance Group, Managed Instance Group, Network Endpoint Group) regardless of traffic from the client to the proxy. Only IPv4 health-checks are used to check the health of the backends. This is the default setting. - PREFER_IPV6: Prioritize the connection to the endpoints IPv6 address over its IPv4 address (provided there is a healthy IPv6 address). - IPV6_ONLY: Only send IPv6 traffic to the backends of the Backend Service (Instance Group, Managed Instance Group, Network Endpoint Group) regardless of traffic from the client to the proxy. Only IPv6 health-checks are used to check the health of the backends. This field is applicable to either: - Advanced Global External HTTPS Load Balancing (load balancing scheme EXTERNAL_MANAGED), - Regional External HTTPS Load Balancing, - Internal TCP Proxy (load balancing scheme INTERNAL_MANAGED), - Regional Internal HTTPS Load Balancing (load balancing scheme INTERNAL_MANAGED), - Traffic Director with Envoy proxies and proxyless gRPC (load balancing scheme INTERNAL_SELF_MANAGED). ",
+          "enum": [
+            "IPV4_ONLY",
+            "IPV6_ONLY",
+            "IP_ADDRESS_SELECTION_POLICY_UNSPECIFIED",
+            "PREFER_IPV6"
+          ],
+          "enumDescriptions": [
+            "Only send IPv4 traffic to the backends of the Backend Service (Instance Group, Managed Instance Group, Network Endpoint Group) regardless of traffic from the client to the proxy. Only IPv4 health-checks are used to check the health of the backends. This is the default setting.",
+            "Only send IPv6 traffic to the backends of the Backend Service (Instance Group, Managed Instance Group, Network Endpoint Group) regardless of traffic from the client to the proxy. Only IPv6 health-checks are used to check the health of the backends.",
+            "Unspecified IP address selection policy.",
+            "Prioritize the connection to the endpoints IPv6 address over its IPv4 address (provided there is a healthy IPv6 address)."
+          ],
+          "type": "string"
+        },
+        "kind": {
+          "default": "compute#backendService",
+          "description": "[Output Only] Type of resource. Always compute#backendService for backend services.",
+          "type": "string"
+        },
+        "loadBalancingScheme": {
+          "description": "Specifies the load balancer type. A backend service created for one type of load balancer cannot be used with another. For more information, refer to Choosing a load balancer.",
+          "enum": [
+            "EXTERNAL",
+            "EXTERNAL_MANAGED",
+            "INTERNAL",
+            "INTERNAL_MANAGED",
+            "INTERNAL_SELF_MANAGED",
+            "INVALID_LOAD_BALANCING_SCHEME"
+          ],
+          "enumDescriptions": [
+            "Signifies that this will be used for external HTTP(S), SSL Proxy, TCP Proxy, or Network Load Balancing",
+            "Signifies that this will be used for External Managed HTTP(S) Load Balancing.",
+            "Signifies that this will be used for Internal TCP/UDP Load Balancing.",
+            "Signifies that this will be used for Internal HTTP(S) Load Balancing.",
+            "Signifies that this will be used by Traffic Director.",
+            ""
+          ],
+          "type": "string"
+        },
+        "localityLbPolicies": {
+          "description": "A list of locality load-balancing policies to be used in order of preference. When you use localityLbPolicies, you must set at least one value for either the localityLbPolicies[].policy or the localityLbPolicies[].customPolicy field. localityLbPolicies overrides any value set in the localityLbPolicy field. For an example of how to use this field, see Define a list of preferred policies. Caution: This field and its children are intended for use in a service mesh that includes gRPC clients only. Envoy proxies can't use backend services that have this configuration.",
+          "items": {
+            "$ref": "BackendServiceLocalityLoadBalancingPolicyConfig"
+          },
+          "type": "array"
+        },
+        "localityLbPolicy": {
+          "description": "The load balancing algorithm used within the scope of the locality. The possible values are: - ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order. This is the default. - LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests. - RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests. - RANDOM: The load balancer selects a random healthy host. - ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer. - MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, see https://ai.google/research/pubs/pub44824 This field is applicable to either: - A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED. - A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. If sessionAffinity is not NONE, and this field is not set to MAGLEV or RING_HASH, session affinity settings will not take effect. Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.",
+          "enum": [
+            "INVALID_LB_POLICY",
+            "LEAST_REQUEST",
+            "MAGLEV",
+            "ORIGINAL_DESTINATION",
+            "RANDOM",
+            "RING_HASH",
+            "ROUND_ROBIN",
+            "WEIGHTED_MAGLEV"
+          ],
+          "enumDescriptions": [
+            "",
+            "An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.",
+            "This algorithm implements consistent hashing to backends. Maglev can be used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, see https://ai.google/research/pubs/pub44824",
+            "Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.",
+            "The load balancer selects a random healthy host.",
+            "The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.",
+            "This is a simple policy in which each healthy backend is selected in round robin order. This is the default.",
+            "Per-instance weighted Load Balancing via health check reported weights. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weighted based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight. This option is only supported in Network Load Balancing."
+          ],
+          "type": "string"
+        },
+        "logConfig": {
+          "$ref": "BackendServiceLogConfig",
+          "description": "This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver."
+        },
+        "maxStreamDuration": {
+          "$ref": "Duration",
+          "description": "Specifies the default maximum duration (timeout) for streams to this service. Duration is computed from the beginning of the stream until the response has been completely processed, including all retries. A stream that does not complete in this duration is closed. If not specified, there will be no timeout limit, i.e. the maximum duration is infinite. This value can be overridden in the PathMatcher configuration of the UrlMap that references this backend service. This field is only allowed when the loadBalancingScheme of the backend service is INTERNAL_SELF_MANAGED."
+        },
+        "metadatas": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Deployment metadata associated with the resource to be set by a GKE hub controller and read by the backend RCTH",
+          "type": "object"
+        },
+        "name": {
+          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "network": {
+          "description": "The URL of the network to which this backend service belongs. This field can only be specified when the load balancing scheme is set to INTERNAL.",
+          "type": "string"
+        },
+        "outlierDetection": {
+          "$ref": "OutlierDetection",
+          "description": "Settings controlling the ejection of unhealthy backend endpoints from the load balancing pool of each individual proxy instance that processes the traffic for the given backend service. If not set, this feature is considered disabled. Results of the outlier detection algorithm (ejection of endpoints from the load balancing pool and returning them back to the pool) are executed independently by each proxy instance of the load balancer. In most cases, more than one proxy instance handles the traffic received by a backend service. Thus, it is possible that an unhealthy endpoint is detected and ejected by only some of the proxies, and while this happens, other proxies may continue to send requests to the same unhealthy endpoint until they detect and eject the unhealthy endpoint. Applicable backend endpoints can be: - VM instances in an Instance Group - Endpoints in a Zonal NEG (GCE_VM_IP, GCE_VM_IP_PORT) - Endpoints in a Hybrid Connectivity NEG (NON_GCP_PRIVATE_IP_PORT) - Serverless NEGs, that resolve to Cloud Run, App Engine, or Cloud Functions Services - Private Service Connect NEGs, that resolve to Google-managed regional API endpoints or managed services published using Private Service Connect Applicable backend service types can be: - A global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. - A regional backend service with the serviceProtocol set to HTTP, HTTPS, or HTTP2, and loadBalancingScheme set to INTERNAL_MANAGED or EXTERNAL_MANAGED. Not supported for Serverless NEGs. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true."
+        },
+        "port": {
+          "deprecated": true,
+          "description": "Deprecated in favor of portName. The TCP port to connect on the backend. The default value is 80. For Internal TCP/UDP Load Balancing and Network Load Balancing, omit port.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "portName": {
+          "description": "A named port on a backend instance group representing the port for communication to the backend VMs in that group. The named port must be [defined on each backend instance group](https://cloud.google.com/load-balancing/docs/backend-service#named_ports). This parameter has no meaning if the backends are NEGs. For Internal TCP/UDP Load Balancing and Network Load Balancing, omit port_name.",
+          "type": "string"
+        },
+        "protocol": {
+          "description": "The protocol this BackendService uses to communicate with backends. Possible values are HTTP, HTTPS, HTTP2, TCP, SSL, UDP or GRPC. depending on the chosen load balancer or Traffic Director configuration. Refer to the documentation for the load balancers or for Traffic Director for more information. Must be set to GRPC when the backend service is referenced by a URL map that is bound to target gRPC proxy.",
+          "enum": [
+            "ALL",
+            "GRPC",
+            "HTTP",
+            "HTTP2",
+            "HTTPS",
+            "SSL",
+            "TCP",
+            "UDP",
+            "UNSPECIFIED"
+          ],
+          "enumDescriptions": [
+            "ALL includes TCP, UDP, ICMP, ESP, AH and SCTP. Note that this should never be used together with target_xx_proxies.",
+            "gRPC (available for Traffic Director).",
+            "",
+            "HTTP/2 with SSL.",
+            "",
+            "TCP proxying with SSL.",
+            "TCP proxying or TCP pass-through.",
+            "UDP.",
+            "If a Backend Service has UNSPECIFIED as its protocol, it can be used with any L3/L4 Forwarding Rules."
+          ],
+          "type": "string"
+        },
+        "region": {
+          "description": "[Output Only] URL of the region where the regional backend service resides. This field is not applicable to global backend services. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
+          "type": "string"
+        },
+        "securityPolicy": {
+          "description": "[Output Only] The resource URL for the security policy associated with this backend service.",
+          "type": "string"
+        },
+        "securitySettings": {
+          "$ref": "SecuritySettings",
+          "description": "This field specifies the security settings that apply to this backend service. This field is applicable to a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED."
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
+          "type": "string"
+        },
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "type": "string"
+        },
+        "serviceBindings": {
+          "description": "URLs of networkservices.ServiceBinding resources. Can only be set if load balancing scheme is INTERNAL_SELF_MANAGED. If set, lists of backends and health checks must be both empty.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "serviceLbPolicy": {
+          "description": "URL to networkservices.ServiceLbPolicy resource. Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.",
+          "type": "string"
+        },
+        "sessionAffinity": {
+          "description": "Type of session affinity to use. The default is NONE. Only NONE and HEADER_FIELD are supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true. For more details, see: [Session Affinity](https://cloud.google.com/load-balancing/docs/backend-service#session_affinity).",
+          "enum": [
+            "CLIENT_IP",
+            "CLIENT_IP_NO_DESTINATION",
+            "CLIENT_IP_PORT_PROTO",
+            "CLIENT_IP_PROTO",
+            "GENERATED_COOKIE",
+            "HEADER_FIELD",
+            "HTTP_COOKIE",
+            "NONE"
+          ],
+          "enumDescriptions": [
+            "2-tuple hash on packet's source and destination IP addresses. Connections from the same source IP address to the same destination IP address will be served by the same backend VM while that VM remains healthy.",
+            "1-tuple hash only on packet's source IP address. Connections from the same source IP address will be served by the same backend VM while that VM remains healthy. This option can only be used for Internal TCP/UDP Load Balancing.",
+            "5-tuple hash on packet's source and destination IP addresses, IP protocol, and source and destination ports. Connections for the same IP protocol from the same source IP address and port to the same destination IP address and port will be served by the same backend VM while that VM remains healthy. This option cannot be used for HTTP(S) load balancing.",
+            "3-tuple hash on packet's source and destination IP addresses, and IP protocol. Connections for the same IP protocol from the same source IP address to the same destination IP address will be served by the same backend VM while that VM remains healthy. This option cannot be used for HTTP(S) load balancing.",
+            "Hash based on a cookie generated by the L7 loadbalancer. Only valid for HTTP(S) load balancing.",
+            "The hash is based on a user specified header field.",
+            "The hash is based on a user provided cookie.",
+            "No session affinity. Connections from the same client IP may go to any instance in the pool."
+          ],
+          "type": "string"
+        },
+        "subsetting": {
+          "$ref": "Subsetting"
+        },
+        "timeoutSec": {
+          "description": "The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings. The default is 30 seconds. The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds. This value can be overridden in the PathMatcher configuration of the UrlMap that references this backend service. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true. Instead, use maxStreamDuration.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "usedBys": {
+          "items": {
+            "$ref": "BackendServiceUsedBy"
+          },
+          "type": "array"
+        },
+        "vpcNetworkScope": {
+          "description": "The network scope of the backends that can be added to the backend service. This field can be either GLOBAL_VPC_NETWORK or REGIONAL_VPC_NETWORK. A backend service with the VPC scope set to GLOBAL_VPC_NETWORK is only allowed to have backends in global VPC networks. When the VPC scope is set to REGIONAL_VPC_NETWORK the backend service is only allowed to have backends in regional networks in the same scope as the backend service. Note: if not specified then GLOBAL_VPC_NETWORK will be used.",
+          "enum": [
+            "GLOBAL_VPC_NETWORK",
+            "REGIONAL_VPC_NETWORK"
+          ],
+          "enumDescriptions": [
+            "The backend service can only have backends in global VPCs",
+            "The backend service can only have backends in regional VPCs"
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "BackendServiceAggregatedList": {
+      "description": "Contains a list of BackendServicesScopedList.",
+      "id": "BackendServiceAggregatedList",
+      "properties": {
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "type": "string"
+        },
+        "items": {
+          "additionalProperties": {
+            "$ref": "BackendServicesScopedList",
+            "description": "Name of the scope containing this set of BackendServices."
+          },
+          "description": "A list of BackendServicesScopedList resources.",
+          "type": "object"
+        },
+        "kind": {
+          "default": "compute#backendServiceAggregatedList",
+          "description": "Type of resource.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "warning": {
+          "description": "[Output Only] Informational warning message.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
                 "EXTERNAL_API_WARNING",
                 "FIELD_VALUE_OVERRIDEN",
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -40817,6 +45776,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -40828,6 +45817,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -40875,129 +45865,148 @@
       },
       "type": "object"
     },
-    "AccessConfig": {
-      "description": "An access configuration attached to an instance's network interface. Only one access config per instance is supported.",
-      "id": "AccessConfig",
+    "BackendServiceCdnPolicy": {
+      "description": "Message containing Cloud CDN configuration for a backend service.",
+      "id": "BackendServiceCdnPolicy",
       "properties": {
-        "externalIpv6": {
-          "description": "The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. To use a static external IP address, it must be unused and in the same region as the instance's zone. If not specified, GCP will automatically assign an external IPv6 address from the instance's subnetwork.",
-          "type": "string"
-        },
-        "externalIpv6PrefixLength": {
-          "description": "The prefix length of the external IPv6 range.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "kind": {
-          "default": "compute#accessConfig",
-          "description": "[Output Only] Type of the resource. Always compute#accessConfig for access configs.",
-          "type": "string"
-        },
-        "name": {
-          "description": "The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.",
-          "type": "string"
+        "bypassCacheOnRequestHeaders": {
+          "description": "Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings.",
+          "items": {
+            "$ref": "BackendServiceCdnPolicyBypassCacheOnRequestHeader"
+          },
+          "type": "array"
         },
-        "natIP": {
-          "description": "An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.",
-          "type": "string"
+        "cacheKeyPolicy": {
+          "$ref": "CacheKeyPolicy",
+          "description": "The CacheKeyPolicy for this CdnPolicy."
         },
-        "networkTier": {
-          "description": "This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.",
+        "cacheMode": {
+          "description": "Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any \"private\", \"no-store\" or \"no-cache\" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.",
           "enum": [
-            "FIXED_STANDARD",
-            "PREMIUM",
-            "SELECT",
-            "STANDARD",
-            "STANDARD_OVERRIDES_FIXED_STANDARD"
+            "CACHE_ALL_STATIC",
+            "FORCE_CACHE_ALL",
+            "INVALID_CACHE_MODE",
+            "USE_ORIGIN_HEADERS"
           ],
           "enumDescriptions": [
-            "Public internet quality with fixed bandwidth.",
-            "High quality, Google-grade network tier, support for all networking products.",
-            "Price competitive network tier, support for all networking products.",
-            "Public internet quality, only limited support for other networking products.",
-            "(Output only) Temporary tier for FIXED_STANDARD when fixed standard tier is expired or not configured."
+            "Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.",
+            "Cache all content, ignoring any \"private\", \"no-store\" or \"no-cache\" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content.",
+            "",
+            "Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server."
           ],
           "type": "string"
         },
-        "publicDnsName": {
-          "description": "[Output Only] The public DNS domain name for the instance.",
-          "type": "string"
+        "clientTtl": {
+          "description": "Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a \"public\" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a \"public\" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).",
+          "format": "int32",
+          "type": "integer"
         },
-        "publicPtrDomainName": {
-          "description": "The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.",
-          "type": "string"
+        "defaultTtl": {
+          "description": "Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of \"0\" means \"always revalidate\". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.",
+          "format": "int32",
+          "type": "integer"
         },
-        "securityPolicy": {
-          "description": "[Output Only] The resource URL for the security policy associated with this access config.",
-          "type": "string"
+        "maxTtl": {
+          "description": "Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of \"0\" means \"always revalidate\". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.",
+          "format": "int32",
+          "type": "integer"
         },
-        "setPublicDns": {
-          "description": "Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.",
+        "negativeCaching": {
+          "description": "Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.",
           "type": "boolean"
         },
-        "setPublicPtr": {
-          "description": "Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.",
+        "negativeCachingPolicy": {
+          "description": "Sets a cache TTL for the specified HTTP status code. negative_caching must be enabled to configure negative_caching_policy. Omitting the policy and leaving negative_caching enabled will use Cloud CDN's default cache TTLs. Note that when specifying an explicit negative_caching_policy, you should take care to specify a cache TTL for all response codes that you wish to cache. Cloud CDN will not apply any default negative caching when a policy exists.",
+          "items": {
+            "$ref": "BackendServiceCdnPolicyNegativeCachingPolicy"
+          },
+          "type": "array"
+        },
+        "requestCoalescing": {
+          "description": "If true then Cloud CDN will combine multiple concurrent cache fill requests into a small number of requests to the origin.",
           "type": "boolean"
         },
-        "type": {
-          "default": "ONE_TO_ONE_NAT",
-          "description": "The type of configuration. The default and only option is ONE_TO_ONE_NAT.",
-          "enum": [
-            "DIRECT_IPV6",
-            "ONE_TO_ONE_NAT"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
+        "serveWhileStale": {
+          "description": "Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache. This setting defines the default \"max-stale\" duration for any cached responses that do not specify a max-stale directive. Stale responses that exceed the TTL configured here will not be served. The default limit (max-stale) is 86400s (1 day), which will allow stale content to be served up to this limit beyond the max-age (or s-max-age) of a cached response. The maximum allowed value is 604800 (1 week). Set this to zero (0) to disable serve-while-stale.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "signedUrlCacheMaxAgeSec": {
+          "description": "Maximum number of seconds the response to a signed URL request will be considered fresh. After this time period, the response will be revalidated before being served. Defaults to 1hr (3600s). When serving responses to signed URL requests, Cloud CDN will internally behave as though all responses from this backend had a \"Cache-Control: public, max-age=[TTL]\" header, regardless of any existing Cache-Control header. The actual headers served in responses will not be altered.",
+          "format": "int64",
           "type": "string"
+        },
+        "signedUrlKeyNames": {
+          "description": "[Output Only] Names of the keys for signing request URLs.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "Address": {
-      "description": "Represents an IP Address resource. Google Compute Engine has two IP Address resources: * [Global (external and internal)](https://cloud.google.com/compute/docs/reference/rest/alpha/globalAddresses) * [Regional (external and internal)](https://cloud.google.com/compute/docs/reference/rest/alpha/addresses) For more information, see Reserving a static external IP address.",
-      "id": "Address",
+    "BackendServiceCdnPolicyBypassCacheOnRequestHeader": {
+      "description": "Bypass the cache when the specified request headers are present, e.g. Pragma or Authorization headers. Values are case insensitive. The presence of such a header overrides the cache_mode setting.",
+      "id": "BackendServiceCdnPolicyBypassCacheOnRequestHeader",
       "properties": {
-        "address": {
-          "description": "The static IP address represented by this resource.",
+        "headerName": {
+          "description": "The header field name to match on when bypassing cache. Values are case-insensitive.",
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "BackendServiceCdnPolicyNegativeCachingPolicy": {
+      "description": "Specify CDN TTLs for response error codes.",
+      "id": "BackendServiceCdnPolicyNegativeCachingPolicy",
+      "properties": {
+        "code": {
+          "description": "The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 302, 307, 308, 404, 405, 410, 421, 451 and 501 are can be specified as values, and you cannot specify a status code more than once.",
+          "format": "int32",
+          "type": "integer"
         },
-        "addressType": {
-          "description": "The type of address to reserve, either INTERNAL or EXTERNAL. If unspecified, defaults to EXTERNAL.",
+        "ttl": {
+          "description": "The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "BackendServiceConnectionTrackingPolicy": {
+      "description": "Connection Tracking configuration for this BackendService.",
+      "id": "BackendServiceConnectionTrackingPolicy",
+      "properties": {
+        "connectionPersistenceOnUnhealthyBackends": {
+          "description": "Specifies connection persistence when backends are unhealthy. The default value is DEFAULT_FOR_PROTOCOL. If set to DEFAULT_FOR_PROTOCOL, the existing connections persist on unhealthy backends only for connection-oriented protocols (TCP and SCTP) and only if the Tracking Mode is PER_CONNECTION (default tracking mode) or the Session Affinity is configured for 5-tuple. They do not persist for UDP. If set to NEVER_PERSIST, after a backend becomes unhealthy, the existing connections on the unhealthy backend are never persisted on the unhealthy backend. They are always diverted to newly selected healthy backends (unless all backends are unhealthy). If set to ALWAYS_PERSIST, existing connections always persist on unhealthy backends regardless of protocol and session affinity. It is generally not recommended to use this mode overriding the default. For more details, see [Connection Persistence for Network Load Balancing](https://cloud.google.com/load-balancing/docs/network/networklb-backend-service#connection-persistence) and [Connection Persistence for Internal TCP/UDP Load Balancing](https://cloud.google.com/load-balancing/docs/internal#connection-persistence).",
           "enum": [
-            "DNS_FORWARDING",
-            "EXTERNAL",
-            "INTERNAL",
-            "UNSPECIFIED_TYPE"
+            "ALWAYS_PERSIST",
+            "DEFAULT_FOR_PROTOCOL",
+            "NEVER_PERSIST"
           ],
           "enumDescriptions": [
-            "DNS resolver address in the subnetwork.",
-            "A publicly visible external IP address.",
-            "A private network IP address, for use with an Instance or Internal Load Balancer forwarding rule.",
+            "",
+            "",
             ""
           ],
           "type": "string"
         },
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
-          "type": "string"
-        },
-        "description": {
-          "description": "An optional description of this resource. Provide this field when you create the resource.",
-          "type": "string"
+        "enableStrongAffinity": {
+          "description": "Enable Strong Session Affinity for Network Load Balancing. This option is not available publicly.",
+          "type": "boolean"
         },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
-          "type": "string"
+        "idleTimeoutSec": {
+          "description": "Specifies how long to keep a Connection Tracking entry while there is no matching traffic (in seconds). For Internal TCP/UDP Load Balancing: - The minimum (default) is 10 minutes and the maximum is 16 hours. - It can be set only if Connection Tracking is less than 5-tuple (i.e. Session Affinity is CLIENT_IP_NO_DESTINATION, CLIENT_IP or CLIENT_IP_PROTO, and Tracking Mode is PER_SESSION). For Network Load Balancer the default is 60 seconds. This option is not available publicly.",
+          "format": "int32",
+          "type": "integer"
         },
-        "ipVersion": {
-          "description": "The IP version that will be used by this address. Valid options are IPV4 or IPV6. This can only be specified for a global address.",
+        "trackingMode": {
+          "description": "Specifies the key used for connection tracking. There are two options: - PER_CONNECTION: This is the default mode. The Connection Tracking is performed as per the Connection Key (default Hash Method) for the specific protocol. - PER_SESSION: The Connection Tracking is performed as per the configured Session Affinity. It matches the configured Session Affinity. For more details, see [Tracking Mode for Network Load Balancing](https://cloud.google.com/load-balancing/docs/network/networklb-backend-service#tracking-mode) and [Tracking Mode for Internal TCP/UDP Load Balancing](https://cloud.google.com/load-balancing/docs/internal#tracking-mode).",
           "enum": [
-            "IPV4",
-            "IPV6",
-            "UNSPECIFIED_VERSION"
+            "INVALID_TRACKING_MODE",
+            "PER_CONNECTION",
+            "PER_SESSION"
           ],
           "enumDescriptions": [
             "",
@@ -41005,155 +46014,118 @@
             ""
           ],
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "BackendServiceFailoverPolicy": {
+      "description": "For load balancers that have configurable failover: [Internal TCP/UDP Load Balancing](https://cloud.google.com/load-balancing/docs/internal/failover-overview) and [external TCP/UDP Load Balancing](https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview). On failover or failback, this field indicates whether connection draining will be honored. Google Cloud has a fixed connection draining timeout of 10 minutes. A setting of true terminates existing TCP connections to the active pool during failover and failback, immediately draining traffic. A setting of false allows existing TCP connections to persist, even on VMs no longer in the active pool, for up to the duration of the connection draining timeout (10 minutes).",
+      "id": "BackendServiceFailoverPolicy",
+      "properties": {
+        "disableConnectionDrainOnFailover": {
+          "description": "This can be set to true only if the protocol is TCP. The default is false.",
+          "type": "boolean"
         },
-        "ipv6EndpointType": {
-          "description": "The endpoint type of this address, which should be VM or NETLB. This is used for deciding which type of endpoint this address can be used after the external IPv6 address reservation.",
-          "enum": [
-            "NETLB",
-            "VM"
-          ],
-          "enumDescriptions": [
-            "Reserved IPv6 address can be used on network load balancer.",
-            "Reserved IPv6 address can be used on VM."
-          ],
-          "type": "string"
-        },
-        "kind": {
-          "default": "compute#address",
-          "description": "[Output Only] Type of the resource. Always compute#address for addresses.",
-          "type": "string"
-        },
-        "labelFingerprint": {
-          "description": "A fingerprint for the labels being applied to this Address, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve an Address.",
-          "format": "byte",
-          "type": "string"
+        "dropTrafficIfUnhealthy": {
+          "description": "If set to true, connections to the load balancer are dropped when all primary and all backup backend VMs are unhealthy.If set to false, connections are distributed among all primary VMs when all primary and all backup backend VMs are unhealthy. For load balancers that have configurable failover: [Internal TCP/UDP Load Balancing](https://cloud.google.com/load-balancing/docs/internal/failover-overview) and [external TCP/UDP Load Balancing](https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview). The default is false.",
+          "type": "boolean"
         },
-        "labels": {
+        "failoverRatio": {
+          "description": "The value of the field must be in the range [0, 1]. If the value is 0, the load balancer performs a failover when the number of healthy primary VMs equals zero. For all other values, the load balancer performs a failover when the total number of healthy primary VMs is less than this ratio. For load balancers that have configurable failover: [Internal TCP/UDP Load Balancing](https://cloud.google.com/load-balancing/docs/internal/failover-overview) and [external TCP/UDP Load Balancing](https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview).",
+          "format": "float",
+          "type": "number"
+        }
+      },
+      "type": "object"
+    },
+    "BackendServiceGroupHealth": {
+      "id": "BackendServiceGroupHealth",
+      "properties": {
+        "annotations": {
           "additionalProperties": {
             "type": "string"
           },
-          "description": "Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.",
+          "description": "Metadata defined as annotations on the network endpoint group.",
           "type": "object"
         },
-        "name": {
-          "annotations": {
-            "required": [
-              "compute.addresses.insert"
-            ]
+        "healthStatus": {
+          "description": "Health state of the backend instances or endpoints in requested instance or network endpoint group, determined based on configured health checks.",
+          "items": {
+            "$ref": "HealthStatus"
           },
-          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "network": {
-          "description": "The URL of the network in which to reserve the address. This field can only be used with INTERNAL type with the VPC_PEERING purpose.",
-          "type": "string"
-        },
-        "networkTier": {
-          "description": "This signifies the networking tier used for configuring this address and can only take the following values: PREMIUM or STANDARD. Internal IP addresses are always Premium Tier; global external IP addresses are always Premium Tier; regional external IP addresses can be either Standard or Premium Tier. If this field is not specified, it is assumed to be PREMIUM.",
-          "enum": [
-            "FIXED_STANDARD",
-            "PREMIUM",
-            "SELECT",
-            "STANDARD",
-            "STANDARD_OVERRIDES_FIXED_STANDARD"
-          ],
-          "enumDescriptions": [
-            "Public internet quality with fixed bandwidth.",
-            "High quality, Google-grade network tier, support for all networking products.",
-            "Price competitive network tier, support for all networking products.",
-            "Public internet quality, only limited support for other networking products.",
-            "(Output only) Temporary tier for FIXED_STANDARD when fixed standard tier is expired or not configured."
-          ],
-          "type": "string"
-        },
-        "prefixLength": {
-          "description": "The prefix length if the resource represents an IP range.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "purpose": {
-          "description": "The purpose of this resource, which can be one of the following values: - GCE_ENDPOINT for addresses that are used by VM instances, alias IP ranges, load balancers, and similar resources. - DNS_RESOLVER for a DNS resolver address in a subnetwork for a Cloud DNS inbound forwarder IP addresses (regional internal IP address in a subnet of a VPC network) - VPC_PEERING for global internal IP addresses used for private services access allocated ranges. - NAT_AUTO for the regional external IP addresses used by Cloud NAT when allocating addresses using automatic NAT IP address allocation. - IPSEC_INTERCONNECT for addresses created from a private IP range that are reserved for a VLAN attachment in an *HA VPN over Cloud Interconnect* configuration. These addresses are regional resources. - `SHARED_LOADBALANCER_VIP` for an internal IP address that is assigned to multiple internal forwarding rules. - `PRIVATE_SERVICE_CONNECT` for a private network address that is used to configure Private Service Connect. Only global internal addresses can use this purpose. ",
-          "enum": [
-            "DNS_RESOLVER",
-            "GCE_ENDPOINT",
-            "IPSEC_INTERCONNECT",
-            "NAT_AUTO",
-            "PRIVATE_SERVICE_CONNECT",
-            "SERVERLESS",
-            "SHARED_LOADBALANCER_VIP",
-            "VPC_PEERING"
-          ],
-          "enumDescriptions": [
-            "DNS resolver address in the subnetwork.",
-            "VM internal/alias IP, Internal LB service IP, etc.",
-            "A regional internal IP address range reserved for the VLAN attachment that is used in HA VPN over Cloud Interconnect. This regional internal IP address range must not overlap with any IP address range of subnet/route in the VPC network and its peering networks. After the VLAN attachment is created with the reserved IP address range, when creating a new VPN gateway, its interface IP address is allocated from the associated VLAN attachment’s IP address range.",
-            "External IP automatically reserved for Cloud NAT.",
-            "A private network IP address that can be used to configure Private Service Connect. This purpose can be specified only for GLOBAL addresses of Type INTERNAL",
-            "A regional internal IP address range reserved for Serverless.",
-            "A private network IP address that can be shared by multiple Internal Load Balancer forwarding rules.",
-            "IP range for peer networks."
-          ],
-          "type": "string"
+          "type": "array"
         },
-        "region": {
-          "description": "[Output Only] The URL of the region where a regional address resides. For regional addresses, you must specify the region as a path parameter in the HTTP request URL. *This field is not applicable to global addresses.*",
+        "kind": {
+          "default": "compute#backendServiceGroupHealth",
+          "description": "[Output Only] Type of resource. Always compute#backendServiceGroupHealth for the health of backend services.",
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "BackendServiceIAP": {
+      "description": "Identity-Aware Proxy",
+      "id": "BackendServiceIAP",
+      "properties": {
+        "enabled": {
+          "description": "Whether the serving infrastructure will authenticate and authorize all incoming requests. If true, the oauth2ClientId and oauth2ClientSecret fields must be non-empty.",
+          "type": "boolean"
         },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
+        "oauth2ClientId": {
+          "description": "OAuth2 client ID to use for the authentication flow.",
           "type": "string"
         },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+        "oauth2ClientInfo": {
+          "$ref": "BackendServiceIAPOAuth2ClientInfo",
+          "description": "[Input Only] OAuth client info required to generate client id to be used for IAP."
+        },
+        "oauth2ClientSecret": {
+          "description": "OAuth2 client secret to use for the authentication flow. For security reasons, this value cannot be retrieved via the API. Instead, the SHA-256 hash of the value is returned in the oauth2ClientSecretSha256 field. @InputOnly",
           "type": "string"
         },
-        "status": {
-          "description": "[Output Only] The status of the address, which can be one of RESERVING, RESERVED, or IN_USE. An address that is RESERVING is currently in the process of being reserved. A RESERVED address is currently reserved and available to use. An IN_USE address is currently being used by another resource and is not available.",
-          "enum": [
-            "IN_USE",
-            "RESERVED",
-            "RESERVING"
-          ],
-          "enumDescriptions": [
-            "Address is being used by another resource and is not available.",
-            "Address is reserved and available to use.",
-            "Address is being reserved."
-          ],
+        "oauth2ClientSecretSha256": {
+          "description": "[Output Only] SHA256 hash value for the field oauth2_client_secret above.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "BackendServiceIAPOAuth2ClientInfo": {
+      "id": "BackendServiceIAPOAuth2ClientInfo",
+      "properties": {
+        "applicationName": {
+          "description": "Application name to be used in OAuth consent screen.",
           "type": "string"
         },
-        "subnetwork": {
-          "description": "The URL of the subnetwork in which to reserve the address. If an IP address is specified, it must be within the subnetwork's IP range. This field can only be used with INTERNAL type with a GCE_ENDPOINT or DNS_RESOLVER purpose.",
+        "clientName": {
+          "description": "Name of the client to be generated. Optional - If not provided, the name will be autogenerated by the backend.",
           "type": "string"
         },
-        "users": {
-          "description": "[Output Only] The URLs of the resources that are using this address.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "developerEmailAddress": {
+          "description": "Developer's information to be used in OAuth consent screen.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "AddressAggregatedList": {
-      "id": "AddressAggregatedList",
+    "BackendServiceList": {
+      "description": "Contains a list of BackendService resources.",
+      "id": "BackendServiceList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "additionalProperties": {
-            "$ref": "AddressesScopedList",
-            "description": "[Output Only] Name of the scope containing this set of addresses."
+          "description": "A list of BackendService resources.",
+          "items": {
+            "$ref": "BackendService"
           },
-          "description": "A list of AddressesScopedList resources.",
-          "type": "object"
+          "type": "array"
         },
         "kind": {
-          "default": "compute#addressAggregatedList",
-          "description": "[Output Only] Type of resource. Always compute#addressAggregatedList for aggregated lists of addresses.",
+          "default": "compute#backendServiceList",
+          "description": "[Output Only] Type of resource. Always compute#backendServiceList for lists of backend services.",
           "type": "string"
         },
         "nextPageToken": {
@@ -41164,13 +46136,6 @@
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
-        "unreachables": {
-          "description": "[Output Only] Unreachable resources.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -41187,6 +46152,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -41205,6 +46171,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -41216,6 +46212,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -41263,24 +46260,17 @@
       },
       "type": "object"
     },
-    "AddressList": {
-      "description": "Contains a list of addresses.",
-      "id": "AddressList",
+    "BackendServiceListUsable": {
+      "description": "Contains a list of usable BackendService resources.",
+      "id": "BackendServiceListUsable",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
-        "items": {
-          "description": "A list of Address resources.",
-          "items": {
-            "$ref": "Address"
-          },
-          "type": "array"
-        },
         "kind": {
-          "default": "compute#addressList",
-          "description": "[Output Only] Type of resource. Always compute#addressList for lists of addresses.",
+          "default": "compute#usableBackendServiceList",
+          "description": "[Output Only] Type of resource. Always compute#usableBackendServiceList for lists of usable backend services.",
           "type": "string"
         },
         "nextPageToken": {
@@ -41307,6 +46297,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -41325,6 +46316,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -41336,6 +46357,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -41383,18 +46405,151 @@
       },
       "type": "object"
     },
-    "AddressesScopedList": {
-      "id": "AddressesScopedList",
+    "BackendServiceLocalityLoadBalancingPolicyConfig": {
+      "description": "Container for either a built-in LB policy supported by gRPC or Envoy or a custom one implemented by the end user.",
+      "id": "BackendServiceLocalityLoadBalancingPolicyConfig",
       "properties": {
-        "addresses": {
-          "description": "[Output Only] A list of addresses contained in this scope.",
+        "customPolicy": {
+          "$ref": "BackendServiceLocalityLoadBalancingPolicyConfigCustomPolicy"
+        },
+        "policy": {
+          "$ref": "BackendServiceLocalityLoadBalancingPolicyConfigPolicy"
+        }
+      },
+      "type": "object"
+    },
+    "BackendServiceLocalityLoadBalancingPolicyConfigCustomPolicy": {
+      "description": "The configuration for a custom policy implemented by the user and deployed with the client.",
+      "id": "BackendServiceLocalityLoadBalancingPolicyConfigCustomPolicy",
+      "properties": {
+        "data": {
+          "description": "An optional, arbitrary JSON object with configuration data, understood by a locally installed custom policy implementation.",
+          "type": "string"
+        },
+        "name": {
+          "description": "Identifies the custom policy. The value should match the name of a custom implementation registered on the gRPC clients. It should follow protocol buffer message naming conventions and include the full path (for example, myorg.CustomLbPolicy). The maximum length is 256 characters. Do not specify the same custom policy more than once for a backend. If you do, the configuration is rejected. For an example of how to use this field, see Use a custom policy.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "BackendServiceLocalityLoadBalancingPolicyConfigPolicy": {
+      "description": "The configuration for a built-in load balancing policy.",
+      "id": "BackendServiceLocalityLoadBalancingPolicyConfigPolicy",
+      "properties": {
+        "name": {
+          "description": "The name of a locality load-balancing policy. Valid values include ROUND_ROBIN and, for Java clients, LEAST_REQUEST. For information about these values, see the description of localityLbPolicy. Do not specify the same policy more than once for a backend. If you do, the configuration is rejected.",
+          "enum": [
+            "INVALID_LB_POLICY",
+            "LEAST_REQUEST",
+            "MAGLEV",
+            "ORIGINAL_DESTINATION",
+            "RANDOM",
+            "RING_HASH",
+            "ROUND_ROBIN",
+            "WEIGHTED_MAGLEV"
+          ],
+          "enumDescriptions": [
+            "",
+            "An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.",
+            "This algorithm implements consistent hashing to backends. Maglev can be used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, see https://ai.google/research/pubs/pub44824",
+            "Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.",
+            "The load balancer selects a random healthy host.",
+            "The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.",
+            "This is a simple policy in which each healthy backend is selected in round robin order. This is the default.",
+            "Per-instance weighted Load Balancing via health check reported weights. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weighted based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight. This option is only supported in Network Load Balancing."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "BackendServiceLogConfig": {
+      "description": "The available logging options for the load balancer traffic served by this backend service.",
+      "id": "BackendServiceLogConfig",
+      "properties": {
+        "enable": {
+          "description": "Denotes whether to enable logging for the load balancer traffic served by this backend service. The default value is false.",
+          "type": "boolean"
+        },
+        "optional": {
+          "deprecated": true,
+          "description": "Deprecated in favor of optionalMode. This field can only be specified if logging is enabled for this backend service. Configures whether all, none or a subset of optional fields should be added to the reported logs. One of [INCLUDE_ALL_OPTIONAL, EXCLUDE_ALL_OPTIONAL, CUSTOM]. Default is EXCLUDE_ALL_OPTIONAL.",
+          "enum": [
+            "CUSTOM",
+            "EXCLUDE_ALL_OPTIONAL",
+            "INCLUDE_ALL_OPTIONAL",
+            "UNSPECIFIED_OPTIONAL_MODE"
+          ],
+          "enumDescriptions": [
+            "A subset of optional fields.",
+            "None optional fields.",
+            "All optional fields.",
+            ""
+          ],
+          "type": "string"
+        },
+        "optionalFields": {
+          "description": "This field can only be specified if logging is enabled for this backend service and \"logConfig.optionalMode\" was set to CUSTOM. Contains a list of optional fields you want to include in the logs. For example: serverInstance, serverGkeDetails.cluster, serverGkeDetails.pod.podNamespace",
           "items": {
-            "$ref": "Address"
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "optionalMode": {
+          "description": "This field can only be specified if logging is enabled for this backend service. Configures whether all, none or a subset of optional fields should be added to the reported logs. One of [INCLUDE_ALL_OPTIONAL, EXCLUDE_ALL_OPTIONAL, CUSTOM]. Default is EXCLUDE_ALL_OPTIONAL.",
+          "enum": [
+            "CUSTOM",
+            "EXCLUDE_ALL_OPTIONAL",
+            "INCLUDE_ALL_OPTIONAL",
+            "UNSPECIFIED_OPTIONAL_MODE"
+          ],
+          "enumDescriptions": [
+            "A subset of optional fields.",
+            "None optional fields.",
+            "All optional fields.",
+            ""
+          ],
+          "type": "string"
+        },
+        "sampleRate": {
+          "description": "This field can only be specified if logging is enabled for this backend service. The value of the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0.",
+          "format": "float",
+          "type": "number"
+        }
+      },
+      "type": "object"
+    },
+    "BackendServiceReference": {
+      "id": "BackendServiceReference",
+      "properties": {
+        "backendService": {
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "BackendServiceUsedBy": {
+      "id": "BackendServiceUsedBy",
+      "properties": {
+        "reference": {
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "BackendServicesScopedList": {
+      "id": "BackendServicesScopedList",
+      "properties": {
+        "backendServices": {
+          "description": "A list of BackendServices contained in this scope.",
+          "items": {
+            "$ref": "BackendService"
           },
           "type": "array"
         },
         "warning": {
-          "description": "[Output Only] Informational warning which replaces the list of addresses when the list is empty.",
+          "description": "Informational warning which replaces the list of backend services when the list is empty.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -41409,6 +46564,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -41427,6 +46583,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -41438,6 +46624,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -41485,693 +46672,623 @@
       },
       "type": "object"
     },
-    "AdvancedMachineFeatures": {
-      "description": "Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled).",
-      "id": "AdvancedMachineFeatures",
+    "BfdPacket": {
+      "id": "BfdPacket",
       "properties": {
-        "enableNestedVirtualization": {
-          "description": "Whether to enable nested virtualization or not (default is false).",
+        "authenticationPresent": {
+          "description": "The Authentication Present bit of the BFD packet. This is specified in section 4.1 of RFC5880",
           "type": "boolean"
         },
-        "enableUefiNetworking": {
-          "description": "Whether to enable UEFI networking for instance creation.",
+        "controlPlaneIndependent": {
+          "description": "The Control Plane Independent bit of the BFD packet. This is specified in section 4.1 of RFC5880",
           "type": "boolean"
         },
-        "numaNodeCount": {
-          "description": "The number of vNUMA nodes.",
-          "format": "int32",
-          "type": "integer"
+        "demand": {
+          "description": "The demand bit of the BFD packet. This is specified in section 4.1 of RFC5880",
+          "type": "boolean"
         },
-        "performanceMonitoringUnit": {
-          "description": "Type of Performance Monitoring Unit requested on instance.",
+        "diagnostic": {
+          "description": "The diagnostic code specifies the local system's reason for the last change in session state. This allows remote systems to determine the reason that the previous session failed, for example. These diagnostic codes are specified in section 4.1 of RFC5880",
           "enum": [
-            "ARCHITECTURAL",
-            "ENHANCED",
-            "PERFORMANCE_MONITORING_UNIT_UNSPECIFIED",
-            "STANDARD"
+            "ADMINISTRATIVELY_DOWN",
+            "CONCATENATED_PATH_DOWN",
+            "CONTROL_DETECTION_TIME_EXPIRED",
+            "DIAGNOSTIC_UNSPECIFIED",
+            "ECHO_FUNCTION_FAILED",
+            "FORWARDING_PLANE_RESET",
+            "NEIGHBOR_SIGNALED_SESSION_DOWN",
+            "NO_DIAGNOSTIC",
+            "PATH_DOWN",
+            "REVERSE_CONCATENATED_PATH_DOWN"
           ],
           "enumDescriptions": [
-            "Architecturally defined non-LLC events.",
-            "Most documented core/L2 and LLC events.",
             "",
-            "Most documented core/L2 events."
-          ],
-          "type": "string"
-        },
-        "threadsPerCore": {
-          "description": "The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "visibleCoreCount": {
-          "description": "The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance's nominal CPU count and the underlying platform's SMT width.",
-          "format": "int32",
-          "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "AliasIpRange": {
-      "description": "An alias IP range attached to an instance's network interface.",
-      "id": "AliasIpRange",
-      "properties": {
-        "ipCidrRange": {
-          "description": "The IP alias ranges to allocate for this interface. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. This range may be a single IP address (such as 10.2.3.4), a netmask (such as /24) or a CIDR-formatted string (such as 10.1.2.0/24).",
-          "type": "string"
-        },
-        "subnetworkRangeName": {
-          "description": "The name of a subnetwork secondary IP range from which to allocate an IP alias range. If not specified, the primary range of the subnetwork is used.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "AllocationAggregateReservation": {
-      "description": "This reservation type is specified by total resource amounts (e.g. total count of CPUs) and can account for multiple instance SKUs. In other words, one can create instances of varying shapes against this reservation.",
-      "id": "AllocationAggregateReservation",
-      "properties": {
-        "inUseResources": {
-          "description": "[Output only] List of resources currently in use.",
-          "items": {
-            "$ref": "AllocationAggregateReservationReservedResourceInfo"
-          },
-          "type": "array"
-        },
-        "reservedResources": {
-          "description": "List of reserved resources (CPUs, memory, accelerators).",
-          "items": {
-            "$ref": "AllocationAggregateReservationReservedResourceInfo"
-          },
-          "type": "array"
-        },
-        "vmFamily": {
-          "description": "The VM family that all instances scheduled against this reservation must belong to.",
-          "enum": [
-            "VM_FAMILY_CLOUD_TPU_POD_SLICE_CT4P",
-            "VM_FAMILY_COMPUTE_OPTIMIZED_C3",
-            "VM_FAMILY_GENERAL_PURPOSE_T2D",
-            "VM_FAMILY_MEMORY_OPTIMIZED_M3"
-          ],
-          "enumDescriptions": [
             "",
             "",
             "",
-            ""
-          ],
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "AllocationAggregateReservationReservedResourceInfo": {
-      "id": "AllocationAggregateReservationReservedResourceInfo",
-      "properties": {
-        "accelerator": {
-          "$ref": "AllocationAggregateReservationReservedResourceInfoAccelerator",
-          "description": "Properties of accelerator resources in this reservation."
-        }
-      },
-      "type": "object"
-    },
-    "AllocationAggregateReservationReservedResourceInfoAccelerator": {
-      "id": "AllocationAggregateReservationReservedResourceInfoAccelerator",
-      "properties": {
-        "acceleratorCount": {
-          "description": "Number of accelerators of specified type.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "acceleratorType": {
-          "description": "Full or partial URL to accelerator type. e.g. \"projects/{PROJECT}/zones/{ZONE}/acceleratorTypes/ct4l\"",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "AllocationResourceStatus": {
-      "description": "[Output Only] Contains output only fields.",
-      "id": "AllocationResourceStatus",
-      "properties": {
-        "specificSkuAllocation": {
-          "$ref": "AllocationResourceStatusSpecificSKUAllocation",
-          "description": "Allocation Properties of this reservation."
-        }
-      },
-      "type": "object"
-    },
-    "AllocationResourceStatusSpecificSKUAllocation": {
-      "description": "Contains Properties set for the reservation.",
-      "id": "AllocationResourceStatusSpecificSKUAllocation",
-      "properties": {
-        "sourceInstanceTemplateId": {
-          "description": "ID of the instance template used to populate reservation properties.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "AllocationSpecificSKUAllocationAllocatedInstancePropertiesReservedDisk": {
-      "id": "AllocationSpecificSKUAllocationAllocatedInstancePropertiesReservedDisk",
-      "properties": {
-        "diskSizeGb": {
-          "description": "Specifies the size of the disk in base-2 GB.",
-          "format": "int64",
-          "type": "string"
-        },
-        "interface": {
-          "description": "Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI. For performance characteristics of SCSI over NVMe, see Local SSD performance.",
-          "enum": [
-            "NVDIMM",
-            "NVME",
-            "SCSI"
-          ],
-          "enumDescriptions": [
+            "",
+            "",
+            "",
             "",
             "",
             ""
           ],
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "AllocationSpecificSKUAllocationReservedInstanceProperties": {
-      "description": "Properties of the SKU instances being reserved. Next ID: 9",
-      "id": "AllocationSpecificSKUAllocationReservedInstanceProperties",
-      "properties": {
-        "guestAccelerators": {
-          "description": "Specifies accelerator type and count.",
-          "items": {
-            "$ref": "AcceleratorConfig"
-          },
-          "type": "array"
         },
-        "localSsds": {
-          "description": "Specifies amount of local ssd to reserve with each instance. The type of disk is local-ssd.",
-          "items": {
-            "$ref": "AllocationSpecificSKUAllocationAllocatedInstancePropertiesReservedDisk"
-          },
-          "type": "array"
+        "final": {
+          "description": "The Final bit of the BFD packet. This is specified in section 4.1 of RFC5880",
+          "type": "boolean"
         },
-        "locationHint": {
-          "description": "An opaque location hint used to place the allocation close to other resources. This field is for use by internal tools that use the public API.",
-          "type": "string"
+        "length": {
+          "description": "The length of the BFD Control packet in bytes. This is specified in section 4.1 of RFC5880",
+          "format": "uint32",
+          "type": "integer"
         },
-        "machineType": {
-          "description": "Specifies type of machine (name only) which has fixed number of vCPUs and fixed amount of memory. This also includes specifying custom machine type following custom-NUMBER_OF_CPUS-AMOUNT_OF_MEMORY pattern.",
-          "type": "string"
+        "minEchoRxIntervalMs": {
+          "description": "The Required Min Echo RX Interval value in the BFD packet. This is specified in section 4.1 of RFC5880",
+          "format": "uint32",
+          "type": "integer"
         },
-        "maintenanceFreezeDurationHours": {
-          "description": "Specifies the number of hours after reservation creation where instances using the reservation won't be scheduled for maintenance.",
-          "format": "int32",
+        "minRxIntervalMs": {
+          "description": "The Required Min RX Interval value in the BFD packet. This is specified in section 4.1 of RFC5880",
+          "format": "uint32",
           "type": "integer"
         },
-        "maintenanceInterval": {
-          "description": "Specifies the frequency of planned maintenance events. The accepted values are: `PERIODIC`.",
-          "enum": [
-            "PERIODIC",
-            "RECURRENT"
-          ],
-          "enumDescriptions": [
-            "VMs receive infrastructure and hypervisor updates on a periodic basis, minimizing the number of maintenance operations (live migrations or terminations) on an individual VM. This may mean a VM will take longer to receive an update than if it was configured for AS_NEEDED. Security updates will still be applied as soon as they are available.",
-            "VMs receive infrastructure and hypervisor updates on a periodic basis, minimizing the number of maintenance operations (live migrations or terminations) on an individual VM. This may mean a VM will take longer to receive an update than if it was configured for AS_NEEDED. Security updates will still be applied as soon as they are available. RECURRENT is used for GEN3 and Slice of Hardware VMs."
-          ],
-          "type": "string"
+        "minTxIntervalMs": {
+          "description": "The Desired Min TX Interval value in the BFD packet. This is specified in section 4.1 of RFC5880",
+          "format": "uint32",
+          "type": "integer"
         },
-        "minCpuPlatform": {
-          "description": "Minimum cpu platform the reservation.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "AllocationSpecificSKUReservation": {
-      "description": "This reservation type allows to pre allocate specific instance configuration. Next ID: 6",
-      "id": "AllocationSpecificSKUReservation",
-      "properties": {
-        "assuredCount": {
-          "description": "[Output Only] Indicates how many instances are actually usable currently.",
-          "format": "int64",
-          "type": "string"
+        "multiplier": {
+          "description": "The detection time multiplier of the BFD packet. This is specified in section 4.1 of RFC5880",
+          "format": "uint32",
+          "type": "integer"
         },
-        "count": {
-          "description": "Specifies the number of resources that are allocated.",
-          "format": "int64",
-          "type": "string"
+        "multipoint": {
+          "description": "The multipoint bit of the BFD packet. This is specified in section 4.1 of RFC5880",
+          "type": "boolean"
         },
-        "inUseCount": {
-          "description": "[Output Only] Indicates how many instances are in use.",
-          "format": "int64",
+        "myDiscriminator": {
+          "description": "The My Discriminator value in the BFD packet. This is specified in section 4.1 of RFC5880",
+          "format": "uint32",
+          "type": "integer"
+        },
+        "poll": {
+          "description": "The Poll bit of the BFD packet. This is specified in section 4.1 of RFC5880",
+          "type": "boolean"
+        },
+        "state": {
+          "description": "The current BFD session state as seen by the transmitting system. These states are specified in section 4.1 of RFC5880",
+          "enum": [
+            "ADMIN_DOWN",
+            "DOWN",
+            "INIT",
+            "STATE_UNSPECIFIED",
+            "UP"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            "",
+            "",
+            ""
+          ],
           "type": "string"
         },
-        "instanceProperties": {
-          "$ref": "AllocationSpecificSKUAllocationReservedInstanceProperties",
-          "description": "The instance properties for the reservation."
+        "version": {
+          "description": "The version number of the BFD protocol, as specified in section 4.1 of RFC5880.",
+          "format": "uint32",
+          "type": "integer"
         },
-        "sourceInstanceTemplate": {
-          "description": "Specifies the instance template to create the reservation. If you use this field, you must exclude the instanceProperties field. This field is optional, and it can be a full or partial URL. For example, the following are all valid URLs to an instance template: - https://www.googleapis.com/compute/v1/projects/project /global/instanceTemplates/instanceTemplate - projects/project/global/instanceTemplates/instanceTemplate - global/instanceTemplates/instanceTemplate ",
-          "type": "string"
+        "yourDiscriminator": {
+          "description": "The Your Discriminator value in the BFD packet. This is specified in section 4.1 of RFC5880",
+          "format": "uint32",
+          "type": "integer"
         }
       },
       "type": "object"
     },
-    "AttachedDisk": {
-      "description": "An instance-attached disk resource.",
-      "id": "AttachedDisk",
+    "BfdStatus": {
+      "description": "Next free: 15",
+      "id": "BfdStatus",
       "properties": {
-        "architecture": {
-          "description": "[Output Only] The architecture of the attached disk. Valid values are ARM64 or X86_64.",
+        "bfdSessionInitializationMode": {
+          "description": "The BFD session initialization mode for this BGP peer. If set to ACTIVE, the Cloud Router will initiate the BFD session for this BGP peer. If set to PASSIVE, the Cloud Router will wait for the peer router to initiate the BFD session for this BGP peer. If set to DISABLED, BFD is disabled for this BGP peer.",
           "enum": [
-            "ARCHITECTURE_UNSPECIFIED",
-            "ARM64",
-            "X86_64"
+            "ACTIVE",
+            "DISABLED",
+            "PASSIVE"
           ],
           "enumDescriptions": [
-            "Default value indicating Architecture is not set.",
-            "Machines with architecture ARM64",
-            "Machines with architecture X86_64"
+            "",
+            "",
+            ""
           ],
           "type": "string"
         },
-        "autoDelete": {
-          "description": "Specifies whether the disk will be auto-deleted when the instance is deleted (but not when the disk is detached from the instance).",
-          "type": "boolean"
-        },
-        "boot": {
-          "description": "Indicates that this is a boot disk. The virtual machine will use the first partition of the disk for its root filesystem.",
-          "type": "boolean"
-        },
-        "deviceName": {
-          "description": "Specifies a unique device name of your choice that is reflected into the /dev/disk/by-id/google-* tree of a Linux operating system running within the instance. This name can be used to reference the device for mounting, resizing, and so on, from within the instance. If not specified, the server chooses a default device name to apply to this disk, in the form persistent-disk-x, where x is a number assigned by Google Compute Engine. This field is only applicable for persistent disks.",
-          "type": "string"
-        },
-        "diskEncryptionKey": {
-          "$ref": "CustomerEncryptionKey",
-          "description": "Encrypts or decrypts a disk using a customer-supplied encryption key. If you are creating a new disk, this field encrypts the new disk using an encryption key that you provide. If you are attaching an existing disk that is already encrypted, this field decrypts the disk using the customer-supplied encryption key. If you encrypt a disk using a customer-supplied key, you must provide the same key again when you attempt to use this resource at a later time. For example, you must provide the key when you create a snapshot or an image from the disk or when you attach the disk to a virtual machine instance. If you do not provide an encryption key, then the disk will be encrypted using an automatically generated key and you do not need to provide a key to use the disk later. Instance templates do not store customer-supplied encryption keys, so you cannot use your own keys to encrypt disks in a managed instance group."
-        },
-        "diskSizeGb": {
-          "description": "The size of the disk in GB.",
+        "configUpdateTimestampMicros": {
+          "description": "Unix timestamp of the most recent config update.",
           "format": "int64",
           "type": "string"
         },
-        "forceAttach": {
-          "description": "[Input Only] Whether to force attach the regional disk even if it's currently attached to another instance. If you try to force attach a zonal disk to an instance, you will receive an error.",
-          "type": "boolean"
+        "controlPacketCounts": {
+          "$ref": "BfdStatusPacketCounts",
+          "description": "Control packet counts for the current BFD session."
         },
-        "guestOsFeatures": {
-          "description": "A list of features to enable on the guest operating system. Applicable only for bootable images. Read Enabling guest operating system features to see a list of available options.",
+        "controlPacketIntervals": {
+          "description": "Inter-packet time interval statistics for control packets.",
           "items": {
-            "$ref": "GuestOsFeature"
+            "$ref": "PacketIntervals"
           },
           "type": "array"
         },
-        "index": {
-          "description": "[Output Only] A zero-based index to this disk, where 0 is reserved for the boot disk. If you have many disks attached to an instance, each disk would have a unique index number.",
-          "format": "int32",
-          "type": "integer"
+        "echoPacketCounts": {
+          "$ref": "BfdStatusPacketCounts",
+          "description": "Echo packet counts for the current BFD session."
         },
-        "initializeParams": {
-          "$ref": "AttachedDiskInitializeParams",
-          "description": "[Input Only] Specifies the parameters for a new disk that will be created alongside the new instance. Use initialization parameters to create boot disks or local SSDs attached to the new instance. This property is mutually exclusive with the source property; you can only define one or the other, but not both."
+        "echoPacketIntervals": {
+          "description": "Inter-packet time interval statistics for echo packets.",
+          "items": {
+            "$ref": "PacketIntervals"
+          },
+          "type": "array"
         },
-        "interface": {
-          "description": "Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. For most machine types, the default is SCSI. Local SSDs can use either NVME or SCSI. In certain configurations, persistent disks can use NVMe. For more information, see About persistent disks.",
+        "localDiagnostic": {
+          "description": "The diagnostic code specifies the local system's reason for the last change in session state. This allows remote systems to determine the reason that the previous session failed, for example. These diagnostic codes are specified in section 4.1 of RFC5880",
           "enum": [
-            "NVDIMM",
-            "NVME",
-            "SCSI"
+            "ADMINISTRATIVELY_DOWN",
+            "CONCATENATED_PATH_DOWN",
+            "CONTROL_DETECTION_TIME_EXPIRED",
+            "DIAGNOSTIC_UNSPECIFIED",
+            "ECHO_FUNCTION_FAILED",
+            "FORWARDING_PLANE_RESET",
+            "NEIGHBOR_SIGNALED_SESSION_DOWN",
+            "NO_DIAGNOSTIC",
+            "PATH_DOWN",
+            "REVERSE_CONCATENATED_PATH_DOWN"
           ],
           "enumDescriptions": [
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
             "",
             "",
             ""
           ],
           "type": "string"
         },
-        "kind": {
-          "default": "compute#attachedDisk",
-          "description": "[Output Only] Type of the resource. Always compute#attachedDisk for attached disks.",
-          "type": "string"
-        },
-        "licenses": {
-          "description": "[Output Only] Any valid publicly visible licenses.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "locked": {
-          "description": "[Output Only] Whether to indicate the attached disk is locked. The locked disk is not allowed to be detached from the instance, or to be used as the source of the snapshot creation, and the image creation. The instance with at least one locked attached disk is not allow to be used as source of machine image creation, instant snapshot creation, and not allowed to be deleted with --keep-disk parameter set to true for locked disks.",
-          "type": "boolean"
-        },
-        "mode": {
-          "description": "The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If not specified, the default is to attach the disk in READ_WRITE mode.",
+        "localState": {
+          "description": "The current BFD session state as seen by the transmitting system. These states are specified in section 4.1 of RFC5880",
           "enum": [
-            "READ_ONLY",
-            "READ_WRITE"
+            "ADMIN_DOWN",
+            "DOWN",
+            "INIT",
+            "STATE_UNSPECIFIED",
+            "UP"
           ],
           "enumDescriptions": [
-            "Attaches this disk in read-only mode. Multiple virtual machines can use a disk in read-only mode at a time.",
-            "*[Default]* Attaches this disk in read-write mode. Only one virtual machine at a time can be attached to a disk in read-write mode."
+            "",
+            "",
+            "",
+            "",
+            ""
           ],
           "type": "string"
         },
-        "savedState": {
-          "description": "For LocalSSD disks on VM Instances in STOPPED or SUSPENDED state, this field is set to PRESERVED if the LocalSSD data has been saved to a persistent location by customer request. (see the discard_local_ssd option on Stop/Suspend). Read-only in the api.",
-          "enum": [
-            "DISK_SAVED_STATE_UNSPECIFIED",
-            "PRESERVED"
-          ],
-          "enumDescriptions": [
-            "*[Default]* Disk state has not been preserved.",
-            "Disk state has been preserved."
-          ],
-          "type": "string"
+        "negotiatedLocalControlTxIntervalMs": {
+          "description": "Negotiated transmit interval for control packets.",
+          "format": "uint32",
+          "type": "integer"
         },
-        "shieldedInstanceInitialState": {
-          "$ref": "InitialStateConfig",
-          "description": "[Output Only] shielded vm initial state stored on disk"
+        "negotiatedLocalEchoTxIntervalMs": {
+          "description": "Negotiated transmit interval for echo packets.",
+          "format": "uint32",
+          "type": "integer"
         },
-        "source": {
-          "description": "Specifies a valid partial or full URL to an existing Persistent Disk resource. When creating a new instance, one of initializeParams.sourceImage or initializeParams.sourceSnapshot or disks.source is required except for local SSD. If desired, you can also attach existing non-root persistent disks using this property. This field is only applicable for persistent disks. Note that for InstanceTemplate, specify the disk name for zonal disk, and the URL for regional disk.",
+        "rxPacket": {
+          "$ref": "BfdPacket",
+          "description": "The most recent Rx control packet for this BFD session."
+        },
+        "txPacket": {
+          "$ref": "BfdPacket",
+          "description": "The most recent Tx control packet for this BFD session."
+        },
+        "uptimeMs": {
+          "description": "Session uptime in milliseconds. Value will be 0 if session is not up.",
+          "format": "int64",
           "type": "string"
         },
-        "type": {
-          "description": "Specifies the type of the disk, either SCRATCH or PERSISTENT. If not specified, the default is PERSISTENT.",
-          "enum": [
-            "PERSISTENT",
-            "SCRATCH"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
+        "usingEchoMode": {
+          "description": "Indicates if echo mode is currently being used.",
+          "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
+    "BfdStatusPacketCounts": {
+      "id": "BfdStatusPacketCounts",
+      "properties": {
+        "numRx": {
+          "description": "Number of packets received since the beginning of the current BFD session.",
+          "format": "uint32",
+          "type": "integer"
+        },
+        "numRxRejected": {
+          "description": "Number of packets received that were rejected because of errors since the beginning of the current BFD session.",
+          "format": "uint32",
+          "type": "integer"
+        },
+        "numRxSuccessful": {
+          "description": "Number of packets received that were successfully processed since the beginning of the current BFD session.",
+          "format": "uint32",
+          "type": "integer"
+        },
+        "numTx": {
+          "description": "Number of packets transmitted since the beginning of the current BFD session.",
+          "format": "uint32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "Binding": {
+      "description": "Associates `members`, or principals, with a `role`.",
+      "id": "Binding",
+      "properties": {
+        "bindingId": {
+          "description": "This is deprecated and has no effect. Do not use.",
           "type": "string"
         },
-        "userLicenses": {
-          "description": "[Output Only] A list of user provided licenses. It represents a list of URLs to the license resource. Unlike regular licenses, user provided licenses can be modified after the disk is created.",
+        "condition": {
+          "$ref": "Expr",
+          "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
+        },
+        "members": {
+          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.",
           "items": {
             "type": "string"
           },
           "type": "array"
+        },
+        "role": {
+          "description": "Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "AttachedDiskInitializeParams": {
-      "description": "[Input Only] Specifies the parameters for a new disk that will be created alongside the new instance. Use initialization parameters to create boot disks or local SSDs attached to the new instance. This field is persisted and returned for instanceTemplate and not returned in the context of instance. This property is mutually exclusive with the source property; you can only define one or the other, but not both.",
-      "id": "AttachedDiskInitializeParams",
+    "BulkInsertDiskResource": {
+      "description": "A transient resource used in compute.disks.bulkInsert and compute.regionDisks.bulkInsert. It is only used to process requests and is not persisted.",
+      "id": "BulkInsertDiskResource",
       "properties": {
-        "architecture": {
-          "description": "The architecture of the attached disk. Valid values are arm64 or x86_64.",
-          "enum": [
-            "ARCHITECTURE_UNSPECIFIED",
-            "ARM64",
-            "X86_64"
-          ],
-          "enumDescriptions": [
-            "Default value indicating Architecture is not set.",
-            "Machines with architecture ARM64",
-            "Machines with architecture X86_64"
-          ],
+        "sourceConsistencyGroupPolicy": {
+          "description": "The URL of the DiskConsistencyGroupPolicy for the group of disks to clone. This may be a full or partial URL, such as: - https://www.googleapis.com/compute/v1/projects/project/regions/region /resourcePolicies/resourcePolicy - projects/project/regions/region/resourcePolicies/resourcePolicy - regions/region/resourcePolicies/resourcePolicy ",
           "type": "string"
-        },
-        "description": {
-          "description": "An optional description. Provide this property when creating the disk.",
+        }
+      },
+      "type": "object"
+    },
+    "BulkInsertInstanceResource": {
+      "description": "A transient resource used in compute.instances.bulkInsert and compute.regionInstances.bulkInsert . This resource is not persisted anywhere, it is used only for processing the requests.",
+      "id": "BulkInsertInstanceResource",
+      "properties": {
+        "count": {
+          "description": "The maximum number of instances to create.",
+          "format": "int64",
           "type": "string"
         },
-        "diskName": {
-          "description": "Specifies the disk name. If not specified, the default is to use the name of the instance. If a disk with the same name already exists in the given region, the existing disk is attached to the new instance and the new disk is not created.",
-          "type": "string"
+        "instanceProperties": {
+          "$ref": "InstanceProperties",
+          "description": "The instance properties defining the VM instances to be created. Required if sourceInstanceTemplate is not provided."
         },
-        "diskSizeGb": {
-          "description": "Specifies the size of the disk in base-2 GB. The size must be at least 10 GB. If you specify a sourceImage, which is required for boot disks, the default size is the size of the sourceImage. If you do not specify a sourceImage, the default disk size is 500 GB.",
-          "format": "int64",
-          "type": "string"
+        "locationPolicy": {
+          "$ref": "LocationPolicy",
+          "description": "Policy for chosing target zone. For more information, see Create VMs in bulk ."
         },
-        "diskType": {
-          "description": "Specifies the disk type to use to create the instance. If not specified, the default is pd-standard, specified using the full URL. For example: https://www.googleapis.com/compute/v1/projects/project/zones/zone /diskTypes/pd-standard For a full list of acceptable values, see Persistent disk types. If you specify this field when creating a VM, you can provide either the full or partial URL. For example, the following values are valid: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /diskTypes/diskType - projects/project/zones/zone/diskTypes/diskType - zones/zone/diskTypes/diskType If you specify this field when creating or updating an instance template or all-instances configuration, specify the type of the disk, not the URL. For example: pd-standard.",
+        "minCount": {
+          "description": "The minimum number of instances to create. If no min_count is specified then count is used as the default value. If min_count instances cannot be created, then no instances will be created and instances already created will be deleted.",
+          "format": "int64",
           "type": "string"
         },
-        "guestOsFeatures": {
-          "description": "A list of features to enable on the guest operating system. Applicable only for bootable images. Read Enabling guest operating system features to see a list of available options. Guest OS features are applied by merging initializeParams.guestOsFeatures and disks.guestOsFeatures",
-          "items": {
-            "$ref": "GuestOsFeature"
-          },
-          "type": "array"
-        },
-        "interface": {
-          "description": "[Deprecated] Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI.",
-          "enum": [
-            "NVME",
-            "SCSI",
-            "UNSPECIFIED"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            ""
-          ],
+        "namePattern": {
+          "description": "The string pattern used for the names of the VMs. Either name_pattern or per_instance_properties must be set. The pattern must contain one continuous sequence of placeholder hash characters (#) with each character corresponding to one digit of the generated instance name. Example: a name_pattern of inst-#### generates instance names such as inst-0001 and inst-0002. If existing instances in the same project and zone have names that match the name pattern then the generated instance numbers start after the biggest existing number. For example, if there exists an instance with name inst-0050, then instance names generated using the pattern inst-#### begin with inst-0051. The name pattern placeholder #...# can contain up to 18 characters.",
           "type": "string"
         },
-        "labels": {
+        "perInstanceProperties": {
           "additionalProperties": {
-            "type": "string"
+            "$ref": "BulkInsertInstanceResourcePerInstanceProperties"
           },
-          "description": "Labels to apply to this disk. These can be later modified by the disks.setLabels method. This field is only applicable for persistent disks.",
+          "description": "Per-instance properties to be set on individual instances. Keys of this map specify requested instance names. Can be empty if name_pattern is used.",
           "type": "object"
         },
-        "licenseCodes": {
-          "description": "Integer license codes indicating which licenses are attached to this disk.",
-          "items": {
-            "format": "int64",
-            "type": "string"
-          },
-          "type": "array"
+        "sourceInstanceTemplate": {
+          "description": "Specifies the instance template from which to create instances. You may combine sourceInstanceTemplate with instanceProperties to override specific values from an existing instance template. Bulk API follows the semantics of JSON Merge Patch described by RFC 7396. It can be a full or partial URL. For example, the following are all valid URLs to an instance template: - https://www.googleapis.com/compute/v1/projects/project /global/instanceTemplates/instanceTemplate - projects/project/global/instanceTemplates/instanceTemplate - global/instanceTemplates/instanceTemplate This field is optional.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "BulkInsertInstanceResourcePerInstanceProperties": {
+      "description": "Per-instance properties to be set on individual instances. To be extended in the future.",
+      "id": "BulkInsertInstanceResourcePerInstanceProperties",
+      "properties": {
+        "hostname": {
+          "description": "Specifies the hostname of the instance. More details in: https://cloud.google.com/compute/docs/instances/custom-hostname-vm#naming_convention",
+          "type": "string"
         },
-        "licenses": {
-          "description": "A list of publicly visible licenses. Reserved for Google's use.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "name": {
+          "description": "This field is only temporary. It will be removed. Do not use it.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "BulkInsertOperationStatus": {
+      "id": "BulkInsertOperationStatus",
+      "properties": {
+        "createdVmCount": {
+          "description": "[Output Only] Count of VMs successfully created so far.",
+          "format": "int32",
+          "type": "integer"
         },
-        "multiWriter": {
-          "description": "Indicates whether or not the disk can be read/write attached to more than one instance.",
-          "type": "boolean"
+        "deletedVmCount": {
+          "description": "[Output Only] Count of VMs that got deleted during rollback.",
+          "format": "int32",
+          "type": "integer"
         },
-        "onUpdateAction": {
-          "description": "Specifies which action to take on instance update with this disk. Default is to use the existing disk.",
+        "failedToCreateVmCount": {
+          "description": "[Output Only] Count of VMs that started creating but encountered an error.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "status": {
+          "description": "[Output Only] Creation status of BulkInsert operation - information if the flow is rolling forward or rolling back.",
           "enum": [
-            "RECREATE_DISK",
-            "RECREATE_DISK_IF_SOURCE_CHANGED",
-            "USE_EXISTING_DISK"
+            "CREATING",
+            "DONE",
+            "ROLLING_BACK",
+            "STATUS_UNSPECIFIED"
           ],
           "enumDescriptions": [
-            "Always recreate the disk.",
-            "Recreate the disk if source (image, snapshot) of this disk is different from source of existing disk.",
-            "Use the existing disk, this is the default behaviour."
+            "Rolling forward - creating VMs.",
+            "Done",
+            "Rolling back - cleaning up after an error.",
+            ""
           ],
           "type": "string"
         },
-        "provisionedIops": {
-          "description": "Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle. Values must be between 10,000 and 120,000. For more details, see the Extreme persistent disk documentation.",
-          "format": "int64",
+        "targetVmCount": {
+          "description": "[Output Only] Count of VMs originally planned to be created.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "BundledLocalSsds": {
+      "id": "BundledLocalSsds",
+      "properties": {
+        "defaultInterface": {
+          "description": "The default disk interface if the interface is not specified.",
           "type": "string"
         },
-        "provisionedThroughput": {
-          "description": "Indicates how much throughput to provision for the disk. This sets the number of throughput mb per second that the disk can handle. Values must be between 1 and 7,124.",
-          "format": "int64",
+        "partitionCount": {
+          "description": "The number of partitions.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "CacheInvalidationRule": {
+      "id": "CacheInvalidationRule",
+      "properties": {
+        "host": {
+          "description": "If set, this invalidation rule will only apply to requests with a Host header matching host.",
           "type": "string"
         },
-        "replicaZones": {
-          "description": "Required for each regional disk associated with the instance. Specify the URLs of the zones where the disk should be replicated to. You must provide exactly two replica zones, and one zone must be the same as the instance zone. You can't use this option with boot disks.",
+        "path": {
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "CacheKeyPolicy": {
+      "description": "Message containing what to include in the cache key for a request for Cloud CDN.",
+      "id": "CacheKeyPolicy",
+      "properties": {
+        "includeHost": {
+          "description": "If true, requests to different hosts will be cached separately.",
+          "type": "boolean"
+        },
+        "includeHttpHeaders": {
+          "description": "Allows HTTP request headers (by name) to be used in the cache key.",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
-        "resourceManagerTags": {
-          "additionalProperties": {
-            "type": "string"
-          },
-          "description": "Resource manager tags to be bound to the disk. Tag keys and values have the same definition as resource manager tags. Keys must be in the format `tagKeys/{tag_key_id}`, and values are in the format `tagValues/456`. The field is ignored (both PUT \u0026 PATCH) when empty.",
-          "type": "object"
-        },
-        "resourcePolicies": {
-          "description": "Resource policies applied to this disk for automatic snapshot creations. Specified using the full or partial URL. For instance template, specify only the resource policy name.",
+        "includeNamedCookies": {
+          "description": "Allows HTTP cookies (by name) to be used in the cache key. The name=value pair will be used in the cache key Cloud CDN generates.",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
-        "sourceImage": {
-          "description": "The source image to create this disk. When creating a new instance, one of initializeParams.sourceImage or initializeParams.sourceSnapshot or disks.source is required except for local SSD. To create a disk with one of the public operating system images, specify the image by its family name. For example, specify family/debian-9 to use the latest Debian 9 image: projects/debian-cloud/global/images/family/debian-9 Alternatively, use a specific version of a public operating system image: projects/debian-cloud/global/images/debian-9-stretch-vYYYYMMDD To create a disk with a custom image that you created, specify the image name in the following format: global/images/my-custom-image You can also specify a custom image by its image family, which returns the latest version of the image in that family. Replace the image name with family/family-name: global/images/family/my-image-family If the source image is deleted later, this field will not be set.",
-          "type": "string"
-        },
-        "sourceImageEncryptionKey": {
-          "$ref": "CustomerEncryptionKey",
-          "description": "The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key. InstanceTemplate and InstancePropertiesPatch do not store customer-supplied encryption keys, so you cannot create disks for instances in a managed instance group if the source images are encrypted with your own keys."
-        },
-        "sourceInstantSnapshot": {
-          "description": "The source instant-snapshot to create this disk. When creating a new instance, one of initializeParams.sourceSnapshot or initializeParams.sourceInstantSnapshot initializeParams.sourceImage or disks.source is required except for local SSD. To create a disk with a snapshot that you created, specify the snapshot name in the following format: us-central1-a/instantSnapshots/my-backup If the source instant-snapshot is deleted later, this field will not be set.",
-          "type": "string"
+        "includeProtocol": {
+          "description": "If true, http and https requests will be cached separately.",
+          "type": "boolean"
         },
-        "sourceSnapshot": {
-          "description": "The source snapshot to create this disk. When creating a new instance, one of initializeParams.sourceSnapshot or initializeParams.sourceImage or disks.source is required except for local SSD. To create a disk with a snapshot that you created, specify the snapshot name in the following format: global/snapshots/my-backup If the source snapshot is deleted later, this field will not be set.",
-          "type": "string"
+        "includeQueryString": {
+          "description": "If true, include query string parameters in the cache key according to query_string_whitelist and query_string_blacklist. If neither is set, the entire query string will be included. If false, the query string will be excluded from the cache key entirely.",
+          "type": "boolean"
         },
-        "sourceSnapshotEncryptionKey": {
-          "$ref": "CustomerEncryptionKey",
-          "description": "The customer-supplied encryption key of the source snapshot."
-        }
-      },
-      "type": "object"
-    },
-    "AuditConfig": {
-      "description": "Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { \"audit_configs\": [ { \"service\": \"allServices\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\", \"exempted_members\": [ \"user:jose@example.com\" ] }, { \"log_type\": \"DATA_WRITE\" }, { \"log_type\": \"ADMIN_READ\" } ] }, { \"service\": \"sampleservice.googleapis.com\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\" }, { \"log_type\": \"DATA_WRITE\", \"exempted_members\": [ \"user:aliya@example.com\" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.",
-      "id": "AuditConfig",
-      "properties": {
-        "auditLogConfigs": {
-          "description": "The configuration for logging of each type of permission.",
+        "queryStringBlacklist": {
+          "description": "Names of query string parameters to exclude in cache keys. All other parameters will be included. Either specify query_string_whitelist or query_string_blacklist, not both. '\u0026' and '=' will be percent encoded and not treated as delimiters.",
           "items": {
-            "$ref": "AuditLogConfig"
+            "type": "string"
           },
           "type": "array"
         },
-        "exemptedMembers": {
-          "description": "This is deprecated and has no effect. Do not use.",
+        "queryStringWhitelist": {
+          "description": "Names of query string parameters to include in cache keys. All other parameters will be excluded. Either specify query_string_whitelist or query_string_blacklist, not both. '\u0026' and '=' will be percent encoded and not treated as delimiters.",
           "items": {
             "type": "string"
           },
           "type": "array"
-        },
-        "service": {
-          "description": "Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.",
+        }
+      },
+      "type": "object"
+    },
+    "CallCredentials": {
+      "description": "[Deprecated] gRPC call credentials to access the SDS server. gRPC call credentials to access the SDS server.",
+      "id": "CallCredentials",
+      "properties": {
+        "callCredentialType": {
+          "description": "The type of call credentials to use for GRPC requests to the SDS server. This field can be set to one of the following: - GCE_VM: The local GCE VM service account credentials are used to access the SDS server. - FROM_PLUGIN: Custom authenticator credentials are used to access the SDS server.",
+          "enum": [
+            "FROM_PLUGIN",
+            "GCE_VM",
+            "INVALID"
+          ],
+          "enumDescriptions": [
+            "Custom authenticator credentials are used to access the SDS server.",
+            "The local GCE VM service account credentials are used to access the SDS server.",
+            ""
+          ],
           "type": "string"
+        },
+        "fromPlugin": {
+          "$ref": "MetadataCredentialsFromPlugin",
+          "description": "Custom authenticator credentials. Valid if callCredentialType is FROM_PLUGIN."
         }
       },
       "type": "object"
     },
-    "AuditLogConfig": {
-      "description": "Provides the configuration for logging a type of permissions. Example: { \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\", \"exempted_members\": [ \"user:jose@example.com\" ] }, { \"log_type\": \"DATA_WRITE\" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.",
-      "id": "AuditLogConfig",
+    "ChannelCredentials": {
+      "description": "[Deprecated] gRPC channel credentials to access the SDS server. gRPC channel credentials to access the SDS server.",
+      "id": "ChannelCredentials",
       "properties": {
-        "exemptedMembers": {
-          "description": "Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "ignoreChildExemptions": {
-          "description": "This is deprecated and has no effect. Do not use.",
-          "type": "boolean"
+        "certificates": {
+          "$ref": "TlsCertificatePaths",
+          "description": "The call credentials to access the SDS server."
         },
-        "logType": {
-          "description": "The log type that this config enables.",
+        "channelCredentialType": {
+          "description": "The channel credentials to access the SDS server. This field can be set to one of the following: CERTIFICATES: Use TLS certificates to access the SDS server. GCE_VM: Use local GCE VM credentials to access the SDS server.",
           "enum": [
-            "ADMIN_READ",
-            "DATA_READ",
-            "DATA_WRITE",
-            "LOG_TYPE_UNSPECIFIED"
+            "CERTIFICATES",
+            "GCE_VM",
+            "INVALID"
           ],
           "enumDescriptions": [
-            "Admin reads. Example: CloudIAM getIamPolicy",
-            "Data reads. Example: CloudSQL Users list",
-            "Data writes. Example: CloudSQL Users create",
-            "Default case. Should never be this."
+            "Use TLS certificates to access the SDS server.",
+            "Use local GCE VM credentials to access the SDS server.",
+            ""
           ],
           "type": "string"
         }
       },
       "type": "object"
     },
-    "AuthenticationPolicy": {
-      "description": "[Deprecated] The authentication settings for the backend service. The authentication settings for the backend service.",
-      "id": "AuthenticationPolicy",
+    "CircuitBreakers": {
+      "description": "Settings controlling the volume of requests, connections and retries to this backend service.",
+      "id": "CircuitBreakers",
       "properties": {
-        "origins": {
-          "description": "List of authentication methods that can be used for origin authentication. Similar to peers, these will be evaluated in order the first valid one will be used to set origin identity. If none of these methods pass, the request will be rejected with authentication failed error (401). Leave the list empty if origin authentication is not required.",
-          "items": {
-            "$ref": "OriginAuthenticationMethod"
-          },
-          "type": "array"
+        "connectTimeout": {
+          "$ref": "Duration",
+          "description": "The timeout for new network connections to hosts."
         },
-        "peers": {
-          "description": "List of authentication methods that can be used for peer authentication. They will be evaluated in order the first valid one will be used to set peer identity. If none of these methods pass, the request will be rejected with authentication failed error (401). Leave the list empty if peer authentication is not required.",
-          "items": {
-            "$ref": "PeerAuthenticationMethod"
-          },
-          "type": "array"
+        "maxConnections": {
+          "description": "The maximum number of connections to the backend service. If not specified, there is no limit. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.",
+          "format": "int32",
+          "type": "integer"
         },
-        "principalBinding": {
-          "description": "Define whether peer or origin identity should be used for principal. Default value is USE_PEER. If peer (or origin) identity is not available, either because peer/origin authentication is not defined, or failed, principal will be left unset. In other words, binding rule does not affect the decision to accept or reject request. This field can be set to one of the following: USE_PEER: Principal will be set to the identity from peer authentication. USE_ORIGIN: Principal will be set to the identity from origin authentication.",
+        "maxPendingRequests": {
+          "description": "The maximum number of pending requests allowed to the backend service. If not specified, there is no limit. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "maxRequests": {
+          "description": "The maximum number of parallel requests that allowed to the backend service. If not specified, there is no limit.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "maxRequestsPerConnection": {
+          "description": "Maximum requests for a single connection to the backend service. This parameter is respected by both the HTTP/1.1 and HTTP/2 implementations. If not specified, there is no limit. Setting this parameter to 1 will effectively disable keep alive. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "maxRetries": {
+          "description": "The maximum number of parallel retries allowed to the backend cluster. If not specified, the default is 1. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "ClientTlsSettings": {
+      "description": "[Deprecated] The client side authentication settings for connection originating from the backend service. the backend service.",
+      "id": "ClientTlsSettings",
+      "properties": {
+        "clientTlsContext": {
+          "$ref": "TlsContext",
+          "description": "Configures the mechanism to obtain client-side security certificates and identity information. This field is only applicable when mode is set to MUTUAL."
+        },
+        "mode": {
+          "description": "Indicates whether connections to this port should be secured using TLS. The value of this field determines how TLS is enforced. This can be set to one of the following values: DISABLE: Do not setup a TLS connection to the backends. SIMPLE: Originate a TLS connection to the backends. MUTUAL: Secure connections to the backends using mutual TLS by presenting client certificates for authentication.",
           "enum": [
+            "DISABLE",
             "INVALID",
-            "USE_ORIGIN",
-            "USE_PEER"
+            "MUTUAL",
+            "SIMPLE"
           ],
           "enumDescriptions": [
+            "Do not setup a TLS connection to the backends.",
             "",
-            "Principal will be set to the identity from origin authentication.",
-            "Principal will be set to the identity from peer authentication."
+            "Secure connections to the backends using mutual TLS by presenting client certificates for authentication.",
+            "Originate a TLS connection to the backends."
           ],
           "type": "string"
         },
-        "serverTlsContext": {
-          "$ref": "TlsContext",
-          "description": "Configures the mechanism to obtain server-side security certificates and identity information."
-        }
-      },
-      "type": "object"
-    },
-    "AuthorizationConfig": {
-      "description": "[Deprecated] Authorization configuration provides service-level and method-level access control for a service. control for a service.",
-      "id": "AuthorizationConfig",
-      "properties": {
-        "policies": {
-          "description": "List of RbacPolicies.",
+        "sni": {
+          "description": "SNI string to present to the server during TLS handshake. This field is applicable only when mode is SIMPLE or MUTUAL.",
+          "type": "string"
+        },
+        "subjectAltNames": {
+          "description": "A list of alternate names to verify the subject identity in the certificate.If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. This field is applicable only when mode is SIMPLE or MUTUAL.",
           "items": {
-            "$ref": "RbacPolicy"
+            "type": "string"
           },
           "type": "array"
         }
       },
       "type": "object"
     },
-    "AuthorizationLoggingOptions": {
-      "description": "This is deprecated and has no effect. Do not use.",
-      "id": "AuthorizationLoggingOptions",
+    "Commitment": {
+      "description": "Represents a regional Commitment resource. Creating a commitment resource means that you are purchasing a committed use contract with an explicit start and end time. You can create commitments based on vCPUs and memory usage and receive discounted rates. For full details, read Signing Up for Committed Use Discounts.",
+      "id": "Commitment",
       "properties": {
-        "permissionType": {
-          "description": "This is deprecated and has no effect. Do not use.",
+        "autoRenew": {
+          "description": "Specifies whether to enable automatic renewal for the commitment. The default value is false if not specified. The field can be updated until the day of the commitment expiration at 12:00am PST. If the field is set to true, the commitment will be automatically renewed for either one or three years according to the terms of the existing commitment.",
+          "type": "boolean"
+        },
+        "category": {
+          "description": "The category of the commitment. Category MACHINE specifies commitments composed of machine resources such as VCPU or MEMORY, listed in resources. Category LICENSE specifies commitments composed of software licenses, listed in licenseResources. Note that only MACHINE commitments should have a Type specified.",
           "enum": [
-            "ADMIN_READ",
-            "ADMIN_WRITE",
-            "DATA_READ",
-            "DATA_WRITE",
-            "PERMISSION_TYPE_UNSPECIFIED"
+            "CATEGORY_UNSPECIFIED",
+            "LICENSE",
+            "MACHINE"
           ],
           "enumDescriptions": [
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use."
+            "",
+            "",
+            ""
           ],
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "Autoscaler": {
-      "description": "Represents an Autoscaler resource. Google Compute Engine has two Autoscaler resources: * [Zonal](/compute/docs/reference/rest/alpha/autoscalers) * [Regional](/compute/docs/reference/rest/alpha/regionAutoscalers) Use autoscalers to automatically add or delete instances from a managed instance group according to your defined autoscaling policy. For more information, read Autoscaling Groups of Instances. For zonal managed instance groups resource, use the autoscaler resource. For regional managed instance groups, use the regionAutoscalers resource.",
-      "id": "Autoscaler",
-      "properties": {
-        "autoscalingPolicy": {
-          "$ref": "AutoscalingPolicy",
-          "description": "The configuration parameters for the autoscaling algorithm. You can define one or more signals for an autoscaler: cpuUtilization, customMetricUtilizations, and loadBalancingUtilization. If none of these are specified, the default will be to autoscale based on cpuUtilization to 0.6 or 60%."
         },
         "creationTimestamp": {
           "description": "[Output Only] Creation timestamp in RFC3339 text format.",
@@ -42181,41 +47298,71 @@
           "description": "An optional description of this resource. Provide this property when you create the resource.",
           "type": "string"
         },
+        "endTimestamp": {
+          "description": "[Output Only] Commitment end time in RFC3339 text format.",
+          "type": "string"
+        },
         "id": {
           "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
           "format": "uint64",
           "type": "string"
         },
         "kind": {
-          "default": "compute#autoscaler",
-          "description": "[Output Only] Type of the resource. Always compute#autoscaler for autoscalers.",
+          "default": "compute#commitment",
+          "description": "[Output Only] Type of the resource. Always compute#commitment for commitments.",
           "type": "string"
         },
-        "name": {
-          "annotations": {
-            "required": [
-              "compute.autoscalers.insert"
-            ]
+        "licenseResource": {
+          "$ref": "LicenseResourceCommitment",
+          "description": "The license specification required as part of a license commitment."
+        },
+        "mergeSourceCommitments": {
+          "description": "List of source commitments to be merged into a new commitment.",
+          "items": {
+            "type": "string"
           },
+          "type": "array"
+        },
+        "name": {
           "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
           "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
         },
-        "recommendedSize": {
-          "description": "[Output Only] Target recommended MIG size (number of instances) computed by autoscaler. Autoscaler calculates the recommended MIG size even when the autoscaling policy mode is different from ON. This field is empty when autoscaler is not connected to an existing managed instance group or autoscaler did not generate its prediction.",
-          "format": "int32",
-          "type": "integer"
+        "plan": {
+          "description": "The plan for this commitment, which determines duration and discount rate. The currently supported plans are TWELVE_MONTH (1 year), and THIRTY_SIX_MONTH (3 years).",
+          "enum": [
+            "INVALID",
+            "THIRTY_SIX_MONTH",
+            "TWELVE_MONTH"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
         },
         "region": {
-          "description": "[Output Only] URL of the region where the instance group resides (for autoscalers living in regional scope).",
+          "description": "[Output Only] URL of the region where this commitment may be used.",
           "type": "string"
         },
-        "scalingScheduleStatus": {
-          "additionalProperties": {
-            "$ref": "ScalingScheduleStatus"
+        "reservations": {
+          "description": "List of reservations in this commitment.",
+          "items": {
+            "$ref": "Reservation"
           },
-          "description": "[Output Only] Status information of existing scaling schedules.",
-          "type": "object"
+          "type": "array"
+        },
+        "resourceStatus": {
+          "$ref": "CommitmentResourceStatus",
+          "description": "[Output Only] Status information for Commitment resource."
+        },
+        "resources": {
+          "description": "A list of commitment amounts for particular resources. Note that VCPU and MEMORY resource commitments must occur together.",
+          "items": {
+            "$ref": "ResourceCommitment"
+          },
+          "type": "array"
         },
         "selfLink": {
           "description": "[Output Only] Server-defined URL for the resource.",
@@ -42225,42 +47372,85 @@
           "description": "[Output Only] Server-defined URL for this resource with the resource id.",
           "type": "string"
         },
+        "splitSourceCommitment": {
+          "description": "Source commitment to be split into a new commitment.",
+          "type": "string"
+        },
+        "startTimestamp": {
+          "description": "[Output Only] Commitment start time in RFC3339 text format.",
+          "type": "string"
+        },
         "status": {
-          "description": "[Output Only] The status of the autoscaler configuration. Current set of possible values: - PENDING: Autoscaler backend hasn't read new/updated configuration. - DELETING: Configuration is being deleted. - ACTIVE: Configuration is acknowledged to be effective. Some warnings might be present in the statusDetails field. - ERROR: Configuration has errors. Actionable for users. Details are present in the statusDetails field. New values might be added in the future.",
+          "description": "[Output Only] Status of the commitment with regards to eventual expiration (each commitment has an end date defined). One of the following values: NOT_YET_ACTIVE, ACTIVE, EXPIRED.",
           "enum": [
             "ACTIVE",
-            "DELETING",
-            "ERROR",
-            "PENDING"
+            "CANCELED_EARLY_TERMINATION",
+            "CANCELING",
+            "CANCELLED",
+            "CREATING",
+            "EXPIRED",
+            "NOT_YET_ACTIVE"
           ],
           "enumDescriptions": [
-            "Configuration is acknowledged to be effective",
-            "Configuration is being deleted",
-            "Configuration has errors. Actionable for users.",
-            "Autoscaler backend hasn't read new/updated configuration"
+            "",
+            "",
+            "",
+            "Deprecate CANCELED status. Will use separate status to differentiate cancel by mergeCud or manual cancellation.",
+            "",
+            "",
+            ""
           ],
           "type": "string"
         },
-        "statusDetails": {
-          "description": "[Output Only] Human-readable details about the current state of the autoscaler. Read the documentation for Commonly returned status messages for examples of status messages you might encounter.",
-          "items": {
-            "$ref": "AutoscalerStatusDetails"
-          },
-          "type": "array"
-        },
-        "target": {
-          "description": "URL of the managed instance group that this autoscaler will scale. This field is required when creating an autoscaler.",
+        "statusMessage": {
+          "description": "[Output Only] An optional, human-readable explanation of the status.",
           "type": "string"
         },
-        "zone": {
-          "description": "[Output Only] URL of the zone where the instance group resides (for autoscalers living in zonal scope).",
+        "type": {
+          "description": "The type of commitment, which affects the discount rate and the eligible resources. Type MEMORY_OPTIMIZED specifies a commitment that will only apply to memory optimized machines. Type ACCELERATOR_OPTIMIZED specifies a commitment that will only apply to accelerator optimized machines.",
+          "enum": [
+            "ACCELERATOR_OPTIMIZED",
+            "ACCELERATOR_OPTIMIZED_A3",
+            "COMPUTE_OPTIMIZED",
+            "COMPUTE_OPTIMIZED_C2D",
+            "COMPUTE_OPTIMIZED_C3",
+            "COMPUTE_OPTIMIZED_C3D",
+            "COMPUTE_OPTIMIZED_H3",
+            "GENERAL_PURPOSE",
+            "GENERAL_PURPOSE_E2",
+            "GENERAL_PURPOSE_N2",
+            "GENERAL_PURPOSE_N2D",
+            "GENERAL_PURPOSE_T2D",
+            "GRAPHICS_OPTIMIZED",
+            "MEMORY_OPTIMIZED",
+            "MEMORY_OPTIMIZED_M3",
+            "TYPE_UNSPECIFIED"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            ""
+          ],
           "type": "string"
         }
       },
       "type": "object"
     },
-    "AutoscalerAggregatedList": {
-      "id": "AutoscalerAggregatedList",
+    "CommitmentAggregatedList": {
+      "id": "CommitmentAggregatedList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
@@ -42268,15 +47458,15 @@
         },
         "items": {
           "additionalProperties": {
-            "$ref": "AutoscalersScopedList",
-            "description": "[Output Only] Name of the scope containing this set of autoscalers."
+            "$ref": "CommitmentsScopedList",
+            "description": "[Output Only] Name of the scope containing this set of commitments."
           },
-          "description": "A list of AutoscalersScopedList resources.",
+          "description": "A list of CommitmentsScopedList resources.",
           "type": "object"
         },
         "kind": {
-          "default": "compute#autoscalerAggregatedList",
-          "description": "[Output Only] Type of resource. Always compute#autoscalerAggregatedList for aggregated lists of autoscalers.",
+          "default": "compute#commitmentAggregatedList",
+          "description": "[Output Only] Type of resource. Always compute#commitmentAggregatedList for aggregated lists of commitments.",
           "type": "string"
         },
         "nextPageToken": {
@@ -42288,7 +47478,7 @@
           "type": "string"
         },
         "unreachables": {
-          "description": "[Output Only] Unreachable resources. end_interface: MixerListResponseWithEtagBuilder",
+          "description": "[Output Only] Unreachable resources.",
           "items": {
             "type": "string"
           },
@@ -42310,6 +47500,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -42328,6 +47519,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -42339,6 +47560,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -42386,24 +47608,24 @@
       },
       "type": "object"
     },
-    "AutoscalerList": {
-      "description": "Contains a list of Autoscaler resources.",
-      "id": "AutoscalerList",
+    "CommitmentList": {
+      "description": "Contains a list of Commitment resources.",
+      "id": "CommitmentList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of Autoscaler resources.",
+          "description": "A list of Commitment resources.",
           "items": {
-            "$ref": "Autoscaler"
+            "$ref": "Commitment"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#autoscalerList",
-          "description": "[Output Only] Type of resource. Always compute#autoscalerList for lists of autoscalers.",
+          "default": "compute#commitmentList",
+          "description": "[Output Only] Type of resource. Always compute#commitmentList for lists of commitments.",
           "type": "string"
         },
         "nextPageToken": {
@@ -42430,6 +47652,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -42448,6 +47671,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -42459,6 +47712,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -42506,76 +47760,55 @@
       },
       "type": "object"
     },
-    "AutoscalerStatusDetails": {
-      "id": "AutoscalerStatusDetails",
+    "CommitmentResourceStatus": {
+      "description": "[Output Only] Contains output only fields.",
+      "id": "CommitmentResourceStatus",
       "properties": {
-        "message": {
-          "description": "The status message.",
+        "cancellationInformation": {
+          "$ref": "CommitmentResourceStatusCancellationInformation",
+          "description": "[Output Only] An optional, contains all the needed information of cancellation."
+        }
+      },
+      "type": "object"
+    },
+    "CommitmentResourceStatusCancellationInformation": {
+      "id": "CommitmentResourceStatusCancellationInformation",
+      "properties": {
+        "canceledCommitment": {
+          "$ref": "Money",
+          "description": "[Output Only] An optional amount of CUDs canceled so far in the last 365 days."
+        },
+        "canceledCommitmentLastUpdatedTimestamp": {
+          "description": "[Output Only] An optional last update time of canceled_commitment. RFC3339 text format.",
           "type": "string"
         },
-        "type": {
-          "description": "The type of error, warning, or notice returned. Current set of possible values: - ALL_INSTANCES_UNHEALTHY (WARNING): All instances in the instance group are unhealthy (not in RUNNING state). - BACKEND_SERVICE_DOES_NOT_EXIST (ERROR): There is no backend service attached to the instance group. - CAPPED_AT_MAX_NUM_REPLICAS (WARNING): Autoscaler recommends a size greater than maxNumReplicas. - CUSTOM_METRIC_DATA_POINTS_TOO_SPARSE (WARNING): The custom metric samples are not exported often enough to be a credible base for autoscaling. - CUSTOM_METRIC_INVALID (ERROR): The custom metric that was specified does not exist or does not have the necessary labels. - MIN_EQUALS_MAX (WARNING): The minNumReplicas is equal to maxNumReplicas. This means the autoscaler cannot add or remove instances from the instance group. - MISSING_CUSTOM_METRIC_DATA_POINTS (WARNING): The autoscaler did not receive any data from the custom metric configured for autoscaling. - MISSING_LOAD_BALANCING_DATA_POINTS (WARNING): The autoscaler is configured to scale based on a load balancing signal but the instance group has not received any requests from the load balancer. - MODE_OFF (WARNING): Autoscaling is turned off. The number of instances in the group won't change automatically. The autoscaling configuration is preserved. - MODE_ONLY_UP (WARNING): Autoscaling is in the \"Autoscale only out\" mode. The autoscaler can add instances but not remove any. - MORE_THAN_ONE_BACKEND_SERVICE (ERROR): The instance group cannot be autoscaled because it has more than one backend service attached to it. - NOT_ENOUGH_QUOTA_AVAILABLE (ERROR): There is insufficient quota for the necessary resources, such as CPU or number of instances. - REGION_RESOURCE_STOCKOUT (ERROR): Shown only for regional autoscalers: there is a resource stockout in the chosen region. - SCALING_TARGET_DOES_NOT_EXIST (ERROR): The target to be scaled does not exist. - UNSUPPORTED_MAX_RATE_LOAD_BALANCING_CONFIGURATION (ERROR): Autoscaling does not work with an HTTP/S load balancer that has been configured for maxRate. - ZONE_RESOURCE_STOCKOUT (ERROR): For zonal autoscalers: there is a resource stockout in the chosen zone. For regional autoscalers: in at least one of the zones you're using there is a resource stockout. New values might be added in the future. Some of the values might not be available in all API versions.",
-          "enum": [
-            "ALL_INSTANCES_UNHEALTHY",
-            "BACKEND_SERVICE_DOES_NOT_EXIST",
-            "CAPPED_AT_MAX_NUM_REPLICAS",
-            "CUSTOM_METRIC_DATA_POINTS_TOO_SPARSE",
-            "CUSTOM_METRIC_INVALID",
-            "MIN_EQUALS_MAX",
-            "MISSING_CUSTOM_METRIC_DATA_POINTS",
-            "MISSING_LOAD_BALANCING_DATA_POINTS",
-            "MODE_OFF",
-            "MODE_ONLY_SCALE_OUT",
-            "MODE_ONLY_UP",
-            "MORE_THAN_ONE_BACKEND_SERVICE",
-            "NOT_ENOUGH_QUOTA_AVAILABLE",
-            "REGION_RESOURCE_STOCKOUT",
-            "SCALING_TARGET_DOES_NOT_EXIST",
-            "SCHEDULED_INSTANCES_GREATER_THAN_AUTOSCALER_MAX",
-            "SCHEDULED_INSTANCES_LESS_THAN_AUTOSCALER_MIN",
-            "UNKNOWN",
-            "UNSUPPORTED_MAX_RATE_LOAD_BALANCING_CONFIGURATION",
-            "ZONE_RESOURCE_STOCKOUT"
-          ],
-          "enumDescriptions": [
-            "All instances in the instance group are unhealthy (not in RUNNING state).",
-            "There is no backend service attached to the instance group.",
-            "Autoscaler recommends a size greater than maxNumReplicas.",
-            "The custom metric samples are not exported often enough to be a credible base for autoscaling.",
-            "The custom metric that was specified does not exist or does not have the necessary labels.",
-            "The minNumReplicas is equal to maxNumReplicas. This means the autoscaler cannot add or remove instances from the instance group.",
-            "The autoscaler did not receive any data from the custom metric configured for autoscaling.",
-            "The autoscaler is configured to scale based on a load balancing signal but the instance group has not received any requests from the load balancer.",
-            "Autoscaling is turned off. The number of instances in the group won't change automatically. The autoscaling configuration is preserved.",
-            "Autoscaling is in the \"Autoscale only scale out\" mode. Instances in the group will be only added.",
-            "Autoscaling is in the \"Autoscale only out\" mode. Instances in the group will be only added.",
-            "The instance group cannot be autoscaled because it has more than one backend service attached to it.",
-            "There is insufficient quota for the necessary resources, such as CPU or number of instances.",
-            "Showed only for regional autoscalers: there is a resource stockout in the chosen region.",
-            "The target to be scaled does not exist.",
-            "For some scaling schedules minRequiredReplicas is greater than maxNumReplicas. Autoscaler always recommends at most maxNumReplicas instances.",
-            "For some scaling schedules minRequiredReplicas is less than minNumReplicas. Autoscaler always recommends at least minNumReplicas instances.",
-            "",
-            "Autoscaling does not work with an HTTP/S load balancer that has been configured for maxRate.",
-            "For zonal autoscalers: there is a resource stockout in the chosen zone. For regional autoscalers: in at least one of the zones you're using there is a resource stockout."
-          ],
+        "cancellationCap": {
+          "$ref": "Money",
+          "description": "[Output Only] An optional,the cancellation cap for how much commitments can be canceled in a rolling 365 per billing account."
+        },
+        "cancellationFee": {
+          "$ref": "Money",
+          "description": "[Output Only] An optional, cancellation fee."
+        },
+        "cancellationFeeExpirationTimestamp": {
+          "description": "[Output Only] An optional, cancellation fee expiration time. RFC3339 text format.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "AutoscalersScopedList": {
-      "id": "AutoscalersScopedList",
+    "CommitmentsScopedList": {
+      "id": "CommitmentsScopedList",
       "properties": {
-        "autoscalers": {
-          "description": "[Output Only] A list of autoscalers contained in this scope.",
+        "commitments": {
+          "description": "[Output Only] A list of commitments contained in this scope.",
           "items": {
-            "$ref": "Autoscaler"
+            "$ref": "Commitment"
           },
           "type": "array"
         },
         "warning": {
-          "description": "[Output Only] Informational warning which replaces the list of autoscalers when the list is empty.",
+          "description": "[Output Only] Informational warning which replaces the list of commitments when the list is empty.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -42590,6 +47823,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -42608,6 +47842,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -42619,6 +47883,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -42666,510 +47931,686 @@
       },
       "type": "object"
     },
-    "AutoscalingPolicy": {
-      "description": "Cloud Autoscaler policy.",
-      "id": "AutoscalingPolicy",
+    "Condition": {
+      "description": "This is deprecated and has no effect. Do not use.",
+      "id": "Condition",
       "properties": {
-        "coolDownPeriodSec": {
-          "description": "The number of seconds that the autoscaler waits before it starts collecting information from a new instance. This prevents the autoscaler from collecting information when the instance is initializing, during which the collected usage would not be reliable. The default time autoscaler waits is 60 seconds. Virtual machine initialization times might vary because of numerous factors. We recommend that you test how long an instance may take to initialize. To do this, create an instance and time the startup process.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "cpuUtilization": {
-          "$ref": "AutoscalingPolicyCpuUtilization",
-          "description": "Defines the CPU utilization policy that allows the autoscaler to scale based on the average CPU utilization of a managed instance group."
-        },
-        "customMetricUtilizations": {
-          "description": "Configuration parameters of autoscaling based on a custom metric.",
-          "items": {
-            "$ref": "AutoscalingPolicyCustomMetricUtilization"
-          },
-          "type": "array"
-        },
-        "loadBalancingUtilization": {
-          "$ref": "AutoscalingPolicyLoadBalancingUtilization",
-          "description": "Configuration parameters of autoscaling based on load balancer."
-        },
-        "maxNumReplicas": {
-          "description": "The maximum number of instances that the autoscaler can scale out to. This is required when creating or updating an autoscaler. The maximum number of replicas must not be lower than minimal number of replicas.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "minNumReplicas": {
-          "description": "The minimum number of replicas that the autoscaler can scale in to. This cannot be less than 0. If not provided, autoscaler chooses a default value depending on maximum number of instances allowed.",
-          "format": "int32",
-          "type": "integer"
+        "iam": {
+          "description": "This is deprecated and has no effect. Do not use.",
+          "enum": [
+            "APPROVER",
+            "ATTRIBUTION",
+            "AUTHORITY",
+            "CREDENTIALS_TYPE",
+            "CREDS_ASSERTION",
+            "JUSTIFICATION_TYPE",
+            "NO_ATTR",
+            "SECURITY_REALM"
+          ],
+          "enumDescriptions": [
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use."
+          ],
+          "type": "string"
         },
-        "mode": {
-          "description": "Defines operating mode for this policy.",
+        "op": {
+          "description": "This is deprecated and has no effect. Do not use.",
           "enum": [
-            "OFF",
-            "ON",
-            "ONLY_SCALE_OUT",
-            "ONLY_UP"
+            "DISCHARGED",
+            "EQUALS",
+            "IN",
+            "NOT_EQUALS",
+            "NOT_IN",
+            "NO_OP"
           ],
           "enumDescriptions": [
-            "Do not automatically scale the MIG in or out. The recommended_size field contains the size of MIG that would be set if the actuation mode was enabled.",
-            "Automatically scale the MIG in and out according to the policy.",
-            "Automatically create VMs according to the policy, but do not scale the MIG in.",
-            "Automatically create VMs according to the policy, but do not scale the MIG in."
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use."
           ],
           "type": "string"
         },
-        "scaleDownControl": {
-          "$ref": "AutoscalingPolicyScaleDownControl"
+        "svc": {
+          "description": "This is deprecated and has no effect. Do not use.",
+          "type": "string"
         },
-        "scaleInControl": {
-          "$ref": "AutoscalingPolicyScaleInControl"
+        "sys": {
+          "description": "This is deprecated and has no effect. Do not use.",
+          "enum": [
+            "IP",
+            "NAME",
+            "NO_ATTR",
+            "REGION",
+            "SERVICE"
+          ],
+          "enumDescriptions": [
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use."
+          ],
+          "type": "string"
         },
-        "scalingSchedules": {
-          "additionalProperties": {
-            "$ref": "AutoscalingPolicyScalingSchedule"
+        "values": {
+          "description": "This is deprecated and has no effect. Do not use.",
+          "items": {
+            "type": "string"
           },
-          "description": "Scaling schedules defined for an autoscaler. Multiple schedules can be set on an autoscaler, and they can overlap. During overlapping periods the greatest min_required_replicas of all scaling schedules is applied. Up to 128 scaling schedules are allowed.",
-          "type": "object"
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "AutoscalingPolicyCpuUtilization": {
-      "description": "CPU utilization policy.",
-      "id": "AutoscalingPolicyCpuUtilization",
+    "ConfidentialInstanceConfig": {
+      "description": "A set of Confidential Instance options.",
+      "id": "ConfidentialInstanceConfig",
       "properties": {
-        "predictiveMethod": {
-          "description": "Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: * NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. * OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand.",
+        "confidentialInstanceType": {
+          "description": "Defines the type of technology used by the confidential instance.",
           "enum": [
-            "NONE",
-            "OPTIMIZE_AVAILABILITY",
-            "PREDICTIVE_METHOD_UNSPECIFIED",
-            "STANDARD"
+            "CONFIDENTIAL_INSTANCE_TYPE_UNSPECIFIED",
+            "SEV",
+            "SEV_SNP",
+            "TDX"
           ],
           "enumDescriptions": [
-            "No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics",
-            "Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand.",
-            "",
-            "Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. This value is being DEPRECATED - it won't be promoted to beta and v1. Use OPTIMIZE_AVAILABILITY instead."
+            "No type specified. Do not use this value.",
+            "AMD Secure Encrypted Virtualization.",
+            "AMD Secure Encrypted Virtualization - Secure Nested Paging.",
+            "Intel Trust Domain eXtension."
           ],
           "type": "string"
         },
-        "utilizationTarget": {
-          "description": "The target CPU utilization that the autoscaler maintains. Must be a float value in the range (0, 1]. If not specified, the default is 0.6. If the CPU level is below the target utilization, the autoscaler scales in the number of instances until it reaches the minimum number of instances you specified or until the average CPU of your instances reaches the target utilization. If the average CPU is above the target utilization, the autoscaler scales out until it reaches the maximum number of instances you specified or until the average utilization reaches the target utilization.",
-          "format": "double",
-          "type": "number"
+        "enableConfidentialCompute": {
+          "description": "Defines whether the instance should have confidential compute enabled.",
+          "type": "boolean"
         }
       },
       "type": "object"
     },
-    "AutoscalingPolicyCustomMetricUtilization": {
-      "description": "Custom utilization metric policy.",
-      "id": "AutoscalingPolicyCustomMetricUtilization",
+    "ConnectionDraining": {
+      "description": "Message containing connection draining configuration.",
+      "id": "ConnectionDraining",
       "properties": {
-        "filter": {
-          "description": "A filter string, compatible with a Stackdriver Monitoring filter string for TimeSeries.list API call. This filter is used to select a specific TimeSeries for the purpose of autoscaling and to determine whether the metric is exporting per-instance or per-group data. For the filter to be valid for autoscaling purposes, the following rules apply: - You can only use the AND operator for joining selectors. - You can only use direct equality comparison operator (=) without any functions for each selector. - You can specify the metric in both the filter string and in the metric field. However, if specified in both places, the metric must be identical. - The monitored resource type determines what kind of values are expected for the metric. If it is a gce_instance, the autoscaler expects the metric to include a separate TimeSeries for each instance in a group. In such a case, you cannot filter on resource labels. If the resource type is any other value, the autoscaler expects this metric to contain values that apply to the entire autoscaled instance group and resource label filtering can be performed to point autoscaler at the correct TimeSeries to scale upon. This is called a *per-group metric* for the purpose of autoscaling. If not specified, the type defaults to gce_instance. Try to provide a filter that is selective enough to pick just one TimeSeries for the autoscaled group or for each of the instances (if you are using gce_instance resource type). If multiple TimeSeries are returned upon the query execution, the autoscaler will sum their respective values to obtain its scaling value.",
-          "type": "string"
+        "drainingTimeoutSec": {
+          "description": "Configures a duration timeout for existing requests on a removed backend instance. For supported load balancers and protocols, as described in Enabling connection draining.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "ConsistentHashLoadBalancerSettings": {
+      "description": "This message defines settings for a consistent hash style load balancer.",
+      "id": "ConsistentHashLoadBalancerSettings",
+      "properties": {
+        "httpCookie": {
+          "$ref": "ConsistentHashLoadBalancerSettingsHttpCookie",
+          "description": "Hash is based on HTTP Cookie. This field describes a HTTP cookie that will be used as the hash key for the consistent hash load balancer. If the cookie is not present, it will be generated. This field is applicable if the sessionAffinity is set to HTTP_COOKIE. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true."
         },
-        "metric": {
-          "description": "The identifier (type) of the Stackdriver Monitoring metric. The metric cannot have negative values. The metric must have a value type of INT64 or DOUBLE.",
+        "httpHeaderName": {
+          "description": "The hash based on the value of the specified header field. This field is applicable if the sessionAffinity is set to HEADER_FIELD.",
           "type": "string"
         },
-        "singleInstanceAssignment": {
-          "description": "If scaling is based on a per-group metric value that represents the total amount of work to be done or resource usage, set this value to an amount assigned for a single instance of the scaled group. Autoscaler keeps the number of instances proportional to the value of this metric. The metric itself does not change value due to group resizing. A good metric to use with the target is for example pubsub.googleapis.com/subscription/num_undelivered_messages or a custom metric exporting the total number of requests coming to your instances. A bad example would be a metric exporting an average or median latency, since this value can't include a chunk assignable to a single instance, it could be better used with utilization_target instead.",
-          "format": "double",
-          "type": "number"
-        },
-        "utilizationTarget": {
-          "description": "The target value of the metric that autoscaler maintains. This must be a positive value. A utilization metric scales number of virtual machines handling requests to increase or decrease proportionally to the metric. For example, a good metric to use as a utilization_target is https://www.googleapis.com/compute/v1/instance/network/received_bytes_count. The autoscaler works to keep this value constant for each of the instances.",
-          "format": "double",
-          "type": "number"
-        },
-        "utilizationTargetType": {
-          "description": "Defines how target utilization value is expressed for a Stackdriver Monitoring metric. Either GAUGE, DELTA_PER_SECOND, or DELTA_PER_MINUTE.",
-          "enum": [
-            "DELTA_PER_MINUTE",
-            "DELTA_PER_SECOND",
-            "GAUGE"
-          ],
-          "enumDescriptions": [
-            "Sets the utilization target value for a cumulative or delta metric, expressed as the rate of growth per minute.",
-            "Sets the utilization target value for a cumulative or delta metric, expressed as the rate of growth per second.",
-            "Sets the utilization target value for a gauge metric. The autoscaler will collect the average utilization of the virtual machines from the last couple of minutes, and compare the value to the utilization target value to perform autoscaling."
-          ],
+        "minimumRingSize": {
+          "description": "The minimum number of virtual nodes to use for the hash ring. Defaults to 1024. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node.",
+          "format": "int64",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "AutoscalingPolicyLoadBalancingUtilization": {
-      "description": "Configuration parameters of autoscaling based on load balancing.",
-      "id": "AutoscalingPolicyLoadBalancingUtilization",
+    "ConsistentHashLoadBalancerSettingsHttpCookie": {
+      "description": "The information about the HTTP Cookie on which the hash function is based for load balancing policies that use a consistent hash.",
+      "id": "ConsistentHashLoadBalancerSettingsHttpCookie",
       "properties": {
-        "utilizationTarget": {
-          "description": "Fraction of backend capacity utilization (set in HTTP(S) load balancing configuration) that the autoscaler maintains. Must be a positive float value. If not defined, the default is 0.8.",
-          "format": "double",
-          "type": "number"
+        "name": {
+          "description": "Name of the cookie.",
+          "type": "string"
+        },
+        "path": {
+          "description": "Path to set for the cookie.",
+          "type": "string"
+        },
+        "ttl": {
+          "$ref": "Duration",
+          "description": "Lifetime of the cookie."
         }
       },
       "type": "object"
     },
-    "AutoscalingPolicyScaleDownControl": {
-      "description": "Configuration that allows for slower scale in so that even if Autoscaler recommends an abrupt scale in of a MIG, it will be throttled as specified by the parameters below.",
-      "id": "AutoscalingPolicyScaleDownControl",
+    "CorsPolicy": {
+      "description": "The specification for allowing client-side cross-origin requests. For more information about the W3C recommendation for cross-origin resource sharing (CORS), see Fetch API Living Standard.",
+      "id": "CorsPolicy",
       "properties": {
-        "maxScaledDownReplicas": {
-          "$ref": "FixedOrPercent",
-          "description": "Maximum allowed number (or %) of VMs that can be deducted from the peak recommendation during the window autoscaler looks at when computing recommendations. Possibly all these VMs can be deleted at once so user service needs to be prepared to lose that many VMs in one step."
+        "allowCredentials": {
+          "description": "In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header. Default is false.",
+          "type": "boolean"
         },
-        "timeWindowSec": {
-          "description": "How far back autoscaling looks when computing recommendations to include directives regarding slower scale in, as described above.",
+        "allowHeaders": {
+          "description": "Specifies the content for the Access-Control-Allow-Headers header.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "allowMethods": {
+          "description": "Specifies the content for the Access-Control-Allow-Methods header.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "allowOriginRegexes": {
+          "description": "Specifies a regular expression that matches allowed origins. For more information about the regular expression syntax, see Syntax. An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. Regular expressions can only be used when the loadBalancingScheme is set to INTERNAL_SELF_MANAGED.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "allowOrigins": {
+          "description": "Specifies the list of origins that is allowed to do CORS requests. An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "disabled": {
+          "description": "If true, the setting specifies the CORS policy is disabled. The default value of false, which indicates that the CORS policy is in effect.",
+          "type": "boolean"
+        },
+        "exposeHeaders": {
+          "description": "Specifies the content for the Access-Control-Expose-Headers header.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "maxAge": {
+          "description": "Specifies how long results of a preflight request can be cached in seconds. This field translates to the Access-Control-Max-Age header.",
           "format": "int32",
           "type": "integer"
         }
       },
       "type": "object"
     },
-    "AutoscalingPolicyScaleInControl": {
-      "description": "Configuration that allows for slower scale in so that even if Autoscaler recommends an abrupt scale in of a MIG, it will be throttled as specified by the parameters below.",
-      "id": "AutoscalingPolicyScaleInControl",
+    "CustomErrorResponsePolicy": {
+      "description": "Specifies the custom error response policy that must be applied when the backend service or backend bucket responds with an error.",
+      "id": "CustomErrorResponsePolicy",
       "properties": {
-        "maxScaledInReplicas": {
-          "$ref": "FixedOrPercent",
-          "description": "Maximum allowed number (or %) of VMs that can be deducted from the peak recommendation during the window autoscaler looks at when computing recommendations. Possibly all these VMs can be deleted at once so user service needs to be prepared to lose that many VMs in one step."
+        "errorResponseRules": {
+          "description": "Specifies rules for returning error responses. In a given policy, if you specify rules for both a range of error codes as well as rules for specific error codes then rules with specific error codes have a higher priority. For example, assume that you configure a rule for 401 (Un-authorized) code, and another for all 4 series error codes (4XX). If the backend service returns a 401, then the rule for 401 will be applied. However if the backend service returns a 403, the rule for 4xx takes effect.",
+          "items": {
+            "$ref": "CustomErrorResponsePolicyCustomErrorResponseRule"
+          },
+          "type": "array"
         },
-        "timeWindowSec": {
-          "description": "How far back autoscaling looks when computing recommendations to include directives regarding slower scale in, as described above.",
+        "errorService": {
+          "description": "The full or partial URL to the BackendBucket resource that contains the custom error content. Examples are: - https://www.googleapis.com/compute/v1/projects/project/global/backendBuckets/myBackendBucket - compute/v1/projects/project/global/backendBuckets/myBackendBucket - global/backendBuckets/myBackendBucket If errorService is not specified at lower levels like pathMatcher, pathRule and routeRule, an errorService specified at a higher level in the UrlMap will be used. If UrlMap.defaultCustomErrorResponsePolicy contains one or more errorResponseRules[], it must specify errorService. If load balancer cannot reach the backendBucket, a simple Not Found Error will be returned, with the original response code (or overrideResponseCode if configured). errorService is not supported for internal or regional HTTP/HTTPS load balancers.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "CustomErrorResponsePolicyCustomErrorResponseRule": {
+      "description": "Specifies the mapping between the response code that will be returned along with the custom error content and the response code returned by the backend service.",
+      "id": "CustomErrorResponsePolicyCustomErrorResponseRule",
+      "properties": {
+        "matchResponseCodes": {
+          "description": "Valid values include: - A number between 400 and 599: For example 401 or 503, in which case the load balancer applies the policy if the error code exactly matches this value. - 5xx: Load Balancer will apply the policy if the backend service responds with any response code in the range of 500 to 599. - 4xx: Load Balancer will apply the policy if the backend service responds with any response code in the range of 400 to 499. Values must be unique within matchResponseCodes and across all errorResponseRules of CustomErrorResponsePolicy.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "overrideResponseCode": {
+          "description": "The HTTP status code returned with the response containing the custom error content. If overrideResponseCode is not supplied, the same response code returned by the original backend bucket or backend service is returned to the client.",
           "format": "int32",
           "type": "integer"
+        },
+        "path": {
+          "description": "The full path to a file within backendBucket . For example: /errors/defaultError.html path must start with a leading slash. path cannot have trailing slashes. If the file is not available in backendBucket or the load balancer cannot reach the BackendBucket, a simple Not Found Error is returned to the client. The value must be from 1 to 1024 characters",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "AutoscalingPolicyScalingSchedule": {
-      "description": "Scaling based on user-defined schedule. The message describes a single scaling schedule. A scaling schedule changes the minimum number of VM instances an autoscaler can recommend, which can trigger scaling out.",
-      "id": "AutoscalingPolicyScalingSchedule",
+    "CustomerEncryptionKey": {
+      "id": "CustomerEncryptionKey",
       "properties": {
-        "description": {
-          "description": "A description of a scaling schedule.",
+        "kmsKeyName": {
+          "description": "The name of the encryption key that is stored in Google Cloud KMS. For example: \"kmsKeyName\": \"projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key The fully-qualifed key name may be returned for resource GET requests. For example: \"kmsKeyName\": \"projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key /cryptoKeyVersions/1 ",
           "type": "string"
         },
-        "disabled": {
-          "description": "A boolean value that specifies whether a scaling schedule can influence autoscaler recommendations. If set to true, then a scaling schedule has no effect. This field is optional, and its value is false by default.",
-          "type": "boolean"
+        "kmsKeyServiceAccount": {
+          "description": "The service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. For example: \"kmsKeyServiceAccount\": \"name@project_id.iam.gserviceaccount.com/ ",
+          "type": "string"
         },
-        "durationSec": {
-          "description": "The duration of time intervals, in seconds, for which this scaling schedule is to run. The minimum allowed value is 300. This field is required.",
-          "format": "int32",
-          "type": "integer"
+        "rawKey": {
+          "description": "Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: \"rawKey\": \"SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=\" ",
+          "type": "string"
         },
-        "minRequiredReplicas": {
-          "description": "The minimum number of VM instances that the autoscaler will recommend in time intervals starting according to schedule. This field is required.",
-          "format": "int32",
-          "type": "integer"
+        "rsaEncryptedKey": {
+          "description": "Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption key to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: \"rsaEncryptedKey\": \"ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==\" The key must meet the following requirements before you can provide it to Compute Engine: 1. The key is wrapped using a RSA public key certificate provided by Google. 2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding. Gets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem ",
+          "type": "string"
         },
-        "schedule": {
-          "description": "The start timestamps of time intervals when this scaling schedule is to provide a scaling signal. This field uses the extended cron format (with an optional year field). The expression can describe a single timestamp if the optional year is set, in which case the scaling schedule runs once. The schedule is interpreted with respect to time_zone. This field is required. Note: These timestamps only describe when autoscaler starts providing the scaling signal. The VMs need additional time to become serving.",
+        "sha256": {
+          "description": "[Output only] The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.",
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "CustomerEncryptionKeyProtectedDisk": {
+      "id": "CustomerEncryptionKeyProtectedDisk",
+      "properties": {
+        "diskEncryptionKey": {
+          "$ref": "CustomerEncryptionKey",
+          "description": "Decrypts data associated with the disk with a customer-supplied encryption key."
         },
-        "timeZone": {
-          "description": "The time zone to use when interpreting the schedule. The value of this field must be a time zone name from the tz database: http://en.wikipedia.org/wiki/Tz_database. This field is assigned a default value of “UTC” if left empty.",
+        "source": {
+          "description": "Specifies a valid partial or full URL to an existing Persistent Disk resource. This field is only applicable for persistent disks. For example: \"source\": \"/compute/v1/projects/project_id/zones/zone/disks/ disk_name ",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "Backend": {
-      "description": "Message containing information of one individual backend.",
-      "id": "Backend",
+    "DeprecationStatus": {
+      "description": "Deprecation status for a public resource.",
+      "id": "DeprecationStatus",
       "properties": {
-        "balancingMode": {
-          "description": "Specifies how to determine whether the backend of a load balancer can handle additional traffic or is fully loaded. For usage guidelines, see Connection balancing mode. Backends must use compatible balancing modes. For more information, see Supported balancing modes and target capacity settings and Restrictions and guidance for instance groups. Note: Currently, if you use the API to configure incompatible balancing modes, the configuration might be accepted even though it has no impact and is ignored. Specifically, Backend.maxUtilization is ignored when Backend.balancingMode is RATE. In the future, this incompatible combination will be rejected.",
+        "deleted": {
+          "description": "An optional RFC3339 timestamp on or after which the state of this resource is intended to change to DELETED. This is only informational and the status will not change unless the client explicitly changes it.",
+          "type": "string"
+        },
+        "deprecated": {
+          "description": "An optional RFC3339 timestamp on or after which the state of this resource is intended to change to DEPRECATED. This is only informational and the status will not change unless the client explicitly changes it.",
+          "type": "string"
+        },
+        "obsolete": {
+          "description": "An optional RFC3339 timestamp on or after which the state of this resource is intended to change to OBSOLETE. This is only informational and the status will not change unless the client explicitly changes it.",
+          "type": "string"
+        },
+        "replacement": {
+          "description": "The URL of the suggested replacement for a deprecated resource. The suggested replacement resource must be the same kind of resource as the deprecated resource.",
+          "type": "string"
+        },
+        "state": {
+          "description": "The deprecation state of this resource. This can be ACTIVE, DEPRECATED, OBSOLETE, or DELETED. Operations which communicate the end of life date for an image, can use ACTIVE. Operations which create a new resource using a DEPRECATED resource will return successfully, but with a warning indicating the deprecated resource and recommending its replacement. Operations which use OBSOLETE or DELETED resources will be rejected and result in an error.",
           "enum": [
-            "CONNECTION",
-            "RATE",
-            "UTILIZATION"
+            "ACTIVE",
+            "DELETED",
+            "DEPRECATED",
+            "OBSOLETE"
           ],
           "enumDescriptions": [
-            "Balance based on the number of simultaneous connections.",
-            "Balance based on requests per second (RPS).",
-            "Balance based on the backend utilization."
+            "",
+            "",
+            "",
+            ""
           ],
           "type": "string"
         },
-        "capacityScaler": {
-          "description": "A multiplier applied to the backend's target capacity of its balancing mode. The default value is 1, which means the group serves up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available capacity. The valid ranges are 0.0 and [0.1,1.0]. You cannot configure a setting larger than 0 and smaller than 0.1. You cannot configure a setting of 0 when there is only one backend attached to the backend service. Not available with backends that don't support using a balancingMode. This includes backends such as global internet NEGs, regional serverless NEGs, and PSC NEGs.",
-          "format": "float",
-          "type": "number"
+        "stateOverride": {
+          "$ref": "RolloutPolicy",
+          "description": "The rollout policy for this deprecation. This policy is only enforced by image family views. The rollout policy restricts the zones where the associated resource is considered in a deprecated state. When the rollout policy does not include the user specified zone, or if the zone is rolled out, the associated resource is considered in a deprecated state. The rollout policy for this deprecation is read-only, except for allowlisted users. This field might not be configured. To view the latest non-deprecated image in a specific zone, use the imageFamilyViews.get method."
+        }
+      },
+      "type": "object"
+    },
+    "Disk": {
+      "description": "Represents a Persistent Disk resource. Google Compute Engine has two Disk resources: * [Zonal](/compute/docs/reference/rest/alpha/disks) * [Regional](/compute/docs/reference/rest/alpha/regionDisks) Persistent disks are required for running your VM instances. Create both boot and non-boot (data) persistent disks. For more information, read Persistent Disks. For more storage options, read Storage options. The disks resource represents a zonal persistent disk. For more information, read Zonal persistent disks. The regionDisks resource represents a regional persistent disk. For more information, read Regional resources.",
+      "id": "Disk",
+      "properties": {
+        "accessMode": {
+          "description": "The access mode of the disk. - READ_WRITE_SINGLE: The default AccessMode, means the disk can be attached to single instance in RW mode. - READ_WRITE_MANY: The AccessMode means the disk can be attached to multiple instances in RW mode. - READ_ONLY_MANY: The AccessMode means the disk can be attached to multiple instances in RO mode. The AccessMode is only valid for Hyperdisk disk types.",
+          "enum": [
+            "READ_ONLY_MANY",
+            "READ_WRITE_MANY",
+            "READ_WRITE_SINGLE"
+          ],
+          "enumDescriptions": [
+            "The AccessMode means the disk can be attached to multiple instances in RO mode.",
+            "The AccessMode means the disk can be attached to multiple instances in RW mode.",
+            "The default AccessMode, means the disk can be attached to single instance in RW mode."
+          ],
+          "type": "string"
+        },
+        "architecture": {
+          "description": "The architecture of the disk. Valid values are ARM64 or X86_64.",
+          "enum": [
+            "ARCHITECTURE_UNSPECIFIED",
+            "ARM64",
+            "X86_64"
+          ],
+          "enumDescriptions": [
+            "Default value indicating Architecture is not set.",
+            "Machines with architecture ARM64",
+            "Machines with architecture X86_64"
+          ],
+          "type": "string"
+        },
+        "asyncPrimaryDisk": {
+          "$ref": "DiskAsyncReplication",
+          "description": "Disk asynchronously replicated into this disk."
+        },
+        "asyncSecondaryDisks": {
+          "additionalProperties": {
+            "$ref": "DiskAsyncReplicationList"
+          },
+          "description": "[Output Only] A list of disks this disk is asynchronously replicated to.",
+          "type": "object"
+        },
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
         },
         "description": {
           "description": "An optional description of this resource. Provide this property when you create the resource.",
           "type": "string"
         },
-        "failover": {
-          "description": "This field designates whether this is a failover backend. More than one failover backend can be configured for a given BackendService.",
+        "diskEncryptionKey": {
+          "$ref": "CustomerEncryptionKey",
+          "description": "Encrypts the disk using a customer-supplied encryption key or a customer-managed encryption key. Encryption keys do not protect access to metadata of the disk. After you encrypt a disk with a customer-supplied key, you must provide the same key if you use the disk later. For example, to create a disk snapshot, to create a disk image, to create a machine image, or to attach the disk to a virtual machine. After you encrypt a disk with a customer-managed key, the diskEncryptionKey.kmsKeyName is set to a key *version* name once the disk is created. The disk is encrypted with this version of the key. In the response, diskEncryptionKey.kmsKeyName appears in the following format: \"diskEncryptionKey.kmsKeyName\": \"projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key /cryptoKeysVersions/version If you do not provide an encryption key when creating the disk, then the disk is encrypted using an automatically generated key and you don't need to provide a key to use the disk later."
+        },
+        "enableConfidentialCompute": {
+          "description": "Whether this disk is using confidential compute mode.",
           "type": "boolean"
         },
-        "group": {
-          "description": "The fully-qualified URL of an instance group or network endpoint group (NEG) resource. To determine what types of backends a load balancer supports, see the [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service#backends). You must use the *fully-qualified* URL (starting with https://www.googleapis.com/) to specify the instance group or NEG. Partial URLs are not supported.",
+        "eraseWindowsVssSignature": {
+          "description": "Specifies whether the disk restored from a source snapshot should erase Windows specific VSS signature.",
+          "type": "boolean"
+        },
+        "guestOsFeatures": {
+          "description": "A list of features to enable on the guest operating system. Applicable only for bootable images. Read Enabling guest operating system features to see a list of available options.",
+          "items": {
+            "$ref": "GuestOsFeature"
+          },
+          "type": "array"
+        },
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
           "type": "string"
         },
-        "maxConnections": {
-          "description": "Defines a target maximum number of simultaneous connections. For usage guidelines, see Connection balancing mode and Utilization balancing mode. Not available if the backend's balancingMode is RATE.",
-          "format": "int32",
-          "type": "integer"
+        "interface": {
+          "deprecated": true,
+          "description": "[Deprecated] Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI.",
+          "enum": [
+            "NVME",
+            "SCSI",
+            "UNSPECIFIED"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
         },
-        "maxConnectionsPerEndpoint": {
-          "description": "Defines a target maximum number of simultaneous connections. For usage guidelines, see Connection balancing mode and Utilization balancing mode. Not available if the backend's balancingMode is RATE.",
-          "format": "int32",
-          "type": "integer"
+        "kind": {
+          "default": "compute#disk",
+          "description": "[Output Only] Type of the resource. Always compute#disk for disks.",
+          "type": "string"
         },
-        "maxConnectionsPerInstance": {
-          "description": "Defines a target maximum number of simultaneous connections. For usage guidelines, see Connection balancing mode and Utilization balancing mode. Not available if the backend's balancingMode is RATE.",
-          "format": "int32",
-          "type": "integer"
+        "labelFingerprint": {
+          "description": "A fingerprint for the labels being applied to this disk, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a disk.",
+          "format": "byte",
+          "type": "string"
         },
-        "maxRate": {
-          "description": "Defines a maximum number of HTTP requests per second (RPS). For usage guidelines, see Rate balancing mode and Utilization balancing mode. Not available if the backend's balancingMode is CONNECTION.",
-          "format": "int32",
-          "type": "integer"
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Labels to apply to this disk. These can be later modified by the setLabels method.",
+          "type": "object"
         },
-        "maxRatePerEndpoint": {
-          "description": "Defines a maximum target for requests per second (RPS). For usage guidelines, see Rate balancing mode and Utilization balancing mode. Not available if the backend's balancingMode is CONNECTION.",
-          "format": "float",
-          "type": "number"
+        "lastAttachTimestamp": {
+          "description": "[Output Only] Last attach timestamp in RFC3339 text format.",
+          "type": "string"
         },
-        "maxRatePerInstance": {
-          "description": "Defines a maximum target for requests per second (RPS). For usage guidelines, see Rate balancing mode and Utilization balancing mode. Not available if the backend's balancingMode is CONNECTION.",
-          "format": "float",
-          "type": "number"
+        "lastDetachTimestamp": {
+          "description": "[Output Only] Last detach timestamp in RFC3339 text format.",
+          "type": "string"
         },
-        "maxUtilization": {
-          "description": "Optional parameter to define a target capacity for the UTILIZATION balancing mode. The valid range is [0.0, 1.0]. For usage guidelines, see Utilization balancing mode.",
-          "format": "float",
-          "type": "number"
-        }
-      },
-      "type": "object"
-    },
-    "BackendBucket": {
-      "description": "Represents a Cloud Storage Bucket resource. This Cloud Storage bucket resource is referenced by a URL map of a load balancer. For more information, read Backend Buckets.",
-      "id": "BackendBucket",
-      "properties": {
-        "bucketName": {
-          "description": "Cloud Storage bucket name.",
+        "licenseCodes": {
+          "description": "Integer license codes indicating which licenses are attached to this disk.",
+          "items": {
+            "format": "int64",
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "licenses": {
+          "description": "A list of publicly visible licenses. Reserved for Google's use.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "locationHint": {
+          "description": "An opaque location hint used to place the disk close to other resources. This field is for use by internal tools that use the public API.",
           "type": "string"
         },
-        "cdnPolicy": {
-          "$ref": "BackendBucketCdnPolicy",
-          "description": "Cloud CDN configuration for this BackendBucket."
+        "locked": {
+          "description": "[Output Only] The field indicates if the disk is created from a locked source image. Attachment of a disk created from a locked source image will cause the following operations to become irreversibly prohibited: - R/W or R/O disk attachment to any other instance - Disk detachment. And the disk can only be deleted when the instance is deleted - Creation of images or snapshots - Disk cloning Furthermore, the instance with at least one disk with locked flag set to true will be prohibited from performing the operations below: - Further attachment of secondary disks. - Detachment of any disks - Create machine images - Create instance template - Delete the instance with --keep-disk parameter set to true for locked disks - Attach a locked disk with --auto-delete parameter set to false ",
+          "type": "boolean"
         },
-        "compressionMode": {
-          "description": "Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header.",
-          "enum": [
-            "AUTOMATIC",
-            "DISABLED"
-          ],
-          "enumDescriptions": [
-            "Automatically uses the best compression based on the Accept-Encoding header sent by the client.",
-            "Disables compression. Existing compressed responses cached by Cloud CDN will not be served to clients."
-          ],
+        "multiWriter": {
+          "description": "Indicates whether or not the disk can be read/write attached to more than one instance.",
+          "type": "boolean"
+        },
+        "name": {
+          "annotations": {
+            "required": [
+              "compute.disks.insert"
+            ]
+          },
+          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
         },
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+        "options": {
+          "description": "Internal use only.",
+          "type": "string"
+        },
+        "params": {
+          "$ref": "DiskParams",
+          "description": "Input only. [Input Only] Additional params passed with the request, but not persisted as part of resource payload."
+        },
+        "physicalBlockSizeBytes": {
+          "description": "Physical block size of the persistent disk, in bytes. If not present in a request, a default value is used. The currently supported size is 4096, other sizes may be added in the future. If an unsupported value is requested, the error message will list the supported values for the caller's project.",
+          "format": "int64",
+          "type": "string"
+        },
+        "provisionedIops": {
+          "description": "Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle. Values must be between 10,000 and 120,000. For more details, see the Extreme persistent disk documentation.",
+          "format": "int64",
+          "type": "string"
+        },
+        "provisionedThroughput": {
+          "description": "Indicates how much throughput to provision for the disk. This sets the number of throughput mb per second that the disk can handle. Values must be between 1 and 7,124.",
+          "format": "int64",
+          "type": "string"
+        },
+        "region": {
+          "description": "[Output Only] URL of the region where the disk resides. Only applicable for regional resources. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
           "type": "string"
         },
-        "customResponseHeaders": {
-          "description": "Headers that the HTTP/S load balancer should add to proxied responses.",
+        "replicaZones": {
+          "description": "URLs of the zones where the disk should be replicated to. Only applicable for regional resources.",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
-        "description": {
-          "description": "An optional textual description of the resource; provided by the client when the resource is created.",
+        "resourcePolicies": {
+          "description": "Resource policies applied to this disk for automatic snapshot creations.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "resourceStatus": {
+          "$ref": "DiskResourceStatus",
+          "description": "[Output Only] Status information for the disk resource."
+        },
+        "satisfiesPzs": {
+          "description": "[Output Only] Reserved for future use.",
+          "type": "boolean"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined fully-qualified URL for this resource.",
           "type": "string"
         },
-        "edgeSecurityPolicy": {
-          "description": "[Output Only] The resource URL for the edge security policy associated with this backend bucket.",
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource's resource id.",
           "type": "string"
         },
-        "enableCdn": {
-          "description": "If true, enable Cloud CDN for this BackendBucket.",
-          "type": "boolean"
+        "sizeGb": {
+          "description": "Size, in GB, of the persistent disk. You can specify this field when creating a persistent disk using the sourceImage, sourceSnapshot, or sourceDisk parameter, or specify it alone to create an empty persistent disk. If you specify this field along with a source, the value of sizeGb must not be less than the size of the source. Acceptable values are 1 to 65536, inclusive.",
+          "format": "int64",
+          "type": "string"
         },
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
-          "format": "uint64",
+        "sourceConsistencyGroupPolicy": {
+          "description": "[Output Only] URL of the DiskConsistencyGroupPolicy for a secondary disk that was created using a consistency group.",
           "type": "string"
         },
-        "kind": {
-          "default": "compute#backendBucket",
-          "description": "Type of the resource.",
+        "sourceConsistencyGroupPolicyId": {
+          "description": "[Output Only] ID of the DiskConsistencyGroupPolicy for a secondary disk that was created using a consistency group.",
           "type": "string"
         },
-        "name": {
-          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+        "sourceDisk": {
+          "description": "The source disk used to create this disk. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - https://www.googleapis.com/compute/v1/projects/project/regions/region /disks/disk - projects/project/zones/zone/disks/disk - projects/project/regions/region/disks/disk - zones/zone/disks/disk - regions/region/disks/disk ",
           "type": "string"
         },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
+        "sourceDiskId": {
+          "description": "[Output Only] The unique ID of the disk used to create this disk. This value identifies the exact disk that was used to create this persistent disk. For example, if you created the persistent disk from a disk that was later deleted and recreated under the same name, the source disk ID would identify the exact version of the disk that was used.",
           "type": "string"
         },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+        "sourceImage": {
+          "description": "The source image used to create this disk. If the source image is deleted, this field will not be set. To create a disk with one of the public operating system images, specify the image by its family name. For example, specify family/debian-9 to use the latest Debian 9 image: projects/debian-cloud/global/images/family/debian-9 Alternatively, use a specific version of a public operating system image: projects/debian-cloud/global/images/debian-9-stretch-vYYYYMMDD To create a disk with a custom image that you created, specify the image name in the following format: global/images/my-custom-image You can also specify a custom image by its image family, which returns the latest version of the image in that family. Replace the image name with family/family-name: global/images/family/my-image-family ",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "BackendBucketCdnPolicy": {
-      "description": "Message containing Cloud CDN configuration for a backend bucket.",
-      "id": "BackendBucketCdnPolicy",
-      "properties": {
-        "bypassCacheOnRequestHeaders": {
-          "description": "Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings.",
-          "items": {
-            "$ref": "BackendBucketCdnPolicyBypassCacheOnRequestHeader"
-          },
-          "type": "array"
         },
-        "cacheKeyPolicy": {
-          "$ref": "BackendBucketCdnPolicyCacheKeyPolicy",
-          "description": "The CacheKeyPolicy for this CdnPolicy."
+        "sourceImageEncryptionKey": {
+          "$ref": "CustomerEncryptionKey",
+          "description": "The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key."
         },
-        "cacheMode": {
-          "description": "Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any \"private\", \"no-store\" or \"no-cache\" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.",
-          "enum": [
-            "CACHE_ALL_STATIC",
-            "FORCE_CACHE_ALL",
-            "INVALID_CACHE_MODE",
-            "USE_ORIGIN_HEADERS"
-          ],
-          "enumDescriptions": [
-            "Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.",
-            "Cache all content, ignoring any \"private\", \"no-store\" or \"no-cache\" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content.",
-            "",
-            "Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server."
-          ],
+        "sourceImageId": {
+          "description": "[Output Only] The ID value of the image used to create this disk. This value identifies the exact image that was used to create this persistent disk. For example, if you created the persistent disk from an image that was later deleted and recreated under the same name, the source image ID would identify the exact version of the image that was used.",
           "type": "string"
         },
-        "clientTtl": {
-          "description": "Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a \"public\" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a \"public\" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).",
-          "format": "int32",
-          "type": "integer"
+        "sourceInstantSnapshot": {
+          "description": "The source instant snapshot used to create this disk. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /instantSnapshots/instantSnapshot - projects/project/zones/zone/instantSnapshots/instantSnapshot - zones/zone/instantSnapshots/instantSnapshot ",
+          "type": "string"
         },
-        "defaultTtl": {
-          "description": "Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of \"0\" means \"always revalidate\". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.",
-          "format": "int32",
-          "type": "integer"
+        "sourceInstantSnapshotId": {
+          "description": "[Output Only] The unique ID of the instant snapshot used to create this disk. This value identifies the exact instant snapshot that was used to create this persistent disk. For example, if you created the persistent disk from an instant snapshot that was later deleted and recreated under the same name, the source instant snapshot ID would identify the exact version of the instant snapshot that was used.",
+          "type": "string"
         },
-        "maxTtl": {
-          "description": "Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of \"0\" means \"always revalidate\". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.",
-          "format": "int32",
-          "type": "integer"
+        "sourceSnapshot": {
+          "description": "The source snapshot used to create this disk. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project /global/snapshots/snapshot - projects/project/global/snapshots/snapshot - global/snapshots/snapshot ",
+          "type": "string"
         },
-        "negativeCaching": {
-          "description": "Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.",
-          "type": "boolean"
+        "sourceSnapshotEncryptionKey": {
+          "$ref": "CustomerEncryptionKey",
+          "description": "The customer-supplied encryption key of the source snapshot. Required if the source snapshot is protected by a customer-supplied encryption key."
         },
-        "negativeCachingPolicy": {
-          "description": "Sets a cache TTL for the specified HTTP status code. negative_caching must be enabled to configure negative_caching_policy. Omitting the policy and leaving negative_caching enabled will use Cloud CDN's default cache TTLs. Note that when specifying an explicit negative_caching_policy, you should take care to specify a cache TTL for all response codes that you wish to cache. Cloud CDN will not apply any default negative caching when a policy exists.",
-          "items": {
-            "$ref": "BackendBucketCdnPolicyNegativeCachingPolicy"
-          },
-          "type": "array"
+        "sourceSnapshotId": {
+          "description": "[Output Only] The unique ID of the snapshot used to create this disk. This value identifies the exact snapshot that was used to create this persistent disk. For example, if you created the persistent disk from a snapshot that was later deleted and recreated under the same name, the source snapshot ID would identify the exact version of the snapshot that was used.",
+          "type": "string"
         },
-        "requestCoalescing": {
-          "description": "If true then Cloud CDN will combine multiple concurrent cache fill requests into a small number of requests to the origin.",
-          "type": "boolean"
+        "sourceStorageObject": {
+          "description": "The full Google Cloud Storage URI where the disk image is stored. This file must be a gzip-compressed tarball whose name ends in .tar.gz or virtual machine disk whose name ends in vmdk. Valid URIs may start with gs:// or https://storage.googleapis.com/. This flag is not optimized for creating multiple disks from a source storage object. To create many disks from a source storage object, use gcloud compute images import instead.",
+          "type": "string"
         },
-        "serveWhileStale": {
-          "description": "Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache. This setting defines the default \"max-stale\" duration for any cached responses that do not specify a max-stale directive. Stale responses that exceed the TTL configured here will not be served. The default limit (max-stale) is 86400s (1 day), which will allow stale content to be served up to this limit beyond the max-age (or s-max-age) of a cached response. The maximum allowed value is 604800 (1 week). Set this to zero (0) to disable serve-while-stale.",
-          "format": "int32",
-          "type": "integer"
+        "status": {
+          "description": "[Output Only] The status of disk creation. - CREATING: Disk is provisioning. - RESTORING: Source data is being copied into the disk. - FAILED: Disk creation failed. - READY: Disk is ready for use. - DELETING: Disk is deleting. ",
+          "enum": [
+            "CREATING",
+            "DELETING",
+            "FAILED",
+            "READY",
+            "RESTORING"
+          ],
+          "enumDescriptions": [
+            "Disk is provisioning",
+            "Disk is deleting.",
+            "Disk creation failed.",
+            "Disk is ready for use.",
+            "Source data is being copied into the disk."
+          ],
+          "type": "string"
         },
-        "signedUrlCacheMaxAgeSec": {
-          "description": "Maximum number of seconds the response to a signed URL request will be considered fresh. After this time period, the response will be revalidated before being served. Defaults to 1hr (3600s). When serving responses to signed URL requests, Cloud CDN will internally behave as though all responses from this backend had a \"Cache-Control: public, max-age=[TTL]\" header, regardless of any existing Cache-Control header. The actual headers served in responses will not be altered.",
-          "format": "int64",
+        "storagePool": {
+          "description": "The storage pool in which the new disk is created. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /storagePools/storagePool - projects/project/zones/zone/storagePools/storagePool - zones/zone/storagePools/storagePool ",
           "type": "string"
         },
-        "signedUrlKeyNames": {
-          "description": "[Output Only] Names of the keys for signing request URLs.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "BackendBucketCdnPolicyBypassCacheOnRequestHeader": {
-      "description": "Bypass the cache when the specified request headers are present, e.g. Pragma or Authorization headers. Values are case insensitive. The presence of such a header overrides the cache_mode setting.",
-      "id": "BackendBucketCdnPolicyBypassCacheOnRequestHeader",
-      "properties": {
-        "headerName": {
-          "description": "The header field name to match on when bypassing cache. Values are case-insensitive.",
+        "storageType": {
+          "description": "[Deprecated] Storage type of the persistent disk.",
+          "enum": [
+            "HDD",
+            "SSD"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "BackendBucketCdnPolicyCacheKeyPolicy": {
-      "description": "Message containing what to include in the cache key for a request for Cloud CDN.",
-      "id": "BackendBucketCdnPolicyCacheKeyPolicy",
-      "properties": {
-        "includeHttpHeaders": {
-          "description": "Allows HTTP request headers (by name) to be used in the cache key.",
+        },
+        "type": {
+          "description": "URL of the disk type resource describing which disk type to use to create the disk. Provide this when creating the disk. For example: projects/project /zones/zone/diskTypes/pd-ssd . See Persistent disk types.",
+          "type": "string"
+        },
+        "userLicenses": {
+          "description": "A list of publicly visible user-licenses. Unlike regular licenses, user provided licenses can be modified after the disk is created. This includes a list of URLs to the license resource. For example, to provide a debian license: https://www.googleapis.com/compute/v1/projects/debian-cloud/global/licenses/debian-9-stretch ",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
-        "queryStringWhitelist": {
-          "description": "Names of query string parameters to include in cache keys. Default parameters are always included. '\u0026' and '=' will be percent encoded and not treated as delimiters.",
+        "users": {
+          "description": "[Output Only] Links to the users of the disk (attached instances) in form: projects/project/zones/zone/instances/instance",
           "items": {
             "type": "string"
           },
           "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "BackendBucketCdnPolicyNegativeCachingPolicy": {
-      "description": "Specify CDN TTLs for response error codes.",
-      "id": "BackendBucketCdnPolicyNegativeCachingPolicy",
-      "properties": {
-        "code": {
-          "description": "The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 302, 307, 308, 404, 405, 410, 421, 451 and 501 are can be specified as values, and you cannot specify a status code more than once.",
-          "format": "int32",
-          "type": "integer"
         },
-        "ttl": {
-          "description": "The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.",
-          "format": "int32",
-          "type": "integer"
+        "zone": {
+          "description": "[Output Only] URL of the zone where the disk resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "BackendBucketList": {
-      "description": "Contains a list of BackendBucket resources.",
-      "id": "BackendBucketList",
+    "DiskAggregatedList": {
+      "id": "DiskAggregatedList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of BackendBucket resources.",
-          "items": {
-            "$ref": "BackendBucket"
+          "additionalProperties": {
+            "$ref": "DisksScopedList",
+            "description": "[Output Only] Name of the scope containing this set of disks."
           },
-          "type": "array"
+          "description": "A list of DisksScopedList resources.",
+          "type": "object"
         },
         "kind": {
-          "default": "compute#backendBucketList",
-          "description": "Type of resource.",
+          "default": "compute#diskAggregatedList",
+          "description": "[Output Only] Type of resource. Always compute#diskAggregatedList for aggregated lists of persistent disks.",
           "type": "string"
         },
         "nextPageToken": {
@@ -43180,6 +48621,13 @@
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -43196,6 +48644,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -43214,6 +48663,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -43225,6 +48704,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -43272,332 +48752,96 @@
       },
       "type": "object"
     },
-    "BackendService": {
-      "description": "Represents a Backend Service resource. A backend service defines how Google Cloud load balancers distribute traffic. The backend service configuration contains a set of values, such as the protocol used to connect to backends, various distribution and session settings, health checks, and timeouts. These settings provide fine-grained control over how your load balancer behaves. Most of the settings have default values that allow for easy configuration if you need to get started quickly. Backend services in Google Compute Engine can be either regionally or globally scoped. * [Global](https://cloud.google.com/compute/docs/reference/rest/alpha/backendServices) * [Regional](https://cloud.google.com/compute/docs/reference/rest/alpha/regionBackendServices) For more information, see Backend Services.",
-      "id": "BackendService",
+    "DiskAsyncReplication": {
+      "id": "DiskAsyncReplication",
       "properties": {
-        "affinityCookieTtlSec": {
-          "description": "Lifetime of cookies in seconds. This setting is applicable to external and internal HTTP(S) load balancers and Traffic Director and requires GENERATED_COOKIE or HTTP_COOKIE session affinity. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value is two weeks (1,209,600). Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "backends": {
-          "description": "The list of backends that serve this BackendService.",
-          "items": {
-            "$ref": "Backend"
-          },
-          "type": "array"
-        },
-        "cdnPolicy": {
-          "$ref": "BackendServiceCdnPolicy",
-          "description": "Cloud CDN configuration for this BackendService. Only available for specified load balancer types."
-        },
-        "circuitBreakers": {
-          "$ref": "CircuitBreakers"
-        },
-        "compressionMode": {
-          "description": "Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header.",
-          "enum": [
-            "AUTOMATIC",
-            "DISABLED"
-          ],
-          "enumDescriptions": [
-            "Automatically uses the best compression based on the Accept-Encoding header sent by the client.",
-            "Disables compression. Existing compressed responses cached by Cloud CDN will not be served to clients."
-          ],
-          "type": "string"
-        },
-        "connectionDraining": {
-          "$ref": "ConnectionDraining"
-        },
-        "connectionTrackingPolicy": {
-          "$ref": "BackendServiceConnectionTrackingPolicy",
-          "description": "Connection Tracking configuration for this BackendService. Connection tracking policy settings are only available for Network Load Balancing and Internal TCP/UDP Load Balancing."
-        },
-        "consistentHash": {
-          "$ref": "ConsistentHashLoadBalancerSettings",
-          "description": "Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field is only applicable when localityLbPolicy is set to MAGLEV or RING_HASH. This field is applicable to either: - A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED. - A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. "
-        },
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
-          "type": "string"
-        },
-        "customRequestHeaders": {
-          "description": "Headers that the load balancer adds to proxied requests. See [Creating custom headers](https://cloud.google.com/load-balancing/docs/custom-headers).",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "customResponseHeaders": {
-          "description": "Headers that the load balancer adds to proxied responses. See [Creating custom headers](https://cloud.google.com/load-balancing/docs/custom-headers).",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
-          "type": "string"
-        },
-        "edgeSecurityPolicy": {
-          "description": "[Output Only] The resource URL for the edge security policy associated with this backend service.",
-          "type": "string"
-        },
-        "enableCDN": {
-          "description": "If true, enables Cloud CDN for the backend service of an external HTTP(S) load balancer.",
-          "type": "boolean"
-        },
-        "failoverPolicy": {
-          "$ref": "BackendServiceFailoverPolicy",
-          "description": "Requires at least one backend instance group to be defined as a backup (failover) backend. For load balancers that have configurable failover: [Internal TCP/UDP Load Balancing](https://cloud.google.com/load-balancing/docs/internal/failover-overview) and [external TCP/UDP Load Balancing](https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview)."
-        },
-        "fingerprint": {
-          "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a BackendService. An up-to-date fingerprint must be provided in order to update the BackendService, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a BackendService.",
-          "format": "byte",
-          "type": "string"
-        },
-        "healthChecks": {
-          "description": "The list of URLs to the healthChecks, httpHealthChecks (legacy), or httpsHealthChecks (legacy) resource for health checking this backend service. Not all backend services support legacy health checks. See Load balancer guide. Currently, at most one health check can be specified for each backend service. Backend services with instance group or zonal NEG backends must have a health check. Backend services with internet or serverless NEG backends must not have a health check.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "iap": {
-          "$ref": "BackendServiceIAP",
-          "description": "The configurations for Identity-Aware Proxy on this resource. Not available for Internal TCP/UDP Load Balancing and Network Load Balancing."
-        },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "ipAddressSelectionPolicy": {
-          "description": "Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). The possible values are: - IPV4_ONLY: Only send IPv4 traffic to the backends of the Backend Service (Instance Group, Managed Instance Group, Network Endpoint Group) regardless of traffic from the client to the proxy. Only IPv4 health-checks are used to check the health of the backends. This is the default setting. - PREFER_IPV6: Prioritize the connection to the endpoints IPv6 address over its IPv4 address (provided there is a healthy IPv6 address). - IPV6_ONLY: Only send IPv6 traffic to the backends of the Backend Service (Instance Group, Managed Instance Group, Network Endpoint Group) regardless of traffic from the client to the proxy. Only IPv6 health-checks are used to check the health of the backends. This field is applicable to either: - Advanced Global External HTTPS Load Balancing (load balancing scheme EXTERNAL_MANAGED), - Regional External HTTPS Load Balancing, - Internal TCP Proxy (load balancing scheme INTERNAL_MANAGED), - Regional Internal HTTPS Load Balancing (load balancing scheme INTERNAL_MANAGED), - Traffic Director with Envoy proxies and proxyless gRPC (load balancing scheme INTERNAL_SELF_MANAGED). ",
-          "enum": [
-            "IPV4_ONLY",
-            "IPV6_ONLY",
-            "IP_ADDRESS_SELECTION_POLICY_UNSPECIFIED",
-            "PREFER_IPV6"
-          ],
-          "enumDescriptions": [
-            "Only send IPv4 traffic to the backends of the Backend Service (Instance Group, Managed Instance Group, Network Endpoint Group) regardless of traffic from the client to the proxy. Only IPv4 health-checks are used to check the health of the backends. This is the default setting.",
-            "Only send IPv6 traffic to the backends of the Backend Service (Instance Group, Managed Instance Group, Network Endpoint Group) regardless of traffic from the client to the proxy. Only IPv6 health-checks are used to check the health of the backends.",
-            "Unspecified IP address selection policy.",
-            "Prioritize the connection to the endpoints IPv6 address over its IPv4 address (provided there is a healthy IPv6 address)."
-          ],
-          "type": "string"
-        },
-        "kind": {
-          "default": "compute#backendService",
-          "description": "[Output Only] Type of resource. Always compute#backendService for backend services.",
-          "type": "string"
-        },
-        "loadBalancingScheme": {
-          "description": "Specifies the load balancer type. A backend service created for one type of load balancer cannot be used with another. For more information, refer to Choosing a load balancer.",
-          "enum": [
-            "EXTERNAL",
-            "EXTERNAL_MANAGED",
-            "INTERNAL",
-            "INTERNAL_MANAGED",
-            "INTERNAL_SELF_MANAGED",
-            "INVALID_LOAD_BALANCING_SCHEME"
-          ],
-          "enumDescriptions": [
-            "Signifies that this will be used for external HTTP(S), SSL Proxy, TCP Proxy, or Network Load Balancing",
-            "Signifies that this will be used for External Managed HTTP(S) Load Balancing.",
-            "Signifies that this will be used for Internal TCP/UDP Load Balancing.",
-            "Signifies that this will be used for Internal HTTP(S) Load Balancing.",
-            "Signifies that this will be used by Traffic Director.",
-            ""
-          ],
-          "type": "string"
-        },
-        "localityLbPolicies": {
-          "description": "A list of locality load-balancing policies to be used in order of preference. When you use localityLbPolicies, you must set at least one value for either the localityLbPolicies[].policy or the localityLbPolicies[].customPolicy field. localityLbPolicies overrides any value set in the localityLbPolicy field. For an example of how to use this field, see Define a list of preferred policies. Caution: This field and its children are intended for use in a service mesh that includes gRPC clients only. Envoy proxies can't use backend services that have this configuration.",
-          "items": {
-            "$ref": "BackendServiceLocalityLoadBalancingPolicyConfig"
-          },
-          "type": "array"
-        },
-        "localityLbPolicy": {
-          "description": "The load balancing algorithm used within the scope of the locality. The possible values are: - ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order. This is the default. - LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests. - RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests. - RANDOM: The load balancer selects a random healthy host. - ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer. - MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, see https://ai.google/research/pubs/pub44824 This field is applicable to either: - A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED. - A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. If sessionAffinity is not NONE, and this field is not set to MAGLEV or RING_HASH, session affinity settings will not take effect. Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.",
-          "enum": [
-            "INVALID_LB_POLICY",
-            "LEAST_REQUEST",
-            "MAGLEV",
-            "ORIGINAL_DESTINATION",
-            "RANDOM",
-            "RING_HASH",
-            "ROUND_ROBIN",
-            "WEIGHTED_MAGLEV"
-          ],
-          "enumDescriptions": [
-            "",
-            "An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.",
-            "This algorithm implements consistent hashing to backends. Maglev can be used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, see https://ai.google/research/pubs/pub44824",
-            "Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.",
-            "The load balancer selects a random healthy host.",
-            "The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.",
-            "This is a simple policy in which each healthy backend is selected in round robin order. This is the default.",
-            "Per-instance weighted Load Balancing via health check reported weights. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weighted based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight. This option is only supported in Network Load Balancing."
-          ],
-          "type": "string"
-        },
-        "logConfig": {
-          "$ref": "BackendServiceLogConfig",
-          "description": "This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver."
-        },
-        "maxStreamDuration": {
-          "$ref": "Duration",
-          "description": "Specifies the default maximum duration (timeout) for streams to this service. Duration is computed from the beginning of the stream until the response has been completely processed, including all retries. A stream that does not complete in this duration is closed. If not specified, there will be no timeout limit, i.e. the maximum duration is infinite. This value can be overridden in the PathMatcher configuration of the UrlMap that references this backend service. This field is only allowed when the loadBalancingScheme of the backend service is INTERNAL_SELF_MANAGED."
-        },
-        "name": {
-          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "network": {
-          "description": "The URL of the network to which this backend service belongs. This field can only be specified when the load balancing scheme is set to INTERNAL.",
-          "type": "string"
-        },
-        "outlierDetection": {
-          "$ref": "OutlierDetection",
-          "description": "Settings controlling the eviction of unhealthy hosts from the load balancing pool for the backend service. If not set, this feature is considered disabled. This field is applicable to either: - A regional backend service with the service_protocol set to HTTP, HTTPS, HTTP2, or GRPC, and load_balancing_scheme set to INTERNAL_MANAGED. - A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. "
-        },
-        "port": {
-          "description": "Deprecated in favor of portName. The TCP port to connect on the backend. The default value is 80. For Internal TCP/UDP Load Balancing and Network Load Balancing, omit port.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "portName": {
-          "description": "A named port on a backend instance group representing the port for communication to the backend VMs in that group. The named port must be [defined on each backend instance group](https://cloud.google.com/load-balancing/docs/backend-service#named_ports). This parameter has no meaning if the backends are NEGs. For Internal TCP/UDP Load Balancing and Network Load Balancing, omit port_name.",
-          "type": "string"
-        },
-        "protocol": {
-          "description": "The protocol this BackendService uses to communicate with backends. Possible values are HTTP, HTTPS, HTTP2, TCP, SSL, UDP or GRPC. depending on the chosen load balancer or Traffic Director configuration. Refer to the documentation for the load balancers or for Traffic Director for more information. Must be set to GRPC when the backend service is referenced by a URL map that is bound to target gRPC proxy.",
-          "enum": [
-            "ALL",
-            "GRPC",
-            "HTTP",
-            "HTTP2",
-            "HTTPS",
-            "SSL",
-            "TCP",
-            "UDP",
-            "UNSPECIFIED"
-          ],
-          "enumDescriptions": [
-            "ALL includes TCP, UDP, ICMP, ESP, AH and SCTP. Note that this should never be used together with target_xx_proxies.",
-            "gRPC (available for Traffic Director).",
-            "",
-            "HTTP/2 with SSL.",
-            "",
-            "TCP proxying with SSL.",
-            "TCP proxying or TCP pass-through.",
-            "UDP.",
-            "If a Backend Service has UNSPECIFIED as its protocol, it can be used with any L3/L4 Forwarding Rules."
-          ],
-          "type": "string"
-        },
-        "region": {
-          "description": "[Output Only] URL of the region where the regional backend service resides. This field is not applicable to global backend services. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
+        "consistencyGroupPolicy": {
+          "description": "[Output Only] URL of the DiskConsistencyGroupPolicy if replication was started on the disk as a member of a group.",
           "type": "string"
         },
-        "securityPolicy": {
-          "description": "[Output Only] The resource URL for the security policy associated with this backend service.",
+        "consistencyGroupPolicyId": {
+          "description": "[Output Only] ID of the DiskConsistencyGroupPolicy if replication was started on the disk as a member of a group.",
           "type": "string"
         },
-        "securitySettings": {
-          "$ref": "SecuritySettings",
-          "description": "This field specifies the security settings that apply to this backend service. This field is applicable to a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED."
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
+        "disk": {
+          "description": "The other disk asynchronously replicated to or from the current disk. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - projects/project/zones/zone/disks/disk - zones/zone/disks/disk ",
           "type": "string"
         },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+        "diskId": {
+          "description": "[Output Only] The unique ID of the other disk asynchronously replicated to or from the current disk. This value identifies the exact disk that was used to create this replication. For example, if you started replicating the persistent disk from a disk that was later deleted and recreated under the same name, the disk ID would identify the exact version of the disk that was used.",
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DiskAsyncReplicationList": {
+      "id": "DiskAsyncReplicationList",
+      "properties": {
+        "asyncReplicationDisk": {
+          "$ref": "DiskAsyncReplication"
+        }
+      },
+      "type": "object"
+    },
+    "DiskInstantiationConfig": {
+      "description": "A specification of the desired way to instantiate a disk in the instance template when its created from a source instance.",
+      "id": "DiskInstantiationConfig",
+      "properties": {
+        "autoDelete": {
+          "description": "Specifies whether the disk will be auto-deleted when the instance is deleted (but not when the disk is detached from the instance).",
+          "type": "boolean"
         },
-        "serviceBindings": {
-          "description": "URLs of networkservices.ServiceBinding resources. Can only be set if load balancing scheme is INTERNAL_SELF_MANAGED. If set, lists of backends and health checks must be both empty.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "serviceLbPolicy": {
-          "description": "URL to networkservices.ServiceLbPolicy resource. Can only be set if load balancing scheme is EXTERNAL, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED. If used with a backend service, must reference a global policy. If used with a regional backend service, must reference a regional policy.",
+        "customImage": {
+          "description": "The custom source image to be used to restore this disk when instantiating this instance template.",
           "type": "string"
         },
-        "sessionAffinity": {
-          "description": "Type of session affinity to use. The default is NONE. Only NONE and HEADER_FIELD are supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true. For more details, see: [Session Affinity](https://cloud.google.com/load-balancing/docs/backend-service#session_affinity).",
-          "enum": [
-            "CLIENT_IP",
-            "CLIENT_IP_NO_DESTINATION",
-            "CLIENT_IP_PORT_PROTO",
-            "CLIENT_IP_PROTO",
-            "GENERATED_COOKIE",
-            "HEADER_FIELD",
-            "HTTP_COOKIE",
-            "NONE"
-          ],
-          "enumDescriptions": [
-            "2-tuple hash on packet's source and destination IP addresses. Connections from the same source IP address to the same destination IP address will be served by the same backend VM while that VM remains healthy.",
-            "1-tuple hash only on packet's source IP address. Connections from the same source IP address will be served by the same backend VM while that VM remains healthy. This option can only be used for Internal TCP/UDP Load Balancing.",
-            "5-tuple hash on packet's source and destination IP addresses, IP protocol, and source and destination ports. Connections for the same IP protocol from the same source IP address and port to the same destination IP address and port will be served by the same backend VM while that VM remains healthy. This option cannot be used for HTTP(S) load balancing.",
-            "3-tuple hash on packet's source and destination IP addresses, and IP protocol. Connections for the same IP protocol from the same source IP address to the same destination IP address will be served by the same backend VM while that VM remains healthy. This option cannot be used for HTTP(S) load balancing.",
-            "Hash based on a cookie generated by the L7 loadbalancer. Only valid for HTTP(S) load balancing.",
-            "The hash is based on a user specified header field.",
-            "The hash is based on a user provided cookie.",
-            "No session affinity. Connections from the same client IP may go to any instance in the pool."
-          ],
+        "deviceName": {
+          "description": "Specifies the device name of the disk to which the configurations apply to.",
           "type": "string"
         },
-        "subsetting": {
-          "$ref": "Subsetting"
-        },
-        "timeoutSec": {
-          "description": "The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings. The default is 30 seconds. The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds. This value can be overridden in the PathMatcher configuration of the UrlMap that references this backend service. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true. Instead, use maxStreamDuration.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "vpcNetworkScope": {
-          "description": "The network scope of the backends that can be added to the backend service. This field can be either GLOBAL_VPC_NETWORK or REGIONAL_VPC_NETWORK. A backend service with the VPC scope set to GLOBAL_VPC_NETWORK is only allowed to have backends in global VPC networks. When the VPC scope is set to REGIONAL_VPC_NETWORK the backend service is only allowed to have backends in regional networks in the same scope as the backend service. Note: if not specified then GLOBAL_VPC_NETWORK will be used.",
+        "instantiateFrom": {
+          "description": "Specifies whether to include the disk and what image to use. Possible values are: - source-image: to use the same image that was used to create the source instance's corresponding disk. Applicable to the boot disk and additional read-write disks. - source-image-family: to use the same image family that was used to create the source instance's corresponding disk. Applicable to the boot disk and additional read-write disks. - custom-image: to use a user-provided image url for disk creation. Applicable to the boot disk and additional read-write disks. - attach-read-only: to attach a read-only disk. Applicable to read-only disks. - do-not-include: to exclude a disk from the template. Applicable to additional read-write disks, local SSDs, and read-only disks. ",
           "enum": [
-            "GLOBAL_VPC_NETWORK",
-            "REGIONAL_VPC_NETWORK"
+            "ATTACH_READ_ONLY",
+            "BLANK",
+            "CUSTOM_IMAGE",
+            "DEFAULT",
+            "DO_NOT_INCLUDE",
+            "SOURCE_IMAGE",
+            "SOURCE_IMAGE_FAMILY"
           ],
           "enumDescriptions": [
-            "The backend service can only have backends in global VPCs",
-            "The backend service can only have backends in regional VPCs"
+            "Attach the existing disk in read-only mode. The request will fail if the disk was attached in read-write mode on the source instance. Applicable to: read-only disks.",
+            "Create a blank disk. The disk will be created unformatted. Applicable to: additional read-write disks, local SSDs.",
+            "Use the custom image specified in the custom_image field. Applicable to: boot disk, additional read-write disks.",
+            "Use the default instantiation option for the corresponding type of disk. For boot disk and any other R/W disks, new custom images will be created from each disk. For read-only disks, they will be attached in read-only mode. Local SSD disks will be created as blank volumes.",
+            "Do not include the disk in the instance template. Applicable to: additional read-write disks, local SSDs, read-only disks.",
+            "Use the same source image used for creation of the source instance's corresponding disk. The request will fail if the source VM's disk was created from a snapshot. Applicable to: boot disk, additional read-write disks.",
+            "Use the same source image family used for creation of the source instance's corresponding disk. The request will fail if the source image of the source disk does not belong to any image family. Applicable to: boot disk, additional read-write disks."
           ],
           "type": "string"
         }
       },
       "type": "object"
     },
-    "BackendServiceAggregatedList": {
-      "description": "Contains a list of BackendServicesScopedList.",
-      "id": "BackendServiceAggregatedList",
+    "DiskList": {
+      "description": "A list of Disk resources.",
+      "id": "DiskList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "additionalProperties": {
-            "$ref": "BackendServicesScopedList",
-            "description": "Name of the scope containing this set of BackendServices."
+          "description": "A list of Disk resources.",
+          "items": {
+            "$ref": "Disk"
           },
-          "description": "A list of BackendServicesScopedList resources.",
-          "type": "object"
+          "type": "array"
         },
         "kind": {
-          "default": "compute#backendServiceAggregatedList",
-          "description": "Type of resource.",
+          "default": "compute#diskList",
+          "description": "[Output Only] Type of resource. Always compute#diskList for lists of disks.",
           "type": "string"
         },
         "nextPageToken": {
@@ -43608,13 +48852,6 @@
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
-        "unreachables": {
-          "description": "[Output Only] Unreachable resources.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -43631,6 +48868,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -43649,6 +48887,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -43660,6 +48928,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -43707,267 +48976,188 @@
       },
       "type": "object"
     },
-    "BackendServiceCdnPolicy": {
-      "description": "Message containing Cloud CDN configuration for a backend service.",
-      "id": "BackendServiceCdnPolicy",
+    "DiskMoveRequest": {
+      "id": "DiskMoveRequest",
       "properties": {
-        "bypassCacheOnRequestHeaders": {
-          "description": "Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings.",
-          "items": {
-            "$ref": "BackendServiceCdnPolicyBypassCacheOnRequestHeader"
-          },
-          "type": "array"
-        },
-        "cacheKeyPolicy": {
-          "$ref": "CacheKeyPolicy",
-          "description": "The CacheKeyPolicy for this CdnPolicy."
-        },
-        "cacheMode": {
-          "description": "Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any \"private\", \"no-store\" or \"no-cache\" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.",
-          "enum": [
-            "CACHE_ALL_STATIC",
-            "FORCE_CACHE_ALL",
-            "INVALID_CACHE_MODE",
-            "USE_ORIGIN_HEADERS"
-          ],
-          "enumDescriptions": [
-            "Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.",
-            "Cache all content, ignoring any \"private\", \"no-store\" or \"no-cache\" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content.",
-            "",
-            "Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server."
-          ],
+        "destinationZone": {
+          "description": "The URL of the destination zone to move the disk. This can be a full or partial URL. For example, the following are all valid URLs to a zone: - https://www.googleapis.com/compute/v1/projects/project/zones/zone - projects/project/zones/zone - zones/zone ",
           "type": "string"
         },
-        "clientTtl": {
-          "description": "Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a \"public\" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a \"public\" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).",
-          "format": "int32",
-          "type": "integer"
-        },
-        "defaultTtl": {
-          "description": "Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of \"0\" means \"always revalidate\". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "maxTtl": {
-          "description": "Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of \"0\" means \"always revalidate\". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "negativeCaching": {
-          "description": "Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.",
-          "type": "boolean"
-        },
-        "negativeCachingPolicy": {
-          "description": "Sets a cache TTL for the specified HTTP status code. negative_caching must be enabled to configure negative_caching_policy. Omitting the policy and leaving negative_caching enabled will use Cloud CDN's default cache TTLs. Note that when specifying an explicit negative_caching_policy, you should take care to specify a cache TTL for all response codes that you wish to cache. Cloud CDN will not apply any default negative caching when a policy exists.",
-          "items": {
-            "$ref": "BackendServiceCdnPolicyNegativeCachingPolicy"
-          },
-          "type": "array"
-        },
-        "requestCoalescing": {
-          "description": "If true then Cloud CDN will combine multiple concurrent cache fill requests into a small number of requests to the origin.",
-          "type": "boolean"
-        },
-        "serveWhileStale": {
-          "description": "Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache. This setting defines the default \"max-stale\" duration for any cached responses that do not specify a max-stale directive. Stale responses that exceed the TTL configured here will not be served. The default limit (max-stale) is 86400s (1 day), which will allow stale content to be served up to this limit beyond the max-age (or s-max-age) of a cached response. The maximum allowed value is 604800 (1 week). Set this to zero (0) to disable serve-while-stale.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "signedUrlCacheMaxAgeSec": {
-          "description": "Maximum number of seconds the response to a signed URL request will be considered fresh. After this time period, the response will be revalidated before being served. Defaults to 1hr (3600s). When serving responses to signed URL requests, Cloud CDN will internally behave as though all responses from this backend had a \"Cache-Control: public, max-age=[TTL]\" header, regardless of any existing Cache-Control header. The actual headers served in responses will not be altered.",
-          "format": "int64",
+        "targetDisk": {
+          "description": "The URL of the target disk to move. This can be a full or partial URL. For example, the following are all valid URLs to a disk: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - projects/project/zones/zone/disks/disk - zones/zone/disks/disk ",
           "type": "string"
-        },
-        "signedUrlKeyNames": {
-          "description": "[Output Only] Names of the keys for signing request URLs.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
         }
       },
       "type": "object"
     },
-    "BackendServiceCdnPolicyBypassCacheOnRequestHeader": {
-      "description": "Bypass the cache when the specified request headers are present, e.g. Pragma or Authorization headers. Values are case insensitive. The presence of such a header overrides the cache_mode setting.",
-      "id": "BackendServiceCdnPolicyBypassCacheOnRequestHeader",
+    "DiskParams": {
+      "description": "Additional disk params.",
+      "id": "DiskParams",
       "properties": {
-        "headerName": {
-          "description": "The header field name to match on when bypassing cache. Values are case-insensitive.",
-          "type": "string"
+        "resourceManagerTags": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Resource manager tags to be bound to the disk. Tag keys and values have the same definition as resource manager tags. Keys must be in the format `tagKeys/{tag_key_id}`, and values are in the format `tagValues/456`. The field is ignored (both PUT \u0026 PATCH) when empty.",
+          "type": "object"
         }
       },
       "type": "object"
     },
-    "BackendServiceCdnPolicyNegativeCachingPolicy": {
-      "description": "Specify CDN TTLs for response error codes.",
-      "id": "BackendServiceCdnPolicyNegativeCachingPolicy",
+    "DiskResourceStatus": {
+      "id": "DiskResourceStatus",
       "properties": {
-        "code": {
-          "description": "The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 302, 307, 308, 404, 405, 410, 421, 451 and 501 are can be specified as values, and you cannot specify a status code more than once.",
-          "format": "int32",
-          "type": "integer"
+        "asyncPrimaryDisk": {
+          "$ref": "DiskResourceStatusAsyncReplicationStatus"
         },
-        "ttl": {
-          "description": "The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.",
-          "format": "int32",
-          "type": "integer"
+        "asyncSecondaryDisks": {
+          "additionalProperties": {
+            "$ref": "DiskResourceStatusAsyncReplicationStatus"
+          },
+          "description": "Key: disk, value: AsyncReplicationStatus message",
+          "type": "object"
+        },
+        "usedBytes": {
+          "description": "[Output Only] Space used by data stored in the disk (in bytes). Note that this field is set only when the disk is in a storage pool.",
+          "format": "int64",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "BackendServiceConnectionTrackingPolicy": {
-      "description": "Connection Tracking configuration for this BackendService.",
-      "id": "BackendServiceConnectionTrackingPolicy",
+    "DiskResourceStatusAsyncReplicationStatus": {
+      "id": "DiskResourceStatusAsyncReplicationStatus",
       "properties": {
-        "connectionPersistenceOnUnhealthyBackends": {
-          "description": "Specifies connection persistence when backends are unhealthy. The default value is DEFAULT_FOR_PROTOCOL. If set to DEFAULT_FOR_PROTOCOL, the existing connections persist on unhealthy backends only for connection-oriented protocols (TCP and SCTP) and only if the Tracking Mode is PER_CONNECTION (default tracking mode) or the Session Affinity is configured for 5-tuple. They do not persist for UDP. If set to NEVER_PERSIST, after a backend becomes unhealthy, the existing connections on the unhealthy backend are never persisted on the unhealthy backend. They are always diverted to newly selected healthy backends (unless all backends are unhealthy). If set to ALWAYS_PERSIST, existing connections always persist on unhealthy backends regardless of protocol and session affinity. It is generally not recommended to use this mode overriding the default. For more details, see [Connection Persistence for Network Load Balancing](https://cloud.google.com/load-balancing/docs/network/networklb-backend-service#connection-persistence) and [Connection Persistence for Internal TCP/UDP Load Balancing](https://cloud.google.com/load-balancing/docs/internal#connection-persistence).",
-          "enum": [
-            "ALWAYS_PERSIST",
-            "DEFAULT_FOR_PROTOCOL",
-            "NEVER_PERSIST"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "enableStrongAffinity": {
-          "description": "Enable Strong Session Affinity for Network Load Balancing. This option is not available publicly.",
-          "type": "boolean"
-        },
-        "idleTimeoutSec": {
-          "description": "Specifies how long to keep a Connection Tracking entry while there is no matching traffic (in seconds). For Internal TCP/UDP Load Balancing: - The minimum (default) is 10 minutes and the maximum is 16 hours. - It can be set only if Connection Tracking is less than 5-tuple (i.e. Session Affinity is CLIENT_IP_NO_DESTINATION, CLIENT_IP or CLIENT_IP_PROTO, and Tracking Mode is PER_SESSION). For Network Load Balancer the default is 60 seconds. This option is not available publicly.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "trackingMode": {
-          "description": "Specifies the key used for connection tracking. There are two options: - PER_CONNECTION: This is the default mode. The Connection Tracking is performed as per the Connection Key (default Hash Method) for the specific protocol. - PER_SESSION: The Connection Tracking is performed as per the configured Session Affinity. It matches the configured Session Affinity. For more details, see [Tracking Mode for Network Load Balancing](https://cloud.google.com/load-balancing/docs/network/networklb-backend-service#tracking-mode) and [Tracking Mode for Internal TCP/UDP Load Balancing](https://cloud.google.com/load-balancing/docs/internal#tracking-mode).",
+        "state": {
           "enum": [
-            "INVALID_TRACKING_MODE",
-            "PER_CONNECTION",
-            "PER_SESSION"
+            "ACTIVE",
+            "CREATED",
+            "STARTING",
+            "STATE_UNSPECIFIED",
+            "STOPPED",
+            "STOPPING"
           ],
           "enumDescriptions": [
+            "Replication is active.",
+            "Secondary disk is created and is waiting for replication to start.",
+            "Replication is starting.",
             "",
-            "",
-            ""
+            "Replication is stopped.",
+            "Replication is stopping."
           ],
           "type": "string"
         }
       },
       "type": "object"
     },
-    "BackendServiceFailoverPolicy": {
-      "description": "For load balancers that have configurable failover: [Internal TCP/UDP Load Balancing](https://cloud.google.com/load-balancing/docs/internal/failover-overview) and [external TCP/UDP Load Balancing](https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview). On failover or failback, this field indicates whether connection draining will be honored. Google Cloud has a fixed connection draining timeout of 10 minutes. A setting of true terminates existing TCP connections to the active pool during failover and failback, immediately draining traffic. A setting of false allows existing TCP connections to persist, even on VMs no longer in the active pool, for up to the duration of the connection draining timeout (10 minutes).",
-      "id": "BackendServiceFailoverPolicy",
+    "DiskSettings": {
+      "id": "DiskSettings",
       "properties": {
-        "disableConnectionDrainOnFailover": {
-          "description": "This can be set to true only if the protocol is TCP. The default is false.",
-          "type": "boolean"
-        },
-        "dropTrafficIfUnhealthy": {
-          "description": "If set to true, connections to the load balancer are dropped when all primary and all backup backend VMs are unhealthy.If set to false, connections are distributed among all primary VMs when all primary and all backup backend VMs are unhealthy. For load balancers that have configurable failover: [Internal TCP/UDP Load Balancing](https://cloud.google.com/load-balancing/docs/internal/failover-overview) and [external TCP/UDP Load Balancing](https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview). The default is false.",
-          "type": "boolean"
-        },
-        "failoverRatio": {
-          "description": "The value of the field must be in the range [0, 1]. If the value is 0, the load balancer performs a failover when the number of healthy primary VMs equals zero. For all other values, the load balancer performs a failover when the total number of healthy primary VMs is less than this ratio. For load balancers that have configurable failover: [Internal TCP/UDP Load Balancing](https://cloud.google.com/load-balancing/docs/internal/failover-overview) and [external TCP/UDP Load Balancing](https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview).",
-          "format": "float",
-          "type": "number"
+        "defaultResourcePolicies": {
+          "additionalProperties": {
+            "$ref": "DiskSettingsResourcePolicyDetails"
+          },
+          "description": "An optional parameter for storing the default resource policies that will be used for the Disks created in the given scope. The Key is a string type, provided by customers to uniquely identify the default Resource Policy entry. The Value is a Default ResourcePolicyDetails Object used to represent the detailed information of the Resource Policy entry.",
+          "type": "object"
         }
       },
       "type": "object"
     },
-    "BackendServiceGroupHealth": {
-      "id": "BackendServiceGroupHealth",
+    "DiskSettingsResourcePolicyDetails": {
+      "description": "This is the object for storing the detail information about the Resource Policy that will be set as default ones for the Disks that is using the DiskSettings. It contains: - one target Resource Policy referenced by its Fully-Qualified URL, - [output only] Disk Types that will be excluded from using this Resource Policy, - Other filtering support (e.g. Label filtering) for Default Resource Policy can be added here as well",
+      "id": "DiskSettingsResourcePolicyDetails",
       "properties": {
-        "annotations": {
-          "additionalProperties": {
-            "type": "string"
-          },
-          "description": "Metadata defined as annotations on the network endpoint group.",
-          "type": "object"
-        },
-        "healthStatus": {
-          "description": "Health state of the backend instances or endpoints in requested instance or network endpoint group, determined based on configured health checks.",
+        "excludedDiskTypes": {
+          "description": "[Output Only] A list of Disk Types that will be excluded from applying the Resource Policy referenced here. If absent, Disks created in any DiskType can use the referenced default Resource Policy.",
           "items": {
-            "$ref": "HealthStatus"
+            "type": "string"
           },
           "type": "array"
         },
-        "kind": {
-          "default": "compute#backendServiceGroupHealth",
-          "description": "[Output Only] Type of resource. Always compute#backendServiceGroupHealth for the health of backend services.",
+        "resourcePolicy": {
+          "description": "The target Resource Policies identified by their Fully-Qualified URL.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "BackendServiceIAP": {
-      "description": "Identity-Aware Proxy",
-      "id": "BackendServiceIAP",
+    "DiskType": {
+      "description": "Represents a Disk Type resource. Google Compute Engine has two Disk Type resources: * [Regional](/compute/docs/reference/rest/alpha/regionDiskTypes) * [Zonal](/compute/docs/reference/rest/alpha/diskTypes) You can choose from a variety of disk types based on your needs. For more information, read Storage options. The diskTypes resource represents disk types for a zonal persistent disk. For more information, read Zonal persistent disks. The regionDiskTypes resource represents disk types for a regional persistent disk. For more information, read Regional persistent disks.",
+      "id": "DiskType",
       "properties": {
-        "enabled": {
-          "description": "Whether the serving infrastructure will authenticate and authorize all incoming requests. If true, the oauth2ClientId and oauth2ClientSecret fields must be non-empty.",
-          "type": "boolean"
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
         },
-        "oauth2ClientId": {
-          "description": "OAuth2 client ID to use for the authentication flow.",
+        "defaultDiskSizeGb": {
+          "description": "[Output Only] Server-defined default disk size in GB.",
+          "format": "int64",
           "type": "string"
         },
-        "oauth2ClientInfo": {
-          "$ref": "BackendServiceIAPOAuth2ClientInfo",
-          "description": "[Input Only] OAuth client info required to generate client id to be used for IAP."
+        "deprecated": {
+          "$ref": "DeprecationStatus",
+          "description": "[Output Only] The deprecation status associated with this disk type."
         },
-        "oauth2ClientSecret": {
-          "description": "OAuth2 client secret to use for the authentication flow. For security reasons, this value cannot be retrieved via the API. Instead, the SHA-256 hash of the value is returned in the oauth2ClientSecretSha256 field. @InputOnly",
+        "description": {
+          "description": "[Output Only] An optional description of this resource.",
           "type": "string"
         },
-        "oauth2ClientSecretSha256": {
-          "description": "[Output Only] SHA256 hash value for the field oauth2_client_secret above.",
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "BackendServiceIAPOAuth2ClientInfo": {
-      "id": "BackendServiceIAPOAuth2ClientInfo",
-      "properties": {
-        "applicationName": {
-          "description": "Application name to be used in OAuth consent screen.",
+        },
+        "kind": {
+          "default": "compute#diskType",
+          "description": "[Output Only] Type of the resource. Always compute#diskType for disk types.",
           "type": "string"
         },
-        "clientName": {
-          "description": "Name of the client to be generated. Optional - If not provided, the name will be autogenerated by the backend.",
+        "name": {
+          "description": "[Output Only] Name of the resource.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
         },
-        "developerEmailAddress": {
-          "description": "Developer's information to be used in OAuth consent screen.",
+        "region": {
+          "description": "[Output Only] URL of the region where the disk type resides. Only applicable for regional resources. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
+          "type": "string"
+        },
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "type": "string"
+        },
+        "validDiskSize": {
+          "description": "[Output Only] An optional textual description of the valid disk size, such as \"10GB-10TB\".",
+          "type": "string"
+        },
+        "zone": {
+          "description": "[Output Only] URL of the zone where the disk type resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "BackendServiceList": {
-      "description": "Contains a list of BackendService resources.",
-      "id": "BackendServiceList",
+    "DiskTypeAggregatedList": {
+      "id": "DiskTypeAggregatedList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of BackendService resources.",
-          "items": {
-            "$ref": "BackendService"
+          "additionalProperties": {
+            "$ref": "DiskTypesScopedList",
+            "description": "[Output Only] Name of the scope containing this set of disk types."
           },
-          "type": "array"
+          "description": "A list of DiskTypesScopedList resources.",
+          "type": "object"
         },
         "kind": {
-          "default": "compute#backendServiceList",
-          "description": "[Output Only] Type of resource. Always compute#backendServiceList for lists of backend services.",
+          "default": "compute#diskTypeAggregatedList",
+          "description": "[Output Only] Type of resource. Always compute#diskTypeAggregatedList.",
           "type": "string"
         },
         "nextPageToken": {
@@ -43978,6 +49168,13 @@
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -43994,6 +49191,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -44012,6 +49210,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -44023,6 +49251,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -44059,152 +49288,47 @@
                 "type": "object"
               },
               "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "BackendServiceLocalityLoadBalancingPolicyConfig": {
-      "description": "Container for either a built-in LB policy supported by gRPC or Envoy or a custom one implemented by the end user.",
-      "id": "BackendServiceLocalityLoadBalancingPolicyConfig",
-      "properties": {
-        "customPolicy": {
-          "$ref": "BackendServiceLocalityLoadBalancingPolicyConfigCustomPolicy"
-        },
-        "policy": {
-          "$ref": "BackendServiceLocalityLoadBalancingPolicyConfigPolicy"
-        }
-      },
-      "type": "object"
-    },
-    "BackendServiceLocalityLoadBalancingPolicyConfigCustomPolicy": {
-      "description": "The configuration for a custom policy implemented by the user and deployed with the client.",
-      "id": "BackendServiceLocalityLoadBalancingPolicyConfigCustomPolicy",
-      "properties": {
-        "data": {
-          "description": "An optional, arbitrary JSON object with configuration data, understood by a locally installed custom policy implementation.",
-          "type": "string"
-        },
-        "name": {
-          "description": "Identifies the custom policy. The value should match the name of a custom implementation registered on the gRPC clients. It should follow protocol buffer message naming conventions and include the full path (for example, myorg.CustomLbPolicy). The maximum length is 256 characters. Do not specify the same custom policy more than once for a backend. If you do, the configuration is rejected. For an example of how to use this field, see Use a custom policy.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "BackendServiceLocalityLoadBalancingPolicyConfigPolicy": {
-      "description": "The configuration for a built-in load balancing policy.",
-      "id": "BackendServiceLocalityLoadBalancingPolicyConfigPolicy",
-      "properties": {
-        "name": {
-          "description": "The name of a locality load-balancing policy. Valid values include ROUND_ROBIN and, for Java clients, LEAST_REQUEST. For information about these values, see the description of localityLbPolicy. Do not specify the same policy more than once for a backend. If you do, the configuration is rejected.",
-          "enum": [
-            "INVALID_LB_POLICY",
-            "LEAST_REQUEST",
-            "MAGLEV",
-            "ORIGINAL_DESTINATION",
-            "RANDOM",
-            "RING_HASH",
-            "ROUND_ROBIN",
-            "WEIGHTED_MAGLEV"
-          ],
-          "enumDescriptions": [
-            "",
-            "An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.",
-            "This algorithm implements consistent hashing to backends. Maglev can be used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, see https://ai.google/research/pubs/pub44824",
-            "Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.",
-            "The load balancer selects a random healthy host.",
-            "The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.",
-            "This is a simple policy in which each healthy backend is selected in round robin order. This is the default.",
-            "Per-instance weighted Load Balancing via health check reported weights. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weighted based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight. This option is only supported in Network Load Balancing."
-          ],
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "BackendServiceLogConfig": {
-      "description": "The available logging options for the load balancer traffic served by this backend service.",
-      "id": "BackendServiceLogConfig",
-      "properties": {
-        "enable": {
-          "description": "Denotes whether to enable logging for the load balancer traffic served by this backend service. The default value is false.",
-          "type": "boolean"
-        },
-        "optional": {
-          "description": "Deprecated in favor of optionalMode. This field can only be specified if logging is enabled for this backend service. Configures whether all, none or a subset of optional fields should be added to the reported logs. One of [INCLUDE_ALL_OPTIONAL, EXCLUDE_ALL_OPTIONAL, CUSTOM]. Default is EXCLUDE_ALL_OPTIONAL.",
-          "enum": [
-            "CUSTOM",
-            "EXCLUDE_ALL_OPTIONAL",
-            "INCLUDE_ALL_OPTIONAL",
-            "UNSPECIFIED_OPTIONAL_MODE"
-          ],
-          "enumDescriptions": [
-            "A subset of optional fields.",
-            "None optional fields.",
-            "All optional fields.",
-            ""
-          ],
-          "type": "string"
-        },
-        "optionalFields": {
-          "description": "This field can only be specified if logging is enabled for this backend service and \"logConfig.optionalMode\" was set to CUSTOM. Contains a list of optional fields you want to include in the logs. For example: serverInstance, serverGkeDetails.cluster, serverGkeDetails.pod.podNamespace",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "optionalMode": {
-          "description": "This field can only be specified if logging is enabled for this backend service. Configures whether all, none or a subset of optional fields should be added to the reported logs. One of [INCLUDE_ALL_OPTIONAL, EXCLUDE_ALL_OPTIONAL, CUSTOM]. Default is EXCLUDE_ALL_OPTIONAL.",
-          "enum": [
-            "CUSTOM",
-            "EXCLUDE_ALL_OPTIONAL",
-            "INCLUDE_ALL_OPTIONAL",
-            "UNSPECIFIED_OPTIONAL_MODE"
-          ],
-          "enumDescriptions": [
-            "A subset of optional fields.",
-            "None optional fields.",
-            "All optional fields.",
-            ""
-          ],
-          "type": "string"
-        },
-        "sampleRate": {
-          "description": "This field can only be specified if logging is enabled for this backend service. The value of the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0.",
-          "format": "float",
-          "type": "number"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
         }
       },
       "type": "object"
     },
-    "BackendServiceReference": {
-      "id": "BackendServiceReference",
+    "DiskTypeList": {
+      "description": "Contains a list of disk types.",
+      "id": "DiskTypeList",
       "properties": {
-        "backendService": {
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "BackendServicesScopedList": {
-      "id": "BackendServicesScopedList",
-      "properties": {
-        "backendServices": {
-          "description": "A list of BackendServices contained in this scope.",
+        },
+        "items": {
+          "description": "A list of DiskType resources.",
           "items": {
-            "$ref": "BackendService"
+            "$ref": "DiskType"
           },
           "type": "array"
         },
+        "kind": {
+          "default": "compute#diskTypeList",
+          "description": "[Output Only] Type of resource. Always compute#diskTypeList for disk types.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
         "warning": {
-          "description": "Informational warning which replaces the list of backend services when the list is empty.",
+          "description": "[Output Only] Informational warning message.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -44219,6 +49343,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -44237,6 +49362,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -44248,6 +49403,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -44277,570 +49433,176 @@
                     "type": "string"
                   },
                   "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "BfdPacket": {
-      "id": "BfdPacket",
-      "properties": {
-        "authenticationPresent": {
-          "description": "The Authentication Present bit of the BFD packet. This is specified in section 4.1 of RFC5880",
-          "type": "boolean"
-        },
-        "controlPlaneIndependent": {
-          "description": "The Control Plane Independent bit of the BFD packet. This is specified in section 4.1 of RFC5880",
-          "type": "boolean"
-        },
-        "demand": {
-          "description": "The demand bit of the BFD packet. This is specified in section 4.1 of RFC5880",
-          "type": "boolean"
-        },
-        "diagnostic": {
-          "description": "The diagnostic code specifies the local system's reason for the last change in session state. This allows remote systems to determine the reason that the previous session failed, for example. These diagnostic codes are specified in section 4.1 of RFC5880",
-          "enum": [
-            "ADMINISTRATIVELY_DOWN",
-            "CONCATENATED_PATH_DOWN",
-            "CONTROL_DETECTION_TIME_EXPIRED",
-            "DIAGNOSTIC_UNSPECIFIED",
-            "ECHO_FUNCTION_FAILED",
-            "FORWARDING_PLANE_RESET",
-            "NEIGHBOR_SIGNALED_SESSION_DOWN",
-            "NO_DIAGNOSTIC",
-            "PATH_DOWN",
-            "REVERSE_CONCATENATED_PATH_DOWN"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "final": {
-          "description": "The Final bit of the BFD packet. This is specified in section 4.1 of RFC5880",
-          "type": "boolean"
-        },
-        "length": {
-          "description": "The length of the BFD Control packet in bytes. This is specified in section 4.1 of RFC5880",
-          "format": "uint32",
-          "type": "integer"
-        },
-        "minEchoRxIntervalMs": {
-          "description": "The Required Min Echo RX Interval value in the BFD packet. This is specified in section 4.1 of RFC5880",
-          "format": "uint32",
-          "type": "integer"
-        },
-        "minRxIntervalMs": {
-          "description": "The Required Min RX Interval value in the BFD packet. This is specified in section 4.1 of RFC5880",
-          "format": "uint32",
-          "type": "integer"
-        },
-        "minTxIntervalMs": {
-          "description": "The Desired Min TX Interval value in the BFD packet. This is specified in section 4.1 of RFC5880",
-          "format": "uint32",
-          "type": "integer"
-        },
-        "multiplier": {
-          "description": "The detection time multiplier of the BFD packet. This is specified in section 4.1 of RFC5880",
-          "format": "uint32",
-          "type": "integer"
-        },
-        "multipoint": {
-          "description": "The multipoint bit of the BFD packet. This is specified in section 4.1 of RFC5880",
-          "type": "boolean"
-        },
-        "myDiscriminator": {
-          "description": "The My Discriminator value in the BFD packet. This is specified in section 4.1 of RFC5880",
-          "format": "uint32",
-          "type": "integer"
-        },
-        "poll": {
-          "description": "The Poll bit of the BFD packet. This is specified in section 4.1 of RFC5880",
-          "type": "boolean"
-        },
-        "state": {
-          "description": "The current BFD session state as seen by the transmitting system. These states are specified in section 4.1 of RFC5880",
-          "enum": [
-            "ADMIN_DOWN",
-            "DOWN",
-            "INIT",
-            "STATE_UNSPECIFIED",
-            "UP"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "version": {
-          "description": "The version number of the BFD protocol, as specified in section 4.1 of RFC5880.",
-          "format": "uint32",
-          "type": "integer"
-        },
-        "yourDiscriminator": {
-          "description": "The Your Discriminator value in the BFD packet. This is specified in section 4.1 of RFC5880",
-          "format": "uint32",
-          "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "BfdStatus": {
-      "description": "Next free: 15",
-      "id": "BfdStatus",
-      "properties": {
-        "bfdSessionInitializationMode": {
-          "description": "The BFD session initialization mode for this BGP peer. If set to ACTIVE, the Cloud Router will initiate the BFD session for this BGP peer. If set to PASSIVE, the Cloud Router will wait for the peer router to initiate the BFD session for this BGP peer. If set to DISABLED, BFD is disabled for this BGP peer.",
-          "enum": [
-            "ACTIVE",
-            "DISABLED",
-            "PASSIVE"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "configUpdateTimestampMicros": {
-          "description": "Unix timestamp of the most recent config update.",
-          "format": "int64",
-          "type": "string"
-        },
-        "controlPacketCounts": {
-          "$ref": "BfdStatusPacketCounts",
-          "description": "Control packet counts for the current BFD session."
-        },
-        "controlPacketIntervals": {
-          "description": "Inter-packet time interval statistics for control packets.",
-          "items": {
-            "$ref": "PacketIntervals"
-          },
-          "type": "array"
-        },
-        "echoPacketCounts": {
-          "$ref": "BfdStatusPacketCounts",
-          "description": "Echo packet counts for the current BFD session."
-        },
-        "echoPacketIntervals": {
-          "description": "Inter-packet time interval statistics for echo packets.",
-          "items": {
-            "$ref": "PacketIntervals"
-          },
-          "type": "array"
-        },
-        "localDiagnostic": {
-          "description": "The diagnostic code specifies the local system's reason for the last change in session state. This allows remote systems to determine the reason that the previous session failed, for example. These diagnostic codes are specified in section 4.1 of RFC5880",
-          "enum": [
-            "ADMINISTRATIVELY_DOWN",
-            "CONCATENATED_PATH_DOWN",
-            "CONTROL_DETECTION_TIME_EXPIRED",
-            "DIAGNOSTIC_UNSPECIFIED",
-            "ECHO_FUNCTION_FAILED",
-            "FORWARDING_PLANE_RESET",
-            "NEIGHBOR_SIGNALED_SESSION_DOWN",
-            "NO_DIAGNOSTIC",
-            "PATH_DOWN",
-            "REVERSE_CONCATENATED_PATH_DOWN"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "localState": {
-          "description": "The current BFD session state as seen by the transmitting system. These states are specified in section 4.1 of RFC5880",
-          "enum": [
-            "ADMIN_DOWN",
-            "DOWN",
-            "INIT",
-            "STATE_UNSPECIFIED",
-            "UP"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "negotiatedLocalControlTxIntervalMs": {
-          "description": "Negotiated transmit interval for control packets.",
-          "format": "uint32",
-          "type": "integer"
-        },
-        "negotiatedLocalEchoTxIntervalMs": {
-          "description": "Negotiated transmit interval for echo packets.",
-          "format": "uint32",
-          "type": "integer"
-        },
-        "rxPacket": {
-          "$ref": "BfdPacket",
-          "description": "The most recent Rx control packet for this BFD session."
-        },
-        "txPacket": {
-          "$ref": "BfdPacket",
-          "description": "The most recent Tx control packet for this BFD session."
-        },
-        "uptimeMs": {
-          "description": "Session uptime in milliseconds. Value will be 0 if session is not up.",
-          "format": "int64",
-          "type": "string"
-        },
-        "usingEchoMode": {
-          "description": "Indicates if echo mode is currently being used.",
-          "type": "boolean"
-        }
-      },
-      "type": "object"
-    },
-    "BfdStatusPacketCounts": {
-      "id": "BfdStatusPacketCounts",
-      "properties": {
-        "numRx": {
-          "description": "Number of packets received since the beginning of the current BFD session.",
-          "format": "uint32",
-          "type": "integer"
-        },
-        "numRxRejected": {
-          "description": "Number of packets received that were rejected because of errors since the beginning of the current BFD session.",
-          "format": "uint32",
-          "type": "integer"
-        },
-        "numRxSuccessful": {
-          "description": "Number of packets received that were successfully processed since the beginning of the current BFD session.",
-          "format": "uint32",
-          "type": "integer"
-        },
-        "numTx": {
-          "description": "Number of packets transmitted since the beginning of the current BFD session.",
-          "format": "uint32",
-          "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "Binding": {
-      "description": "Associates `members`, or principals, with a `role`.",
-      "id": "Binding",
-      "properties": {
-        "bindingId": {
-          "description": "This is deprecated and has no effect. Do not use.",
-          "type": "string"
-        },
-        "condition": {
-          "$ref": "Expr",
-          "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
-        },
-        "members": {
-          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "role": {
-          "description": "Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "BulkInsertDiskResource": {
-      "description": "A transient resource used in compute.disks.bulkInsert and compute.regionDisks.bulkInsert. It is only used to process requests and is not persisted.",
-      "id": "BulkInsertDiskResource",
-      "properties": {
-        "sourceConsistencyGroupPolicy": {
-          "description": "The URL of the DiskConsistencyGroupPolicy for the group of disks to clone. This may be a full or partial URL, such as: - https://www.googleapis.com/compute/v1/projects/project/regions/region /resourcePolicies/resourcePolicy - projects/project/regions/region/resourcePolicies/resourcePolicy - regions/region/resourcePolicies/resourcePolicy ",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "BulkInsertInstanceResource": {
-      "description": "A transient resource used in compute.instances.bulkInsert and compute.regionInstances.bulkInsert . This resource is not persisted anywhere, it is used only for processing the requests.",
-      "id": "BulkInsertInstanceResource",
-      "properties": {
-        "count": {
-          "description": "The maximum number of instances to create.",
-          "format": "int64",
-          "type": "string"
-        },
-        "instance": {
-          "$ref": "Instance",
-          "description": "DEPRECATED: Please use instance_properties instead."
-        },
-        "instanceProperties": {
-          "$ref": "InstanceProperties",
-          "description": "The instance properties defining the VM instances to be created. Required if sourceInstanceTemplate is not provided."
-        },
-        "locationPolicy": {
-          "$ref": "LocationPolicy",
-          "description": "Policy for chosing target zone. For more information, see Create VMs in bulk ."
-        },
-        "minCount": {
-          "description": "The minimum number of instances to create. If no min_count is specified then count is used as the default value. If min_count instances cannot be created, then no instances will be created and instances already created will be deleted.",
-          "format": "int64",
-          "type": "string"
-        },
-        "namePattern": {
-          "description": "The string pattern used for the names of the VMs. Either name_pattern or per_instance_properties must be set. The pattern must contain one continuous sequence of placeholder hash characters (#) with each character corresponding to one digit of the generated instance name. Example: a name_pattern of inst-#### generates instance names such as inst-0001 and inst-0002. If existing instances in the same project and zone have names that match the name pattern then the generated instance numbers start after the biggest existing number. For example, if there exists an instance with name inst-0050, then instance names generated using the pattern inst-#### begin with inst-0051. The name pattern placeholder #...# can contain up to 18 characters.",
-          "type": "string"
-        },
-        "perInstanceProperties": {
-          "additionalProperties": {
-            "$ref": "BulkInsertInstanceResourcePerInstanceProperties"
-          },
-          "description": "Per-instance properties to be set on individual instances. Keys of this map specify requested instance names. Can be empty if name_pattern is used.",
-          "type": "object"
-        },
-        "sourceInstanceTemplate": {
-          "description": "Specifies the instance template from which to create instances. You may combine sourceInstanceTemplate with instanceProperties to override specific values from an existing instance template. Bulk API follows the semantics of JSON Merge Patch described by RFC 7396. It can be a full or partial URL. For example, the following are all valid URLs to an instance template: - https://www.googleapis.com/compute/v1/projects/project /global/instanceTemplates/instanceTemplate - projects/project/global/instanceTemplates/instanceTemplate - global/instanceTemplates/instanceTemplate This field is optional.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "BulkInsertInstanceResourcePerInstanceProperties": {
-      "description": "Per-instance properties to be set on individual instances. To be extended in the future.",
-      "id": "BulkInsertInstanceResourcePerInstanceProperties",
-      "properties": {
-        "name": {
-          "description": "This field is only temporary. It will be removed. Do not use it.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "BundledLocalSsds": {
-      "id": "BundledLocalSsds",
-      "properties": {
-        "defaultInterface": {
-          "description": "The default disk interface if the interface is not specified.",
-          "type": "string"
-        },
-        "partitionCount": {
-          "description": "The number of partitions.",
-          "format": "int32",
-          "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "CacheInvalidationRule": {
-      "id": "CacheInvalidationRule",
-      "properties": {
-        "host": {
-          "description": "If set, this invalidation rule will only apply to requests with a Host header matching host.",
-          "type": "string"
-        },
-        "path": {
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "CacheKeyPolicy": {
-      "description": "Message containing what to include in the cache key for a request for Cloud CDN.",
-      "id": "CacheKeyPolicy",
-      "properties": {
-        "includeHost": {
-          "description": "If true, requests to different hosts will be cached separately.",
-          "type": "boolean"
-        },
-        "includeHttpHeaders": {
-          "description": "Allows HTTP request headers (by name) to be used in the cache key.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "includeNamedCookies": {
-          "description": "Allows HTTP cookies (by name) to be used in the cache key. The name=value pair will be used in the cache key Cloud CDN generates.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "includeProtocol": {
-          "description": "If true, http and https requests will be cached separately.",
-          "type": "boolean"
-        },
-        "includeQueryString": {
-          "description": "If true, include query string parameters in the cache key according to query_string_whitelist and query_string_blacklist. If neither is set, the entire query string will be included. If false, the query string will be excluded from the cache key entirely.",
-          "type": "boolean"
-        },
-        "queryStringBlacklist": {
-          "description": "Names of query string parameters to exclude in cache keys. All other parameters will be included. Either specify query_string_whitelist or query_string_blacklist, not both. '\u0026' and '=' will be percent encoded and not treated as delimiters.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "queryStringWhitelist": {
-          "description": "Names of query string parameters to include in cache keys. All other parameters will be excluded. Either specify query_string_whitelist or query_string_blacklist, not both. '\u0026' and '=' will be percent encoded and not treated as delimiters.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "CallCredentials": {
-      "description": "[Deprecated] gRPC call credentials to access the SDS server. gRPC call credentials to access the SDS server.",
-      "id": "CallCredentials",
-      "properties": {
-        "callCredentialType": {
-          "description": "The type of call credentials to use for GRPC requests to the SDS server. This field can be set to one of the following: - GCE_VM: The local GCE VM service account credentials are used to access the SDS server. - FROM_PLUGIN: Custom authenticator credentials are used to access the SDS server.",
-          "enum": [
-            "FROM_PLUGIN",
-            "GCE_VM",
-            "INVALID"
-          ],
-          "enumDescriptions": [
-            "Custom authenticator credentials are used to access the SDS server.",
-            "The local GCE VM service account credentials are used to access the SDS server.",
-            ""
-          ],
-          "type": "string"
-        },
-        "fromPlugin": {
-          "$ref": "MetadataCredentialsFromPlugin",
-          "description": "Custom authenticator credentials. Valid if callCredentialType is FROM_PLUGIN."
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
         }
       },
       "type": "object"
     },
-    "ChannelCredentials": {
-      "description": "[Deprecated] gRPC channel credentials to access the SDS server. gRPC channel credentials to access the SDS server.",
-      "id": "ChannelCredentials",
+    "DiskTypesScopedList": {
+      "id": "DiskTypesScopedList",
       "properties": {
-        "certificates": {
-          "$ref": "TlsCertificatePaths",
-          "description": "The call credentials to access the SDS server."
+        "diskTypes": {
+          "description": "[Output Only] A list of disk types contained in this scope.",
+          "items": {
+            "$ref": "DiskType"
+          },
+          "type": "array"
         },
-        "channelCredentialType": {
-          "description": "The channel credentials to access the SDS server. This field can be set to one of the following: CERTIFICATES: Use TLS certificates to access the SDS server. GCE_VM: Use local GCE VM credentials to access the SDS server.",
-          "enum": [
-            "CERTIFICATES",
-            "GCE_VM",
-            "INVALID"
-          ],
-          "enumDescriptions": [
-            "Use TLS certificates to access the SDS server.",
-            "Use local GCE VM credentials to access the SDS server.",
-            ""
-          ],
-          "type": "string"
+        "warning": {
+          "description": "[Output Only] Informational warning which replaces the list of disk types when the list is empty.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
         }
       },
       "type": "object"
     },
-    "CircuitBreakers": {
-      "description": "Settings controlling the volume of requests, connections and retries to this backend service.",
-      "id": "CircuitBreakers",
+    "DisksAddResourcePoliciesRequest": {
+      "id": "DisksAddResourcePoliciesRequest",
       "properties": {
-        "connectTimeout": {
-          "$ref": "Duration",
-          "description": "The timeout for new network connections to hosts."
-        },
-        "maxConnections": {
-          "description": "The maximum number of connections to the backend service. If not specified, there is no limit. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "maxPendingRequests": {
-          "description": "The maximum number of pending requests allowed to the backend service. If not specified, there is no limit. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "maxRequests": {
-          "description": "The maximum number of parallel requests that allowed to the backend service. If not specified, there is no limit.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "maxRequestsPerConnection": {
-          "description": "Maximum requests for a single connection to the backend service. This parameter is respected by both the HTTP/1.1 and HTTP/2 implementations. If not specified, there is no limit. Setting this parameter to 1 will effectively disable keep alive. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "maxRetries": {
-          "description": "The maximum number of parallel retries allowed to the backend cluster. If not specified, the default is 1. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.",
-          "format": "int32",
-          "type": "integer"
+        "resourcePolicies": {
+          "description": "Full or relative path to the resource policy to be added to this disk. You can only specify one resource policy.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "ClientTlsSettings": {
-      "description": "[Deprecated] The client side authentication settings for connection originating from the backend service. the backend service.",
-      "id": "ClientTlsSettings",
+    "DisksRemoveResourcePoliciesRequest": {
+      "id": "DisksRemoveResourcePoliciesRequest",
       "properties": {
-        "clientTlsContext": {
-          "$ref": "TlsContext",
-          "description": "Configures the mechanism to obtain client-side security certificates and identity information. This field is only applicable when mode is set to MUTUAL."
-        },
-        "mode": {
-          "description": "Indicates whether connections to this port should be secured using TLS. The value of this field determines how TLS is enforced. This can be set to one of the following values: DISABLE: Do not setup a TLS connection to the backends. SIMPLE: Originate a TLS connection to the backends. MUTUAL: Secure connections to the backends using mutual TLS by presenting client certificates for authentication.",
-          "enum": [
-            "DISABLE",
-            "INVALID",
-            "MUTUAL",
-            "SIMPLE"
-          ],
-          "enumDescriptions": [
-            "Do not setup a TLS connection to the backends.",
-            "",
-            "Secure connections to the backends using mutual TLS by presenting client certificates for authentication.",
-            "Originate a TLS connection to the backends."
-          ],
-          "type": "string"
-        },
-        "sni": {
-          "description": "SNI string to present to the server during TLS handshake. This field is applicable only when mode is SIMPLE or MUTUAL.",
-          "type": "string"
-        },
-        "subjectAltNames": {
-          "description": "A list of alternate names to verify the subject identity in the certificate.If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. This field is applicable only when mode is SIMPLE or MUTUAL.",
+        "resourcePolicies": {
+          "description": "Resource policies to be removed from this disk.",
           "items": {
             "type": "string"
           },
@@ -44849,210 +49611,29 @@
       },
       "type": "object"
     },
-    "Commitment": {
-      "description": "Represents a regional Commitment resource. Creating a commitment resource means that you are purchasing a committed use contract with an explicit start and end time. You can create commitments based on vCPUs and memory usage and receive discounted rates. For full details, read Signing Up for Committed Use Discounts.",
-      "id": "Commitment",
+    "DisksResizeRequest": {
+      "id": "DisksResizeRequest",
       "properties": {
-        "autoRenew": {
-          "description": "Specifies whether to enable automatic renewal for the commitment. The default value is false if not specified. The field can be updated until the day of the commitment expiration at 12:00am PST. If the field is set to true, the commitment will be automatically renewed for either one or three years according to the terms of the existing commitment.",
-          "type": "boolean"
-        },
-        "category": {
-          "description": "The category of the commitment. Category MACHINE specifies commitments composed of machine resources such as VCPU or MEMORY, listed in resources. Category LICENSE specifies commitments composed of software licenses, listed in licenseResources. Note that only MACHINE commitments should have a Type specified.",
-          "enum": [
-            "CATEGORY_UNSPECIFIED",
-            "LICENSE",
-            "MACHINE"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
-          "type": "string"
-        },
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
-          "type": "string"
-        },
-        "endTimestamp": {
-          "description": "[Output Only] Commitment end time in RFC3339 text format.",
-          "type": "string"
-        },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "kind": {
-          "default": "compute#commitment",
-          "description": "[Output Only] Type of the resource. Always compute#commitment for commitments.",
-          "type": "string"
-        },
-        "licenseResource": {
-          "$ref": "LicenseResourceCommitment",
-          "description": "The license specification required as part of a license commitment."
-        },
-        "mergeSourceCommitments": {
-          "description": "List of source commitments to be merged into a new commitment.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "name": {
-          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "plan": {
-          "description": "The plan for this commitment, which determines duration and discount rate. The currently supported plans are TWELVE_MONTH (1 year), and THIRTY_SIX_MONTH (3 years).",
-          "enum": [
-            "INVALID",
-            "THIRTY_SIX_MONTH",
-            "TWELVE_MONTH"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "region": {
-          "description": "[Output Only] URL of the region where this commitment may be used.",
-          "type": "string"
-        },
-        "reservations": {
-          "description": "List of reservations in this commitment.",
-          "items": {
-            "$ref": "Reservation"
-          },
-          "type": "array"
-        },
-        "resources": {
-          "description": "A list of commitment amounts for particular resources. Note that VCPU and MEMORY resource commitments must occur together.",
-          "items": {
-            "$ref": "ResourceCommitment"
-          },
-          "type": "array"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
-          "type": "string"
-        },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
-          "type": "string"
-        },
-        "splitSourceCommitment": {
-          "description": "Source commitment to be splitted into a new commitment.",
-          "type": "string"
-        },
-        "startTimestamp": {
-          "description": "[Output Only] Commitment start time in RFC3339 text format.",
-          "type": "string"
-        },
-        "status": {
-          "description": "[Output Only] Status of the commitment with regards to eventual expiration (each commitment has an end date defined). One of the following values: NOT_YET_ACTIVE, ACTIVE, EXPIRED.",
-          "enum": [
-            "ACTIVE",
-            "CANCELLED",
-            "CREATING",
-            "EXPIRED",
-            "NOT_YET_ACTIVE"
-          ],
-          "enumDescriptions": [
-            "",
-            "Deprecate CANCELED status. Will use separate status to differentiate cancel by mergeCud or manual cancellation.",
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "statusMessage": {
-          "description": "[Output Only] An optional, human-readable explanation of the status.",
-          "type": "string"
-        },
-        "type": {
-          "description": "The type of commitment, which affects the discount rate and the eligible resources. Type MEMORY_OPTIMIZED specifies a commitment that will only apply to memory optimized machines. Type ACCELERATOR_OPTIMIZED specifies a commitment that will only apply to accelerator optimized machines.",
-          "enum": [
-            "ACCELERATOR_OPTIMIZED",
-            "COMPUTE_OPTIMIZED",
-            "COMPUTE_OPTIMIZED_C2D",
-            "COMPUTE_OPTIMIZED_C3",
-            "GENERAL_PURPOSE",
-            "GENERAL_PURPOSE_E2",
-            "GENERAL_PURPOSE_N2",
-            "GENERAL_PURPOSE_N2D",
-            "GENERAL_PURPOSE_T2D",
-            "GRAPHICS_OPTIMIZED",
-            "MEMORY_OPTIMIZED",
-            "MEMORY_OPTIMIZED_M3",
-            "TYPE_UNSPECIFIED"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            ""
-          ],
+        "sizeGb": {
+          "description": "The new size of the persistent disk, which is specified in GB.",
+          "format": "int64",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "CommitmentAggregatedList": {
-      "id": "CommitmentAggregatedList",
+    "DisksScopedList": {
+      "id": "DisksScopedList",
       "properties": {
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
-          "type": "string"
-        },
-        "items": {
-          "additionalProperties": {
-            "$ref": "CommitmentsScopedList",
-            "description": "[Output Only] Name of the scope containing this set of commitments."
-          },
-          "description": "A list of CommitmentsScopedList resources.",
-          "type": "object"
-        },
-        "kind": {
-          "default": "compute#commitmentAggregatedList",
-          "description": "[Output Only] Type of resource. Always compute#commitmentAggregatedList for aggregated lists of commitments.",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
-          "type": "string"
-        },
-        "unreachables": {
-          "description": "[Output Only] Unreachable resources.",
+        "disks": {
+          "description": "[Output Only] A list of disks contained in this scope.",
           "items": {
-            "type": "string"
+            "$ref": "Disk"
           },
           "type": "array"
         },
         "warning": {
-          "description": "[Output Only] Informational warning message.",
+          "description": "[Output Only] Informational warning which replaces the list of disks when the list is empty.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -45067,6 +49648,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -45085,6 +49667,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -45096,6 +49708,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -45143,24 +49756,176 @@
       },
       "type": "object"
     },
-    "CommitmentList": {
-      "description": "Contains a list of Commitment resources.",
-      "id": "CommitmentList",
+    "DisksStartAsyncReplicationRequest": {
+      "id": "DisksStartAsyncReplicationRequest",
+      "properties": {
+        "asyncSecondaryDisk": {
+          "description": "The secondary disk to start asynchronous replication to. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - https://www.googleapis.com/compute/v1/projects/project/regions/region /disks/disk - projects/project/zones/zone/disks/disk - projects/project/regions/region/disks/disk - zones/zone/disks/disk - regions/region/disks/disk ",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DisksStopGroupAsyncReplicationResource": {
+      "description": "A transient resource used in compute.disks.stopGroupAsyncReplication and compute.regionDisks.stopGroupAsyncReplication. It is only used to process requests and is not persisted.",
+      "id": "DisksStopGroupAsyncReplicationResource",
+      "properties": {
+        "resourcePolicy": {
+          "description": "The URL of the DiskConsistencyGroupPolicy for the group of disks to stop. This may be a full or partial URL, such as: - https://www.googleapis.com/compute/v1/projects/project/regions/region /resourcePolicies/resourcePolicy - projects/project/regions/region/resourcePolicies/resourcePolicy - regions/region/resourcePolicies/resourcePolicy ",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DisplayDevice": {
+      "description": "A set of Display Device options",
+      "id": "DisplayDevice",
+      "properties": {
+        "enableDisplay": {
+          "description": "Defines whether the instance has Display enabled.",
+          "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
+    "DistributionPolicy": {
+      "id": "DistributionPolicy",
+      "properties": {
+        "targetShape": {
+          "description": "The distribution shape to which the group converges either proactively or on resize events (depending on the value set in updatePolicy.instanceRedistributionType).",
+          "enum": [
+            "ANY",
+            "ANY_SINGLE_ZONE",
+            "BALANCED",
+            "EVEN"
+          ],
+          "enumDescriptions": [
+            "The group picks zones for creating VM instances to fulfill the requested number of VMs within present resource constraints and to maximize utilization of unused zonal reservations. Recommended for batch workloads that do not require high availability.",
+            "The group creates all VM instances within a single zone. The zone is selected based on the present resource constraints and to maximize utilization of unused zonal reservations. Recommended for batch workloads with heavy interprocess communication.",
+            "The group prioritizes acquisition of resources, scheduling VMs in zones where resources are available while distributing VMs as evenly as possible across selected zones to minimize the impact of zonal failure. Recommended for highly available serving workloads.",
+            "The group schedules VM instance creation and deletion to achieve and maintain an even number of managed instances across the selected zones. The distribution is even when the number of managed instances does not differ by more than 1 between any two zones. Recommended for highly available serving workloads."
+          ],
+          "type": "string"
+        },
+        "zones": {
+          "description": "Zones where the regional managed instance group will create and manage its instances.",
+          "items": {
+            "$ref": "DistributionPolicyZoneConfiguration"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "DistributionPolicyZoneConfiguration": {
+      "id": "DistributionPolicyZoneConfiguration",
+      "properties": {
+        "zone": {
+          "annotations": {
+            "required": [
+              "compute.regionInstanceGroupManagers.insert",
+              "compute.regionInstanceGroupManagers.update"
+            ]
+          },
+          "description": "The URL of the zone. The zone must exist in the region where the managed instance group is located.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "Duration": {
+      "description": "A Duration represents a fixed-length span of time represented as a count of seconds and fractions of seconds at nanosecond resolution. It is independent of any calendar and concepts like \"day\" or \"month\". Range is approximately 10,000 years.",
+      "id": "Duration",
+      "properties": {
+        "nanos": {
+          "description": "Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 `seconds` field and a positive `nanos` field. Must be from 0 to 999,999,999 inclusive.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "seconds": {
+          "description": "Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years",
+          "format": "int64",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ErrorInfo": {
+      "description": "Describes the cause of the error with structured details. Example of an error when contacting the \"pubsub.googleapis.com\" API when it is not enabled: { \"reason\": \"API_DISABLED\" \"domain\": \"googleapis.com\" \"metadata\": { \"resource\": \"projects/123\", \"service\": \"pubsub.googleapis.com\" } } This response indicates that the pubsub.googleapis.com API is not enabled. Example of an error that is returned when attempting to create a Spanner instance in a region that is out of stock: { \"reason\": \"STOCKOUT\" \"domain\": \"spanner.googleapis.com\", \"metadata\": { \"availableRegions\": \"us-central1,us-east2\" } }",
+      "id": "ErrorInfo",
+      "properties": {
+        "domain": {
+          "description": "The logical grouping to which the \"reason\" belongs. The error domain is typically the registered service name of the tool or product that generates the error. Example: \"pubsub.googleapis.com\". If the error is generated by some common infrastructure, the error domain must be a globally unique value that identifies the infrastructure. For Google API infrastructure, the error domain is \"googleapis.com\".",
+          "type": "string"
+        },
+        "metadatas": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Additional structured details about this error. Keys should match /[a-zA-Z0-9-_]/ and be limited to 64 characters in length. When identifying the current value of an exceeded limit, the units should be contained in the key, not the value. For example, rather than {\"instanceLimit\": \"100/request\"}, should be returned as, {\"instanceLimitPerRequest\": \"100\"}, if the client exceeds the number of instances that can be created in a single (batch) request.",
+          "type": "object"
+        },
+        "reason": {
+          "description": "The reason of the error. This is a constant value that identifies the proximate cause of the error. Error reasons are unique within a particular domain of errors. This should be at most 63 characters and match a regular expression of `A-Z+[A-Z0-9]`, which represents UPPER_SNAKE_CASE.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ExchangedPeeringRoute": {
+      "id": "ExchangedPeeringRoute",
+      "properties": {
+        "destRange": {
+          "description": "The destination range of the route.",
+          "type": "string"
+        },
+        "imported": {
+          "description": "True if the peering route has been imported from a peer. The actual import happens if the field networkPeering.importCustomRoutes is true for this network, and networkPeering.exportCustomRoutes is true for the peer network, and the import does not result in a route conflict.",
+          "type": "boolean"
+        },
+        "nextHopRegion": {
+          "description": "The region of peering route next hop, only applies to dynamic routes.",
+          "type": "string"
+        },
+        "priority": {
+          "description": "The priority of the peering route.",
+          "format": "uint32",
+          "type": "integer"
+        },
+        "type": {
+          "description": "The type of the peering route.",
+          "enum": [
+            "DYNAMIC_PEERING_ROUTE",
+            "STATIC_PEERING_ROUTE",
+            "SUBNET_PEERING_ROUTE"
+          ],
+          "enumDescriptions": [
+            "For routes exported from local network.",
+            "The peering route.",
+            "The peering route corresponding to subnetwork range."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ExchangedPeeringRoutesList": {
+      "id": "ExchangedPeeringRoutesList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of Commitment resources.",
+          "description": "A list of ExchangedPeeringRoute resources.",
           "items": {
-            "$ref": "Commitment"
+            "$ref": "ExchangedPeeringRoute"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#commitmentList",
-          "description": "[Output Only] Type of resource. Always compute#commitmentList for lists of commitments.",
+          "default": "compute#exchangedPeeringRoutesList",
+          "description": "[Output Only] Type of resource. Always compute#exchangedPeeringRoutesList for exchanged peering routes lists.",
           "type": "string"
         },
         "nextPageToken": {
@@ -45187,6 +49952,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -45205,6 +49971,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -45216,6 +50012,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -45263,18 +50060,154 @@
       },
       "type": "object"
     },
-    "CommitmentsScopedList": {
-      "id": "CommitmentsScopedList",
+    "Expr": {
+      "description": "Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: \"Summary size limit\" description: \"Determines if a summary is less than 100 chars\" expression: \"document.summary.size() \u003c 100\" Example (Equality): title: \"Requestor is owner\" description: \"Determines if requestor is the document owner\" expression: \"document.owner == request.auth.claims.email\" Example (Logic): title: \"Public documents\" description: \"Determine whether the document should be publicly visible\" expression: \"document.type != 'private' \u0026\u0026 document.type != 'internal'\" Example (Data Manipulation): title: \"Notification string\" description: \"Create a notification string with a timestamp.\" expression: \"'New message received at ' + string(document.create_time)\" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.",
+      "id": "Expr",
       "properties": {
-        "commitments": {
-          "description": "[Output Only] A list of commitments contained in this scope.",
+        "description": {
+          "description": "Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.",
+          "type": "string"
+        },
+        "expression": {
+          "description": "Textual representation of an expression in Common Expression Language syntax.",
+          "type": "string"
+        },
+        "location": {
+          "description": "Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.",
+          "type": "string"
+        },
+        "title": {
+          "description": "Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ExternalVpnGateway": {
+      "description": "Represents an external VPN gateway. External VPN gateway is the on-premises VPN gateway(s) or another cloud provider's VPN gateway that connects to your Google Cloud VPN gateway. To create a highly available VPN from Google Cloud Platform to your VPN gateway or another cloud provider's VPN gateway, you must create a external VPN gateway resource with information about the other gateway. For more information about using external VPN gateways, see Creating an HA VPN gateway and tunnel pair to a peer VPN.",
+      "id": "ExternalVpnGateway",
+      "properties": {
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
+        },
+        "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
+          "type": "string"
+        },
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "interfaces": {
+          "description": "A list of interfaces for this external VPN gateway. If your peer-side gateway is an on-premises gateway and non-AWS cloud providers' gateway, at most two interfaces can be provided for an external VPN gateway. If your peer side is an AWS virtual private gateway, four interfaces should be provided for an external VPN gateway.",
           "items": {
-            "$ref": "Commitment"
+            "$ref": "ExternalVpnGatewayInterface"
+          },
+          "type": "array"
+        },
+        "kind": {
+          "default": "compute#externalVpnGateway",
+          "description": "[Output Only] Type of the resource. Always compute#externalVpnGateway for externalVpnGateways.",
+          "type": "string"
+        },
+        "labelFingerprint": {
+          "description": "A fingerprint for the labels being applied to this ExternalVpnGateway, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve an ExternalVpnGateway.",
+          "format": "byte",
+          "type": "string"
+        },
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.",
+          "type": "object"
+        },
+        "name": {
+          "annotations": {
+            "required": [
+              "compute.externalVpnGateways.insert"
+            ]
+          },
+          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "redundancyType": {
+          "description": "Indicates the user-supplied redundancy type of this external VPN gateway.",
+          "enum": [
+            "FOUR_IPS_REDUNDANCY",
+            "SINGLE_IP_INTERNALLY_REDUNDANT",
+            "TWO_IPS_REDUNDANCY"
+          ],
+          "enumDescriptions": [
+            "The external VPN gateway has four public IP addresses; at the time of writing this API, the AWS virtual private gateway is an example which has four public IP addresses for high availability connections; there should be two VPN connections in the AWS virtual private gateway , each AWS VPN connection has two public IP addresses; please make sure to put two public IP addresses from one AWS VPN connection into interfaces 0 and 1 of this external VPN gateway, and put the other two public IP addresses from another AWS VPN connection into interfaces 2 and 3 of this external VPN gateway. When displaying highly available configuration status for the VPN tunnels connected to FOUR_IPS_REDUNDANCY external VPN gateway, Google will always detect whether interfaces 0 and 1 are connected on one interface of HA Cloud VPN gateway, and detect whether interfaces 2 and 3 are connected to another interface of the HA Cloud VPN gateway.",
+            "The external VPN gateway has only one public IP address which internally provide redundancy or failover.",
+            "The external VPN gateway has two public IP addresses which are redundant with each other, the following two types of setup on your on-premises side would have this type of redundancy: (1) Two separate on-premises gateways, each with one public IP address, the two on-premises gateways are redundant with each other. (2) A single on-premise gateway with two public IP addresses that are redundant with eatch other."
+          ],
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ExternalVpnGatewayInterface": {
+      "description": "The interface for the external VPN gateway.",
+      "id": "ExternalVpnGatewayInterface",
+      "properties": {
+        "id": {
+          "description": "The numeric ID of this interface. The allowed input values for this id for different redundancy types of external VPN gateway: - SINGLE_IP_INTERNALLY_REDUNDANT - 0 - TWO_IPS_REDUNDANCY - 0, 1 - FOUR_IPS_REDUNDANCY - 0, 1, 2, 3 ",
+          "format": "uint32",
+          "type": "integer"
+        },
+        "ipAddress": {
+          "description": "IP address of the interface in the external VPN gateway. Only IPv4 is supported. This IP address can be either from your on-premise gateway or another Cloud provider's VPN gateway, it cannot be an IP address from Google Compute Engine.",
+          "type": "string"
+        },
+        "ipv6Address": {
+          "description": "IPv6 address of the interface in the external VPN gateway. This IPv6 address can be either from your on-premise gateway or another Cloud provider's VPN gateway, it cannot be an IP address from Google Compute Engine. Must specify an IPv6 address (not IPV4-mapped) using any format described in RFC 4291 (e.g. 2001:db8:0:0:2d9:51:0:0). The output format is RFC 5952 format (e.g. 2001:db8::2d9:51:0:0).",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ExternalVpnGatewayList": {
+      "description": "Response to the list request, and contains a list of externalVpnGateways.",
+      "id": "ExternalVpnGatewayList",
+      "properties": {
+        "etag": {
+          "type": "string"
+        },
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "type": "string"
+        },
+        "items": {
+          "description": "A list of ExternalVpnGateway resources.",
+          "items": {
+            "$ref": "ExternalVpnGateway"
           },
           "type": "array"
         },
+        "kind": {
+          "default": "compute#externalVpnGatewayList",
+          "description": "[Output Only] Type of resource. Always compute#externalVpnGatewayList for lists of externalVpnGateways.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
         "warning": {
-          "description": "[Output Only] Informational warning which replaces the list of commitments when the list is empty.",
+          "description": "[Output Only] Informational warning message.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -45289,6 +50222,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -45307,6 +50241,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -45318,6 +50282,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -45347,679 +50312,227 @@
                     "type": "string"
                   },
                   "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "Condition": {
-      "description": "This is deprecated and has no effect. Do not use.",
-      "id": "Condition",
-      "properties": {
-        "iam": {
-          "description": "This is deprecated and has no effect. Do not use.",
-          "enum": [
-            "APPROVER",
-            "ATTRIBUTION",
-            "AUTHORITY",
-            "CREDENTIALS_TYPE",
-            "CREDS_ASSERTION",
-            "JUSTIFICATION_TYPE",
-            "NO_ATTR",
-            "SECURITY_REALM"
-          ],
-          "enumDescriptions": [
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use."
-          ],
-          "type": "string"
-        },
-        "op": {
-          "description": "This is deprecated and has no effect. Do not use.",
-          "enum": [
-            "DISCHARGED",
-            "EQUALS",
-            "IN",
-            "NOT_EQUALS",
-            "NOT_IN",
-            "NO_OP"
-          ],
-          "enumDescriptions": [
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use."
-          ],
-          "type": "string"
-        },
-        "svc": {
-          "description": "This is deprecated and has no effect. Do not use.",
-          "type": "string"
-        },
-        "sys": {
-          "description": "This is deprecated and has no effect. Do not use.",
-          "enum": [
-            "IP",
-            "NAME",
-            "NO_ATTR",
-            "REGION",
-            "SERVICE"
-          ],
-          "enumDescriptions": [
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use."
-          ],
-          "type": "string"
-        },
-        "values": {
-          "description": "This is deprecated and has no effect. Do not use.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "ConfidentialInstanceConfig": {
-      "description": "A set of Confidential Instance options.",
-      "id": "ConfidentialInstanceConfig",
-      "properties": {
-        "confidentialInstanceType": {
-          "description": "Defines the type of technology used by the confidential instance.",
-          "enum": [
-            "CONFIDENTIAL_INSTANCE_TYPE_UNSPECIFIED",
-            "SEV",
-            "SEV_SNP"
-          ],
-          "enumDescriptions": [
-            "No type specified. Do not use this value.",
-            "AMD Secure Encrypted Virtualization.",
-            "AMD Secure Encrypted Virtualization - Secure Nested Paging."
-          ],
-          "type": "string"
-        },
-        "enableConfidentialCompute": {
-          "description": "Defines whether the instance should have confidential compute enabled.",
-          "type": "boolean"
-        }
-      },
-      "type": "object"
-    },
-    "ConnectionDraining": {
-      "description": "Message containing connection draining configuration.",
-      "id": "ConnectionDraining",
-      "properties": {
-        "drainingTimeoutSec": {
-          "description": "Configures a duration timeout for existing requests on a removed backend instance. For supported load balancers and protocols, as described in Enabling connection draining.",
-          "format": "int32",
-          "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "ConsistentHashLoadBalancerSettings": {
-      "description": "This message defines settings for a consistent hash style load balancer.",
-      "id": "ConsistentHashLoadBalancerSettings",
-      "properties": {
-        "httpCookie": {
-          "$ref": "ConsistentHashLoadBalancerSettingsHttpCookie",
-          "description": "Hash is based on HTTP Cookie. This field describes a HTTP cookie that will be used as the hash key for the consistent hash load balancer. If the cookie is not present, it will be generated. This field is applicable if the sessionAffinity is set to HTTP_COOKIE. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true."
-        },
-        "httpHeaderName": {
-          "description": "The hash based on the value of the specified header field. This field is applicable if the sessionAffinity is set to HEADER_FIELD.",
-          "type": "string"
-        },
-        "minimumRingSize": {
-          "description": "The minimum number of virtual nodes to use for the hash ring. Defaults to 1024. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node.",
-          "format": "int64",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "ConsistentHashLoadBalancerSettingsHttpCookie": {
-      "description": "The information about the HTTP Cookie on which the hash function is based for load balancing policies that use a consistent hash.",
-      "id": "ConsistentHashLoadBalancerSettingsHttpCookie",
-      "properties": {
-        "name": {
-          "description": "Name of the cookie.",
-          "type": "string"
-        },
-        "path": {
-          "description": "Path to set for the cookie.",
-          "type": "string"
-        },
-        "ttl": {
-          "$ref": "Duration",
-          "description": "Lifetime of the cookie."
-        }
-      },
-      "type": "object"
-    },
-    "CorsPolicy": {
-      "description": "The specification for allowing client-side cross-origin requests. For more information about the W3C recommendation for cross-origin resource sharing (CORS), see Fetch API Living Standard.",
-      "id": "CorsPolicy",
-      "properties": {
-        "allowCredentials": {
-          "description": "In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header. Default is false.",
-          "type": "boolean"
-        },
-        "allowHeaders": {
-          "description": "Specifies the content for the Access-Control-Allow-Headers header.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "allowMethods": {
-          "description": "Specifies the content for the Access-Control-Allow-Methods header.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "allowOriginRegexes": {
-          "description": "Specifies a regular expression that matches allowed origins. For more information about the regular expression syntax, see Syntax. An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. Regular expressions can only be used when the loadBalancingScheme is set to INTERNAL_SELF_MANAGED.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "allowOrigins": {
-          "description": "Specifies the list of origins that is allowed to do CORS requests. An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "disabled": {
-          "description": "If true, the setting specifies the CORS policy is disabled. The default value of false, which indicates that the CORS policy is in effect.",
-          "type": "boolean"
-        },
-        "exposeHeaders": {
-          "description": "Specifies the content for the Access-Control-Expose-Headers header.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "maxAge": {
-          "description": "Specifies how long results of a preflight request can be cached in seconds. This field translates to the Access-Control-Max-Age header.",
-          "format": "int32",
-          "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "CustomErrorResponsePolicy": {
-      "description": "Specifies the custom error response policy that must be applied when the backend service or backend bucket responds with an error.",
-      "id": "CustomErrorResponsePolicy",
-      "properties": {
-        "errorResponseRules": {
-          "description": "Specifies rules for returning error responses. In a given policy, if you specify rules for both a range of error codes as well as rules for specific error codes then rules with specific error codes have a higher priority. For example, assume that you configure a rule for 401 (Un-authorized) code, and another for all 4 series error codes (4XX). If the backend service returns a 401, then the rule for 401 will be applied. However if the backend service returns a 403, the rule for 4xx takes effect.",
-          "items": {
-            "$ref": "CustomErrorResponsePolicyCustomErrorResponseRule"
-          },
-          "type": "array"
-        },
-        "errorService": {
-          "description": "The full or partial URL to the BackendBucket resource that contains the custom error content. Examples are: - https://www.googleapis.com/compute/v1/projects/project/global/backendBuckets/myBackendBucket - compute/v1/projects/project/global/backendBuckets/myBackendBucket - global/backendBuckets/myBackendBucket If errorService is not specified at lower levels like pathMatcher, pathRule and routeRule, an errorService specified at a higher level in the UrlMap will be used. If UrlMap.defaultCustomErrorResponsePolicy contains one or more errorResponseRules[], it must specify errorService. If load balancer cannot reach the backendBucket, a simple Not Found Error will be returned, with the original response code (or overrideResponseCode if configured). errorService is not supported for internal or regional HTTP/HTTPS load balancers.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "CustomErrorResponsePolicyCustomErrorResponseRule": {
-      "description": "Specifies the mapping between the response code that will be returned along with the custom error content and the response code returned by the backend service.",
-      "id": "CustomErrorResponsePolicyCustomErrorResponseRule",
-      "properties": {
-        "matchResponseCodes": {
-          "description": "Valid values include: - A number between 400 and 599: For example 401 or 503, in which case the load balancer applies the policy if the error code exactly matches this value. - 5xx: Load Balancer will apply the policy if the backend service responds with any response code in the range of 500 to 599. - 4xx: Load Balancer will apply the policy if the backend service responds with any response code in the range of 400 to 499. Values must be unique within matchResponseCodes and across all errorResponseRules of CustomErrorResponsePolicy.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "overrideResponseCode": {
-          "description": "The HTTP status code returned with the response containing the custom error content. If overrideResponseCode is not supplied, the same response code returned by the original backend bucket or backend service is returned to the client.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "path": {
-          "description": "The full path to a file within backendBucket . For example: /errors/defaultError.html path must start with a leading slash. path cannot have trailing slashes. If the file is not available in backendBucket or the load balancer cannot reach the BackendBucket, a simple Not Found Error is returned to the client. The value must be from 1 to 1024 characters",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "CustomerEncryptionKey": {
-      "id": "CustomerEncryptionKey",
-      "properties": {
-        "kmsKeyName": {
-          "description": "The name of the encryption key that is stored in Google Cloud KMS. For example: \"kmsKeyName\": \"projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key ",
-          "type": "string"
-        },
-        "kmsKeyServiceAccount": {
-          "description": "The service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. For example: \"kmsKeyServiceAccount\": \"name@project_id.iam.gserviceaccount.com/ ",
-          "type": "string"
-        },
-        "rawKey": {
-          "description": "Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: \"rawKey\": \"SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=\" ",
-          "type": "string"
-        },
-        "rsaEncryptedKey": {
-          "description": "Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption key to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: \"rsaEncryptedKey\": \"ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==\" The key must meet the following requirements before you can provide it to Compute Engine: 1. The key is wrapped using a RSA public key certificate provided by Google. 2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding. Gets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem ",
-          "type": "string"
-        },
-        "sha256": {
-          "description": "[Output only] The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "CustomerEncryptionKeyProtectedDisk": {
-      "id": "CustomerEncryptionKeyProtectedDisk",
-      "properties": {
-        "diskEncryptionKey": {
-          "$ref": "CustomerEncryptionKey",
-          "description": "Decrypts data associated with the disk with a customer-supplied encryption key."
-        },
-        "source": {
-          "description": "Specifies a valid partial or full URL to an existing Persistent Disk resource. This field is only applicable for persistent disks. For example: \"source\": \"/compute/v1/projects/project_id/zones/zone/disks/ disk_name ",
-          "type": "string"
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
         }
       },
       "type": "object"
     },
-    "DeprecationStatus": {
-      "description": "Deprecation status for a public resource.",
-      "id": "DeprecationStatus",
+    "FileContentBuffer": {
+      "id": "FileContentBuffer",
       "properties": {
-        "deleted": {
-          "description": "An optional RFC3339 timestamp on or after which the state of this resource is intended to change to DELETED. This is only informational and the status will not change unless the client explicitly changes it.",
-          "type": "string"
-        },
-        "deprecated": {
-          "description": "An optional RFC3339 timestamp on or after which the state of this resource is intended to change to DEPRECATED. This is only informational and the status will not change unless the client explicitly changes it.",
-          "type": "string"
-        },
-        "obsolete": {
-          "description": "An optional RFC3339 timestamp on or after which the state of this resource is intended to change to OBSOLETE. This is only informational and the status will not change unless the client explicitly changes it.",
-          "type": "string"
-        },
-        "replacement": {
-          "description": "The URL of the suggested replacement for a deprecated resource. The suggested replacement resource must be the same kind of resource as the deprecated resource.",
+        "content": {
+          "description": "The raw content in the secure keys file.",
+          "format": "byte",
           "type": "string"
         },
-        "state": {
-          "description": "The deprecation state of this resource. This can be ACTIVE, DEPRECATED, OBSOLETE, or DELETED. Operations which communicate the end of life date for an image, can use ACTIVE. Operations which create a new resource using a DEPRECATED resource will return successfully, but with a warning indicating the deprecated resource and recommending its replacement. Operations which use OBSOLETE or DELETED resources will be rejected and result in an error.",
+        "fileType": {
+          "description": "The file type of source file.",
           "enum": [
-            "ACTIVE",
-            "DELETED",
-            "DEPRECATED",
-            "OBSOLETE"
+            "BIN",
+            "UNDEFINED",
+            "X509"
           ],
           "enumDescriptions": [
-            "",
             "",
             "",
             ""
           ],
           "type": "string"
-        },
-        "stateOverride": {
-          "$ref": "RolloutPolicy",
-          "description": "The rollout policy for this deprecation. This policy is only enforced by image family views. The rollout policy restricts the zones where the associated resource is considered in a deprecated state. When the rollout policy does not include the user specified zone, or if the zone is rolled out, the associated resource is considered in a deprecated state. The rollout policy for this deprecation is read-only, except for allowlisted users. This field might not be configured. To view the latest non-deprecated image in a specific zone, use the imageFamilyViews.get method."
         }
       },
       "type": "object"
     },
-    "Disk": {
-      "description": "Represents a Persistent Disk resource. Google Compute Engine has two Disk resources: * [Zonal](/compute/docs/reference/rest/alpha/disks) * [Regional](/compute/docs/reference/rest/alpha/regionDisks) Persistent disks are required for running your VM instances. Create both boot and non-boot (data) persistent disks. For more information, read Persistent Disks. For more storage options, read Storage options. The disks resource represents a zonal persistent disk. For more information, read Zonal persistent disks. The regionDisks resource represents a regional persistent disk. For more information, read Regional resources.",
-      "id": "Disk",
+    "Firewall": {
+      "description": "Represents a Firewall Rule resource. Firewall rules allow or deny ingress traffic to, and egress traffic from your instances. For more information, read Firewall rules.",
+      "id": "Firewall",
       "properties": {
-        "architecture": {
-          "description": "The architecture of the disk. Valid values are ARM64 or X86_64.",
-          "enum": [
-            "ARCHITECTURE_UNSPECIFIED",
-            "ARM64",
-            "X86_64"
-          ],
-          "enumDescriptions": [
-            "Default value indicating Architecture is not set.",
-            "Machines with architecture ARM64",
-            "Machines with architecture X86_64"
-          ],
-          "type": "string"
-        },
-        "asyncPrimaryDisk": {
-          "$ref": "DiskAsyncReplication",
-          "description": "Disk asynchronously replicated into this disk."
-        },
-        "asyncSecondaryDisks": {
-          "additionalProperties": {
-            "$ref": "DiskAsyncReplicationList"
+        "allowed": {
+          "description": "The list of ALLOW rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.",
+          "items": {
+            "properties": {
+              "IPProtocol": {
+                "description": "The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.",
+                "type": "string"
+              },
+              "ports": {
+                "description": "An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: [\"22\"], [\"80\",\"443\"], and [\"12345-12349\"].",
+                "items": {
+                  "type": "string"
+                },
+                "type": "array"
+              }
+            },
+            "type": "object"
           },
-          "description": "[Output Only] A list of disks this disk is asynchronously replicated to.",
-          "type": "object"
+          "type": "array"
         },
         "creationTimestamp": {
           "description": "[Output Only] Creation timestamp in RFC3339 text format.",
           "type": "string"
         },
+        "denied": {
+          "description": "The list of DENY rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a denied connection.",
+          "items": {
+            "properties": {
+              "IPProtocol": {
+                "description": "The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.",
+                "type": "string"
+              },
+              "ports": {
+                "description": "An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: [\"22\"], [\"80\",\"443\"], and [\"12345-12349\"].",
+                "items": {
+                  "type": "string"
+                },
+                "type": "array"
+              }
+            },
+            "type": "object"
+          },
+          "type": "array"
+        },
         "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
+          "description": "An optional description of this resource. Provide this field when you create the resource.",
           "type": "string"
         },
-        "diskEncryptionKey": {
-          "$ref": "CustomerEncryptionKey",
-          "description": "Encrypts the disk using a customer-supplied encryption key or a customer-managed encryption key. Encryption keys do not protect access to metadata of the disk. After you encrypt a disk with a customer-supplied key, you must provide the same key if you use the disk later. For example, to create a disk snapshot, to create a disk image, to create a machine image, or to attach the disk to a virtual machine. After you encrypt a disk with a customer-managed key, the diskEncryptionKey.kmsKeyName is set to a key *version* name once the disk is created. The disk is encrypted with this version of the key. In the response, diskEncryptionKey.kmsKeyName appears in the following format: \"diskEncryptionKey.kmsKeyName\": \"projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key /cryptoKeysVersions/version If you do not provide an encryption key when creating the disk, then the disk is encrypted using an automatically generated key and you don't need to provide a key to use the disk later."
-        },
-        "eraseWindowsVssSignature": {
-          "description": "Specifies whether the disk restored from a source snapshot should erase Windows specific VSS signature.",
-          "type": "boolean"
-        },
-        "guestOsFeatures": {
-          "description": "A list of features to enable on the guest operating system. Applicable only for bootable images. Read Enabling guest operating system features to see a list of available options.",
+        "destinationRanges": {
+          "description": "If destination ranges are specified, the firewall rule applies only to traffic that has destination IP address in these ranges. These ranges must be expressed in CIDR format. Both IPv4 and IPv6 are supported.",
           "items": {
-            "$ref": "GuestOsFeature"
+            "type": "string"
           },
           "type": "array"
         },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "interface": {
-          "description": "[Deprecated] Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI.",
+        "direction": {
+          "description": "Direction of traffic to which this firewall applies, either `INGRESS` or `EGRESS`. The default is `INGRESS`. For `EGRESS` traffic, you cannot specify the sourceTags fields.",
           "enum": [
-            "NVME",
-            "SCSI",
-            "UNSPECIFIED"
+            "EGRESS",
+            "INGRESS"
           ],
           "enumDescriptions": [
-            "",
-            "",
-            ""
+            "Indicates that firewall should apply to outgoing traffic.",
+            "Indicates that firewall should apply to incoming traffic."
           ],
           "type": "string"
         },
-        "kind": {
-          "default": "compute#disk",
-          "description": "[Output Only] Type of the resource. Always compute#disk for disks.",
-          "type": "string"
-        },
-        "labelFingerprint": {
-          "description": "A fingerprint for the labels being applied to this disk, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a disk.",
-          "format": "byte",
-          "type": "string"
-        },
-        "labels": {
-          "additionalProperties": {
-            "type": "string"
-          },
-          "description": "Labels to apply to this disk. These can be later modified by the setLabels method.",
-          "type": "object"
+        "disabled": {
+          "description": "Denotes whether the firewall rule is disabled. When set to true, the firewall rule is not enforced and the network behaves as if it did not exist. If this is unspecified, the firewall rule will be enabled.",
+          "type": "boolean"
         },
-        "lastAttachTimestamp": {
-          "description": "[Output Only] Last attach timestamp in RFC3339 text format.",
-          "type": "string"
+        "enableLogging": {
+          "deprecated": true,
+          "description": "Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.",
+          "type": "boolean"
         },
-        "lastDetachTimestamp": {
-          "description": "[Output Only] Last detach timestamp in RFC3339 text format.",
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
           "type": "string"
         },
-        "licenseCodes": {
-          "description": "Integer license codes indicating which licenses are attached to this disk.",
-          "items": {
-            "format": "int64",
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "licenses": {
-          "description": "A list of publicly visible licenses. Reserved for Google's use.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "locationHint": {
-          "description": "An opaque location hint used to place the disk close to other resources. This field is for use by internal tools that use the public API.",
+        "kind": {
+          "default": "compute#firewall",
+          "description": "[Output Only] Type of the resource. Always compute#firewall for firewall rules.",
           "type": "string"
         },
-        "locked": {
-          "description": "[Output Only] The field indicates if the disk is created from a locked source image. Attachment of a disk created from a locked source image will cause the following operations to become irreversibly prohibited: - R/W or R/O disk attachment to any other instance - Disk detachment. And the disk can only be deleted when the instance is deleted - Creation of images or snapshots - Disk cloning Furthermore, the instance with at least one disk with locked flag set to true will be prohibited from performing the operations below: - Further attachment of secondary disks. - Detachment of any disks - Create machine images - Create instance template - Delete the instance with --keep-disk parameter set to true for locked disks - Attach a locked disk with --auto-delete parameter set to false ",
-          "type": "boolean"
-        },
-        "multiWriter": {
-          "description": "Indicates whether or not the disk can be read/write attached to more than one instance.",
-          "type": "boolean"
+        "logConfig": {
+          "$ref": "FirewallLogConfig",
+          "description": "This field denotes the logging options for a particular firewall rule. If logging is enabled, logs will be exported to Cloud Logging."
         },
         "name": {
           "annotations": {
             "required": [
-              "compute.disks.insert"
+              "compute.firewalls.insert",
+              "compute.firewalls.patch"
             ]
           },
-          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.",
           "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
         },
-        "options": {
-          "description": "Internal use only.",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "DiskParams",
-          "description": "Input only. [Input Only] Additional params passed with the request, but not persisted as part of resource payload."
-        },
-        "physicalBlockSizeBytes": {
-          "description": "Physical block size of the persistent disk, in bytes. If not present in a request, a default value is used. The currently supported size is 4096, other sizes may be added in the future. If an unsupported value is requested, the error message will list the supported values for the caller's project.",
-          "format": "int64",
+        "network": {
+          "description": "URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default ",
           "type": "string"
         },
-        "provisionedIops": {
-          "description": "Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle. Values must be between 10,000 and 120,000. For more details, see the Extreme persistent disk documentation.",
-          "format": "int64",
-          "type": "string"
+        "priority": {
+          "description": "Priority for this rule. This is an integer between `0` and `65535`, both inclusive. The default value is `1000`. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority `0` has higher precedence than a rule with priority `1`. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of `65535`. To avoid conflicts with the implied rules, use a priority number less than `65535`.",
+          "format": "int32",
+          "type": "integer"
         },
-        "provisionedThroughput": {
-          "description": "Indicates how much throughput to provision for the disk. This sets the number of throughput mb per second that the disk can handle. Values must be between 1 and 7,124.",
-          "format": "int64",
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
           "type": "string"
         },
-        "region": {
-          "description": "[Output Only] URL of the region where the disk resides. Only applicable for regional resources. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
           "type": "string"
         },
-        "replicaZones": {
-          "description": "URLs of the zones where the disk should be replicated to. Only applicable for regional resources.",
+        "sourceRanges": {
+          "description": "If source ranges are specified, the firewall rule applies only to traffic that has a source IP address in these ranges. These ranges must be expressed in CIDR format. One or both of sourceRanges and sourceTags may be set. If both fields are set, the rule applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the rule to apply. Both IPv4 and IPv6 are supported.",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
-        "resourcePolicies": {
-          "description": "Resource policies applied to this disk for automatic snapshot creations.",
+        "sourceServiceAccounts": {
+          "description": "If source service accounts are specified, the firewall rules apply only to traffic originating from an instance with a service account in this list. Source service accounts cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not an IP address. sourceRanges can be set at the same time as sourceServiceAccounts. If both are set, the firewall applies to traffic that has a source IP address within the sourceRanges OR a source IP that belongs to an instance with service account listed in sourceServiceAccount. The connection does not need to match both fields for the firewall to apply. sourceServiceAccounts cannot be used at the same time as sourceTags or targetTags.",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
-        "resourceStatus": {
-          "$ref": "DiskResourceStatus",
-          "description": "[Output Only] Status information for the disk resource."
-        },
-        "satisfiesPzs": {
-          "description": "[Output Only] Reserved for future use.",
-          "type": "boolean"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined fully-qualified URL for this resource.",
-          "type": "string"
-        },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource's resource id.",
-          "type": "string"
-        },
-        "sizeGb": {
-          "description": "Size, in GB, of the persistent disk. You can specify this field when creating a persistent disk using the sourceImage, sourceSnapshot, or sourceDisk parameter, or specify it alone to create an empty persistent disk. If you specify this field along with a source, the value of sizeGb must not be less than the size of the source. Acceptable values are 1 to 65536, inclusive.",
-          "format": "int64",
-          "type": "string"
-        },
-        "sourceConsistencyGroupPolicy": {
-          "description": "[Output Only] URL of the DiskConsistencyGroupPolicy for a secondary disk that was created using a consistency group.",
-          "type": "string"
-        },
-        "sourceConsistencyGroupPolicyId": {
-          "description": "[Output Only] ID of the DiskConsistencyGroupPolicy for a secondary disk that was created using a consistency group.",
-          "type": "string"
-        },
-        "sourceDisk": {
-          "description": "The source disk used to create this disk. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - https://www.googleapis.com/compute/v1/projects/project/regions/region /disks/disk - projects/project/zones/zone/disks/disk - projects/project/regions/region/disks/disk - zones/zone/disks/disk - regions/region/disks/disk ",
-          "type": "string"
-        },
-        "sourceDiskId": {
-          "description": "[Output Only] The unique ID of the disk used to create this disk. This value identifies the exact disk that was used to create this persistent disk. For example, if you created the persistent disk from a disk that was later deleted and recreated under the same name, the source disk ID would identify the exact version of the disk that was used.",
-          "type": "string"
-        },
-        "sourceImage": {
-          "description": "The source image used to create this disk. If the source image is deleted, this field will not be set. To create a disk with one of the public operating system images, specify the image by its family name. For example, specify family/debian-9 to use the latest Debian 9 image: projects/debian-cloud/global/images/family/debian-9 Alternatively, use a specific version of a public operating system image: projects/debian-cloud/global/images/debian-9-stretch-vYYYYMMDD To create a disk with a custom image that you created, specify the image name in the following format: global/images/my-custom-image You can also specify a custom image by its image family, which returns the latest version of the image in that family. Replace the image name with family/family-name: global/images/family/my-image-family ",
-          "type": "string"
-        },
-        "sourceImageEncryptionKey": {
-          "$ref": "CustomerEncryptionKey",
-          "description": "The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key."
-        },
-        "sourceImageId": {
-          "description": "[Output Only] The ID value of the image used to create this disk. This value identifies the exact image that was used to create this persistent disk. For example, if you created the persistent disk from an image that was later deleted and recreated under the same name, the source image ID would identify the exact version of the image that was used.",
-          "type": "string"
-        },
-        "sourceInstantSnapshot": {
-          "description": "The source instant snapshot used to create this disk. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /instantSnapshots/instantSnapshot - projects/project/zones/zone/instantSnapshots/instantSnapshot - zones/zone/instantSnapshots/instantSnapshot ",
-          "type": "string"
-        },
-        "sourceInstantSnapshotId": {
-          "description": "[Output Only] The unique ID of the instant snapshot used to create this disk. This value identifies the exact instant snapshot that was used to create this persistent disk. For example, if you created the persistent disk from an instant snapshot that was later deleted and recreated under the same name, the source instant snapshot ID would identify the exact version of the instant snapshot that was used.",
-          "type": "string"
-        },
-        "sourceSnapshot": {
-          "description": "The source snapshot used to create this disk. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project /global/snapshots/snapshot - projects/project/global/snapshots/snapshot - global/snapshots/snapshot ",
-          "type": "string"
-        },
-        "sourceSnapshotEncryptionKey": {
-          "$ref": "CustomerEncryptionKey",
-          "description": "The customer-supplied encryption key of the source snapshot. Required if the source snapshot is protected by a customer-supplied encryption key."
-        },
-        "sourceSnapshotId": {
-          "description": "[Output Only] The unique ID of the snapshot used to create this disk. This value identifies the exact snapshot that was used to create this persistent disk. For example, if you created the persistent disk from a snapshot that was later deleted and recreated under the same name, the source snapshot ID would identify the exact version of the snapshot that was used.",
-          "type": "string"
-        },
-        "sourceStorageObject": {
-          "description": "The full Google Cloud Storage URI where the disk image is stored. This file must be a gzip-compressed tarball whose name ends in .tar.gz or virtual machine disk whose name ends in vmdk. Valid URIs may start with gs:// or https://storage.googleapis.com/. This flag is not optimized for creating multiple disks from a source storage object. To create many disks from a source storage object, use gcloud compute images import instead.",
-          "type": "string"
-        },
-        "status": {
-          "description": "[Output Only] The status of disk creation. - CREATING: Disk is provisioning. - RESTORING: Source data is being copied into the disk. - FAILED: Disk creation failed. - READY: Disk is ready for use. - DELETING: Disk is deleting. ",
-          "enum": [
-            "CREATING",
-            "DELETING",
-            "FAILED",
-            "READY",
-            "RESTORING"
-          ],
-          "enumDescriptions": [
-            "Disk is provisioning",
-            "Disk is deleting.",
-            "Disk creation failed.",
-            "Disk is ready for use.",
-            "Source data is being copied into the disk."
-          ],
-          "type": "string"
-        },
-        "storageType": {
-          "description": "[Deprecated] Storage type of the persistent disk.",
-          "enum": [
-            "HDD",
-            "SSD"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "type": {
-          "description": "URL of the disk type resource describing which disk type to use to create the disk. Provide this when creating the disk. For example: projects/project /zones/zone/diskTypes/pd-ssd . See Persistent disk types.",
-          "type": "string"
-        },
-        "userLicenses": {
-          "description": "A list of publicly visible user-licenses. Unlike regular licenses, user provided licenses can be modified after the disk is created. This includes a list of URLs to the license resource. For example, to provide a debian license: https://www.googleapis.com/compute/v1/projects/debian-cloud/global/licenses/debian-9-stretch ",
+        "sourceTags": {
+          "description": "If source tags are specified, the firewall rule applies only to traffic with source IPs that match the primary network interfaces of VM instances that have the tag and are in the same VPC network. Source tags cannot be used to control traffic to an instance's external IP address, it only applies to traffic between instances in the same virtual network. Because tags are associated with instances, not IP addresses. One or both of sourceRanges and sourceTags may be set. If both fields are set, the firewall applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the firewall to apply.",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
-        "users": {
-          "description": "[Output Only] Links to the users of the disk (attached instances) in form: projects/project/zones/zone/instances/instance",
+        "targetServiceAccounts": {
+          "description": "A list of service accounts indicating sets of instances located in the network that may make network connections as specified in allowed[]. targetServiceAccounts cannot be used at the same time as targetTags or sourceTags. If neither targetServiceAccounts nor targetTags are specified, the firewall rule applies to all instances on the specified network.",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
-        "zone": {
-          "description": "[Output Only] URL of the zone where the disk resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
-          "type": "string"
+        "targetTags": {
+          "description": "A list of tags that controls which instances the firewall rule applies to. If targetTags are specified, then the firewall rule applies only to instances in the VPC network that have one of those tags. If no targetTags are specified, the firewall rule applies to all instances on the specified network.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "DiskAggregatedList": {
-      "id": "DiskAggregatedList",
+    "FirewallList": {
+      "description": "Contains a list of firewalls.",
+      "id": "FirewallList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "additionalProperties": {
-            "$ref": "DisksScopedList",
-            "description": "[Output Only] Name of the scope containing this set of disks."
+          "description": "A list of Firewall resources.",
+          "items": {
+            "$ref": "Firewall"
           },
-          "description": "A list of DisksScopedList resources.",
-          "type": "object"
+          "type": "array"
         },
         "kind": {
-          "default": "compute#diskAggregatedList",
-          "description": "[Output Only] Type of resource. Always compute#diskAggregatedList for aggregated lists of persistent disks.",
+          "default": "compute#firewallList",
+          "description": "[Output Only] Type of resource. Always compute#firewallList for lists of firewalls.",
           "type": "string"
         },
         "nextPageToken": {
@@ -46030,13 +50543,6 @@
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
-        "unreachables": {
-          "description": "[Output Only] Unreachable resources.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -46053,6 +50559,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -46071,6 +50578,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -46082,6 +50619,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -46129,98 +50667,194 @@
       },
       "type": "object"
     },
-    "DiskAsyncReplication": {
-      "id": "DiskAsyncReplication",
+    "FirewallLogConfig": {
+      "description": "The available logging options for a firewall rule.",
+      "id": "FirewallLogConfig",
       "properties": {
-        "disk": {
-          "description": "The other disk asynchronously replicated to or from the current disk. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - projects/project/zones/zone/disks/disk - zones/zone/disks/disk ",
+        "enable": {
+          "description": "This field denotes whether to enable logging for a particular firewall rule.",
+          "type": "boolean"
+        },
+        "metadata": {
+          "description": "This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.",
+          "enum": [
+            "EXCLUDE_ALL_METADATA",
+            "INCLUDE_ALL_METADATA"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "FirewallPoliciesListAssociationsResponse": {
+      "id": "FirewallPoliciesListAssociationsResponse",
+      "properties": {
+        "associations": {
+          "description": "A list of associations.",
+          "items": {
+            "$ref": "FirewallPolicyAssociation"
+          },
+          "type": "array"
+        },
+        "kind": {
+          "default": "compute#firewallPoliciesListAssociationsResponse",
+          "description": "[Output Only] Type of firewallPolicy associations. Always compute#FirewallPoliciesListAssociations for lists of firewallPolicy associations.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "FirewallPolicy": {
+      "description": "Represents a Firewall Policy resource.",
+      "id": "FirewallPolicy",
+      "properties": {
+        "associations": {
+          "description": "A list of associations that belong to this firewall policy.",
+          "items": {
+            "$ref": "FirewallPolicyAssociation"
+          },
+          "type": "array"
+        },
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
+        },
+        "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
+          "type": "string"
+        },
+        "displayName": {
+          "deprecated": true,
+          "description": "Deprecated, please use short name instead. User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "fingerprint": {
+          "description": "Specifies a fingerprint for this resource, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make get() request to the firewall policy.",
+          "format": "byte",
+          "type": "string"
+        },
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "kind": {
+          "default": "compute#firewallPolicy",
+          "description": "[Output only] Type of the resource. Always compute#firewallPolicyfor firewall policies",
+          "type": "string"
+        },
+        "name": {
+          "description": "Name of the resource. For Organization Firewall Policies it's a [Output Only] numeric ID allocated by Google Cloud which uniquely identifies the Organization Firewall Policy.",
+          "type": "string"
+        },
+        "parent": {
+          "description": "[Output Only] The parent of the firewall policy. This field is not applicable to network firewall policies.",
+          "type": "string"
+        },
+        "region": {
+          "description": "[Output Only] URL of the region where the regional firewall policy resides. This field is not applicable to global firewall policies. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
+          "type": "string"
+        },
+        "ruleTupleCount": {
+          "description": "[Output Only] Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "rules": {
+          "description": "A list of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match \"*\"). If no rules are provided when creating a firewall policy, a default rule with action \"allow\" will be added.",
+          "items": {
+            "$ref": "FirewallPolicyRule"
+          },
+          "type": "array"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
           "type": "string"
         },
-        "diskId": {
-          "description": "[Output Only] The unique ID of the other disk asynchronously replicated to or from the current disk. This value identifies the exact disk that was used to create this replication. For example, if you started replicating the persistent disk from a disk that was later deleted and recreated under the same name, the disk ID would identify the exact version of the disk that was used.",
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "type": "string"
+        },
+        "shortName": {
+          "description": "User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "vpcNetworkScope": {
+          "description": "The scope of networks allowed to be associated with the firewall policy. This field can be either GLOBAL_VPC_NETWORK or REGIONAL_VPC_NETWORK. A firewall policy with the VPC scope set to GLOBAL_VPC_NETWORK is allowed to be attached only to global networks. When the VPC scope is set to REGIONAL_VPC_NETWORK the firewall policy is allowed to be attached only to regional networks in the same scope as the firewall policy. Note: if not specified then GLOBAL_VPC_NETWORK will be used.",
+          "enum": [
+            "GLOBAL_VPC_NETWORK",
+            "REGIONAL_VPC_NETWORK"
+          ],
+          "enumDescriptions": [
+            "The firewall policy is allowed to be attached only to global networks.",
+            "The firewall policy is allowed to be attached only to regional networks in the same scope as the firewall policy. This option is applicable only to regional firewall policies."
+          ],
           "type": "string"
         }
       },
       "type": "object"
     },
-    "DiskAsyncReplicationList": {
-      "id": "DiskAsyncReplicationList",
-      "properties": {
-        "asyncReplicationDisk": {
-          "$ref": "DiskAsyncReplication"
-        }
-      },
-      "type": "object"
-    },
-    "DiskInstantiationConfig": {
-      "description": "A specification of the desired way to instantiate a disk in the instance template when its created from a source instance.",
-      "id": "DiskInstantiationConfig",
+    "FirewallPolicyAssociation": {
+      "id": "FirewallPolicyAssociation",
       "properties": {
-        "autoDelete": {
-          "description": "Specifies whether the disk will be auto-deleted when the instance is deleted (but not when the disk is detached from the instance).",
-          "type": "boolean"
+        "attachmentTarget": {
+          "description": "The target that the firewall policy is attached to.",
+          "type": "string"
         },
-        "customImage": {
-          "description": "The custom source image to be used to restore this disk when instantiating this instance template.",
+        "displayName": {
+          "deprecated": true,
+          "description": "[Output Only] Deprecated, please use short name instead. The display name of the firewall policy of the association.",
           "type": "string"
         },
-        "deviceName": {
-          "description": "Specifies the device name of the disk to which the configurations apply to.",
+        "firewallPolicyId": {
+          "description": "[Output Only] The firewall policy ID of the association.",
           "type": "string"
         },
-        "instantiateFrom": {
-          "description": "Specifies whether to include the disk and what image to use. Possible values are: - source-image: to use the same image that was used to create the source instance's corresponding disk. Applicable to the boot disk and additional read-write disks. - source-image-family: to use the same image family that was used to create the source instance's corresponding disk. Applicable to the boot disk and additional read-write disks. - custom-image: to use a user-provided image url for disk creation. Applicable to the boot disk and additional read-write disks. - attach-read-only: to attach a read-only disk. Applicable to read-only disks. - do-not-include: to exclude a disk from the template. Applicable to additional read-write disks, local SSDs, and read-only disks. ",
-          "enum": [
-            "ATTACH_READ_ONLY",
-            "BLANK",
-            "CUSTOM_IMAGE",
-            "DEFAULT",
-            "DO_NOT_INCLUDE",
-            "SOURCE_IMAGE",
-            "SOURCE_IMAGE_FAMILY"
-          ],
-          "enumDescriptions": [
-            "Attach the existing disk in read-only mode. The request will fail if the disk was attached in read-write mode on the source instance. Applicable to: read-only disks.",
-            "Create a blank disk. The disk will be created unformatted. Applicable to: additional read-write disks, local SSDs.",
-            "Use the custom image specified in the custom_image field. Applicable to: boot disk, additional read-write disks.",
-            "Use the default instantiation option for the corresponding type of disk. For boot disk and any other R/W disks, new custom images will be created from each disk. For read-only disks, they will be attached in read-only mode. Local SSD disks will be created as blank volumes.",
-            "Do not include the disk in the instance template. Applicable to: additional read-write disks, local SSDs, read-only disks.",
-            "Use the same source image used for creation of the source instance's corresponding disk. The request will fail if the source VM's disk was created from a snapshot. Applicable to: boot disk, additional read-write disks.",
-            "Use the same source image family used for creation of the source instance's corresponding disk. The request will fail if the source image of the source disk does not belong to any image family. Applicable to: boot disk, additional read-write disks."
-          ],
+        "name": {
+          "description": "The name for an association.",
+          "type": "string"
+        },
+        "priority": {
+          "description": "An integer indicating the priority of an association. The priority must be a positive value between 1 and 2147483647. Firewall Policies are evaluated from highest to lowest priority where 1 is the highest priority and 2147483647 is the lowest priority. The default value is `1000`. If two associations have the same priority then lexicographical order on association names is applied.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "shortName": {
+          "description": "[Output Only] The short name of the firewall policy of the association.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "DiskList": {
-      "description": "A list of Disk resources.",
-      "id": "DiskList",
+    "FirewallPolicyList": {
+      "id": "FirewallPolicyList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of Disk resources.",
+          "description": "A list of FirewallPolicy resources.",
           "items": {
-            "$ref": "Disk"
+            "$ref": "FirewallPolicy"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#diskList",
-          "description": "[Output Only] Type of resource. Always compute#diskList for lists of disks.",
+          "default": "compute#firewallPolicyList",
+          "description": "[Output Only] Type of resource. Always compute#firewallPolicyList for listsof FirewallPolicies",
           "type": "string"
         },
         "nextPageToken": {
           "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
           "type": "string"
         },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
-          "type": "string"
-        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -46237,6 +50871,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -46255,6 +50890,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -46266,6 +50931,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -46313,94 +50979,309 @@
       },
       "type": "object"
     },
-    "DiskMoveRequest": {
-      "id": "DiskMoveRequest",
+    "FirewallPolicyRule": {
+      "description": "Represents a rule that describes one or more match conditions along with the action to be taken when traffic matches this condition (allow or deny).",
+      "id": "FirewallPolicyRule",
       "properties": {
-        "destinationZone": {
-          "description": "The URL of the destination zone to move the disk. This can be a full or partial URL. For example, the following are all valid URLs to a zone: - https://www.googleapis.com/compute/v1/projects/project/zones/zone - projects/project/zones/zone - zones/zone ",
+        "action": {
+          "description": "The Action to perform when the client connection triggers the rule. Valid actions are \"allow\", \"deny\" and \"goto_next\".",
           "type": "string"
         },
-        "targetDisk": {
-          "description": "The URL of the target disk to move. This can be a full or partial URL. For example, the following are all valid URLs to a disk: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - projects/project/zones/zone/disks/disk - zones/zone/disks/disk ",
+        "description": {
+          "description": "An optional description for this resource.",
+          "type": "string"
+        },
+        "direction": {
+          "description": "The direction in which this rule applies.",
+          "enum": [
+            "EGRESS",
+            "INGRESS"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "disabled": {
+          "description": "Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.",
+          "type": "boolean"
+        },
+        "enableLogging": {
+          "description": "Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on \"goto_next\" rules.",
+          "type": "boolean"
+        },
+        "kind": {
+          "default": "compute#firewallPolicyRule",
+          "description": "[Output only] Type of the resource. Always compute#firewallPolicyRule for firewall policy rules",
+          "type": "string"
+        },
+        "match": {
+          "$ref": "FirewallPolicyRuleMatcher",
+          "description": "A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced."
+        },
+        "priority": {
+          "description": "An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "ruleName": {
+          "description": "An optional name for the rule. This field is not a unique identifier and can be updated.",
+          "type": "string"
+        },
+        "ruleTupleCount": {
+          "description": "[Output Only] Calculation of the complexity of a single firewall policy rule.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "securityProfileGroup": {
+          "description": "A fully-qualified URL of a SecurityProfile resource instance. Example: https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group Must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions.",
           "type": "string"
+        },
+        "targetResources": {
+          "description": "A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "targetSecureTags": {
+          "description": "A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.",
+          "items": {
+            "$ref": "FirewallPolicyRuleSecureTag"
+          },
+          "type": "array"
+        },
+        "targetServiceAccounts": {
+          "description": "A list of service accounts indicating the sets of instances that are applied with this rule.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "tlsInspect": {
+          "description": "Boolean flag indicating if the traffic should be TLS decrypted. Can be set only if action = 'apply_security_profile_group' and cannot be set for other actions.",
+          "type": "boolean"
         }
       },
       "type": "object"
     },
-    "DiskParams": {
-      "description": "Additional disk params.",
-      "id": "DiskParams",
+    "FirewallPolicyRuleMatcher": {
+      "description": "Represents a match condition that incoming traffic is evaluated against. Exactly one field must be specified.",
+      "id": "FirewallPolicyRuleMatcher",
       "properties": {
-        "resourceManagerTags": {
-          "additionalProperties": {
+        "destAddressGroups": {
+          "description": "Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.",
+          "items": {
             "type": "string"
           },
-          "description": "Resource manager tags to be bound to the disk. Tag keys and values have the same definition as resource manager tags. Keys must be in the format `tagKeys/{tag_key_id}`, and values are in the format `tagValues/456`. The field is ignored (both PUT \u0026 PATCH) when empty.",
-          "type": "object"
+          "type": "array"
+        },
+        "destFqdns": {
+          "description": "Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "destIpRanges": {
+          "description": "CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "destRegionCodes": {
+          "description": "Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex.\"US\" Maximum number of dest region codes allowed is 5000.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "destThreatIntelligences": {
+          "description": "Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "layer4Configs": {
+          "description": "Pairs of IP protocols and ports that the rule should match.",
+          "items": {
+            "$ref": "FirewallPolicyRuleMatcherLayer4Config"
+          },
+          "type": "array"
+        },
+        "srcAddressGroups": {
+          "description": "Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "srcFqdns": {
+          "description": "Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "srcIpRanges": {
+          "description": "CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "srcRegionCodes": {
+          "description": "Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex.\"US\" Maximum number of source region codes allowed is 5000.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "srcSecureTags": {
+          "description": "List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256.",
+          "items": {
+            "$ref": "FirewallPolicyRuleSecureTag"
+          },
+          "type": "array"
+        },
+        "srcThreatIntelligences": {
+          "description": "Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "DiskResourceStatus": {
-      "id": "DiskResourceStatus",
+    "FirewallPolicyRuleMatcherLayer4Config": {
+      "id": "FirewallPolicyRuleMatcherLayer4Config",
       "properties": {
-        "asyncPrimaryDisk": {
-          "$ref": "DiskResourceStatusAsyncReplicationStatus"
+        "ipProtocol": {
+          "description": "The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.",
+          "type": "string"
         },
-        "asyncSecondaryDisks": {
-          "additionalProperties": {
-            "$ref": "DiskResourceStatusAsyncReplicationStatus"
+        "ports": {
+          "description": "An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: [\"22\"], [\"80\",\"443\"], and [\"12345-12349\"].",
+          "items": {
+            "type": "string"
           },
-          "description": "Key: disk, value: AsyncReplicationStatus message",
-          "type": "object"
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "DiskResourceStatusAsyncReplicationStatus": {
-      "id": "DiskResourceStatusAsyncReplicationStatus",
+    "FirewallPolicyRuleSecureTag": {
+      "id": "FirewallPolicyRuleSecureTag",
       "properties": {
+        "name": {
+          "description": "Name of the secure tag, created with TagManager's TagValue API.",
+          "pattern": "tagValues/[0-9]+",
+          "type": "string"
+        },
         "state": {
+          "description": "[Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.",
           "enum": [
-            "ACTIVE",
-            "CREATED",
-            "STARTING",
-            "STATE_UNSPECIFIED",
-            "STOPPED",
-            "STOPPING"
+            "EFFECTIVE",
+            "INEFFECTIVE"
           ],
           "enumDescriptions": [
-            "Replication is active.",
-            "Secondary disk is created and is waiting for replication to start.",
-            "Replication is starting.",
             "",
-            "Replication is stopped.",
-            "Replication is stopping."
+            ""
           ],
           "type": "string"
         }
       },
       "type": "object"
     },
-    "DiskType": {
-      "description": "Represents a Disk Type resource. Google Compute Engine has two Disk Type resources: * [Regional](/compute/docs/reference/rest/alpha/regionDiskTypes) * [Zonal](/compute/docs/reference/rest/alpha/diskTypes) You can choose from a variety of disk types based on your needs. For more information, read Storage options. The diskTypes resource represents disk types for a zonal persistent disk. For more information, read Zonal persistent disks. The regionDiskTypes resource represents disk types for a regional persistent disk. For more information, read Regional persistent disks.",
-      "id": "DiskType",
+    "FixedOrPercent": {
+      "description": "Encapsulates numeric value that can be either absolute or relative.",
+      "id": "FixedOrPercent",
       "properties": {
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+        "calculated": {
+          "description": "[Output Only] Absolute value of VM instances calculated based on the specific mode. - If the value is fixed, then the calculated value is equal to the fixed value. - If the value is a percent, then the calculated value is percent/100 * targetSize. For example, the calculated value of a 80% of a managed instance group with 150 instances would be (80/100 * 150) = 120 VM instances. If there is a remainder, the number is rounded. ",
+          "format": "int32",
+          "type": "integer"
+        },
+        "fixed": {
+          "description": "Specifies a fixed number of VM instances. This must be a positive integer.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "percent": {
+          "description": "Specifies a percentage of instances between 0 to 100%, inclusive. For example, specify 80 for 80%.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "ForwardingRule": {
+      "description": "Represents a Forwarding Rule resource. Forwarding rule resources in Google Cloud can be either regional or global in scope: * [Global](https://cloud.google.com/compute/docs/reference/rest/alpha/globalForwardingRules) * [Regional](https://cloud.google.com/compute/docs/reference/rest/alpha/forwardingRules) A forwarding rule and its corresponding IP address represent the frontend configuration of a Google Cloud Platform load balancer. Forwarding rules can also reference target instances and Cloud VPN Classic gateways (targetVpnGateway). For more information, read Forwarding rule concepts and Using protocol forwarding.",
+      "id": "ForwardingRule",
+      "properties": {
+        "IPAddress": {
+          "description": "IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances: - When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0. - When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule: * IP address number, as in `100.1.2.3` * IPv6 address range, as in `2600:1234::/96` * Full resource URL, as in https://www.googleapis.com/compute/v1/projects/ project_id/regions/region/addresses/address-name * Partial URL or by name, as in: - projects/project_id/regions/region/addresses/address-name - regions/region/addresses/address-name - global/addresses/address-name - address-name The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see [IP address specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). When reading an IPAddress, the API always returns the IP address number.",
           "type": "string"
         },
-        "defaultDiskSizeGb": {
-          "description": "[Output Only] Server-defined default disk size in GB.",
-          "format": "int64",
+        "IPProtocol": {
+          "description": "The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in [Load balancing features](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends).",
+          "enum": [
+            "AH",
+            "ALL",
+            "ESP",
+            "ICMP",
+            "L3_DEFAULT",
+            "SCTP",
+            "TCP",
+            "UDP"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            ""
+          ],
           "type": "string"
         },
-        "deprecated": {
-          "$ref": "DeprecationStatus",
-          "description": "[Output Only] The deprecation status associated with this disk type."
+        "allPorts": {
+          "description": "This field can only be used: - If IPProtocol is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding. Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive.",
+          "type": "boolean"
+        },
+        "allowGlobalAccess": {
+          "description": "This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If set to true, clients can access the Internal TCP/UDP Load Balancer, Internal HTTP(S) and TCP Proxy Load Balancer from all regions. If false, only allows access from the local region the load balancer is located at. Note that for INTERNAL_MANAGED forwarding rules, this field cannot be changed after the forwarding rule is created.",
+          "type": "boolean"
+        },
+        "allowPscGlobalAccess": {
+          "description": "This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.",
+          "type": "boolean"
+        },
+        "backendService": {
+          "description": "Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.",
+          "type": "string"
+        },
+        "baseForwardingRule": {
+          "description": "[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.",
+          "type": "string"
+        },
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
         },
         "description": {
-          "description": "[Output Only] An optional description of this resource.",
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
+          "type": "string"
+        },
+        "fingerprint": {
+          "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a ForwardingRule. Include the fingerprint in patch request to ensure that you do not overwrite changes that were applied from another concurrent request. To see the latest fingerprint, make a get() request to retrieve a ForwardingRule.",
+          "format": "byte",
           "type": "string"
         },
         "id": {
@@ -46408,18 +51289,140 @@
           "format": "uint64",
           "type": "string"
         },
-        "kind": {
-          "default": "compute#diskType",
-          "description": "[Output Only] Type of the resource. Always compute#diskType for disk types.",
+        "ipCollection": {
+          "description": "Resource reference of a PublicDelegatedPrefix. The PDP must be a sub-PDP in IPV6_FORWARDING_RULE_CREATION mode. Use one of the following formats to specify a sub-PDP when creating an IPv6 NetLB forwarding rule using BYOIP: Full resource URL, as in https://www.googleapis.com/compute/v1/projects/ project_id/regions/region/publicDelegatedPrefixes/sub-pdp-name Partial URL, as in: - projects/project_id/regions/region/publicDelegatedPrefixes/sub-pdp-name - regions/region/publicDelegatedPrefixes/sub-pdp-name ",
+          "type": "string"
+        },
+        "ipVersion": {
+          "description": "The IP Version that will be used by this forwarding rule. Valid options are IPV4 or IPV6.",
+          "enum": [
+            "IPV4",
+            "IPV6",
+            "UNSPECIFIED_VERSION"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "isMirroringCollector": {
+          "description": "Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.",
+          "type": "boolean"
+        },
+        "kind": {
+          "default": "compute#forwardingRule",
+          "description": "[Output Only] Type of the resource. Always compute#forwardingRule for Forwarding Rule resources.",
+          "type": "string"
+        },
+        "labelFingerprint": {
+          "description": "A fingerprint for the labels being applied to this resource, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a ForwardingRule.",
+          "format": "byte",
+          "type": "string"
+        },
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.",
+          "type": "object"
+        },
+        "loadBalancingScheme": {
+          "description": "Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts.",
+          "enum": [
+            "EXTERNAL",
+            "EXTERNAL_MANAGED",
+            "INTERNAL",
+            "INTERNAL_MANAGED",
+            "INTERNAL_SELF_MANAGED",
+            "INVALID"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            "",
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "metadataFilters": {
+          "description": "Opaque filter criteria used by load balancer to restrict routing configuration to a limited set of xDS compliant clients. In their xDS requests to load balancer, xDS clients present node metadata. When there is a match, the relevant configuration is made available to those proxies. Otherwise, all the resources (e.g. TargetHttpProxy, UrlMap) referenced by the ForwardingRule are not visible to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels provided in the metadata. If multiple metadataFilters are specified, all of them need to be satisfied in order to be considered a match. metadataFilters specified here will be applifed before those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED.",
+          "items": {
+            "$ref": "MetadataFilter"
+          },
+          "type": "array"
+        },
+        "name": {
+          "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "network": {
+          "description": "This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.",
+          "type": "string"
+        },
+        "networkTier": {
+          "description": "This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address.",
+          "enum": [
+            "FIXED_STANDARD",
+            "PREMIUM",
+            "SELECT",
+            "STANDARD",
+            "STANDARD_OVERRIDES_FIXED_STANDARD"
+          ],
+          "enumDescriptions": [
+            "Public internet quality with fixed bandwidth.",
+            "High quality, Google-grade network tier, support for all networking products.",
+            "Price competitive network tier, support for all networking products.",
+            "Public internet quality, only limited support for other networking products.",
+            "(Output only) Temporary tier for FIXED_STANDARD when fixed standard tier is expired or not configured."
+          ],
+          "type": "string"
+        },
+        "noAutomateDnsZone": {
+          "description": "This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. Once set, this field is not mutable.",
+          "type": "boolean"
+        },
+        "portRange": {
+          "description": "This field can only be used: - If IPProtocol is one of TCP, UDP, or SCTP. - By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. @pattern: \\\\d+(?:-\\\\d+)?",
+          "type": "string"
+        },
+        "ports": {
+          "description": "This field can only be used: - If IPProtocol is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal protocol forwarding. You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. The ports, port_range, and allPorts fields are mutually exclusive. @pattern: \\\\d+(?:-\\\\d+)?",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "pscConnectionId": {
+          "description": "[Output Only] The PSC connection id of the PSC Forwarding Rule.",
+          "format": "uint64",
           "type": "string"
         },
-        "name": {
-          "description": "[Output Only] Name of the resource.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+        "pscConnectionStatus": {
+          "enum": [
+            "ACCEPTED",
+            "CLOSED",
+            "NEEDS_ATTENTION",
+            "PENDING",
+            "REJECTED",
+            "STATUS_UNSPECIFIED"
+          ],
+          "enumDescriptions": [
+            "The connection has been accepted by the producer.",
+            "The connection has been closed by the producer and will not serve traffic going forward.",
+            "The connection has been accepted by the producer, but the producer needs to take further action before the forwarding rule can serve traffic.",
+            "The connection is pending acceptance by the producer.",
+            "The connection has been rejected by the producer.",
+            ""
+          ],
           "type": "string"
         },
         "region": {
-          "description": "[Output Only] URL of the region where the disk type resides. Only applicable for regional resources. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
+          "description": "[Output Only] URL of the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
           "type": "string"
         },
         "selfLink": {
@@ -46430,19 +51433,42 @@
           "description": "[Output Only] Server-defined URL for this resource with the resource id.",
           "type": "string"
         },
-        "validDiskSize": {
-          "description": "[Output Only] An optional textual description of the valid disk size, such as \"10GB-10TB\".",
+        "serviceDirectoryRegistrations": {
+          "description": "Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource.",
+          "items": {
+            "$ref": "ForwardingRuleServiceDirectoryRegistration"
+          },
+          "type": "array"
+        },
+        "serviceLabel": {
+          "description": "An optional prefix to the service name for this Forwarding Rule. If specified, the prefix is the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for internal load balancing.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
         },
-        "zone": {
-          "description": "[Output Only] URL of the zone where the disk type resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
+        "serviceName": {
+          "description": "[Output Only] The internal fully qualified service name for this Forwarding Rule. This field is only used for internal load balancing.",
+          "type": "string"
+        },
+        "sourceIpRanges": {
+          "description": "If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each source_ip_range entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "subnetwork": {
+          "description": "This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.",
+          "type": "string"
+        },
+        "target": {
+          "description": "The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object. - For load balancers, see the \"Target\" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). - For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle: - vpc-sc - APIs that support VPC Service Controls. - all-apis - All supported Google APIs. - For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment. The target is not mutable once set as a service attachment. ",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "DiskTypeAggregatedList": {
-      "id": "DiskTypeAggregatedList",
+    "ForwardingRuleAggregatedList": {
+      "id": "ForwardingRuleAggregatedList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
@@ -46450,15 +51476,15 @@
         },
         "items": {
           "additionalProperties": {
-            "$ref": "DiskTypesScopedList",
-            "description": "[Output Only] Name of the scope containing this set of disk types."
+            "$ref": "ForwardingRulesScopedList",
+            "description": "Name of the scope containing this set of addresses."
           },
-          "description": "A list of DiskTypesScopedList resources.",
+          "description": "A list of ForwardingRulesScopedList resources.",
           "type": "object"
         },
         "kind": {
-          "default": "compute#diskTypeAggregatedList",
-          "description": "[Output Only] Type of resource. Always compute#diskTypeAggregatedList.",
+          "default": "compute#forwardingRuleAggregatedList",
+          "description": "[Output Only] Type of resource. Always compute#forwardingRuleAggregatedList for lists of forwarding rules.",
           "type": "string"
         },
         "nextPageToken": {
@@ -46492,6 +51518,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -46510,6 +51537,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -46521,6 +51578,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -46568,24 +51626,24 @@
       },
       "type": "object"
     },
-    "DiskTypeList": {
-      "description": "Contains a list of disk types.",
-      "id": "DiskTypeList",
+    "ForwardingRuleList": {
+      "description": "Contains a list of ForwardingRule resources.",
+      "id": "ForwardingRuleList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of DiskType resources.",
+          "description": "A list of ForwardingRule resources.",
           "items": {
-            "$ref": "DiskType"
+            "$ref": "ForwardingRule"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#diskTypeList",
-          "description": "[Output Only] Type of resource. Always compute#diskTypeList for disk types.",
+          "default": "compute#forwardingRuleList",
+          "description": "Type of resource.",
           "type": "string"
         },
         "nextPageToken": {
@@ -46612,6 +51670,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -46630,246 +51689,35 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "DiskTypesScopedList": {
-      "id": "DiskTypesScopedList",
-      "properties": {
-        "diskTypes": {
-          "description": "[Output Only] A list of disk types contained in this scope.",
-          "items": {
-            "$ref": "DiskType"
-          },
-          "type": "array"
-        },
-        "warning": {
-          "description": "[Output Only] Informational warning which replaces the list of disk types when the list is empty.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
-              ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "DisksAddResourcePoliciesRequest": {
-      "id": "DisksAddResourcePoliciesRequest",
-      "properties": {
-        "resourcePolicies": {
-          "description": "Full or relative path to the resource policy to be added to this disk. You can only specify one resource policy.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "DisksRemoveResourcePoliciesRequest": {
-      "id": "DisksRemoveResourcePoliciesRequest",
-      "properties": {
-        "resourcePolicies": {
-          "description": "Resource policies to be removed from this disk.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "DisksResizeRequest": {
-      "id": "DisksResizeRequest",
-      "properties": {
-        "sizeGb": {
-          "description": "The new size of the persistent disk, which is specified in GB.",
-          "format": "int64",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "DisksScopedList": {
-      "id": "DisksScopedList",
-      "properties": {
-        "disks": {
-          "description": "[Output Only] A list of disks contained in this scope.",
-          "items": {
-            "$ref": "Disk"
-          },
-          "type": "array"
-        },
-        "warning": {
-          "description": "[Output Only] Informational warning which replaces the list of disks when the list is empty.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
               ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
@@ -46882,6 +51730,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -46929,198 +51778,46 @@
       },
       "type": "object"
     },
-    "DisksStartAsyncReplicationRequest": {
-      "id": "DisksStartAsyncReplicationRequest",
-      "properties": {
-        "asyncSecondaryDisk": {
-          "description": "The secondary disk to start asynchronous replication to. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - https://www.googleapis.com/compute/v1/projects/project/regions/region /disks/disk - projects/project/zones/zone/disks/disk - projects/project/regions/region/disks/disk - zones/zone/disks/disk - regions/region/disks/disk ",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "DisksStopAsyncReplicationRequest": {
-      "id": "DisksStopAsyncReplicationRequest",
-      "properties": {
-        "asyncSecondaryDisk": {
-          "description": "[Deprecated] The secondary disk to stop asynchronous replication to. This field will not be included in the beta or v1 APIs and will be removed from the alpha API in the near future.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "DisksStopGroupAsyncReplicationResource": {
-      "description": "A transient resource used in compute.disks.stopGroupAsyncReplication and compute.regionDisks.stopGroupAsyncReplication. It is only used to process requests and is not persisted.",
-      "id": "DisksStopGroupAsyncReplicationResource",
-      "properties": {
-        "resourcePolicy": {
-          "description": "The URL of the DiskConsistencyGroupPolicy for the group of disks to stop. This may be a full or partial URL, such as: - https://www.googleapis.com/compute/v1/projects/project/regions/region /resourcePolicies/resourcePolicy - projects/project/regions/region/resourcePolicies/resourcePolicy - regions/region/resourcePolicies/resourcePolicy ",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "DisplayDevice": {
-      "description": "A set of Display Device options",
-      "id": "DisplayDevice",
-      "properties": {
-        "enableDisplay": {
-          "description": "Defines whether the instance has Display enabled.",
-          "type": "boolean"
-        }
-      },
-      "type": "object"
-    },
-    "DistributionPolicy": {
-      "id": "DistributionPolicy",
-      "properties": {
-        "targetShape": {
-          "description": "The distribution shape to which the group converges either proactively or on resize events (depending on the value set in updatePolicy.instanceRedistributionType).",
-          "enum": [
-            "ANY",
-            "ANY_SINGLE_ZONE",
-            "BALANCED",
-            "EVEN"
-          ],
-          "enumDescriptions": [
-            "The group picks zones for creating VM instances to fulfill the requested number of VMs within present resource constraints and to maximize utilization of unused zonal reservations. Recommended for batch workloads that do not require high availability.",
-            "The group creates all VM instances within a single zone. The zone is selected based on the present resource constraints and to maximize utilization of unused zonal reservations. Recommended for batch workloads with heavy interprocess communication.",
-            "The group prioritizes acquisition of resources, scheduling VMs in zones where resources are available while distributing VMs as evenly as possible across selected zones to minimize the impact of zonal failure. Recommended for highly available serving workloads.",
-            "The group schedules VM instance creation and deletion to achieve and maintain an even number of managed instances across the selected zones. The distribution is even when the number of managed instances does not differ by more than 1 between any two zones. Recommended for highly available serving workloads."
-          ],
-          "type": "string"
-        },
-        "zones": {
-          "description": "Zones where the regional managed instance group will create and manage its instances.",
-          "items": {
-            "$ref": "DistributionPolicyZoneConfiguration"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "DistributionPolicyZoneConfiguration": {
-      "id": "DistributionPolicyZoneConfiguration",
-      "properties": {
-        "zone": {
-          "annotations": {
-            "required": [
-              "compute.regionInstanceGroupManagers.insert",
-              "compute.regionInstanceGroupManagers.update"
-            ]
-          },
-          "description": "The URL of the zone. The zone must exist in the region where the managed instance group is located.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "Duration": {
-      "description": "A Duration represents a fixed-length span of time represented as a count of seconds and fractions of seconds at nanosecond resolution. It is independent of any calendar and concepts like \"day\" or \"month\". Range is approximately 10,000 years.",
-      "id": "Duration",
-      "properties": {
-        "nanos": {
-          "description": "Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 `seconds` field and a positive `nanos` field. Must be from 0 to 999,999,999 inclusive.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "seconds": {
-          "description": "Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years",
-          "format": "int64",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "ErrorInfo": {
-      "description": "Describes the cause of the error with structured details. Example of an error when contacting the \"pubsub.googleapis.com\" API when it is not enabled: { \"reason\": \"API_DISABLED\" \"domain\": \"googleapis.com\" \"metadata\": { \"resource\": \"projects/123\", \"service\": \"pubsub.googleapis.com\" } } This response indicates that the pubsub.googleapis.com API is not enabled. Example of an error that is returned when attempting to create a Spanner instance in a region that is out of stock: { \"reason\": \"STOCKOUT\" \"domain\": \"spanner.googleapis.com\", \"metadata\": { \"availableRegions\": \"us-central1,us-east2\" } }",
-      "id": "ErrorInfo",
+    "ForwardingRuleReference": {
+      "id": "ForwardingRuleReference",
       "properties": {
-        "domain": {
-          "description": "The logical grouping to which the \"reason\" belongs. The error domain is typically the registered service name of the tool or product that generates the error. Example: \"pubsub.googleapis.com\". If the error is generated by some common infrastructure, the error domain must be a globally unique value that identifies the infrastructure. For Google API infrastructure, the error domain is \"googleapis.com\".",
-          "type": "string"
-        },
-        "metadatas": {
-          "additionalProperties": {
-            "type": "string"
-          },
-          "description": "Additional structured details about this error. Keys should match /[a-zA-Z0-9-_]/ and be limited to 64 characters in length. When identifying the current value of an exceeded limit, the units should be contained in the key, not the value. For example, rather than {\"instanceLimit\": \"100/request\"}, should be returned as, {\"instanceLimitPerRequest\": \"100\"}, if the client exceeds the number of instances that can be created in a single (batch) request.",
-          "type": "object"
-        },
-        "reason": {
-          "description": "The reason of the error. This is a constant value that identifies the proximate cause of the error. Error reasons are unique within a particular domain of errors. This should be at most 63 characters and match a regular expression of `A-Z+[A-Z0-9]`, which represents UPPER_SNAKE_CASE.",
+        "forwardingRule": {
           "type": "string"
         }
       },
       "type": "object"
     },
-    "ExchangedPeeringRoute": {
-      "id": "ExchangedPeeringRoute",
+    "ForwardingRuleServiceDirectoryRegistration": {
+      "description": "Describes the auto-registration of the Forwarding Rule to Service Directory. The region and project of the Service Directory resource generated from this registration will be the same as this Forwarding Rule.",
+      "id": "ForwardingRuleServiceDirectoryRegistration",
       "properties": {
-        "destRange": {
-          "description": "The destination range of the route.",
+        "namespace": {
+          "description": "Service Directory namespace to register the forwarding rule under.",
           "type": "string"
         },
-        "imported": {
-          "description": "True if the peering route has been imported from a peer. The actual import happens if the field networkPeering.importCustomRoutes is true for this network, and networkPeering.exportCustomRoutes is true for the peer network, and the import does not result in a route conflict.",
-          "type": "boolean"
-        },
-        "nextHopRegion": {
-          "description": "The region of peering route next hop, only applies to dynamic routes.",
+        "service": {
+          "description": "Service Directory service to register the forwarding rule under.",
           "type": "string"
         },
-        "priority": {
-          "description": "The priority of the peering route.",
-          "format": "uint32",
-          "type": "integer"
-        },
-        "type": {
-          "description": "The type of the peering route.",
-          "enum": [
-            "DYNAMIC_PEERING_ROUTE",
-            "STATIC_PEERING_ROUTE",
-            "SUBNET_PEERING_ROUTE"
-          ],
-          "enumDescriptions": [
-            "For routes exported from local network.",
-            "The peering route.",
-            "The peering route corresponding to subnetwork range."
-          ],
+        "serviceDirectoryRegion": {
+          "description": "[Optional] Service Directory region to register this global forwarding rule under. Default to \"us-central1\". Only used for PSC for Google APIs. All PSC for Google APIs Forwarding Rules on the same network should use the same Service Directory region.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "ExchangedPeeringRoutesList": {
-      "id": "ExchangedPeeringRoutesList",
+    "ForwardingRulesScopedList": {
+      "id": "ForwardingRulesScopedList",
       "properties": {
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
-          "type": "string"
-        },
-        "items": {
-          "description": "A list of ExchangedPeeringRoute resources.",
+        "forwardingRules": {
+          "description": "A list of forwarding rules contained in this scope.",
           "items": {
-            "$ref": "ExchangedPeeringRoute"
+            "$ref": "ForwardingRule"
           },
           "type": "array"
         },
-        "kind": {
-          "default": "compute#exchangedPeeringRoutesList",
-          "description": "[Output Only] Type of resource. Always compute#exchangedPeeringRoutesList for exchanged peering routes lists.",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
-          "type": "string"
-        },
         "warning": {
-          "description": "[Output Only] Informational warning message.",
+          "description": "Informational warning which replaces the list of forwarding rules when the list is empty.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -47135,6 +51832,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -47153,6 +51851,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -47164,6 +51892,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -47211,124 +51940,302 @@
       },
       "type": "object"
     },
-    "Expr": {
-      "description": "Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: \"Summary size limit\" description: \"Determines if a summary is less than 100 chars\" expression: \"document.summary.size() \u003c 100\" Example (Equality): title: \"Requestor is owner\" description: \"Determines if requestor is the document owner\" expression: \"document.owner == request.auth.claims.email\" Example (Logic): title: \"Public documents\" description: \"Determine whether the document should be publicly visible\" expression: \"document.type != 'private' \u0026\u0026 document.type != 'internal'\" Example (Data Manipulation): title: \"Notification string\" description: \"Create a notification string with a timestamp.\" expression: \"'New message received at ' + string(document.create_time)\" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.",
-      "id": "Expr",
+    "FutureReservation": {
+      "id": "FutureReservation",
       "properties": {
+        "autoCreatedReservationsDeleteTime": {
+          "description": "Future timestamp when the FR auto-created reservations will be deleted by GCE. Format of this field must be a valid href=\"https://www.ietf.org/rfc/rfc3339.txt\"\u003eRFC3339 value.",
+          "type": "string"
+        },
+        "autoCreatedReservationsDuration": {
+          "$ref": "Duration",
+          "description": "Specifies the duration of auto-created reservations. It represents relative time to future reservation start_time when auto-created reservations will be automatically deleted by GCE. Duration time unit is represented as a count of seconds and fractions of seconds at nanosecond resolution."
+        },
+        "autoDeleteAutoCreatedReservations": {
+          "description": "Setting for enabling or disabling automatic deletion for auto-created reservation. If omitted or set to true, auto-created reservations will be deleted at Future Reservation's end time (default) or at user's defined timestamp if any of the [auto_created_reservations_delete_time, auto_created_reservations_duration] values is specified. For keeping auto-created reservation indefinitely, this value should be set to false.",
+          "type": "boolean"
+        },
+        "creationTimestamp": {
+          "description": "[Output Only] The creation timestamp for this future reservation in RFC3339 text format.",
+          "type": "string"
+        },
         "description": {
-          "description": "Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.",
+          "description": "An optional description of this resource. Provide this property when you create the future reservation.",
           "type": "string"
         },
-        "expression": {
-          "description": "Textual representation of an expression in Common Expression Language syntax.",
+        "id": {
+          "description": "[Output Only] A unique identifier for this future reservation. The server defines this identifier.",
+          "format": "uint64",
           "type": "string"
         },
-        "location": {
-          "description": "Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.",
+        "kind": {
+          "default": "compute#futureReservation",
+          "description": "[Output Only] Type of the resource. Always compute#futureReservation for future reservations.",
           "type": "string"
         },
-        "title": {
-          "description": "Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.",
+        "name": {
+          "annotations": {
+            "required": [
+              "compute.instances.insert"
+            ]
+          },
+          "description": "The name of the resource, provided by the client when initially creating the resource. The resource name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "namePrefix": {
+          "description": "Name prefix for the reservations to be created at the time of delivery. The name prefix must comply with RFC1035. Maximum allowed length for name prefix is 20. Automatically created reservations name format will be -date-####.",
+          "type": "string"
+        },
+        "planningStatus": {
+          "description": "Planning state before being submitted for evaluation",
+          "enum": [
+            "DRAFT",
+            "PLANNING_STATUS_UNSPECIFIED",
+            "SUBMITTED"
+          ],
+          "enumDescriptions": [
+            "Future Reservation is being drafted.",
+            "",
+            "Future Reservation has been submitted for evaluation by GCP."
+          ],
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined fully-qualified URL for this resource.",
+          "type": "string"
+        },
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "type": "string"
+        },
+        "shareSettings": {
+          "$ref": "ShareSettings",
+          "description": "List of Projects/Folders to share with."
+        },
+        "specificSkuProperties": {
+          "$ref": "FutureReservationSpecificSKUProperties",
+          "description": "Future Reservation configuration to indicate instance properties and total count."
+        },
+        "status": {
+          "$ref": "FutureReservationStatus",
+          "description": "[Output only] Status of the Future Reservation"
+        },
+        "timeWindow": {
+          "$ref": "FutureReservationTimeWindow",
+          "description": "Time window for this Future Reservation."
+        },
+        "zone": {
+          "description": "[Output Only] URL of the Zone where this future reservation resides.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "ExternalVpnGateway": {
-      "description": "Represents an external VPN gateway. External VPN gateway is the on-premises VPN gateway(s) or another cloud provider's VPN gateway that connects to your Google Cloud VPN gateway. To create a highly available VPN from Google Cloud Platform to your VPN gateway or another cloud provider's VPN gateway, you must create a external VPN gateway resource with information about the other gateway. For more information about using external VPN gateways, see Creating an HA VPN gateway and tunnel pair to a peer VPN.",
-      "id": "ExternalVpnGateway",
+    "FutureReservationSpecificSKUProperties": {
+      "id": "FutureReservationSpecificSKUProperties",
       "properties": {
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
-          "type": "string"
+        "instanceProperties": {
+          "$ref": "AllocationSpecificSKUAllocationReservedInstanceProperties",
+          "description": "Properties of the SKU instances being reserved."
         },
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
+        "sourceInstanceTemplate": {
+          "description": "The instance template that will be used to populate the ReservedInstanceProperties of the future reservation",
           "type": "string"
         },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
+        "totalCount": {
+          "description": "Total number of instances for which capacity assurance is requested at a future time period.",
+          "format": "int64",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "FutureReservationStatus": {
+      "description": "[Output only] Represents status related to the future reservation.",
+      "id": "FutureReservationStatus",
+      "properties": {
+        "amendmentStatus": {
+          "description": "[Output Only] The current status of the requested amendment.",
+          "enum": [
+            "AMENDMENT_APPROVED",
+            "AMENDMENT_DECLINED",
+            "AMENDMENT_IN_REVIEW",
+            "AMENDMENT_STATUS_UNSPECIFIED"
+          ],
+          "enumDescriptions": [
+            "The requested amendment to the Future Resevation has been approved and applied by GCP.",
+            "The requested amendment to the Future Reservation has been declined by GCP and the original state was restored.",
+            "The requested amendment to the Future Reservation is currently being reviewd by GCP.",
+            ""
+          ],
           "type": "string"
         },
-        "interfaces": {
-          "description": "A list of interfaces for this external VPN gateway. If your peer-side gateway is an on-premises gateway and non-AWS cloud providers' gateway, at most two interfaces can be provided for an external VPN gateway. If your peer side is an AWS virtual private gateway, four interfaces should be provided for an external VPN gateway.",
+        "autoCreatedReservations": {
+          "description": "Fully qualified urls of the automatically created reservations at start_time.",
           "items": {
-            "$ref": "ExternalVpnGatewayInterface"
+            "type": "string"
           },
           "type": "array"
         },
-        "kind": {
-          "default": "compute#externalVpnGateway",
-          "description": "[Output Only] Type of the resource. Always compute#externalVpnGateway for externalVpnGateways.",
+        "fulfilledCount": {
+          "description": "This count indicates the fulfilled capacity so far. This is set during \"PROVISIONING\" state. This count also includes capacity delivered as part of existing matching reservations.",
+          "format": "int64",
           "type": "string"
         },
-        "labelFingerprint": {
-          "description": "A fingerprint for the labels being applied to this ExternalVpnGateway, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve an ExternalVpnGateway.",
-          "format": "byte",
+        "lastKnownGoodState": {
+          "$ref": "FutureReservationStatusLastKnownGoodState",
+          "description": "[Output Only] This field represents the future reservation before an amendment was requested. If the amendment is declined, the Future Reservation will be reverted to the last known good state. The last known good state is not set when updating a future reservation whose Procurement Status is DRAFTING."
+        },
+        "lockTime": {
+          "description": "Time when Future Reservation would become LOCKED, after which no modifications to Future Reservation will be allowed. Applicable only after the Future Reservation is in the APPROVED state. The lock_time is an RFC3339 string. The procurement_status will transition to PROCURING state at this time.",
           "type": "string"
         },
-        "labels": {
-          "additionalProperties": {
-            "type": "string"
-          },
-          "description": "Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.",
-          "type": "object"
+        "procurementStatus": {
+          "description": "Current state of this Future Reservation",
+          "enum": [
+            "APPROVED",
+            "CANCELLED",
+            "COMMITTED",
+            "DECLINED",
+            "DRAFTING",
+            "FAILED",
+            "FAILED_PARTIALLY_FULFILLED",
+            "FULFILLED",
+            "PENDING_AMENDMENT_APPROVAL",
+            "PENDING_APPROVAL",
+            "PROCUREMENT_STATUS_UNSPECIFIED",
+            "PROCURING",
+            "PROVISIONING"
+          ],
+          "enumDescriptions": [
+            "Future reservation is approved by GCP.",
+            "Future reservation is cancelled by the customer.",
+            "Future reservation is committed by the customer.",
+            "Future reservation is rejected by GCP.",
+            "Related status for PlanningStatus.Draft. Transitions to PENDING_APPROVAL upon user submitting FR.",
+            "Future reservation failed. No additional reservations were provided.",
+            "Future reservation is partially fulfilled. Additional reservations were provided but did not reach total_count reserved instance slots.",
+            "Future reservation is fulfilled completely.",
+            "An Amendment to the Future Reservation has been requested. If the Amendment is declined, the Future Reservation will be restored to the last known good state.",
+            "Future reservation is pending approval by GCP.",
+            "",
+            "Future reservation is being procured by GCP. Beyond this point, Future reservation is locked and no further modifications are allowed.",
+            "Future reservation capacity is being provisioned. This state will be entered after start_time, while reservations are being created to provide total_count reserved instance slots. This state will not persist past start_time + 24h."
+          ],
+          "type": "string"
         },
-        "name": {
-          "annotations": {
-            "required": [
-              "compute.externalVpnGateways.insert"
-            ]
-          },
-          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+        "specificSkuProperties": {
+          "$ref": "FutureReservationStatusSpecificSKUProperties"
+        }
+      },
+      "type": "object"
+    },
+    "FutureReservationStatusLastKnownGoodState": {
+      "description": "The state that the future reservation will be reverted to should the amendment be declined.",
+      "id": "FutureReservationStatusLastKnownGoodState",
+      "properties": {
+        "description": {
+          "description": "[Output Only] The description of the FutureReservation before an amendment was requested.",
           "type": "string"
         },
-        "redundancyType": {
-          "description": "Indicates the user-supplied redundancy type of this external VPN gateway.",
+        "futureReservationSpecs": {
+          "$ref": "FutureReservationStatusLastKnownGoodStateFutureReservationSpecs"
+        },
+        "lockTime": {
+          "description": "[Output Only] The lock time of the FutureReservation before an amendment was requested.",
+          "type": "string"
+        },
+        "namePrefix": {
+          "description": "[Output Only] The name prefix of the Future Reservation before an amendment was requested.",
+          "type": "string"
+        },
+        "procurementStatus": {
+          "description": "[Output Only] The status of the last known good state for the Future Reservation.",
           "enum": [
-            "FOUR_IPS_REDUNDANCY",
-            "SINGLE_IP_INTERNALLY_REDUNDANT",
-            "TWO_IPS_REDUNDANCY"
+            "APPROVED",
+            "CANCELLED",
+            "COMMITTED",
+            "DECLINED",
+            "DRAFTING",
+            "FAILED",
+            "FAILED_PARTIALLY_FULFILLED",
+            "FULFILLED",
+            "PENDING_AMENDMENT_APPROVAL",
+            "PENDING_APPROVAL",
+            "PROCUREMENT_STATUS_UNSPECIFIED",
+            "PROCURING",
+            "PROVISIONING"
           ],
           "enumDescriptions": [
-            "The external VPN gateway has four public IP addresses; at the time of writing this API, the AWS virtual private gateway is an example which has four public IP addresses for high availability connections; there should be two VPN connections in the AWS virtual private gateway , each AWS VPN connection has two public IP addresses; please make sure to put two public IP addresses from one AWS VPN connection into interfaces 0 and 1 of this external VPN gateway, and put the other two public IP addresses from another AWS VPN connection into interfaces 2 and 3 of this external VPN gateway. When displaying highly available configuration status for the VPN tunnels connected to FOUR_IPS_REDUNDANCY external VPN gateway, Google will always detect whether interfaces 0 and 1 are connected on one interface of HA Cloud VPN gateway, and detect whether interfaces 2 and 3 are connected to another interface of the HA Cloud VPN gateway.",
-            "The external VPN gateway has only one public IP address which internally provide redundancy or failover.",
-            "The external VPN gateway has two public IP addresses which are redundant with each other, the following two types of setup on your on-premises side would have this type of redundancy: (1) Two separate on-premises gateways, each with one public IP address, the two on-premises gateways are redundant with each other. (2) A single on-premise gateway with two public IP addresses that are redundant with eatch other."
+            "Future reservation is approved by GCP.",
+            "Future reservation is cancelled by the customer.",
+            "Future reservation is committed by the customer.",
+            "Future reservation is rejected by GCP.",
+            "Related status for PlanningStatus.Draft. Transitions to PENDING_APPROVAL upon user submitting FR.",
+            "Future reservation failed. No additional reservations were provided.",
+            "Future reservation is partially fulfilled. Additional reservations were provided but did not reach total_count reserved instance slots.",
+            "Future reservation is fulfilled completely.",
+            "An Amendment to the Future Reservation has been requested. If the Amendment is declined, the Future Reservation will be restored to the last known good state.",
+            "Future reservation is pending approval by GCP.",
+            "",
+            "Future reservation is being procured by GCP. Beyond this point, Future reservation is locked and no further modifications are allowed.",
+            "Future reservation capacity is being provisioned. This state will be entered after start_time, while reservations are being created to provide total_count reserved instance slots. This state will not persist past start_time + 24h."
           ],
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "FutureReservationStatusLastKnownGoodStateFutureReservationSpecs": {
+      "description": "The properties of the last known good state for the Future Reservation.",
+      "id": "FutureReservationStatusLastKnownGoodStateFutureReservationSpecs",
+      "properties": {
+        "shareSettings": {
+          "$ref": "ShareSettings",
+          "description": "[Output Only] The previous share settings of the Future Reservation."
         },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
+        "specificSkuProperties": {
+          "$ref": "FutureReservationSpecificSKUProperties",
+          "description": "[Output Only] The previous instance related properties of the Future Reservation."
+        },
+        "timeWindow": {
+          "$ref": "FutureReservationTimeWindow",
+          "description": "[Output Only] The previous time window of the Future Reservation."
+        }
+      },
+      "type": "object"
+    },
+    "FutureReservationStatusSpecificSKUProperties": {
+      "description": "Properties to be set for the Future Reservation.",
+      "id": "FutureReservationStatusSpecificSKUProperties",
+      "properties": {
+        "sourceInstanceTemplateId": {
+          "description": "ID of the instance template used to populate the Future Reservation properties.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "ExternalVpnGatewayInterface": {
-      "description": "The interface for the external VPN gateway.",
-      "id": "ExternalVpnGatewayInterface",
+    "FutureReservationTimeWindow": {
+      "id": "FutureReservationTimeWindow",
       "properties": {
-        "id": {
-          "description": "The numeric ID of this interface. The allowed input values for this id for different redundancy types of external VPN gateway: - SINGLE_IP_INTERNALLY_REDUNDANT - 0 - TWO_IPS_REDUNDANCY - 0, 1 - FOUR_IPS_REDUNDANCY - 0, 1, 2, 3 ",
-          "format": "uint32",
-          "type": "integer"
+        "duration": {
+          "$ref": "Duration"
         },
-        "ipAddress": {
-          "description": "IP address of the interface in the external VPN gateway. Only IPv4 is supported. This IP address can be either from your on-premise gateway or another Cloud provider's VPN gateway, it cannot be an IP address from Google Compute Engine.",
+        "endTime": {
           "type": "string"
         },
-        "ipv6Address": {
-          "description": "IPv6 address of the interface in the external VPN gateway. This IPv6 address can be either from your on-premise gateway or another Cloud provider's VPN gateway, it cannot be an IP address from Google Compute Engine. Must specify an IPv6 address (not IPV4-mapped) using any format described in RFC 4291 (e.g. 2001:db8:0:0:2d9:51:0:0). The output format is RFC 5952 format (e.g. 2001:db8::2d9:51:0:0).",
+        "startTime": {
+          "description": "Start time of the Future Reservation. The start_time is an RFC3339 string.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "ExternalVpnGatewayList": {
-      "description": "Response to the list request, and contains a list of externalVpnGateways.",
-      "id": "ExternalVpnGatewayList",
+    "FutureReservationsAggregatedListResponse": {
+      "description": "Contains a list of future reservations.",
+      "id": "FutureReservationsAggregatedListResponse",
       "properties": {
         "etag": {
           "type": "string"
@@ -47338,15 +52245,16 @@
           "type": "string"
         },
         "items": {
-          "description": "A list of ExternalVpnGateway resources.",
-          "items": {
-            "$ref": "ExternalVpnGateway"
+          "additionalProperties": {
+            "$ref": "FutureReservationsScopedList",
+            "description": "Name of the scope containing this set of future reservations."
           },
-          "type": "array"
+          "description": "A list of Future reservation resources.",
+          "type": "object"
         },
         "kind": {
-          "default": "compute#externalVpnGatewayList",
-          "description": "[Output Only] Type of resource. Always compute#externalVpnGatewayList for lists of externalVpnGateways.",
+          "default": "compute#futureReservationsAggregatedListResponse",
+          "description": "[Output Only] Type of resource. Always compute#futureReservationsAggregatedListResponse for future resevation aggregated list response.",
           "type": "string"
         },
         "nextPageToken": {
@@ -47357,6 +52265,13 @@
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -47373,6 +52288,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -47391,6 +52307,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -47402,6 +52348,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -47415,242 +52362,60 @@
                 "The user attempted to use a resource that requires a TOS they have not accepted.",
                 "Warning that a resource is in use.",
                 "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "FileContentBuffer": {
-      "id": "FileContentBuffer",
-      "properties": {
-        "content": {
-          "description": "The raw content in the secure keys file.",
-          "format": "byte",
-          "type": "string"
-        },
-        "fileType": {
-          "description": "The file type of source file.",
-          "enum": [
-            "BIN",
-            "UNDEFINED",
-            "X509"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "Firewall": {
-      "description": "Represents a Firewall Rule resource. Firewall rules allow or deny ingress traffic to, and egress traffic from your instances. For more information, read Firewall rules.",
-      "id": "Firewall",
-      "properties": {
-        "allowed": {
-          "description": "The list of ALLOW rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.",
-          "items": {
-            "properties": {
-              "IPProtocol": {
-                "description": "The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.",
-                "type": "string"
-              },
-              "ports": {
-                "description": "An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: [\"22\"], [\"80\",\"443\"], and [\"12345-12349\"].",
-                "items": {
-                  "type": "string"
-                },
-                "type": "array"
-              }
-            },
-            "type": "object"
-          },
-          "type": "array"
-        },
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
-          "type": "string"
-        },
-        "denied": {
-          "description": "The list of DENY rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a denied connection.",
-          "items": {
-            "properties": {
-              "IPProtocol": {
-                "description": "The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.",
-                "type": "string"
-              },
-              "ports": {
-                "description": "An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: [\"22\"], [\"80\",\"443\"], and [\"12345-12349\"].",
-                "items": {
-                  "type": "string"
-                },
-                "type": "array"
-              }
-            },
-            "type": "object"
-          },
-          "type": "array"
-        },
-        "description": {
-          "description": "An optional description of this resource. Provide this field when you create the resource.",
-          "type": "string"
-        },
-        "destinationRanges": {
-          "description": "If destination ranges are specified, the firewall rule applies only to traffic that has destination IP address in these ranges. These ranges must be expressed in CIDR format. Both IPv4 and IPv6 are supported.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "direction": {
-          "description": "Direction of traffic to which this firewall applies, either `INGRESS` or `EGRESS`. The default is `INGRESS`. For `EGRESS` traffic, you cannot specify the sourceTags fields.",
-          "enum": [
-            "EGRESS",
-            "INGRESS"
-          ],
-          "enumDescriptions": [
-            "Indicates that firewall should apply to outgoing traffic.",
-            "Indicates that firewall should apply to incoming traffic."
-          ],
-          "type": "string"
-        },
-        "disabled": {
-          "description": "Denotes whether the firewall rule is disabled. When set to true, the firewall rule is not enforced and the network behaves as if it did not exist. If this is unspecified, the firewall rule will be enabled.",
-          "type": "boolean"
-        },
-        "enableLogging": {
-          "description": "Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.",
-          "type": "boolean"
-        },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "kind": {
-          "default": "compute#firewall",
-          "description": "[Output Only] Type of the resource. Always compute#firewall for firewall rules.",
-          "type": "string"
-        },
-        "logConfig": {
-          "$ref": "FirewallLogConfig",
-          "description": "This field denotes the logging options for a particular firewall rule. If logging is enabled, logs will be exported to Cloud Logging."
-        },
-        "name": {
-          "annotations": {
-            "required": [
-              "compute.firewalls.insert",
-              "compute.firewalls.patch"
-            ]
-          },
-          "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "network": {
-          "description": "URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default ",
-          "type": "string"
-        },
-        "priority": {
-          "description": "Priority for this rule. This is an integer between `0` and `65535`, both inclusive. The default value is `1000`. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority `0` has higher precedence than a rule with priority `1`. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of `65535`. To avoid conflicts with the implied rules, use a priority number less than `65535`.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
-          "type": "string"
-        },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
-          "type": "string"
-        },
-        "sourceRanges": {
-          "description": "If source ranges are specified, the firewall rule applies only to traffic that has a source IP address in these ranges. These ranges must be expressed in CIDR format. One or both of sourceRanges and sourceTags may be set. If both fields are set, the rule applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the rule to apply. Both IPv4 and IPv6 are supported.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "sourceServiceAccounts": {
-          "description": "If source service accounts are specified, the firewall rules apply only to traffic originating from an instance with a service account in this list. Source service accounts cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not an IP address. sourceRanges can be set at the same time as sourceServiceAccounts. If both are set, the firewall applies to traffic that has a source IP address within the sourceRanges OR a source IP that belongs to an instance with service account listed in sourceServiceAccount. The connection does not need to match both fields for the firewall to apply. sourceServiceAccounts cannot be used at the same time as sourceTags or targetTags.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "sourceTags": {
-          "description": "If source tags are specified, the firewall rule applies only to traffic with source IPs that match the primary network interfaces of VM instances that have the tag and are in the same VPC network. Source tags cannot be used to control traffic to an instance's external IP address, it only applies to traffic between instances in the same virtual network. Because tags are associated with instances, not IP addresses. One or both of sourceRanges and sourceTags may be set. If both fields are set, the firewall applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the firewall to apply.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "targetServiceAccounts": {
-          "description": "A list of service accounts indicating sets of instances located in the network that may make network connections as specified in allowed[]. targetServiceAccounts cannot be used at the same time as targetTags or sourceTags. If neither targetServiceAccounts nor targetTags are specified, the firewall rule applies to all instances on the specified network.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "targetTags": {
-          "description": "A list of tags that controls which instances the firewall rule applies to. If targetTags are specified, then the firewall rule applies only to instances in the VPC network that have one of those tags. If no targetTags are specified, the firewall rule applies to all instances on the specified network.",
-          "items": {
-            "type": "string"
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
           },
-          "type": "array"
+          "type": "object"
         }
       },
       "type": "object"
     },
-    "FirewallList": {
-      "description": "Contains a list of firewalls.",
-      "id": "FirewallList",
+    "FutureReservationsListResponse": {
+      "id": "FutureReservationsListResponse",
       "properties": {
+        "etag": {
+          "type": "string"
+        },
         "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of Firewall resources.",
+          "description": "[Output Only] A list of future reservation resources.",
           "items": {
-            "$ref": "Firewall"
+            "$ref": "FutureReservation"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#firewallList",
-          "description": "[Output Only] Type of resource. Always compute#firewallList for lists of firewalls.",
+          "default": "compute#futureReservationsListResponse",
+          "description": "[Output Only] Type of resource.Always compute#FutureReservationsListResponse for lists of reservations",
           "type": "string"
         },
         "nextPageToken": {
@@ -47661,6 +52426,13 @@
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -47677,6 +52449,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -47695,6 +52468,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -47706,6 +52509,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -47753,75 +52557,643 @@
       },
       "type": "object"
     },
-    "FirewallLogConfig": {
-      "description": "The available logging options for a firewall rule.",
-      "id": "FirewallLogConfig",
+    "FutureReservationsScopedList": {
+      "id": "FutureReservationsScopedList",
       "properties": {
-        "enable": {
-          "description": "This field denotes whether to enable logging for a particular firewall rule.",
-          "type": "boolean"
+        "futureReservations": {
+          "description": "A list of future reservations contained in this scope.",
+          "items": {
+            "$ref": "FutureReservation"
+          },
+          "type": "array"
+        },
+        "warning": {
+          "description": "Informational warning which replaces the list of future reservations when the list is empty.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "GRPCHealthCheck": {
+      "id": "GRPCHealthCheck",
+      "properties": {
+        "grpcServiceName": {
+          "description": "The gRPC service name for the health check. This field is optional. The value of grpc_service_name has the following meanings by convention: - Empty service_name means the overall status of all services at the backend. - Non-empty service_name means the health of that gRPC service, as defined by the owner of the service. The grpc_service_name can only be ASCII.",
+          "type": "string"
+        },
+        "port": {
+          "description": "The TCP port number to which the health check prober sends packets. Valid values are 1 through 65535.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "portName": {
+          "description": "Not supported.",
+          "type": "string"
+        },
+        "portSpecification": {
+          "description": "Specifies how a port is selected for health checking. Can be one of the following values: USE_FIXED_PORT: Specifies a port number explicitly using the port field in the health check. Supported by backend services for pass-through load balancers and backend services for proxy load balancers. Not supported by target pools. The health check supports all backends supported by the backend service provided the backend can be health checked. For example, GCE_VM_IP network endpoint groups, GCE_VM_IP_PORT network endpoint groups, and instance group backends. USE_NAMED_PORT: Not supported. USE_SERVING_PORT: Provides an indirect method of specifying the health check port by referring to the backend service. Only supported by backend services for proxy load balancers. Not supported by target pools. Not supported by backend services for pass-through load balancers. Supports all backends that can be health checked; for example, GCE_VM_IP_PORT network endpoint groups and instance group backends. For GCE_VM_IP_PORT network endpoint group backends, the health check uses the port number specified for each endpoint in the network endpoint group. For instance group backends, the health check uses the port number determined by looking up the backend service's named port in the instance group's list of named ports.",
+          "enum": [
+            "USE_FIXED_PORT",
+            "USE_NAMED_PORT",
+            "USE_SERVING_PORT"
+          ],
+          "enumDescriptions": [
+            "The port number in the health check's port is used for health checking. Applies to network endpoint group and instance group backends.",
+            "Not supported.",
+            "For network endpoint group backends, the health check uses the port number specified on each endpoint in the network endpoint group. For instance group backends, the health check uses the port number specified for the backend service's named port defined in the instance group's named ports."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "GetOwnerInstanceResponse": {
+      "id": "GetOwnerInstanceResponse",
+      "properties": {
+        "instance": {
+          "description": "Full instance resource URL.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "GlobalAddressesMoveRequest": {
+      "id": "GlobalAddressesMoveRequest",
+      "properties": {
+        "description": {
+          "description": "An optional destination address description if intended to be different from the source.",
+          "type": "string"
+        },
+        "destinationAddress": {
+          "description": "The URL of the destination address to move to. This can be a full or partial URL. For example, the following are all valid URLs to a address: - https://www.googleapis.com/compute/v1/projects/project /global/addresses/address - projects/project/global/addresses/address Note that destination project must be different from the source project. So /global/addresses/address is not valid partial url.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "GlobalNetworkEndpointGroupsAttachEndpointsRequest": {
+      "id": "GlobalNetworkEndpointGroupsAttachEndpointsRequest",
+      "properties": {
+        "networkEndpoints": {
+          "description": "The list of network endpoints to be attached.",
+          "items": {
+            "$ref": "NetworkEndpoint"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "GlobalNetworkEndpointGroupsDetachEndpointsRequest": {
+      "id": "GlobalNetworkEndpointGroupsDetachEndpointsRequest",
+      "properties": {
+        "networkEndpoints": {
+          "description": "The list of network endpoints to be detached.",
+          "items": {
+            "$ref": "NetworkEndpoint"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "GlobalOrganizationSetPolicyRequest": {
+      "id": "GlobalOrganizationSetPolicyRequest",
+      "properties": {
+        "bindings": {
+          "description": "Flatten Policy to create a backward compatible wire-format. Deprecated. Use 'policy' to specify bindings.",
+          "items": {
+            "$ref": "Binding"
+          },
+          "type": "array"
+        },
+        "etag": {
+          "description": "Flatten Policy to create a backward compatible wire-format. Deprecated. Use 'policy' to specify the etag.",
+          "format": "byte",
+          "type": "string"
+        },
+        "policy": {
+          "$ref": "Policy",
+          "description": "REQUIRED: The complete policy to be applied to the 'resource'. The size of the policy is limited to a few 10s of KB. An empty policy is in general a valid policy but certain services (like Projects) might reject them."
+        }
+      },
+      "type": "object"
+    },
+    "GlobalSetLabelsRequest": {
+      "id": "GlobalSetLabelsRequest",
+      "properties": {
+        "labelFingerprint": {
+          "description": "The fingerprint of the previous set of labels for this resource, used to detect conflicts. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash when updating or changing labels, otherwise the request will fail with error 412 conditionNotMet. Make a get() request to the resource to get the latest fingerprint.",
+          "format": "byte",
+          "type": "string"
+        },
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "A list of labels to apply for this resource. Each label must comply with the requirements for labels. For example, \"webserver-frontend\": \"images\". A label value can also be empty (e.g. \"my-label\": \"\").",
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "GlobalSetPolicyRequest": {
+      "id": "GlobalSetPolicyRequest",
+      "properties": {
+        "bindings": {
+          "description": "Flatten Policy to create a backward compatible wire-format. Deprecated. Use 'policy' to specify bindings.",
+          "items": {
+            "$ref": "Binding"
+          },
+          "type": "array"
+        },
+        "etag": {
+          "description": "Flatten Policy to create a backward compatible wire-format. Deprecated. Use 'policy' to specify the etag.",
+          "format": "byte",
+          "type": "string"
+        },
+        "policy": {
+          "$ref": "Policy",
+          "description": "REQUIRED: The complete policy to be applied to the 'resource'. The size of the policy is limited to a few 10s of KB. An empty policy is in general a valid policy but certain services (like Projects) might reject them."
+        }
+      },
+      "type": "object"
+    },
+    "GrpcServiceConfig": {
+      "description": "[Deprecated] gRPC config to access the SDS server. gRPC config to access the SDS server.",
+      "id": "GrpcServiceConfig",
+      "properties": {
+        "callCredentials": {
+          "$ref": "CallCredentials",
+          "description": "The call credentials to access the SDS server."
+        },
+        "channelCredentials": {
+          "$ref": "ChannelCredentials",
+          "description": "The channel credentials to access the SDS server."
+        },
+        "targetUri": {
+          "description": "The target URI of the SDS server.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "GuestAttributes": {
+      "description": "A guest attributes entry.",
+      "id": "GuestAttributes",
+      "properties": {
+        "kind": {
+          "default": "compute#guestAttributes",
+          "description": "[Output Only] Type of the resource. Always compute#guestAttributes for guest attributes entry.",
+          "type": "string"
+        },
+        "queryPath": {
+          "description": "The path to be queried. This can be the default namespace ('') or a nested namespace ('\\/') or a specified key ('\\/\\').",
+          "type": "string"
+        },
+        "queryValue": {
+          "$ref": "GuestAttributesValue",
+          "description": "[Output Only] The value of the requested queried path."
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
+        "variableKey": {
+          "description": "The key to search for.",
+          "type": "string"
+        },
+        "variableValue": {
+          "description": "[Output Only] The value found for the requested key.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "GuestAttributesEntry": {
+      "description": "A guest attributes namespace/key/value entry.",
+      "id": "GuestAttributesEntry",
+      "properties": {
+        "key": {
+          "description": "Key for the guest attribute entry.",
+          "type": "string"
+        },
+        "namespace": {
+          "description": "Namespace for the guest attribute entry.",
+          "type": "string"
+        },
+        "value": {
+          "description": "Value for the guest attribute entry.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "GuestAttributesValue": {
+      "description": "Array of guest attribute namespace/key/value tuples.",
+      "id": "GuestAttributesValue",
+      "properties": {
+        "items": {
+          "items": {
+            "$ref": "GuestAttributesEntry"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "GuestOsFeature": {
+      "description": "Guest OS features.",
+      "id": "GuestOsFeature",
+      "properties": {
+        "type": {
+          "description": "The ID of a supported feature. To add multiple values, use commas to separate values. Set to one or more of the following values: - VIRTIO_SCSI_MULTIQUEUE - WINDOWS - MULTI_IP_SUBNET - UEFI_COMPATIBLE - GVNIC - SEV_CAPABLE - SUSPEND_RESUME_COMPATIBLE - SEV_LIVE_MIGRATABLE - SEV_SNP_CAPABLE For more information, see Enabling guest operating system features.",
+          "enum": [
+            "BARE_METAL_LINUX_COMPATIBLE",
+            "FEATURE_TYPE_UNSPECIFIED",
+            "GVNIC",
+            "IDPF",
+            "MULTI_IP_SUBNET",
+            "SECURE_BOOT",
+            "SEV_CAPABLE",
+            "SEV_LIVE_MIGRATABLE",
+            "SEV_SNP_CAPABLE",
+            "TDX_CAPABLE",
+            "UEFI_COMPATIBLE",
+            "VIRTIO_SCSI_MULTIQUEUE",
+            "WINDOWS"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "HTTP2HealthCheck": {
+      "id": "HTTP2HealthCheck",
+      "properties": {
+        "host": {
+          "description": "The value of the host header in the HTTP/2 health check request. If left empty (default value), the host header is set to the destination IP address to which health check packets are sent. The destination IP address depends on the type of load balancer. For details, see: https://cloud.google.com/load-balancing/docs/health-check-concepts#hc-packet-dest",
+          "type": "string"
+        },
+        "port": {
+          "description": "The TCP port number to which the health check prober sends packets. The default value is 443. Valid values are 1 through 65535.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "portName": {
+          "description": "Not supported.",
+          "type": "string"
+        },
+        "portSpecification": {
+          "description": "Specifies how a port is selected for health checking. Can be one of the following values: USE_FIXED_PORT: Specifies a port number explicitly using the port field in the health check. Supported by backend services for pass-through load balancers and backend services for proxy load balancers. Not supported by target pools. The health check supports all backends supported by the backend service provided the backend can be health checked. For example, GCE_VM_IP network endpoint groups, GCE_VM_IP_PORT network endpoint groups, and instance group backends. USE_NAMED_PORT: Not supported. USE_SERVING_PORT: Provides an indirect method of specifying the health check port by referring to the backend service. Only supported by backend services for proxy load balancers. Not supported by target pools. Not supported by backend services for pass-through load balancers. Supports all backends that can be health checked; for example, GCE_VM_IP_PORT network endpoint groups and instance group backends. For GCE_VM_IP_PORT network endpoint group backends, the health check uses the port number specified for each endpoint in the network endpoint group. For instance group backends, the health check uses the port number determined by looking up the backend service's named port in the instance group's list of named ports.",
+          "enum": [
+            "USE_FIXED_PORT",
+            "USE_NAMED_PORT",
+            "USE_SERVING_PORT"
+          ],
+          "enumDescriptions": [
+            "The port number in the health check's port is used for health checking. Applies to network endpoint group and instance group backends.",
+            "Not supported.",
+            "For network endpoint group backends, the health check uses the port number specified on each endpoint in the network endpoint group. For instance group backends, the health check uses the port number specified for the backend service's named port defined in the instance group's named ports."
+          ],
+          "type": "string"
+        },
+        "proxyHeader": {
+          "description": "Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. The default is NONE.",
+          "enum": [
+            "NONE",
+            "PROXY_V1"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "requestPath": {
+          "description": "The request path of the HTTP/2 health check request. The default value is /.",
+          "type": "string"
+        },
+        "response": {
+          "description": "Creates a content-based HTTP/2 health check. In addition to the required HTTP 200 (OK) status code, you can configure the health check to pass only when the backend sends this specific ASCII response string within the first 1024 bytes of the HTTP response body. For details, see: https://cloud.google.com/load-balancing/docs/health-check-concepts#criteria-protocol-http",
+          "type": "string"
+        },
+        "weightReportMode": {
+          "description": "Weight report mode. used for weighted Load Balancing.",
+          "enum": [
+            "DISABLE",
+            "DRY_RUN",
+            "ENABLE"
+          ],
+          "enumDescriptions": [
+            "Health Checker will not parse the header field.",
+            "Health Checker will parse and report the weight in the header field, but load balancing will not be based on the weights and will use equal weights.",
+            "Health Checker will try to parse and report the weight in the header field, and load balancing will be based on the weights as long as all backends have a valid weight or only a subset of backends has the UNAVAILABLE_WEIGHT WeightError. The latter case is to continue the weighted load balancing while some backends are in TIMEOUT or UNKNOWN health status."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "HTTPHealthCheck": {
+      "id": "HTTPHealthCheck",
+      "properties": {
+        "host": {
+          "description": "The value of the host header in the HTTP health check request. If left empty (default value), the host header is set to the destination IP address to which health check packets are sent. The destination IP address depends on the type of load balancer. For details, see: https://cloud.google.com/load-balancing/docs/health-check-concepts#hc-packet-dest",
+          "type": "string"
+        },
+        "port": {
+          "description": "The TCP port number to which the health check prober sends packets. The default value is 80. Valid values are 1 through 65535.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "portName": {
+          "description": "Not supported.",
+          "type": "string"
         },
-        "metadata": {
-          "description": "This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.",
+        "portSpecification": {
+          "description": "Specifies how a port is selected for health checking. Can be one of the following values: USE_FIXED_PORT: Specifies a port number explicitly using the port field in the health check. Supported by backend services for pass-through load balancers and backend services for proxy load balancers. Also supported in legacy HTTP health checks for target pools. The health check supports all backends supported by the backend service provided the backend can be health checked. For example, GCE_VM_IP network endpoint groups, GCE_VM_IP_PORT network endpoint groups, and instance group backends. USE_NAMED_PORT: Not supported. USE_SERVING_PORT: Provides an indirect method of specifying the health check port by referring to the backend service. Only supported by backend services for proxy load balancers. Not supported by target pools. Not supported by backend services for pass-through load balancers. Supports all backends that can be health checked; for example, GCE_VM_IP_PORT network endpoint groups and instance group backends. For GCE_VM_IP_PORT network endpoint group backends, the health check uses the port number specified for each endpoint in the network endpoint group. For instance group backends, the health check uses the port number determined by looking up the backend service's named port in the instance group's list of named ports.",
           "enum": [
-            "EXCLUDE_ALL_METADATA",
-            "INCLUDE_ALL_METADATA"
+            "USE_FIXED_PORT",
+            "USE_NAMED_PORT",
+            "USE_SERVING_PORT"
+          ],
+          "enumDescriptions": [
+            "The port number in the health check's port is used for health checking. Applies to network endpoint group and instance group backends.",
+            "Not supported.",
+            "For network endpoint group backends, the health check uses the port number specified on each endpoint in the network endpoint group. For instance group backends, the health check uses the port number specified for the backend service's named port defined in the instance group's named ports."
+          ],
+          "type": "string"
+        },
+        "proxyHeader": {
+          "description": "Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. The default is NONE.",
+          "enum": [
+            "NONE",
+            "PROXY_V1"
           ],
           "enumDescriptions": [
             "",
             ""
           ],
           "type": "string"
+        },
+        "requestPath": {
+          "description": "The request path of the HTTP health check request. The default value is /.",
+          "type": "string"
+        },
+        "response": {
+          "description": "Creates a content-based HTTP health check. In addition to the required HTTP 200 (OK) status code, you can configure the health check to pass only when the backend sends this specific ASCII response string within the first 1024 bytes of the HTTP response body. For details, see: https://cloud.google.com/load-balancing/docs/health-check-concepts#criteria-protocol-http",
+          "type": "string"
+        },
+        "weightReportMode": {
+          "description": "Weight report mode. used for weighted Load Balancing.",
+          "enum": [
+            "DISABLE",
+            "DRY_RUN",
+            "ENABLE"
+          ],
+          "enumDescriptions": [
+            "Health Checker will not parse the header field.",
+            "Health Checker will parse and report the weight in the header field, but load balancing will not be based on the weights and will use equal weights.",
+            "Health Checker will try to parse and report the weight in the header field, and load balancing will be based on the weights as long as all backends have a valid weight or only a subset of backends has the UNAVAILABLE_WEIGHT WeightError. The latter case is to continue the weighted load balancing while some backends are in TIMEOUT or UNKNOWN health status."
+          ],
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "FirewallPoliciesListAssociationsResponse": {
-      "id": "FirewallPoliciesListAssociationsResponse",
+    "HTTPSHealthCheck": {
+      "id": "HTTPSHealthCheck",
       "properties": {
-        "associations": {
-          "description": "A list of associations.",
-          "items": {
-            "$ref": "FirewallPolicyAssociation"
-          },
-          "type": "array"
+        "host": {
+          "description": "The value of the host header in the HTTPS health check request. If left empty (default value), the host header is set to the destination IP address to which health check packets are sent. The destination IP address depends on the type of load balancer. For details, see: https://cloud.google.com/load-balancing/docs/health-check-concepts#hc-packet-dest",
+          "type": "string"
         },
-        "kind": {
-          "default": "compute#firewallPoliciesListAssociationsResponse",
-          "description": "[Output Only] Type of firewallPolicy associations. Always compute#FirewallPoliciesListAssociations for lists of firewallPolicy associations.",
+        "port": {
+          "description": "The TCP port number to which the health check prober sends packets. The default value is 443. Valid values are 1 through 65535.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "portName": {
+          "description": "Not supported.",
+          "type": "string"
+        },
+        "portSpecification": {
+          "description": "Specifies how a port is selected for health checking. Can be one of the following values: USE_FIXED_PORT: Specifies a port number explicitly using the port field in the health check. Supported by backend services for pass-through load balancers and backend services for proxy load balancers. Not supported by target pools. The health check supports all backends supported by the backend service provided the backend can be health checked. For example, GCE_VM_IP network endpoint groups, GCE_VM_IP_PORT network endpoint groups, and instance group backends. USE_NAMED_PORT: Not supported. USE_SERVING_PORT: Provides an indirect method of specifying the health check port by referring to the backend service. Only supported by backend services for proxy load balancers. Not supported by target pools. Not supported by backend services for pass-through load balancers. Supports all backends that can be health checked; for example, GCE_VM_IP_PORT network endpoint groups and instance group backends. For GCE_VM_IP_PORT network endpoint group backends, the health check uses the port number specified for each endpoint in the network endpoint group. For instance group backends, the health check uses the port number determined by looking up the backend service's named port in the instance group's list of named ports.",
+          "enum": [
+            "USE_FIXED_PORT",
+            "USE_NAMED_PORT",
+            "USE_SERVING_PORT"
+          ],
+          "enumDescriptions": [
+            "The port number in the health check's port is used for health checking. Applies to network endpoint group and instance group backends.",
+            "Not supported.",
+            "For network endpoint group backends, the health check uses the port number specified on each endpoint in the network endpoint group. For instance group backends, the health check uses the port number specified for the backend service's named port defined in the instance group's named ports."
+          ],
+          "type": "string"
+        },
+        "proxyHeader": {
+          "description": "Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. The default is NONE.",
+          "enum": [
+            "NONE",
+            "PROXY_V1"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "requestPath": {
+          "description": "The request path of the HTTPS health check request. The default value is /.",
+          "type": "string"
+        },
+        "response": {
+          "description": "Creates a content-based HTTPS health check. In addition to the required HTTP 200 (OK) status code, you can configure the health check to pass only when the backend sends this specific ASCII response string within the first 1024 bytes of the HTTP response body. For details, see: https://cloud.google.com/load-balancing/docs/health-check-concepts#criteria-protocol-http",
+          "type": "string"
+        },
+        "weightReportMode": {
+          "description": "Weight report mode. used for weighted Load Balancing.",
+          "enum": [
+            "DISABLE",
+            "DRY_RUN",
+            "ENABLE"
+          ],
+          "enumDescriptions": [
+            "Health Checker will not parse the header field.",
+            "Health Checker will parse and report the weight in the header field, but load balancing will not be based on the weights and will use equal weights.",
+            "Health Checker will try to parse and report the weight in the header field, and load balancing will be based on the weights as long as all backends have a valid weight or only a subset of backends has the UNAVAILABLE_WEIGHT WeightError. The latter case is to continue the weighted load balancing while some backends are in TIMEOUT or UNKNOWN health status."
+          ],
           "type": "string"
         }
       },
       "type": "object"
     },
-    "FirewallPolicy": {
-      "description": "Represents a Firewall Policy resource.",
-      "id": "FirewallPolicy",
+    "HealthCheck": {
+      "description": "Represents a Health Check resource. Google Compute Engine has two Health Check resources: * [Global](/compute/docs/reference/rest/alpha/healthChecks) * [Regional](/compute/docs/reference/rest/alpha/regionHealthChecks) Internal HTTP(S) load balancers must use regional health checks (`compute.v1.regionHealthChecks`). Traffic Director must use global health checks (`compute.v1.healthChecks`). Internal TCP/UDP load balancers can use either regional or global health checks (`compute.v1.regionHealthChecks` or `compute.v1.healthChecks`). External HTTP(S), TCP proxy, and SSL proxy load balancers as well as managed instance group auto-healing must use global health checks (`compute.v1.healthChecks`). Backend service-based network load balancers must use regional health checks (`compute.v1.regionHealthChecks`). Target pool-based network load balancers must use legacy HTTP health checks (`compute.v1.httpHealthChecks`). For more information, see Health checks overview.",
+      "id": "HealthCheck",
       "properties": {
-        "associations": {
-          "description": "A list of associations that belong to this firewall policy.",
-          "items": {
-            "$ref": "FirewallPolicyAssociation"
-          },
-          "type": "array"
+        "checkIntervalSec": {
+          "description": "How often (in seconds) to send a health check. The default value is 5 seconds.",
+          "format": "int32",
+          "type": "integer"
         },
         "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "description": "[Output Only] Creation timestamp in 3339 text format.",
           "type": "string"
         },
         "description": {
           "description": "An optional description of this resource. Provide this property when you create the resource.",
           "type": "string"
         },
-        "displayName": {
-          "description": "Deprecated, please use short name instead. User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
+        "grpcHealthCheck": {
+          "$ref": "GRPCHealthCheck"
         },
-        "fingerprint": {
-          "description": "Specifies a fingerprint for this resource, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make get() request to the firewall policy.",
-          "format": "byte",
-          "type": "string"
+        "healthyThreshold": {
+          "description": "A so-far unhealthy instance will be marked healthy after this many consecutive successes. The default value is 2.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "http2HealthCheck": {
+          "$ref": "HTTP2HealthCheck"
+        },
+        "httpHealthCheck": {
+          "$ref": "HTTPHealthCheck"
+        },
+        "httpsHealthCheck": {
+          "$ref": "HTTPSHealthCheck"
         },
         "id": {
           "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
@@ -47829,34 +53201,23 @@
           "type": "string"
         },
         "kind": {
-          "default": "compute#firewallPolicy",
-          "description": "[Output only] Type of the resource. Always compute#firewallPolicyfor firewall policies",
+          "default": "compute#healthCheck",
+          "description": "Type of the resource.",
           "type": "string"
         },
-        "name": {
-          "description": "Name of the resource. For Organization Firewall Policies it's a [Output Only] numeric ID allocated by Google Cloud which uniquely identifies the Organization Firewall Policy.",
-          "type": "string"
+        "logConfig": {
+          "$ref": "HealthCheckLogConfig",
+          "description": "Configure logging on this health check."
         },
-        "parent": {
-          "description": "[Output Only] The parent of the firewall policy. This field is not applicable to network firewall policies.",
+        "name": {
+          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. For example, a name that is 1-63 characters long, matches the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`, and otherwise complies with RFC1035. This regular expression describes a name where the first character is a lowercase letter, and all following characters are a dash, lowercase letter, or digit, except the last character, which isn't a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
         },
         "region": {
-          "description": "[Output Only] URL of the region where the regional firewall policy resides. This field is not applicable to global firewall policies. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
+          "description": "[Output Only] Region where the health check resides. Not applicable to global health checks.",
           "type": "string"
         },
-        "ruleTupleCount": {
-          "description": "[Output Only] Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "rules": {
-          "description": "A list of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match \"*\"). If no rules are provided when creating a firewall policy, a default rule with action \"allow\" will be added.",
-          "items": {
-            "$ref": "FirewallPolicyRule"
-          },
-          "type": "array"
-        },
         "selfLink": {
           "description": "[Output Only] Server-defined URL for the resource.",
           "type": "string"
@@ -47865,75 +53226,87 @@
           "description": "[Output Only] Server-defined URL for this resource with the resource id.",
           "type": "string"
         },
-        "shortName": {
-          "description": "User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
+        "sourceRegions": {
+          "description": "The list of cloud regions from which health checks are performed. If any regions are specified, then exactly 3 regions should be specified. The region names must be valid names of GCP regions. This can only be set for global health check. If this list is non-empty, then there are restrictions on what other health check fields are supported and what other resources can use this health check: - SSL, HTTP2, and GRPC protocols are not supported. - The TCP request field is not supported. - The proxyHeader field for HTTP, HTTPS, and TCP is not supported. - The checkIntervalSec field must be at least 30. - The health check cannot be used with BackendService nor with managed instance group auto-healing. ",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         },
-        "vpcNetworkScope": {
-          "description": "The scope of networks allowed to be associated with the firewall policy. This field can be either GLOBAL_VPC_NETWORK or REGIONAL_VPC_NETWORK. A firewall policy with the VPC scope set to GLOBAL_VPC_NETWORK is allowed to be attached only to global networks. When the VPC scope is set to REGIONAL_VPC_NETWORK the firewall policy is allowed to be attached only to regional networks in the same scope as the firewall policy. Note: if not specified then GLOBAL_VPC_NETWORK will be used.",
+        "sslHealthCheck": {
+          "$ref": "SSLHealthCheck"
+        },
+        "tcpHealthCheck": {
+          "$ref": "TCPHealthCheck"
+        },
+        "timeoutSec": {
+          "description": "How long (in seconds) to wait before claiming failure. The default value is 5 seconds. It is invalid for timeoutSec to have greater value than checkIntervalSec.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "type": {
+          "description": "Specifies the type of the healthCheck, either TCP, SSL, HTTP, HTTPS, HTTP2 or GRPC. Exactly one of the protocol-specific health check fields must be specified, which must match type field.",
           "enum": [
-            "GLOBAL_VPC_NETWORK",
-            "REGIONAL_VPC_NETWORK"
+            "GRPC",
+            "HTTP",
+            "HTTP2",
+            "HTTPS",
+            "INVALID",
+            "SSL",
+            "TCP",
+            "UDP"
           ],
           "enumDescriptions": [
-            "The firewall policy is allowed to be attached only to global networks.",
-            "The firewall policy is allowed to be attached only to regional networks in the same scope as the firewall policy. This option is applicable only to regional firewall policies."
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            ""
           ],
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "FirewallPolicyAssociation": {
-      "id": "FirewallPolicyAssociation",
-      "properties": {
-        "attachmentTarget": {
-          "description": "The target that the firewall policy is attached to.",
-          "type": "string"
-        },
-        "displayName": {
-          "description": "[Output Only] Deprecated, please use short name instead. The display name of the firewall policy of the association.",
-          "type": "string"
-        },
-        "firewallPolicyId": {
-          "description": "[Output Only] The firewall policy ID of the association.",
-          "type": "string"
         },
-        "name": {
-          "description": "The name for an association.",
-          "type": "string"
+        "udpHealthCheck": {
+          "$ref": "UDPHealthCheck"
         },
-        "shortName": {
-          "description": "[Output Only] The short name of the firewall policy of the association.",
-          "type": "string"
+        "unhealthyThreshold": {
+          "description": "A so-far healthy instance will be marked unhealthy after this many consecutive failures. The default value is 2.",
+          "format": "int32",
+          "type": "integer"
         }
       },
       "type": "object"
     },
-    "FirewallPolicyList": {
-      "id": "FirewallPolicyList",
+    "HealthCheckList": {
+      "description": "Contains a list of HealthCheck resources.",
+      "id": "HealthCheckList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of FirewallPolicy resources.",
+          "description": "A list of HealthCheck resources.",
           "items": {
-            "$ref": "FirewallPolicy"
+            "$ref": "HealthCheck"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#firewallPolicyList",
-          "description": "[Output Only] Type of resource. Always compute#firewallPolicyList for listsof FirewallPolicies",
+          "default": "compute#healthCheckList",
+          "description": "Type of resource.",
           "type": "string"
         },
         "nextPageToken": {
           "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
           "type": "string"
         },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -47950,6 +53323,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -47968,6 +53342,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -47979,6 +53383,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -48026,298 +53431,31 @@
       },
       "type": "object"
     },
-    "FirewallPolicyRule": {
-      "description": "Represents a rule that describes one or more match conditions along with the action to be taken when traffic matches this condition (allow or deny).",
-      "id": "FirewallPolicyRule",
+    "HealthCheckLogConfig": {
+      "description": "Configuration of logging on a health check. If logging is enabled, logs will be exported to Stackdriver.",
+      "id": "HealthCheckLogConfig",
       "properties": {
-        "action": {
-          "description": "The Action to perform when the client connection triggers the rule. Valid actions are \"allow\", \"deny\" and \"goto_next\".",
-          "type": "string"
-        },
-        "description": {
-          "description": "An optional description for this resource.",
-          "type": "string"
-        },
-        "direction": {
-          "description": "The direction in which this rule applies.",
-          "enum": [
-            "EGRESS",
-            "INGRESS"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "disabled": {
-          "description": "Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.",
-          "type": "boolean"
-        },
-        "enableLogging": {
-          "description": "Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on \"goto_next\" rules.",
-          "type": "boolean"
-        },
-        "kind": {
-          "default": "compute#firewallPolicyRule",
-          "description": "[Output only] Type of the resource. Always compute#firewallPolicyRule for firewall policy rules",
-          "type": "string"
-        },
-        "match": {
-          "$ref": "FirewallPolicyRuleMatcher",
-          "description": "A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced."
-        },
-        "priority": {
-          "description": "An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "ruleName": {
-          "description": "An optional name for the rule. This field is not a unique identifier and can be updated.",
-          "type": "string"
-        },
-        "ruleTupleCount": {
-          "description": "[Output Only] Calculation of the complexity of a single firewall policy rule.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "securityProfileGroup": {
-          "description": "A fully-qualified URL of a SecurityProfile resource instance. Example: https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group Must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions.",
-          "type": "string"
-        },
-        "targetResources": {
-          "description": "A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "targetSecureTags": {
-          "description": "A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.",
-          "items": {
-            "$ref": "FirewallPolicyRuleSecureTag"
-          },
-          "type": "array"
-        },
-        "targetServiceAccounts": {
-          "description": "A list of service accounts indicating the sets of instances that are applied with this rule.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "tlsInspect": {
-          "description": "Boolean flag indicating if the traffic should be TLS decrypted. Can be set only if action = 'apply_security_profile_group' and cannot be set for other actions.",
+        "enable": {
+          "description": "Indicates whether or not to export logs. This is false by default, which means no health check logging will be done.",
           "type": "boolean"
         }
       },
       "type": "object"
     },
-    "FirewallPolicyRuleMatcher": {
-      "description": "Represents a match condition that incoming traffic is evaluated against. Exactly one field must be specified.",
-      "id": "FirewallPolicyRuleMatcher",
-      "properties": {
-        "destAddressGroups": {
-          "description": "Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "destFqdns": {
-          "description": "Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "destIpRanges": {
-          "description": "CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "destRegionCodes": {
-          "description": "Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex.\"US\" Maximum number of dest region codes allowed is 5000.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "destThreatIntelligences": {
-          "description": "Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "layer4Configs": {
-          "description": "Pairs of IP protocols and ports that the rule should match.",
-          "items": {
-            "$ref": "FirewallPolicyRuleMatcherLayer4Config"
-          },
-          "type": "array"
-        },
-        "srcAddressGroups": {
-          "description": "Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "srcFqdns": {
-          "description": "Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "srcIpRanges": {
-          "description": "CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "srcRegionCodes": {
-          "description": "Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex.\"US\" Maximum number of source region codes allowed is 5000.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "srcSecureTags": {
-          "description": "List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256.",
-          "items": {
-            "$ref": "FirewallPolicyRuleSecureTag"
-          },
-          "type": "array"
-        },
-        "srcThreatIntelligences": {
-          "description": "Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "FirewallPolicyRuleMatcherLayer4Config": {
-      "id": "FirewallPolicyRuleMatcherLayer4Config",
-      "properties": {
-        "ipProtocol": {
-          "description": "The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.",
-          "type": "string"
-        },
-        "ports": {
-          "description": "An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: [\"22\"], [\"80\",\"443\"], and [\"12345-12349\"].",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "FirewallPolicyRuleSecureTag": {
-      "id": "FirewallPolicyRuleSecureTag",
-      "properties": {
-        "name": {
-          "description": "Name of the secure tag, created with TagManager's TagValue API.",
-          "pattern": "tagValues/[0-9]+",
-          "type": "string"
-        },
-        "state": {
-          "description": "[Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.",
-          "enum": [
-            "EFFECTIVE",
-            "INEFFECTIVE"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "FixedOrPercent": {
-      "description": "Encapsulates numeric value that can be either absolute or relative.",
-      "id": "FixedOrPercent",
-      "properties": {
-        "calculated": {
-          "description": "[Output Only] Absolute value of VM instances calculated based on the specific mode. - If the value is fixed, then the calculated value is equal to the fixed value. - If the value is a percent, then the calculated value is percent/100 * targetSize. For example, the calculated value of a 80% of a managed instance group with 150 instances would be (80/100 * 150) = 120 VM instances. If there is a remainder, the number is rounded. ",
-          "format": "int32",
-          "type": "integer"
-        },
-        "fixed": {
-          "description": "Specifies a fixed number of VM instances. This must be a positive integer.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "percent": {
-          "description": "Specifies a percentage of instances between 0 to 100%, inclusive. For example, specify 80 for 80%.",
-          "format": "int32",
-          "type": "integer"
+    "HealthCheckReference": {
+      "description": "A full or valid partial URL to a health check. For example, the following are valid URLs: - https://www.googleapis.com/compute/beta/projects/project-id/global/httpHealthChecks/health-check - projects/project-id/global/httpHealthChecks/health-check - global/httpHealthChecks/health-check ",
+      "id": "HealthCheckReference",
+      "properties": {
+        "healthCheck": {
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "ForwardingRule": {
-      "description": "Represents a Forwarding Rule resource. Forwarding rule resources in Google Cloud can be either regional or global in scope: * [Global](https://cloud.google.com/compute/docs/reference/rest/alpha/globalForwardingRules) * [Regional](https://cloud.google.com/compute/docs/reference/rest/alpha/forwardingRules) A forwarding rule and its corresponding IP address represent the frontend configuration of a Google Cloud Platform load balancer. Forwarding rules can also reference target instances and Cloud VPN Classic gateways (targetVpnGateway). For more information, read Forwarding rule concepts and Using protocol forwarding.",
-      "id": "ForwardingRule",
+    "HealthCheckService": {
+      "description": "Represents a Health-Check as a Service resource.",
+      "id": "HealthCheckService",
       "properties": {
-        "IPAddress": {
-          "description": "IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances: - When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0. - When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule: * IP address number, as in `100.1.2.3` * IPv6 address range, as in `2600:1234::/96` * Full resource URL, as in https://www.googleapis.com/compute/v1/projects/ project_id/regions/region/addresses/address-name * Partial URL or by name, as in: - projects/project_id/regions/region/addresses/address-name - regions/region/addresses/address-name - global/addresses/address-name - address-name The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see [IP address specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). When reading an IPAddress, the API always returns the IP address number.",
-          "type": "string"
-        },
-        "IPProtocol": {
-          "description": "The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in [Load balancing features](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends).",
-          "enum": [
-            "AH",
-            "ALL",
-            "ESP",
-            "ICMP",
-            "L3_DEFAULT",
-            "SCTP",
-            "TCP",
-            "UDP"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "allPorts": {
-          "description": "This field can only be used: - If IPProtocol is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding. Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive.",
-          "type": "boolean"
-        },
-        "allowGlobalAccess": {
-          "description": "This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.",
-          "type": "boolean"
-        },
-        "allowPscGlobalAccess": {
-          "description": "This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.",
-          "type": "boolean"
-        },
-        "backendService": {
-          "description": "Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.",
-          "type": "string"
-        },
-        "baseForwardingRule": {
-          "description": "[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.",
-          "type": "string"
-        },
         "creationTimestamp": {
           "description": "[Output Only] Creation timestamp in RFC3339 text format.",
           "type": "string"
@@ -48327,191 +53465,89 @@
           "type": "string"
         },
         "fingerprint": {
-          "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a ForwardingRule. Include the fingerprint in patch request to ensure that you do not overwrite changes that were applied from another concurrent request. To see the latest fingerprint, make a get() request to retrieve a ForwardingRule.",
-          "format": "byte",
-          "type": "string"
-        },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "ipVersion": {
-          "description": "The IP Version that will be used by this forwarding rule. Valid options are IPV4 or IPV6.",
-          "enum": [
-            "IPV4",
-            "IPV6",
-            "UNSPECIFIED_VERSION"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "isMirroringCollector": {
-          "description": "Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.",
-          "type": "boolean"
-        },
-        "kind": {
-          "default": "compute#forwardingRule",
-          "description": "[Output Only] Type of the resource. Always compute#forwardingRule for Forwarding Rule resources.",
-          "type": "string"
-        },
-        "labelFingerprint": {
-          "description": "A fingerprint for the labels being applied to this resource, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a ForwardingRule.",
+          "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a HealthCheckService. An up-to-date fingerprint must be provided in order to patch/update the HealthCheckService; Otherwise, the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve the HealthCheckService.",
           "format": "byte",
           "type": "string"
         },
-        "labels": {
-          "additionalProperties": {
-            "type": "string"
-          },
-          "description": "Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.",
-          "type": "object"
-        },
-        "loadBalancingScheme": {
-          "description": "Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts.",
-          "enum": [
-            "EXTERNAL",
-            "EXTERNAL_MANAGED",
-            "INTERNAL",
-            "INTERNAL_MANAGED",
-            "INTERNAL_SELF_MANAGED",
-            "INVALID"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            "",
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "metadataFilters": {
-          "description": "Opaque filter criteria used by load balancer to restrict routing configuration to a limited set of xDS compliant clients. In their xDS requests to load balancer, xDS clients present node metadata. When there is a match, the relevant configuration is made available to those proxies. Otherwise, all the resources (e.g. TargetHttpProxy, UrlMap) referenced by the ForwardingRule are not visible to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels provided in the metadata. If multiple metadataFilters are specified, all of them need to be satisfied in order to be considered a match. metadataFilters specified here will be applifed before those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED.",
+        "healthChecks": {
+          "description": "A list of URLs to the HealthCheck resources. Must have at least one HealthCheck, and not more than 10 for regional HealthCheckService, and not more than 1 for global HealthCheckService. HealthCheck resources must have portSpecification=USE_SERVING_PORT or portSpecification=USE_FIXED_PORT. For regional HealthCheckService, the HealthCheck must be regional and in the same region. For global HealthCheckService, HealthCheck must be global. Mix of regional and global HealthChecks is not supported. Multiple regional HealthChecks must belong to the same region. Regional HealthChecks must belong to the same region as zones of NetworkEndpointGroups. For global HealthCheckService using global INTERNET_IP_PORT NetworkEndpointGroups, the global HealthChecks must specify sourceRegions, and HealthChecks that specify sourceRegions can only be used with global INTERNET_IP_PORT NetworkEndpointGroups.",
           "items": {
-            "$ref": "MetadataFilter"
+            "type": "string"
           },
           "type": "array"
         },
-        "name": {
-          "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "network": {
-          "description": "This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If this field is not specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.",
-          "type": "string"
-        },
-        "networkTier": {
-          "description": "This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address.",
+        "healthStatusAggregationPolicy": {
+          "description": "Optional. Policy for how the results from multiple health checks for the same endpoint are aggregated. Defaults to NO_AGGREGATION if unspecified. - NO_AGGREGATION. An EndpointHealth message is returned for each pair in the health check service. - AND. If any health check of an endpoint reports UNHEALTHY, then UNHEALTHY is the HealthState of the endpoint. If all health checks report HEALTHY, the HealthState of the endpoint is HEALTHY. . This is only allowed with regional HealthCheckService.",
           "enum": [
-            "FIXED_STANDARD",
-            "PREMIUM",
-            "SELECT",
-            "STANDARD",
-            "STANDARD_OVERRIDES_FIXED_STANDARD"
+            "AND",
+            "NO_AGGREGATION"
           ],
           "enumDescriptions": [
-            "Public internet quality with fixed bandwidth.",
-            "High quality, Google-grade network tier, support for all networking products.",
-            "Price competitive network tier, support for all networking products.",
-            "Public internet quality, only limited support for other networking products.",
-            "(Output only) Temporary tier for FIXED_STANDARD when fixed standard tier is expired or not configured."
+            "If any backend's health check reports UNHEALTHY, then UNHEALTHY is the HealthState of the entire health check service. If all backend's are healthy, the HealthState of the health check service is HEALTHY.",
+            "An EndpointHealth message is returned for each backend in the health check service."
           ],
           "type": "string"
         },
-        "noAutomateDnsZone": {
-          "description": "This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.",
-          "type": "boolean"
-        },
-        "portRange": {
-          "description": "This field can only be used: - If IPProtocol is one of TCP, UDP, or SCTP. - By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. @pattern: \\\\d+(?:-\\\\d+)?",
-          "type": "string"
-        },
-        "ports": {
-          "description": "This field can only be used: - If IPProtocol is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal protocol forwarding. You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. The ports, port_range, and allPorts fields are mutually exclusive. @pattern: \\\\d+(?:-\\\\d+)?",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "pscConnectionId": {
-          "description": "[Output Only] The PSC connection id of the PSC Forwarding Rule.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "pscConnectionStatus": {
+        "healthStatusAggregationStrategy": {
+          "deprecated": true,
+          "description": "This field is deprecated. Use health_status_aggregation_policy instead. Policy for how the results from multiple health checks for the same endpoint are aggregated. - NO_AGGREGATION. An EndpointHealth message is returned for each backend in the health check service. - AND. If any backend's health check reports UNHEALTHY, then UNHEALTHY is the HealthState of the entire health check service. If all backend's are healthy, the HealthState of the health check service is HEALTHY. .",
           "enum": [
-            "ACCEPTED",
-            "CLOSED",
-            "NEEDS_ATTENTION",
-            "PENDING",
-            "REJECTED",
-            "STATUS_UNSPECIFIED"
+            "AND",
+            "NO_AGGREGATION"
           ],
           "enumDescriptions": [
-            "The connection has been accepted by the producer.",
-            "The connection has been closed by the producer and will not serve traffic going forward.",
-            "The connection has been accepted by the producer, but the producer needs to take further action before the forwarding rule can serve traffic.",
-            "The connection is pending acceptance by the producer.",
-            "The connection has been rejected by the producer.",
-            ""
+            "This is deprecated. Use health_status_aggregation_policy instead. If any backend's health check reports UNHEALTHY, then UNHEALTHY is the HealthState of the entire health check service. If all backend's are healthy, the HealthState of the health check service is HEALTHY.",
+            "This is deprecated. Use health_status_aggregation_policy instead. An EndpointHealth message is returned for each backend in the health check service."
           ],
           "type": "string"
         },
-        "region": {
-          "description": "[Output Only] URL of the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
           "type": "string"
         },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
+        "kind": {
+          "default": "compute#healthCheckService",
+          "description": "[Output only] Type of the resource. Always compute#healthCheckServicefor health check services.",
           "type": "string"
         },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+        "name": {
+          "description": "Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
         },
-        "serviceDirectoryRegistrations": {
-          "description": "Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource.",
+        "networkEndpointGroups": {
+          "description": "A list of URLs to the NetworkEndpointGroup resources. Must not have more than 100. For regional HealthCheckService, NEGs must be in zones in the region of the HealthCheckService. For global HealthCheckServices, the NetworkEndpointGroups must be global INTERNET_IP_PORT.",
           "items": {
-            "$ref": "ForwardingRuleServiceDirectoryRegistration"
+            "type": "string"
           },
           "type": "array"
         },
-        "serviceLabel": {
-          "description": "An optional prefix to the service name for this Forwarding Rule. If specified, the prefix is the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for internal load balancing.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "serviceName": {
-          "description": "[Output Only] The internal fully qualified service name for this Forwarding Rule. This field is only used for internal load balancing.",
-          "type": "string"
-        },
-        "sourceIpRanges": {
-          "description": "If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each source_ip_range entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).",
+        "notificationEndpoints": {
+          "description": "A list of URLs to the NotificationEndpoint resources. Must not have more than 10. A list of endpoints for receiving notifications of change in health status. For regional HealthCheckService, NotificationEndpoint must be regional and in the same region. For global HealthCheckService, NotificationEndpoint must be global.",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
-        "subnetwork": {
-          "description": "This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.",
+        "region": {
+          "description": "[Output Only] URL of the region where the health check service resides. This field is not applicable to global health check services. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
           "type": "string"
         },
-        "target": {
-          "description": "The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object. - For load balancers, see the \"Target\" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). - For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle: - vpc-sc - APIs that support VPC Service Controls. - all-apis - All supported Google APIs. - For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment. ",
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
+          "type": "string"
+        },
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL with id for the resource.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "ForwardingRuleAggregatedList": {
-      "id": "ForwardingRuleAggregatedList",
+    "HealthCheckServiceAggregatedList": {
+      "description": "Contains a list of HealthCheckServicesScopedList.",
+      "id": "HealthCheckServiceAggregatedList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
@@ -48519,15 +53555,15 @@
         },
         "items": {
           "additionalProperties": {
-            "$ref": "ForwardingRulesScopedList",
-            "description": "Name of the scope containing this set of addresses."
+            "$ref": "HealthCheckServicesScopedList",
+            "description": "Name of the scope containing this set of HealthCheckServices."
           },
-          "description": "A list of ForwardingRulesScopedList resources.",
+          "description": "A list of HealthCheckServicesScopedList resources.",
           "type": "object"
         },
         "kind": {
-          "default": "compute#forwardingRuleAggregatedList",
-          "description": "[Output Only] Type of resource. Always compute#forwardingRuleAggregatedList for lists of forwarding rules.",
+          "default": "compute#healthCheckServiceAggregatedList",
+          "description": "Type of resource.",
           "type": "string"
         },
         "nextPageToken": {
@@ -48561,6 +53597,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -48579,6 +53616,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -48590,6 +53657,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -48637,24 +53705,33 @@
       },
       "type": "object"
     },
-    "ForwardingRuleList": {
-      "description": "Contains a list of ForwardingRule resources.",
-      "id": "ForwardingRuleList",
+    "HealthCheckServiceReference": {
+      "description": "A full or valid partial URL to a health check service. For example, the following are valid URLs: - https://www.googleapis.com/compute/beta/projects/project-id/regions/us-west1/healthCheckServices/health-check-service - projects/project-id/regions/us-west1/healthCheckServices/health-check-service - regions/us-west1/healthCheckServices/health-check-service ",
+      "id": "HealthCheckServiceReference",
+      "properties": {
+        "healthCheckService": {
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "HealthCheckServicesList": {
+      "id": "HealthCheckServicesList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of ForwardingRule resources.",
+          "description": "A list of HealthCheckService resources.",
           "items": {
-            "$ref": "ForwardingRule"
+            "$ref": "HealthCheckService"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#forwardingRuleList",
-          "description": "Type of resource.",
+          "default": "compute#healthCheckServicesList",
+          "description": "[Output Only] Type of the resource. Always compute#healthCheckServicesList for lists of HealthCheckServices.",
           "type": "string"
         },
         "nextPageToken": {
@@ -48681,6 +53758,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -48699,6 +53777,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -48710,6 +53818,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -48757,46 +53866,311 @@
       },
       "type": "object"
     },
-    "ForwardingRuleReference": {
-      "id": "ForwardingRuleReference",
+    "HealthCheckServicesScopedList": {
+      "id": "HealthCheckServicesScopedList",
       "properties": {
-        "forwardingRule": {
-          "type": "string"
+        "resources": {
+          "description": "A list of HealthCheckServices contained in this scope.",
+          "items": {
+            "$ref": "HealthCheckService"
+          },
+          "type": "array"
+        },
+        "warning": {
+          "description": "Informational warning which replaces the list of backend services when the list is empty.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
         }
       },
       "type": "object"
     },
-    "ForwardingRuleServiceDirectoryRegistration": {
-      "description": "Describes the auto-registration of the Forwarding Rule to Service Directory. The region and project of the Service Directory resource generated from this registration will be the same as this Forwarding Rule.",
-      "id": "ForwardingRuleServiceDirectoryRegistration",
+    "HealthChecksAggregatedList": {
+      "id": "HealthChecksAggregatedList",
       "properties": {
-        "namespace": {
-          "description": "Service Directory namespace to register the forwarding rule under.",
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
-        "service": {
-          "description": "Service Directory service to register the forwarding rule under.",
+        "items": {
+          "additionalProperties": {
+            "$ref": "HealthChecksScopedList",
+            "description": "Name of the scope containing this set of HealthChecks."
+          },
+          "description": "A list of HealthChecksScopedList resources.",
+          "type": "object"
+        },
+        "kind": {
+          "default": "compute#healthChecksAggregatedList",
+          "description": "Type of resource.",
           "type": "string"
         },
-        "serviceDirectoryRegion": {
-          "description": "[Optional] Service Directory region to register this global forwarding rule under. Default to \"us-central1\". Only used for PSC for Google APIs. All PSC for Google APIs Forwarding Rules on the same network should use the same Service Directory region.",
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
+        },
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "warning": {
+          "description": "[Output Only] Informational warning message.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
         }
       },
       "type": "object"
     },
-    "ForwardingRulesScopedList": {
-      "id": "ForwardingRulesScopedList",
-      "properties": {
-        "forwardingRules": {
-          "description": "A list of forwarding rules contained in this scope.",
+    "HealthChecksScopedList": {
+      "id": "HealthChecksScopedList",
+      "properties": {
+        "healthChecks": {
+          "description": "A list of HealthChecks contained in this scope.",
           "items": {
-            "$ref": "ForwardingRule"
+            "$ref": "HealthCheck"
           },
           "type": "array"
         },
         "warning": {
-          "description": "Informational warning which replaces the list of forwarding rules when the list is empty.",
+          "description": "Informational warning which replaces the list of backend services when the list is empty.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -48811,6 +54185,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -48829,6 +54204,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -48840,6 +54245,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -48887,341 +54293,424 @@
       },
       "type": "object"
     },
-    "FutureReservation": {
-      "id": "FutureReservation",
+    "HealthStatus": {
+      "id": "HealthStatus",
       "properties": {
-        "creationTimestamp": {
-          "description": "[Output Only] The creation timestamp for this future reservation in RFC3339 text format.",
+        "annotations": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Metadata defined as annotations for network endpoint.",
+          "type": "object"
+        },
+        "forwardingRule": {
+          "description": "URL of the forwarding rule associated with the health status of the instance.",
           "type": "string"
         },
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the future reservation.",
+        "forwardingRuleIp": {
+          "description": "A forwarding rule IP address assigned to this instance.",
           "type": "string"
         },
-        "id": {
-          "description": "[Output Only] A unique identifier for this future reservation. The server defines this identifier.",
-          "format": "uint64",
+        "healthState": {
+          "description": "Health state of the IPv4 address of the instance.",
+          "enum": [
+            "HEALTHY",
+            "UNHEALTHY"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
           "type": "string"
         },
-        "kind": {
-          "default": "compute#futureReservation",
-          "description": "[Output Only] Type of the resource. Always compute#futureReservation for future reservations.",
+        "instance": {
+          "description": "URL of the instance resource.",
           "type": "string"
         },
-        "name": {
-          "annotations": {
-            "required": [
-              "compute.instances.insert"
-            ]
-          },
-          "description": "The name of the resource, provided by the client when initially creating the resource. The resource name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+        "ipAddress": {
+          "description": "For target pool based Network Load Balancing, it indicates the forwarding rule's IP address assigned to this instance. For other types of load balancing, the field indicates VM internal ip.",
           "type": "string"
         },
-        "namePrefix": {
-          "description": "Name prefix for the reservations to be created at the time of delivery. The name prefix must comply with RFC1035. Maximum allowed length for name prefix is 20. Automatically created reservations name format will be -date-####.",
+        "port": {
+          "description": "The named port of the instance group, not necessarily the port that is health-checked.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "weight": {
           "type": "string"
         },
-        "planningStatus": {
-          "description": "Planning state before being submitted for evaluation",
+        "weightError": {
           "enum": [
-            "DRAFT",
-            "PLANNING_STATUS_UNSPECIFIED",
-            "SUBMITTED"
+            "INVALID_WEIGHT",
+            "MISSING_WEIGHT",
+            "UNAVAILABLE_WEIGHT",
+            "WEIGHT_NONE"
           ],
           "enumDescriptions": [
-            "Future Reservation is being drafted.",
-            "",
-            "Future Reservation has been submitted for evaluation by GCP."
+            "The response to a Health Check probe had the HTTP response header field X-Load-Balancing-Endpoint-Weight, but its content was invalid (i.e., not a non-negative single-precision floating-point number in decimal string representation).",
+            "The response to a Health Check probe did not have the HTTP response header field X-Load-Balancing-Endpoint-Weight.",
+            "This is the value when the accompanied health status is either TIMEOUT (i.e.,the Health Check probe was not able to get a response in time) or UNKNOWN. For the latter, it should be typically because there has not been sufficient time to parse and report the weight for a new backend (which is with 0.0.0.0 ip address). However, it can be also due to an outage case for which the health status is explicitly reset to UNKNOWN.",
+            "This is the default value when WeightReportMode is DISABLE, and is also the initial value when WeightReportMode has just updated to ENABLE or DRY_RUN and there has not been sufficient time to parse and report the backend weight."
           ],
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "HealthStatusForNetworkEndpoint": {
+      "id": "HealthStatusForNetworkEndpoint",
+      "properties": {
+        "backendService": {
+          "$ref": "BackendServiceReference",
+          "description": "URL of the backend service associated with the health state of the network endpoint."
         },
-        "selfLink": {
-          "description": "[Output Only] Server-defined fully-qualified URL for this resource.",
-          "type": "string"
-        },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
-          "type": "string"
-        },
-        "shareSettings": {
-          "$ref": "ShareSettings",
-          "description": "List of Projects/Folders to share with."
+        "forwardingRule": {
+          "$ref": "ForwardingRuleReference",
+          "description": "URL of the forwarding rule associated with the health state of the network endpoint."
         },
-        "specificSkuProperties": {
-          "$ref": "FutureReservationSpecificSKUProperties",
-          "description": "Future Reservation configuration to indicate instance properties and total count."
+        "healthCheck": {
+          "$ref": "HealthCheckReference",
+          "description": "URL of the health check associated with the health state of the network endpoint."
         },
-        "status": {
-          "$ref": "FutureReservationStatus",
-          "description": "[Output only] Status of the Future Reservation"
+        "healthCheckService": {
+          "$ref": "HealthCheckServiceReference",
+          "description": "URL of the health check service associated with the health state of the network endpoint."
         },
-        "timeWindow": {
-          "$ref": "FutureReservationTimeWindow",
-          "description": "Time window for this Future Reservation."
+        "healthState": {
+          "description": "Health state of the network endpoint determined based on the health checks configured.",
+          "enum": [
+            "DRAINING",
+            "HEALTHY",
+            "UNHEALTHY",
+            "UNKNOWN"
+          ],
+          "enumDescriptions": [
+            "Endpoint is being drained.",
+            "Endpoint is healthy.",
+            "Endpoint is unhealthy.",
+            "Health status of the endpoint is unknown."
+          ],
+          "type": "string"
         },
-        "zone": {
-          "description": "[Output Only] URL of the Zone where this future reservation resides.",
+        "ipv6HealthState": {
+          "description": "Health state of the ipv6 network endpoint determined based on the health checks configured.",
+          "enum": [
+            "DRAINING",
+            "HEALTHY",
+            "UNHEALTHY",
+            "UNKNOWN"
+          ],
+          "enumDescriptions": [
+            "Endpoint is being drained.",
+            "Endpoint is healthy.",
+            "Endpoint is unhealthy.",
+            "Health status of the endpoint is unknown."
+          ],
           "type": "string"
         }
       },
       "type": "object"
     },
-    "FutureReservationSpecificSKUProperties": {
-      "id": "FutureReservationSpecificSKUProperties",
+    "Help": {
+      "description": "Provides links to documentation or for performing an out of band action. For example, if a quota check failed with an error indicating the calling project hasn't enabled the accessed service, this can contain a URL pointing directly to the right place in the developer console to flip the bit.",
+      "id": "Help",
       "properties": {
-        "instanceProperties": {
-          "$ref": "AllocationSpecificSKUAllocationReservedInstanceProperties",
-          "description": "Properties of the SKU instances being reserved."
-        },
-        "sourceInstanceTemplate": {
-          "description": "The instance template that will be used to populate the ReservedInstanceProperties of the future reservation",
+        "links": {
+          "description": "URL(s) pointing to additional information on handling the current error.",
+          "items": {
+            "$ref": "HelpLink"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "HelpLink": {
+      "description": "Describes a URL link.",
+      "id": "HelpLink",
+      "properties": {
+        "description": {
+          "description": "Describes what the link offers.",
           "type": "string"
         },
-        "totalCount": {
-          "description": "Total number of instances for which capacity assurance is requested at a future time period.",
-          "format": "int64",
+        "url": {
+          "description": "The URL of the link.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "FutureReservationStatus": {
-      "description": "[Output only] Represents status related to the future reservation.",
-      "id": "FutureReservationStatus",
+    "HostRule": {
+      "description": "UrlMaps A host-matching rule for a URL. If matched, will use the named PathMatcher to select the BackendService.",
+      "id": "HostRule",
       "properties": {
-        "autoCreatedReservations": {
-          "description": "Fully qualified urls of the automatically created reservations at start_time.",
+        "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
+          "type": "string"
+        },
+        "hosts": {
+          "description": "The list of host patterns to match. They must be valid hostnames with optional port numbers in the format host:port. * matches any string of ([a-z0-9-.]*). In that case, * must be the first character, and if followed by anything, the immediate following character must be either - or .. * based matching is not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
-        "fulfilledCount": {
-          "description": "This count indicates the fulfilled capacity so far. This is set during \"PROVISIONING\" state. This count also includes capacity delivered as part of existing matching reservations.",
-          "format": "int64",
+        "pathMatcher": {
+          "description": "The name of the PathMatcher to use to match the path portion of the URL if the hostRule matches the URL's host portion.",
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "HttpFaultAbort": {
+      "description": "Specification for how requests are aborted as part of fault injection.",
+      "id": "HttpFaultAbort",
+      "properties": {
+        "httpStatus": {
+          "description": "The HTTP status code used to abort the request. The value must be from 200 to 599 inclusive. For gRPC protocol, the gRPC status code is mapped to HTTP status code according to this mapping table. HTTP status 200 is mapped to gRPC status UNKNOWN. Injecting an OK status is currently not supported by Traffic Director.",
+          "format": "uint32",
+          "type": "integer"
         },
-        "lockTime": {
-          "description": "Time when Future Reservation would become LOCKED, after which no modifications to Future Reservation will be allowed. Applicable only after the Future Reservation is in the APPROVED state. The lock_time is an RFC3339 string. The procurement_status will transition to PROCURING state at this time.",
+        "percentage": {
+          "description": "The percentage of traffic for connections, operations, or requests that is aborted as part of fault injection. The value must be from 0.0 to 100.0 inclusive.",
+          "format": "double",
+          "type": "number"
+        }
+      },
+      "type": "object"
+    },
+    "HttpFaultDelay": {
+      "description": "Specifies the delay introduced by the load balancer before forwarding the request to the backend service as part of fault injection.",
+      "id": "HttpFaultDelay",
+      "properties": {
+        "fixedDelay": {
+          "$ref": "Duration",
+          "description": "Specifies the value of the fixed delay interval."
+        },
+        "percentage": {
+          "description": "The percentage of traffic for connections, operations, or requests for which a delay is introduced as part of fault injection. The value must be from 0.0 to 100.0 inclusive.",
+          "format": "double",
+          "type": "number"
+        }
+      },
+      "type": "object"
+    },
+    "HttpFaultInjection": {
+      "description": "The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. As part of fault injection, when clients send requests to a backend service, delays can be introduced by the load balancer on a percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted by the load balancer for a percentage of requests.",
+      "id": "HttpFaultInjection",
+      "properties": {
+        "abort": {
+          "$ref": "HttpFaultAbort",
+          "description": "The specification for how client requests are aborted as part of fault injection."
+        },
+        "delay": {
+          "$ref": "HttpFaultDelay",
+          "description": "The specification for how client requests are delayed as part of fault injection, before being sent to a backend service."
+        }
+      },
+      "type": "object"
+    },
+    "HttpFilterConfig": {
+      "description": "HttpFilterConfiguration supplies additional contextual settings for networkservices.HttpFilter resources enabled by Traffic Director.",
+      "id": "HttpFilterConfig",
+      "properties": {
+        "config": {
+          "description": "The configuration needed to enable the networkservices.HttpFilter resource. The configuration must be YAML formatted and only contain fields defined in the protobuf identified in configTypeUrl",
           "type": "string"
         },
-        "procurementStatus": {
-          "description": "Current state of this Future Reservation",
-          "enum": [
-            "APPROVED",
-            "CANCELLED",
-            "COMMITTED",
-            "DECLINED",
-            "DRAFTING",
-            "FAILED",
-            "FAILED_PARTIALLY_FULFILLED",
-            "FULFILLED",
-            "PENDING_APPROVAL",
-            "PROCUREMENT_STATUS_UNSPECIFIED",
-            "PROCURING",
-            "PROVISIONING"
-          ],
-          "enumDescriptions": [
-            "Future reservation is approved by GCP.",
-            "Future reservation is cancelled by the customer.",
-            "Future reservation is committed by the customer.",
-            "Future reservation is rejected by GCP.",
-            "Related status for PlanningStatus.Draft. Transitions to PENDING_APPROVAL upon user submitting FR.",
-            "Future reservation failed. No additional reservations were provided.",
-            "Future reservation is partially fulfilled. Additional reservations were provided but did not reach total_count reserved instance slots.",
-            "Future reservation is fulfilled completely.",
-            "Future reservation is pending approval by GCP.",
-            "",
-            "Future reservation is being procured by GCP. Beyond this point, Future reservation is locked and no further modifications are allowed.",
-            "Future reservation capacity is being provisioned. This state will be entered after start_time, while reservations are being created to provide total_count reserved instance slots. This state will not persist past start_time + 24h."
-          ],
+        "configTypeUrl": {
+          "description": "The fully qualified versioned proto3 type url of the protobuf that the filter expects for its contextual settings, for example: type.googleapis.com/google.protobuf.Struct",
           "type": "string"
         },
-        "specificSkuProperties": {
-          "$ref": "FutureReservationStatusSpecificSKUProperties"
+        "filterName": {
+          "description": "Name of the networkservices.HttpFilter resource this configuration belongs to. This name must be known to the xDS client. Example: envoy.wasm",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "FutureReservationStatusSpecificSKUProperties": {
-      "description": "Properties to be set for the Future Reservation.",
-      "id": "FutureReservationStatusSpecificSKUProperties",
+    "HttpHeaderAction": {
+      "description": "The request and response header transformations that take effect before the request is passed along to the selected backendService.",
+      "id": "HttpHeaderAction",
       "properties": {
-        "sourceInstanceTemplateId": {
-          "description": "ID of the instance template used to populate the Future Reservation properties.",
-          "type": "string"
+        "requestHeadersToAdd": {
+          "description": "Headers to add to a matching request before forwarding the request to the backendService.",
+          "items": {
+            "$ref": "HttpHeaderOption"
+          },
+          "type": "array"
+        },
+        "requestHeadersToRemove": {
+          "description": "A list of header names for headers that need to be removed from the request before forwarding the request to the backendService.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "responseHeadersToAdd": {
+          "description": "Headers to add the response before sending the response back to the client.",
+          "items": {
+            "$ref": "HttpHeaderOption"
+          },
+          "type": "array"
+        },
+        "responseHeadersToRemove": {
+          "description": "A list of header names for headers that need to be removed from the response before sending the response back to the client.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "FutureReservationTimeWindow": {
-      "id": "FutureReservationTimeWindow",
+    "HttpHeaderMatch": {
+      "description": "matchRule criteria for request header matches.",
+      "id": "HttpHeaderMatch",
       "properties": {
-        "duration": {
-          "$ref": "Duration"
+        "exactMatch": {
+          "description": "The value should exactly match contents of exactMatch. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.",
+          "type": "string"
         },
-        "endTime": {
+        "headerName": {
+          "description": "The name of the HTTP header to match. For matching against the HTTP request's authority, use a headerMatch with the header name \":authority\". For matching a request's method, use the headerName \":method\". When the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true, only non-binary user-specified custom metadata and the `content-type` header are supported. The following transport-level headers cannot be used in header matching rules: `:authority`, `:method`, `:path`, `:scheme`, `user-agent`, `accept-encoding`, `content-encoding`, `grpc-accept-encoding`, `grpc-encoding`, `grpc-previous-rpc-attempts`, `grpc-tags-bin`, `grpc-timeout` and `grpc-trace-bin`.",
           "type": "string"
         },
-        "startTime": {
-          "description": "Start time of the Future Reservation. The start_time is an RFC3339 string.",
+        "invertMatch": {
+          "description": "If set to false, the headerMatch is considered a match if the preceding match criteria are met. If set to true, the headerMatch is considered a match if the preceding match criteria are NOT met. The default setting is false. ",
+          "type": "boolean"
+        },
+        "prefixMatch": {
+          "description": "The value of the header must start with the contents of prefixMatch. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.",
+          "type": "string"
+        },
+        "presentMatch": {
+          "description": "A header with the contents of headerName must exist. The match takes place whether or not the request's header has a value. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.",
+          "type": "boolean"
+        },
+        "rangeMatch": {
+          "$ref": "Int64RangeMatch",
+          "description": "The header value must be an integer and its value must be in the range specified in rangeMatch. If the header does not contain an integer, number or is empty, the match fails. For example for a range [-5, 0] - -3 will match. - 0 will not match. - 0.25 will not match. - -3someString will not match. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. rangeMatch is not supported for load balancers that have loadBalancingScheme set to EXTERNAL."
+        },
+        "regexMatch": {
+          "description": "The value of the header must match the regular expression specified in regexMatch. For more information about regular expression syntax, see Syntax. For matching against a port specified in the HTTP request, use a headerMatch with headerName set to PORT and a regular expression that satisfies the RFC2616 Host header's port specifier. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. Regular expressions can only be used when the loadBalancingScheme is set to INTERNAL_SELF_MANAGED.",
+          "type": "string"
+        },
+        "suffixMatch": {
+          "description": "The value of the header must end with the contents of suffixMatch. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "FutureReservationsAggregatedListResponse": {
-      "description": "Contains a list of future reservations.",
-      "id": "FutureReservationsAggregatedListResponse",
+    "HttpHeaderOption": {
+      "description": "Specification determining how headers are added to requests or responses.",
+      "id": "HttpHeaderOption",
       "properties": {
-        "etag": {
+        "headerName": {
+          "description": "The name of the header.",
           "type": "string"
         },
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+        "headerValue": {
+          "description": "The value of the header to add.",
           "type": "string"
         },
-        "items": {
-          "additionalProperties": {
-            "$ref": "FutureReservationsScopedList",
-            "description": "Name of the scope containing this set of future reservations."
-          },
-          "description": "A list of Future reservation resources.",
-          "type": "object"
+        "replace": {
+          "description": "If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. The default value is false. ",
+          "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
+    "HttpHealthCheck": {
+      "description": "Represents a legacy HTTP Health Check resource. Legacy HTTP health checks are now only required by target pool-based network load balancers. For all other load balancers, including backend service-based network load balancers, and for managed instance group auto-healing, you must use modern (non-legacy) health checks. For more information, see Health checks overview .",
+      "id": "HttpHealthCheck",
+      "properties": {
+        "checkIntervalSec": {
+          "description": "How often (in seconds) to send a health check. The default value is 5 seconds.",
+          "format": "int32",
+          "type": "integer"
         },
-        "kind": {
-          "default": "compute#futureReservationsAggregatedListResponse",
-          "description": "[Output Only] Type of resource. Always compute#futureReservationsAggregatedListResponse for future resevation aggregated list response.",
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
           "type": "string"
         },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+        "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
           "type": "string"
         },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
+        "healthyThreshold": {
+          "description": "A so-far unhealthy instance will be marked healthy after this many consecutive successes. The default value is 2.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "host": {
+          "description": "The value of the host header in the HTTP health check request. If left empty (default value), the public IP on behalf of which this health check is performed will be used.",
           "type": "string"
         },
-        "unreachables": {
-          "description": "[Output Only] Unreachable resources.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
+          "type": "string"
         },
-        "warning": {
-          "description": "[Output Only] Informational warning message.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
-              ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
+        "kind": {
+          "default": "compute#httpHealthCheck",
+          "description": "[Output Only] Type of the resource. Always compute#httpHealthCheck for HTTP health checks.",
+          "type": "string"
+        },
+        "name": {
+          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "port": {
+          "description": "The TCP port number for the HTTP health check request. The default value is 80.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "requestPath": {
+          "description": "The request path of the HTTP health check request. The default value is /. This field does not support query parameters. Must comply with RFC3986.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
+          "type": "string"
+        },
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "type": "string"
+        },
+        "timeoutSec": {
+          "description": "How long (in seconds) to wait before claiming failure. The default value is 5 seconds. It is invalid for timeoutSec to have greater value than checkIntervalSec.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "unhealthyThreshold": {
+          "description": "A so-far healthy instance will be marked unhealthy after this many consecutive failures. The default value is 2.",
+          "format": "int32",
+          "type": "integer"
         }
       },
       "type": "object"
     },
-    "FutureReservationsListResponse": {
-      "id": "FutureReservationsListResponse",
+    "HttpHealthCheckList": {
+      "description": "Contains a list of HttpHealthCheck resources.",
+      "id": "HttpHealthCheckList",
       "properties": {
-        "etag": {
-          "type": "string"
-        },
         "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "[Output Only] A list of future reservation resources.",
+          "description": "A list of HttpHealthCheck resources.",
           "items": {
-            "$ref": "FutureReservation"
+            "$ref": "HttpHealthCheck"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#futureReservationsListResponse",
-          "description": "[Output Only] Type of resource.Always compute#FutureReservationsListResponse for lists of reservations",
+          "default": "compute#httpHealthCheckList",
+          "description": "Type of resource.",
           "type": "string"
         },
         "nextPageToken": {
@@ -49232,13 +54721,6 @@
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
-        "unreachables": {
-          "description": "[Output Only] Unreachable resources.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -49255,6 +54737,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -49273,6 +54756,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -49284,6 +54797,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -49331,709 +54845,729 @@
       },
       "type": "object"
     },
-    "FutureReservationsScopedList": {
-      "id": "FutureReservationsScopedList",
+    "HttpQueryParameterMatch": {
+      "description": "HttpRouteRuleMatch criteria for a request's query parameter.",
+      "id": "HttpQueryParameterMatch",
       "properties": {
-        "futureReservations": {
-          "description": "A list of future reservations contained in this scope.",
-          "items": {
-            "$ref": "FutureReservation"
-          },
-          "type": "array"
+        "exactMatch": {
+          "description": "The queryParameterMatch matches if the value of the parameter exactly matches the contents of exactMatch. Only one of presentMatch, exactMatch, or regexMatch must be set. ",
+          "type": "string"
         },
-        "warning": {
-          "description": "Informational warning which replaces the list of future reservations when the list is empty.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
-              ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
+        "name": {
+          "description": "The name of the query parameter to match. The query parameter must exist in the request, in the absence of which the request match fails.",
+          "type": "string"
+        },
+        "presentMatch": {
+          "description": "Specifies that the queryParameterMatch matches if the request contains the query parameter, irrespective of whether the parameter has a value or not. Only one of presentMatch, exactMatch, or regexMatch must be set. ",
+          "type": "boolean"
+        },
+        "regexMatch": {
+          "description": "The queryParameterMatch matches if the value of the parameter matches the regular expression specified by regexMatch. For more information about regular expression syntax, see Syntax. Only one of presentMatch, exactMatch, or regexMatch must be set. Regular expressions can only be used when the loadBalancingScheme is set to INTERNAL_SELF_MANAGED. ",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "GRPCHealthCheck": {
-      "id": "GRPCHealthCheck",
+    "HttpRedirectAction": {
+      "description": "Specifies settings for an HTTP redirect.",
+      "id": "HttpRedirectAction",
       "properties": {
-        "grpcServiceName": {
-          "description": "The gRPC service name for the health check. This field is optional. The value of grpc_service_name has the following meanings by convention: - Empty service_name means the overall status of all services at the backend. - Non-empty service_name means the health of that gRPC service, as defined by the owner of the service. The grpc_service_name can only be ASCII.",
+        "hostRedirect": {
+          "description": "The host that is used in the redirect response instead of the one that was supplied in the request. The value must be from 1 to 255 characters.",
           "type": "string"
         },
-        "port": {
-          "description": "The TCP port number to which the health check prober sends packets. Valid values are 1 through 65535.",
-          "format": "int32",
-          "type": "integer"
+        "httpsRedirect": {
+          "description": "If set to true, the URL scheme in the redirected request is set to HTTPS. If set to false, the URL scheme of the redirected request remains the same as that of the request. This must only be set for URL maps used in TargetHttpProxys. Setting this true for TargetHttpsProxy is not permitted. The default is set to false.",
+          "type": "boolean"
         },
-        "portName": {
-          "description": "Not supported.",
+        "pathRedirect": {
+          "description": "The path that is used in the redirect response instead of the one that was supplied in the request. pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request is used for the redirect. The value must be from 1 to 1024 characters.",
           "type": "string"
         },
-        "portSpecification": {
-          "description": "Specifies how a port is selected for health checking. Can be one of the following values: USE_FIXED_PORT: Specifies a port number explicitly using the port field in the health check. Supported by backend services for pass-through load balancers and backend services for proxy load balancers. Not supported by target pools. The health check supports all backends supported by the backend service provided the backend can be health checked. For example, GCE_VM_IP network endpoint groups, GCE_VM_IP_PORT network endpoint groups, and instance group backends. USE_NAMED_PORT: Not supported. USE_SERVING_PORT: Provides an indirect method of specifying the health check port by referring to the backend service. Only supported by backend services for proxy load balancers. Not supported by target pools. Not supported by backend services for pass-through load balancers. Supports all backends that can be health checked; for example, GCE_VM_IP_PORT network endpoint groups and instance group backends. For GCE_VM_IP_PORT network endpoint group backends, the health check uses the port number specified for each endpoint in the network endpoint group. For instance group backends, the health check uses the port number determined by looking up the backend service's named port in the instance group's list of named ports.",
+        "prefixRedirect": {
+          "description": "The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, retaining the remaining portion of the URL before redirecting the request. prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request is used for the redirect. The value must be from 1 to 1024 characters.",
+          "type": "string"
+        },
+        "redirectResponseCode": {
+          "description": "The HTTP Status code to use for this RedirectAction. Supported values are: - MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - FOUND, which corresponds to 302. - SEE_OTHER which corresponds to 303. - TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method is retained. - PERMANENT_REDIRECT, which corresponds to 308. In this case, the request method is retained. ",
           "enum": [
-            "USE_FIXED_PORT",
-            "USE_NAMED_PORT",
-            "USE_SERVING_PORT"
+            "FOUND",
+            "MOVED_PERMANENTLY_DEFAULT",
+            "PERMANENT_REDIRECT",
+            "SEE_OTHER",
+            "TEMPORARY_REDIRECT"
           ],
           "enumDescriptions": [
-            "The port number in the health check's port is used for health checking. Applies to network endpoint group and instance group backends.",
-            "Not supported.",
-            "For network endpoint group backends, the health check uses the port number specified on each endpoint in the network endpoint group. For instance group backends, the health check uses the port number specified for the backend service's named port defined in the instance group's named ports."
+            "Http Status Code 302 - Found.",
+            "Http Status Code 301 - Moved Permanently.",
+            "Http Status Code 308 - Permanent Redirect maintaining HTTP method.",
+            "Http Status Code 303 - See Other.",
+            "Http Status Code 307 - Temporary Redirect maintaining HTTP method."
           ],
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "GetOwnerInstanceResponse": {
-      "id": "GetOwnerInstanceResponse",
-      "properties": {
-        "instance": {
-          "description": "Full instance resource URL.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "GlobalAddressesMoveRequest": {
-      "id": "GlobalAddressesMoveRequest",
-      "properties": {
-        "description": {
-          "description": "An optional destination address description if intended to be different from the source.",
-          "type": "string"
         },
-        "destinationAddress": {
-          "description": "The URL of the destination address to move to. This can be a full or partial URL. For example, the following are all valid URLs to a address: - https://www.googleapis.com/compute/v1/projects/project /global/addresses/address - projects/project/global/addresses/address Note that destination project must be different from the source project. So /global/addresses/address is not valid partial url.",
-          "type": "string"
+        "stripQuery": {
+          "description": "If set to true, any accompanying query portion of the original URL is removed before redirecting the request. If set to false, the query portion of the original URL is retained. The default is set to false. ",
+          "type": "boolean"
         }
       },
       "type": "object"
     },
-    "GlobalNetworkEndpointGroupsAttachEndpointsRequest": {
-      "id": "GlobalNetworkEndpointGroupsAttachEndpointsRequest",
+    "HttpRetryPolicy": {
+      "description": "The retry policy associates with HttpRouteRule",
+      "id": "HttpRetryPolicy",
       "properties": {
-        "networkEndpoints": {
-          "description": "The list of network endpoints to be attached.",
+        "numRetries": {
+          "description": "Specifies the allowed number retries. This number must be \u003e 0. If not specified, defaults to 1.",
+          "format": "uint32",
+          "type": "integer"
+        },
+        "perTryTimeout": {
+          "$ref": "Duration",
+          "description": "Specifies a non-zero timeout per retry attempt. If not specified, will use the timeout set in the HttpRouteAction field. If timeout in the HttpRouteAction field is not set, this field uses the largest timeout among all backend services associated with the route. Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true."
+        },
+        "retryConditions": {
+          "description": "Specifies one or more conditions when this retry policy applies. Valid values are: - 5xx: retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams. - gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. - connect-failure: a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts. - retriable-4xx: a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409. - refused-stream: a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - cancelled: a retry is attempted if the gRPC status code in the response header is set to cancelled. - deadline-exceeded: a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded. - internal: a retry is attempted if the gRPC status code in the response header is set to internal. - resource-exhausted: a retry is attempted if the gRPC status code in the response header is set to resource-exhausted. - unavailable: a retry is attempted if the gRPC status code in the response header is set to unavailable. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true. - cancelled - deadline-exceeded - internal - resource-exhausted - unavailable ",
           "items": {
-            "$ref": "NetworkEndpoint"
+            "type": "string"
           },
           "type": "array"
         }
       },
       "type": "object"
     },
-    "GlobalNetworkEndpointGroupsDetachEndpointsRequest": {
-      "id": "GlobalNetworkEndpointGroupsDetachEndpointsRequest",
+    "HttpRouteAction": {
+      "id": "HttpRouteAction",
       "properties": {
-        "networkEndpoints": {
-          "description": "The list of network endpoints to be detached.",
+        "corsPolicy": {
+          "$ref": "CorsPolicy",
+          "description": "The specification for allowing client-side cross-origin requests. For more information about the W3C recommendation for cross-origin resource sharing (CORS), see Fetch API Living Standard. Not supported when the URL map is bound to a target gRPC proxy."
+        },
+        "faultInjectionPolicy": {
+          "$ref": "HttpFaultInjection",
+          "description": "The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. As part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service. Similarly requests from clients can be aborted by the load balancer for a percentage of requests. timeout and retry_policy is ignored by clients that are configured with a fault_injection_policy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection. Fault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: Routing and traffic management features."
+        },
+        "maxStreamDuration": {
+          "$ref": "Duration",
+          "description": "Specifies the maximum duration (timeout) for streams on the selected route. Unlike the timeout field where the timeout duration starts from the time the request has been fully processed (known as *end-of-stream*), the duration in this field is computed from the beginning of the stream until the response has been processed, including all retries. A stream that does not complete in this duration is closed. If not specified, this field uses the maximum maxStreamDuration value among all backend services associated with the route. This field is only allowed if the Url map is used with backend services with loadBalancingScheme set to INTERNAL_SELF_MANAGED."
+        },
+        "requestMirrorPolicy": {
+          "$ref": "RequestMirrorPolicy",
+          "description": "Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. The load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow. Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true."
+        },
+        "retryPolicy": {
+          "$ref": "HttpRetryPolicy",
+          "description": "Specifies the retry policy associated with this route."
+        },
+        "timeout": {
+          "$ref": "Duration",
+          "description": "Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as *end-of-stream*) up until the response has been processed. Timeout includes all retries. If not specified, this field uses the largest timeout among all backend services associated with the route. Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true."
+        },
+        "urlRewrite": {
+          "$ref": "UrlRewrite",
+          "description": "The spec to modify the URL of the request, before forwarding the request to the matched service. urlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers. Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true."
+        },
+        "weightedBackendServices": {
+          "description": "A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number. After a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction.",
           "items": {
-            "$ref": "NetworkEndpoint"
+            "$ref": "WeightedBackendService"
           },
           "type": "array"
         }
       },
       "type": "object"
     },
-    "GlobalOrganizationSetPolicyRequest": {
-      "id": "GlobalOrganizationSetPolicyRequest",
+    "HttpRouteRule": {
+      "description": "The HttpRouteRule setting specifies how to match an HTTP request and the corresponding routing action that load balancing proxies perform.",
+      "id": "HttpRouteRule",
       "properties": {
-        "bindings": {
-          "description": "Flatten Policy to create a backward compatible wire-format. Deprecated. Use 'policy' to specify bindings.",
-          "items": {
-            "$ref": "Binding"
-          },
-          "type": "array"
+        "customErrorResponsePolicy": {
+          "$ref": "CustomErrorResponsePolicy",
+          "description": "customErrorResponsePolicy specifies how the Load Balancer returns error responses when BackendServiceor BackendBucket responds with an error. If a policy for an error code is not configured for the RouteRule, a policy for the error code configured in pathMatcher.defaultCustomErrorResponsePolicy is applied. If one is not specified in pathMatcher.defaultCustomErrorResponsePolicy, the policy configured in UrlMap.defaultCustomErrorResponsePolicy takes effect. For example, consider a UrlMap with the following configuration: - UrlMap.defaultCustomErrorResponsePolicy are configured with policies for 5xx and 4xx errors - A RouteRule for /coming_soon/ is configured for the error code 404. If the request is for www.myotherdomain.com and a 404 is encountered, the policy under UrlMap.defaultCustomErrorResponsePolicy takes effect. If a 404 response is encountered for the request www.example.com/current_events/, the pathMatcher's policy takes effect. If however, the request for www.example.com/coming_soon/ encounters a 404, the policy in RouteRule.customErrorResponsePolicy takes effect. If any of the requests in this example encounter a 500 error code, the policy at UrlMap.defaultCustomErrorResponsePolicy takes effect. When used in conjunction with routeRules.routeAction.retryPolicy, retries take precedence. Only once all retries are exhausted, the customErrorResponsePolicy is applied. While attempting a retry, if load balancer is successful in reaching the service, the customErrorResponsePolicy is ignored and the response from the service is returned to the client. customErrorResponsePolicy is supported only for Global External HTTP(S) load balancing."
         },
-        "etag": {
-          "description": "Flatten Policy to create a backward compatible wire-format. Deprecated. Use 'policy' to specify the etag.",
-          "format": "byte",
+        "description": {
+          "description": "The short description conveying the intent of this routeRule. The description can have a maximum length of 1024 characters.",
           "type": "string"
         },
-        "policy": {
-          "$ref": "Policy",
-          "description": "REQUIRED: The complete policy to be applied to the 'resource'. The size of the policy is limited to a few 10s of KB. An empty policy is in general a valid policy but certain services (like Projects) might reject them."
-        }
-      },
-      "type": "object"
-    },
-    "GlobalSetLabelsRequest": {
-      "id": "GlobalSetLabelsRequest",
-      "properties": {
-        "labelFingerprint": {
-          "description": "The fingerprint of the previous set of labels for this resource, used to detect conflicts. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash when updating or changing labels, otherwise the request will fail with error 412 conditionNotMet. Make a get() request to the resource to get the latest fingerprint.",
-          "format": "byte",
-          "type": "string"
+        "headerAction": {
+          "$ref": "HttpHeaderAction",
+          "description": "Specifies changes to request and response headers that need to take effect for the selected backendService. The headerAction value specified here is applied before the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].routeAction.weightedBackendService.backendServiceWeightAction[].headerAction HeaderAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true."
         },
-        "labels": {
-          "additionalProperties": {
-            "type": "string"
+        "httpFilterConfigs": {
+          "description": "Outbound route specific configuration for networkservices.HttpFilter resources enabled by Traffic Director. httpFilterConfigs only applies for load balancers with loadBalancingScheme set to INTERNAL_SELF_MANAGED. See ForwardingRule for more details. Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true.",
+          "items": {
+            "$ref": "HttpFilterConfig"
           },
-          "description": "A list of labels to apply for this resource. Each label must comply with the requirements for labels. For example, \"webserver-frontend\": \"images\". A label value can also be empty (e.g. \"my-label\": \"\").",
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "GlobalSetPolicyRequest": {
-      "id": "GlobalSetPolicyRequest",
-      "properties": {
-        "bindings": {
-          "description": "Flatten Policy to create a backward compatible wire-format. Deprecated. Use 'policy' to specify bindings.",
+          "type": "array"
+        },
+        "httpFilterMetadata": {
+          "description": "Outbound route specific metadata supplied to networkservices.HttpFilter resources enabled by Traffic Director. httpFilterMetadata only applies for load balancers with loadBalancingScheme set to INTERNAL_SELF_MANAGED. See ForwardingRule for more details. The only configTypeUrl supported is type.googleapis.com/google.protobuf.Struct Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true.",
           "items": {
-            "$ref": "Binding"
+            "$ref": "HttpFilterConfig"
           },
           "type": "array"
         },
-        "etag": {
-          "description": "Flatten Policy to create a backward compatible wire-format. Deprecated. Use 'policy' to specify the etag.",
-          "format": "byte",
-          "type": "string"
+        "matchRules": {
+          "description": "The list of criteria for matching attributes of a request to this routeRule. This list has OR semantics: the request matches this routeRule when any of the matchRules are satisfied. However predicates within a given matchRule have AND semantics. All predicates within a matchRule must match for the request to match the rule.",
+          "items": {
+            "$ref": "HttpRouteRuleMatch"
+          },
+          "type": "array"
         },
-        "policy": {
-          "$ref": "Policy",
-          "description": "REQUIRED: The complete policy to be applied to the 'resource'. The size of the policy is limited to a few 10s of KB. An empty policy is in general a valid policy but certain services (like Projects) might reject them."
-        }
-      },
-      "type": "object"
-    },
-    "GrpcServiceConfig": {
-      "description": "[Deprecated] gRPC config to access the SDS server. gRPC config to access the SDS server.",
-      "id": "GrpcServiceConfig",
-      "properties": {
-        "callCredentials": {
-          "$ref": "CallCredentials",
-          "description": "The call credentials to access the SDS server."
+        "priority": {
+          "description": "For routeRules within a given pathMatcher, priority determines the order in which a load balancer interprets routeRules. RouteRules are evaluated in order of priority, from the lowest to highest number. The priority of a rule decreases as its number increases (1, 2, 3, N+1). The first rule that matches the request is applied. You cannot configure two or more routeRules with the same priority. Priority for each rule must be set to a number from 0 to 2147483647 inclusive. Priority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules.",
+          "format": "int32",
+          "type": "integer"
         },
-        "channelCredentials": {
-          "$ref": "ChannelCredentials",
-          "description": "The channel credentials to access the SDS server."
+        "routeAction": {
+          "$ref": "HttpRouteAction",
+          "description": "In response to a matching matchRule, the load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If routeAction specifies any weightedBackendServices, service must not be set. Conversely if service is set, routeAction cannot contain any weightedBackendServices. Only one of urlRedirect, service or routeAction.weightedBackendService must be set. URL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within a route rule's routeAction."
         },
-        "targetUri": {
-          "description": "The target URI of the SDS server.",
+        "service": {
+          "description": "The full or partial URL of the backend service resource to which traffic is directed if this rule is matched. If routeAction is also specified, advanced routing actions, such as URL rewrites, take effect before sending the request to the backend. However, if service is specified, routeAction cannot contain any weightedBackendServices. Conversely, if routeAction specifies any weightedBackendServices, service must not be specified. Only one of urlRedirect, service or routeAction.weightedBackendService must be set.",
           "type": "string"
+        },
+        "urlRedirect": {
+          "$ref": "HttpRedirectAction",
+          "description": "When this rule is matched, the request is redirected to a URL specified by urlRedirect. If urlRedirect is specified, service or routeAction must not be set. Not supported when the URL map is bound to a target gRPC proxy."
         }
       },
       "type": "object"
     },
-    "GuestAttributes": {
-      "description": "A guest attributes entry.",
-      "id": "GuestAttributes",
+    "HttpRouteRuleMatch": {
+      "description": "HttpRouteRuleMatch specifies a set of criteria for matching requests to an HttpRouteRule. All specified criteria must be satisfied for a match to occur.",
+      "id": "HttpRouteRuleMatch",
       "properties": {
-        "kind": {
-          "default": "compute#guestAttributes",
-          "description": "[Output Only] Type of the resource. Always compute#guestAttributes for guest attributes entry.",
-          "type": "string"
-        },
-        "queryPath": {
-          "description": "The path to be queried. This can be the default namespace ('') or a nested namespace ('\\/') or a specified key ('\\/\\').",
+        "fullPathMatch": {
+          "description": "For satisfying the matchRule condition, the path of the request must exactly match the value specified in fullPathMatch after removing any query parameters and anchor that may be part of the original URL. fullPathMatch must be from 1 to 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must be specified.",
           "type": "string"
         },
-        "queryValue": {
-          "$ref": "GuestAttributesValue",
-          "description": "[Output Only] The value of the requested queried path."
+        "headerMatches": {
+          "description": "Specifies a list of header match criteria, all of which must match corresponding headers in the request.",
+          "items": {
+            "$ref": "HttpHeaderMatch"
+          },
+          "type": "array"
         },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
-          "type": "string"
+        "ignoreCase": {
+          "description": "Specifies that prefixMatch and fullPathMatch matches are case sensitive. The default value is false. ignoreCase must not be used with regexMatch. Not supported when the URL map is bound to a target gRPC proxy.",
+          "type": "boolean"
         },
-        "variableKey": {
-          "description": "The key to search for.",
-          "type": "string"
+        "metadataFilters": {
+          "description": "Opaque filter criteria used by the load balancer to restrict routing configuration to a limited set of xDS compliant clients. In their xDS requests to the load balancer, xDS clients present node metadata. When there is a match, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels provided in the metadata. If multiple metadata filters are specified, all of them need to be satisfied in order to be considered a match. metadataFilters specified here is applied after those specified in ForwardingRule that refers to the UrlMap this HttpRouteRuleMatch belongs to. metadataFilters only applies to load balancers that have loadBalancingScheme set to INTERNAL_SELF_MANAGED. Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true.",
+          "items": {
+            "$ref": "MetadataFilter"
+          },
+          "type": "array"
         },
-        "variableValue": {
-          "description": "[Output Only] The value found for the requested key.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "GuestAttributesEntry": {
-      "description": "A guest attributes namespace/key/value entry.",
-      "id": "GuestAttributesEntry",
-      "properties": {
-        "key": {
-          "description": "Key for the guest attribute entry.",
+        "pathTemplateMatch": {
+          "description": "If specified, the route is a pattern match expression that must match the :path header once the query string is removed. A pattern match allows you to match - The value must be between 1 and 1024 characters - The pattern must start with a leading slash (\"/\") - There may be no more than 5 operators in pattern Precisely one of prefix_match, full_path_match, regex_match or path_template_match must be set.",
           "type": "string"
         },
-        "namespace": {
-          "description": "Namespace for the guest attribute entry.",
+        "prefixMatch": {
+          "description": "For satisfying the matchRule condition, the request's path must begin with the specified prefixMatch. prefixMatch must begin with a /. The value must be from 1 to 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must be specified.",
           "type": "string"
         },
-        "value": {
-          "description": "Value for the guest attribute entry.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "GuestAttributesValue": {
-      "description": "Array of guest attribute namespace/key/value tuples.",
-      "id": "GuestAttributesValue",
-      "properties": {
-        "items": {
+        "queryParameterMatches": {
+          "description": "Specifies a list of query parameter match criteria, all of which must match corresponding query parameters in the request. Not supported when the URL map is bound to a target gRPC proxy.",
           "items": {
-            "$ref": "GuestAttributesEntry"
+            "$ref": "HttpQueryParameterMatch"
           },
           "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "GuestOsFeature": {
-      "description": "Guest OS features.",
-      "id": "GuestOsFeature",
-      "properties": {
-        "type": {
-          "description": "The ID of a supported feature. To add multiple values, use commas to separate values. Set to one or more of the following values: - VIRTIO_SCSI_MULTIQUEUE - WINDOWS - MULTI_IP_SUBNET - UEFI_COMPATIBLE - GVNIC - SEV_CAPABLE - SUSPEND_RESUME_COMPATIBLE - SEV_SNP_CAPABLE For more information, see Enabling guest operating system features.",
-          "enum": [
-            "BARE_METAL_LINUX_COMPATIBLE",
-            "FEATURE_TYPE_UNSPECIFIED",
-            "GVNIC",
-            "MULTI_IP_SUBNET",
-            "SECURE_BOOT",
-            "SEV_CAPABLE",
-            "SEV_LIVE_MIGRATABLE",
-            "SEV_SNP_CAPABLE",
-            "UEFI_COMPATIBLE",
-            "VIRTIO_SCSI_MULTIQUEUE",
-            "WINDOWS"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            ""
-          ],
+        },
+        "regexMatch": {
+          "description": "For satisfying the matchRule condition, the path of the request must satisfy the regular expression specified in regexMatch after removing any query parameters and anchor supplied with the original URL. For more information about regular expression syntax, see Syntax. Only one of prefixMatch, fullPathMatch or regexMatch must be specified. Regular expressions can only be used when the loadBalancingScheme is set to INTERNAL_SELF_MANAGED.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "HTTP2HealthCheck": {
-      "id": "HTTP2HealthCheck",
+    "HttpsHealthCheck": {
+      "description": "Represents a legacy HTTPS Health Check resource. Legacy HTTPS health checks have been deprecated. If you are using a target pool-based network load balancer, you must use a legacy HTTP (not HTTPS) health check. For all other load balancers, including backend service-based network load balancers, and for managed instance group auto-healing, you must use modern (non-legacy) health checks. For more information, see Health checks overview .",
+      "id": "HttpsHealthCheck",
       "properties": {
-        "host": {
-          "description": "The value of the host header in the HTTP/2 health check request. If left empty (default value), the host header is set to the destination IP address to which health check packets are sent. The destination IP address depends on the type of load balancer. For details, see: https://cloud.google.com/load-balancing/docs/health-check-concepts#hc-packet-dest",
-          "type": "string"
-        },
-        "port": {
-          "description": "The TCP port number to which the health check prober sends packets. The default value is 443. Valid values are 1 through 65535.",
+        "checkIntervalSec": {
+          "description": "How often (in seconds) to send a health check. The default value is 5 seconds.",
           "format": "int32",
           "type": "integer"
         },
-        "portName": {
-          "description": "Not supported.",
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
           "type": "string"
         },
-        "portSpecification": {
-          "description": "Specifies how a port is selected for health checking. Can be one of the following values: USE_FIXED_PORT: Specifies a port number explicitly using the port field in the health check. Supported by backend services for pass-through load balancers and backend services for proxy load balancers. Not supported by target pools. The health check supports all backends supported by the backend service provided the backend can be health checked. For example, GCE_VM_IP network endpoint groups, GCE_VM_IP_PORT network endpoint groups, and instance group backends. USE_NAMED_PORT: Not supported. USE_SERVING_PORT: Provides an indirect method of specifying the health check port by referring to the backend service. Only supported by backend services for proxy load balancers. Not supported by target pools. Not supported by backend services for pass-through load balancers. Supports all backends that can be health checked; for example, GCE_VM_IP_PORT network endpoint groups and instance group backends. For GCE_VM_IP_PORT network endpoint group backends, the health check uses the port number specified for each endpoint in the network endpoint group. For instance group backends, the health check uses the port number determined by looking up the backend service's named port in the instance group's list of named ports.",
-          "enum": [
-            "USE_FIXED_PORT",
-            "USE_NAMED_PORT",
-            "USE_SERVING_PORT"
-          ],
-          "enumDescriptions": [
-            "The port number in the health check's port is used for health checking. Applies to network endpoint group and instance group backends.",
-            "Not supported.",
-            "For network endpoint group backends, the health check uses the port number specified on each endpoint in the network endpoint group. For instance group backends, the health check uses the port number specified for the backend service's named port defined in the instance group's named ports."
-          ],
+        "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
           "type": "string"
         },
-        "proxyHeader": {
-          "description": "Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. The default is NONE.",
-          "enum": [
-            "NONE",
-            "PROXY_V1"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
-          "type": "string"
+        "healthyThreshold": {
+          "description": "A so-far unhealthy instance will be marked healthy after this many consecutive successes. The default value is 2.",
+          "format": "int32",
+          "type": "integer"
         },
-        "requestPath": {
-          "description": "The request path of the HTTP/2 health check request. The default value is /.",
+        "host": {
+          "description": "The value of the host header in the HTTPS health check request. If left empty (default value), the public IP on behalf of which this health check is performed will be used.",
           "type": "string"
         },
-        "response": {
-          "description": "Creates a content-based HTTP/2 health check. In addition to the required HTTP 200 (OK) status code, you can configure the health check to pass only when the backend sends this specific ASCII response string within the first 1024 bytes of the HTTP response body. For details, see: https://cloud.google.com/load-balancing/docs/health-check-concepts#criteria-protocol-http",
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
           "type": "string"
         },
-        "weightReportMode": {
-          "description": "Weight report mode. used for weighted Load Balancing.",
-          "enum": [
-            "DISABLE",
-            "DRY_RUN",
-            "ENABLE"
-          ],
-          "enumDescriptions": [
-            "Health Checker will not parse the header field.",
-            "Health Checker will parse and report the weight in the header field, but load balancing will not be based on the weights and will use equal weights.",
-            "Health Checker will try to parse and report the weight in the header field, and load balancing will be based on the weights as long as all backends have a valid weight or only a subset of backends has the UNAVAILABLE_WEIGHT WeightError. The latter case is to continue the weighted load balancing while some backends are in TIMEOUT or UNKNOWN health status."
-          ],
+        "kind": {
+          "default": "compute#httpsHealthCheck",
+          "description": "Type of the resource.",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "HTTPHealthCheck": {
-      "id": "HTTPHealthCheck",
-      "properties": {
-        "host": {
-          "description": "The value of the host header in the HTTP health check request. If left empty (default value), the host header is set to the destination IP address to which health check packets are sent. The destination IP address depends on the type of load balancer. For details, see: https://cloud.google.com/load-balancing/docs/health-check-concepts#hc-packet-dest",
+        },
+        "name": {
+          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
         },
         "port": {
-          "description": "The TCP port number to which the health check prober sends packets. The default value is 80. Valid values are 1 through 65535.",
+          "description": "The TCP port number for the HTTPS health check request. The default value is 443.",
           "format": "int32",
           "type": "integer"
         },
-        "portName": {
-          "description": "Not supported.",
-          "type": "string"
-        },
-        "portSpecification": {
-          "description": "Specifies how a port is selected for health checking. Can be one of the following values: USE_FIXED_PORT: Specifies a port number explicitly using the port field in the health check. Supported by backend services for pass-through load balancers and backend services for proxy load balancers. Also supported in legacy HTTP health checks for target pools. The health check supports all backends supported by the backend service provided the backend can be health checked. For example, GCE_VM_IP network endpoint groups, GCE_VM_IP_PORT network endpoint groups, and instance group backends. USE_NAMED_PORT: Not supported. USE_SERVING_PORT: Provides an indirect method of specifying the health check port by referring to the backend service. Only supported by backend services for proxy load balancers. Not supported by target pools. Not supported by backend services for pass-through load balancers. Supports all backends that can be health checked; for example, GCE_VM_IP_PORT network endpoint groups and instance group backends. For GCE_VM_IP_PORT network endpoint group backends, the health check uses the port number specified for each endpoint in the network endpoint group. For instance group backends, the health check uses the port number determined by looking up the backend service's named port in the instance group's list of named ports.",
-          "enum": [
-            "USE_FIXED_PORT",
-            "USE_NAMED_PORT",
-            "USE_SERVING_PORT"
-          ],
-          "enumDescriptions": [
-            "The port number in the health check's port is used for health checking. Applies to network endpoint group and instance group backends.",
-            "Not supported.",
-            "For network endpoint group backends, the health check uses the port number specified on each endpoint in the network endpoint group. For instance group backends, the health check uses the port number specified for the backend service's named port defined in the instance group's named ports."
-          ],
+        "requestPath": {
+          "description": "The request path of the HTTPS health check request. The default value is \"/\". Must comply with RFC3986.",
           "type": "string"
         },
-        "proxyHeader": {
-          "description": "Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. The default is NONE.",
-          "enum": [
-            "NONE",
-            "PROXY_V1"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
           "type": "string"
         },
-        "requestPath": {
-          "description": "The request path of the HTTP health check request. The default value is /.",
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
           "type": "string"
         },
-        "response": {
-          "description": "Creates a content-based HTTP health check. In addition to the required HTTP 200 (OK) status code, you can configure the health check to pass only when the backend sends this specific ASCII response string within the first 1024 bytes of the HTTP response body. For details, see: https://cloud.google.com/load-balancing/docs/health-check-concepts#criteria-protocol-http",
-          "type": "string"
+        "timeoutSec": {
+          "description": "How long (in seconds) to wait before claiming failure. The default value is 5 seconds. It is invalid for timeoutSec to have a greater value than checkIntervalSec.",
+          "format": "int32",
+          "type": "integer"
         },
-        "weightReportMode": {
-          "description": "Weight report mode. used for weighted Load Balancing.",
-          "enum": [
-            "DISABLE",
-            "DRY_RUN",
-            "ENABLE"
-          ],
-          "enumDescriptions": [
-            "Health Checker will not parse the header field.",
-            "Health Checker will parse and report the weight in the header field, but load balancing will not be based on the weights and will use equal weights.",
-            "Health Checker will try to parse and report the weight in the header field, and load balancing will be based on the weights as long as all backends have a valid weight or only a subset of backends has the UNAVAILABLE_WEIGHT WeightError. The latter case is to continue the weighted load balancing while some backends are in TIMEOUT or UNKNOWN health status."
-          ],
-          "type": "string"
+        "unhealthyThreshold": {
+          "description": "A so-far healthy instance will be marked unhealthy after this many consecutive failures. The default value is 2.",
+          "format": "int32",
+          "type": "integer"
         }
       },
       "type": "object"
     },
-    "HTTPSHealthCheck": {
-      "id": "HTTPSHealthCheck",
+    "HttpsHealthCheckList": {
+      "description": "Contains a list of HttpsHealthCheck resources.",
+      "id": "HttpsHealthCheckList",
       "properties": {
-        "host": {
-          "description": "The value of the host header in the HTTPS health check request. If left empty (default value), the host header is set to the destination IP address to which health check packets are sent. The destination IP address depends on the type of load balancer. For details, see: https://cloud.google.com/load-balancing/docs/health-check-concepts#hc-packet-dest",
-          "type": "string"
-        },
-        "port": {
-          "description": "The TCP port number to which the health check prober sends packets. The default value is 443. Valid values are 1 through 65535.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "portName": {
-          "description": "Not supported.",
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
-        "portSpecification": {
-          "description": "Specifies how a port is selected for health checking. Can be one of the following values: USE_FIXED_PORT: Specifies a port number explicitly using the port field in the health check. Supported by backend services for pass-through load balancers and backend services for proxy load balancers. Not supported by target pools. The health check supports all backends supported by the backend service provided the backend can be health checked. For example, GCE_VM_IP network endpoint groups, GCE_VM_IP_PORT network endpoint groups, and instance group backends. USE_NAMED_PORT: Not supported. USE_SERVING_PORT: Provides an indirect method of specifying the health check port by referring to the backend service. Only supported by backend services for proxy load balancers. Not supported by target pools. Not supported by backend services for pass-through load balancers. Supports all backends that can be health checked; for example, GCE_VM_IP_PORT network endpoint groups and instance group backends. For GCE_VM_IP_PORT network endpoint group backends, the health check uses the port number specified for each endpoint in the network endpoint group. For instance group backends, the health check uses the port number determined by looking up the backend service's named port in the instance group's list of named ports.",
-          "enum": [
-            "USE_FIXED_PORT",
-            "USE_NAMED_PORT",
-            "USE_SERVING_PORT"
-          ],
-          "enumDescriptions": [
-            "The port number in the health check's port is used for health checking. Applies to network endpoint group and instance group backends.",
-            "Not supported.",
-            "For network endpoint group backends, the health check uses the port number specified on each endpoint in the network endpoint group. For instance group backends, the health check uses the port number specified for the backend service's named port defined in the instance group's named ports."
-          ],
-          "type": "string"
+        "items": {
+          "description": "A list of HttpsHealthCheck resources.",
+          "items": {
+            "$ref": "HttpsHealthCheck"
+          },
+          "type": "array"
         },
-        "proxyHeader": {
-          "description": "Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. The default is NONE.",
-          "enum": [
-            "NONE",
-            "PROXY_V1"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
+        "kind": {
+          "default": "compute#httpsHealthCheckList",
+          "description": "Type of resource.",
           "type": "string"
         },
-        "requestPath": {
-          "description": "The request path of the HTTPS health check request. The default value is /.",
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
           "type": "string"
         },
-        "response": {
-          "description": "Creates a content-based HTTPS health check. In addition to the required HTTP 200 (OK) status code, you can configure the health check to pass only when the backend sends this specific ASCII response string within the first 1024 bytes of the HTTP response body. For details, see: https://cloud.google.com/load-balancing/docs/health-check-concepts#criteria-protocol-http",
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
-        "weightReportMode": {
-          "description": "Weight report mode. used for weighted Load Balancing.",
-          "enum": [
-            "DISABLE",
-            "DRY_RUN",
-            "ENABLE"
-          ],
-          "enumDescriptions": [
-            "Health Checker will not parse the header field.",
-            "Health Checker will parse and report the weight in the header field, but load balancing will not be based on the weights and will use equal weights.",
-            "Health Checker will try to parse and report the weight in the header field, and load balancing will be based on the weights as long as all backends have a valid weight or only a subset of backends has the UNAVAILABLE_WEIGHT WeightError. The latter case is to continue the weighted load balancing while some backends are in TIMEOUT or UNKNOWN health status."
-          ],
-          "type": "string"
+        "warning": {
+          "description": "[Output Only] Informational warning message.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
         }
       },
       "type": "object"
     },
-    "HealthCheck": {
-      "description": "Represents a Health Check resource. Google Compute Engine has two Health Check resources: * [Global](/compute/docs/reference/rest/alpha/healthChecks) * [Regional](/compute/docs/reference/rest/alpha/regionHealthChecks) Internal HTTP(S) load balancers must use regional health checks (`compute.v1.regionHealthChecks`). Traffic Director must use global health checks (`compute.v1.HealthChecks`). Internal TCP/UDP load balancers can use either regional or global health checks (`compute.v1.regionHealthChecks` or `compute.v1.HealthChecks`). External HTTP(S), TCP proxy, and SSL proxy load balancers as well as managed instance group auto-healing must use global health checks (`compute.v1.HealthChecks`). Backend service-based network load balancers must use regional health checks (`compute.v1.regionHealthChecks`). Target pool-based network load balancers must use legacy HTTP health checks (`compute.v1.httpHealthChecks`). For more information, see Health checks overview.",
-      "id": "HealthCheck",
+    "Image": {
+      "description": "Represents an Image resource. You can use images to create boot disks for your VM instances. For more information, read Images.",
+      "id": "Image",
       "properties": {
-        "checkIntervalSec": {
-          "description": "How often (in seconds) to send a health check. The default value is 5 seconds.",
-          "format": "int32",
-          "type": "integer"
+        "architecture": {
+          "description": "The architecture of the image. Valid values are ARM64 or X86_64.",
+          "enum": [
+            "ARCHITECTURE_UNSPECIFIED",
+            "ARM64",
+            "X86_64"
+          ],
+          "enumDescriptions": [
+            "Default value indicating Architecture is not set.",
+            "Machines with architecture ARM64",
+            "Machines with architecture X86_64"
+          ],
+          "type": "string"
+        },
+        "archiveSizeBytes": {
+          "description": "Size of the image tar.gz archive stored in Google Cloud Storage (in bytes).",
+          "format": "int64",
+          "type": "string"
         },
         "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in 3339 text format.",
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
           "type": "string"
         },
+        "deprecated": {
+          "$ref": "DeprecationStatus",
+          "description": "The deprecation status associated with this image."
+        },
         "description": {
           "description": "An optional description of this resource. Provide this property when you create the resource.",
           "type": "string"
         },
-        "grpcHealthCheck": {
-          "$ref": "GRPCHealthCheck"
-        },
-        "healthyThreshold": {
-          "description": "A so-far unhealthy instance will be marked healthy after this many consecutive successes. The default value is 2.",
-          "format": "int32",
-          "type": "integer"
+        "diskSizeGb": {
+          "description": "Size of the image when restored onto a persistent disk (in GB).",
+          "format": "int64",
+          "type": "string"
         },
-        "http2HealthCheck": {
-          "$ref": "HTTP2HealthCheck"
+        "enableConfidentialCompute": {
+          "description": "Whether this image is created from a confidential compute mode disk. [Output Only]: This field is not set by user, but from source disk.",
+          "type": "boolean"
         },
-        "httpHealthCheck": {
-          "$ref": "HTTPHealthCheck"
+        "family": {
+          "description": "The name of the image family to which this image belongs. The image family name can be from a publicly managed image family provided by Compute Engine, or from a custom image family you create. For example, centos-stream-9 is a publicly available image family. For more information, see Image family best practices. When creating disks, you can specify an image family instead of a specific image name. The image family always returns its latest image that is not deprecated. The name of the image family must comply with RFC1035.",
+          "type": "string"
         },
-        "httpsHealthCheck": {
-          "$ref": "HTTPSHealthCheck"
+        "guestOsFeatures": {
+          "description": "A list of features to enable on the guest operating system. Applicable only for bootable images. To see a list of available options, see the guestOSfeatures[].type parameter.",
+          "items": {
+            "$ref": "GuestOsFeature"
+          },
+          "type": "array"
         },
         "id": {
           "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
           "format": "uint64",
           "type": "string"
         },
+        "imageEncryptionKey": {
+          "$ref": "CustomerEncryptionKey",
+          "description": "Encrypts the image using a customer-supplied encryption key. After you encrypt an image with a customer-supplied key, you must provide the same key if you use the image later (e.g. to create a disk from the image). Customer-supplied encryption keys do not protect access to metadata of the disk. If you do not provide an encryption key when creating the image, then the disk will be encrypted using an automatically generated key and you do not need to provide a key to use the image later."
+        },
         "kind": {
-          "default": "compute#healthCheck",
-          "description": "Type of the resource.",
+          "default": "compute#image",
+          "description": "[Output Only] Type of the resource. Always compute#image for images.",
           "type": "string"
         },
-        "logConfig": {
-          "$ref": "HealthCheckLogConfig",
-          "description": "Configure logging on this health check."
+        "labelFingerprint": {
+          "description": "A fingerprint for the labels being applied to this image, which is essentially a hash of the labels used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve an image.",
+          "format": "byte",
+          "type": "string"
+        },
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Labels to apply to this image. These can be later modified by the setLabels method.",
+          "type": "object"
+        },
+        "licenseCodes": {
+          "description": "Integer license codes indicating which licenses are attached to this image.",
+          "items": {
+            "format": "int64",
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "licenses": {
+          "description": "Any applicable license URI.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "locked": {
+          "description": "A flag for marketplace VM disk created from the image, which is designed for marketplace VM disk to prevent the proprietary data on the disk from being accessed unwantedly. The flag will be inherited by the disk created from the image. The disk with locked flag set to true will be prohibited from performing the operations below: - R/W or R/O disk attach - Disk detach, if disk is created via create-on-create - Create images - Create snapshots - Create disk clone (create disk from the current disk) The image with the locked field set to true will be prohibited from performing the operations below: - Create images from the current image - Update the locked field for the current image The instance with at least one disk with locked flag set to true will be prohibited from performing the operations below: - Secondary disk attach - Create instant snapshot - Create machine images - Create instance template - Delete the instance with --keep-disk parameter set to true ",
+          "type": "boolean"
         },
         "name": {
-          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. For example, a name that is 1-63 characters long, matches the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`, and otherwise complies with RFC1035. This regular expression describes a name where the first character is a lowercase letter, and all following characters are a dash, lowercase letter, or digit, except the last character, which isn't a dash.",
+          "annotations": {
+            "required": [
+              "compute.images.insert"
+            ]
+          },
+          "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
           "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
         },
-        "region": {
-          "description": "[Output Only] Region where the health check resides. Not applicable to global health checks.",
-          "type": "string"
+        "rawDisk": {
+          "description": "The parameters of the raw disk image.",
+          "properties": {
+            "containerType": {
+              "description": "The format used to encode and transmit the block device, which should be TAR. This is just a container and transmission format and not a runtime format. Provided by the client when the disk image is created.",
+              "enum": [
+                "TAR"
+              ],
+              "enumDescriptions": [
+                ""
+              ],
+              "type": "string"
+            },
+            "sha1Checksum": {
+              "deprecated": true,
+              "description": "[Deprecated] This field is deprecated. An optional SHA1 checksum of the disk image before unpackaging provided by the client when the disk image is created.",
+              "pattern": "[a-f0-9]{40}",
+              "type": "string"
+            },
+            "source": {
+              "description": "The full Google Cloud Storage URL where the raw disk image archive is stored. The following are valid formats for the URL: - https://storage.googleapis.com/bucket_name/image_archive_name - https://storage.googleapis.com/bucket_name/folder_name/ image_archive_name In order to create an image, you must provide the full or partial URL of one of the following: - The rawDisk.source URL - The sourceDisk URL - The sourceImage URL - The sourceSnapshot URL ",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        },
+        "rolloutOverride": {
+          "$ref": "RolloutPolicy",
+          "description": "A rollout policy to apply to this image. When specified, the rollout policy overrides per-zone references to the image via the associated image family. The rollout policy restricts the zones where this image is accessible when using a zonal image family reference. When the rollout policy does not include the user specified zone, or if the zone is rolled out, this image is accessible. The rollout policy for this image is read-only, except for allowlisted users. This field might not be configured. To view the latest non-deprecated image in a specific zone, use the imageFamilyViews.get method."
+        },
+        "satisfiesPzs": {
+          "description": "[Output Only] Reserved for future use.",
+          "type": "boolean"
         },
         "selfLink": {
           "description": "[Output Only] Server-defined URL for the resource.",
           "type": "string"
         },
         "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "description": "[Output Only] Server-defined URL for this resource's resource id.",
           "type": "string"
         },
-        "sourceRegions": {
-          "description": "The list of cloud regions from which health checks are performed. If any regions are specified, then exactly 3 regions should be specified. The region names must be valid names of GCP regions. This can only be set for global health check. If this list is non-empty, then there are restrictions on what other health check fields are supported and what other resources can use this health check: - SSL, HTTP2, and GRPC protocols are not supported. - The TCP request field is not supported. - The proxyHeader field for HTTP, HTTPS, and TCP is not supported. - The checkIntervalSec field must be at least 30. - The health check cannot be used with BackendService nor with managed instance group auto-healing. ",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "shieldedInstanceInitialState": {
+          "$ref": "InitialStateConfig",
+          "description": "Set the secure boot keys of shielded instance."
         },
-        "sslHealthCheck": {
-          "$ref": "SSLHealthCheck"
+        "sourceDisk": {
+          "description": "URL of the source disk used to create this image. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - projects/project/zones/zone/disks/disk - zones/zone/disks/disk In order to create an image, you must provide the full or partial URL of one of the following: - The rawDisk.source URL - The sourceDisk URL - The sourceImage URL - The sourceSnapshot URL ",
+          "type": "string"
         },
-        "tcpHealthCheck": {
-          "$ref": "TCPHealthCheck"
+        "sourceDiskEncryptionKey": {
+          "$ref": "CustomerEncryptionKey",
+          "description": "The customer-supplied encryption key of the source disk. Required if the source disk is protected by a customer-supplied encryption key."
         },
-        "timeoutSec": {
-          "description": "How long (in seconds) to wait before claiming failure. The default value is 5 seconds. It is invalid for timeoutSec to have greater value than checkIntervalSec.",
-          "format": "int32",
-          "type": "integer"
+        "sourceDiskId": {
+          "description": "[Output Only] The ID value of the disk used to create this image. This value may be used to determine whether the image was taken from the current or a previous instance of a given disk name.",
+          "type": "string"
         },
-        "type": {
-          "description": "Specifies the type of the healthCheck, either TCP, SSL, HTTP, HTTPS, HTTP2 or GRPC. Exactly one of the protocol-specific health check fields must be specified, which must match type field.",
-          "enum": [
-            "GRPC",
-            "HTTP",
-            "HTTP2",
-            "HTTPS",
-            "INVALID",
-            "SSL",
-            "TCP",
-            "UDP"
+        "sourceImage": {
+          "description": "URL of the source image used to create this image. The following are valid formats for the URL: - https://www.googleapis.com/compute/v1/projects/project_id/global/ images/image_name - projects/project_id/global/images/image_name In order to create an image, you must provide the full or partial URL of one of the following: - The rawDisk.source URL - The sourceDisk URL - The sourceImage URL - The sourceSnapshot URL ",
+          "type": "string"
+        },
+        "sourceImageEncryptionKey": {
+          "$ref": "CustomerEncryptionKey",
+          "description": "The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key."
+        },
+        "sourceImageId": {
+          "description": "[Output Only] The ID value of the image used to create this image. This value may be used to determine whether the image was taken from the current or a previous instance of a given image name.",
+          "type": "string"
+        },
+        "sourceSnapshot": {
+          "description": "URL of the source snapshot used to create this image. The following are valid formats for the URL: - https://www.googleapis.com/compute/v1/projects/project_id/global/ snapshots/snapshot_name - projects/project_id/global/snapshots/snapshot_name In order to create an image, you must provide the full or partial URL of one of the following: - The rawDisk.source URL - The sourceDisk URL - The sourceImage URL - The sourceSnapshot URL ",
+          "type": "string"
+        },
+        "sourceSnapshotEncryptionKey": {
+          "$ref": "CustomerEncryptionKey",
+          "description": "The customer-supplied encryption key of the source snapshot. Required if the source snapshot is protected by a customer-supplied encryption key."
+        },
+        "sourceSnapshotId": {
+          "description": "[Output Only] The ID value of the snapshot used to create this image. This value may be used to determine whether the snapshot was taken from the current or a previous instance of a given snapshot name.",
+          "type": "string"
+        },
+        "sourceType": {
+          "default": "RAW",
+          "description": "The type of the image used to create this disk. The default and only valid value is RAW.",
+          "enum": [
+            "RAW"
           ],
           "enumDescriptions": [
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
             ""
           ],
           "type": "string"
         },
-        "udpHealthCheck": {
-          "$ref": "UDPHealthCheck"
+        "status": {
+          "description": "[Output Only] The status of the image. An image can be used to create other resources, such as instances, only after the image has been successfully created and the status is set to READY. Possible values are FAILED, PENDING, or READY.",
+          "enum": [
+            "DELETING",
+            "FAILED",
+            "PENDING",
+            "READY"
+          ],
+          "enumDescriptions": [
+            "Image is deleting.",
+            "Image creation failed due to an error.",
+            "Image hasn't been created as yet.",
+            "Image has been successfully created."
+          ],
+          "type": "string"
         },
-        "unhealthyThreshold": {
-          "description": "A so-far healthy instance will be marked unhealthy after this many consecutive failures. The default value is 2.",
-          "format": "int32",
-          "type": "integer"
+        "storageLocations": {
+          "description": "Cloud Storage bucket storage location of the image (regional or multi-regional).",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "userLicenses": {
+          "description": "A list of publicly visible user-licenses. Unlike regular licenses, user provided licenses can be modified after the disk is created. This includes a list of URLs to the license resource. For example, to provide a debian license: https://www.googleapis.com/compute/v1/projects/debian-cloud/global/licenses/debian-9-stretch ",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "HealthCheckList": {
-      "description": "Contains a list of HealthCheck resources.",
-      "id": "HealthCheckList",
+    "ImageFamilyView": {
+      "id": "ImageFamilyView",
+      "properties": {
+        "image": {
+          "$ref": "Image",
+          "description": "The latest image that is part of the specified image family in the requested location, and that is not deprecated."
+        }
+      },
+      "type": "object"
+    },
+    "ImageList": {
+      "description": "Contains a list of images.",
+      "id": "ImageList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of HealthCheck resources.",
+          "description": "A list of Image resources.",
           "items": {
-            "$ref": "HealthCheck"
+            "$ref": "Image"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#healthCheckList",
+          "default": "compute#imageList",
           "description": "Type of resource.",
           "type": "string"
         },
@@ -50061,6 +55595,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -50079,6 +55614,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -50090,6 +55655,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -50137,274 +55703,371 @@
       },
       "type": "object"
     },
-    "HealthCheckLogConfig": {
-      "description": "Configuration of logging on a health check. If logging is enabled, logs will be exported to Stackdriver.",
-      "id": "HealthCheckLogConfig",
+    "InitialStateConfig": {
+      "description": "Initial State for shielded instance, these are public keys which are safe to store in public",
+      "id": "InitialStateConfig",
       "properties": {
-        "enable": {
-          "description": "Indicates whether or not to export logs. This is false by default, which means no health check logging will be done.",
-          "type": "boolean"
+        "dbs": {
+          "description": "The Key Database (db).",
+          "items": {
+            "$ref": "FileContentBuffer"
+          },
+          "type": "array"
+        },
+        "dbxs": {
+          "description": "The forbidden key database (dbx).",
+          "items": {
+            "$ref": "FileContentBuffer"
+          },
+          "type": "array"
+        },
+        "keks": {
+          "description": "The Key Exchange Key (KEK).",
+          "items": {
+            "$ref": "FileContentBuffer"
+          },
+          "type": "array"
+        },
+        "pk": {
+          "$ref": "FileContentBuffer",
+          "description": "The Platform Key (PK)."
         }
       },
       "type": "object"
     },
-    "HealthCheckReference": {
-      "description": "A full or valid partial URL to a health check. For example, the following are valid URLs: - https://www.googleapis.com/compute/beta/projects/project-id/global/httpHealthChecks/health-check - projects/project-id/global/httpHealthChecks/health-check - global/httpHealthChecks/health-check ",
-      "id": "HealthCheckReference",
+    "Instance": {
+      "description": "Represents an Instance resource. An instance is a virtual machine that is hosted on Google Cloud Platform. For more information, read Virtual Machine Instances.",
+      "id": "Instance",
       "properties": {
-        "healthCheck": {
+        "advancedMachineFeatures": {
+          "$ref": "AdvancedMachineFeatures",
+          "description": "Controls for advanced machine-related behavior features."
+        },
+        "canIpForward": {
+          "description": "Allows this instance to send and receive packets with non-matching destination or source IPs. This is required if you plan to use this instance to forward routes. For more information, see Enabling IP Forwarding .",
+          "type": "boolean"
+        },
+        "confidentialInstanceConfig": {
+          "$ref": "ConfidentialInstanceConfig"
+        },
+        "cpuPlatform": {
+          "description": "[Output Only] The CPU platform used by this instance.",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "HealthCheckService": {
-      "description": "Represents a Health-Check as a Service resource.",
-      "id": "HealthCheckService",
-      "properties": {
+        },
         "creationTimestamp": {
           "description": "[Output Only] Creation timestamp in RFC3339 text format.",
           "type": "string"
         },
+        "deletionProtection": {
+          "description": "Whether the resource should be protected against deletion.",
+          "type": "boolean"
+        },
         "description": {
           "description": "An optional description of this resource. Provide this property when you create the resource.",
           "type": "string"
         },
+        "disks": {
+          "description": "Array of disks associated with this instance. Persistent disks must be created before you can assign them.",
+          "items": {
+            "$ref": "AttachedDisk"
+          },
+          "type": "array"
+        },
+        "displayDevice": {
+          "$ref": "DisplayDevice",
+          "description": "Enables display device for the instance."
+        },
+        "eraseWindowsVssSignature": {
+          "description": "Specifies whether the disks restored from source snapshots or source machine image should erase Windows specific VSS signature.",
+          "type": "boolean"
+        },
         "fingerprint": {
-          "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a HealthCheckService. An up-to-date fingerprint must be provided in order to patch/update the HealthCheckService; Otherwise, the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve the HealthCheckService.",
+          "description": "Specifies a fingerprint for this resource, which is essentially a hash of the instance's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update the instance. You must always provide an up-to-date fingerprint hash in order to update the instance. To see the latest fingerprint, make get() request to the instance.",
           "format": "byte",
           "type": "string"
         },
-        "healthChecks": {
-          "description": "A list of URLs to the HealthCheck resources. Must have at least one HealthCheck, and not more than 10 for regional HealthCheckService, and not more than 1 for global HealthCheckService. HealthCheck resources must have portSpecification=USE_SERVING_PORT or portSpecification=USE_FIXED_PORT. For regional HealthCheckService, the HealthCheck must be regional and in the same region. For global HealthCheckService, HealthCheck must be global. Mix of regional and global HealthChecks is not supported. Multiple regional HealthChecks must belong to the same region. Regional HealthChecks must belong to the same region as zones of NetworkEndpointGroups. For global HealthCheckService using global INTERNET_IP_PORT NetworkEndpointGroups, the global HealthChecks must specify sourceRegions, and HealthChecks that specify sourceRegions can only be used with global INTERNET_IP_PORT NetworkEndpointGroups.",
+        "guestAccelerators": {
+          "description": "A list of the type and count of accelerator cards attached to the instance.",
           "items": {
-            "type": "string"
+            "$ref": "AcceleratorConfig"
           },
           "type": "array"
         },
-        "healthStatusAggregationPolicy": {
-          "description": "Optional. Policy for how the results from multiple health checks for the same endpoint are aggregated. Defaults to NO_AGGREGATION if unspecified. - NO_AGGREGATION. An EndpointHealth message is returned for each pair in the health check service. - AND. If any health check of an endpoint reports UNHEALTHY, then UNHEALTHY is the HealthState of the endpoint. If all health checks report HEALTHY, the HealthState of the endpoint is HEALTHY. . This is only allowed with regional HealthCheckService.",
+        "hostname": {
+          "description": "Specifies the hostname of the instance. The specified hostname must be RFC1035 compliant. If hostname is not specified, the default hostname is [INSTANCE_NAME].c.[PROJECT_ID].internal when using the global DNS, and [INSTANCE_NAME].[ZONE].c.[PROJECT_ID].internal when using zonal DNS.",
+          "type": "string"
+        },
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "instanceEncryptionKey": {
+          "$ref": "CustomerEncryptionKey",
+          "description": "Encrypts suspended data for an instance with a customer-managed encryption key. If you are creating a new instance, this field will encrypt the local SSD and in-memory contents of the instance during the suspend operation. If you do not provide an encryption key when creating the instance, then the local SSD and in-memory contents will be encrypted using an automatically generated key during the suspend operation."
+        },
+        "keyRevocationActionType": {
+          "description": "KeyRevocationActionType of the instance. Supported options are \"STOP\" and \"NONE\". The default value is \"NONE\" if it is not specified.",
           "enum": [
-            "AND",
-            "NO_AGGREGATION"
+            "KEY_REVOCATION_ACTION_TYPE_UNSPECIFIED",
+            "NONE",
+            "STOP"
           ],
           "enumDescriptions": [
-            "If any backend's health check reports UNHEALTHY, then UNHEALTHY is the HealthState of the entire health check service. If all backend's are healthy, the HealthState of the health check service is HEALTHY.",
-            "An EndpointHealth message is returned for each backend in the health check service."
+            "Default value. This value is unused.",
+            "Indicates user chose no operation.",
+            "Indicates user chose to opt for VM shutdown on key revocation."
           ],
           "type": "string"
         },
-        "healthStatusAggregationStrategy": {
-          "description": "This field is deprecated. Use health_status_aggregation_policy instead. Policy for how the results from multiple health checks for the same endpoint are aggregated. - NO_AGGREGATION. An EndpointHealth message is returned for each backend in the health check service. - AND. If any backend's health check reports UNHEALTHY, then UNHEALTHY is the HealthState of the entire health check service. If all backend's are healthy, the HealthState of the health check service is HEALTHY. .",
+        "kind": {
+          "default": "compute#instance",
+          "description": "[Output Only] Type of the resource. Always compute#instance for instances.",
+          "type": "string"
+        },
+        "labelFingerprint": {
+          "description": "A fingerprint for this request, which is essentially a hash of the label's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels. To see the latest fingerprint, make get() request to the instance.",
+          "format": "byte",
+          "type": "string"
+        },
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Labels to apply to this instance. These can be later modified by the setLabels method.",
+          "type": "object"
+        },
+        "lastStartTimestamp": {
+          "description": "[Output Only] Last start timestamp in RFC3339 text format.",
+          "type": "string"
+        },
+        "lastStopTimestamp": {
+          "description": "[Output Only] Last stop timestamp in RFC3339 text format.",
+          "type": "string"
+        },
+        "lastSuspendedTimestamp": {
+          "description": "[Output Only] Last suspended timestamp in RFC3339 text format.",
+          "type": "string"
+        },
+        "machineType": {
+          "description": "Full or partial URL of the machine type resource to use for this instance, in the format: zones/zone/machineTypes/machine-type. This is provided by the client when the instance is created. For example, the following is a valid partial url to a predefined machine type: zones/us-central1-f/machineTypes/n1-standard-1 To create a custom machine type, provide a URL to a machine type in the following format, where CPUS is 1 or an even number up to 32 (2, 4, 6, ... 24, etc), and MEMORY is the total memory for this instance. Memory must be a multiple of 256 MB and must be supplied in MB (e.g. 5 GB of memory is 5120 MB): zones/zone/machineTypes/custom-CPUS-MEMORY For example: zones/us-central1-f/machineTypes/custom-4-5120 For a full list of restrictions, read the Specifications for custom machine types.",
+          "type": "string"
+        },
+        "metadata": {
+          "$ref": "Metadata",
+          "description": "The metadata key/value pairs assigned to this instance. This includes custom metadata and predefined keys."
+        },
+        "minCpuPlatform": {
+          "description": "Specifies a minimum CPU platform for the VM instance. Applicable values are the friendly names of CPU platforms, such as minCpuPlatform: \"Intel Haswell\" or minCpuPlatform: \"Intel Sandy Bridge\".",
+          "type": "string"
+        },
+        "name": {
+          "annotations": {
+            "required": [
+              "compute.instances.insert"
+            ]
+          },
+          "description": "The name of the resource, provided by the client when initially creating the resource. The resource name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "networkInterfaces": {
+          "description": "An array of network configurations for this instance. These specify how interfaces are configured to interact with other network services, such as connecting to the internet. Multiple interfaces are supported per instance.",
+          "items": {
+            "$ref": "NetworkInterface"
+          },
+          "type": "array"
+        },
+        "networkPerformanceConfig": {
+          "$ref": "NetworkPerformanceConfig"
+        },
+        "params": {
+          "$ref": "InstanceParams",
+          "description": "Input only. [Input Only] Additional params passed with the request, but not persisted as part of resource payload."
+        },
+        "partnerMetadata": {
+          "additionalProperties": {
+            "$ref": "StructuredEntries"
+          },
+          "description": "Partner Metadata assigned to the instance. A map from a subdomain (namespace) to entries map.",
+          "type": "object"
+        },
+        "postKeyRevocationActionType": {
+          "description": "PostKeyRevocationActionType of the instance.",
           "enum": [
-            "AND",
-            "NO_AGGREGATION"
+            "NOOP",
+            "POST_KEY_REVOCATION_ACTION_TYPE_UNSPECIFIED",
+            "SHUTDOWN"
           ],
           "enumDescriptions": [
-            "This is deprecated. Use health_status_aggregation_policy instead. If any backend's health check reports UNHEALTHY, then UNHEALTHY is the HealthState of the entire health check service. If all backend's are healthy, the HealthState of the health check service is HEALTHY.",
-            "This is deprecated. Use health_status_aggregation_policy instead. An EndpointHealth message is returned for each backend in the health check service."
+            "Indicates user chose no operation.",
+            "Default value. This value is unused.",
+            "Indicates user chose to opt for VM shutdown on key revocation."
           ],
           "type": "string"
         },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
+        "preservedStateSizeGb": {
+          "description": "Total amount of preserved state for SUSPENDED instances. Read-only in the api.",
+          "format": "int64",
           "type": "string"
         },
-        "kind": {
-          "default": "compute#healthCheckService",
-          "description": "[Output only] Type of the resource. Always compute#healthCheckServicefor health check services.",
+        "privateIpv6GoogleAccess": {
+          "description": "The private IPv6 google access type for the VM. If not specified, use INHERIT_FROM_SUBNETWORK as default.",
+          "enum": [
+            "ENABLE_BIDIRECTIONAL_ACCESS_TO_GOOGLE",
+            "ENABLE_OUTBOUND_VM_ACCESS_TO_GOOGLE",
+            "INHERIT_FROM_SUBNETWORK"
+          ],
+          "enumDescriptions": [
+            "Bidirectional private IPv6 access to/from Google services. If specified, the subnetwork who is attached to the instance's default network interface will be assigned an internal IPv6 prefix if it doesn't have before.",
+            "Outbound private IPv6 access from VMs in this subnet to Google services. If specified, the subnetwork who is attached to the instance's default network interface will be assigned an internal IPv6 prefix if it doesn't have before.",
+            "Each network interface inherits PrivateIpv6GoogleAccess from its subnetwork."
+          ],
           "type": "string"
         },
-        "name": {
-          "description": "Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
+        "reservationAffinity": {
+          "$ref": "ReservationAffinity",
+          "description": "Specifies the reservations that this instance can consume from."
         },
-        "networkEndpointGroups": {
-          "description": "A list of URLs to the NetworkEndpointGroup resources. Must not have more than 100. For regional HealthCheckService, NEGs must be in zones in the region of the HealthCheckService. For global HealthCheckServices, the NetworkEndpointGroups must be global INTERNET_IP_PORT.",
+        "resourcePolicies": {
+          "description": "Resource policies applied to this instance.",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
-        "notificationEndpoints": {
-          "description": "A list of URLs to the NotificationEndpoint resources. Must not have more than 10. A list of endpoints for receiving notifications of change in health status. For regional HealthCheckService, NotificationEndpoint must be regional and in the same region. For global HealthCheckService, NotificationEndpoint must be global.",
+        "resourceStatus": {
+          "$ref": "ResourceStatus",
+          "description": "[Output Only] Specifies values set for instance attributes as compared to the values requested by user in the corresponding input only field."
+        },
+        "satisfiesPzs": {
+          "description": "[Output Only] Reserved for future use.",
+          "type": "boolean"
+        },
+        "scheduling": {
+          "$ref": "Scheduling",
+          "description": "Sets the scheduling options for this instance."
+        },
+        "secureTags": {
+          "description": "[Input Only] Secure tags to apply to this instance. These can be later modified by the update method. Maximum number of secure tags allowed is 50.",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
-        "region": {
-          "description": "[Output Only] URL of the region where the health check service resides. This field is not applicable to global health check services. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
-          "type": "string"
-        },
         "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
+          "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
         "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL with id for the resource.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "HealthCheckServiceAggregatedList": {
-      "description": "Contains a list of HealthCheckServicesScopedList.",
-      "id": "HealthCheckServiceAggregatedList",
-      "properties": {
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
           "type": "string"
         },
-        "items": {
+        "serviceAccounts": {
+          "description": "A list of service accounts, with their specified scopes, authorized for this instance. Only one service account per VM instance is supported. Service accounts generate access tokens that can be accessed through the metadata server and used to authenticate applications on the instance. See Service Accounts for more information.",
+          "items": {
+            "$ref": "ServiceAccount"
+          },
+          "type": "array"
+        },
+        "serviceIntegrationSpecs": {
           "additionalProperties": {
-            "$ref": "HealthCheckServicesScopedList",
-            "description": "Name of the scope containing this set of HealthCheckServices."
+            "$ref": "ServiceIntegrationSpec"
           },
-          "description": "A list of HealthCheckServicesScopedList resources.",
+          "description": "Mapping of user-defined keys to specifications for service integrations. Currently only a single key-value pair is supported.",
           "type": "object"
         },
-        "kind": {
-          "default": "compute#healthCheckServiceAggregatedList",
-          "description": "Type of resource.",
-          "type": "string"
+        "shieldedInstanceConfig": {
+          "$ref": "ShieldedInstanceConfig"
         },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+        "shieldedInstanceIntegrityPolicy": {
+          "$ref": "ShieldedInstanceIntegrityPolicy"
+        },
+        "shieldedVmConfig": {
+          "$ref": "ShieldedVmConfig",
+          "description": "Deprecating, please use shielded_instance_config."
+        },
+        "shieldedVmIntegrityPolicy": {
+          "$ref": "ShieldedVmIntegrityPolicy",
+          "description": "Deprecating, please use shielded_instance_integrity_policy."
+        },
+        "sourceMachineImage": {
+          "description": "Source machine image",
           "type": "string"
         },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
+        "sourceMachineImageEncryptionKey": {
+          "$ref": "CustomerEncryptionKey",
+          "description": "Source machine image encryption key when creating an instance from a machine image."
+        },
+        "startRestricted": {
+          "description": "[Output Only] Whether a VM has been restricted for start because Compute Engine has detected suspicious activity.",
+          "type": "boolean"
+        },
+        "status": {
+          "description": "[Output Only] The status of the instance. One of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED. For more information about the status of the instance, see Instance life cycle.",
+          "enum": [
+            "DEPROVISIONING",
+            "PROVISIONING",
+            "REPAIRING",
+            "RUNNING",
+            "STAGING",
+            "STOPPED",
+            "STOPPING",
+            "SUSPENDED",
+            "SUSPENDING",
+            "TERMINATED"
+          ],
+          "enumDescriptions": [
+            "The instance is halted and we are performing tear down tasks like network deprogramming, releasing quota, IP, tearing down disks etc.",
+            "Resources are being allocated for the instance.",
+            "The instance is in repair.",
+            "The instance is running.",
+            "All required resources have been allocated and the instance is being started.",
+            "The instance has stopped successfully.",
+            "The instance is currently stopping (either being deleted or killed).",
+            "The instance has suspended.",
+            "The instance is suspending.",
+            "The instance has stopped (either by explicit action or underlying failure)."
+          ],
           "type": "string"
         },
-        "unreachables": {
-          "description": "[Output Only] Unreachable resources.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "statusMessage": {
+          "description": "[Output Only] An optional, human-readable explanation of the status.",
+          "type": "string"
         },
-        "warning": {
-          "description": "[Output Only] Informational warning message.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
-              ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "HealthCheckServiceReference": {
-      "description": "A full or valid partial URL to a health check service. For example, the following are valid URLs: - https://www.googleapis.com/compute/beta/projects/project-id/regions/us-west1/healthCheckServices/health-check-service - projects/project-id/regions/us-west1/healthCheckServices/health-check-service - regions/us-west1/healthCheckServices/health-check-service ",
-      "id": "HealthCheckServiceReference",
-      "properties": {
-        "healthCheckService": {
+        "tags": {
+          "$ref": "Tags",
+          "description": "Tags to apply to this instance. Tags are used to identify valid sources or targets for network firewalls and are specified by the client during instance creation. The tags can be later modified by the setTags method. Each tag within the list must comply with RFC1035. Multiple tags can be specified via the 'tags.items' field."
+        },
+        "upcomingMaintenance": {
+          "$ref": "UpcomingMaintenance",
+          "description": "[Output Only] Specifies upcoming maintenance for the instance."
+        },
+        "zone": {
+          "description": "[Output Only] URL of the zone where the instance resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "HealthCheckServicesList": {
-      "id": "HealthCheckServicesList",
+    "InstanceAggregatedList": {
+      "id": "InstanceAggregatedList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of HealthCheckService resources.",
-          "items": {
-            "$ref": "HealthCheckService"
+          "additionalProperties": {
+            "$ref": "InstancesScopedList",
+            "description": "[Output Only] Name of the scope containing this set of instances."
           },
-          "type": "array"
+          "description": "An object that contains a list of instances scoped by zone.",
+          "type": "object"
         },
         "kind": {
-          "default": "compute#healthCheckServicesList",
-          "description": "[Output Only] Type of the resource. Always compute#healthCheckServicesList for lists of HealthCheckServices.",
+          "default": "compute#instanceAggregatedList",
+          "description": "[Output Only] Type of resource. Always compute#instanceAggregatedList for aggregated lists of Instance resources.",
           "type": "string"
         },
         "nextPageToken": {
@@ -50415,6 +56078,13 @@
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -50431,6 +56101,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -50449,6 +56120,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -50460,6 +56161,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -50507,18 +56209,159 @@
       },
       "type": "object"
     },
-    "HealthCheckServicesScopedList": {
-      "id": "HealthCheckServicesScopedList",
+    "InstanceConsumptionData": {
+      "id": "InstanceConsumptionData",
       "properties": {
-        "resources": {
-          "description": "A list of HealthCheckServices contained in this scope.",
+        "consumptionInfo": {
+          "$ref": "InstanceConsumptionInfo",
+          "description": "Resources consumed by the instance."
+        },
+        "instance": {
+          "description": "Server-defined URL for the instance.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "InstanceConsumptionInfo": {
+      "id": "InstanceConsumptionInfo",
+      "properties": {
+        "guestCpus": {
+          "description": "The number of virtual CPUs that are available to the instance.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "localSsdGb": {
+          "description": "The amount of local SSD storage available to the instance, defined in GiB.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "memoryMb": {
+          "description": "The amount of physical memory available to the instance, defined in MiB.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "minNodeCpus": {
+          "description": "The minimal guaranteed number of virtual CPUs that are reserved.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "InstanceGroup": {
+      "description": "Represents an Instance Group resource. Instance Groups can be used to configure a target for load balancing. Instance groups can either be managed or unmanaged. To create managed instance groups, use the instanceGroupManager or regionInstanceGroupManager resource instead. Use zonal unmanaged instance groups if you need to apply load balancing to groups of heterogeneous instances or if you need to manage the instances yourself. You cannot create regional unmanaged instance groups. For more information, read Instance groups.",
+      "id": "InstanceGroup",
+      "properties": {
+        "creationTimestamp": {
+          "description": "[Output Only] The creation timestamp for this instance group in RFC3339 text format.",
+          "type": "string"
+        },
+        "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
+          "type": "string"
+        },
+        "fingerprint": {
+          "description": "[Output Only] The fingerprint of the named ports. The system uses this fingerprint to detect conflicts when multiple users change the named ports concurrently.",
+          "format": "byte",
+          "type": "string"
+        },
+        "id": {
+          "description": "[Output Only] A unique identifier for this instance group, generated by the server.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "kind": {
+          "default": "compute#instanceGroup",
+          "description": "[Output Only] The resource type, which is always compute#instanceGroup for instance groups.",
+          "type": "string"
+        },
+        "name": {
+          "annotations": {
+            "required": [
+              "compute.instanceGroups.insert"
+            ]
+          },
+          "description": "The name of the instance group. The name must be 1-63 characters long, and comply with RFC1035.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "namedPorts": {
+          "description": " Assigns a name to a port number. For example: {name: \"http\", port: 80} This allows the system to reference ports by the assigned name instead of a port number. Named ports can also contain multiple ports. For example: [{name: \"app1\", port: 8080}, {name: \"app1\", port: 8081}, {name: \"app2\", port: 8082}] Named ports apply to all instances in this instance group. ",
           "items": {
-            "$ref": "HealthCheckService"
+            "$ref": "NamedPort"
+          },
+          "type": "array"
+        },
+        "network": {
+          "description": "[Output Only] The URL of the network to which all instances in the instance group belong. If your instance has multiple network interfaces, then the network and subnetwork fields only refer to the network and subnet used by your primary interface (nic0).",
+          "type": "string"
+        },
+        "region": {
+          "description": "[Output Only] The URL of the region where the instance group is located (for regional resources).",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] The URL for this instance group. The server generates this URL.",
+          "type": "string"
+        },
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "type": "string"
+        },
+        "size": {
+          "description": "[Output Only] The total number of instances in the instance group.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "subnetwork": {
+          "description": "[Output Only] The URL of the subnetwork to which all instances in the instance group belong. If your instance has multiple network interfaces, then the network and subnetwork fields only refer to the network and subnet used by your primary interface (nic0).",
+          "type": "string"
+        },
+        "zone": {
+          "description": "[Output Only] The URL of the zone where the instance group is located (for zonal resources).",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "InstanceGroupAggregatedList": {
+      "id": "InstanceGroupAggregatedList",
+      "properties": {
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "type": "string"
+        },
+        "items": {
+          "additionalProperties": {
+            "$ref": "InstanceGroupsScopedList",
+            "description": "The name of the scope that contains this set of instance groups."
+          },
+          "description": "A list of InstanceGroupsScopedList resources.",
+          "type": "object"
+        },
+        "kind": {
+          "default": "compute#instanceGroupAggregatedList",
+          "description": "[Output Only] The resource type, which is always compute#instanceGroupAggregatedList for aggregated lists of instance groups.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources.",
+          "items": {
+            "type": "string"
           },
           "type": "array"
         },
         "warning": {
-          "description": "Informational warning which replaces the list of backend services when the list is empty.",
+          "description": "[Output Only] Informational warning message.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -50533,6 +56376,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -50551,6 +56395,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -50562,6 +56436,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -50609,24 +56484,24 @@
       },
       "type": "object"
     },
-    "HealthChecksAggregatedList": {
-      "id": "HealthChecksAggregatedList",
+    "InstanceGroupList": {
+      "description": "A list of InstanceGroup resources.",
+      "id": "InstanceGroupList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "additionalProperties": {
-            "$ref": "HealthChecksScopedList",
-            "description": "Name of the scope containing this set of HealthChecks."
+          "description": "A list of InstanceGroup resources.",
+          "items": {
+            "$ref": "InstanceGroup"
           },
-          "description": "A list of HealthChecksScopedList resources.",
-          "type": "object"
+          "type": "array"
         },
         "kind": {
-          "default": "compute#healthChecksAggregatedList",
-          "description": "Type of resource.",
+          "default": "compute#instanceGroupList",
+          "description": "[Output Only] The resource type, which is always compute#instanceGroupList for instance group lists.",
           "type": "string"
         },
         "nextPageToken": {
@@ -50637,13 +56512,6 @@
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
-        "unreachables": {
-          "description": "[Output Only] Unreachable resources.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -50660,6 +56528,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -50678,6 +56547,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -50689,6 +56588,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -50736,18 +56636,331 @@
       },
       "type": "object"
     },
-    "HealthChecksScopedList": {
-      "id": "HealthChecksScopedList",
+    "InstanceGroupManager": {
+      "description": "Represents a Managed Instance Group resource. An instance group is a collection of VM instances that you can manage as a single entity. For more information, read Instance groups. For zonal Managed Instance Group, use the instanceGroupManagers resource. For regional Managed Instance Group, use the regionInstanceGroupManagers resource.",
+      "id": "InstanceGroupManager",
       "properties": {
-        "healthChecks": {
-          "description": "A list of HealthChecks contained in this scope.",
+        "allInstancesConfig": {
+          "$ref": "InstanceGroupManagerAllInstancesConfig",
+          "description": "Specifies configuration that overrides the instance template configuration for the group."
+        },
+        "autoHealingPolicies": {
+          "description": "The autohealing policy for this managed instance group. You can specify only one value.",
+          "items": {
+            "$ref": "InstanceGroupManagerAutoHealingPolicy"
+          },
+          "type": "array"
+        },
+        "baseInstanceName": {
+          "annotations": {
+            "required": [
+              "compute.instanceGroupManagers.insert"
+            ]
+          },
+          "description": "The base instance name to use for instances in this group. The value must be 1-58 characters long. Instances are named by appending a hyphen and a random four-character string to the base instance name. The base instance name must comply with RFC1035.",
+          "pattern": "[a-z][-a-z0-9]{0,57}",
+          "type": "string"
+        },
+        "creationTimestamp": {
+          "description": "[Output Only] The creation timestamp for this managed instance group in RFC3339 text format.",
+          "type": "string"
+        },
+        "currentActions": {
+          "$ref": "InstanceGroupManagerActionsSummary",
+          "description": "[Output Only] The list of instance actions and the number of instances in this managed instance group that are scheduled for each of those actions."
+        },
+        "description": {
+          "description": "An optional description of this resource.",
+          "type": "string"
+        },
+        "distributionPolicy": {
+          "$ref": "DistributionPolicy",
+          "description": "Policy specifying the intended distribution of managed instances across zones in a regional managed instance group."
+        },
+        "failoverAction": {
+          "description": "The action to perform in case of zone failure. Only one value is supported, NO_FAILOVER. The default is NO_FAILOVER.",
+          "enum": [
+            "NO_FAILOVER",
+            "UNKNOWN"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "fingerprint": {
+          "description": "Fingerprint of this resource. This field may be used in optimistic locking. It will be ignored when inserting an InstanceGroupManager. An up-to-date fingerprint must be provided in order to update the InstanceGroupManager, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve an InstanceGroupManager.",
+          "format": "byte",
+          "type": "string"
+        },
+        "id": {
+          "description": "[Output Only] A unique identifier for this resource type. The server generates this identifier.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "instanceFlexibilityPolicy": {
+          "$ref": "InstanceGroupManagerInstanceFlexibilityPolicy",
+          "description": "Instance flexibility allowing MIG to create VMs from multiple types of machines. Instance flexibility configuration on MIG overrides instance template configuration."
+        },
+        "instanceGroup": {
+          "description": "[Output Only] The URL of the Instance Group resource.",
+          "type": "string"
+        },
+        "instanceLifecyclePolicy": {
+          "$ref": "InstanceGroupManagerInstanceLifecyclePolicy",
+          "description": "The repair policy for this managed instance group."
+        },
+        "instanceTemplate": {
+          "description": "The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group. The templates for existing instances in the group do not change unless you run recreateInstances, run applyUpdatesToInstances, or set the group's updatePolicy.type to PROACTIVE.",
+          "type": "string"
+        },
+        "kind": {
+          "default": "compute#instanceGroupManager",
+          "description": "[Output Only] The resource type, which is always compute#instanceGroupManager for managed instance groups.",
+          "type": "string"
+        },
+        "listManagedInstancesResults": {
+          "description": "Pagination behavior of the listManagedInstances API method for this managed instance group.",
+          "enum": [
+            "PAGELESS",
+            "PAGINATED"
+          ],
+          "enumDescriptions": [
+            "(Default) Pagination is disabled for the group's listManagedInstances API method. maxResults and pageToken query parameters are ignored and all instances are returned in a single response.",
+            "Pagination is enabled for the group's listManagedInstances API method. maxResults and pageToken query parameters are respected."
+          ],
+          "type": "string"
+        },
+        "name": {
+          "annotations": {
+            "required": [
+              "compute.instanceGroupManagers.insert",
+              "compute.regionInstanceGroupManagers.insert"
+            ]
+          },
+          "description": "The name of the managed instance group. The name must be 1-63 characters long, and comply with RFC1035.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "namedPorts": {
+          "description": "Named ports configured for the Instance Groups complementary to this Instance Group Manager.",
+          "items": {
+            "$ref": "NamedPort"
+          },
+          "type": "array"
+        },
+        "region": {
+          "description": "[Output Only] The URL of the region where the managed instance group resides (for regional resources).",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] The URL for this managed instance group. The server defines this URL.",
+          "type": "string"
+        },
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "type": "string"
+        },
+        "serviceAccount": {
+          "description": "The service account to be used as credentials for all operations performed by the managed instance group on instances. The service accounts needs all permissions required to create and delete instances. By default, the service account {projectNumber}@cloudservices.gserviceaccount.com is used.",
+          "type": "string"
+        },
+        "standbyPolicy": {
+          "$ref": "InstanceGroupManagerStandbyPolicy",
+          "description": "Standby policy for stopped and suspended instances."
+        },
+        "statefulPolicy": {
+          "$ref": "StatefulPolicy",
+          "description": "Stateful configuration for this Instanced Group Manager"
+        },
+        "status": {
+          "$ref": "InstanceGroupManagerStatus",
+          "description": "[Output Only] The status of this managed instance group."
+        },
+        "targetPools": {
+          "description": "The URLs for all TargetPool resources to which instances in the instanceGroup field are added. The target pools automatically apply to all of the instances in the managed instance group.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "targetSize": {
+          "annotations": {
+            "required": [
+              "compute.instanceGroupManagers.insert",
+              "compute.regionInstanceGroupManagers.insert"
+            ]
+          },
+          "description": "The target number of running instances for this managed instance group. You can reduce this number by using the instanceGroupManager deleteInstances or abandonInstances methods. Resizing the group also changes this number.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "targetSizeUnit": {
+          "description": "The unit of measure for the target size.",
+          "enum": [
+            "INSTANCE",
+            "VCPU",
+            "VM"
+          ],
+          "enumDescriptions": [
+            "[Default] TargetSize is the target number of instances.",
+            "TargetSize is the target count of vCPUs of VMs.",
+            "TargetSize is the target number of VMs. Deprecated in favor of 'INSTANCE'."
+          ],
+          "type": "string"
+        },
+        "targetStoppedSize": {
+          "description": "The target number of stopped instances for this managed instance group. This number changes when you: - Stop instance using the stopInstances method or start instances using the startInstances method. - Manually change the targetStoppedSize using the update method. ",
+          "format": "int32",
+          "type": "integer"
+        },
+        "targetSuspendedSize": {
+          "description": "The target number of suspended instances for this managed instance group. This number changes when you: - Suspend instance using the suspendInstances method or resume instances using the resumeInstances method. - Manually change the targetSuspendedSize using the update method. ",
+          "format": "int32",
+          "type": "integer"
+        },
+        "updatePolicy": {
+          "$ref": "InstanceGroupManagerUpdatePolicy",
+          "description": "The update policy for this managed instance group."
+        },
+        "versions": {
+          "description": "Specifies the instance templates used by this managed instance group to create instances. Each version is defined by an instanceTemplate and a name. Every version can appear at most once per instance group. This field overrides the top-level instanceTemplate field. Read more about the relationships between these fields. Exactly one version must leave the targetSize field unset. That version will be applied to all remaining instances. For more information, read about canary updates.",
+          "items": {
+            "$ref": "InstanceGroupManagerVersion"
+          },
+          "type": "array"
+        },
+        "zone": {
+          "description": "[Output Only] The URL of a zone where the managed instance group is located (for zonal resources).",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "InstanceGroupManagerActionsSummary": {
+      "id": "InstanceGroupManagerActionsSummary",
+      "properties": {
+        "abandoning": {
+          "description": "[Output Only] The total number of instances in the managed instance group that are scheduled to be abandoned. Abandoning an instance removes it from the managed instance group without deleting it.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "creating": {
+          "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be created or are currently being created. If the group fails to create any of these instances, it tries again until it creates the instance successfully. If you have disabled creation retries, this field will not be populated; instead, the creatingWithoutRetries field will be populated.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "creatingAtomically": {
+          "description": "[Output Only] The number of instances that the managed instance group will attempt to create atomically, in a batch mode. If the desired count of instances can not be created, entire batch will be deleted and the group will decrease its targetSize value accordingly.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "creatingInBulk": {
+          "description": "[Output Only] The number of instances that the managed instance group will attempt to create in bulk. If the desired count of instances cannot be created, entire batch will be deleted and the group will decrease its targetSize value accordingly.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "creatingWithoutRetries": {
+          "description": "[Output Only] The number of instances that the managed instance group will attempt to create. The group attempts to create each instance only once. If the group fails to create any of these instances, it decreases the group's targetSize value accordingly.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "deleting": {
+          "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be deleted or are currently being deleted.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "none": {
+          "description": "[Output Only] The number of instances in the managed instance group that are running and have no scheduled actions.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "queuing": {
+          "description": "[Output Only] The number of instances that the managed instance group is currently queuing.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "recreating": {
+          "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be recreated or are currently being being recreated. Recreating an instance deletes the existing root persistent disk and creates a new disk from the image that is defined in the instance template.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "refreshing": {
+          "description": "[Output Only] The number of instances in the managed instance group that are being reconfigured with properties that do not require a restart or a recreate action. For example, setting or removing target pools for the instance.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "restarting": {
+          "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be restarted or are currently being restarted.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "resuming": {
+          "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be resumed or are currently being resumed.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "starting": {
+          "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be started or are currently being started.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "stopping": {
+          "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be stopped or are currently being stopped.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "suspending": {
+          "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be suspended or are currently being suspended.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "verifying": {
+          "description": "[Output Only] The number of instances in the managed instance group that are being verified. See the managedInstances[].currentAction property in the listManagedInstances method documentation.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "InstanceGroupManagerAggregatedList": {
+      "id": "InstanceGroupManagerAggregatedList",
+      "properties": {
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "type": "string"
+        },
+        "items": {
+          "additionalProperties": {
+            "$ref": "InstanceGroupManagersScopedList",
+            "description": "[Output Only] The name of the scope that contains this set of managed instance groups."
+          },
+          "description": "A list of InstanceGroupManagersScopedList resources.",
+          "type": "object"
+        },
+        "kind": {
+          "default": "compute#instanceGroupManagerAggregatedList",
+          "description": "[Output Only] The resource type, which is always compute#instanceGroupManagerAggregatedList for an aggregated list of managed instance groups.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources.",
           "items": {
-            "$ref": "HealthCheck"
+            "type": "string"
           },
           "type": "array"
         },
         "warning": {
-          "description": "Informational warning which replaces the list of backend services when the list is empty.",
+          "description": "[Output Only] Informational warning message.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -50762,6 +56975,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -50780,6 +56994,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -50791,6 +57035,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -50838,408 +57083,447 @@
       },
       "type": "object"
     },
-    "HealthStatus": {
-      "id": "HealthStatus",
+    "InstanceGroupManagerAllInstancesConfig": {
+      "id": "InstanceGroupManagerAllInstancesConfig",
       "properties": {
-        "annotations": {
-          "additionalProperties": {
-            "type": "string"
-          },
-          "description": "Metadata defined as annotations for network endpoint.",
-          "type": "object"
-        },
-        "forwardingRule": {
-          "description": "URL of the forwarding rule associated with the health status of the instance.",
-          "type": "string"
-        },
-        "forwardingRuleIp": {
-          "description": "A forwarding rule IP address assigned to this instance.",
-          "type": "string"
-        },
-        "healthState": {
-          "description": "Health state of the instance.",
-          "enum": [
-            "HEALTHY",
-            "UNHEALTHY"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "instance": {
-          "description": "URL of the instance resource.",
-          "type": "string"
+        "properties": {
+          "$ref": "InstancePropertiesPatch",
+          "description": "Properties to set on all instances in the group. You can add or modify properties using the instanceGroupManagers.patch or regionInstanceGroupManagers.patch. After setting allInstancesConfig on the group, you must update the group's instances to apply the configuration. To apply the configuration, set the group's updatePolicy.type field to use proactive updates or use the applyUpdatesToInstances method."
+        }
+      },
+      "type": "object"
+    },
+    "InstanceGroupManagerAutoHealingPolicy": {
+      "id": "InstanceGroupManagerAutoHealingPolicy",
+      "properties": {
+        "autoHealingTriggers": {
+          "$ref": "InstanceGroupManagerAutoHealingPolicyAutoHealingTriggers",
+          "description": "Restricts what triggers autohealing."
         },
-        "ipAddress": {
-          "description": "For target pool based Network Load Balancing, it indicates the forwarding rule's IP address assigned to this instance. For other types of load balancing, the field indicates VM internal ip.",
+        "healthCheck": {
+          "description": "The URL for the health check that signals autohealing.",
           "type": "string"
         },
-        "port": {
-          "description": "The named port of the instance group, not necessarily the port that is health-checked.",
+        "initialDelaySec": {
+          "description": "The initial delay is the number of seconds that a new VM takes to initialize and run its startup script. During a VM's initial delay period, the MIG ignores unsuccessful health checks because the VM might be in the startup process. This prevents the MIG from prematurely recreating a VM. If the health check receives a healthy response during the initial delay, it indicates that the startup process is complete and the VM is ready. The value of initial delay must be between 0 and 3600 seconds. The default value is 0.",
           "format": "int32",
           "type": "integer"
         },
-        "weight": {
-          "type": "string"
-        },
-        "weightError": {
-          "enum": [
-            "INVALID_WEIGHT",
-            "MISSING_WEIGHT",
-            "UNAVAILABLE_WEIGHT",
-            "WEIGHT_NONE"
-          ],
-          "enumDescriptions": [
-            "The response to a Health Check probe had the HTTP response header field X-Load-Balancing-Endpoint-Weight, but its content was invalid (i.e., not a non-negative single-precision floating-point number in decimal string representation).",
-            "The response to a Health Check probe did not have the HTTP response header field X-Load-Balancing-Endpoint-Weight.",
-            "This is the value when the accompanied health status is either TIMEOUT (i.e.,the Health Check probe was not able to get a response in time) or UNKNOWN. For the latter, it should be typically because there has not been sufficient time to parse and report the weight for a new backend (which is with 0.0.0.0 ip address). However, it can be also due to an outage case for which the health status is explicitly reset to UNKNOWN.",
-            "This is the default value when WeightReportMode is DISABLE, and is also the initial value when WeightReportMode has just updated to ENABLE or DRY_RUN and there has not been sufficient time to parse and report the backend weight."
-          ],
-          "type": "string"
+        "maxUnavailable": {
+          "$ref": "FixedOrPercent",
+          "description": "Maximum number of instances that can be unavailable when autohealing. When 'percent' is used, the value is rounded if necessary. The instance is considered available if all of the following conditions are satisfied: 1. Instance's status is RUNNING. 2. Instance's currentAction is NONE (in particular its liveness health check result was observed to be HEALTHY at least once as it passed VERIFYING). 3. There is no outgoing action on an instance triggered by IGM. By default, number of concurrently autohealed instances is smaller than the managed instance group target size. However, if a zonal managed instance group has only one instance, or a regional managed instance group has only one instance per zone, autohealing will recreate these instances when they become unhealthy."
         }
       },
       "type": "object"
     },
-    "HealthStatusForNetworkEndpoint": {
-      "id": "HealthStatusForNetworkEndpoint",
+    "InstanceGroupManagerAutoHealingPolicyAutoHealingTriggers": {
+      "id": "InstanceGroupManagerAutoHealingPolicyAutoHealingTriggers",
       "properties": {
-        "backendService": {
-          "$ref": "BackendServiceReference",
-          "description": "URL of the backend service associated with the health state of the network endpoint."
-        },
-        "forwardingRule": {
-          "$ref": "ForwardingRuleReference",
-          "description": "URL of the forwarding rule associated with the health state of the network endpoint."
-        },
-        "healthCheck": {
-          "$ref": "HealthCheckReference",
-          "description": "URL of the health check associated with the health state of the network endpoint."
-        },
-        "healthCheckService": {
-          "$ref": "HealthCheckServiceReference",
-          "description": "URL of the health check service associated with the health state of the network endpoint."
-        },
-        "healthState": {
-          "description": "Health state of the network endpoint determined based on the health checks configured.",
+        "onHealthCheck": {
+          "description": "If you have configured an application-based health check for the group, this field controls whether to trigger VM autohealing based on a failed health check. Valid values are: - ON (default): The group recreates running VMs that fail the application-based health check. - OFF: When set to OFF, you can still observe instance health state, but the group does not recreate VMs that fail the application-based health check. This is useful for troubleshooting and setting up your health check configuration. ",
           "enum": [
-            "DRAINING",
-            "HEALTHY",
-            "UNHEALTHY",
-            "UNKNOWN"
+            "OFF",
+            "ON"
           ],
           "enumDescriptions": [
-            "",
-            "",
-            "",
-            ""
+            "When set to OFF, you can still observe instance health state, but the group does not recreate VMs that fail the application-based health check. This is useful for troubleshooting and setting up your health check configuration.",
+            "(Default) The group recreates running VMs that fail the group's application-based health check."
           ],
           "type": "string"
         }
       },
       "type": "object"
     },
-    "Help": {
-      "description": "Provides links to documentation or for performing an out of band action. For example, if a quota check failed with an error indicating the calling project hasn't enabled the accessed service, this can contain a URL pointing directly to the right place in the developer console to flip the bit.",
-      "id": "Help",
+    "InstanceGroupManagerInstanceFlexibilityPolicy": {
+      "id": "InstanceGroupManagerInstanceFlexibilityPolicy",
       "properties": {
-        "links": {
-          "description": "URL(s) pointing to additional information on handling the current error.",
-          "items": {
-            "$ref": "HelpLink"
+        "instanceSelectionLists": {
+          "additionalProperties": {
+            "$ref": "InstanceGroupManagerInstanceFlexibilityPolicyInstanceSelection"
           },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "HelpLink": {
-      "description": "Describes a URL link.",
-      "id": "HelpLink",
-      "properties": {
-        "description": {
-          "description": "Describes what the link offers.",
-          "type": "string"
-        },
-        "url": {
-          "description": "The URL of the link.",
-          "type": "string"
+          "description": "List of instance selection options that the group will use when creating new VMs.",
+          "type": "object"
         }
       },
       "type": "object"
     },
-    "HostRule": {
-      "description": "UrlMaps A host-matching rule for a URL. If matched, will use the named PathMatcher to select the BackendService.",
-      "id": "HostRule",
+    "InstanceGroupManagerInstanceFlexibilityPolicyInstanceSelection": {
+      "id": "InstanceGroupManagerInstanceFlexibilityPolicyInstanceSelection",
       "properties": {
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
-          "type": "string"
-        },
-        "hosts": {
-          "description": "The list of host patterns to match. They must be valid hostnames with optional port numbers in the format host:port. * matches any string of ([a-z0-9-.]*). In that case, * must be the first character, and if followed by anything, the immediate following character must be either - or .. * based matching is not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.",
+        "machineTypes": {
+          "description": "Full machine-type names, e.g. \"n1-standard-16\".",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
-        "pathMatcher": {
-          "description": "The name of the PathMatcher to use to match the path portion of the URL if the hostRule matches the URL's host portion.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "HttpFaultAbort": {
-      "description": "Specification for how requests are aborted as part of fault injection.",
-      "id": "HttpFaultAbort",
-      "properties": {
-        "httpStatus": {
-          "description": "The HTTP status code used to abort the request. The value must be from 200 to 599 inclusive. For gRPC protocol, the gRPC status code is mapped to HTTP status code according to this mapping table. HTTP status 200 is mapped to gRPC status UNKNOWN. Injecting an OK status is currently not supported by Traffic Director.",
-          "format": "uint32",
+        "rank": {
+          "description": "Preference of this instance selection. Lower number means higher preference. MIG will first try to create a VM based on the machine-type with lowest rank and fallback to next rank based on availability. Machine types and instance selections with the same rank have the same preference.",
+          "format": "int32",
           "type": "integer"
-        },
-        "percentage": {
-          "description": "The percentage of traffic for connections, operations, or requests that is aborted as part of fault injection. The value must be from 0.0 to 100.0 inclusive.",
-          "format": "double",
-          "type": "number"
-        }
-      },
-      "type": "object"
-    },
-    "HttpFaultDelay": {
-      "description": "Specifies the delay introduced by the load balancer before forwarding the request to the backend service as part of fault injection.",
-      "id": "HttpFaultDelay",
-      "properties": {
-        "fixedDelay": {
-          "$ref": "Duration",
-          "description": "Specifies the value of the fixed delay interval."
-        },
-        "percentage": {
-          "description": "The percentage of traffic for connections, operations, or requests for which a delay is introduced as part of fault injection. The value must be from 0.0 to 100.0 inclusive.",
-          "format": "double",
-          "type": "number"
-        }
-      },
-      "type": "object"
-    },
-    "HttpFaultInjection": {
-      "description": "The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. As part of fault injection, when clients send requests to a backend service, delays can be introduced by the load balancer on a percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted by the load balancer for a percentage of requests.",
-      "id": "HttpFaultInjection",
-      "properties": {
-        "abort": {
-          "$ref": "HttpFaultAbort",
-          "description": "The specification for how client requests are aborted as part of fault injection."
-        },
-        "delay": {
-          "$ref": "HttpFaultDelay",
-          "description": "The specification for how client requests are delayed as part of fault injection, before being sent to a backend service."
         }
       },
       "type": "object"
     },
-    "HttpFilterConfig": {
-      "description": "HttpFilterConfiguration supplies additional contextual settings for networkservices.HttpFilter resources enabled by Traffic Director.",
-      "id": "HttpFilterConfig",
+    "InstanceGroupManagerInstanceLifecyclePolicy": {
+      "id": "InstanceGroupManagerInstanceLifecyclePolicy",
       "properties": {
-        "config": {
-          "description": "The configuration needed to enable the networkservices.HttpFilter resource. The configuration must be YAML formatted and only contain fields defined in the protobuf identified in configTypeUrl",
+        "defaultActionOnFailure": {
+          "description": "The action that a MIG performs on a failed or an unhealthy VM. A VM is marked as unhealthy when the application running on that VM fails a health check. Valid values are - REPAIR (default): MIG automatically repairs a failed or an unhealthy VM by recreating it. For more information, see About repairing VMs in a MIG. - DO_NOTHING: MIG does not repair a failed or an unhealthy VM. ",
+          "enum": [
+            "DELETE",
+            "DO_NOTHING",
+            "REPAIR"
+          ],
+          "enumDescriptions": [
+            "MIG deletes a failed or an unhealthy VM. Deleting the VM decreases the target size of the MIG.",
+            "MIG does not repair a failed or an unhealthy VM.",
+            "(Default) MIG automatically repairs a failed or an unhealthy VM by recreating it. For more information, see About repairing VMs in a MIG."
+          ],
           "type": "string"
         },
-        "configTypeUrl": {
-          "description": "The fully qualified versioned proto3 type url of the protobuf that the filter expects for its contextual settings, for example: type.googleapis.com/google.protobuf.Struct",
+        "forceUpdateOnRepair": {
+          "description": "A bit indicating whether to forcefully apply the group's latest configuration when repairing a VM. Valid options are: - NO (default): If configuration updates are available, they are not forcefully applied during repair. Instead, configuration updates are applied according to the group's update policy. - YES: If configuration updates are available, they are applied during repair. ",
+          "enum": [
+            "NO",
+            "YES"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
           "type": "string"
         },
-        "filterName": {
-          "description": "Name of the networkservices.HttpFilter resource this configuration belongs to. This name must be known to the xDS client. Example: envoy.wasm",
-          "type": "string"
+        "metadataBasedReadinessSignal": {
+          "$ref": "InstanceGroupManagerInstanceLifecyclePolicyMetadataBasedReadinessSignal",
+          "deprecated": true,
+          "description": "The configuration for metadata based readiness signal sent by the instance during initialization when stopping / suspending an instance. The Instance Group Manager will wait for a signal that indicates successful initialization before stopping / suspending an instance. If a successful readiness signal is not sent before timeout, the corresponding instance will not be stopped / suspended. Instead, an error will be visible in the lastAttempt.errors field of the managed instance in the listmanagedinstances method. If metadataBasedReadinessSignal.timeoutSec is unset, the Instance Group Manager will directly proceed to suspend / stop instances, skipping initialization on them."
         }
       },
       "type": "object"
     },
-    "HttpHeaderAction": {
-      "description": "The request and response header transformations that take effect before the request is passed along to the selected backendService.",
-      "id": "HttpHeaderAction",
+    "InstanceGroupManagerInstanceLifecyclePolicyMetadataBasedReadinessSignal": {
+      "deprecated": true,
+      "id": "InstanceGroupManagerInstanceLifecyclePolicyMetadataBasedReadinessSignal",
       "properties": {
-        "requestHeadersToAdd": {
-          "description": "Headers to add to a matching request before forwarding the request to the backendService.",
-          "items": {
-            "$ref": "HttpHeaderOption"
-          },
-          "type": "array"
-        },
-        "requestHeadersToRemove": {
-          "description": "A list of header names for headers that need to be removed from the request before forwarding the request to the backendService.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "responseHeadersToAdd": {
-          "description": "Headers to add the response before sending the response back to the client.",
-          "items": {
-            "$ref": "HttpHeaderOption"
-          },
-          "type": "array"
-        },
-        "responseHeadersToRemove": {
-          "description": "A list of header names for headers that need to be removed from the response before sending the response back to the client.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "timeoutSec": {
+          "description": "The number of seconds to wait for a readiness signal during initialization before timing out.",
+          "format": "int32",
+          "type": "integer"
         }
       },
       "type": "object"
     },
-    "HttpHeaderMatch": {
-      "description": "matchRule criteria for request header matches.",
-      "id": "HttpHeaderMatch",
+    "InstanceGroupManagerList": {
+      "description": "[Output Only] A list of managed instance groups.",
+      "id": "InstanceGroupManagerList",
       "properties": {
-        "exactMatch": {
-          "description": "The value should exactly match contents of exactMatch. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.",
-          "type": "string"
-        },
-        "headerName": {
-          "description": "The name of the HTTP header to match. For matching against the HTTP request's authority, use a headerMatch with the header name \":authority\". For matching a request's method, use the headerName \":method\". When the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true, only non-binary user-specified custom metadata and the `content-type` header are supported. The following transport-level headers cannot be used in header matching rules: `:authority`, `:method`, `:path`, `:scheme`, `user-agent`, `accept-encoding`, `content-encoding`, `grpc-accept-encoding`, `grpc-encoding`, `grpc-previous-rpc-attempts`, `grpc-tags-bin`, `grpc-timeout` and `grpc-trace-bin`.",
-          "type": "string"
-        },
-        "invertMatch": {
-          "description": "If set to false, the headerMatch is considered a match if the preceding match criteria are met. If set to true, the headerMatch is considered a match if the preceding match criteria are NOT met. The default setting is false. ",
-          "type": "boolean"
-        },
-        "prefixMatch": {
-          "description": "The value of the header must start with the contents of prefixMatch. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.",
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
-        "presentMatch": {
-          "description": "A header with the contents of headerName must exist. The match takes place whether or not the request's header has a value. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.",
-          "type": "boolean"
-        },
-        "rangeMatch": {
-          "$ref": "Int64RangeMatch",
-          "description": "The header value must be an integer and its value must be in the range specified in rangeMatch. If the header does not contain an integer, number or is empty, the match fails. For example for a range [-5, 0] - -3 will match. - 0 will not match. - 0.25 will not match. - -3someString will not match. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. rangeMatch is not supported for load balancers that have loadBalancingScheme set to EXTERNAL."
+        "items": {
+          "description": "A list of InstanceGroupManager resources.",
+          "items": {
+            "$ref": "InstanceGroupManager"
+          },
+          "type": "array"
         },
-        "regexMatch": {
-          "description": "The value of the header must match the regular expression specified in regexMatch. For more information about regular expression syntax, see Syntax. For matching against a port specified in the HTTP request, use a headerMatch with headerName set to PORT and a regular expression that satisfies the RFC2616 Host header's port specifier. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. Regular expressions can only be used when the loadBalancingScheme is set to INTERNAL_SELF_MANAGED.",
+        "kind": {
+          "default": "compute#instanceGroupManagerList",
+          "description": "[Output Only] The resource type, which is always compute#instanceGroupManagerList for a list of managed instance groups.",
           "type": "string"
         },
-        "suffixMatch": {
-          "description": "The value of the header must end with the contents of suffixMatch. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "HttpHeaderOption": {
-      "description": "Specification determining how headers are added to requests or responses.",
-      "id": "HttpHeaderOption",
-      "properties": {
-        "headerName": {
-          "description": "The name of the header.",
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
           "type": "string"
         },
-        "headerValue": {
-          "description": "The value of the header to add.",
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
-        "replace": {
-          "description": "If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. The default value is false. ",
-          "type": "boolean"
+        "warning": {
+          "description": "[Output Only] Informational warning message.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
         }
       },
       "type": "object"
     },
-    "HttpHealthCheck": {
-      "description": "Represents a legacy HTTP Health Check resource. Legacy HTTP health checks are now only required by target pool-based network load balancers. For all other load balancers, including backend service-based network load balancers, and for managed instance group auto-healing, you must use modern (non-legacy) health checks. For more information, see Health checks overview .",
-      "id": "HttpHealthCheck",
+    "InstanceGroupManagerResizeRequest": {
+      "description": "InstanceGroupManagerResizeRequest represents a request to create a number of VMs: either immediately or by queuing the request for the specified time. This resize request is nested under InstanceGroupManager and the VMs created by this request are added to the owning InstanceGroupManager.",
+      "id": "InstanceGroupManagerResizeRequest",
       "properties": {
-        "checkIntervalSec": {
-          "description": "How often (in seconds) to send a health check. The default value is 5 seconds.",
+        "count": {
+          "description": "The count of instances to create as part of this resize request.",
           "format": "int32",
           "type": "integer"
         },
         "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "description": "[Output Only] The creation timestamp for this resize request in RFC3339 text format.",
           "type": "string"
         },
         "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
-          "type": "string"
-        },
-        "healthyThreshold": {
-          "description": "A so-far unhealthy instance will be marked healthy after this many consecutive successes. The default value is 2.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "host": {
-          "description": "The value of the host header in the HTTP health check request. If left empty (default value), the public IP on behalf of which this health check is performed will be used.",
+          "description": "An optional description of this resource.",
           "type": "string"
         },
         "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "description": "[Output Only] A unique identifier for this resource type. The server generates this identifier.",
           "format": "uint64",
           "type": "string"
         },
         "kind": {
-          "default": "compute#httpHealthCheck",
-          "description": "[Output Only] Type of the resource. Always compute#httpHealthCheck for HTTP health checks.",
+          "default": "compute#instanceGroupManagerResizeRequest",
+          "description": "[Output Only] The resource type, which is always compute#instanceGroupManagerResizeRequest for resize requests.",
           "type": "string"
         },
         "name": {
-          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "annotations": {
+            "required": [
+              "compute.instanceGroupManagerResizeRequests.insert"
+            ]
+          },
+          "description": "The name of this resize request. The name must be 1-63 characters long, and comply with RFC1035.",
           "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
         },
-        "port": {
-          "description": "The TCP port number for the HTTP health check request. The default value is 80.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "requestPath": {
-          "description": "The request path of the HTTP health check request. The default value is /. This field does not support query parameters.",
-          "type": "string"
+        "queuingPolicy": {
+          "$ref": "QueuingPolicy",
+          "description": "When set, defines queing parameters for the requested deferred capacity. When unset, the request starts provisioning immediately, or fails if immediate provisioning is not possible."
         },
         "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
+          "description": "[Output Only] The URL for this resize request. The server defines this URL.",
           "type": "string"
         },
         "selfLinkWithId": {
           "description": "[Output Only] Server-defined URL for this resource with the resource id.",
           "type": "string"
         },
-        "timeoutSec": {
-          "description": "How long (in seconds) to wait before claiming failure. The default value is 5 seconds. It is invalid for timeoutSec to have greater value than checkIntervalSec.",
-          "format": "int32",
-          "type": "integer"
+        "state": {
+          "description": "[Output only] Current state of the request.",
+          "enum": [
+            "ACCEPTED",
+            "CANCELLED",
+            "CREATING",
+            "DELETING",
+            "FAILED",
+            "PROVISIONING",
+            "SUCCEEDED"
+          ],
+          "enumDescriptions": [
+            "The request was created successfully and was accepted for provisioning when the capacity becomes available.",
+            "The request is cancelled.",
+            "resize request is being created and may still fail creation.",
+            "The request is being deleted.",
+            "The request failed before or during provisioning. If the request fails during provisioning, any VMs that were created during provisioning are rolled back and removed from the MIG.",
+            "The target resource(s) are being provisioned.",
+            "The request succeeded."
+          ],
+          "type": "string"
+        },
+        "status": {
+          "$ref": "InstanceGroupManagerResizeRequestStatus",
+          "description": "[Output only] Status of the request. The Status message is aligned with QueuedResource.status. ResizeRequest.queuing_policy contains the queuing policy as provided by the user; it could have either valid_until_time or valid_until_duration. ResizeRequest.status.queuing_policy always contains absolute time as calculated by the server when the request is queued."
+        },
+        "zone": {
+          "description": "[Output Only] The URL of a zone where the resize request is located. Populated only for zonal resize requests.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "InstanceGroupManagerResizeRequestStatus": {
+      "id": "InstanceGroupManagerResizeRequestStatus",
+      "properties": {
+        "error": {
+          "description": "Errors encountered during the queueing or provisioning phases of the ResizeRequest.",
+          "properties": {
+            "errors": {
+              "description": "[Output Only] The array of errors encountered while processing this operation.",
+              "items": {
+                "properties": {
+                  "code": {
+                    "description": "[Output Only] The error type identifier for this error.",
+                    "type": "string"
+                  },
+                  "errorDetails": {
+                    "description": "[Output Only] An optional list of messages that contain the error details. There is a set of defined message types to use for providing details.The syntax depends on the error code. For example, QuotaExceededInfo will have details when the error code is QUOTA_EXCEEDED.",
+                    "items": {
+                      "properties": {
+                        "errorInfo": {
+                          "$ref": "ErrorInfo"
+                        },
+                        "help": {
+                          "$ref": "Help"
+                        },
+                        "localizedMessage": {
+                          "$ref": "LocalizedMessage"
+                        },
+                        "quotaInfo": {
+                          "$ref": "QuotaExceededInfo"
+                        }
+                      },
+                      "type": "object"
+                    },
+                    "type": "array"
+                  },
+                  "location": {
+                    "description": "[Output Only] Indicates the field in the request that caused the error. This property is optional.",
+                    "type": "string"
+                  },
+                  "message": {
+                    "description": "[Output Only] An optional, human-readable error message.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            }
+          },
+          "type": "object"
         },
-        "unhealthyThreshold": {
-          "description": "A so-far healthy instance will be marked unhealthy after this many consecutive failures. The default value is 2.",
-          "format": "int32",
-          "type": "integer"
+        "queuingPolicy": {
+          "$ref": "QueuingPolicy",
+          "description": "Constraints for the time when the instances start provisioning. Always exposed as absolute time."
         }
       },
       "type": "object"
     },
-    "HttpHealthCheckList": {
-      "description": "Contains a list of HttpHealthCheck resources.",
-      "id": "HttpHealthCheckList",
+    "InstanceGroupManagerResizeRequestsListResponse": {
+      "description": "[Output Only] A list of resize requests.",
+      "id": "InstanceGroupManagerResizeRequestsListResponse",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of HttpHealthCheck resources.",
+          "description": "A list of resize request resources.",
           "items": {
-            "$ref": "HttpHealthCheck"
+            "$ref": "InstanceGroupManagerResizeRequest"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#httpHealthCheckList",
-          "description": "Type of resource.",
+          "default": "compute#instanceGroupManagerResizeRequestList",
+          "description": "[Output Only] Type of the resource. Always compute#instanceGroupManagerResizeRequestList for a list of resize requests.",
           "type": "string"
         },
         "nextPageToken": {
@@ -51266,6 +57550,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -51284,6 +57569,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -51295,6 +57610,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -51342,340 +57658,393 @@
       },
       "type": "object"
     },
-    "HttpQueryParameterMatch": {
-      "description": "HttpRouteRuleMatch criteria for a request's query parameter.",
-      "id": "HttpQueryParameterMatch",
+    "InstanceGroupManagerStandbyPolicy": {
+      "id": "InstanceGroupManagerStandbyPolicy",
       "properties": {
-        "exactMatch": {
-          "description": "The queryParameterMatch matches if the value of the parameter exactly matches the contents of exactMatch. Only one of presentMatch, exactMatch, or regexMatch must be set. ",
-          "type": "string"
-        },
-        "name": {
-          "description": "The name of the query parameter to match. The query parameter must exist in the request, in the absence of which the request match fails.",
-          "type": "string"
-        },
-        "presentMatch": {
-          "description": "Specifies that the queryParameterMatch matches if the request contains the query parameter, irrespective of whether the parameter has a value or not. Only one of presentMatch, exactMatch, or regexMatch must be set. ",
-          "type": "boolean"
+        "initialDelaySec": {
+          "format": "int32",
+          "type": "integer"
         },
-        "regexMatch": {
-          "description": "The queryParameterMatch matches if the value of the parameter matches the regular expression specified by regexMatch. For more information about regular expression syntax, see Syntax. Only one of presentMatch, exactMatch, or regexMatch must be set. Regular expressions can only be used when the loadBalancingScheme is set to INTERNAL_SELF_MANAGED. ",
+        "mode": {
+          "description": "Defines behaviour of using instances from standby pool to resize MIG.",
+          "enum": [
+            "MANUAL",
+            "SCALE_OUT_POOL"
+          ],
+          "enumDescriptions": [
+            "MIG does not automatically stop/start or suspend/resume VMs.",
+            "MIG automatically resumes and starts VMs when it scales out, and replenishes the standby pool afterwards."
+          ],
           "type": "string"
         }
       },
       "type": "object"
     },
-    "HttpRedirectAction": {
-      "description": "Specifies settings for an HTTP redirect.",
-      "id": "HttpRedirectAction",
+    "InstanceGroupManagerStatus": {
+      "id": "InstanceGroupManagerStatus",
       "properties": {
-        "hostRedirect": {
-          "description": "The host that is used in the redirect response instead of the one that was supplied in the request. The value must be from 1 to 255 characters.",
+        "allInstancesConfig": {
+          "$ref": "InstanceGroupManagerStatusAllInstancesConfig",
+          "description": "[Output only] Status of all-instances configuration on the group."
+        },
+        "autoscaler": {
+          "description": "[Output Only] The URL of the Autoscaler that targets this instance group manager.",
           "type": "string"
         },
-        "httpsRedirect": {
-          "description": "If set to true, the URL scheme in the redirected request is set to HTTPS. If set to false, the URL scheme of the redirected request remains the same as that of the request. This must only be set for URL maps used in TargetHttpProxys. Setting this true for TargetHttpsProxy is not permitted. The default is set to false.",
+        "isStable": {
+          "description": "[Output Only] A bit indicating whether the managed instance group is in a stable state. A stable state means that: none of the instances in the managed instance group is currently undergoing any type of change (for example, creation, restart, or deletion); no future changes are scheduled for instances in the managed instance group; and the managed instance group itself is not being modified.",
           "type": "boolean"
         },
-        "pathRedirect": {
-          "description": "The path that is used in the redirect response instead of the one that was supplied in the request. pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request is used for the redirect. The value must be from 1 to 1024 characters.",
-          "type": "string"
-        },
-        "prefixRedirect": {
-          "description": "The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, retaining the remaining portion of the URL before redirecting the request. prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request is used for the redirect. The value must be from 1 to 1024 characters.",
-          "type": "string"
+        "stateful": {
+          "$ref": "InstanceGroupManagerStatusStateful",
+          "description": "[Output Only] Stateful status of the given Instance Group Manager."
         },
-        "redirectResponseCode": {
-          "description": "The HTTP Status code to use for this RedirectAction. Supported values are: - MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - FOUND, which corresponds to 302. - SEE_OTHER which corresponds to 303. - TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method is retained. - PERMANENT_REDIRECT, which corresponds to 308. In this case, the request method is retained. ",
-          "enum": [
-            "FOUND",
-            "MOVED_PERMANENTLY_DEFAULT",
-            "PERMANENT_REDIRECT",
-            "SEE_OTHER",
-            "TEMPORARY_REDIRECT"
-          ],
-          "enumDescriptions": [
-            "Http Status Code 302 - Found.",
-            "Http Status Code 301 - Moved Permanently.",
-            "Http Status Code 308 - Permanent Redirect maintaining HTTP method.",
-            "Http Status Code 303 - See Other.",
-            "Http Status Code 307 - Temporary Redirect maintaining HTTP method."
-          ],
+        "versionTarget": {
+          "$ref": "InstanceGroupManagerStatusVersionTarget",
+          "description": "[Output Only] A status of consistency of Instances' versions with their target version specified by version field on Instance Group Manager."
+        }
+      },
+      "type": "object"
+    },
+    "InstanceGroupManagerStatusAllInstancesConfig": {
+      "id": "InstanceGroupManagerStatusAllInstancesConfig",
+      "properties": {
+        "currentRevision": {
+          "description": "[Output Only] Current all-instances configuration revision. This value is in RFC3339 text format.",
           "type": "string"
         },
-        "stripQuery": {
-          "description": "If set to true, any accompanying query portion of the original URL is removed before redirecting the request. If set to false, the query portion of the original URL is retained. The default is set to false. ",
+        "effective": {
+          "description": "[Output Only] A bit indicating whether this configuration has been applied to all managed instances in the group.",
           "type": "boolean"
         }
       },
       "type": "object"
     },
-    "HttpRetryPolicy": {
-      "description": "The retry policy associates with HttpRouteRule",
-      "id": "HttpRetryPolicy",
+    "InstanceGroupManagerStatusStateful": {
+      "id": "InstanceGroupManagerStatusStateful",
       "properties": {
-        "numRetries": {
-          "description": "Specifies the allowed number retries. This number must be \u003e 0. If not specified, defaults to 1.",
-          "format": "uint32",
-          "type": "integer"
+        "hasStatefulConfig": {
+          "description": "[Output Only] A bit indicating whether the managed instance group has stateful configuration, that is, if you have configured any items in a stateful policy or in per-instance configs. The group might report that it has no stateful configuration even when there is still some preserved state on a managed instance, for example, if you have deleted all PICs but not yet applied those deletions.",
+          "type": "boolean"
         },
-        "perTryTimeout": {
-          "$ref": "Duration",
-          "description": "Specifies a non-zero timeout per retry attempt. If not specified, will use the timeout set in the HttpRouteAction field. If timeout in the HttpRouteAction field is not set, this field uses the largest timeout among all backend services associated with the route. Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true."
+        "isStateful": {
+          "deprecated": true,
+          "description": "[Output Only] A bit indicating whether the managed instance group has stateful configuration, that is, if you have configured any items in a stateful policy or in per-instance configs. The group might report that it has no stateful configuration even when there is still some preserved state on a managed instance, for example, if you have deleted all PICs but not yet applied those deletions. This field is deprecated in favor of has_stateful_config.",
+          "type": "boolean"
         },
-        "retryConditions": {
-          "description": "Specifies one or more conditions when this retry policy applies. Valid values are: - 5xx: retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams. - gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. - connect-failure: a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts. - retriable-4xx: a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409. - refused-stream: a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - cancelled: a retry is attempted if the gRPC status code in the response header is set to cancelled. - deadline-exceeded: a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded. - internal: a retry is attempted if the gRPC status code in the response header is set to internal. - resource-exhausted: a retry is attempted if the gRPC status code in the response header is set to resource-exhausted. - unavailable: a retry is attempted if the gRPC status code in the response header is set to unavailable. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true. - cancelled - deadline-exceeded - internal - resource-exhausted - unavailable ",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "perInstanceConfigs": {
+          "$ref": "InstanceGroupManagerStatusStatefulPerInstanceConfigs",
+          "description": "[Output Only] Status of per-instance configurations on the instance."
         }
       },
       "type": "object"
     },
-    "HttpRouteAction": {
-      "id": "HttpRouteAction",
+    "InstanceGroupManagerStatusStatefulPerInstanceConfigs": {
+      "id": "InstanceGroupManagerStatusStatefulPerInstanceConfigs",
       "properties": {
-        "corsPolicy": {
-          "$ref": "CorsPolicy",
-          "description": "The specification for allowing client-side cross-origin requests. For more information about the W3C recommendation for cross-origin resource sharing (CORS), see Fetch API Living Standard. Not supported when the URL map is bound to a target gRPC proxy."
-        },
-        "faultInjectionPolicy": {
-          "$ref": "HttpFaultInjection",
-          "description": "The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. As part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service. Similarly requests from clients can be aborted by the load balancer for a percentage of requests. timeout and retry_policy is ignored by clients that are configured with a fault_injection_policy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection. Fault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: Routing and traffic management features."
-        },
-        "maxStreamDuration": {
-          "$ref": "Duration",
-          "description": "Specifies the maximum duration (timeout) for streams on the selected route. Unlike the timeout field where the timeout duration starts from the time the request has been fully processed (known as *end-of-stream*), the duration in this field is computed from the beginning of the stream until the response has been processed, including all retries. A stream that does not complete in this duration is closed. If not specified, this field uses the maximum maxStreamDuration value among all backend services associated with the route. This field is only allowed if the Url map is used with backend services with loadBalancingScheme set to INTERNAL_SELF_MANAGED."
-        },
-        "requestMirrorPolicy": {
-          "$ref": "RequestMirrorPolicy",
-          "description": "Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. The load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow. Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true."
-        },
-        "retryPolicy": {
-          "$ref": "HttpRetryPolicy",
-          "description": "Specifies the retry policy associated with this route."
-        },
-        "timeout": {
-          "$ref": "Duration",
-          "description": "Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as *end-of-stream*) up until the response has been processed. Timeout includes all retries. If not specified, this field uses the largest timeout among all backend services associated with the route. Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true."
-        },
-        "urlRewrite": {
-          "$ref": "UrlRewrite",
-          "description": "The spec to modify the URL of the request, before forwarding the request to the matched service. urlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers. Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true."
-        },
-        "weightedBackendServices": {
-          "description": "A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number. After a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction.",
-          "items": {
-            "$ref": "WeightedBackendService"
-          },
-          "type": "array"
+        "allEffective": {
+          "description": "A bit indicating if all of the group's per-instance configurations (listed in the output of a listPerInstanceConfigs API call) have status EFFECTIVE or there are no per-instance-configs.",
+          "type": "boolean"
         }
       },
       "type": "object"
     },
-    "HttpRouteRule": {
-      "description": "The HttpRouteRule setting specifies how to match an HTTP request and the corresponding routing action that load balancing proxies perform.",
-      "id": "HttpRouteRule",
+    "InstanceGroupManagerStatusVersionTarget": {
+      "id": "InstanceGroupManagerStatusVersionTarget",
       "properties": {
-        "customErrorResponsePolicy": {
-          "$ref": "CustomErrorResponsePolicy",
-          "description": "customErrorResponsePolicy specifies how the Load Balancer returns error responses when BackendServiceor BackendBucket responds with an error. If a policy for an error code is not configured for the RouteRule, a policy for the error code configured in pathMatcher.defaultCustomErrorResponsePolicy is applied. If one is not specified in pathMatcher.defaultCustomErrorResponsePolicy, the policy configured in UrlMap.defaultCustomErrorResponsePolicy takes effect. For example, consider a UrlMap with the following configuration: - UrlMap.defaultCustomErrorResponsePolicy are configured with policies for 5xx and 4xx errors - A RouteRule for /coming_soon/ is configured for the error code 404. If the request is for www.myotherdomain.com and a 404 is encountered, the policy under UrlMap.defaultCustomErrorResponsePolicy takes effect. If a 404 response is encountered for the request www.example.com/current_events/, the pathMatcher's policy takes effect. If however, the request for www.example.com/coming_soon/ encounters a 404, the policy in RouteRule.customErrorResponsePolicy takes effect. If any of the requests in this example encounter a 500 error code, the policy at UrlMap.defaultCustomErrorResponsePolicy takes effect. When used in conjunction with routeRules.routeAction.retryPolicy, retries take precedence. Only once all retries are exhausted, the customErrorResponsePolicy is applied. While attempting a retry, if load balancer is successful in reaching the service, the customErrorResponsePolicy is ignored and the response from the service is returned to the client. customErrorResponsePolicy is supported only for Global External HTTP(S) load balancing."
-        },
-        "description": {
-          "description": "The short description conveying the intent of this routeRule. The description can have a maximum length of 1024 characters.",
+        "isReached": {
+          "description": "[Output Only] A bit indicating whether version target has been reached in this managed instance group, i.e. all instances are in their target version. Instances' target version are specified by version field on Instance Group Manager.",
+          "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
+    "InstanceGroupManagerUpdatePolicy": {
+      "id": "InstanceGroupManagerUpdatePolicy",
+      "properties": {
+        "instanceRedistributionType": {
+          "description": "The instance redistribution policy for regional managed instance groups. Valid values are: - PROACTIVE (default): The group attempts to maintain an even distribution of VM instances across zones in the region. - NONE: For non-autoscaled groups, proactive redistribution is disabled. ",
+          "enum": [
+            "NONE",
+            "PROACTIVE"
+          ],
+          "enumDescriptions": [
+            "No action is being proactively performed in order to bring this IGM to its target instance distribution.",
+            "This IGM will actively converge to its target instance distribution."
+          ],
           "type": "string"
         },
-        "headerAction": {
-          "$ref": "HttpHeaderAction",
-          "description": "Specifies changes to request and response headers that need to take effect for the selected backendService. The headerAction value specified here is applied before the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].routeAction.weightedBackendService.backendServiceWeightAction[].headerAction HeaderAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true."
-        },
-        "httpFilterConfigs": {
-          "description": "Outbound route specific configuration for networkservices.HttpFilter resources enabled by Traffic Director. httpFilterConfigs only applies for load balancers with loadBalancingScheme set to INTERNAL_SELF_MANAGED. See ForwardingRule for more details. Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true.",
-          "items": {
-            "$ref": "HttpFilterConfig"
-          },
-          "type": "array"
-        },
-        "httpFilterMetadata": {
-          "description": "Outbound route specific metadata supplied to networkservices.HttpFilter resources enabled by Traffic Director. httpFilterMetadata only applies for load balancers with loadBalancingScheme set to INTERNAL_SELF_MANAGED. See ForwardingRule for more details. The only configTypeUrl supported is type.googleapis.com/google.protobuf.Struct Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true.",
-          "items": {
-            "$ref": "HttpFilterConfig"
-          },
-          "type": "array"
+        "maxSurge": {
+          "$ref": "FixedOrPercent",
+          "description": "The maximum number of instances that can be created above the specified targetSize during the update process. This value can be either a fixed number or, if the group has 10 or more instances, a percentage. If you set a percentage, the number of instances is rounded if necessary. The default value for maxSurge is a fixed value equal to the number of zones in which the managed instance group operates. At least one of either maxSurge or maxUnavailable must be greater than 0. Learn more about maxSurge."
         },
-        "matchRules": {
-          "description": "The list of criteria for matching attributes of a request to this routeRule. This list has OR semantics: the request matches this routeRule when any of the matchRules are satisfied. However predicates within a given matchRule have AND semantics. All predicates within a matchRule must match for the request to match the rule.",
-          "items": {
-            "$ref": "HttpRouteRuleMatch"
-          },
-          "type": "array"
+        "maxUnavailable": {
+          "$ref": "FixedOrPercent",
+          "description": "The maximum number of instances that can be unavailable during the update process. An instance is considered available if all of the following conditions are satisfied: - The instance's status is RUNNING. - If there is a health check on the instance group, the instance's health check status must be HEALTHY at least once. If there is no health check on the group, then the instance only needs to have a status of RUNNING to be considered available. This value can be either a fixed number or, if the group has 10 or more instances, a percentage. If you set a percentage, the number of instances is rounded if necessary. The default value for maxUnavailable is a fixed value equal to the number of zones in which the managed instance group operates. At least one of either maxSurge or maxUnavailable must be greater than 0. Learn more about maxUnavailable."
         },
-        "priority": {
-          "description": "For routeRules within a given pathMatcher, priority determines the order in which a load balancer interprets routeRules. RouteRules are evaluated in order of priority, from the lowest to highest number. The priority of a rule decreases as its number increases (1, 2, 3, N+1). The first rule that matches the request is applied. You cannot configure two or more routeRules with the same priority. Priority for each rule must be set to a number from 0 to 2147483647 inclusive. Priority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules.",
+        "minReadySec": {
+          "description": "Minimum number of seconds to wait for after a newly created instance becomes available. This value must be from range [0, 3600].",
           "format": "int32",
           "type": "integer"
         },
-        "routeAction": {
-          "$ref": "HttpRouteAction",
-          "description": "In response to a matching matchRule, the load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If routeAction specifies any weightedBackendServices, service must not be set. Conversely if service is set, routeAction cannot contain any weightedBackendServices. Only one of urlRedirect, service or routeAction.weightedBackendService must be set. URL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within a route rule's routeAction."
+        "minimalAction": {
+          "description": "Minimal action to be taken on an instance. Use this option to minimize disruption as much as possible or to apply a more disruptive action than is necessary. - To limit disruption as much as possible, set the minimal action to REFRESH. If your update requires a more disruptive action, Compute Engine performs the necessary action to execute the update. - To apply a more disruptive action than is strictly necessary, set the minimal action to RESTART or REPLACE. For example, Compute Engine does not need to restart a VM to change its metadata. But if your application reads instance metadata only when a VM is restarted, you can set the minimal action to RESTART in order to pick up metadata changes. ",
+          "enum": [
+            "NONE",
+            "REFRESH",
+            "REPLACE",
+            "RESTART"
+          ],
+          "enumDescriptions": [
+            "Do not perform any action.",
+            "Do not stop the instance.",
+            "(Default.) Replace the instance according to the replacement method option.",
+            "Stop the instance and start it again."
+          ],
+          "type": "string"
         },
-        "service": {
-          "description": "The full or partial URL of the backend service resource to which traffic is directed if this rule is matched. If routeAction is also specified, advanced routing actions, such as URL rewrites, take effect before sending the request to the backend. However, if service is specified, routeAction cannot contain any weightedBackendServices. Conversely, if routeAction specifies any weightedBackendServices, service must not be specified. Only one of urlRedirect, service or routeAction.weightedBackendService must be set.",
+        "mostDisruptiveAllowedAction": {
+          "description": "Most disruptive action that is allowed to be taken on an instance. You can specify either NONE to forbid any actions, REFRESH to avoid restarting the VM and to limit disruption as much as possible. RESTART to allow actions that can be applied without instance replacing or REPLACE to allow all possible actions. If the Updater determines that the minimal update action needed is more disruptive than most disruptive allowed action you specify it will not perform the update at all.",
+          "enum": [
+            "NONE",
+            "REFRESH",
+            "REPLACE",
+            "RESTART"
+          ],
+          "enumDescriptions": [
+            "Do not perform any action.",
+            "Do not stop the instance.",
+            "(Default.) Replace the instance according to the replacement method option.",
+            "Stop the instance and start it again."
+          ],
           "type": "string"
         },
-        "urlRedirect": {
-          "$ref": "HttpRedirectAction",
-          "description": "When this rule is matched, the request is redirected to a URL specified by urlRedirect. If urlRedirect is specified, service or routeAction must not be set. Not supported when the URL map is bound to a target gRPC proxy."
+        "replacementMethod": {
+          "description": "What action should be used to replace instances. See minimal_action.REPLACE",
+          "enum": [
+            "RECREATE",
+            "SUBSTITUTE"
+          ],
+          "enumDescriptions": [
+            "Instances will be recreated (with the same name)",
+            "Default option: instances will be deleted and created (with a new name)"
+          ],
+          "type": "string"
+        },
+        "type": {
+          "description": "The type of update process. You can specify either PROACTIVE so that the MIG automatically updates VMs to the latest configurations or OPPORTUNISTIC so that you can select the VMs that you want to update.",
+          "enum": [
+            "OPPORTUNISTIC",
+            "PROACTIVE"
+          ],
+          "enumDescriptions": [
+            "MIG will apply new configurations to existing VMs only when you selectively target specific or all VMs to be updated.",
+            "MIG will automatically apply new configurations to all or a subset of existing VMs and also to new VMs that are added to the group."
+          ],
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "HttpRouteRuleMatch": {
-      "description": "HttpRouteRuleMatch specifies a set of criteria for matching requests to an HttpRouteRule. All specified criteria must be satisfied for a match to occur.",
-      "id": "HttpRouteRuleMatch",
+    "InstanceGroupManagerVersion": {
+      "id": "InstanceGroupManagerVersion",
       "properties": {
-        "fullPathMatch": {
-          "description": "For satisfying the matchRule condition, the path of the request must exactly match the value specified in fullPathMatch after removing any query parameters and anchor that may be part of the original URL. fullPathMatch must be from 1 to 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must be specified.",
+        "instanceTemplate": {
+          "description": "The URL of the instance template that is specified for this managed instance group. The group uses this template to create new instances in the managed instance group until the `targetSize` for this version is reached. The templates for existing instances in the group do not change unless you run recreateInstances, run applyUpdatesToInstances, or set the group's updatePolicy.type to PROACTIVE; in those cases, existing instances are updated until the `targetSize` for this version is reached.",
           "type": "string"
         },
-        "headerMatches": {
-          "description": "Specifies a list of header match criteria, all of which must match corresponding headers in the request.",
+        "name": {
+          "description": "Name of the version. Unique among all versions in the scope of this managed instance group.",
+          "type": "string"
+        },
+        "tag": {
+          "description": "Tag describing the version. Used to trigger rollout of a target version even if instance_template remains unchanged. Deprecated in favor of 'name'.",
+          "type": "string"
+        },
+        "targetSize": {
+          "$ref": "FixedOrPercent",
+          "description": "Specifies the intended number of instances to be created from the instanceTemplate. The final number of instances created from the template will be equal to: - If expressed as a fixed number, the minimum of either targetSize.fixed or instanceGroupManager.targetSize is used. - if expressed as a percent, the targetSize would be (targetSize.percent/100 * InstanceGroupManager.targetSize) If there is a remainder, the number is rounded. If unset, this version will update any remaining instances not updated by another version. Read Starting a canary update for more information."
+        }
+      },
+      "type": "object"
+    },
+    "InstanceGroupManagersAbandonInstancesRequest": {
+      "id": "InstanceGroupManagersAbandonInstancesRequest",
+      "properties": {
+        "instances": {
+          "description": "The URLs of one or more instances to abandon. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
           "items": {
-            "$ref": "HttpHeaderMatch"
+            "type": "string"
           },
           "type": "array"
-        },
-        "ignoreCase": {
-          "description": "Specifies that prefixMatch and fullPathMatch matches are case sensitive. The default value is false. ignoreCase must not be used with regexMatch. Not supported when the URL map is bound to a target gRPC proxy.",
+        }
+      },
+      "type": "object"
+    },
+    "InstanceGroupManagersApplyUpdatesRequest": {
+      "description": "InstanceGroupManagers.applyUpdatesToInstances",
+      "id": "InstanceGroupManagersApplyUpdatesRequest",
+      "properties": {
+        "allInstances": {
+          "description": "Flag to update all instances instead of specified list of “instances”. If the flag is set to true then the instances may not be specified in the request.",
           "type": "boolean"
         },
-        "metadataFilters": {
-          "description": "Opaque filter criteria used by the load balancer to restrict routing configuration to a limited set of xDS compliant clients. In their xDS requests to the load balancer, xDS clients present node metadata. When there is a match, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels provided in the metadata. If multiple metadata filters are specified, all of them need to be satisfied in order to be considered a match. metadataFilters specified here is applied after those specified in ForwardingRule that refers to the UrlMap this HttpRouteRuleMatch belongs to. metadataFilters only applies to load balancers that have loadBalancingScheme set to INTERNAL_SELF_MANAGED. Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true.",
+        "instances": {
+          "description": "The list of URLs of one or more instances for which you want to apply updates. Each URL can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
           "items": {
-            "$ref": "MetadataFilter"
+            "type": "string"
           },
           "type": "array"
         },
-        "pathTemplateMatch": {
-          "description": "If specified, the route is a pattern match expression that must match the :path header once the query string is removed. A pattern match allows you to match - The value must be between 1 and 1024 characters - The pattern must start with a leading slash (\"/\") - There may be no more than 5 operators in pattern Precisely one of prefix_match, full_path_match, regex_match or path_template_match must be set.",
+        "maximalAction": {
+          "description": "The maximal action that should be performed on the instances. By default REPLACE. This field is deprecated, please use most_disruptive_allowed_action.",
+          "enum": [
+            "NONE",
+            "REFRESH",
+            "REPLACE",
+            "RESTART"
+          ],
+          "enumDescriptions": [
+            "Do not perform any action.",
+            "Do not stop the instance.",
+            "(Default.) Replace the instance according to the replacement method option.",
+            "Stop the instance and start it again."
+          ],
           "type": "string"
         },
-        "prefixMatch": {
-          "description": "For satisfying the matchRule condition, the request's path must begin with the specified prefixMatch. prefixMatch must begin with a /. The value must be from 1 to 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must be specified.",
+        "minimalAction": {
+          "description": "The minimal action that you want to perform on each instance during the update: - REPLACE: At minimum, delete the instance and create it again. - RESTART: Stop the instance and start it again. - REFRESH: Do not stop the instance and limit disruption as much as possible. - NONE: Do not disrupt the instance at all. By default, the minimum action is NONE. If your update requires a more disruptive action than you set with this flag, the necessary action is performed to execute the update.",
+          "enum": [
+            "NONE",
+            "REFRESH",
+            "REPLACE",
+            "RESTART"
+          ],
+          "enumDescriptions": [
+            "Do not perform any action.",
+            "Do not stop the instance.",
+            "(Default.) Replace the instance according to the replacement method option.",
+            "Stop the instance and start it again."
+          ],
           "type": "string"
         },
-        "queryParameterMatches": {
-          "description": "Specifies a list of query parameter match criteria, all of which must match corresponding query parameters in the request. Not supported when the URL map is bound to a target gRPC proxy.",
+        "mostDisruptiveAllowedAction": {
+          "description": "The most disruptive action that you want to perform on each instance during the update: - REPLACE: Delete the instance and create it again. - RESTART: Stop the instance and start it again. - REFRESH: Do not stop the instance and limit disruption as much as possible. - NONE: Do not disrupt the instance at all. By default, the most disruptive allowed action is REPLACE. If your update requires a more disruptive action than you set with this flag, the update request will fail.",
+          "enum": [
+            "NONE",
+            "REFRESH",
+            "REPLACE",
+            "RESTART"
+          ],
+          "enumDescriptions": [
+            "Do not perform any action.",
+            "Do not stop the instance.",
+            "(Default.) Replace the instance according to the replacement method option.",
+            "Stop the instance and start it again."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "InstanceGroupManagersCreateInstancesRequest": {
+      "description": "InstanceGroupManagers.createInstances",
+      "id": "InstanceGroupManagersCreateInstancesRequest",
+      "properties": {
+        "instances": {
+          "description": "[Required] List of specifications of per-instance configs.",
           "items": {
-            "$ref": "HttpQueryParameterMatch"
+            "$ref": "PerInstanceConfig"
           },
           "type": "array"
-        },
-        "regexMatch": {
-          "description": "For satisfying the matchRule condition, the path of the request must satisfy the regular expression specified in regexMatch after removing any query parameters and anchor supplied with the original URL. For more information about regular expression syntax, see Syntax. Only one of prefixMatch, fullPathMatch or regexMatch must be specified. Regular expressions can only be used when the loadBalancingScheme is set to INTERNAL_SELF_MANAGED.",
-          "type": "string"
         }
       },
       "type": "object"
     },
-    "HttpsHealthCheck": {
-      "description": "Represents a legacy HTTPS Health Check resource. Legacy HTTPS health checks have been deprecated. If you are using a target pool-based network load balancer, you must use a legacy HTTP (not HTTPS) health check. For all other load balancers, including backend service-based network load balancers, and for managed instance group auto-healing, you must use modern (non-legacy) health checks. For more information, see Health checks overview .",
-      "id": "HttpsHealthCheck",
+    "InstanceGroupManagersDeleteInstancesRequest": {
+      "id": "InstanceGroupManagersDeleteInstancesRequest",
       "properties": {
-        "checkIntervalSec": {
-          "description": "How often (in seconds) to send a health check. The default value is 5 seconds.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
-          "type": "string"
-        },
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
-          "type": "string"
-        },
-        "healthyThreshold": {
-          "description": "A so-far unhealthy instance will be marked healthy after this many consecutive successes. The default value is 2.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "host": {
-          "description": "The value of the host header in the HTTPS health check request. If left empty (default value), the public IP on behalf of which this health check is performed will be used.",
-          "type": "string"
-        },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "kind": {
-          "default": "compute#httpsHealthCheck",
-          "description": "Type of the resource.",
-          "type": "string"
-        },
-        "name": {
-          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "port": {
-          "description": "The TCP port number for the HTTPS health check request. The default value is 443.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "requestPath": {
-          "description": "The request path of the HTTPS health check request. The default value is \"/\".",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
-          "type": "string"
-        },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
-          "type": "string"
-        },
-        "timeoutSec": {
-          "description": "How long (in seconds) to wait before claiming failure. The default value is 5 seconds. It is invalid for timeoutSec to have a greater value than checkIntervalSec.",
-          "format": "int32",
-          "type": "integer"
+        "instanceNames": {
+          "description": "The list of instance names to delete. Queued instances do not have URL and can be deleted only by name. You cannot specify both URLs and names in a single request.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         },
-        "unhealthyThreshold": {
-          "description": "A so-far healthy instance will be marked unhealthy after this many consecutive failures. The default value is 2.",
-          "format": "int32",
-          "type": "integer"
+        "instances": {
+          "description": "The URLs of one or more instances to delete. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME]. Queued instances do not have URL and can be deleted only by name. One cannot specify both URLs and names in a single request.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "skipInstancesOnValidationError": {
+          "description": "Specifies whether the request should proceed despite the inclusion of instances that are not members of the group or that are already in the process of being deleted or abandoned. If this field is set to `false` and such an instance is specified in the request, the operation fails. The operation always fails if the request contains a malformed instance URL or a reference to an instance that exists in a zone or region other than the group's zone or region.",
+          "type": "boolean"
         }
       },
       "type": "object"
     },
-    "HttpsHealthCheckList": {
-      "description": "Contains a list of HttpsHealthCheck resources.",
-      "id": "HttpsHealthCheckList",
+    "InstanceGroupManagersDeletePerInstanceConfigsReq": {
+      "description": "InstanceGroupManagers.deletePerInstanceConfigs",
+      "id": "InstanceGroupManagersDeletePerInstanceConfigsReq",
+      "properties": {
+        "names": {
+          "description": "The list of instance names for which we want to delete per-instance configs on this managed instance group.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "InstanceGroupManagersListErrorsResponse": {
+      "id": "InstanceGroupManagersListErrorsResponse",
       "properties": {
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
-          "type": "string"
-        },
         "items": {
-          "description": "A list of HttpsHealthCheck resources.",
+          "description": "[Output Only] The list of errors of the managed instance group.",
           "items": {
-            "$ref": "HttpsHealthCheck"
+            "$ref": "InstanceManagedByIgmError"
           },
           "type": "array"
         },
-        "kind": {
-          "default": "compute#httpsHealthCheckList",
-          "description": "Type of resource.",
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "InstanceGroupManagersListManagedInstancesResponse": {
+      "id": "InstanceGroupManagersListManagedInstancesResponse",
+      "properties": {
+        "managedInstances": {
+          "description": "[Output Only] The list of instances in the managed instance group.",
+          "items": {
+            "$ref": "ManagedInstance"
+          },
+          "type": "array"
         },
         "nextPageToken": {
           "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "InstanceGroupManagersListPerInstanceConfigsResp": {
+      "id": "InstanceGroupManagersListPerInstanceConfigsResp",
+      "properties": {
+        "items": {
+          "description": "[Output Only] The list of PerInstanceConfig.",
+          "items": {
+            "$ref": "PerInstanceConfig"
+          },
+          "type": "array"
         },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
           "type": "string"
         },
         "warning": {
@@ -51694,6 +58063,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -51712,6 +58082,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -51723,6 +58123,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -51770,277 +58171,73 @@
       },
       "type": "object"
     },
-    "Image": {
-      "description": "Represents an Image resource. You can use images to create boot disks for your VM instances. For more information, read Images.",
-      "id": "Image",
+    "InstanceGroupManagersPatchPerInstanceConfigsReq": {
+      "description": "InstanceGroupManagers.patchPerInstanceConfigs",
+      "id": "InstanceGroupManagersPatchPerInstanceConfigsReq",
       "properties": {
-        "architecture": {
-          "description": "The architecture of the image. Valid values are ARM64 or X86_64.",
-          "enum": [
-            "ARCHITECTURE_UNSPECIFIED",
-            "ARM64",
-            "X86_64"
-          ],
-          "enumDescriptions": [
-            "Default value indicating Architecture is not set.",
-            "Machines with architecture ARM64",
-            "Machines with architecture X86_64"
-          ],
-          "type": "string"
-        },
-        "archiveSizeBytes": {
-          "description": "Size of the image tar.gz archive stored in Google Cloud Storage (in bytes).",
-          "format": "int64",
-          "type": "string"
-        },
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
-          "type": "string"
-        },
-        "deprecated": {
-          "$ref": "DeprecationStatus",
-          "description": "The deprecation status associated with this image."
-        },
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
-          "type": "string"
-        },
-        "diskSizeGb": {
-          "description": "Size of the image when restored onto a persistent disk (in GB).",
-          "format": "int64",
-          "type": "string"
-        },
-        "family": {
-          "description": "The name of the image family to which this image belongs. The image family name can be from a publicly managed image family provided by Compute Engine, or from a custom image family you create. For example, centos-stream-9 is a publicly available image family. For more information, see Image family best practices. When creating disks, you can specify an image family instead of a specific image name. The image family always returns its latest image that is not deprecated. The name of the image family must comply with RFC1035.",
-          "type": "string"
-        },
-        "guestOsFeatures": {
-          "description": "A list of features to enable on the guest operating system. Applicable only for bootable images. To see a list of available options, see the guestOSfeatures[].type parameter.",
-          "items": {
-            "$ref": "GuestOsFeature"
-          },
-          "type": "array"
-        },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "imageEncryptionKey": {
-          "$ref": "CustomerEncryptionKey",
-          "description": "Encrypts the image using a customer-supplied encryption key. After you encrypt an image with a customer-supplied key, you must provide the same key if you use the image later (e.g. to create a disk from the image). Customer-supplied encryption keys do not protect access to metadata of the disk. If you do not provide an encryption key when creating the image, then the disk will be encrypted using an automatically generated key and you do not need to provide a key to use the image later."
-        },
-        "kind": {
-          "default": "compute#image",
-          "description": "[Output Only] Type of the resource. Always compute#image for images.",
-          "type": "string"
-        },
-        "labelFingerprint": {
-          "description": "A fingerprint for the labels being applied to this image, which is essentially a hash of the labels used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve an image.",
-          "format": "byte",
-          "type": "string"
-        },
-        "labels": {
-          "additionalProperties": {
-            "type": "string"
-          },
-          "description": "Labels to apply to this image. These can be later modified by the setLabels method.",
-          "type": "object"
-        },
-        "licenseCodes": {
-          "description": "Integer license codes indicating which licenses are attached to this image.",
+        "perInstanceConfigs": {
+          "description": "The list of per-instance configurations to insert or patch on this managed instance group.",
           "items": {
-            "format": "int64",
-            "type": "string"
+            "$ref": "PerInstanceConfig"
           },
           "type": "array"
-        },
-        "licenses": {
-          "description": "Any applicable license URI.",
+        }
+      },
+      "type": "object"
+    },
+    "InstanceGroupManagersRecreateInstancesRequest": {
+      "id": "InstanceGroupManagersRecreateInstancesRequest",
+      "properties": {
+        "instances": {
+          "description": "The URLs of one or more instances to recreate. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
           "items": {
             "type": "string"
           },
           "type": "array"
-        },
-        "locked": {
-          "description": "A flag for marketplace VM disk created from the image, which is designed for marketplace VM disk to prevent the proprietary data on the disk from being accessed unwantedly. The flag will be inherited by the disk created from the image. The disk with locked flag set to true will be prohibited from performing the operations below: - R/W or R/O disk attach - Disk detach, if disk is created via create-on-create - Create images - Create snapshots - Create disk clone (create disk from the current disk) The image with the locked field set to true will be prohibited from performing the operations below: - Create images from the current image - Update the locked field for the current image The instance with at least one disk with locked flag set to true will be prohibited from performing the operations below: - Secondary disk attach - Create instant snapshot - Create machine images - Create instance template - Delete the instance with --keep-disk parameter set to true ",
-          "type": "boolean"
-        },
-        "name": {
-          "annotations": {
-            "required": [
-              "compute.images.insert"
-            ]
-          },
-          "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "rawDisk": {
-          "description": "The parameters of the raw disk image.",
-          "properties": {
-            "containerType": {
-              "description": "The format used to encode and transmit the block device, which should be TAR. This is just a container and transmission format and not a runtime format. Provided by the client when the disk image is created.",
-              "enum": [
-                "TAR"
-              ],
-              "enumDescriptions": [
-                ""
-              ],
-              "type": "string"
-            },
-            "sha1Checksum": {
-              "description": "[Deprecated] This field is deprecated. An optional SHA1 checksum of the disk image before unpackaging provided by the client when the disk image is created.",
-              "pattern": "[a-f0-9]{40}",
-              "type": "string"
-            },
-            "source": {
-              "description": "The full Google Cloud Storage URL where the raw disk image archive is stored. The following are valid formats for the URL: - https://storage.googleapis.com/bucket_name/image_archive_name - https://storage.googleapis.com/bucket_name/folder_name/ image_archive_name In order to create an image, you must provide the full or partial URL of one of the following: - The rawDisk.source URL - The sourceDisk URL - The sourceImage URL - The sourceSnapshot URL ",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        },
-        "rolloutOverride": {
-          "$ref": "RolloutPolicy",
-          "description": "A rollout policy to apply to this image. When specified, the rollout policy overrides per-zone references to the image via the associated image family. The rollout policy restricts the zones where this image is accessible when using a zonal image family reference. When the rollout policy does not include the user specified zone, or if the zone is rolled out, this image is accessible. The rollout policy for this image is read-only, except for allowlisted users. This field might not be configured. To view the latest non-deprecated image in a specific zone, use the imageFamilyViews.get method."
-        },
-        "satisfiesPzs": {
-          "description": "[Output Only] Reserved for future use.",
+        }
+      },
+      "type": "object"
+    },
+    "InstanceGroupManagersResizeAdvancedRequest": {
+      "id": "InstanceGroupManagersResizeAdvancedRequest",
+      "properties": {
+        "noCreationRetries": {
+          "description": "If this flag is true, the managed instance group attempts to create all instances initiated by this resize request only once. If there is an error during creation, the managed instance group does not retry create this instance, and we will decrease the targetSize of the request instead. If the flag is false, the group attempts to recreate each instance continuously until it succeeds. This flag matters only in the first attempt of creation of an instance. After an instance is successfully created while this flag is enabled, the instance behaves the same way as all the other instances created with a regular resize request. In particular, if a running instance dies unexpectedly at a later time and needs to be recreated, this mode does not affect the recreation behavior in that scenario. This flag is applicable only to the current resize request. It does not influence other resize requests in any way. You can see which instances is being creating in which mode by calling the get or listManagedInstances API.",
           "type": "boolean"
         },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
-          "type": "string"
-        },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource's resource id.",
-          "type": "string"
-        },
-        "shieldedInstanceInitialState": {
-          "$ref": "InitialStateConfig",
-          "description": "Set the secure boot keys of shielded instance."
-        },
-        "sourceDisk": {
-          "description": "URL of the source disk used to create this image. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - projects/project/zones/zone/disks/disk - zones/zone/disks/disk In order to create an image, you must provide the full or partial URL of one of the following: - The rawDisk.source URL - The sourceDisk URL - The sourceImage URL - The sourceSnapshot URL ",
-          "type": "string"
-        },
-        "sourceDiskEncryptionKey": {
-          "$ref": "CustomerEncryptionKey",
-          "description": "The customer-supplied encryption key of the source disk. Required if the source disk is protected by a customer-supplied encryption key."
-        },
-        "sourceDiskId": {
-          "description": "[Output Only] The ID value of the disk used to create this image. This value may be used to determine whether the image was taken from the current or a previous instance of a given disk name.",
-          "type": "string"
-        },
-        "sourceImage": {
-          "description": "URL of the source image used to create this image. The following are valid formats for the URL: - https://www.googleapis.com/compute/v1/projects/project_id/global/ images/image_name - projects/project_id/global/images/image_name In order to create an image, you must provide the full or partial URL of one of the following: - The rawDisk.source URL - The sourceDisk URL - The sourceImage URL - The sourceSnapshot URL ",
-          "type": "string"
-        },
-        "sourceImageEncryptionKey": {
-          "$ref": "CustomerEncryptionKey",
-          "description": "The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key."
-        },
-        "sourceImageId": {
-          "description": "[Output Only] The ID value of the image used to create this image. This value may be used to determine whether the image was taken from the current or a previous instance of a given image name.",
-          "type": "string"
-        },
-        "sourceSnapshot": {
-          "description": "URL of the source snapshot used to create this image. The following are valid formats for the URL: - https://www.googleapis.com/compute/v1/projects/project_id/global/ snapshots/snapshot_name - projects/project_id/global/snapshots/snapshot_name In order to create an image, you must provide the full or partial URL of one of the following: - The rawDisk.source URL - The sourceDisk URL - The sourceImage URL - The sourceSnapshot URL ",
-          "type": "string"
-        },
-        "sourceSnapshotEncryptionKey": {
-          "$ref": "CustomerEncryptionKey",
-          "description": "The customer-supplied encryption key of the source snapshot. Required if the source snapshot is protected by a customer-supplied encryption key."
-        },
-        "sourceSnapshotId": {
-          "description": "[Output Only] The ID value of the snapshot used to create this image. This value may be used to determine whether the snapshot was taken from the current or a previous instance of a given snapshot name.",
-          "type": "string"
-        },
-        "sourceType": {
-          "default": "RAW",
-          "description": "The type of the image used to create this disk. The default and only valid value is RAW.",
-          "enum": [
-            "RAW"
-          ],
-          "enumDescriptions": [
-            ""
-          ],
-          "type": "string"
-        },
-        "status": {
-          "description": "[Output Only] The status of the image. An image can be used to create other resources, such as instances, only after the image has been successfully created and the status is set to READY. Possible values are FAILED, PENDING, or READY.",
-          "enum": [
-            "DELETING",
-            "FAILED",
-            "PENDING",
-            "READY"
-          ],
-          "enumDescriptions": [
-            "Image is deleting.",
-            "Image creation failed due to an error.",
-            "Image hasn't been created as yet.",
-            "Image has been successfully created."
-          ],
-          "type": "string"
-        },
-        "storageLocations": {
-          "description": "Cloud Storage bucket storage location of the image (regional or multi-regional).",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "userLicenses": {
-          "description": "A list of publicly visible user-licenses. Unlike regular licenses, user provided licenses can be modified after the disk is created. This includes a list of URLs to the license resource. For example, to provide a debian license: https://www.googleapis.com/compute/v1/projects/debian-cloud/global/licenses/debian-9-stretch ",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "targetSize": {
+          "description": "The number of running instances that the managed instance group should maintain at any given time. The group automatically adds or removes instances to maintain the number of instances specified by this parameter.",
+          "format": "int32",
+          "type": "integer"
         }
       },
       "type": "object"
     },
-    "ImageFamilyView": {
-      "id": "ImageFamilyView",
+    "InstanceGroupManagersResumeInstancesRequest": {
+      "id": "InstanceGroupManagersResumeInstancesRequest",
       "properties": {
-        "image": {
-          "$ref": "Image",
-          "description": "The latest image that is part of the specified image family in the requested location, and that is not deprecated."
+        "instances": {
+          "description": "The URLs of one or more instances to resume. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "ImageList": {
-      "description": "Contains a list of images.",
-      "id": "ImageList",
+    "InstanceGroupManagersScopedList": {
+      "id": "InstanceGroupManagersScopedList",
       "properties": {
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
-          "type": "string"
-        },
-        "items": {
-          "description": "A list of Image resources.",
+        "instanceGroupManagers": {
+          "description": "[Output Only] The list of managed instance groups that are contained in the specified project and zone.",
           "items": {
-            "$ref": "Image"
+            "$ref": "InstanceGroupManager"
           },
           "type": "array"
         },
-        "kind": {
-          "default": "compute#imageList",
-          "description": "Type of resource.",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
-          "type": "string"
-        },
         "warning": {
-          "description": "[Output Only] Informational warning message.",
+          "description": "[Output Only] The warning that replaces the list of managed instance groups when the list is empty.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -52055,6 +58252,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -52073,6 +58271,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -52084,6 +58312,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -52131,364 +58360,137 @@
       },
       "type": "object"
     },
-    "InitialStateConfig": {
-      "description": "Initial State for shielded instance, these are public keys which are safe to store in public",
-      "id": "InitialStateConfig",
+    "InstanceGroupManagersSetAutoHealingRequest": {
+      "id": "InstanceGroupManagersSetAutoHealingRequest",
       "properties": {
-        "dbs": {
-          "description": "The Key Database (db).",
-          "items": {
-            "$ref": "FileContentBuffer"
-          },
-          "type": "array"
-        },
-        "dbxs": {
-          "description": "The forbidden key database (dbx).",
-          "items": {
-            "$ref": "FileContentBuffer"
-          },
-          "type": "array"
-        },
-        "keks": {
-          "description": "The Key Exchange Key (KEK).",
+        "autoHealingPolicies": {
           "items": {
-            "$ref": "FileContentBuffer"
+            "$ref": "InstanceGroupManagerAutoHealingPolicy"
           },
           "type": "array"
-        },
-        "pk": {
-          "$ref": "FileContentBuffer",
-          "description": "The Platform Key (PK)."
         }
       },
       "type": "object"
-    },
-    "Instance": {
-      "description": "Represents an Instance resource. An instance is a virtual machine that is hosted on Google Cloud Platform. For more information, read Virtual Machine Instances.",
-      "id": "Instance",
-      "properties": {
-        "advancedMachineFeatures": {
-          "$ref": "AdvancedMachineFeatures",
-          "description": "Controls for advanced machine-related behavior features."
-        },
-        "canIpForward": {
-          "description": "Allows this instance to send and receive packets with non-matching destination or source IPs. This is required if you plan to use this instance to forward routes. For more information, see Enabling IP Forwarding .",
-          "type": "boolean"
-        },
-        "confidentialInstanceConfig": {
-          "$ref": "ConfidentialInstanceConfig"
-        },
-        "cpuPlatform": {
-          "description": "[Output Only] The CPU platform used by this instance.",
-          "type": "string"
-        },
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
-          "type": "string"
-        },
-        "deletionProtection": {
-          "description": "Whether the resource should be protected against deletion.",
-          "type": "boolean"
-        },
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
-          "type": "string"
-        },
-        "disks": {
-          "description": "Array of disks associated with this instance. Persistent disks must be created before you can assign them.",
-          "items": {
-            "$ref": "AttachedDisk"
-          },
-          "type": "array"
-        },
-        "displayDevice": {
-          "$ref": "DisplayDevice",
-          "description": "Enables display device for the instance."
-        },
-        "eraseWindowsVssSignature": {
-          "description": "Specifies whether the disks restored from source snapshots or source machine image should erase Windows specific VSS signature.",
-          "type": "boolean"
-        },
-        "fingerprint": {
-          "description": "Specifies a fingerprint for this resource, which is essentially a hash of the instance's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update the instance. You must always provide an up-to-date fingerprint hash in order to update the instance. To see the latest fingerprint, make get() request to the instance.",
-          "format": "byte",
-          "type": "string"
-        },
-        "guestAccelerators": {
-          "description": "A list of the type and count of accelerator cards attached to the instance.",
-          "items": {
-            "$ref": "AcceleratorConfig"
-          },
-          "type": "array"
-        },
-        "hostname": {
-          "description": "Specifies the hostname of the instance. The specified hostname must be RFC1035 compliant. If hostname is not specified, the default hostname is [INSTANCE_NAME].c.[PROJECT_ID].internal when using the global DNS, and [INSTANCE_NAME].[ZONE].c.[PROJECT_ID].internal when using zonal DNS.",
-          "type": "string"
-        },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "instanceEncryptionKey": {
-          "$ref": "CustomerEncryptionKey",
-          "description": "Encrypts suspended data for an instance with a customer-managed encryption key. If you are creating a new instance, this field will encrypt the local SSD and in-memory contents of the instance during the suspend operation. If you do not provide an encryption key when creating the instance, then the local SSD and in-memory contents will be encrypted using an automatically generated key during the suspend operation."
-        },
-        "keyRevocationActionType": {
-          "description": "KeyRevocationActionType of the instance. Supported options are \"STOP\" and \"NONE\". The default value is \"NONE\" if it is not specified.",
-          "enum": [
-            "KEY_REVOCATION_ACTION_TYPE_UNSPECIFIED",
-            "NONE",
-            "STOP"
-          ],
-          "enumDescriptions": [
-            "Default value. This value is unused.",
-            "Indicates user chose no operation.",
-            "Indicates user chose to opt for VM shutdown on key revocation."
-          ],
-          "type": "string"
-        },
-        "kind": {
-          "default": "compute#instance",
-          "description": "[Output Only] Type of the resource. Always compute#instance for instances.",
-          "type": "string"
-        },
-        "labelFingerprint": {
-          "description": "A fingerprint for this request, which is essentially a hash of the label's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels. To see the latest fingerprint, make get() request to the instance.",
-          "format": "byte",
-          "type": "string"
-        },
-        "labels": {
-          "additionalProperties": {
-            "type": "string"
-          },
-          "description": "Labels to apply to this instance. These can be later modified by the setLabels method.",
-          "type": "object"
-        },
-        "lastStartTimestamp": {
-          "description": "[Output Only] Last start timestamp in RFC3339 text format.",
-          "type": "string"
-        },
-        "lastStopTimestamp": {
-          "description": "[Output Only] Last stop timestamp in RFC3339 text format.",
-          "type": "string"
-        },
-        "lastSuspendedTimestamp": {
-          "description": "[Output Only] Last suspended timestamp in RFC3339 text format.",
-          "type": "string"
-        },
-        "machineType": {
-          "description": "Full or partial URL of the machine type resource to use for this instance, in the format: zones/zone/machineTypes/machine-type. This is provided by the client when the instance is created. For example, the following is a valid partial url to a predefined machine type: zones/us-central1-f/machineTypes/n1-standard-1 To create a custom machine type, provide a URL to a machine type in the following format, where CPUS is 1 or an even number up to 32 (2, 4, 6, ... 24, etc), and MEMORY is the total memory for this instance. Memory must be a multiple of 256 MB and must be supplied in MB (e.g. 5 GB of memory is 5120 MB): zones/zone/machineTypes/custom-CPUS-MEMORY For example: zones/us-central1-f/machineTypes/custom-4-5120 For a full list of restrictions, read the Specifications for custom machine types.",
+    },
+    "InstanceGroupManagersSetInstanceTemplateRequest": {
+      "id": "InstanceGroupManagersSetInstanceTemplateRequest",
+      "properties": {
+        "instanceTemplate": {
+          "description": "The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group. The templates for existing instances in the group do not change unless you run recreateInstances, run applyUpdatesToInstances, or set the group's updatePolicy.type to PROACTIVE.",
           "type": "string"
-        },
-        "metadata": {
-          "$ref": "Metadata",
-          "description": "The metadata key/value pairs assigned to this instance. This includes custom metadata and predefined keys."
-        },
-        "minCpuPlatform": {
-          "description": "Specifies a minimum CPU platform for the VM instance. Applicable values are the friendly names of CPU platforms, such as minCpuPlatform: \"Intel Haswell\" or minCpuPlatform: \"Intel Sandy Bridge\".",
+        }
+      },
+      "type": "object"
+    },
+    "InstanceGroupManagersSetTargetPoolsRequest": {
+      "id": "InstanceGroupManagersSetTargetPoolsRequest",
+      "properties": {
+        "fingerprint": {
+          "description": "The fingerprint of the target pools information. Use this optional property to prevent conflicts when multiple users change the target pools settings concurrently. Obtain the fingerprint with the instanceGroupManagers.get method. Then, include the fingerprint in your request to ensure that you do not overwrite changes that were applied from another concurrent request.",
+          "format": "byte",
           "type": "string"
         },
-        "name": {
-          "annotations": {
-            "required": [
-              "compute.instances.insert"
-            ]
+        "targetPools": {
+          "description": "The list of target pool URLs that instances in this managed instance group belong to. The managed instance group applies these target pools to all of the instances in the group. Existing instances and new instances in the group all receive these target pool settings.",
+          "items": {
+            "type": "string"
           },
-          "description": "The name of the resource, provided by the client when initially creating the resource. The resource name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "networkInterfaces": {
-          "description": "An array of network configurations for this instance. These specify how interfaces are configured to interact with other network services, such as connecting to the internet. Multiple interfaces are supported per instance.",
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "InstanceGroupManagersStartInstancesRequest": {
+      "id": "InstanceGroupManagersStartInstancesRequest",
+      "properties": {
+        "instances": {
+          "description": "The URLs of one or more instances to start. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
           "items": {
-            "$ref": "NetworkInterface"
+            "type": "string"
           },
           "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "InstanceGroupManagersStopInstancesRequest": {
+      "id": "InstanceGroupManagersStopInstancesRequest",
+      "properties": {
+        "forceStop": {
+          "description": "If this flag is set to true, the Instance Group Manager will proceed to stop the instances, skipping initialization on them.",
+          "type": "boolean"
         },
-        "networkPerformanceConfig": {
-          "$ref": "NetworkPerformanceConfig"
-        },
-        "params": {
-          "$ref": "InstanceParams",
-          "description": "Input only. [Input Only] Additional params passed with the request, but not persisted as part of resource payload."
-        },
-        "postKeyRevocationActionType": {
-          "description": "PostKeyRevocationActionType of the instance.",
-          "enum": [
-            "NOOP",
-            "POST_KEY_REVOCATION_ACTION_TYPE_UNSPECIFIED",
-            "SHUTDOWN"
-          ],
-          "enumDescriptions": [
-            "Indicates user chose no operation.",
-            "Default value. This value is unused.",
-            "Indicates user chose to opt for VM shutdown on key revocation."
-          ],
-          "type": "string"
-        },
-        "preservedStateSizeGb": {
-          "description": "Total amount of preserved state for SUSPENDED instances. Read-only in the api.",
-          "format": "int64",
-          "type": "string"
-        },
-        "privateIpv6GoogleAccess": {
-          "description": "The private IPv6 google access type for the VM. If not specified, use INHERIT_FROM_SUBNETWORK as default.",
-          "enum": [
-            "ENABLE_BIDIRECTIONAL_ACCESS_TO_GOOGLE",
-            "ENABLE_OUTBOUND_VM_ACCESS_TO_GOOGLE",
-            "INHERIT_FROM_SUBNETWORK"
-          ],
-          "enumDescriptions": [
-            "Bidirectional private IPv6 access to/from Google services. If specified, the subnetwork who is attached to the instance's default network interface will be assigned an internal IPv6 prefix if it doesn't have before.",
-            "Outbound private IPv6 access from VMs in this subnet to Google services. If specified, the subnetwork who is attached to the instance's default network interface will be assigned an internal IPv6 prefix if it doesn't have before.",
-            "Each network interface inherits PrivateIpv6GoogleAccess from its subnetwork."
-          ],
-          "type": "string"
-        },
-        "reservationAffinity": {
-          "$ref": "ReservationAffinity",
-          "description": "Specifies the reservations that this instance can consume from."
-        },
-        "resourcePolicies": {
-          "description": "Resource policies applied to this instance.",
+        "instances": {
+          "description": "The URLs of one or more instances to stop. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
           "items": {
             "type": "string"
           },
           "type": "array"
-        },
-        "resourceStatus": {
-          "$ref": "ResourceStatus",
-          "description": "[Output Only] Specifies values set for instance attributes as compared to the values requested by user in the corresponding input only field."
-        },
-        "satisfiesPzs": {
-          "description": "[Output Only] Reserved for future use.",
+        }
+      },
+      "type": "object"
+    },
+    "InstanceGroupManagersSuspendInstancesRequest": {
+      "id": "InstanceGroupManagersSuspendInstancesRequest",
+      "properties": {
+        "forceSuspend": {
+          "description": "If this flag is set to true, the Instance Group Manager will proceed to suspend the instances, skipping initialization on them.",
           "type": "boolean"
         },
-        "scheduling": {
-          "$ref": "Scheduling",
-          "description": "Sets the scheduling options for this instance."
-        },
-        "secureTags": {
-          "description": "[Input Only] Secure tags to apply to this instance. These can be later modified by the update method. Maximum number of secure tags allowed is 50.",
+        "instances": {
+          "description": "The URLs of one or more instances to suspend. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
           "items": {
             "type": "string"
           },
           "type": "array"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
-          "type": "string"
-        },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
-          "type": "string"
-        },
-        "serviceAccounts": {
-          "description": "A list of service accounts, with their specified scopes, authorized for this instance. Only one service account per VM instance is supported. Service accounts generate access tokens that can be accessed through the metadata server and used to authenticate applications on the instance. See Service Accounts for more information.",
+        }
+      },
+      "type": "object"
+    },
+    "InstanceGroupManagersUpdatePerInstanceConfigsReq": {
+      "description": "InstanceGroupManagers.updatePerInstanceConfigs",
+      "id": "InstanceGroupManagersUpdatePerInstanceConfigsReq",
+      "properties": {
+        "perInstanceConfigs": {
+          "description": "The list of per-instance configurations to insert or patch on this managed instance group.",
           "items": {
-            "$ref": "ServiceAccount"
+            "$ref": "PerInstanceConfig"
           },
           "type": "array"
-        },
-        "serviceIntegrationSpecs": {
-          "additionalProperties": {
-            "$ref": "ServiceIntegrationSpec"
+        }
+      },
+      "type": "object"
+    },
+    "InstanceGroupsAddInstancesRequest": {
+      "id": "InstanceGroupsAddInstancesRequest",
+      "properties": {
+        "instances": {
+          "description": "The list of instances to add to the instance group.",
+          "items": {
+            "$ref": "InstanceReference"
           },
-          "description": "Mapping of user-defined keys to specifications for service integrations. Currently only a single key-value pair is supported.",
-          "type": "object"
-        },
-        "shieldedInstanceConfig": {
-          "$ref": "ShieldedInstanceConfig"
-        },
-        "shieldedInstanceIntegrityPolicy": {
-          "$ref": "ShieldedInstanceIntegrityPolicy"
-        },
-        "shieldedVmConfig": {
-          "$ref": "ShieldedVmConfig",
-          "description": "Deprecating, please use shielded_instance_config."
-        },
-        "shieldedVmIntegrityPolicy": {
-          "$ref": "ShieldedVmIntegrityPolicy",
-          "description": "Deprecating, please use shielded_instance_integrity_policy."
-        },
-        "sourceMachineImage": {
-          "description": "Source machine image",
-          "type": "string"
-        },
-        "sourceMachineImageEncryptionKey": {
-          "$ref": "CustomerEncryptionKey",
-          "description": "Source machine image encryption key when creating an instance from a machine image."
-        },
-        "startRestricted": {
-          "description": "[Output Only] Whether a VM has been restricted for start because Compute Engine has detected suspicious activity.",
-          "type": "boolean"
-        },
-        "status": {
-          "description": "[Output Only] The status of the instance. One of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED. For more information about the status of the instance, see Instance life cycle.",
-          "enum": [
-            "DEPROVISIONING",
-            "PROVISIONING",
-            "REPAIRING",
-            "RUNNING",
-            "STAGING",
-            "STOPPED",
-            "STOPPING",
-            "SUSPENDED",
-            "SUSPENDING",
-            "TERMINATED"
-          ],
-          "enumDescriptions": [
-            "The Nanny is halted and we are performing tear down tasks like network deprogramming, releasing quota, IP, tearing down disks etc.",
-            "Resources are being allocated for the instance.",
-            "The instance is in repair.",
-            "The instance is running.",
-            "All required resources have been allocated and the instance is being started.",
-            "The instance has stopped successfully.",
-            "The instance is currently stopping (either being deleted or killed).",
-            "The instance has suspended.",
-            "The instance is suspending.",
-            "The instance has stopped (either by explicit action or underlying failure)."
-          ],
-          "type": "string"
-        },
-        "statusMessage": {
-          "description": "[Output Only] An optional, human-readable explanation of the status.",
-          "type": "string"
-        },
-        "tags": {
-          "$ref": "Tags",
-          "description": "Tags to apply to this instance. Tags are used to identify valid sources or targets for network firewalls and are specified by the client during instance creation. The tags can be later modified by the setTags method. Each tag within the list must comply with RFC1035. Multiple tags can be specified via the 'tags.items' field."
-        },
-        "upcomingMaintenance": {
-          "$ref": "UpcomingMaintenance",
-          "description": "[Output Only] Specifies upcoming maintenance for the instance."
-        },
-        "zone": {
-          "description": "[Output Only] URL of the zone where the instance resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
-          "type": "string"
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "InstanceAggregatedList": {
-      "id": "InstanceAggregatedList",
+    "InstanceGroupsListInstances": {
+      "id": "InstanceGroupsListInstances",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "additionalProperties": {
-            "$ref": "InstancesScopedList",
-            "description": "[Output Only] Name of the scope containing this set of instances."
+          "description": "A list of InstanceWithNamedPorts resources.",
+          "items": {
+            "$ref": "InstanceWithNamedPorts"
           },
-          "description": "An object that contains a list of instances scoped by zone.",
-          "type": "object"
+          "type": "array"
         },
         "kind": {
-          "default": "compute#instanceAggregatedList",
-          "description": "[Output Only] Type of resource. Always compute#instanceAggregatedList for aggregated lists of Instance resources.",
+          "default": "compute#instanceGroupsListInstances",
+          "description": "[Output Only] The resource type, which is always compute#instanceGroupsListInstances for the list of instances in the specified instance group.",
           "type": "string"
         },
         "nextPageToken": {
@@ -52499,13 +58501,6 @@
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
-        "unreachables": {
-          "description": "[Output Only] Unreachable resources.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -52522,6 +58517,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -52540,6 +58536,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -52551,6 +58577,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -52598,157 +58625,217 @@
       },
       "type": "object"
     },
-    "InstanceConsumptionData": {
-      "id": "InstanceConsumptionData",
+    "InstanceGroupsListInstancesRequest": {
+      "id": "InstanceGroupsListInstancesRequest",
       "properties": {
-        "consumptionInfo": {
-          "$ref": "InstanceConsumptionInfo",
-          "description": "Resources consumed by the instance."
-        },
-        "instance": {
-          "description": "Server-defined URL for the instance.",
+        "instanceState": {
+          "description": "A filter for the state of the instances in the instance group. Valid options are ALL or RUNNING. If you do not specify this parameter the list includes all instances regardless of their state.",
+          "enum": [
+            "ALL",
+            "RUNNING"
+          ],
+          "enumDescriptions": [
+            "Includes all instances in the generated list regardless of their state.",
+            "Includes instances in the generated list only if they have a RUNNING state."
+          ],
           "type": "string"
         }
       },
       "type": "object"
     },
-    "InstanceConsumptionInfo": {
-      "id": "InstanceConsumptionInfo",
+    "InstanceGroupsRemoveInstancesRequest": {
+      "id": "InstanceGroupsRemoveInstancesRequest",
       "properties": {
-        "guestCpus": {
-          "description": "The number of virtual CPUs that are available to the instance.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "localSsdGb": {
-          "description": "The amount of local SSD storage available to the instance, defined in GiB.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "memoryMb": {
-          "description": "The amount of physical memory available to the instance, defined in MiB.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "minNodeCpus": {
-          "description": "The minimal guaranteed number of virtual CPUs that are reserved.",
-          "format": "int32",
-          "type": "integer"
+        "instances": {
+          "description": "The list of instances to remove from the instance group.",
+          "items": {
+            "$ref": "InstanceReference"
+          },
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "InstanceGroup": {
-      "description": "Represents an Instance Group resource. Instance Groups can be used to configure a target for load balancing. Instance groups can either be managed or unmanaged. To create managed instance groups, use the instanceGroupManager or regionInstanceGroupManager resource instead. Use zonal unmanaged instance groups if you need to apply load balancing to groups of heterogeneous instances or if you need to manage the instances yourself. You cannot create regional unmanaged instance groups. For more information, read Instance groups.",
-      "id": "InstanceGroup",
+    "InstanceGroupsScopedList": {
+      "id": "InstanceGroupsScopedList",
       "properties": {
-        "creationTimestamp": {
-          "description": "[Output Only] The creation timestamp for this instance group in RFC3339 text format.",
-          "type": "string"
-        },
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
-          "type": "string"
+        "instanceGroups": {
+          "description": "[Output Only] The list of instance groups that are contained in this scope.",
+          "items": {
+            "$ref": "InstanceGroup"
+          },
+          "type": "array"
         },
+        "warning": {
+          "description": "[Output Only] An informational warning that replaces the list of instance groups when the list is empty.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "InstanceGroupsSetNamedPortsRequest": {
+      "id": "InstanceGroupsSetNamedPortsRequest",
+      "properties": {
         "fingerprint": {
-          "description": "[Output Only] The fingerprint of the named ports. The system uses this fingerprint to detect conflicts when multiple users change the named ports concurrently.",
+          "description": "The fingerprint of the named ports information for this instance group. Use this optional property to prevent conflicts when multiple users change the named ports settings concurrently. Obtain the fingerprint with the instanceGroups.get method. Then, include the fingerprint in your request to ensure that you do not overwrite changes that were applied from another concurrent request. A request with an incorrect fingerprint will fail with error 412 conditionNotMet.",
           "format": "byte",
           "type": "string"
         },
-        "id": {
-          "description": "[Output Only] A unique identifier for this instance group, generated by the server.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "kind": {
-          "default": "compute#instanceGroup",
-          "description": "[Output Only] The resource type, which is always compute#instanceGroup for instance groups.",
-          "type": "string"
-        },
-        "name": {
-          "annotations": {
-            "required": [
-              "compute.instanceGroups.insert"
-            ]
-          },
-          "description": "The name of the instance group. The name must be 1-63 characters long, and comply with RFC1035.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
         "namedPorts": {
-          "description": " Assigns a name to a port number. For example: {name: \"http\", port: 80} This allows the system to reference ports by the assigned name instead of a port number. Named ports can also contain multiple ports. For example: [{name: \"app1\", port: 8080}, {name: \"app1\", port: 8081}, {name: \"app2\", port: 8082}] Named ports apply to all instances in this instance group. ",
+          "description": "The list of named ports to set for this instance group.",
           "items": {
             "$ref": "NamedPort"
           },
           "type": "array"
-        },
-        "network": {
-          "description": "[Output Only] The URL of the network to which all instances in the instance group belong. If your instance has multiple network interfaces, then the network and subnetwork fields only refer to the network and subnet used by your primary interface (nic0).",
-          "type": "string"
-        },
-        "region": {
-          "description": "[Output Only] The URL of the region where the instance group is located (for regional resources).",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] The URL for this instance group. The server generates this URL.",
-          "type": "string"
-        },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
-          "type": "string"
-        },
-        "size": {
-          "description": "[Output Only] The total number of instances in the instance group.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "subnetwork": {
-          "description": "[Output Only] The URL of the subnetwork to which all instances in the instance group belong. If your instance has multiple network interfaces, then the network and subnetwork fields only refer to the network and subnet used by your primary interface (nic0).",
-          "type": "string"
-        },
-        "zone": {
-          "description": "[Output Only] The URL of the zone where the instance group is located (for zonal resources).",
-          "type": "string"
         }
       },
       "type": "object"
     },
-    "InstanceGroupAggregatedList": {
-      "id": "InstanceGroupAggregatedList",
+    "InstanceList": {
+      "description": "Contains a list of instances.",
+      "id": "InstanceList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "additionalProperties": {
-            "$ref": "InstanceGroupsScopedList",
-            "description": "The name of the scope that contains this set of instance groups."
+          "description": "A list of Instance resources.",
+          "items": {
+            "$ref": "Instance"
           },
-          "description": "A list of InstanceGroupsScopedList resources.",
-          "type": "object"
+          "type": "array"
         },
         "kind": {
-          "default": "compute#instanceGroupAggregatedList",
-          "description": "[Output Only] The resource type, which is always compute#instanceGroupAggregatedList for aggregated lists of instance groups.",
+          "default": "compute#instanceList",
+          "description": "[Output Only] Type of resource. Always compute#instanceList for lists of Instance resources.",
           "type": "string"
         },
         "nextPageToken": {
           "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
           "type": "string"
         },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
-          "type": "string"
-        },
-        "unreachables": {
-          "description": "[Output Only] Unreachable resources.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -52765,6 +58852,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -52783,6 +58871,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -52794,6 +58912,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -52841,24 +58960,24 @@
       },
       "type": "object"
     },
-    "InstanceGroupList": {
-      "description": "A list of InstanceGroup resources.",
-      "id": "InstanceGroupList",
+    "InstanceListReferrers": {
+      "description": "Contains a list of instance referrers.",
+      "id": "InstanceListReferrers",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of InstanceGroup resources.",
+          "description": "A list of Reference resources.",
           "items": {
-            "$ref": "InstanceGroup"
+            "$ref": "Reference"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#instanceGroupList",
-          "description": "[Output Only] The resource type, which is always compute#instanceGroupList for instance group lists.",
+          "default": "compute#instanceListReferrers",
+          "description": "[Output Only] Type of resource. Always compute#instanceListReferrers for lists of Instance referrers.",
           "type": "string"
         },
         "nextPageToken": {
@@ -52885,6 +59004,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -52903,6 +59023,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -52914,6 +59064,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -52961,273 +59112,439 @@
       },
       "type": "object"
     },
-    "InstanceGroupManager": {
-      "description": "Represents a Managed Instance Group resource. An instance group is a collection of VM instances that you can manage as a single entity. For more information, read Instance groups. For zonal Managed Instance Group, use the instanceGroupManagers resource. For regional Managed Instance Group, use the regionInstanceGroupManagers resource.",
-      "id": "InstanceGroupManager",
+    "InstanceManagedByIgmError": {
+      "id": "InstanceManagedByIgmError",
       "properties": {
-        "allInstancesConfig": {
-          "$ref": "InstanceGroupManagerAllInstancesConfig",
-          "description": "Specifies configuration that overrides the instance template configuration for the group."
-        },
-        "autoHealingPolicies": {
-          "description": "The autohealing policy for this managed instance group. You can specify only one value.",
-          "items": {
-            "$ref": "InstanceGroupManagerAutoHealingPolicy"
-          },
-          "type": "array"
-        },
-        "baseInstanceName": {
-          "annotations": {
-            "required": [
-              "compute.instanceGroupManagers.insert"
-            ]
-          },
-          "description": "The base instance name to use for instances in this group. The value must be 1-58 characters long. Instances are named by appending a hyphen and a random four-character string to the base instance name. The base instance name must comply with RFC1035.",
-          "pattern": "[a-z][-a-z0-9]{0,57}",
-          "type": "string"
-        },
-        "creationTimestamp": {
-          "description": "[Output Only] The creation timestamp for this managed instance group in RFC3339 text format.",
-          "type": "string"
+        "error": {
+          "$ref": "InstanceManagedByIgmErrorManagedInstanceError",
+          "description": "[Output Only] Contents of the error."
         },
-        "currentActions": {
-          "$ref": "InstanceGroupManagerActionsSummary",
-          "description": "[Output Only] The list of instance actions and the number of instances in this managed instance group that are scheduled for each of those actions."
+        "instanceActionDetails": {
+          "$ref": "InstanceManagedByIgmErrorInstanceActionDetails",
+          "description": "[Output Only] Details of the instance action that triggered this error. May be null, if the error was not caused by an action on an instance. This field is optional."
         },
-        "description": {
-          "description": "An optional description of this resource.",
+        "timestamp": {
+          "description": "[Output Only] The time that this error occurred. This value is in RFC3339 text format.",
           "type": "string"
-        },
-        "distributionPolicy": {
-          "$ref": "DistributionPolicy",
-          "description": "Policy specifying the intended distribution of managed instances across zones in a regional managed instance group."
-        },
-        "failoverAction": {
-          "description": "The action to perform in case of zone failure. Only one value is supported, NO_FAILOVER. The default is NO_FAILOVER.",
+        }
+      },
+      "type": "object"
+    },
+    "InstanceManagedByIgmErrorInstanceActionDetails": {
+      "id": "InstanceManagedByIgmErrorInstanceActionDetails",
+      "properties": {
+        "action": {
+          "description": "[Output Only] Action that managed instance group was executing on the instance when the error occurred. Possible values:",
           "enum": [
-            "NO_FAILOVER",
-            "UNKNOWN"
+            "ABANDONING",
+            "CREATING",
+            "CREATING_ATOMICALLY",
+            "CREATING_IN_BULK",
+            "CREATING_WITHOUT_RETRIES",
+            "DELETING",
+            "NONE",
+            "QUEUING",
+            "RECREATING",
+            "REFRESHING",
+            "RESTARTING",
+            "RESUMING",
+            "STARTING",
+            "STOPPING",
+            "SUSPENDING",
+            "VERIFYING"
           ],
           "enumDescriptions": [
-            "",
-            ""
+            "The managed instance group is abandoning this instance. The instance will be removed from the instance group and from any target pools that are associated with this group.",
+            "The managed instance group is creating this instance. If the group fails to create this instance, it will try again until it is successful.",
+            "The managed instance group is creating this instance atomically.",
+            "The managed instance group is creating this instance in bulk.",
+            "The managed instance group is attempting to create this instance only once. If the group fails to create this instance, it does not try again and the group's targetSize value is decreased.",
+            "The managed instance group is permanently deleting this instance.",
+            "The managed instance group has not scheduled any actions for this instance.",
+            "The managed instance group is queuing this instance.",
+            "The managed instance group is recreating this instance.",
+            "The managed instance group is applying configuration changes to the instance without stopping it. For example, the group can update the target pool list for an instance without stopping that instance.",
+            "The managed instance group is restarting this instance.",
+            "The managed instance group is resuming this instance.",
+            "The managed instance group is starting this instance.",
+            "The managed instance group is stopping this instance.",
+            "The managed instance group is suspending this instance.",
+            "The managed instance group is verifying this already created instance. Verification happens every time the instance is (re)created or restarted and consists of: 1. Waiting until health check specified as part of this managed instance group's autohealing policy reports HEALTHY. Note: Applies only if autohealing policy has a health check specified 2. Waiting for addition verification steps performed as post-instance creation (subject to future extensions)."
           ],
           "type": "string"
         },
-        "fingerprint": {
-          "description": "Fingerprint of this resource. This field may be used in optimistic locking. It will be ignored when inserting an InstanceGroupManager. An up-to-date fingerprint must be provided in order to update the InstanceGroupManager, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve an InstanceGroupManager.",
-          "format": "byte",
+        "instance": {
+          "description": "[Output Only] The URL of the instance. The URL can be set even if the instance has not yet been created.",
           "type": "string"
         },
-        "id": {
-          "description": "[Output Only] A unique identifier for this resource type. The server generates this identifier.",
-          "format": "uint64",
+        "version": {
+          "$ref": "ManagedInstanceVersion",
+          "description": "[Output Only] Version this instance was created from, or was being created from, but the creation failed. Corresponds to one of the versions that were set on the Instance Group Manager resource at the time this instance was being created."
+        }
+      },
+      "type": "object"
+    },
+    "InstanceManagedByIgmErrorManagedInstanceError": {
+      "id": "InstanceManagedByIgmErrorManagedInstanceError",
+      "properties": {
+        "code": {
+          "description": "[Output Only] Error code.",
           "type": "string"
         },
-        "instanceGroup": {
-          "description": "[Output Only] The URL of the Instance Group resource.",
+        "message": {
+          "description": "[Output Only] Error message.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "InstanceMoveRequest": {
+      "id": "InstanceMoveRequest",
+      "properties": {
+        "destinationZone": {
+          "description": "The URL of the destination zone to move the instance. This can be a full or partial URL. For example, the following are all valid URLs to a zone: - https://www.googleapis.com/compute/v1/projects/project/zones/zone - projects/project/zones/zone - zones/zone ",
           "type": "string"
         },
-        "instanceLifecyclePolicy": {
-          "$ref": "InstanceGroupManagerInstanceLifecyclePolicy",
-          "description": "The repair policy for this managed instance group."
-        },
-        "instanceTemplate": {
-          "description": "The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group. The templates for existing instances in the group do not change unless you run recreateInstances, run applyUpdatesToInstances, or set the group's updatePolicy.type to PROACTIVE.",
+        "targetInstance": {
+          "description": "The URL of the target instance to move. This can be a full or partial URL. For example, the following are all valid URLs to an instance: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /instances/instance - projects/project/zones/zone/instances/instance - zones/zone/instances/instance ",
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "InstanceParams": {
+      "description": "Additional instance params.",
+      "id": "InstanceParams",
+      "properties": {
+        "resourceManagerTags": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Resource manager tags to be bound to the instance. Tag keys and values have the same definition as resource manager tags. Keys must be in the format `tagKeys/{tag_key_id}`, and values are in the format `tagValues/456`. The field is ignored (both PUT \u0026 PATCH) when empty.",
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "InstanceProperties": {
+      "id": "InstanceProperties",
+      "properties": {
+        "advancedMachineFeatures": {
+          "$ref": "AdvancedMachineFeatures",
+          "description": "Controls for advanced machine-related behavior features. Note that for MachineImage, this is not supported yet."
         },
-        "kind": {
-          "default": "compute#instanceGroupManager",
-          "description": "[Output Only] The resource type, which is always compute#instanceGroupManager for managed instance groups.",
+        "canIpForward": {
+          "description": "Enables instances created based on these properties to send packets with source IP addresses other than their own and receive packets with destination IP addresses other than their own. If these instances will be used as an IP gateway or it will be set as the next-hop in a Route resource, specify true. If unsure, leave this set to false. See the Enable IP forwarding documentation for more information.",
+          "type": "boolean"
+        },
+        "confidentialInstanceConfig": {
+          "$ref": "ConfidentialInstanceConfig",
+          "description": "Specifies the Confidential Instance options. Note that for MachineImage, this is not supported yet."
+        },
+        "description": {
+          "description": "An optional text description for the instances that are created from these properties.",
           "type": "string"
         },
-        "listManagedInstancesResults": {
-          "description": "Pagination behavior of the listManagedInstances API method for this managed instance group.",
+        "disks": {
+          "description": "An array of disks that are associated with the instances that are created from these properties.",
+          "items": {
+            "$ref": "AttachedDisk"
+          },
+          "type": "array"
+        },
+        "displayDevice": {
+          "$ref": "DisplayDevice",
+          "description": "Display Device properties to enable support for remote display products like: Teradici, VNC and TeamViewer Note that for MachineImage, this is not supported yet."
+        },
+        "guestAccelerators": {
+          "description": "A list of guest accelerator cards' type and count to use for instances created from these properties.",
+          "items": {
+            "$ref": "AcceleratorConfig"
+          },
+          "type": "array"
+        },
+        "keyRevocationActionType": {
+          "description": "KeyRevocationActionType of the instance. Supported options are \"STOP\" and \"NONE\". The default value is \"NONE\" if it is not specified.",
           "enum": [
-            "PAGELESS",
-            "PAGINATED"
+            "KEY_REVOCATION_ACTION_TYPE_UNSPECIFIED",
+            "NONE",
+            "STOP"
           ],
           "enumDescriptions": [
-            "(Default) Pagination is disabled for the group's listManagedInstances API method. maxResults and pageToken query parameters are ignored and all instances are returned in a single response.",
-            "Pagination is enabled for the group's listManagedInstances API method. maxResults and pageToken query parameters are respected."
+            "Default value. This value is unused.",
+            "Indicates user chose no operation.",
+            "Indicates user chose to opt for VM shutdown on key revocation."
           ],
           "type": "string"
         },
-        "name": {
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Labels to apply to instances that are created from these properties.",
+          "type": "object"
+        },
+        "machineType": {
           "annotations": {
             "required": [
-              "compute.instanceGroupManagers.insert",
-              "compute.regionInstanceGroupManagers.insert"
+              "compute.instanceTemplates.insert"
             ]
           },
-          "description": "The name of the managed instance group. The name must be 1-63 characters long, and comply with RFC1035.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "description": "The machine type to use for instances that are created from these properties.",
           "type": "string"
         },
-        "namedPorts": {
-          "description": "Named ports configured for the Instance Groups complementary to this Instance Group Manager.",
+        "metadata": {
+          "$ref": "Metadata",
+          "description": "The metadata key/value pairs to assign to instances that are created from these properties. These pairs can consist of custom metadata or predefined keys. See Project and instance metadata for more information."
+        },
+        "minCpuPlatform": {
+          "description": "Minimum cpu/platform to be used by instances. The instance may be scheduled on the specified or newer cpu/platform. Applicable values are the friendly names of CPU platforms, such as minCpuPlatform: \"Intel Haswell\" or minCpuPlatform: \"Intel Sandy Bridge\". For more information, read Specifying a Minimum CPU Platform.",
+          "type": "string"
+        },
+        "networkInterfaces": {
+          "description": "An array of network access configurations for this interface.",
           "items": {
-            "$ref": "NamedPort"
+            "$ref": "NetworkInterface"
           },
           "type": "array"
         },
-        "region": {
-          "description": "[Output Only] The URL of the region where the managed instance group resides (for regional resources).",
-          "type": "string"
+        "networkPerformanceConfig": {
+          "$ref": "NetworkPerformanceConfig",
+          "description": "Note that for MachineImage, this is not supported yet."
         },
-        "selfLink": {
-          "description": "[Output Only] The URL for this managed instance group. The server defines this URL.",
-          "type": "string"
+        "partnerMetadata": {
+          "additionalProperties": {
+            "$ref": "StructuredEntries"
+          },
+          "description": "Partner Metadata assigned to the instance properties. A map from a subdomain (namespace) to entries map.",
+          "type": "object"
         },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+        "postKeyRevocationActionType": {
+          "description": "PostKeyRevocationActionType of the instance.",
+          "enum": [
+            "NOOP",
+            "POST_KEY_REVOCATION_ACTION_TYPE_UNSPECIFIED",
+            "SHUTDOWN"
+          ],
+          "enumDescriptions": [
+            "Indicates user chose no operation.",
+            "Default value. This value is unused.",
+            "Indicates user chose to opt for VM shutdown on key revocation."
+          ],
           "type": "string"
         },
-        "serviceAccount": {
-          "description": "The service account to be used as credentials for all operations performed by the managed instance group on instances. The service accounts needs all permissions required to create and delete instances. By default, the service account {projectNumber}@cloudservices.gserviceaccount.com is used.",
+        "privateIpv6GoogleAccess": {
+          "description": "The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default. Note that for MachineImage, this is not supported yet.",
+          "enum": [
+            "ENABLE_BIDIRECTIONAL_ACCESS_TO_GOOGLE",
+            "ENABLE_OUTBOUND_VM_ACCESS_TO_GOOGLE",
+            "INHERIT_FROM_SUBNETWORK"
+          ],
+          "enumDescriptions": [
+            "Bidirectional private IPv6 access to/from Google services. If specified, the subnetwork who is attached to the instance's default network interface will be assigned an internal IPv6 prefix if it doesn't have before.",
+            "Outbound private IPv6 access from VMs in this subnet to Google services. If specified, the subnetwork who is attached to the instance's default network interface will be assigned an internal IPv6 prefix if it doesn't have before.",
+            "Each network interface inherits PrivateIpv6GoogleAccess from its subnetwork."
+          ],
           "type": "string"
         },
-        "standbyPolicy": {
-          "$ref": "InstanceGroupManagerStandbyPolicy",
-          "description": "Standby policy for stopped and suspended instances."
+        "reservationAffinity": {
+          "$ref": "ReservationAffinity",
+          "description": "Specifies the reservations that instances can consume from. Note that for MachineImage, this is not supported yet."
         },
-        "statefulPolicy": {
-          "$ref": "StatefulPolicy",
-          "description": "Stateful configuration for this Instanced Group Manager"
+        "resourceManagerTags": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Resource manager tags to be bound to the instance. Tag keys and values have the same definition as resource manager tags. Keys must be in the format `tagKeys/{tag_key_id}`, and values are in the format `tagValues/456`. The field is ignored (both PUT \u0026 PATCH) when empty.",
+          "type": "object"
         },
-        "status": {
-          "$ref": "InstanceGroupManagerStatus",
-          "description": "[Output Only] The status of this managed instance group."
+        "resourcePolicies": {
+          "description": "Resource policies (names, not URLs) applied to instances created from these properties. Note that for MachineImage, this is not supported yet.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         },
-        "targetPools": {
-          "description": "The URLs for all TargetPool resources to which instances in the instanceGroup field are added. The target pools automatically apply to all of the instances in the managed instance group.",
+        "scheduling": {
+          "$ref": "Scheduling",
+          "description": "Specifies the scheduling options for the instances that are created from these properties."
+        },
+        "secureTags": {
+          "description": "[Input Only] Secure tags to apply to this instance. Maximum number of secure tags allowed is 50. Note that for MachineImage, this is not supported yet.",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
-        "targetSize": {
-          "annotations": {
-            "required": [
-              "compute.instanceGroupManagers.insert",
-              "compute.regionInstanceGroupManagers.insert"
-            ]
+        "serviceAccounts": {
+          "description": "A list of service accounts with specified scopes. Access tokens for these service accounts are available to the instances that are created from these properties. Use metadata queries to obtain the access tokens for these instances.",
+          "items": {
+            "$ref": "ServiceAccount"
           },
-          "description": "The target number of running instances for this managed instance group. You can reduce this number by using the instanceGroupManager deleteInstances or abandonInstances methods. Resizing the group also changes this number.",
-          "format": "int32",
-          "type": "integer"
+          "type": "array"
         },
-        "targetStoppedSize": {
-          "description": "The target number of stopped instances for this managed instance group. This number changes when you: - Stop instance using the stopInstances method or start instances using the startInstances method. - Manually change the targetStoppedSize using the update method. ",
-          "format": "int32",
-          "type": "integer"
+        "serviceIntegrationSpecs": {
+          "additionalProperties": {
+            "$ref": "ServiceIntegrationSpec"
+          },
+          "description": "Mapping of user defined keys to ServiceIntegrationSpec.",
+          "type": "object"
         },
-        "targetSuspendedSize": {
-          "description": "The target number of suspended instances for this managed instance group. This number changes when you: - Suspend instance using the suspendInstances method or resume instances using the resumeInstances method. - Manually change the targetSuspendedSize using the update method. ",
-          "format": "int32",
-          "type": "integer"
+        "shieldedInstanceConfig": {
+          "$ref": "ShieldedInstanceConfig",
+          "description": "Note that for MachineImage, this is not supported yet."
         },
-        "updatePolicy": {
-          "$ref": "InstanceGroupManagerUpdatePolicy",
-          "description": "The update policy for this managed instance group."
+        "shieldedVmConfig": {
+          "$ref": "ShieldedVmConfig",
+          "description": "Specifies the Shielded VM options for the instances that are created from these properties."
         },
-        "versions": {
-          "description": "Specifies the instance templates used by this managed instance group to create instances. Each version is defined by an instanceTemplate and a name. Every version can appear at most once per instance group. This field overrides the top-level instanceTemplate field. Read more about the relationships between these fields. Exactly one version must leave the targetSize field unset. That version will be applied to all remaining instances. For more information, read about canary updates.",
-          "items": {
-            "$ref": "InstanceGroupManagerVersion"
+        "tags": {
+          "$ref": "Tags",
+          "description": "A list of tags to apply to the instances that are created from these properties. The tags identify valid sources or targets for network firewalls. The setTags method can modify this list of tags. Each tag within the list must comply with RFC1035."
+        }
+      },
+      "type": "object"
+    },
+    "InstancePropertiesPatch": {
+      "description": "Represents the change that you want to make to the instance properties.",
+      "id": "InstancePropertiesPatch",
+      "properties": {
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
           },
-          "type": "array"
+          "description": "The label key-value pairs that you want to patch onto the instance.",
+          "type": "object"
         },
-        "zone": {
-          "description": "[Output Only] The URL of a zone where the managed instance group is located (for zonal resources).",
+        "metadata": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "The metadata key-value pairs that you want to patch onto the instance. For more information, see Project and instance metadata.",
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "InstanceReference": {
+      "id": "InstanceReference",
+      "properties": {
+        "instance": {
+          "description": "The URL for a specific instance. @required compute.instancegroups.addInstances/removeInstances",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "InstanceGroupManagerActionsSummary": {
-      "id": "InstanceGroupManagerActionsSummary",
+    "InstanceSettings": {
+      "description": "Represents a Instance Settings resource. You can use instance settings to configure default settings for Compute Engine VM instances. For example, you can use it to configure default machine type of Compute Engine VM instances.",
+      "id": "InstanceSettings",
       "properties": {
-        "abandoning": {
-          "description": "[Output Only] The total number of instances in the managed instance group that are scheduled to be abandoned. Abandoning an instance removes it from the managed instance group without deleting it.",
-          "format": "int32",
-          "type": "integer"
+        "email": {
+          "description": "Email address of the service account.",
+          "type": "string"
         },
-        "creating": {
-          "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be created or are currently being created. If the group fails to create any of these instances, it tries again until it creates the instance successfully. If you have disabled creation retries, this field will not be populated; instead, the creatingWithoutRetries field will be populated.",
-          "format": "int32",
-          "type": "integer"
+        "fingerprint": {
+          "description": "Specifies a fingerprint for instance settings, which is essentially a hash of the instance settings resource's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update the instance settings resource. You must always provide an up-to-date fingerprint hash in order to update or change the resource, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve the resource.",
+          "format": "byte",
+          "type": "string"
         },
-        "creatingAtomically": {
-          "description": "[Output Only] The number of instances that the managed instance group will attempt to create atomically, in a batch mode. If the desired count of instances can not be created, entire batch will be deleted and the group will decrease its targetSize value accordingly.",
-          "format": "int32",
-          "type": "integer"
+        "kind": {
+          "default": "compute#instanceSettings",
+          "description": "[Output Only] Type of the resource. Always compute#instance_settings for instance settings.",
+          "type": "string"
         },
-        "creatingWithoutRetries": {
-          "description": "[Output Only] The number of instances that the managed instance group will attempt to create. The group attempts to create each instance only once. If the group fails to create any of these instances, it decreases the group's targetSize value accordingly.",
-          "format": "int32",
-          "type": "integer"
+        "metadata": {
+          "$ref": "InstanceSettingsMetadata",
+          "description": "The metadata key/value pairs assigned to all the instances in the corresponding scope."
         },
-        "deleting": {
-          "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be deleted or are currently being deleted.",
-          "format": "int32",
-          "type": "integer"
+        "zone": {
+          "description": "[Output Only] URL of the zone where the resource resides You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "InstanceSettingsMetadata": {
+      "id": "InstanceSettingsMetadata",
+      "properties": {
+        "kind": {
+          "default": "compute#metadata",
+          "description": "[Output Only] Type of the resource. Always compute#metadata for metadata.",
+          "type": "string"
         },
-        "none": {
-          "description": "[Output Only] The number of instances in the managed instance group that are running and have no scheduled actions.",
-          "format": "int32",
-          "type": "integer"
+        "metadatas": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "A metadata key/value map. The total size of all keys and values must be less than 512KB.",
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "InstanceTemplate": {
+      "description": "Represents an Instance Template resource. You can use instance templates to create VM instances and managed instance groups. For more information, read Instance Templates.",
+      "id": "InstanceTemplate",
+      "properties": {
+        "creationTimestamp": {
+          "description": "[Output Only] The creation timestamp for this instance template in RFC3339 text format.",
+          "type": "string"
         },
-        "queuing": {
-          "description": "[Output Only] The number of instances that the managed instance group is currently queuing.",
-          "format": "int32",
-          "type": "integer"
+        "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
+          "type": "string"
         },
-        "recreating": {
-          "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be recreated or are currently being being recreated. Recreating an instance deletes the existing root persistent disk and creates a new disk from the image that is defined in the instance template.",
-          "format": "int32",
-          "type": "integer"
+        "id": {
+          "description": "[Output Only] A unique identifier for this instance template. The server defines this identifier.",
+          "format": "uint64",
+          "type": "string"
         },
-        "refreshing": {
-          "description": "[Output Only] The number of instances in the managed instance group that are being reconfigured with properties that do not require a restart or a recreate action. For example, setting or removing target pools for the instance.",
-          "format": "int32",
-          "type": "integer"
+        "kind": {
+          "default": "compute#instanceTemplate",
+          "description": "[Output Only] The resource type, which is always compute#instanceTemplate for instance templates.",
+          "type": "string"
         },
-        "restarting": {
-          "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be restarted or are currently being restarted.",
-          "format": "int32",
-          "type": "integer"
+        "name": {
+          "annotations": {
+            "required": [
+              "compute.instanceTemplates.insert"
+            ]
+          },
+          "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
         },
-        "resuming": {
-          "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be resumed or are currently being resumed.",
-          "format": "int32",
-          "type": "integer"
+        "properties": {
+          "$ref": "InstanceProperties",
+          "description": "The instance properties for this instance template."
         },
-        "starting": {
-          "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be started or are currently being started.",
-          "format": "int32",
-          "type": "integer"
+        "region": {
+          "description": "[Output Only] URL of the region where the instance template resides. Only applicable for regional resources.",
+          "type": "string"
         },
-        "stopping": {
-          "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be stopped or are currently being stopped.",
-          "format": "int32",
-          "type": "integer"
+        "selfLink": {
+          "description": "[Output Only] The URL for this instance template. The server defines this URL.",
+          "type": "string"
         },
-        "suspending": {
-          "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be suspended or are currently being suspended.",
-          "format": "int32",
-          "type": "integer"
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "type": "string"
         },
-        "verifying": {
-          "description": "[Output Only] The number of instances in the managed instance group that are being verified. See the managedInstances[].currentAction property in the listManagedInstances method documentation.",
-          "format": "int32",
-          "type": "integer"
+        "sourceInstance": {
+          "description": "The source instance used to create the template. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /instances/instance - projects/project/zones/zone/instances/instance ",
+          "type": "string"
+        },
+        "sourceInstanceParams": {
+          "$ref": "SourceInstanceParams",
+          "description": "The source instance params to use to create this instance template."
         }
       },
       "type": "object"
     },
-    "InstanceGroupManagerAggregatedList": {
-      "id": "InstanceGroupManagerAggregatedList",
+    "InstanceTemplateAggregatedList": {
+      "description": "Contains a list of InstanceTemplatesScopedList.",
+      "id": "InstanceTemplateAggregatedList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
@@ -53235,15 +59552,15 @@
         },
         "items": {
           "additionalProperties": {
-            "$ref": "InstanceGroupManagersScopedList",
-            "description": "[Output Only] The name of the scope that contains this set of managed instance groups."
+            "$ref": "InstanceTemplatesScopedList",
+            "description": "The name of the scope that contains this set of instance templates."
           },
-          "description": "A list of InstanceGroupManagersScopedList resources.",
+          "description": "A list of InstanceTemplatesScopedList resources.",
           "type": "object"
         },
         "kind": {
-          "default": "compute#instanceGroupManagerAggregatedList",
-          "description": "[Output Only] The resource type, which is always compute#instanceGroupManagerAggregatedList for an aggregated list of managed instance groups.",
+          "default": "compute#instanceTemplateAggregatedList",
+          "description": "Type of resource.",
           "type": "string"
         },
         "nextPageToken": {
@@ -53254,13 +59571,6 @@
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
-        "unreachables": {
-          "description": "[Output Only] Unreachable resources.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -53277,6 +59587,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -53295,6 +59606,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -53306,6 +59647,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -53353,120 +59695,24 @@
       },
       "type": "object"
     },
-    "InstanceGroupManagerAllInstancesConfig": {
-      "id": "InstanceGroupManagerAllInstancesConfig",
-      "properties": {
-        "properties": {
-          "$ref": "InstancePropertiesPatch",
-          "description": "Properties to set on all instances in the group. You can add or modify properties using the instanceGroupManagers.patch or regionInstanceGroupManagers.patch. After setting allInstancesConfig on the group, you must update the group's instances to apply the configuration. To apply the configuration, set the group's updatePolicy.type field to use proactive updates or use the applyUpdatesToInstances method."
-        }
-      },
-      "type": "object"
-    },
-    "InstanceGroupManagerAutoHealingPolicy": {
-      "id": "InstanceGroupManagerAutoHealingPolicy",
-      "properties": {
-        "autoHealingTriggers": {
-          "$ref": "InstanceGroupManagerAutoHealingPolicyAutoHealingTriggers",
-          "description": "Restricts what triggers autohealing."
-        },
-        "healthCheck": {
-          "description": "The URL for the health check that signals autohealing.",
-          "type": "string"
-        },
-        "initialDelaySec": {
-          "description": "The number of seconds that the managed instance group waits before it applies autohealing policies to new instances or recently recreated instances. This initial delay allows instances to initialize and run their startup scripts before the instance group determines that they are UNHEALTHY. This prevents the managed instance group from recreating its instances prematurely. This value must be from range [0, 3600].",
-          "format": "int32",
-          "type": "integer"
-        },
-        "maxUnavailable": {
-          "$ref": "FixedOrPercent",
-          "description": "Maximum number of instances that can be unavailable when autohealing. When 'percent' is used, the value is rounded if necessary. The instance is considered available if all of the following conditions are satisfied: 1. Instance's status is RUNNING. 2. Instance's currentAction is NONE (in particular its liveness health check result was observed to be HEALTHY at least once as it passed VERIFYING). 3. There is no outgoing action on an instance triggered by IGM. By default, number of concurrently autohealed instances is smaller than the managed instance group target size. However, if a zonal managed instance group has only one instance, or a regional managed instance group has only one instance per zone, autohealing will recreate these instances when they become unhealthy."
-        }
-      },
-      "type": "object"
-    },
-    "InstanceGroupManagerAutoHealingPolicyAutoHealingTriggers": {
-      "id": "InstanceGroupManagerAutoHealingPolicyAutoHealingTriggers",
-      "properties": {
-        "onHealthCheck": {
-          "description": "If you have configured an application-based health check for the group, this field controls whether to trigger VM autohealing based on a failed health check. Valid values are: - ON (default): The group recreates running VMs that fail the application-based health check. - OFF: When set to OFF, you can still observe instance health state, but the group does not recreate VMs that fail the application-based health check. This is useful for troubleshooting and setting up your health check configuration. ",
-          "enum": [
-            "OFF",
-            "ON"
-          ],
-          "enumDescriptions": [
-            "When set to OFF, you can still observe instance health state, but the group does not recreate VMs that fail the application-based health check. This is useful for troubleshooting and setting up your health check configuration.",
-            "(Default) The group recreates running VMs that fail the group's application-based health check."
-          ],
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "InstanceGroupManagerInstanceLifecyclePolicy": {
-      "id": "InstanceGroupManagerInstanceLifecyclePolicy",
-      "properties": {
-        "defaultActionOnFailure": {
-          "description": "Defines behaviour for all instance or failures",
-          "enum": [
-            "DO_NOTHING",
-            "REPAIR"
-          ],
-          "enumDescriptions": [
-            "If any of the MIG's VMs is not running, or is failing, no repair action will be taken.",
-            "*[Default]* If any of the MIG's VMs is not running - for example, a VM cannot be created during a scale out or a VM fails – then the group will retry until it creates that VM successfully. For more information about how a MIG manages its VMs, see What is a managed instance.\""
-          ],
-          "type": "string"
-        },
-        "forceUpdateOnRepair": {
-          "description": "A bit indicating whether to forcefully apply the group's latest configuration when repairing a VM. Valid options are: - NO (default): If configuration updates are available, they are not forcefully applied during repair. Instead, configuration updates are applied according to the group's update policy. - YES: If configuration updates are available, they are applied during repair. ",
-          "enum": [
-            "NO",
-            "YES"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "metadataBasedReadinessSignal": {
-          "$ref": "InstanceGroupManagerInstanceLifecyclePolicyMetadataBasedReadinessSignal",
-          "description": "The configuration for metadata based readiness signal sent by the instance during initialization when stopping / suspending an instance. The Instance Group Manager will wait for a signal that indicates successful initialization before stopping / suspending an instance. If a successful readiness signal is not sent before timeout, the corresponding instance will not be stopped / suspended. Instead, an error will be visible in the lastAttempt.errors field of the managed instance in the listmanagedinstances method. If metadataBasedReadinessSignal.timeoutSec is unset, the Instance Group Manager will directly proceed to suspend / stop instances, skipping initialization on them."
-        }
-      },
-      "type": "object"
-    },
-    "InstanceGroupManagerInstanceLifecyclePolicyMetadataBasedReadinessSignal": {
-      "id": "InstanceGroupManagerInstanceLifecyclePolicyMetadataBasedReadinessSignal",
-      "properties": {
-        "timeoutSec": {
-          "description": "The number of seconds to wait for a readiness signal during initialization before timing out.",
-          "format": "int32",
-          "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "InstanceGroupManagerList": {
-      "description": "[Output Only] A list of managed instance groups.",
-      "id": "InstanceGroupManagerList",
+    "InstanceTemplateList": {
+      "description": "A list of instance templates.",
+      "id": "InstanceTemplateList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of InstanceGroupManager resources.",
+          "description": "A list of InstanceTemplate resources.",
           "items": {
-            "$ref": "InstanceGroupManager"
+            "$ref": "InstanceTemplate"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#instanceGroupManagerList",
-          "description": "[Output Only] The resource type, which is always compute#instanceGroupManagerList for a list of managed instance groups.",
+          "default": "compute#instanceTemplateList",
+          "description": "[Output Only] The resource type, which is always compute#instanceTemplatesListResponse for instance template lists.",
           "type": "string"
         },
         "nextPageToken": {
@@ -53493,6 +59739,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -53511,6 +59758,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -53522,6 +59799,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -53569,174 +59847,341 @@
       },
       "type": "object"
     },
-    "InstanceGroupManagerResizeRequest": {
-      "description": "InstanceGroupManagerResizeRequest represents a request to create a number of VMs: either immediately or by queuing the request for the specified time. This resize request is nested under InstanceGroupManager and the VMs created by this request are added to the owning InstanceGroupManager.",
-      "id": "InstanceGroupManagerResizeRequest",
+    "InstanceTemplatesScopedList": {
+      "id": "InstanceTemplatesScopedList",
       "properties": {
-        "count": {
-          "description": "The count of instances to create as part of this resize request.",
-          "format": "int32",
-          "type": "integer"
+        "instanceTemplates": {
+          "description": "[Output Only] A list of instance templates that are contained within the specified project and zone.",
+          "items": {
+            "$ref": "InstanceTemplate"
+          },
+          "type": "array"
         },
-        "creationTimestamp": {
-          "description": "[Output Only] The creation timestamp for this resize request in RFC3339 text format.",
+        "warning": {
+          "description": "[Output Only] An informational warning that replaces the list of instance templates when the list is empty.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "InstanceWithNamedPorts": {
+      "id": "InstanceWithNamedPorts",
+      "properties": {
+        "instance": {
+          "description": "[Output Only] The URL of the instance.",
           "type": "string"
         },
-        "description": {
-          "description": "An optional description of this resource.",
-          "type": "string"
+        "namedPorts": {
+          "description": "[Output Only] The named ports that belong to this instance group.",
+          "items": {
+            "$ref": "NamedPort"
+          },
+          "type": "array"
         },
-        "id": {
-          "description": "[Output Only] A unique identifier for this resource type. The server generates this identifier.",
-          "format": "uint64",
+        "status": {
+          "description": "[Output Only] The status of the instance.",
+          "enum": [
+            "DEPROVISIONING",
+            "PROVISIONING",
+            "REPAIRING",
+            "RUNNING",
+            "STAGING",
+            "STOPPED",
+            "STOPPING",
+            "SUSPENDED",
+            "SUSPENDING",
+            "TERMINATED"
+          ],
+          "enumDescriptions": [
+            "The instance is halted and we are performing tear down tasks like network deprogramming, releasing quota, IP, tearing down disks etc.",
+            "Resources are being allocated for the instance.",
+            "The instance is in repair.",
+            "The instance is running.",
+            "All required resources have been allocated and the instance is being started.",
+            "The instance has stopped successfully.",
+            "The instance is currently stopping (either being deleted or killed).",
+            "The instance has suspended.",
+            "The instance is suspending.",
+            "The instance has stopped (either by explicit action or underlying failure)."
+          ],
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "InstancesAddResourcePoliciesRequest": {
+      "id": "InstancesAddResourcePoliciesRequest",
+      "properties": {
+        "resourcePolicies": {
+          "description": "Resource policies to be added to this instance.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "InstancesBulkInsertOperationMetadata": {
+      "id": "InstancesBulkInsertOperationMetadata",
+      "properties": {
+        "perLocationStatus": {
+          "additionalProperties": {
+            "$ref": "BulkInsertOperationStatus"
+          },
+          "description": "Status information per location (location name is key). Example key: zones/us-central1-a",
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "InstancesGetEffectiveFirewallsResponse": {
+      "id": "InstancesGetEffectiveFirewallsResponse",
+      "properties": {
+        "firewallPolicys": {
+          "description": "Effective firewalls from firewall policies.",
+          "items": {
+            "$ref": "InstancesGetEffectiveFirewallsResponseEffectiveFirewallPolicy"
+          },
+          "type": "array"
         },
-        "kind": {
-          "default": "compute#instanceGroupManagerResizeRequest",
-          "description": "[Output Only] The resource type, which is always compute#instanceGroupManagerResizeRequest for resize requests.",
-          "type": "string"
+        "firewalls": {
+          "description": "Effective firewalls on the instance.",
+          "items": {
+            "$ref": "Firewall"
+          },
+          "type": "array"
         },
-        "name": {
-          "annotations": {
-            "required": [
-              "compute.instanceGroupManagerResizeRequests.insert"
-            ]
+        "organizationFirewalls": {
+          "description": "Effective firewalls from organization policies.",
+          "items": {
+            "$ref": "InstancesGetEffectiveFirewallsResponseOrganizationFirewallPolicy"
           },
-          "description": "The name of this resize request. The name must be 1-63 characters long, and comply with RFC1035.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "InstancesGetEffectiveFirewallsResponseEffectiveFirewallPolicy": {
+      "id": "InstancesGetEffectiveFirewallsResponseEffectiveFirewallPolicy",
+      "properties": {
+        "displayName": {
+          "deprecated": true,
+          "description": "[Output Only] Deprecated, please use short name instead. The display name of the firewall policy.",
           "type": "string"
         },
-        "queuingPolicy": {
-          "$ref": "QueuingPolicy",
-          "description": "When set, defines queing parameters for the requested deferred capacity. When unset, the request starts provisioning immediately, or fails if immediate provisioning is not possible."
-        },
-        "selfLink": {
-          "description": "[Output Only] The URL for this resize request. The server defines this URL.",
+        "name": {
+          "description": "[Output Only] The name of the firewall policy.",
           "type": "string"
         },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+        "rules": {
+          "description": "The rules that apply to the network.",
+          "items": {
+            "$ref": "FirewallPolicyRule"
+          },
+          "type": "array"
+        },
+        "shortName": {
+          "description": "[Output Only] The short name of the firewall policy.",
           "type": "string"
         },
-        "state": {
-          "description": "[Output only] Current state of the request.",
+        "type": {
+          "description": "[Output Only] The type of the firewall policy. Can be one of HIERARCHY, NETWORK, NETWORK_REGIONAL.",
           "enum": [
-            "ACCEPTED",
-            "CREATING",
-            "DELETING",
-            "FAILED",
-            "PROVISIONING",
-            "SUCCEEDED"
+            "HIERARCHY",
+            "NETWORK",
+            "NETWORK_REGIONAL",
+            "UNSPECIFIED"
           ],
           "enumDescriptions": [
-            "The request was created successfully and was accepted for provisioning when the capacity becomes available.",
-            "resize request is being created and may still fail creation.",
-            "The request is being deleted.",
-            "The request failed before or during provisioning. If the request fails during provisioning, any VMs that were created during provisioning are rolled back and removed from the MIG.",
-            "The target resource(s) are being provisioned.",
-            "The request succeeded."
+            "",
+            "",
+            "",
+            ""
           ],
           "type": "string"
-        },
-        "status": {
-          "$ref": "InstanceGroupManagerResizeRequestStatus",
-          "description": "[Output only] Status of the request. The Status message is aligned with QueuedResource.status. ResizeRequest.queuing_policy contains the queuing policy as provided by the user; it could have either valid_until_time or valid_until_duration. ResizeRequest.status.queuing_policy always contains absolute time as calculated by the server when the request is queued."
-        },
-        "zone": {
-          "description": "[Output Only] The URL of a zone where the resize request is located. Populated only for zonal resize requests.",
+        }
+      },
+      "type": "object"
+    },
+    "InstancesGetEffectiveFirewallsResponseOrganizationFirewallPolicy": {
+      "description": "A pruned SecurityPolicy containing ID and any applicable firewall rules.",
+      "id": "InstancesGetEffectiveFirewallsResponseOrganizationFirewallPolicy",
+      "properties": {
+        "id": {
+          "description": "The unique identifier for the security policy. This identifier is defined by the server.",
+          "format": "uint64",
           "type": "string"
+        },
+        "rules": {
+          "description": "The rules that apply to the network.",
+          "items": {
+            "$ref": "SecurityPolicyRule"
+          },
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "InstanceGroupManagerResizeRequestStatus": {
-      "id": "InstanceGroupManagerResizeRequestStatus",
+    "InstancesRemoveResourcePoliciesRequest": {
+      "id": "InstancesRemoveResourcePoliciesRequest",
       "properties": {
-        "error": {
-          "description": "Errors encountered during the queueing or provisioning phases of the ResizeRequest.",
-          "properties": {
-            "errors": {
-              "description": "[Output Only] The array of errors encountered while processing this operation.",
-              "items": {
-                "properties": {
-                  "code": {
-                    "description": "[Output Only] The error type identifier for this error.",
-                    "type": "string"
-                  },
-                  "errorDetails": {
-                    "description": "[Output Only] An optional list of messages that contain the error details. There is a set of defined message types to use for providing details.The syntax depends on the error code. For example, QuotaExceededInfo will have details when the error code is QUOTA_EXCEEDED.",
-                    "items": {
-                      "properties": {
-                        "errorInfo": {
-                          "$ref": "ErrorInfo"
-                        },
-                        "help": {
-                          "$ref": "Help"
-                        },
-                        "localizedMessage": {
-                          "$ref": "LocalizedMessage"
-                        },
-                        "quotaInfo": {
-                          "$ref": "QuotaExceededInfo"
-                        }
-                      },
-                      "type": "object"
-                    },
-                    "type": "array"
-                  },
-                  "location": {
-                    "description": "[Output Only] Indicates the field in the request that caused the error. This property is optional.",
-                    "type": "string"
-                  },
-                  "message": {
-                    "description": "[Output Only] An optional, human-readable error message.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            }
+        "resourcePolicies": {
+          "description": "Resource policies to be removed from this instance.",
+          "items": {
+            "type": "string"
           },
-          "type": "object"
-        },
-        "queuingPolicy": {
-          "$ref": "QueuingPolicy",
-          "description": "Constraints for the time when the instances start provisioning. Always exposed as absolute time."
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "InstancesResumeRequest": {
+      "id": "InstancesResumeRequest",
+      "properties": {
+        "disks": {
+          "description": "Array of disks associated with this instance that are protected with a customer-supplied encryption key. In order to resume the instance, the disk url and its corresponding key must be provided. If the disk is not protected with a customer-supplied encryption key it should not be specified.",
+          "items": {
+            "$ref": "CustomerEncryptionKeyProtectedDisk"
+          },
+          "type": "array"
+        },
+        "instanceEncryptionKey": {
+          "$ref": "CustomerEncryptionKey",
+          "description": "Decrypts data associated with an instance that is protected with a customer-supplied encryption key. If the instance you are starting is protected with a customer-supplied encryption key, the correct key must be provided otherwise the instance resume will not succeed."
         }
       },
       "type": "object"
     },
-    "InstanceGroupManagerResizeRequestsListResponse": {
-      "description": "[Output Only] A list of resize requests.",
-      "id": "InstanceGroupManagerResizeRequestsListResponse",
+    "InstancesScopedList": {
+      "id": "InstancesScopedList",
       "properties": {
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
-          "type": "string"
-        },
-        "items": {
-          "description": "A list of resize request resources.",
+        "instances": {
+          "description": "[Output Only] A list of instances contained in this scope.",
           "items": {
-            "$ref": "InstanceGroupManagerResizeRequest"
+            "$ref": "Instance"
           },
           "type": "array"
         },
-        "kind": {
-          "default": "compute#instanceGroupManagerResizeRequestList",
-          "description": "[Output Only] Type of the resource. Always compute#instanceGroupManagerResizeRequestList for a list of resize requests.",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
-          "type": "string"
-        },
         "warning": {
-          "description": "[Output Only] Informational warning message.",
+          "description": "[Output Only] Informational warning which replaces the list of instances when the list is empty.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -53751,6 +60196,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -53769,6 +60215,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -53780,6 +60256,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -53827,375 +60304,457 @@
       },
       "type": "object"
     },
-    "InstanceGroupManagerStandbyPolicy": {
-      "id": "InstanceGroupManagerStandbyPolicy",
+    "InstancesSetLabelsRequest": {
+      "id": "InstancesSetLabelsRequest",
       "properties": {
-        "initialDelaySec": {
-          "format": "int32",
-          "type": "integer"
+        "labelFingerprint": {
+          "description": "Fingerprint of the previous set of labels for this resource, used to prevent conflicts. Provide the latest fingerprint value when making a request to add or change labels.",
+          "format": "byte",
+          "type": "string"
+        },
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "type": "object"
         }
       },
       "type": "object"
     },
-    "InstanceGroupManagerStatus": {
-      "id": "InstanceGroupManagerStatus",
+    "InstancesSetMachineResourcesRequest": {
+      "id": "InstancesSetMachineResourcesRequest",
       "properties": {
-        "allInstancesConfig": {
-          "$ref": "InstanceGroupManagerStatusAllInstancesConfig",
-          "description": "[Output only] Status of all-instances configuration on the group."
-        },
-        "autoscaler": {
-          "description": "[Output Only] The URL of the Autoscaler that targets this instance group manager.",
+        "guestAccelerators": {
+          "description": "A list of the type and count of accelerator cards attached to the instance.",
+          "items": {
+            "$ref": "AcceleratorConfig"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "InstancesSetMachineTypeRequest": {
+      "id": "InstancesSetMachineTypeRequest",
+      "properties": {
+        "machineType": {
+          "description": "Full or partial URL of the machine type resource. See Machine Types for a full list of machine types. For example: zones/us-central1-f/machineTypes/n1-standard-1",
           "type": "string"
-        },
-        "isStable": {
-          "description": "[Output Only] A bit indicating whether the managed instance group is in a stable state. A stable state means that: none of the instances in the managed instance group is currently undergoing any type of change (for example, creation, restart, or deletion); no future changes are scheduled for instances in the managed instance group; and the managed instance group itself is not being modified.",
-          "type": "boolean"
-        },
-        "stateful": {
-          "$ref": "InstanceGroupManagerStatusStateful",
-          "description": "[Output Only] Stateful status of the given Instance Group Manager."
-        },
-        "versionTarget": {
-          "$ref": "InstanceGroupManagerStatusVersionTarget",
-          "description": "[Output Only] A status of consistency of Instances' versions with their target version specified by version field on Instance Group Manager."
         }
       },
       "type": "object"
     },
-    "InstanceGroupManagerStatusAllInstancesConfig": {
-      "id": "InstanceGroupManagerStatusAllInstancesConfig",
+    "InstancesSetMinCpuPlatformRequest": {
+      "id": "InstancesSetMinCpuPlatformRequest",
       "properties": {
-        "currentRevision": {
-          "description": "[Output Only] Current all-instances configuration revision. This value is in RFC3339 text format.",
+        "minCpuPlatform": {
+          "description": "Minimum cpu/platform this instance should be started at.",
           "type": "string"
-        },
-        "effective": {
-          "description": "[Output Only] A bit indicating whether this configuration has been applied to all managed instances in the group.",
-          "type": "boolean"
         }
       },
       "type": "object"
     },
-    "InstanceGroupManagerStatusStateful": {
-      "id": "InstanceGroupManagerStatusStateful",
+    "InstancesSetNameRequest": {
+      "id": "InstancesSetNameRequest",
       "properties": {
-        "hasStatefulConfig": {
-          "description": "[Output Only] A bit indicating whether the managed instance group has stateful configuration, that is, if you have configured any items in a stateful policy or in per-instance configs. The group might report that it has no stateful configuration even when there is still some preserved state on a managed instance, for example, if you have deleted all PICs but not yet applied those deletions.",
-          "type": "boolean"
+        "currentName": {
+          "description": "The current name of this resource, used to prevent conflicts. Provide the latest name when making a request to change name.",
+          "type": "string"
         },
-        "isStateful": {
-          "description": "[Output Only] A bit indicating whether the managed instance group has stateful configuration, that is, if you have configured any items in a stateful policy or in per-instance configs. The group might report that it has no stateful configuration even when there is still some preserved state on a managed instance, for example, if you have deleted all PICs but not yet applied those deletions. This field is deprecated in favor of has_stateful_config.",
-          "type": "boolean"
+        "name": {
+          "description": "The name to be applied to the instance. Needs to be RFC 1035 compliant.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "InstancesSetSecurityPolicyRequest": {
+      "id": "InstancesSetSecurityPolicyRequest",
+      "properties": {
+        "networkInterfaces": {
+          "description": "The network interfaces that the security policy will be applied to. Network interfaces use the nicN naming format. You can only set a security policy for network interfaces with an access config.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         },
-        "perInstanceConfigs": {
-          "$ref": "InstanceGroupManagerStatusStatefulPerInstanceConfigs",
-          "description": "[Output Only] Status of per-instance configurations on the instance."
+        "securityPolicy": {
+          "description": "A full or partial URL to a security policy to add to this instance. If this field is set to an empty string it will remove the associated security policy.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "InstanceGroupManagerStatusStatefulPerInstanceConfigs": {
-      "id": "InstanceGroupManagerStatusStatefulPerInstanceConfigs",
+    "InstancesSetServiceAccountRequest": {
+      "id": "InstancesSetServiceAccountRequest",
       "properties": {
-        "allEffective": {
-          "description": "A bit indicating if all of the group's per-instance configurations (listed in the output of a listPerInstanceConfigs API call) have status EFFECTIVE or there are no per-instance-configs.",
-          "type": "boolean"
+        "email": {
+          "description": "Email address of the service account.",
+          "type": "string"
+        },
+        "scopes": {
+          "description": "The list of scopes to be made available for this service account.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "InstanceGroupManagerStatusVersionTarget": {
-      "id": "InstanceGroupManagerStatusVersionTarget",
+    "InstancesStartWithEncryptionKeyRequest": {
+      "id": "InstancesStartWithEncryptionKeyRequest",
       "properties": {
-        "isReached": {
-          "description": "[Output Only] A bit indicating whether version target has been reached in this managed instance group, i.e. all instances are in their target version. Instances' target version are specified by version field on Instance Group Manager.",
-          "type": "boolean"
+        "disks": {
+          "description": "Array of disks associated with this instance that are protected with a customer-supplied encryption key. In order to start the instance, the disk url and its corresponding key must be provided. If the disk is not protected with a customer-supplied encryption key it should not be specified.",
+          "items": {
+            "$ref": "CustomerEncryptionKeyProtectedDisk"
+          },
+          "type": "array"
+        },
+        "instanceEncryptionKey": {
+          "$ref": "CustomerEncryptionKey",
+          "description": "Decrypts data associated with an instance that is protected with a customer-supplied encryption key. If the instance you are starting is protected with a customer-supplied encryption key, the correct key must be provided otherwise the instance start will not succeed."
         }
       },
       "type": "object"
     },
-    "InstanceGroupManagerUpdatePolicy": {
-      "id": "InstanceGroupManagerUpdatePolicy",
+    "InstantSnapshot": {
+      "description": "Represents a InstantSnapshot resource. You can use instant snapshots to create disk rollback points quickly..",
+      "id": "InstantSnapshot",
       "properties": {
-        "instanceRedistributionType": {
-          "description": "The instance redistribution policy for regional managed instance groups. Valid values are: - PROACTIVE (default): The group attempts to maintain an even distribution of VM instances across zones in the region. - NONE: For non-autoscaled groups, proactive redistribution is disabled. ",
+        "architecture": {
+          "description": "[Output Only] The architecture of the instant snapshot. Valid values are ARM64 or X86_64.",
           "enum": [
-            "NONE",
-            "PROACTIVE"
+            "ARCHITECTURE_UNSPECIFIED",
+            "ARM64",
+            "X86_64"
           ],
           "enumDescriptions": [
-            "No action is being proactively performed in order to bring this IGM to its target instance distribution.",
-            "This IGM will actively converge to its target instance distribution."
+            "Default value indicating Architecture is not set.",
+            "Machines with architecture ARM64",
+            "Machines with architecture X86_64"
           ],
           "type": "string"
         },
-        "maxSurge": {
-          "$ref": "FixedOrPercent",
-          "description": "The maximum number of instances that can be created above the specified targetSize during the update process. This value can be either a fixed number or, if the group has 10 or more instances, a percentage. If you set a percentage, the number of instances is rounded if necessary. The default value for maxSurge is a fixed value equal to the number of zones in which the managed instance group operates. At least one of either maxSurge or maxUnavailable must be greater than 0. Learn more about maxSurge."
-        },
-        "maxUnavailable": {
-          "$ref": "FixedOrPercent",
-          "description": "The maximum number of instances that can be unavailable during the update process. An instance is considered available if all of the following conditions are satisfied: - The instance's status is RUNNING. - If there is a health check on the instance group, the instance's health check status must be HEALTHY at least once. If there is no health check on the group, then the instance only needs to have a status of RUNNING to be considered available. This value can be either a fixed number or, if the group has 10 or more instances, a percentage. If you set a percentage, the number of instances is rounded if necessary. The default value for maxUnavailable is a fixed value equal to the number of zones in which the managed instance group operates. At least one of either maxSurge or maxUnavailable must be greater than 0. Learn more about maxUnavailable."
-        },
-        "minReadySec": {
-          "description": "Minimum number of seconds to wait for after a newly created instance becomes available. This value must be from range [0, 3600].",
-          "format": "int32",
-          "type": "integer"
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
         },
-        "minimalAction": {
-          "description": "Minimal action to be taken on an instance. Use this option to minimize disruption as much as possible or to apply a more disruptive action than is necessary. - To limit disruption as much as possible, set the minimal action to REFRESH. If your update requires a more disruptive action, Compute Engine performs the necessary action to execute the update. - To apply a more disruptive action than is strictly necessary, set the minimal action to RESTART or REPLACE. For example, Compute Engine does not need to restart a VM to change its metadata. But if your application reads instance metadata only when a VM is restarted, you can set the minimal action to RESTART in order to pick up metadata changes. ",
-          "enum": [
-            "NONE",
-            "REFRESH",
-            "REPLACE",
-            "RESTART"
-          ],
-          "enumDescriptions": [
-            "Do not perform any action.",
-            "Updates applied in runtime, instances will not be disrupted.",
-            "Old instances will be deleted. New instances will be created from the target template.",
-            "Every instance will be restarted."
-          ],
+        "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
           "type": "string"
         },
-        "mostDisruptiveAllowedAction": {
-          "description": "Most disruptive action that is allowed to be taken on an instance. You can specify either NONE to forbid any actions, REFRESH to allow actions that do not need instance restart, RESTART to allow actions that can be applied without instance replacing or REPLACE to allow all possible actions. If the Updater determines that the minimal update action needed is more disruptive than most disruptive allowed action you specify it will not perform the update at all.",
-          "enum": [
-            "NONE",
-            "REFRESH",
-            "REPLACE",
-            "RESTART"
-          ],
-          "enumDescriptions": [
-            "Do not perform any action.",
-            "Updates applied in runtime, instances will not be disrupted.",
-            "Old instances will be deleted. New instances will be created from the target template.",
-            "Every instance will be restarted."
-          ],
+        "diskSizeGb": {
+          "description": "[Output Only] Size of the source disk, specified in GB.",
+          "format": "int64",
           "type": "string"
         },
-        "replacementMethod": {
-          "description": "What action should be used to replace instances. See minimal_action.REPLACE",
-          "enum": [
-            "RECREATE",
-            "SUBSTITUTE"
-          ],
-          "enumDescriptions": [
-            "Instances will be recreated (with the same name)",
-            "Default option: instances will be deleted and created (with a new name)"
-          ],
+        "guestFlush": {
+          "description": "Whether to attempt an application consistent instant snapshot by informing the OS to prepare for the snapshot process.",
+          "type": "boolean"
+        },
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
           "type": "string"
         },
-        "type": {
-          "description": "The type of update process. You can specify either PROACTIVE so that the instance group manager proactively executes actions in order to bring instances to their target versions or OPPORTUNISTIC so that no action is proactively executed but the update will be performed as part of other actions (for example, resizes or recreateInstances calls).",
-          "enum": [
-            "OPPORTUNISTIC",
-            "PROACTIVE"
-          ],
-          "enumDescriptions": [
-            "No action is being proactively performed in order to bring this IGM to its target version distribution (regardless of whether this distribution is expressed using instanceTemplate or versions field).",
-            "This IGM will actively converge to its target version distribution (regardless of whether this distribution is expressed using instanceTemplate or versions field)."
-          ],
+        "kind": {
+          "default": "compute#instantSnapshot",
+          "description": "[Output Only] Type of the resource. Always compute#instantSnapshot for InstantSnapshot resources.",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "InstanceGroupManagerVersion": {
-      "id": "InstanceGroupManagerVersion",
-      "properties": {
-        "instanceTemplate": {
-          "description": "The URL of the instance template that is specified for this managed instance group. The group uses this template to create new instances in the managed instance group until the `targetSize` for this version is reached. The templates for existing instances in the group do not change unless you run recreateInstances, run applyUpdatesToInstances, or set the group's updatePolicy.type to PROACTIVE; in those cases, existing instances are updated until the `targetSize` for this version is reached.",
+        },
+        "labelFingerprint": {
+          "description": "A fingerprint for the labels being applied to this InstantSnapshot, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a InstantSnapshot.",
+          "format": "byte",
           "type": "string"
         },
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Labels to apply to this InstantSnapshot. These can be later modified by the setLabels method. Label values may be empty.",
+          "type": "object"
+        },
         "name": {
-          "description": "Name of the version. Unique among all versions in the scope of this managed instance group.",
+          "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
         },
-        "tag": {
-          "description": "Tag describing the version. Used to trigger rollout of a target version even if instance_template remains unchanged. Deprecated in favor of 'name'.",
+        "region": {
+          "description": "[Output Only] URL of the region where the instant snapshot resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
           "type": "string"
         },
-        "targetSize": {
-          "$ref": "FixedOrPercent",
-          "description": "Specifies the intended number of instances to be created from the instanceTemplate. The final number of instances created from the template will be equal to: - If expressed as a fixed number, the minimum of either targetSize.fixed or instanceGroupManager.targetSize is used. - if expressed as a percent, the targetSize would be (targetSize.percent/100 * InstanceGroupManager.targetSize) If there is a remainder, the number is rounded. If unset, this version will update any remaining instances not updated by another version. Read Starting a canary update for more information."
-        }
-      },
-      "type": "object"
-    },
-    "InstanceGroupManagersAbandonInstancesRequest": {
-      "id": "InstanceGroupManagersAbandonInstancesRequest",
-      "properties": {
-        "instances": {
-          "description": "The URLs of one or more instances to abandon. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "InstanceGroupManagersApplyUpdatesRequest": {
-      "description": "InstanceGroupManagers.applyUpdatesToInstances",
-      "id": "InstanceGroupManagersApplyUpdatesRequest",
-      "properties": {
-        "allInstances": {
-          "description": "Flag to update all instances instead of specified list of “instances”. If the flag is set to true then the instances may not be specified in the request.",
+        "resourceStatus": {
+          "$ref": "InstantSnapshotResourceStatus",
+          "description": "[Output Only] Status information for the instant snapshot resource."
+        },
+        "satisfiesPzs": {
+          "description": "[Output Only] Reserved for future use.",
           "type": "boolean"
         },
-        "instances": {
-          "description": "The list of URLs of one or more instances for which you want to apply updates. Each URL can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
+          "type": "string"
         },
-        "maximalAction": {
-          "description": "The maximal action that should be performed on the instances. By default REPLACE. This field is deprecated, please use most_disruptive_allowed_action.",
-          "enum": [
-            "NONE",
-            "REFRESH",
-            "REPLACE",
-            "RESTART"
-          ],
-          "enumDescriptions": [
-            "Do not perform any action.",
-            "Updates applied in runtime, instances will not be disrupted.",
-            "Old instances will be deleted. New instances will be created from the target template.",
-            "Every instance will be restarted."
-          ],
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource's resource id.",
           "type": "string"
         },
-        "minimalAction": {
-          "description": "The minimal action that you want to perform on each instance during the update: - REPLACE: At minimum, delete the instance and create it again. - RESTART: Stop the instance and start it again. - REFRESH: Do not stop the instance. - NONE: Do not disrupt the instance at all. By default, the minimum action is NONE. If your update requires a more disruptive action than you set with this flag, the necessary action is performed to execute the update.",
-          "enum": [
-            "NONE",
-            "REFRESH",
-            "REPLACE",
-            "RESTART"
-          ],
-          "enumDescriptions": [
-            "Do not perform any action.",
-            "Updates applied in runtime, instances will not be disrupted.",
-            "Old instances will be deleted. New instances will be created from the target template.",
-            "Every instance will be restarted."
-          ],
+        "sourceDisk": {
+          "description": "URL of the source disk used to create this instant snapshot. Note that the source disk must be in the same zone/region as the instant snapshot to be created. This can be a full or valid partial URL. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - https://www.googleapis.com/compute/v1/projects/project/regions/region /disks/disk - projects/project/zones/zone/disks/disk - projects/project/regions/region/disks/disk - zones/zone/disks/disk - regions/region/disks/disk ",
           "type": "string"
         },
-        "mostDisruptiveAllowedAction": {
-          "description": "The most disruptive action that you want to perform on each instance during the update: - REPLACE: Delete the instance and create it again. - RESTART: Stop the instance and start it again. - REFRESH: Do not stop the instance. - NONE: Do not disrupt the instance at all. By default, the most disruptive allowed action is REPLACE. If your update requires a more disruptive action than you set with this flag, the update request will fail.",
+        "sourceDiskId": {
+          "description": "[Output Only] The ID value of the disk used to create this InstantSnapshot. This value may be used to determine whether the InstantSnapshot was taken from the current or a previous instance of a given disk name.",
+          "type": "string"
+        },
+        "status": {
+          "description": "[Output Only] The status of the instantSnapshot. This can be CREATING, DELETING, FAILED, or READY.",
           "enum": [
-            "NONE",
-            "REFRESH",
-            "REPLACE",
-            "RESTART"
+            "CREATING",
+            "DELETING",
+            "FAILED",
+            "READY"
           ],
           "enumDescriptions": [
-            "Do not perform any action.",
-            "Updates applied in runtime, instances will not be disrupted.",
-            "Old instances will be deleted. New instances will be created from the target template.",
-            "Every instance will be restarted."
+            "InstantSnapshot creation is in progress.",
+            "InstantSnapshot is currently being deleted.",
+            "InstantSnapshot creation failed.",
+            "InstantSnapshot has been created successfully."
           ],
           "type": "string"
+        },
+        "zone": {
+          "description": "[Output Only] URL of the zone where the instant snapshot resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "InstanceGroupManagersCreateInstancesRequest": {
-      "description": "InstanceGroupManagers.createInstances",
-      "id": "InstanceGroupManagersCreateInstancesRequest",
+    "InstantSnapshotAggregatedList": {
+      "id": "InstantSnapshotAggregatedList",
       "properties": {
-        "instances": {
-          "description": "[Required] List of specifications of per-instance configs.",
-          "items": {
-            "$ref": "PerInstanceConfig"
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "type": "string"
+        },
+        "items": {
+          "additionalProperties": {
+            "$ref": "InstantSnapshotsScopedList",
+            "description": "[Output Only] Name of the scope containing this set of instantSnapshots."
           },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "InstanceGroupManagersDeleteInstancesRequest": {
-      "id": "InstanceGroupManagersDeleteInstancesRequest",
-      "properties": {
-        "instances": {
-          "description": "The URLs of one or more instances to delete. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
+          "description": "A list of InstantSnapshotsScopedList resources.",
+          "type": "object"
+        },
+        "kind": {
+          "default": "compute#instantSnapshotAggregatedList",
+          "description": "[Output Only] Type of resource. Always compute#instantSnapshotAggregatedList for aggregated lists of instantSnapshots.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources.",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
-        "skipInstancesOnValidationError": {
-          "description": "Specifies whether the request should proceed despite the inclusion of instances that are not members of the group or that are already in the process of being deleted or abandoned. If this field is set to `false` and such an instance is specified in the request, the operation fails. The operation always fails if the request contains a malformed instance URL or a reference to an instance that exists in a zone or region other than the group's zone or region.",
-          "type": "boolean"
-        }
-      },
-      "type": "object"
-    },
-    "InstanceGroupManagersDeletePerInstanceConfigsReq": {
-      "description": "InstanceGroupManagers.deletePerInstanceConfigs",
-      "id": "InstanceGroupManagersDeletePerInstanceConfigsReq",
-      "properties": {
-        "names": {
-          "description": "The list of instance names for which we want to delete per-instance configs on this managed instance group.",
-          "items": {
-            "type": "string"
+        "warning": {
+          "description": "[Output Only] Informational warning message.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
           },
-          "type": "array"
+          "type": "object"
         }
       },
       "type": "object"
     },
-    "InstanceGroupManagersListErrorsResponse": {
-      "id": "InstanceGroupManagersListErrorsResponse",
+    "InstantSnapshotExportParams": {
+      "id": "InstantSnapshotExportParams",
       "properties": {
-        "items": {
-          "description": "[Output Only] The list of errors of the managed instance group.",
-          "items": {
-            "$ref": "InstanceManagedByIgmError"
-          },
-          "type": "array"
+        "baseInstantSnapshot": {
+          "description": "An optional base instant snapshot that this resource is compared against. If not specified, all blocks of this resource are exported. The base instant snapshot and this resource must be created from the same disk. The base instant snapshot must be created earlier in time than this resource.",
+          "type": "string"
         },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+        "bucketName": {
+          "description": "The name of an existing bucket in Cloud Storage where the changed blocks will be stored. The Google Service Account must have read and write access to this bucket. The bucket has to be in the same region as this resource.",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "InstanceGroupManagersListManagedInstancesResponse": {
-      "id": "InstanceGroupManagersListManagedInstancesResponse",
-      "properties": {
-        "managedInstances": {
-          "description": "[Output Only] The list of instances in the managed instance group.",
-          "items": {
-            "$ref": "ManagedInstance"
-          },
-          "type": "array"
         },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+        "encryptionKey": {
+          "$ref": "CustomerEncryptionKey",
+          "description": "Encryption key used to encrypt the instant snapshot."
+        },
+        "objectName": {
+          "description": "Name of the output Bigstore object storing the changed blocks. Object name must be less than 1024 bytes in length.",
+          "type": "string"
+        },
+        "outputType": {
+          "description": "The format of the output file.",
+          "enum": [
+            "INVALID",
+            "METADATA_AND_DATA",
+            "METADATA_ONLY"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            ""
+          ],
           "type": "string"
         }
       },
       "type": "object"
     },
-    "InstanceGroupManagersListPerInstanceConfigsResp": {
-      "id": "InstanceGroupManagersListPerInstanceConfigsResp",
+    "InstantSnapshotList": {
+      "description": "Contains a list of InstantSnapshot resources.",
+      "id": "InstantSnapshotList",
       "properties": {
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "type": "string"
+        },
         "items": {
-          "description": "[Output Only] The list of PerInstanceConfig.",
+          "description": "A list of InstantSnapshot resources.",
           "items": {
-            "$ref": "PerInstanceConfig"
+            "$ref": "InstantSnapshot"
           },
           "type": "array"
         },
+        "kind": {
+          "default": "compute#instantSnapshotList",
+          "description": "Type of resource.",
+          "type": "string"
+        },
         "nextPageToken": {
           "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
           "type": "string"
         },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -54212,6 +60771,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -54230,6 +60790,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -54241,6 +60831,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -54288,73 +60879,39 @@
       },
       "type": "object"
     },
-    "InstanceGroupManagersPatchPerInstanceConfigsReq": {
-      "description": "InstanceGroupManagers.patchPerInstanceConfigs",
-      "id": "InstanceGroupManagersPatchPerInstanceConfigsReq",
-      "properties": {
-        "perInstanceConfigs": {
-          "description": "The list of per-instance configurations to insert or patch on this managed instance group.",
-          "items": {
-            "$ref": "PerInstanceConfig"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "InstanceGroupManagersRecreateInstancesRequest": {
-      "id": "InstanceGroupManagersRecreateInstancesRequest",
-      "properties": {
-        "instances": {
-          "description": "The URLs of one or more instances to recreate. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "InstanceGroupManagersResizeAdvancedRequest": {
-      "id": "InstanceGroupManagersResizeAdvancedRequest",
+    "InstantSnapshotResourceStatus": {
+      "id": "InstantSnapshotResourceStatus",
       "properties": {
-        "noCreationRetries": {
-          "description": "If this flag is true, the managed instance group attempts to create all instances initiated by this resize request only once. If there is an error during creation, the managed instance group does not retry create this instance, and we will decrease the targetSize of the request instead. If the flag is false, the group attempts to recreate each instance continuously until it succeeds. This flag matters only in the first attempt of creation of an instance. After an instance is successfully created while this flag is enabled, the instance behaves the same way as all the other instances created with a regular resize request. In particular, if a running instance dies unexpectedly at a later time and needs to be recreated, this mode does not affect the recreation behavior in that scenario. This flag is applicable only to the current resize request. It does not influence other resize requests in any way. You can see which instances is being creating in which mode by calling the get or listManagedInstances API.",
-          "type": "boolean"
-        },
-        "targetSize": {
-          "description": "The number of running instances that the managed instance group should maintain at any given time. The group automatically adds or removes instances to maintain the number of instances specified by this parameter.",
-          "format": "int32",
-          "type": "integer"
+        "storageSizeBytes": {
+          "description": "[Output Only] The storage size of this instant snapshot.",
+          "format": "int64",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "InstanceGroupManagersResumeInstancesRequest": {
-      "id": "InstanceGroupManagersResumeInstancesRequest",
+    "InstantSnapshotsExportRequest": {
+      "id": "InstantSnapshotsExportRequest",
       "properties": {
-        "instances": {
-          "description": "The URLs of one or more instances to resume. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "exportParams": {
+          "$ref": "InstantSnapshotExportParams",
+          "description": "Parameters to export the changed blocks."
         }
       },
       "type": "object"
     },
-    "InstanceGroupManagersScopedList": {
-      "id": "InstanceGroupManagersScopedList",
+    "InstantSnapshotsScopedList": {
+      "id": "InstantSnapshotsScopedList",
       "properties": {
-        "instanceGroupManagers": {
-          "description": "[Output Only] The list of managed instance groups that are contained in the specified project and zone.",
+        "instantSnapshots": {
+          "description": "[Output Only] A list of instantSnapshots contained in this scope.",
           "items": {
-            "$ref": "InstanceGroupManager"
+            "$ref": "InstantSnapshot"
           },
           "type": "array"
         },
         "warning": {
-          "description": "[Output Only] The warning that replaces the list of managed instance groups when the list is empty.",
+          "description": "[Output Only] Informational warning which replaces the list of instantSnapshots when the list is empty.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -54369,6 +60926,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -54387,6 +60945,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -54398,6 +60986,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -54445,137 +61034,530 @@
       },
       "type": "object"
     },
-    "InstanceGroupManagersSetAutoHealingRequest": {
-      "id": "InstanceGroupManagersSetAutoHealingRequest",
-      "properties": {
-        "autoHealingPolicies": {
-          "items": {
-            "$ref": "InstanceGroupManagerAutoHealingPolicy"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "InstanceGroupManagersSetInstanceTemplateRequest": {
-      "id": "InstanceGroupManagersSetInstanceTemplateRequest",
+    "Int64RangeMatch": {
+      "description": "HttpRouteRuleMatch criteria for field values that must stay within the specified integer range.",
+      "id": "Int64RangeMatch",
       "properties": {
-        "instanceTemplate": {
-          "description": "The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group. The templates for existing instances in the group do not change unless you run recreateInstances, run applyUpdatesToInstances, or set the group's updatePolicy.type to PROACTIVE.",
+        "rangeEnd": {
+          "description": "The end of the range (exclusive) in signed long integer format.",
+          "format": "int64",
+          "type": "string"
+        },
+        "rangeStart": {
+          "description": "The start of the range (inclusive) in signed long integer format.",
+          "format": "int64",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "InstanceGroupManagersSetTargetPoolsRequest": {
-      "id": "InstanceGroupManagersSetTargetPoolsRequest",
+    "Interconnect": {
+      "description": "Represents an Interconnect resource. An Interconnect resource is a dedicated connection between the Google Cloud network and your on-premises network. For more information, read the Dedicated Interconnect Overview.",
+      "id": "Interconnect",
       "properties": {
-        "fingerprint": {
-          "description": "The fingerprint of the target pools information. Use this optional property to prevent conflicts when multiple users change the target pools settings concurrently. Obtain the fingerprint with the instanceGroupManagers.get method. Then, include the fingerprint in your request to ensure that you do not overwrite changes that were applied from another concurrent request.",
-          "format": "byte",
-          "type": "string"
+        "adminEnabled": {
+          "description": "Administrative status of the interconnect. When this is set to true, the Interconnect is functional and can carry traffic. When set to false, no packets can be carried over the interconnect and no BGP routes are exchanged over it. By default, the status is set to true.",
+          "type": "boolean"
         },
-        "targetPools": {
-          "description": "The list of target pool URLs that instances in this managed instance group belong to. The managed instance group applies these target pools to all of the instances in the group. Existing instances and new instances in the group all receive these target pool settings.",
+        "availableFeatures": {
+          "description": "[Output only] List of features available for this Interconnect connection, which can take one of the following values: - MACSEC If present then the interconnect was created on MACsec capable hardware ports. If not present then the interconnect is provisioned on non-MACsec capable ports and MACsec enablement will fail.",
           "items": {
+            "enum": [
+              "IF_MACSEC"
+            ],
+            "enumDescriptions": [
+              "Media Access Control security (MACsec)"
+            ],
             "type": "string"
           },
           "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "InstanceGroupManagersStartInstancesRequest": {
-      "id": "InstanceGroupManagersStartInstancesRequest",
-      "properties": {
-        "instances": {
-          "description": "The URLs of one or more instances to start. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
+        },
+        "circuitInfos": {
+          "description": "[Output Only] A list of CircuitInfo objects, that describe the individual circuits in this LAG.",
+          "items": {
+            "$ref": "InterconnectCircuitInfo"
+          },
+          "type": "array"
+        },
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
+        },
+        "customerName": {
+          "description": "Customer name, to put in the Letter of Authorization as the party authorized to request a crossconnect.",
+          "type": "string"
+        },
+        "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
+          "type": "string"
+        },
+        "expectedOutages": {
+          "description": "[Output Only] A list of outages expected for this Interconnect.",
+          "items": {
+            "$ref": "InterconnectOutageNotification"
+          },
+          "type": "array"
+        },
+        "googleIpAddress": {
+          "description": "[Output Only] IP address configured on the Google side of the Interconnect link. This can be used only for ping tests.",
+          "type": "string"
+        },
+        "googleReferenceId": {
+          "description": "[Output Only] Google reference ID to be used when raising support tickets with Google or otherwise to debug backend connectivity issues.",
+          "type": "string"
+        },
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "interconnectAttachments": {
+          "description": "[Output Only] A list of the URLs of all InterconnectAttachments configured to use this Interconnect.",
           "items": {
             "type": "string"
           },
           "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "InstanceGroupManagersStopInstancesRequest": {
-      "id": "InstanceGroupManagersStopInstancesRequest",
-      "properties": {
-        "forceStop": {
-          "description": "If this flag is set to true, the Instance Group Manager will proceed to stop the instances, skipping initialization on them.",
+        },
+        "interconnectType": {
+          "description": "Type of interconnect, which can take one of the following values: - PARTNER: A partner-managed interconnection shared between customers though a partner. - DEDICATED: A dedicated physical interconnection with the customer. Note that a value IT_PRIVATE has been deprecated in favor of DEDICATED.",
+          "enum": [
+            "DEDICATED",
+            "IT_PRIVATE",
+            "PARTNER"
+          ],
+          "enumDescriptions": [
+            "A dedicated physical interconnection with the customer.",
+            "[Deprecated] A private, physical interconnection with the customer.",
+            "A partner-managed interconnection shared between customers via partner."
+          ],
+          "type": "string"
+        },
+        "kind": {
+          "default": "compute#interconnect",
+          "description": "[Output Only] Type of the resource. Always compute#interconnect for interconnects.",
+          "type": "string"
+        },
+        "labelFingerprint": {
+          "description": "A fingerprint for the labels being applied to this Interconnect, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve an Interconnect.",
+          "format": "byte",
+          "type": "string"
+        },
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.",
+          "type": "object"
+        },
+        "linkType": {
+          "description": "Type of link requested, which can take one of the following values: - LINK_TYPE_ETHERNET_10G_LR: A 10G Ethernet with LR optics - LINK_TYPE_ETHERNET_100G_LR: A 100G Ethernet with LR optics. Note that this field indicates the speed of each of the links in the bundle, not the speed of the entire bundle.",
+          "enum": [
+            "LINK_TYPE_ETHERNET_100G_LR",
+            "LINK_TYPE_ETHERNET_10G_LR"
+          ],
+          "enumDescriptions": [
+            "100G Ethernet, LR Optics.",
+            "10G Ethernet, LR Optics. [(rate_bps) = 10000000000];"
+          ],
+          "type": "string"
+        },
+        "location": {
+          "description": "URL of the InterconnectLocation object that represents where this connection is to be provisioned.",
+          "type": "string"
+        },
+        "macsec": {
+          "$ref": "InterconnectMacsec",
+          "description": "Configuration to enable Media Access Control security (MACsec) on the Interconnect connection between Google and your on-premises router."
+        },
+        "macsecEnabled": {
+          "description": "Enable or disable MACsec on this Interconnect connection. MACsec enablement fails if the MACsec object is not specified.",
           "type": "boolean"
         },
-        "instances": {
-          "description": "The URLs of one or more instances to stop. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
+        "name": {
+          "annotations": {
+            "required": [
+              "compute.interconnects.insert"
+            ]
+          },
+          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "nocContactEmail": {
+          "description": "Email address to contact the customer NOC for operations and maintenance notifications regarding this Interconnect. If specified, this will be used for notifications in addition to all other forms described, such as Cloud Monitoring logs alerting and Cloud Notifications. This field is required for users who sign up for Cloud Interconnect using workforce identity federation.",
+          "type": "string"
+        },
+        "operationalStatus": {
+          "description": "[Output Only] The current status of this Interconnect's functionality, which can take one of the following values: - OS_ACTIVE: A valid Interconnect, which is turned up and is ready to use. Attachments may be provisioned on this Interconnect. - OS_UNPROVISIONED: An Interconnect that has not completed turnup. No attachments may be provisioned on this Interconnect. - OS_UNDER_MAINTENANCE: An Interconnect that is undergoing internal maintenance. No attachments may be provisioned or updated on this Interconnect. ",
+          "enum": [
+            "OS_ACTIVE",
+            "OS_UNPROVISIONED"
+          ],
+          "enumDescriptions": [
+            "The interconnect is valid, turned up, and ready to use. Attachments may be provisioned on this interconnect.",
+            "The interconnect has not completed turnup. No attachments may be provisioned on this interconnect."
+          ],
+          "type": "string"
+        },
+        "peerIpAddress": {
+          "description": "[Output Only] IP address configured on the customer side of the Interconnect link. The customer should configure this IP address during turnup when prompted by Google NOC. This can be used only for ping tests.",
+          "type": "string"
+        },
+        "provisionedLinkCount": {
+          "description": "[Output Only] Number of links actually provisioned in this interconnect.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "remoteLocation": {
+          "description": "Indicates that this is a Cross-Cloud Interconnect. This field specifies the location outside of Google's network that the interconnect is connected to.",
+          "type": "string"
+        },
+        "requestedFeatures": {
+          "description": "Optional. List of features requested for this Interconnect connection, which can take one of the following values: - MACSEC If specified then the interconnect will be created on MACsec capable hardware ports. If not specified, the default value is false, which will allocate non-MACsec capable ports first if available. This parameter can only be provided during interconnect INSERT and cannot be changed using interconnect PATCH.",
           "items": {
+            "enum": [
+              "IF_MACSEC"
+            ],
+            "enumDescriptions": [
+              "Media Access Control security (MACsec)"
+            ],
             "type": "string"
           },
           "type": "array"
+        },
+        "requestedLinkCount": {
+          "description": "Target number of physical links in the link bundle, as requested by the customer.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "satisfiesPzs": {
+          "description": "[Output Only] Reserved for future use.",
+          "type": "boolean"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
+          "type": "string"
+        },
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "type": "string"
+        },
+        "state": {
+          "description": "[Output Only] The current state of Interconnect functionality, which can take one of the following values: - ACTIVE: The Interconnect is valid, turned up and ready to use. Attachments may be provisioned on this Interconnect. - UNPROVISIONED: The Interconnect has not completed turnup. No attachments may be provisioned on this Interconnect. - UNDER_MAINTENANCE: The Interconnect is undergoing internal maintenance. No attachments may be provisioned or updated on this Interconnect. ",
+          "enum": [
+            "ACTIVE",
+            "UNPROVISIONED"
+          ],
+          "enumDescriptions": [
+            "The interconnect is valid, turned up, and ready to use. Attachments may be provisioned on this interconnect.",
+            "The interconnect has not completed turnup. No attachments may be provisioned on this interconnect."
+          ],
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "InstanceGroupManagersSuspendInstancesRequest": {
-      "id": "InstanceGroupManagersSuspendInstancesRequest",
+    "InterconnectAttachment": {
+      "description": "Represents an Interconnect Attachment (VLAN) resource. You can use Interconnect attachments (VLANS) to connect your Virtual Private Cloud networks to your on-premises networks through an Interconnect. For more information, read Creating VLAN Attachments.",
+      "id": "InterconnectAttachment",
       "properties": {
-        "forceSuspend": {
-          "description": "If this flag is set to true, the Instance Group Manager will proceed to suspend the instances, skipping initialization on them.",
+        "adminEnabled": {
+          "description": "Determines whether this Attachment will carry packets. Not present for PARTNER_PROVIDER.",
           "type": "boolean"
         },
-        "instances": {
-          "description": "The URLs of one or more instances to suspend. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
+        "bandwidth": {
+          "description": "Provisioned bandwidth capacity for the interconnect attachment. For attachments of type DEDICATED, the user can set the bandwidth. For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, and can take one of the following values: - BPS_50M: 50 Mbit/s - BPS_100M: 100 Mbit/s - BPS_200M: 200 Mbit/s - BPS_300M: 300 Mbit/s - BPS_400M: 400 Mbit/s - BPS_500M: 500 Mbit/s - BPS_1G: 1 Gbit/s - BPS_2G: 2 Gbit/s - BPS_5G: 5 Gbit/s - BPS_10G: 10 Gbit/s - BPS_20G: 20 Gbit/s - BPS_50G: 50 Gbit/s ",
+          "enum": [
+            "BPS_100M",
+            "BPS_10G",
+            "BPS_1G",
+            "BPS_200M",
+            "BPS_20G",
+            "BPS_2G",
+            "BPS_300M",
+            "BPS_400M",
+            "BPS_500M",
+            "BPS_50G",
+            "BPS_50M",
+            "BPS_5G"
+          ],
+          "enumDescriptions": [
+            "100 Mbit/s",
+            "10 Gbit/s",
+            "1 Gbit/s",
+            "200 Mbit/s",
+            "20 Gbit/s",
+            "2 Gbit/s",
+            "300 Mbit/s",
+            "400 Mbit/s",
+            "500 Mbit/s",
+            "50 Gbit/s",
+            "50 Mbit/s",
+            "5 Gbit/s"
+          ],
+          "type": "string"
+        },
+        "candidateIpv6Subnets": {
+          "description": "This field is not available.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "candidateSubnets": {
+          "description": "Up to 16 candidate prefixes that can be used to restrict the allocation of cloudRouterIpAddress and customerRouterIpAddress for this attachment. All prefixes must be within link-local address space (169.254.0.0/16) and must be /29 or shorter (/28, /27, etc). Google will attempt to select an unused /29 from the supplied candidate prefix(es). The request will fail if all possible /29s are in use on Google's edge. If not supplied, Google will randomly select an unused /29 from all of link-local space.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "cloudRouterIpAddress": {
+          "description": "[Output Only] IPv4 address + prefix length to be configured on Cloud Router Interface for this interconnect attachment.",
+          "type": "string"
+        },
+        "cloudRouterIpv6Address": {
+          "description": "[Output Only] IPv6 address + prefix length to be configured on Cloud Router Interface for this interconnect attachment.",
+          "type": "string"
+        },
+        "cloudRouterIpv6InterfaceId": {
+          "description": "This field is not available.",
+          "type": "string"
+        },
+        "configurationConstraints": {
+          "$ref": "InterconnectAttachmentConfigurationConstraints",
+          "description": "[Output Only] Constraints for this attachment, if any. The attachment does not work if these constraints are not met."
+        },
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
+        },
+        "customerRouterIpAddress": {
+          "description": "[Output Only] IPv4 address + prefix length to be configured on the customer router subinterface for this interconnect attachment.",
+          "type": "string"
+        },
+        "customerRouterIpv6Address": {
+          "description": "[Output Only] IPv6 address + prefix length to be configured on the customer router subinterface for this interconnect attachment.",
+          "type": "string"
+        },
+        "customerRouterIpv6InterfaceId": {
+          "description": "This field is not available.",
+          "type": "string"
+        },
+        "dataplaneVersion": {
+          "description": "[Output Only] Dataplane version for this InterconnectAttachment. This field is only present for Dataplane version 2 and higher. Absence of this field in the API output indicates that the Dataplane is version 1.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "description": {
+          "description": "An optional description of this resource.",
+          "type": "string"
+        },
+        "edgeAvailabilityDomain": {
+          "description": "Desired availability domain for the attachment. Only available for type PARTNER, at creation time, and can take one of the following values: - AVAILABILITY_DOMAIN_ANY - AVAILABILITY_DOMAIN_1 - AVAILABILITY_DOMAIN_2 For improved reliability, customers should configure a pair of attachments, one per availability domain. The selected availability domain will be provided to the Partner via the pairing key, so that the provisioned circuit will lie in the specified domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY.",
+          "enum": [
+            "AVAILABILITY_DOMAIN_1",
+            "AVAILABILITY_DOMAIN_2",
+            "AVAILABILITY_DOMAIN_ANY"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "encryption": {
+          "description": "Indicates the user-supplied encryption option of this VLAN attachment (interconnectAttachment). Can only be specified at attachment creation for PARTNER or DEDICATED attachments. Possible values are: - NONE - This is the default value, which means that the VLAN attachment carries unencrypted traffic. VMs are able to send traffic to, or receive traffic from, such a VLAN attachment. - IPSEC - The VLAN attachment carries only encrypted traffic that is encrypted by an IPsec device, such as an HA VPN gateway or third-party IPsec VPN. VMs cannot directly send traffic to, or receive traffic from, such a VLAN attachment. To use *HA VPN over Cloud Interconnect*, the VLAN attachment must be created with this option. ",
+          "enum": [
+            "IPSEC",
+            "NONE"
+          ],
+          "enumDescriptions": [
+            "The interconnect attachment will carry only encrypted traffic that is encrypted by an IPsec device such as HA VPN gateway; VMs cannot directly send traffic to or receive traffic from such an interconnect attachment. To use HA VPN over Cloud Interconnect, the interconnect attachment must be created with this option.",
+            "This is the default value, which means the Interconnect Attachment will carry unencrypted traffic. VMs will be able to send traffic to or receive traffic from such interconnect attachment."
+          ],
+          "type": "string"
+        },
+        "googleReferenceId": {
+          "deprecated": true,
+          "description": "[Output Only] Google reference ID, to be used when raising support tickets with Google or otherwise to debug backend connectivity issues. [Deprecated] This field is not used.",
+          "type": "string"
+        },
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "interconnect": {
+          "description": "URL of the underlying Interconnect object that this attachment's traffic will traverse through.",
+          "type": "string"
+        },
+        "ipsecInternalAddresses": {
+          "description": "A list of URLs of addresses that have been reserved for the VLAN attachment. Used only for the VLAN attachment that has the encryption option as IPSEC. The addresses must be regional internal IP address ranges. When creating an HA VPN gateway over the VLAN attachment, if the attachment is configured to use a regional internal IP address, then the VPN gateway's IP address is allocated from the IP address range specified here. For example, if the HA VPN gateway's interface 0 is paired to this VLAN attachment, then a regional internal IP address for the VPN gateway interface 0 will be allocated from the IP address specified for this VLAN attachment. If this field is not specified when creating the VLAN attachment, then later on when creating an HA VPN gateway on this VLAN attachment, the HA VPN gateway's IP address is allocated from the regional external IP address pool.",
           "items": {
             "type": "string"
           },
           "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "InstanceGroupManagersUpdatePerInstanceConfigsReq": {
-      "description": "InstanceGroupManagers.updatePerInstanceConfigs",
-      "id": "InstanceGroupManagersUpdatePerInstanceConfigsReq",
-      "properties": {
-        "perInstanceConfigs": {
-          "description": "The list of per-instance configurations to insert or patch on this managed instance group.",
-          "items": {
-            "$ref": "PerInstanceConfig"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "InstanceGroupsAddInstancesRequest": {
-      "id": "InstanceGroupsAddInstancesRequest",
-      "properties": {
-        "instances": {
-          "description": "The list of instances to add to the instance group.",
-          "items": {
-            "$ref": "InstanceReference"
+        },
+        "kind": {
+          "default": "compute#interconnectAttachment",
+          "description": "[Output Only] Type of the resource. Always compute#interconnectAttachment for interconnect attachments.",
+          "type": "string"
+        },
+        "labelFingerprint": {
+          "description": "A fingerprint for the labels being applied to this InterconnectAttachment, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve an InterconnectAttachment.",
+          "format": "byte",
+          "type": "string"
+        },
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
           },
-          "type": "array"
+          "description": "Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.",
+          "type": "object"
+        },
+        "mtu": {
+          "description": "Maximum Transmission Unit (MTU), in bytes, of packets passing through this interconnect attachment. Only 1440 and 1500 are allowed. If not specified, the value will default to 1440.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "name": {
+          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "operationalStatus": {
+          "description": "[Output Only] The current status of whether or not this interconnect attachment is functional, which can take one of the following values: - OS_ACTIVE: The attachment has been turned up and is ready to use. - OS_UNPROVISIONED: The attachment is not ready to use yet, because turnup is not complete. ",
+          "enum": [
+            "OS_ACTIVE",
+            "OS_UNPROVISIONED"
+          ],
+          "enumDescriptions": [
+            "Indicates that attachment has been turned up and is ready to use.",
+            "Indicates that attachment is not ready to use yet, because turnup is not complete."
+          ],
+          "type": "string"
+        },
+        "pairingKey": {
+          "description": "[Output only for type PARTNER. Input only for PARTNER_PROVIDER. Not present for DEDICATED]. The opaque identifier of an PARTNER attachment used to initiate provisioning with a selected partner. Of the form \"XXXXX/region/domain\"",
+          "type": "string"
+        },
+        "partnerAsn": {
+          "description": "Optional BGP ASN for the router supplied by a Layer 3 Partner if they configured BGP on behalf of the customer. Output only for PARTNER type, input only for PARTNER_PROVIDER, not available for DEDICATED.",
+          "format": "int64",
+          "type": "string"
+        },
+        "partnerMetadata": {
+          "$ref": "InterconnectAttachmentPartnerMetadata",
+          "description": "Informational metadata about Partner attachments from Partners to display to customers. Output only for for PARTNER type, mutable for PARTNER_PROVIDER, not available for DEDICATED."
+        },
+        "privateInterconnectInfo": {
+          "$ref": "InterconnectAttachmentPrivateInfo",
+          "description": "[Output Only] Information specific to an InterconnectAttachment. This property is populated if the interconnect that this is attached to is of type DEDICATED."
+        },
+        "region": {
+          "description": "[Output Only] URL of the region where the regional interconnect attachment resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
+          "type": "string"
+        },
+        "remoteService": {
+          "description": "[Output Only] If the attachment is on a Cross-Cloud Interconnect connection, this field contains the interconnect's remote location service provider. Example values: \"Amazon Web Services\" \"Microsoft Azure\". The field is set only for attachments on Cross-Cloud Interconnect connections. Its value is copied from the InterconnectRemoteLocation remoteService field.",
+          "type": "string"
+        },
+        "router": {
+          "description": "URL of the Cloud Router to be used for dynamic routing. This router must be in the same region as this InterconnectAttachment. The InterconnectAttachment will automatically connect the Interconnect to the network \u0026 region within which the Cloud Router is configured.",
+          "type": "string"
+        },
+        "satisfiesPzs": {
+          "description": "[Output Only] Reserved for future use.",
+          "type": "boolean"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
+          "type": "string"
+        },
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "type": "string"
+        },
+        "stackType": {
+          "description": "The stack type for this interconnect attachment to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used. This field can be both set at interconnect attachments creation and update interconnect attachment operations.",
+          "enum": [
+            "IPV4_IPV6",
+            "IPV4_ONLY"
+          ],
+          "enumDescriptions": [
+            "The interconnect attachment can have both IPv4 and IPv6 addresses.",
+            "The interconnect attachment will only be assigned IPv4 addresses."
+          ],
+          "type": "string"
+        },
+        "state": {
+          "description": "[Output Only] The current state of this attachment's functionality. Enum values ACTIVE and UNPROVISIONED are shared by DEDICATED/PRIVATE, PARTNER, and PARTNER_PROVIDER interconnect attachments, while enum values PENDING_PARTNER, PARTNER_REQUEST_RECEIVED, and PENDING_CUSTOMER are used for only PARTNER and PARTNER_PROVIDER interconnect attachments. This state can take one of the following values: - ACTIVE: The attachment has been turned up and is ready to use. - UNPROVISIONED: The attachment is not ready to use yet, because turnup is not complete. - PENDING_PARTNER: A newly-created PARTNER attachment that has not yet been configured on the Partner side. - PARTNER_REQUEST_RECEIVED: A PARTNER attachment is in the process of provisioning after a PARTNER_PROVIDER attachment was created that references it. - PENDING_CUSTOMER: A PARTNER or PARTNER_PROVIDER attachment that is waiting for a customer to activate it. - DEFUNCT: The attachment was deleted externally and is no longer functional. This could be because the associated Interconnect was removed, or because the other side of a Partner attachment was deleted. ",
+          "enum": [
+            "ACTIVE",
+            "DEFUNCT",
+            "PARTNER_REQUEST_RECEIVED",
+            "PENDING_CUSTOMER",
+            "PENDING_PARTNER",
+            "STATE_UNSPECIFIED",
+            "UNPROVISIONED"
+          ],
+          "enumDescriptions": [
+            "Indicates that attachment has been turned up and is ready to use.",
+            "The attachment was deleted externally and is no longer functional. This could be because the associated Interconnect was wiped out, or because the other side of a Partner attachment was deleted.",
+            "A PARTNER attachment is in the process of provisioning after a PARTNER_PROVIDER attachment was created that references it.",
+            "PARTNER or PARTNER_PROVIDER attachment that is waiting for the customer to activate.",
+            "A newly created PARTNER attachment that has not yet been configured on the Partner side.",
+            "",
+            "Indicates that attachment is not ready to use yet, because turnup is not complete."
+          ],
+          "type": "string"
+        },
+        "subnetLength": {
+          "description": "Length of the IPv4 subnet mask. Allowed values: - 29 (default) - 30 The default value is 29, except for Cross-Cloud Interconnect connections that use an InterconnectRemoteLocation with a constraints.subnetLengthRange.min equal to 30. For example, connections that use an Azure remote location fall into this category. In these cases, the default value is 30, and requesting 29 returns an error. Where both 29 and 30 are allowed, 29 is preferred, because it gives Google Cloud Support more debugging visibility. ",
+          "format": "int32",
+          "type": "integer"
+        },
+        "type": {
+          "description": "The type of interconnect attachment this is, which can take one of the following values: - DEDICATED: an attachment to a Dedicated Interconnect. - PARTNER: an attachment to a Partner Interconnect, created by the customer. - PARTNER_PROVIDER: an attachment to a Partner Interconnect, created by the partner. ",
+          "enum": [
+            "DEDICATED",
+            "PARTNER",
+            "PARTNER_PROVIDER"
+          ],
+          "enumDescriptions": [
+            "Attachment to a dedicated interconnect.",
+            "Attachment to a partner interconnect, created by the customer.",
+            "Attachment to a partner interconnect, created by the partner."
+          ],
+          "type": "string"
+        },
+        "vlanTag8021q": {
+          "description": "The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4093. Only specified at creation time.",
+          "format": "int32",
+          "type": "integer"
         }
       },
       "type": "object"
     },
-    "InstanceGroupsListInstances": {
-      "id": "InstanceGroupsListInstances",
+    "InterconnectAttachmentAggregatedList": {
+      "id": "InterconnectAttachmentAggregatedList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of InstanceWithNamedPorts resources.",
-          "items": {
-            "$ref": "InstanceWithNamedPorts"
+          "additionalProperties": {
+            "$ref": "InterconnectAttachmentsScopedList",
+            "description": "Name of the scope containing this set of interconnect attachments."
           },
-          "type": "array"
+          "description": "A list of InterconnectAttachmentsScopedList resources.",
+          "type": "object"
         },
         "kind": {
-          "default": "compute#instanceGroupsListInstances",
-          "description": "[Output Only] The resource type, which is always compute#instanceGroupsListInstances for the list of instances in the specified instance group.",
+          "default": "compute#interconnectAttachmentAggregatedList",
+          "description": "[Output Only] Type of resource. Always compute#interconnectAttachmentAggregatedList for aggregated lists of interconnect attachments.",
           "type": "string"
         },
         "nextPageToken": {
@@ -54586,6 +61568,13 @@
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -54602,6 +61591,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -54620,6 +61610,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -54631,6 +61651,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -54678,175 +61699,65 @@
       },
       "type": "object"
     },
-    "InstanceGroupsListInstancesRequest": {
-      "id": "InstanceGroupsListInstancesRequest",
+    "InterconnectAttachmentConfigurationConstraints": {
+      "id": "InterconnectAttachmentConfigurationConstraints",
       "properties": {
-        "instanceState": {
-          "description": "A filter for the state of the instances in the instance group. Valid options are ALL or RUNNING. If you do not specify this parameter the list includes all instances regardless of their state.",
+        "bgpMd5": {
+          "description": "[Output Only] Whether the attachment's BGP session requires/allows/disallows BGP MD5 authentication. This can take one of the following values: MD5_OPTIONAL, MD5_REQUIRED, MD5_UNSUPPORTED. For example, a Cross-Cloud Interconnect connection to a remote cloud provider that requires BGP MD5 authentication has the interconnectRemoteLocation attachment_configuration_constraints.bgp_md5 field set to MD5_REQUIRED, and that property is propagated to the attachment. Similarly, if BGP MD5 is MD5_UNSUPPORTED, an error is returned if MD5 is requested.",
           "enum": [
-            "ALL",
-            "RUNNING"
+            "MD5_OPTIONAL",
+            "MD5_REQUIRED",
+            "MD5_UNSUPPORTED"
           ],
           "enumDescriptions": [
-            "Includes all instances in the generated list regardless of their state.",
-            "Includes instances in the generated list only if they have a RUNNING state."
+            "MD5_OPTIONAL: BGP MD5 authentication is supported and can optionally be configured.",
+            "MD5_REQUIRED: BGP MD5 authentication must be configured.",
+            "MD5_UNSUPPORTED: BGP MD5 authentication must not be configured"
           ],
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "InstanceGroupsRemoveInstancesRequest": {
-      "id": "InstanceGroupsRemoveInstancesRequest",
-      "properties": {
-        "instances": {
-          "description": "The list of instances to remove from the instance group.",
-          "items": {
-            "$ref": "InstanceReference"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "InstanceGroupsScopedList": {
-      "id": "InstanceGroupsScopedList",
-      "properties": {
-        "instanceGroups": {
-          "description": "[Output Only] The list of instance groups that are contained in this scope.",
+        },
+        "bgpPeerAsnRanges": {
+          "description": "[Output Only] List of ASN ranges that the remote location is known to support. Formatted as an array of inclusive ranges {min: min-value, max: max-value}. For example, [{min: 123, max: 123}, {min: 64512, max: 65534}] allows the peer ASN to be 123 or anything in the range 64512-65534. This field is only advisory. Although the API accepts other ranges, these are the ranges that we recommend.",
           "items": {
-            "$ref": "InstanceGroup"
+            "$ref": "InterconnectAttachmentConfigurationConstraintsBgpPeerASNRange"
           },
           "type": "array"
-        },
-        "warning": {
-          "description": "[Output Only] An informational warning that replaces the list of instance groups when the list is empty.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
-              ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
         }
       },
       "type": "object"
     },
-    "InstanceGroupsSetNamedPortsRequest": {
-      "id": "InstanceGroupsSetNamedPortsRequest",
+    "InterconnectAttachmentConfigurationConstraintsBgpPeerASNRange": {
+      "id": "InterconnectAttachmentConfigurationConstraintsBgpPeerASNRange",
       "properties": {
-        "fingerprint": {
-          "description": "The fingerprint of the named ports information for this instance group. Use this optional property to prevent conflicts when multiple users change the named ports settings concurrently. Obtain the fingerprint with the instanceGroups.get method. Then, include the fingerprint in your request to ensure that you do not overwrite changes that were applied from another concurrent request. A request with an incorrect fingerprint will fail with error 412 conditionNotMet.",
-          "format": "byte",
-          "type": "string"
+        "max": {
+          "format": "uint32",
+          "type": "integer"
         },
-        "namedPorts": {
-          "description": "The list of named ports to set for this instance group.",
-          "items": {
-            "$ref": "NamedPort"
-          },
-          "type": "array"
+        "min": {
+          "format": "uint32",
+          "type": "integer"
         }
       },
       "type": "object"
     },
-    "InstanceList": {
-      "description": "Contains a list of instances.",
-      "id": "InstanceList",
+    "InterconnectAttachmentList": {
+      "description": "Response to the list request, and contains a list of interconnect attachments.",
+      "id": "InterconnectAttachmentList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of Instance resources.",
+          "description": "A list of InterconnectAttachment resources.",
           "items": {
-            "$ref": "Instance"
+            "$ref": "InterconnectAttachment"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#instanceList",
-          "description": "[Output Only] Type of resource. Always compute#instanceList for lists of Instance resources.",
+          "default": "compute#interconnectAttachmentList",
+          "description": "[Output Only] Type of resource. Always compute#interconnectAttachmentList for lists of interconnect attachments.",
           "type": "string"
         },
         "nextPageToken": {
@@ -54873,6 +61784,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -54891,6 +61803,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -54902,6 +61844,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -54949,36 +61892,49 @@
       },
       "type": "object"
     },
-    "InstanceListReferrers": {
-      "description": "Contains a list of instance referrers.",
-      "id": "InstanceListReferrers",
+    "InterconnectAttachmentPartnerMetadata": {
+      "description": "Informational metadata about Partner attachments from Partners to display to customers. These fields are propagated from PARTNER_PROVIDER attachments to their corresponding PARTNER attachments.",
+      "id": "InterconnectAttachmentPartnerMetadata",
       "properties": {
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
-          "type": "string"
-        },
-        "items": {
-          "description": "A list of Reference resources.",
-          "items": {
-            "$ref": "Reference"
-          },
-          "type": "array"
-        },
-        "kind": {
-          "default": "compute#instanceListReferrers",
-          "description": "[Output Only] Type of resource. Always compute#instanceListReferrers for lists of Instance referrers.",
+        "interconnectName": {
+          "description": "Plain text name of the Interconnect this attachment is connected to, as displayed in the Partner's portal. For instance \"Chicago 1\". This value may be validated to match approved Partner values.",
           "type": "string"
         },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+        "partnerName": {
+          "description": "Plain text name of the Partner providing this attachment. This value may be validated to match approved Partner values.",
           "type": "string"
         },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
+        "portalUrl": {
+          "description": "URL of the Partner's portal for this Attachment. Partners may customise this to be a deep link to the specific resource on the Partner portal. This value may be validated to match approved Partner values.",
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "InterconnectAttachmentPrivateInfo": {
+      "description": "Information for an interconnect attachment when this belongs to an interconnect of type DEDICATED.",
+      "id": "InterconnectAttachmentPrivateInfo",
+      "properties": {
+        "tag8021q": {
+          "description": "[Output Only] 802.1q encapsulation tag to be used for traffic between Google and the customer, going to and from this network and region.",
+          "format": "uint32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "InterconnectAttachmentsScopedList": {
+      "id": "InterconnectAttachmentsScopedList",
+      "properties": {
+        "interconnectAttachments": {
+          "description": "A list of interconnect attachments contained in this scope.",
+          "items": {
+            "$ref": "InterconnectAttachment"
+          },
+          "type": "array"
         },
         "warning": {
-          "description": "[Output Only] Informational warning message.",
+          "description": "Informational warning which replaces the list of addresses when the list is empty.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -54993,6 +61949,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -55011,6 +61968,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -55022,6 +62009,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -55059,409 +62047,235 @@
               },
               "type": "array"
             },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "InstanceManagedByIgmError": {
-      "id": "InstanceManagedByIgmError",
-      "properties": {
-        "error": {
-          "$ref": "InstanceManagedByIgmErrorManagedInstanceError",
-          "description": "[Output Only] Contents of the error."
-        },
-        "instanceActionDetails": {
-          "$ref": "InstanceManagedByIgmErrorInstanceActionDetails",
-          "description": "[Output Only] Details of the instance action that triggered this error. May be null, if the error was not caused by an action on an instance. This field is optional."
-        },
-        "timestamp": {
-          "description": "[Output Only] The time that this error occurred. This value is in RFC3339 text format.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "InstanceManagedByIgmErrorInstanceActionDetails": {
-      "id": "InstanceManagedByIgmErrorInstanceActionDetails",
-      "properties": {
-        "action": {
-          "description": "[Output Only] Action that managed instance group was executing on the instance when the error occurred. Possible values:",
-          "enum": [
-            "ABANDONING",
-            "CREATING",
-            "CREATING_ATOMICALLY",
-            "CREATING_WITHOUT_RETRIES",
-            "DELETING",
-            "NONE",
-            "QUEUING",
-            "RECREATING",
-            "REFRESHING",
-            "RESTARTING",
-            "RESUMING",
-            "STARTING",
-            "STOPPING",
-            "SUSPENDING",
-            "VERIFYING"
-          ],
-          "enumDescriptions": [
-            "The managed instance group is abandoning this instance. The instance will be removed from the instance group and from any target pools that are associated with this group.",
-            "The managed instance group is creating this instance. If the group fails to create this instance, it will try again until it is successful.",
-            "The managed instance group is creating this instance atomically.",
-            "The managed instance group is attempting to create this instance only once. If the group fails to create this instance, it does not try again and the group's targetSize value is decreased.",
-            "The managed instance group is permanently deleting this instance.",
-            "The managed instance group has not scheduled any actions for this instance.",
-            "The managed instance group is queuing this instance.",
-            "The managed instance group is recreating this instance.",
-            "The managed instance group is applying configuration changes to the instance without stopping it. For example, the group can update the target pool list for an instance without stopping that instance.",
-            "The managed instance group is restarting this instance.",
-            "The managed instance group is resuming this instance.",
-            "The managed instance group is starting this instance.",
-            "The managed instance group is stopping this instance.",
-            "The managed instance group is suspending this instance.",
-            "The managed instance group is verifying this already created instance. Verification happens every time the instance is (re)created or restarted and consists of: 1. Waiting until health check specified as part of this managed instance group's autohealing policy reports HEALTHY. Note: Applies only if autohealing policy has a health check specified 2. Waiting for addition verification steps performed as post-instance creation (subject to future extensions)."
-          ],
-          "type": "string"
-        },
-        "instance": {
-          "description": "[Output Only] The URL of the instance. The URL can be set even if the instance has not yet been created.",
-          "type": "string"
-        },
-        "version": {
-          "$ref": "ManagedInstanceVersion",
-          "description": "[Output Only] Version this instance was created from, or was being created from, but the creation failed. Corresponds to one of the versions that were set on the Instance Group Manager resource at the time this instance was being created."
-        }
-      },
-      "type": "object"
-    },
-    "InstanceManagedByIgmErrorManagedInstanceError": {
-      "id": "InstanceManagedByIgmErrorManagedInstanceError",
-      "properties": {
-        "code": {
-          "description": "[Output Only] Error code.",
-          "type": "string"
-        },
-        "message": {
-          "description": "[Output Only] Error message.",
-          "type": "string"
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
         }
       },
       "type": "object"
     },
-    "InstanceMoveRequest": {
-      "id": "InstanceMoveRequest",
+    "InterconnectCircuitInfo": {
+      "description": "Describes a single physical circuit between the Customer and Google. CircuitInfo objects are created by Google, so all fields are output only.",
+      "id": "InterconnectCircuitInfo",
       "properties": {
-        "destinationZone": {
-          "description": "The URL of the destination zone to move the instance. This can be a full or partial URL. For example, the following are all valid URLs to a zone: - https://www.googleapis.com/compute/v1/projects/project/zones/zone - projects/project/zones/zone - zones/zone ",
+        "customerDemarcId": {
+          "description": "Customer-side demarc ID for this circuit.",
           "type": "string"
         },
-        "targetInstance": {
-          "description": "The URL of the target instance to move. This can be a full or partial URL. For example, the following are all valid URLs to an instance: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /instances/instance - projects/project/zones/zone/instances/instance - zones/zone/instances/instance ",
+        "googleCircuitId": {
+          "description": "Google-assigned unique ID for this circuit. Assigned at circuit turn-up.",
+          "type": "string"
+        },
+        "googleDemarcId": {
+          "description": "Google-side demarc ID for this circuit. Assigned at circuit turn-up and provided by Google to the customer in the LOA.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "InstanceParams": {
-      "description": "Additional instance params.",
-      "id": "InstanceParams",
-      "properties": {
-        "resourceManagerTags": {
-          "additionalProperties": {
-            "type": "string"
-          },
-          "description": "Resource manager tags to be bound to the instance. Tag keys and values have the same definition as resource manager tags. Keys must be in the format `tagKeys/{tag_key_id}`, and values are in the format `tagValues/456`. The field is ignored (both PUT \u0026 PATCH) when empty.",
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "InstanceProperties": {
-      "id": "InstanceProperties",
+    "InterconnectDiagnostics": {
+      "description": "Diagnostics information about the Interconnect connection, which contains detailed and current technical information about Google's side of the connection.",
+      "id": "InterconnectDiagnostics",
       "properties": {
-        "advancedMachineFeatures": {
-          "$ref": "AdvancedMachineFeatures",
-          "description": "Controls for advanced machine-related behavior features. Note that for MachineImage, this is not supported yet."
-        },
-        "canIpForward": {
-          "description": "Enables instances created based on these properties to send packets with source IP addresses other than their own and receive packets with destination IP addresses other than their own. If these instances will be used as an IP gateway or it will be set as the next-hop in a Route resource, specify true. If unsure, leave this set to false. See the Enable IP forwarding documentation for more information.",
-          "type": "boolean"
-        },
-        "confidentialInstanceConfig": {
-          "$ref": "ConfidentialInstanceConfig",
-          "description": "Specifies the Confidential Instance options. Note that for MachineImage, this is not supported yet."
-        },
-        "description": {
-          "description": "An optional text description for the instances that are created from these properties.",
-          "type": "string"
-        },
-        "disks": {
-          "description": "An array of disks that are associated with the instances that are created from these properties.",
-          "items": {
-            "$ref": "AttachedDisk"
-          },
-          "type": "array"
-        },
-        "displayDevice": {
-          "$ref": "DisplayDevice",
-          "description": "Display Device properties to enable support for remote display products like: Teradici, VNC and TeamViewer Note that for MachineImage, this is not supported yet."
-        },
-        "guestAccelerators": {
-          "description": "A list of guest accelerator cards' type and count to use for instances created from these properties.",
-          "items": {
-            "$ref": "AcceleratorConfig"
-          },
-          "type": "array"
-        },
-        "keyRevocationActionType": {
-          "description": "KeyRevocationActionType of the instance. Supported options are \"STOP\" and \"NONE\". The default value is \"NONE\" if it is not specified.",
-          "enum": [
-            "KEY_REVOCATION_ACTION_TYPE_UNSPECIFIED",
-            "NONE",
-            "STOP"
-          ],
-          "enumDescriptions": [
-            "Default value. This value is unused.",
-            "Indicates user chose no operation.",
-            "Indicates user chose to opt for VM shutdown on key revocation."
-          ],
-          "type": "string"
-        },
-        "labels": {
-          "additionalProperties": {
-            "type": "string"
-          },
-          "description": "Labels to apply to instances that are created from these properties.",
-          "type": "object"
-        },
-        "machineType": {
-          "annotations": {
-            "required": [
-              "compute.instanceTemplates.insert"
-            ]
-          },
-          "description": "The machine type to use for instances that are created from these properties.",
-          "type": "string"
-        },
-        "metadata": {
-          "$ref": "Metadata",
-          "description": "The metadata key/value pairs to assign to instances that are created from these properties. These pairs can consist of custom metadata or predefined keys. See Project and instance metadata for more information."
-        },
-        "minCpuPlatform": {
-          "description": "Minimum cpu/platform to be used by instances. The instance may be scheduled on the specified or newer cpu/platform. Applicable values are the friendly names of CPU platforms, such as minCpuPlatform: \"Intel Haswell\" or minCpuPlatform: \"Intel Sandy Bridge\". For more information, read Specifying a Minimum CPU Platform.",
-          "type": "string"
-        },
-        "networkInterfaces": {
-          "description": "An array of network access configurations for this interface.",
+        "arpCaches": {
+          "description": "A list of InterconnectDiagnostics.ARPEntry objects, describing individual neighbors currently seen by the Google router in the ARP cache for the Interconnect. This will be empty when the Interconnect is not bundled.",
           "items": {
-            "$ref": "NetworkInterface"
+            "$ref": "InterconnectDiagnosticsARPEntry"
           },
           "type": "array"
         },
-        "networkPerformanceConfig": {
-          "$ref": "NetworkPerformanceConfig",
-          "description": "Note that for MachineImage, this is not supported yet."
-        },
-        "postKeyRevocationActionType": {
-          "description": "PostKeyRevocationActionType of the instance.",
+        "bundleAggregationType": {
+          "description": "The aggregation type of the bundle interface.",
           "enum": [
-            "NOOP",
-            "POST_KEY_REVOCATION_ACTION_TYPE_UNSPECIFIED",
-            "SHUTDOWN"
+            "BUNDLE_AGGREGATION_TYPE_LACP",
+            "BUNDLE_AGGREGATION_TYPE_STATIC"
           ],
           "enumDescriptions": [
-            "Indicates user chose no operation.",
-            "Default value. This value is unused.",
-            "Indicates user chose to opt for VM shutdown on key revocation."
+            "LACP is enabled.",
+            "LACP is disabled."
           ],
           "type": "string"
         },
-        "privateIpv6GoogleAccess": {
-          "description": "The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default. Note that for MachineImage, this is not supported yet.",
+        "bundleOperationalStatus": {
+          "description": "The operational status of the bundle interface.",
           "enum": [
-            "ENABLE_BIDIRECTIONAL_ACCESS_TO_GOOGLE",
-            "ENABLE_OUTBOUND_VM_ACCESS_TO_GOOGLE",
-            "INHERIT_FROM_SUBNETWORK"
+            "BUNDLE_OPERATIONAL_STATUS_DOWN",
+            "BUNDLE_OPERATIONAL_STATUS_UP"
           ],
           "enumDescriptions": [
-            "Bidirectional private IPv6 access to/from Google services. If specified, the subnetwork who is attached to the instance's default network interface will be assigned an internal IPv6 prefix if it doesn't have before.",
-            "Outbound private IPv6 access from VMs in this subnet to Google services. If specified, the subnetwork who is attached to the instance's default network interface will be assigned an internal IPv6 prefix if it doesn't have before.",
-            "Each network interface inherits PrivateIpv6GoogleAccess from its subnetwork."
+            "If bundleAggregationType is LACP: LACP is not established and/or all links in the bundle have DOWN operational status. If bundleAggregationType is STATIC: one or more links in the bundle has DOWN operational status.",
+            "If bundleAggregationType is LACP: LACP is established and at least one link in the bundle has UP operational status. If bundleAggregationType is STATIC: all links in the bundle (typically just one) have UP operational status."
           ],
           "type": "string"
         },
-        "reservationAffinity": {
-          "$ref": "ReservationAffinity",
-          "description": "Specifies the reservations that instances can consume from. Note that for MachineImage, this is not supported yet."
-        },
-        "resourceManagerTags": {
-          "additionalProperties": {
-            "type": "string"
-          },
-          "description": "Resource manager tags to be bound to the instance. Tag keys and values have the same definition as resource manager tags. Keys must be in the format `tagKeys/{tag_key_id}`, and values are in the format `tagValues/456`. The field is ignored (both PUT \u0026 PATCH) when empty.",
-          "type": "object"
-        },
-        "resourcePolicies": {
-          "description": "Resource policies (names, not URLs) applied to instances created from these properties. Note that for MachineImage, this is not supported yet.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "scheduling": {
-          "$ref": "Scheduling",
-          "description": "Specifies the scheduling options for the instances that are created from these properties."
-        },
-        "secureTags": {
-          "description": "[Input Only] Secure tags to apply to this instance. Maximum number of secure tags allowed is 50. Note that for MachineImage, this is not supported yet.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "serviceAccounts": {
-          "description": "A list of service accounts with specified scopes. Access tokens for these service accounts are available to the instances that are created from these properties. Use metadata queries to obtain the access tokens for these instances.",
+        "links": {
+          "description": "A list of InterconnectDiagnostics.LinkStatus objects, describing the status for each link on the Interconnect.",
           "items": {
-            "$ref": "ServiceAccount"
+            "$ref": "InterconnectDiagnosticsLinkStatus"
           },
           "type": "array"
         },
-        "serviceIntegrationSpecs": {
-          "additionalProperties": {
-            "$ref": "ServiceIntegrationSpec"
-          },
-          "description": "Mapping of user defined keys to ServiceIntegrationSpec.",
-          "type": "object"
-        },
-        "shieldedInstanceConfig": {
-          "$ref": "ShieldedInstanceConfig",
-          "description": "Note that for MachineImage, this is not supported yet."
-        },
-        "shieldedVmConfig": {
-          "$ref": "ShieldedVmConfig",
-          "description": "Specifies the Shielded VM options for the instances that are created from these properties."
-        },
-        "tags": {
-          "$ref": "Tags",
-          "description": "A list of tags to apply to the instances that are created from these properties. The tags identify valid sources or targets for network firewalls. The setTags method can modify this list of tags. Each tag within the list must comply with RFC1035."
+        "macAddress": {
+          "description": "The MAC address of the Interconnect's bundle interface.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "InstancePropertiesPatch": {
-      "description": "Represents the change that you want to make to the instance properties.",
-      "id": "InstancePropertiesPatch",
+    "InterconnectDiagnosticsARPEntry": {
+      "description": "Describing the ARP neighbor entries seen on this link",
+      "id": "InterconnectDiagnosticsARPEntry",
       "properties": {
-        "labels": {
-          "additionalProperties": {
-            "type": "string"
-          },
-          "description": "The label key-value pairs that you want to patch onto the instance.",
-          "type": "object"
+        "ipAddress": {
+          "description": "The IP address of this ARP neighbor.",
+          "type": "string"
         },
-        "metadata": {
-          "additionalProperties": {
-            "type": "string"
-          },
-          "description": "The metadata key-value pairs that you want to patch onto the instance. For more information, see Project and instance metadata.",
-          "type": "object"
+        "macAddress": {
+          "description": "The MAC address of this ARP neighbor.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "InstanceReference": {
-      "id": "InstanceReference",
+    "InterconnectDiagnosticsLinkLACPStatus": {
+      "id": "InterconnectDiagnosticsLinkLACPStatus",
       "properties": {
-        "instance": {
-          "description": "The URL for a specific instance. @required compute.instancegroups.addInstances/removeInstances",
+        "googleSystemId": {
+          "description": "System ID of the port on Google's side of the LACP exchange.",
+          "type": "string"
+        },
+        "neighborSystemId": {
+          "description": "System ID of the port on the neighbor's side of the LACP exchange.",
+          "type": "string"
+        },
+        "state": {
+          "description": "The state of a LACP link, which can take one of the following values: - ACTIVE: The link is configured and active within the bundle. - DETACHED: The link is not configured within the bundle. This means that the rest of the object should be empty. ",
+          "enum": [
+            "ACTIVE",
+            "DETACHED"
+          ],
+          "enumDescriptions": [
+            "The link is configured and active within the bundle.",
+            "The link is not configured within the bundle, this means the rest of the object should be empty."
+          ],
           "type": "string"
         }
       },
       "type": "object"
     },
-    "InstanceTemplate": {
-      "description": "Represents an Instance Template resource. You can use instance templates to create VM instances and managed instance groups. For more information, read Instance Templates.",
-      "id": "InstanceTemplate",
+    "InterconnectDiagnosticsLinkOpticalPower": {
+      "id": "InterconnectDiagnosticsLinkOpticalPower",
       "properties": {
-        "creationTimestamp": {
-          "description": "[Output Only] The creation timestamp for this instance template in RFC3339 text format.",
-          "type": "string"
-        },
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
+        "state": {
+          "description": "The status of the current value when compared to the warning and alarm levels for the receiving or transmitting transceiver. Possible states include: - OK: The value has not crossed a warning threshold. - LOW_WARNING: The value has crossed below the low warning threshold. - HIGH_WARNING: The value has crossed above the high warning threshold. - LOW_ALARM: The value has crossed below the low alarm threshold. - HIGH_ALARM: The value has crossed above the high alarm threshold. ",
+          "enum": [
+            "HIGH_ALARM",
+            "HIGH_WARNING",
+            "LOW_ALARM",
+            "LOW_WARNING",
+            "OK"
+          ],
+          "enumDescriptions": [
+            "The value has crossed above the high alarm threshold.",
+            "The value of the current optical power has crossed above the high warning threshold.",
+            "The value of the current optical power has crossed below the low alarm threshold.",
+            "The value of the current optical power has crossed below the low warning threshold.",
+            "The value of the current optical power has not crossed a warning threshold."
+          ],
           "type": "string"
         },
-        "id": {
-          "description": "[Output Only] A unique identifier for this instance template. The server defines this identifier.",
-          "format": "uint64",
-          "type": "string"
+        "value": {
+          "description": "Value of the current receiving or transmitting optical power, read in dBm. Take a known good optical value, give it a 10% margin and trigger warnings relative to that value. In general, a -7dBm warning and a -11dBm alarm are good optical value estimates for most links.",
+          "format": "float",
+          "type": "number"
+        }
+      },
+      "type": "object"
+    },
+    "InterconnectDiagnosticsLinkStatus": {
+      "id": "InterconnectDiagnosticsLinkStatus",
+      "properties": {
+        "arpCaches": {
+          "description": "A list of InterconnectDiagnostics.ARPEntry objects, describing the ARP neighbor entries seen on this link. This will be empty if the link is bundled",
+          "items": {
+            "$ref": "InterconnectDiagnosticsARPEntry"
+          },
+          "type": "array"
         },
-        "kind": {
-          "default": "compute#instanceTemplate",
-          "description": "[Output Only] The resource type, which is always compute#instanceTemplate for instance templates.",
+        "circuitId": {
+          "description": "The unique ID for this link assigned during turn up by Google.",
           "type": "string"
         },
-        "name": {
-          "annotations": {
-            "required": [
-              "compute.instanceTemplates.insert"
-            ]
-          },
-          "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+        "googleDemarc": {
+          "description": "The Demarc address assigned by Google and provided in the LoA.",
           "type": "string"
         },
-        "properties": {
-          "$ref": "InstanceProperties",
-          "description": "The instance properties for this instance template."
+        "lacpStatus": {
+          "$ref": "InterconnectDiagnosticsLinkLACPStatus"
         },
-        "region": {
-          "description": "[Output Only] URL of the region where the instance template resides. Only applicable for regional resources.",
-          "type": "string"
+        "macsec": {
+          "$ref": "InterconnectDiagnosticsMacsecStatus",
+          "description": "Describes the status of MACsec encryption on this link."
         },
-        "selfLink": {
-          "description": "[Output Only] The URL for this instance template. The server defines this URL.",
+        "operationalStatus": {
+          "description": "The operational status of the link.",
+          "enum": [
+            "LINK_OPERATIONAL_STATUS_DOWN",
+            "LINK_OPERATIONAL_STATUS_UP"
+          ],
+          "enumDescriptions": [
+            "The interface is unable to communicate with the remote end.",
+            "The interface has low level communication with the remote end."
+          ],
           "type": "string"
         },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
-          "type": "string"
+        "receivingOpticalPower": {
+          "$ref": "InterconnectDiagnosticsLinkOpticalPower",
+          "description": "An InterconnectDiagnostics.LinkOpticalPower object, describing the current value and status of the received light level."
         },
-        "sourceInstance": {
-          "description": "The source instance used to create the template. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /instances/instance - projects/project/zones/zone/instances/instance ",
+        "transmittingOpticalPower": {
+          "$ref": "InterconnectDiagnosticsLinkOpticalPower",
+          "description": "An InterconnectDiagnostics.LinkOpticalPower object, describing the current value and status of the transmitted light level."
+        }
+      },
+      "type": "object"
+    },
+    "InterconnectDiagnosticsMacsecStatus": {
+      "description": "Describes the status of MACsec encryption on the link.",
+      "id": "InterconnectDiagnosticsMacsecStatus",
+      "properties": {
+        "ckn": {
+          "description": "Indicates the Connectivity Association Key Name (CKN) currently being used if MACsec is operational.",
           "type": "string"
         },
-        "sourceInstanceParams": {
-          "$ref": "SourceInstanceParams",
-          "description": "The source instance params to use to create this instance template."
+        "operational": {
+          "description": "Indicates whether or not MACsec is operational on this link.",
+          "type": "boolean"
         }
       },
       "type": "object"
     },
-    "InstanceTemplateAggregatedList": {
-      "description": "Contains a list of InstanceTemplatesScopedList.",
-      "id": "InstanceTemplateAggregatedList",
+    "InterconnectList": {
+      "description": "Response to the list request, and contains a list of interconnects.",
+      "id": "InterconnectList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "additionalProperties": {
-            "$ref": "InstanceTemplatesScopedList",
-            "description": "The name of the scope that contains this set of instance templates."
+          "description": "A list of Interconnect resources.",
+          "items": {
+            "$ref": "Interconnect"
           },
-          "description": "A list of InstanceTemplatesScopedList resources.",
-          "type": "object"
+          "type": "array"
         },
         "kind": {
-          "default": "compute#instanceTemplateAggregatedList",
-          "description": "Type of resource.",
+          "default": "compute#interconnectList",
+          "description": "[Output Only] Type of resource. Always compute#interconnectList for lists of interconnects.",
           "type": "string"
         },
         "nextPageToken": {
@@ -55488,6 +62302,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -55506,6 +62321,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -55517,6 +62362,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -55564,24 +62410,164 @@
       },
       "type": "object"
     },
-    "InstanceTemplateList": {
-      "description": "A list of instance templates.",
-      "id": "InstanceTemplateList",
+    "InterconnectLocation": {
+      "description": "Represents an Interconnect Attachment (VLAN) Location resource. You can use this resource to find location details about an Interconnect attachment (VLAN). For more information about interconnect attachments, read Creating VLAN Attachments.",
+      "id": "InterconnectLocation",
+      "properties": {
+        "address": {
+          "description": "[Output Only] The postal address of the Point of Presence, each line in the address is separated by a newline character.",
+          "type": "string"
+        },
+        "availabilityZone": {
+          "description": "[Output Only] Availability zone for this InterconnectLocation. Within a metropolitan area (metro), maintenance will not be simultaneously scheduled in more than one availability zone. Example: \"zone1\" or \"zone2\".",
+          "type": "string"
+        },
+        "availableFeatures": {
+          "description": "[Output only] List of features available at this InterconnectLocation, which can take one of the following values: - MACSEC ",
+          "items": {
+            "enum": [
+              "IF_MACSEC"
+            ],
+            "enumDescriptions": [
+              "Media Access Control security (MACsec)"
+            ],
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "availableLinkTypes": {
+          "description": "[Output only] List of link types available at this InterconnectLocation, which can take one of the following values: - LINK_TYPE_ETHERNET_10G_LR - LINK_TYPE_ETHERNET_100G_LR ",
+          "items": {
+            "enum": [
+              "LINK_TYPE_ETHERNET_100G_LR",
+              "LINK_TYPE_ETHERNET_10G_LR"
+            ],
+            "enumDescriptions": [
+              "100G Ethernet, LR Optics.",
+              "10G Ethernet, LR Optics. [(rate_bps) = 10000000000];"
+            ],
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "city": {
+          "description": "[Output Only] Metropolitan area designator that indicates which city an interconnect is located. For example: \"Chicago, IL\", \"Amsterdam, Netherlands\".",
+          "type": "string"
+        },
+        "continent": {
+          "description": "[Output Only] Continent for this location, which can take one of the following values: - AFRICA - ASIA_PAC - EUROPE - NORTH_AMERICA - SOUTH_AMERICA ",
+          "enum": [
+            "AFRICA",
+            "ASIA_PAC",
+            "C_AFRICA",
+            "C_ASIA_PAC",
+            "C_EUROPE",
+            "C_NORTH_AMERICA",
+            "C_SOUTH_AMERICA",
+            "EUROPE",
+            "NORTH_AMERICA",
+            "SOUTH_AMERICA"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
+        },
+        "description": {
+          "description": "[Output Only] An optional description of the resource.",
+          "type": "string"
+        },
+        "facilityProvider": {
+          "description": "[Output Only] The name of the provider for this facility (e.g., EQUINIX).",
+          "type": "string"
+        },
+        "facilityProviderFacilityId": {
+          "description": "[Output Only] A provider-assigned Identifier for this facility (e.g., Ashburn-DC1).",
+          "type": "string"
+        },
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "kind": {
+          "default": "compute#interconnectLocation",
+          "description": "[Output Only] Type of the resource. Always compute#interconnectLocation for interconnect locations.",
+          "type": "string"
+        },
+        "name": {
+          "description": "[Output Only] Name of the resource.",
+          "type": "string"
+        },
+        "peeringdbFacilityId": {
+          "description": "[Output Only] The peeringdb identifier for this facility (corresponding with a netfac type in peeringdb).",
+          "type": "string"
+        },
+        "regionInfos": {
+          "description": "[Output Only] A list of InterconnectLocation.RegionInfo objects, that describe parameters pertaining to the relation between this InterconnectLocation and various Google Cloud regions.",
+          "items": {
+            "$ref": "InterconnectLocationRegionInfo"
+          },
+          "type": "array"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
+          "type": "string"
+        },
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "type": "string"
+        },
+        "status": {
+          "description": "[Output Only] The status of this InterconnectLocation, which can take one of the following values: - CLOSED: The InterconnectLocation is closed and is unavailable for provisioning new Interconnects. - AVAILABLE: The InterconnectLocation is available for provisioning new Interconnects. ",
+          "enum": [
+            "AVAILABLE",
+            "CLOSED"
+          ],
+          "enumDescriptions": [
+            "The InterconnectLocation is available for provisioning new Interconnects.",
+            "The InterconnectLocation is closed for provisioning new Interconnects."
+          ],
+          "type": "string"
+        },
+        "supportsPzs": {
+          "description": "[Output Only] Reserved for future use.",
+          "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
+    "InterconnectLocationList": {
+      "description": "Response to the list request, and contains a list of interconnect locations.",
+      "id": "InterconnectLocationList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of InstanceTemplate resources.",
+          "description": "A list of InterconnectLocation resources.",
           "items": {
-            "$ref": "InstanceTemplate"
+            "$ref": "InterconnectLocation"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#instanceTemplateList",
-          "description": "[Output Only] The resource type, which is always compute#instanceTemplatesListResponse for instance template lists.",
+          "default": "compute#interconnectLocationList",
+          "description": "[Output Only] Type of resource. Always compute#interconnectLocationList for lists of interconnect locations.",
           "type": "string"
         },
         "nextPageToken": {
@@ -55608,6 +62594,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -55626,107 +62613,35 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "InstanceTemplatesScopedList": {
-      "id": "InstanceTemplatesScopedList",
-      "properties": {
-        "instanceTemplates": {
-          "description": "[Output Only] A list of instance templates that are contained within the specified project and zone.",
-          "items": {
-            "$ref": "InstanceTemplate"
-          },
-          "type": "array"
-        },
-        "warning": {
-          "description": "[Output Only] An informational warning that replaces the list of instance templates when the list is empty.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
               ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
@@ -55739,6 +62654,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -55786,193 +62702,392 @@
       },
       "type": "object"
     },
-    "InstanceWithNamedPorts": {
-      "id": "InstanceWithNamedPorts",
+    "InterconnectLocationRegionInfo": {
+      "description": "Information about any potential InterconnectAttachments between an Interconnect at a specific InterconnectLocation, and a specific Cloud Region.",
+      "id": "InterconnectLocationRegionInfo",
       "properties": {
-        "instance": {
-          "description": "[Output Only] The URL of the instance.",
+        "expectedRttMs": {
+          "description": "Expected round-trip time in milliseconds, from this InterconnectLocation to a VM in this region.",
+          "format": "int64",
           "type": "string"
         },
-        "namedPorts": {
-          "description": "[Output Only] The named ports that belong to this instance group.",
-          "items": {
-            "$ref": "NamedPort"
-          },
-          "type": "array"
-        },
-        "status": {
-          "description": "[Output Only] The status of the instance.",
+        "locationPresence": {
+          "description": "Identifies the network presence of this location.",
           "enum": [
-            "DEPROVISIONING",
-            "PROVISIONING",
-            "REPAIRING",
-            "RUNNING",
-            "STAGING",
-            "STOPPED",
-            "STOPPING",
-            "SUSPENDED",
-            "SUSPENDING",
-            "TERMINATED"
+            "GLOBAL",
+            "LOCAL_REGION",
+            "LP_GLOBAL",
+            "LP_LOCAL_REGION"
           ],
           "enumDescriptions": [
-            "The Nanny is halted and we are performing tear down tasks like network deprogramming, releasing quota, IP, tearing down disks etc.",
-            "Resources are being allocated for the instance.",
-            "The instance is in repair.",
-            "The instance is running.",
-            "All required resources have been allocated and the instance is being started.",
-            "The instance has stopped successfully.",
-            "The instance is currently stopping (either being deleted or killed).",
-            "The instance has suspended.",
-            "The instance is suspending.",
-            "The instance has stopped (either by explicit action or underlying failure)."
+            "This region is not in any common network presence with this InterconnectLocation.",
+            "This region shares the same regional network presence as this InterconnectLocation.",
+            "[Deprecated] This region is not in any common network presence with this InterconnectLocation.",
+            "[Deprecated] This region shares the same regional network presence as this InterconnectLocation."
           ],
           "type": "string"
+        },
+        "region": {
+          "description": "URL for the region of this location.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "InstancesAddResourcePoliciesRequest": {
-      "id": "InstancesAddResourcePoliciesRequest",
+    "InterconnectMacsec": {
+      "description": "Configuration information for enabling Media Access Control security (MACsec) on this Interconnect connection between Google and your on-premises router.",
+      "id": "InterconnectMacsec",
       "properties": {
-        "resourcePolicies": {
-          "description": "Resource policies to be added to this instance.",
+        "failOpen": {
+          "description": "If set to true, the Interconnect connection is configured with a should-secure MACsec security policy, that allows the Google router to fallback to cleartext traffic if the MKA session cannot be established. By default, the Interconnect connection is configured with a must-secure security policy that drops all traffic if the MKA session cannot be established with your router.",
+          "type": "boolean"
+        },
+        "preSharedKeys": {
+          "description": "Required. A keychain placeholder describing a set of named key objects along with their start times. A MACsec CKN/CAK will be generated for each key in the key chain. Google router will automatically pick the key with the most recent startTime when establishing or re-establishing a MACsec secure link.",
           "items": {
-            "type": "string"
+            "$ref": "InterconnectMacsecPreSharedKey"
           },
           "type": "array"
         }
       },
       "type": "object"
     },
-    "InstancesGetEffectiveFirewallsResponse": {
-      "id": "InstancesGetEffectiveFirewallsResponse",
+    "InterconnectMacsecConfig": {
+      "description": "MACsec configuration information for the Interconnect connection. Contains the generated Connectivity Association Key Name (CKN) and the key (CAK) for this Interconnect connection.",
+      "id": "InterconnectMacsecConfig",
       "properties": {
-        "firewallPolicys": {
-          "description": "Effective firewalls from firewall policies.",
-          "items": {
-            "$ref": "InstancesGetEffectiveFirewallsResponseEffectiveFirewallPolicy"
-          },
-          "type": "array"
-        },
-        "firewalls": {
-          "description": "Effective firewalls on the instance.",
-          "items": {
-            "$ref": "Firewall"
-          },
-          "type": "array"
-        },
-        "organizationFirewalls": {
-          "description": "Effective firewalls from organization policies.",
+        "preSharedKeys": {
+          "description": "A keychain placeholder describing a set of named key objects along with their start times. A MACsec CKN/CAK is generated for each key in the key chain. Google router automatically picks the key with the most recent startTime when establishing or re-establishing a MACsec secure link.",
           "items": {
-            "$ref": "InstancesGetEffectiveFirewallsResponseOrganizationFirewallPolicy"
+            "$ref": "InterconnectMacsecConfigPreSharedKey"
           },
           "type": "array"
         }
       },
       "type": "object"
     },
-    "InstancesGetEffectiveFirewallsResponseEffectiveFirewallPolicy": {
-      "id": "InstancesGetEffectiveFirewallsResponseEffectiveFirewallPolicy",
+    "InterconnectMacsecConfigPreSharedKey": {
+      "description": "Describes a pre-shared key used to setup MACsec in static connectivity association key (CAK) mode.",
+      "id": "InterconnectMacsecConfigPreSharedKey",
       "properties": {
-        "displayName": {
-          "description": "[Output Only] Deprecated, please use short name instead. The display name of the firewall policy.",
+        "cak": {
+          "description": "An auto-generated Connectivity Association Key (CAK) for this key.",
+          "type": "string"
+        },
+        "ckn": {
+          "description": "An auto-generated Connectivity Association Key Name (CKN) for this key.",
           "type": "string"
         },
         "name": {
-          "description": "[Output Only] The name of the firewall policy.",
+          "description": "User provided name for this pre-shared key.",
           "type": "string"
         },
-        "rules": {
-          "description": "The rules that apply to the network.",
+        "startTime": {
+          "description": "User provided timestamp on or after which this key is valid.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "InterconnectMacsecPreSharedKey": {
+      "description": "Describes a pre-shared key used to setup MACsec in static connectivity association key (CAK) mode.",
+      "id": "InterconnectMacsecPreSharedKey",
+      "properties": {
+        "name": {
+          "description": "Required. A name for this pre-shared key. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "type": "string"
+        },
+        "startTime": {
+          "description": "A RFC3339 timestamp on or after which the key is valid. startTime can be in the future. If the keychain has a single key, startTime can be omitted. If the keychain has multiple keys, startTime is mandatory for each key. The start times of keys must be in increasing order. The start times of two consecutive keys must be at least 6 hours apart.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "InterconnectOutageNotification": {
+      "description": "Description of a planned outage on this Interconnect.",
+      "id": "InterconnectOutageNotification",
+      "properties": {
+        "affectedCircuits": {
+          "description": "If issue_type is IT_PARTIAL_OUTAGE, a list of the Google-side circuit IDs that will be affected.",
           "items": {
-            "$ref": "FirewallPolicyRule"
+            "type": "string"
           },
           "type": "array"
         },
-        "shortName": {
-          "description": "[Output Only] The short name of the firewall policy.",
+        "description": {
+          "description": "A description about the purpose of the outage.",
           "type": "string"
         },
-        "type": {
-          "description": "[Output Only] The type of the firewall policy. Can be one of HIERARCHY, NETWORK, NETWORK_REGIONAL.",
+        "endTime": {
+          "description": "Scheduled end time for the outage (milliseconds since Unix epoch).",
+          "format": "int64",
+          "type": "string"
+        },
+        "issueType": {
+          "description": "Form this outage is expected to take, which can take one of the following values: - OUTAGE: The Interconnect may be completely out of service for some or all of the specified window. - PARTIAL_OUTAGE: Some circuits comprising the Interconnect as a whole should remain up, but with reduced bandwidth. Note that the versions of this enum prefixed with \"IT_\" have been deprecated in favor of the unprefixed values.",
           "enum": [
-            "HIERARCHY",
-            "NETWORK",
-            "NETWORK_REGIONAL",
-            "UNSPECIFIED"
+            "IT_OUTAGE",
+            "IT_PARTIAL_OUTAGE",
+            "OUTAGE",
+            "PARTIAL_OUTAGE"
           ],
           "enumDescriptions": [
-            "",
-            "",
-            "",
-            ""
+            "[Deprecated] The Interconnect may be completely out of service for some or all of the specified window.",
+            "[Deprecated] Some circuits comprising the Interconnect will be out of service during the expected window. The interconnect as a whole should remain up, albeit with reduced bandwidth.",
+            "The Interconnect may be completely out of service for some or all of the specified window.",
+            "Some circuits comprising the Interconnect will be out of service during the expected window. The interconnect as a whole should remain up, albeit with reduced bandwidth."
+          ],
+          "type": "string"
+        },
+        "name": {
+          "description": "Unique identifier for this outage notification.",
+          "type": "string"
+        },
+        "source": {
+          "description": "The party that generated this notification, which can take the following value: - GOOGLE: this notification as generated by Google. Note that the value of NSRC_GOOGLE has been deprecated in favor of GOOGLE.",
+          "enum": [
+            "GOOGLE",
+            "NSRC_GOOGLE"
+          ],
+          "enumDescriptions": [
+            "This notification was generated by Google.",
+            "[Deprecated] This notification was generated by Google."
+          ],
+          "type": "string"
+        },
+        "startTime": {
+          "description": "Scheduled start time for the outage (milliseconds since Unix epoch).",
+          "format": "int64",
+          "type": "string"
+        },
+        "state": {
+          "description": "State of this notification, which can take one of the following values: - ACTIVE: This outage notification is active. The event could be in the past, present, or future. See start_time and end_time for scheduling. - CANCELLED: The outage associated with this notification was cancelled before the outage was due to start. - COMPLETED: The outage associated with this notification is complete. Note that the versions of this enum prefixed with \"NS_\" have been deprecated in favor of the unprefixed values.",
+          "enum": [
+            "ACTIVE",
+            "CANCELLED",
+            "COMPLETED",
+            "NS_ACTIVE",
+            "NS_CANCELED"
+          ],
+          "enumDescriptions": [
+            "This outage notification is active. The event could be in the future, present, or past. See start_time and end_time for scheduling.",
+            "The outage associated with this notification was cancelled before the outage was due to start.",
+            "The outage associated with this notification is complete.",
+            "[Deprecated] This outage notification is active. The event could be in the future, present, or past. See start_time and end_time for scheduling.",
+            "[Deprecated] The outage associated with this notification was canceled before the outage was due to start."
           ],
           "type": "string"
         }
       },
       "type": "object"
     },
-    "InstancesGetEffectiveFirewallsResponseOrganizationFirewallPolicy": {
-      "description": "A pruned SecurityPolicy containing ID and any applicable firewall rules.",
-      "id": "InstancesGetEffectiveFirewallsResponseOrganizationFirewallPolicy",
+    "InterconnectRemoteLocation": {
+      "description": "Represents a Cross-Cloud Interconnect Remote Location resource. You can use this resource to find remote location details about an Interconnect attachment (VLAN).",
+      "id": "InterconnectRemoteLocation",
       "properties": {
+        "address": {
+          "description": "[Output Only] The postal address of the Point of Presence, each line in the address is separated by a newline character.",
+          "type": "string"
+        },
+        "attachmentConfigurationConstraints": {
+          "$ref": "InterconnectAttachmentConfigurationConstraints",
+          "description": "[Output Only] Subset of fields from InterconnectAttachment's |configurationConstraints| field that apply to all attachments for this remote location."
+        },
+        "city": {
+          "description": "[Output Only] Metropolitan area designator that indicates which city an interconnect is located. For example: \"Chicago, IL\", \"Amsterdam, Netherlands\".",
+          "type": "string"
+        },
+        "constraints": {
+          "$ref": "InterconnectRemoteLocationConstraints",
+          "description": "[Output Only] Constraints on the parameters for creating Cross-Cloud Interconnect and associated InterconnectAttachments."
+        },
+        "continent": {
+          "description": "[Output Only] Continent for this location, which can take one of the following values: - AFRICA - ASIA_PAC - EUROPE - NORTH_AMERICA - SOUTH_AMERICA ",
+          "enum": [
+            "AFRICA",
+            "ASIA_PAC",
+            "EUROPE",
+            "NORTH_AMERICA",
+            "SOUTH_AMERICA"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
+        },
+        "description": {
+          "description": "[Output Only] An optional description of the resource.",
+          "type": "string"
+        },
+        "facilityProvider": {
+          "description": "[Output Only] The name of the provider for this facility (e.g., EQUINIX).",
+          "type": "string"
+        },
+        "facilityProviderFacilityId": {
+          "description": "[Output Only] A provider-assigned Identifier for this facility (e.g., Ashburn-DC1).",
+          "type": "string"
+        },
         "id": {
-          "description": "The unique identifier for the security policy. This identifier is defined by the server.",
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
           "format": "uint64",
           "type": "string"
         },
-        "rules": {
-          "description": "The rules that apply to the network.",
+        "kind": {
+          "default": "compute#interconnectRemoteLocation",
+          "description": "[Output Only] Type of the resource. Always compute#interconnectRemoteLocation for interconnect remote locations.",
+          "type": "string"
+        },
+        "lacp": {
+          "description": "[Output Only] Link Aggregation Control Protocol (LACP) constraints, which can take one of the following values: LACP_SUPPORTED, LACP_UNSUPPORTED",
+          "enum": [
+            "LACP_SUPPORTED",
+            "LACP_UNSUPPORTED"
+          ],
+          "enumDescriptions": [
+            "LACP_SUPPORTED: LACP is supported, and enabled by default on the Cross-Cloud Interconnect.",
+            "LACP_UNSUPPORTED: LACP is not supported and is not be enabled on this port. GetDiagnostics shows bundleAggregationType as \"static\". GCP does not support LAGs without LACP, so requestedLinkCount must be 1."
+          ],
+          "type": "string"
+        },
+        "maxLagSize100Gbps": {
+          "description": "[Output Only] The maximum number of 100 Gbps ports supported in a link aggregation group (LAG). When linkType is 100 Gbps, requestedLinkCount cannot exceed max_lag_size_100_gbps.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "maxLagSize10Gbps": {
+          "description": "[Output Only] The maximum number of 10 Gbps ports supported in a link aggregation group (LAG). When linkType is 10 Gbps, requestedLinkCount cannot exceed max_lag_size_10_gbps.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "name": {
+          "description": "[Output Only] Name of the resource.",
+          "type": "string"
+        },
+        "peeringdbFacilityId": {
+          "description": "[Output Only] The peeringdb identifier for this facility (corresponding with a netfac type in peeringdb).",
+          "type": "string"
+        },
+        "permittedConnections": {
+          "description": "[Output Only] Permitted connections.",
           "items": {
-            "$ref": "SecurityPolicyRule"
+            "$ref": "InterconnectRemoteLocationPermittedConnections"
           },
           "type": "array"
+        },
+        "remoteService": {
+          "description": "[Output Only] Indicates the service provider present at the remote location. Example values: \"Amazon Web Services\", \"Microsoft Azure\".",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
+          "type": "string"
+        },
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "type": "string"
+        },
+        "status": {
+          "description": "[Output Only] The status of this InterconnectRemoteLocation, which can take one of the following values: - CLOSED: The InterconnectRemoteLocation is closed and is unavailable for provisioning new Cross-Cloud Interconnects. - AVAILABLE: The InterconnectRemoteLocation is available for provisioning new Cross-Cloud Interconnects. ",
+          "enum": [
+            "AVAILABLE",
+            "CLOSED"
+          ],
+          "enumDescriptions": [
+            "The InterconnectRemoteLocation is available for provisioning new Cross-Cloud Interconnects.",
+            "The InterconnectRemoteLocation is closed for provisioning new Cross-Cloud Interconnects."
+          ],
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "InstancesRemoveResourcePoliciesRequest": {
-      "id": "InstancesRemoveResourcePoliciesRequest",
+    "InterconnectRemoteLocationConstraints": {
+      "id": "InterconnectRemoteLocationConstraints",
       "properties": {
-        "resourcePolicies": {
-          "description": "Resource policies to be removed from this instance.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "portPairRemoteLocation": {
+          "description": "[Output Only] Port pair remote location constraints, which can take one of the following values: PORT_PAIR_UNCONSTRAINED_REMOTE_LOCATION, PORT_PAIR_MATCHING_REMOTE_LOCATION. GCP's API refers only to individual ports, but the UI uses this field when ordering a pair of ports, to prevent users from accidentally ordering something that is incompatible with their cloud provider. Specifically, when ordering a redundant pair of Cross-Cloud Interconnect ports, and one of them uses a remote location with portPairMatchingRemoteLocation set to matching, the UI requires that both ports use the same remote location.",
+          "enum": [
+            "PORT_PAIR_MATCHING_REMOTE_LOCATION",
+            "PORT_PAIR_UNCONSTRAINED_REMOTE_LOCATION"
+          ],
+          "enumDescriptions": [
+            "If PORT_PAIR_MATCHING_REMOTE_LOCATION, the remote cloud provider allocates ports in pairs, and the user should choose the same remote location for both ports.",
+            "If PORT_PAIR_UNCONSTRAINED_REMOTE_LOCATION, a user may opt to provision a redundant pair of Cross-Cloud Interconnects using two different remote locations in the same city."
+          ],
+          "type": "string"
+        },
+        "portPairVlan": {
+          "description": "[Output Only] Port pair VLAN constraints, which can take one of the following values: PORT_PAIR_UNCONSTRAINED_VLAN, PORT_PAIR_MATCHING_VLAN",
+          "enum": [
+            "PORT_PAIR_MATCHING_VLAN",
+            "PORT_PAIR_UNCONSTRAINED_VLAN"
+          ],
+          "enumDescriptions": [
+            "If PORT_PAIR_MATCHING_VLAN, the Interconnect for this attachment is part of a pair of ports that should have matching VLAN allocations. This occurs with Cross-Cloud Interconnect to Azure remote locations. While GCP's API does not explicitly group pairs of ports, the UI uses this field to ensure matching VLAN ids when configuring a redundant VLAN pair.",
+            "PORT_PAIR_UNCONSTRAINED_VLAN means there is no constraint."
+          ],
+          "type": "string"
+        },
+        "subnetLengthRange": {
+          "$ref": "InterconnectRemoteLocationConstraintsSubnetLengthRange",
+          "description": "[Output Only] [min-length, max-length] The minimum and maximum value (inclusive) for the IPv4 subnet length. For example, an interconnectRemoteLocation for Azure has {min: 30, max: 30} because Azure requires /30 subnets. This range specifies the values supported by both cloud providers. Interconnect currently supports /29 and /30 IPv4 subnet lengths. If a remote cloud has no constraint on IPv4 subnet length, the range would thus be {min: 29, max: 30}. "
         }
       },
       "type": "object"
     },
-    "InstancesResumeRequest": {
-      "id": "InstancesResumeRequest",
+    "InterconnectRemoteLocationConstraintsSubnetLengthRange": {
+      "id": "InterconnectRemoteLocationConstraintsSubnetLengthRange",
       "properties": {
-        "disks": {
-          "description": "Array of disks associated with this instance that are protected with a customer-supplied encryption key. In order to resume the instance, the disk url and its corresponding key must be provided. If the disk is not protected with a customer-supplied encryption key it should not be specified.",
-          "items": {
-            "$ref": "CustomerEncryptionKeyProtectedDisk"
-          },
-          "type": "array"
+        "max": {
+          "format": "int32",
+          "type": "integer"
         },
-        "instanceEncryptionKey": {
-          "$ref": "CustomerEncryptionKey",
-          "description": "Decrypts data associated with an instance that is protected with a customer-supplied encryption key. If the instance you are starting is protected with a customer-supplied encryption key, the correct key must be provided otherwise the instance resume will not succeed."
+        "min": {
+          "format": "int32",
+          "type": "integer"
         }
       },
       "type": "object"
     },
-    "InstancesScopedList": {
-      "id": "InstancesScopedList",
+    "InterconnectRemoteLocationList": {
+      "description": "Response to the list request, and contains a list of interconnect remote locations.",
+      "id": "InterconnectRemoteLocationList",
       "properties": {
-        "instances": {
-          "description": "[Output Only] A list of instances contained in this scope.",
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "type": "string"
+        },
+        "items": {
+          "description": "A list of InterconnectRemoteLocation resources.",
           "items": {
-            "$ref": "Instance"
+            "$ref": "InterconnectRemoteLocation"
           },
           "type": "array"
         },
+        "kind": {
+          "default": "compute#interconnectRemoteLocationList",
+          "description": "[Output Only] Type of resource. Always compute#interconnectRemoteLocationList for lists of interconnect remote locations.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token lets you get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
         "warning": {
-          "description": "[Output Only] Informational warning which replaces the list of instances when the list is empty.",
+          "description": "[Output Only] Informational warning message.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -55987,6 +63102,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -56005,6 +63121,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -56016,6 +63162,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -56063,235 +63210,274 @@
       },
       "type": "object"
     },
-    "InstancesSetLabelsRequest": {
-      "id": "InstancesSetLabelsRequest",
+    "InterconnectRemoteLocationPermittedConnections": {
+      "id": "InterconnectRemoteLocationPermittedConnections",
       "properties": {
-        "labelFingerprint": {
-          "description": "Fingerprint of the previous set of labels for this resource, used to prevent conflicts. Provide the latest fingerprint value when making a request to add or change labels.",
-          "format": "byte",
+        "interconnectLocation": {
+          "description": "[Output Only] URL of an Interconnect location that is permitted to connect to this Interconnect remote location.",
           "type": "string"
-        },
-        "labels": {
-          "additionalProperties": {
-            "type": "string"
-          },
-          "type": "object"
         }
       },
       "type": "object"
     },
-    "InstancesSetMachineResourcesRequest": {
-      "id": "InstancesSetMachineResourcesRequest",
+    "InterconnectsGetDiagnosticsResponse": {
+      "description": "Response for the InterconnectsGetDiagnosticsRequest.",
+      "id": "InterconnectsGetDiagnosticsResponse",
       "properties": {
-        "guestAccelerators": {
-          "description": "A list of the type and count of accelerator cards attached to the instance.",
-          "items": {
-            "$ref": "AcceleratorConfig"
-          },
-          "type": "array"
+        "result": {
+          "$ref": "InterconnectDiagnostics"
         }
       },
       "type": "object"
     },
-    "InstancesSetMachineTypeRequest": {
-      "id": "InstancesSetMachineTypeRequest",
+    "InterconnectsGetMacsecConfigResponse": {
+      "description": "Response for the InterconnectsGetMacsecConfigRequest.",
+      "id": "InterconnectsGetMacsecConfigResponse",
       "properties": {
-        "machineType": {
-          "description": "Full or partial URL of the machine type resource. See Machine Types for a full list of machine types. For example: zones/us-central1-f/machineTypes/n1-standard-1",
+        "etag": {
+          "description": "end_interface: MixerGetResponseWithEtagBuilder",
           "type": "string"
+        },
+        "result": {
+          "$ref": "InterconnectMacsecConfig"
         }
       },
       "type": "object"
     },
-    "InstancesSetMinCpuPlatformRequest": {
-      "id": "InstancesSetMinCpuPlatformRequest",
+    "InternalIpAddress": {
+      "id": "InternalIpAddress",
       "properties": {
-        "minCpuPlatform": {
-          "description": "Minimum cpu/platform this instance should be started at.",
+        "cidr": {
+          "description": "IP CIDR address or range.",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "InstancesSetNameRequest": {
-      "id": "InstancesSetNameRequest",
-      "properties": {
-        "currentName": {
-          "description": "The current name of this resource, used to prevent conflicts. Provide the latest name when making a request to change name.",
+        },
+        "owner": {
+          "description": "The owner of the internal IP address.",
           "type": "string"
         },
-        "name": {
-          "description": "The name to be applied to the instance. Needs to be RFC 1035 compliant.",
+        "purpose": {
+          "description": "The purpose of the internal IP address if applicable.",
+          "type": "string"
+        },
+        "region": {
+          "description": "The region of the internal IP address if applicable.",
+          "type": "string"
+        },
+        "type": {
+          "description": "The type of the internal IP address.",
+          "enum": [
+            "PEER_RESERVED",
+            "PEER_USED",
+            "REMOTE_RESERVED",
+            "REMOTE_USED",
+            "RESERVED",
+            "SUBNETWORK",
+            "TYPE_UNSPECIFIED"
+          ],
+          "enumDescriptions": [
+            "Reserved IP ranges on peer networks.",
+            "Used IP ranges on peer networks, including peer subnetwork IP ranges.",
+            "Reserved IP ranges on peer networks of peer networks.",
+            "Used IP ranges on peer networks of peer networks.",
+            "Reserved IP ranges on local network.",
+            "Subnetwork IP ranges on local network.",
+            ""
+          ],
           "type": "string"
         }
       },
       "type": "object"
     },
-    "InstancesSetServiceAccountRequest": {
-      "id": "InstancesSetServiceAccountRequest",
+    "InternalIpOwner": {
+      "id": "InternalIpOwner",
       "properties": {
-        "email": {
-          "description": "Email address of the service account.",
+        "ipCidrRange": {
+          "description": "IP CIDR range being owned.",
           "type": "string"
         },
-        "scopes": {
-          "description": "The list of scopes to be made available for this service account.",
+        "owners": {
+          "description": "URLs of the IP owners of the IP CIDR range.",
           "items": {
             "type": "string"
           },
           "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "InstancesStartWithEncryptionKeyRequest": {
-      "id": "InstancesStartWithEncryptionKeyRequest",
-      "properties": {
-        "disks": {
-          "description": "Array of disks associated with this instance that are protected with a customer-supplied encryption key. In order to start the instance, the disk url and its corresponding key must be provided. If the disk is not protected with a customer-supplied encryption key it should not be specified.",
-          "items": {
-            "$ref": "CustomerEncryptionKeyProtectedDisk"
-          },
-          "type": "array"
         },
-        "instanceEncryptionKey": {
-          "$ref": "CustomerEncryptionKey",
-          "description": "Decrypts data associated with an instance that is protected with a customer-supplied encryption key. If the instance you are starting is protected with a customer-supplied encryption key, the correct key must be provided otherwise the instance start will not succeed."
+        "systemOwned": {
+          "description": "Whether this IP CIDR range is reserved for system use.",
+          "type": "boolean"
         }
       },
       "type": "object"
     },
-    "InstantSnapshot": {
-      "description": "Represents a InstantSnapshot resource. You can use instant snapshots to create disk rollback points quickly..",
-      "id": "InstantSnapshot",
+    "IpAddressesList": {
+      "id": "IpAddressesList",
       "properties": {
-        "architecture": {
-          "description": "[Output Only] The architecture of the instant snapshot. Valid values are ARM64 or X86_64.",
-          "enum": [
-            "ARCHITECTURE_UNSPECIFIED",
-            "ARM64",
-            "X86_64"
-          ],
-          "enumDescriptions": [
-            "Default value indicating Architecture is not set.",
-            "Machines with architecture ARM64",
-            "Machines with architecture X86_64"
-          ],
-          "type": "string"
-        },
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
-          "type": "string"
-        },
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
-          "type": "string"
-        },
-        "diskSizeGb": {
-          "description": "[Output Only] Size of the source disk, specified in GB.",
-          "format": "int64",
-          "type": "string"
-        },
-        "guestFlush": {
-          "description": "Whether to attempt an application consistent instant snapshot by informing the OS to prepare for the snapshot process.",
-          "type": "boolean"
-        },
         "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "kind": {
-          "default": "compute#instantSnapshot",
-          "description": "[Output Only] Type of the resource. Always compute#instantSnapshot for InstantSnapshot resources.",
-          "type": "string"
-        },
-        "labelFingerprint": {
-          "description": "A fingerprint for the labels being applied to this InstantSnapshot, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a InstantSnapshot.",
-          "format": "byte",
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
-        "labels": {
-          "additionalProperties": {
-            "type": "string"
+        "items": {
+          "description": "A list of InternalIpAddress resources.",
+          "items": {
+            "$ref": "InternalIpAddress"
           },
-          "description": "Labels to apply to this InstantSnapshot. These can be later modified by the setLabels method. Label values may be empty.",
-          "type": "object"
+          "type": "array"
         },
-        "name": {
-          "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+        "kind": {
+          "default": "compute#ipAddressesList",
+          "description": "[Output Only] Type of resource. Always compute#ipAddressesList for IP addresses lists.",
           "type": "string"
         },
-        "region": {
-          "description": "[Output Only] URL of the region where the instant snapshot resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
           "type": "string"
         },
-        "resourceStatus": {
-          "$ref": "InstantSnapshotResourceStatus",
-          "description": "[Output Only] Status information for the instant snapshot resource."
-        },
-        "satisfiesPzs": {
-          "description": "[Output Only] Reserved for future use.",
-          "type": "boolean"
-        },
         "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
-          "type": "string"
-        },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource's resource id.",
-          "type": "string"
-        },
-        "sourceDisk": {
-          "description": "URL of the source disk used to create this instant snapshot. Note that the source disk must be in the same zone/region as the instant snapshot to be created. This can be a full or valid partial URL. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - https://www.googleapis.com/compute/v1/projects/project/regions/region /disks/disk - projects/project/zones/zone/disks/disk - projects/project/regions/region/disks/disk - zones/zone/disks/disk - regions/region/disks/disk ",
-          "type": "string"
-        },
-        "sourceDiskId": {
-          "description": "[Output Only] The ID value of the disk used to create this InstantSnapshot. This value may be used to determine whether the InstantSnapshot was taken from the current or a previous instance of a given disk name.",
-          "type": "string"
-        },
-        "status": {
-          "description": "[Output Only] The status of the instantSnapshot. This can be CREATING, DELETING, FAILED, or READY.",
-          "enum": [
-            "CREATING",
-            "DELETING",
-            "FAILED",
-            "READY"
-          ],
-          "enumDescriptions": [
-            "InstantSnapshot creation is in progress.",
-            "InstantSnapshot is currently being deleted.",
-            "InstantSnapshot creation failed.",
-            "InstantSnapshot has been created successfully."
-          ],
+          "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
-        "zone": {
-          "description": "[Output Only] URL of the zone where the instant snapshot resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
-          "type": "string"
+        "warning": {
+          "description": "[Output Only] Informational warning message.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
         }
       },
       "type": "object"
     },
-    "InstantSnapshotAggregatedList": {
-      "id": "InstantSnapshotAggregatedList",
+    "IpOwnerList": {
+      "description": "Contains a list of IP owners.",
+      "id": "IpOwnerList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "additionalProperties": {
-            "$ref": "InstantSnapshotsScopedList",
-            "description": "[Output Only] Name of the scope containing this set of instantSnapshots."
+          "description": "A list of InternalIpOwner resources.",
+          "items": {
+            "$ref": "InternalIpOwner"
           },
-          "description": "A list of InstantSnapshotsScopedList resources.",
-          "type": "object"
+          "type": "array"
         },
         "kind": {
-          "default": "compute#instantSnapshotAggregatedList",
-          "description": "[Output Only] Type of resource. Always compute#instantSnapshotAggregatedList for aggregated lists of instantSnapshots.",
+          "default": "compute#ipOwnerList",
+          "description": "[Output Only] Type of resource. Always compute#ipOwnerList for lists of IP owners.",
           "type": "string"
         },
         "nextPageToken": {
@@ -56302,13 +63488,6 @@
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
-        "unreachables": {
-          "description": "[Output Only] Unreachable resources.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -56325,6 +63504,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -56343,6 +63523,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -56354,6 +63564,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -56401,195 +63612,258 @@
       },
       "type": "object"
     },
-    "InstantSnapshotExportParams": {
-      "id": "InstantSnapshotExportParams",
+    "Jwt": {
+      "description": "[Deprecated] JWT configuration for origin authentication. JWT configuration for origin authentication.",
+      "id": "Jwt",
       "properties": {
-        "baseInstantSnapshot": {
-          "description": "An optional base instant snapshot that this resource is compared against. If not specified, all blocks of this resource are exported. The base instant snapshot and this resource must be created from the same disk. The base instant snapshot must be created earlier in time than this resource.",
+        "audiences": {
+          "description": "A JWT containing any of these audiences will be accepted. The service name will be accepted if audiences is empty. Examples: bookstore_android.apps.googleusercontent.com, bookstore_web.apps.googleusercontent.com",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "issuer": {
+          "description": "Identifies the issuer that issued the JWT, which is usually a URL or an email address. Examples: https://securetoken.google.com, 1234567-compute@developer.gserviceaccount.com",
           "type": "string"
         },
-        "bucketName": {
-          "description": "The name of an existing bucket in Cloud Storage where the changed blocks will be stored. The Google Service Account must have read and write access to this bucket. The bucket has to be in the same region as this resource.",
+        "jwksPublicKeys": {
+          "description": "The provider's public key set to validate the signature of the JWT.",
+          "type": "string"
+        },
+        "jwtHeaders": {
+          "description": "jwt_headers and jwt_params define where to extract the JWT from an HTTP request. If no explicit location is specified, the following default locations are tried in order: 1. The Authorization header using the Bearer schema. See `here `_. Example: Authorization: Bearer . 2. `access_token` query parameter. See `this `_ Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations its issuer specified or from the default locations. This field is set if JWT is sent in a request header. This field specifies the header name. For example, if `header=x-goog-iap-jwt-assertion`, the header format will be x-goog-iap-jwt-assertion: .",
+          "items": {
+            "$ref": "JwtHeader"
+          },
+          "type": "array"
+        },
+        "jwtParams": {
+          "description": "This field is set if JWT is sent in a query parameter. This field specifies the query parameter name. For example, if jwt_params[0] is jwt_token, the JWT format in the query parameter is /path?jwt_token=.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "JwtHeader": {
+      "description": "[Deprecated] This message specifies a header location to extract JWT token. This message specifies a header location to extract JWT token.",
+      "id": "JwtHeader",
+      "properties": {
+        "name": {
+          "description": "The HTTP header name.",
+          "type": "string"
+        },
+        "valuePrefix": {
+          "description": "The value prefix. The value format is \"value_prefix\" For example, for \"Authorization: Bearer \", value_prefix=\"Bearer \" with a space at the end.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "License": {
+      "description": "Represents a License resource. A License represents billing and aggregate usage data for public and marketplace images. *Caution* This resource is intended for use only by third-party partners who are creating Cloud Marketplace images. ",
+      "id": "License",
+      "properties": {
+        "chargesUseFee": {
+          "description": "[Output Only] Deprecated. This field no longer reflects whether a license charges a usage fee.",
+          "type": "boolean"
+        },
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
+        },
+        "description": {
+          "description": "An optional textual description of the resource; provided by the client when the resource is created.",
+          "type": "string"
+        },
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "kind": {
+          "default": "compute#license",
+          "description": "[Output Only] Type of resource. Always compute#license for licenses.",
+          "type": "string"
+        },
+        "licenseCode": {
+          "description": "[Output Only] The unique code used to attach this license to images, snapshots, and disks.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "name": {
+          "annotations": {
+            "required": [
+              "compute.images.insert"
+            ]
+          },
+          "description": "Name of the resource. The name must be 1-63 characters long and comply with RFC1035.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "resourceRequirements": {
+          "$ref": "LicenseResourceRequirements"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
+          "type": "string"
+        },
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "type": "string"
+        },
+        "transferable": {
+          "description": "If false, licenses will not be copied from the source resource when creating an image from a disk, disk from snapshot, or snapshot from disk.",
+          "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
+    "LicenseCode": {
+      "description": "Represents a License Code resource. A License Code is a unique identifier used to represent a license resource. *Caution* This resource is intended for use only by third-party partners who are creating Cloud Marketplace images. ",
+      "id": "LicenseCode",
+      "properties": {
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
+        },
+        "description": {
+          "description": "[Output Only] Description of this License Code.",
+          "type": "string"
+        },
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "kind": {
+          "default": "compute#licenseCode",
+          "description": "[Output Only] Type of resource. Always compute#licenseCode for licenses.",
+          "type": "string"
+        },
+        "licenseAlias": {
+          "description": "[Output Only] URL and description aliases of Licenses with the same License Code.",
+          "items": {
+            "$ref": "LicenseCodeLicenseAlias"
+          },
+          "type": "array"
+        },
+        "name": {
+          "annotations": {
+            "required": [
+              "compute.licenses.insert"
+            ]
+          },
+          "description": "[Output Only] Name of the resource. The name is 1-20 characters long and must be a valid 64 bit integer.",
+          "pattern": "[0-9]{0,20}?",
           "type": "string"
         },
-        "encryptionKey": {
-          "$ref": "CustomerEncryptionKey",
-          "description": "Encryption key used to encrypt the instant snapshot."
-        },
-        "objectName": {
-          "description": "Name of the output Bigstore object storing the changed blocks. Object name must be less than 1024 bytes in length.",
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
           "type": "string"
         },
-        "outputType": {
-          "description": "The format of the output file.",
+        "state": {
+          "description": "[Output Only] Current state of this License Code.",
           "enum": [
-            "INVALID",
-            "METADATA_AND_DATA",
-            "METADATA_ONLY"
+            "DISABLED",
+            "ENABLED",
+            "RESTRICTED",
+            "STATE_UNSPECIFIED",
+            "TERMINATED"
           ],
           "enumDescriptions": [
+            "Machines are not allowed to attach boot disks with this License Code. Requests to create new resources with this license will be rejected.",
+            "Use is allowed for anyone with USE_READ_ONLY access to this License Code.",
+            "Use of this license is limited to a project whitelist.",
             "",
-            "",
-            ""
+            "Reserved state."
           ],
           "type": "string"
+        },
+        "transferable": {
+          "description": "[Output Only] If true, the license will remain attached when creating images or snapshots from disks. Otherwise, the license is not transferred.",
+          "type": "boolean"
         }
       },
       "type": "object"
     },
-    "InstantSnapshotList": {
-      "description": "Contains a list of InstantSnapshot resources.",
-      "id": "InstantSnapshotList",
+    "LicenseCodeLicenseAlias": {
+      "id": "LicenseCodeLicenseAlias",
       "properties": {
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
-          "type": "string"
-        },
-        "items": {
-          "description": "A list of InstantSnapshot resources.",
-          "items": {
-            "$ref": "InstantSnapshot"
-          },
-          "type": "array"
-        },
-        "kind": {
-          "default": "compute#instantSnapshotList",
-          "description": "Type of resource.",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+        "description": {
+          "description": "[Output Only] Description of this License Code.",
           "type": "string"
         },
         "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
+          "description": "[Output Only] URL of license corresponding to this License Code.",
           "type": "string"
-        },
-        "warning": {
-          "description": "[Output Only] Informational warning message.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
-              ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
         }
       },
       "type": "object"
     },
-    "InstantSnapshotResourceStatus": {
-      "id": "InstantSnapshotResourceStatus",
+    "LicenseResourceCommitment": {
+      "description": "Commitment for a particular license resource.",
+      "id": "LicenseResourceCommitment",
       "properties": {
-        "storageSizeBytes": {
-          "description": "[Output Only] The storage size of this instant snapshot.",
+        "amount": {
+          "description": "The number of licenses purchased.",
           "format": "int64",
           "type": "string"
+        },
+        "coresPerLicense": {
+          "description": "Specifies the core range of the instance for which this license applies.",
+          "type": "string"
+        },
+        "license": {
+          "description": "Any applicable license URI.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "InstantSnapshotsExportRequest": {
-      "id": "InstantSnapshotsExportRequest",
+    "LicenseResourceRequirements": {
+      "id": "LicenseResourceRequirements",
       "properties": {
-        "exportParams": {
-          "$ref": "InstantSnapshotExportParams",
-          "description": "Parameters to export the changed blocks."
+        "minGuestCpuCount": {
+          "description": "Minimum number of guest cpus required to use the Instance. Enforced at Instance creation and Instance start.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "minMemoryMb": {
+          "description": "Minimum memory required to use the Instance. Enforced at Instance creation and Instance start.",
+          "format": "int32",
+          "type": "integer"
         }
       },
       "type": "object"
     },
-    "InstantSnapshotsScopedList": {
-      "id": "InstantSnapshotsScopedList",
+    "LicensesListResponse": {
+      "id": "LicensesListResponse",
       "properties": {
-        "instantSnapshots": {
-          "description": "[Output Only] A list of instantSnapshots contained in this scope.",
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "type": "string"
+        },
+        "items": {
+          "description": "A list of License resources.",
           "items": {
-            "$ref": "InstantSnapshot"
+            "$ref": "License"
           },
           "type": "array"
         },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
         "warning": {
-          "description": "[Output Only] Informational warning which replaces the list of instantSnapshots when the list is empty.",
+          "description": "[Output Only] Informational warning message.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -56604,6 +63878,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -56622,6 +63897,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -56633,6 +63938,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -56680,503 +63986,341 @@
       },
       "type": "object"
     },
-    "Int64RangeMatch": {
-      "description": "HttpRouteRuleMatch criteria for field values that must stay within the specified integer range.",
-      "id": "Int64RangeMatch",
+    "LocalDisk": {
+      "id": "LocalDisk",
       "properties": {
-        "rangeEnd": {
-          "description": "The end of the range (exclusive) in signed long integer format.",
-          "format": "int64",
-          "type": "string"
+        "diskCount": {
+          "description": "Specifies the number of such disks.",
+          "format": "int32",
+          "type": "integer"
         },
-        "rangeStart": {
-          "description": "The start of the range (inclusive) in signed long integer format.",
-          "format": "int64",
+        "diskSizeGb": {
+          "description": "Specifies the size of the disk in base-2 GB.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "diskType": {
+          "description": "Specifies the desired disk type on the node. This disk type must be a local storage type (e.g.: local-ssd). Note that for nodeTemplates, this should be the name of the disk type and not its URL.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "Interconnect": {
-      "description": "Represents an Interconnect resource. An Interconnect resource is a dedicated connection between the GCP network and your on-premises network. For more information, read the Dedicated Interconnect Overview.",
-      "id": "Interconnect",
+    "LocalizedMessage": {
+      "description": "Provides a localized error message that is safe to return to the user which can be attached to an RPC error.",
+      "id": "LocalizedMessage",
       "properties": {
-        "adminEnabled": {
-          "description": "Administrative status of the interconnect. When this is set to true, the Interconnect is functional and can carry traffic. When set to false, no packets can be carried over the interconnect and no BGP routes are exchanged over it. By default, the status is set to true.",
-          "type": "boolean"
-        },
-        "circuitInfos": {
-          "description": "[Output Only] A list of CircuitInfo objects, that describe the individual circuits in this LAG.",
-          "items": {
-            "$ref": "InterconnectCircuitInfo"
-          },
-          "type": "array"
-        },
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
-          "type": "string"
-        },
-        "customerName": {
-          "description": "Customer name, to put in the Letter of Authorization as the party authorized to request a crossconnect.",
-          "type": "string"
-        },
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
-          "type": "string"
-        },
-        "expectedOutages": {
-          "description": "[Output Only] A list of outages expected for this Interconnect.",
-          "items": {
-            "$ref": "InterconnectOutageNotification"
-          },
-          "type": "array"
-        },
-        "googleIpAddress": {
-          "description": "[Output Only] IP address configured on the Google side of the Interconnect link. This can be used only for ping tests.",
-          "type": "string"
-        },
-        "googleReferenceId": {
-          "description": "[Output Only] Google reference ID to be used when raising support tickets with Google or otherwise to debug backend connectivity issues.",
-          "type": "string"
-        },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "interconnectAttachments": {
-          "description": "[Output Only] A list of the URLs of all InterconnectAttachments configured to use this Interconnect.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "interconnectType": {
-          "description": "Type of interconnect, which can take one of the following values: - PARTNER: A partner-managed interconnection shared between customers though a partner. - DEDICATED: A dedicated physical interconnection with the customer. Note that a value IT_PRIVATE has been deprecated in favor of DEDICATED.",
-          "enum": [
-            "DEDICATED",
-            "IT_PRIVATE",
-            "PARTNER"
-          ],
-          "enumDescriptions": [
-            "A dedicated physical interconnection with the customer.",
-            "[Deprecated] A private, physical interconnection with the customer.",
-            "A partner-managed interconnection shared between customers via partner."
-          ],
-          "type": "string"
-        },
-        "kind": {
-          "default": "compute#interconnect",
-          "description": "[Output Only] Type of the resource. Always compute#interconnect for interconnects.",
+        "locale": {
+          "description": "The locale used following the specification defined at https://www.rfc-editor.org/rfc/bcp/bcp47.txt. Examples are: \"en-US\", \"fr-CH\", \"es-MX\"",
           "type": "string"
         },
-        "labelFingerprint": {
-          "description": "A fingerprint for the labels being applied to this Interconnect, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve an Interconnect.",
-          "format": "byte",
+        "message": {
+          "description": "The localized error message in the above locale.",
           "type": "string"
-        },
-        "labels": {
+        }
+      },
+      "type": "object"
+    },
+    "LocationPolicy": {
+      "description": "Configuration for location policy among multiple possible locations (e.g. preferences for zone selection among zones in a single region).",
+      "id": "LocationPolicy",
+      "properties": {
+        "locations": {
           "additionalProperties": {
-            "type": "string"
+            "$ref": "LocationPolicyLocation"
           },
-          "description": "Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.",
+          "description": "Location configurations mapped by location name. Currently only zone names are supported and must be represented as valid internal URLs, such as zones/us-central1-a.",
           "type": "object"
         },
-        "linkType": {
-          "description": "Type of link requested, which can take one of the following values: - LINK_TYPE_ETHERNET_10G_LR: A 10G Ethernet with LR optics - LINK_TYPE_ETHERNET_100G_LR: A 100G Ethernet with LR optics. Note that this field indicates the speed of each of the links in the bundle, not the speed of the entire bundle.",
-          "enum": [
-            "LINK_TYPE_ETHERNET_100G_LR",
-            "LINK_TYPE_ETHERNET_10G_LR"
-          ],
-          "enumDescriptions": [
-            "100G Ethernet, LR Optics.",
-            "10G Ethernet, LR Optics. [(rate_bps) = 10000000000];"
-          ],
-          "type": "string"
-        },
-        "location": {
-          "description": "URL of the InterconnectLocation object that represents where this connection is to be provisioned.",
-          "type": "string"
-        },
-        "macsec": {
-          "$ref": "InterconnectMacsec",
-          "description": "Configuration to enable Media Access Control security (MACsec) on the Interconnect between Google and your on-premises router."
-        },
-        "macsecEnabled": {
-          "description": "Enable or disable MACsec on this Interconnect. MACsec enablement will fail if the macsec object is not specified.",
-          "type": "boolean"
-        },
-        "name": {
-          "annotations": {
-            "required": [
-              "compute.interconnects.insert"
-            ]
-          },
-          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "nocContactEmail": {
-          "description": "Email address to contact the customer NOC for operations and maintenance notifications regarding this Interconnect. If specified, this will be used for notifications in addition to all other forms described, such as Cloud Monitoring logs alerting and Cloud Notifications. This field is required for users who sign up for Cloud Interconnect using workforce identity federation.",
-          "type": "string"
-        },
-        "operationalStatus": {
-          "description": "[Output Only] The current status of this Interconnect's functionality, which can take one of the following values: - OS_ACTIVE: A valid Interconnect, which is turned up and is ready to use. Attachments may be provisioned on this Interconnect. - OS_UNPROVISIONED: An Interconnect that has not completed turnup. No attachments may be provisioned on this Interconnect. - OS_UNDER_MAINTENANCE: An Interconnect that is undergoing internal maintenance. No attachments may be provisioned or updated on this Interconnect. ",
-          "enum": [
-            "OS_ACTIVE",
-            "OS_UNPROVISIONED"
-          ],
-          "enumDescriptions": [
-            "The interconnect is valid, turned up, and ready to use. Attachments may be provisioned on this interconnect.",
-            "The interconnect has not completed turnup. No attachments may be provisioned on this interconnect."
-          ],
-          "type": "string"
-        },
-        "peerIpAddress": {
-          "description": "[Output Only] IP address configured on the customer side of the Interconnect link. The customer should configure this IP address during turnup when prompted by Google NOC. This can be used only for ping tests.",
-          "type": "string"
-        },
-        "provisionedLinkCount": {
-          "description": "[Output Only] Number of links actually provisioned in this interconnect.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "remoteLocation": {
-          "description": "Indicates that this is a Cross-Cloud Interconnect. This field specifies the location outside of Google's network that the interconnect is connected to.",
-          "type": "string"
-        },
-        "requestedLinkCount": {
-          "description": "Target number of physical links in the link bundle, as requested by the customer.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "satisfiesPzs": {
-          "description": "[Output Only] Set to true if the resource satisfies the zone separation organization policy constraints and false otherwise. Defaults to false if the field is not present.",
-          "type": "boolean"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
-          "type": "string"
-        },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
-          "type": "string"
-        },
-        "state": {
-          "description": "[Output Only] The current state of Interconnect functionality, which can take one of the following values: - ACTIVE: The Interconnect is valid, turned up and ready to use. Attachments may be provisioned on this Interconnect. - UNPROVISIONED: The Interconnect has not completed turnup. No attachments may be provisioned on this Interconnect. - UNDER_MAINTENANCE: The Interconnect is undergoing internal maintenance. No attachments may be provisioned or updated on this Interconnect. ",
+        "targetShape": {
+          "description": "Strategy for distributing VMs across zones in a region.",
           "enum": [
-            "ACTIVE",
-            "UNPROVISIONED"
+            "ANY",
+            "ANY_SINGLE_ZONE",
+            "BALANCED"
           ],
           "enumDescriptions": [
-            "The interconnect is valid, turned up, and ready to use. Attachments may be provisioned on this interconnect.",
-            "The interconnect has not completed turnup. No attachments may be provisioned on this interconnect."
+            "GCE picks zones for creating VM instances to fulfill the requested number of VMs within present resource constraints and to maximize utilization of unused zonal reservations. Recommended for batch workloads that do not require high availability.",
+            "GCE always selects a single zone for all the VMs, optimizing for resource quotas, available reservations and general capacity. Recommended for batch workloads that cannot tollerate distribution over multiple zones. This the default shape in Bulk Insert and Capacity Advisor APIs.",
+            "GCE prioritizes acquisition of resources, scheduling VMs in zones where resources are available while distributing VMs as evenly as possible across allowed zones to minimize the impact of zonal failure. Recommended for highly available serving workloads."
           ],
           "type": "string"
         }
       },
       "type": "object"
     },
-    "InterconnectAttachment": {
-      "description": "Represents an Interconnect Attachment (VLAN) resource. You can use Interconnect attachments (VLANS) to connect your Virtual Private Cloud networks to your on-premises networks through an Interconnect. For more information, read Creating VLAN Attachments.",
-      "id": "InterconnectAttachment",
+    "LocationPolicyLocation": {
+      "id": "LocationPolicyLocation",
       "properties": {
-        "adminEnabled": {
-          "description": "Determines whether this Attachment will carry packets. Not present for PARTNER_PROVIDER.",
-          "type": "boolean"
-        },
-        "bandwidth": {
-          "description": "Provisioned bandwidth capacity for the interconnect attachment. For attachments of type DEDICATED, the user can set the bandwidth. For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, and can take one of the following values: - BPS_50M: 50 Mbit/s - BPS_100M: 100 Mbit/s - BPS_200M: 200 Mbit/s - BPS_300M: 300 Mbit/s - BPS_400M: 400 Mbit/s - BPS_500M: 500 Mbit/s - BPS_1G: 1 Gbit/s - BPS_2G: 2 Gbit/s - BPS_5G: 5 Gbit/s - BPS_10G: 10 Gbit/s - BPS_20G: 20 Gbit/s - BPS_50G: 50 Gbit/s ",
-          "enum": [
-            "BPS_100M",
-            "BPS_10G",
-            "BPS_1G",
-            "BPS_200M",
-            "BPS_20G",
-            "BPS_2G",
-            "BPS_300M",
-            "BPS_400M",
-            "BPS_500M",
-            "BPS_50G",
-            "BPS_50M",
-            "BPS_5G"
-          ],
-          "enumDescriptions": [
-            "100 Mbit/s",
-            "10 Gbit/s",
-            "1 Gbit/s",
-            "200 Mbit/s",
-            "20 Gbit/s",
-            "2 Gbit/s",
-            "300 Mbit/s",
-            "400 Mbit/s",
-            "500 Mbit/s",
-            "50 Gbit/s",
-            "50 Mbit/s",
-            "5 Gbit/s"
-          ],
-          "type": "string"
-        },
-        "candidateIpv6Subnets": {
-          "description": "This field is not available.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "constraints": {
+          "$ref": "LocationPolicyLocationConstraints",
+          "description": "Constraints that the caller requires on the result distribution in this zone."
         },
-        "candidateSubnets": {
-          "description": "Up to 16 candidate prefixes that can be used to restrict the allocation of cloudRouterIpAddress and customerRouterIpAddress for this attachment. All prefixes must be within link-local address space (169.254.0.0/16) and must be /29 or shorter (/28, /27, etc). Google will attempt to select an unused /29 from the supplied candidate prefix(es). The request will fail if all possible /29s are in use on Google's edge. If not supplied, Google will randomly select an unused /29 from all of link-local space.",
+        "names": {
+          "description": "Names of resources to be put in the location. Must contain unique, correct resource names. If used, targetShape must be left unset.",
           "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "cloudRouterIpAddress": {
-          "description": "[Output Only] IPv4 address + prefix length to be configured on Cloud Router Interface for this interconnect attachment.",
-          "type": "string"
-        },
-        "cloudRouterIpv6Address": {
-          "description": "[Output Only] IPv6 address + prefix length to be configured on Cloud Router Interface for this interconnect attachment.",
-          "type": "string"
-        },
-        "cloudRouterIpv6InterfaceId": {
-          "description": "This field is not available.",
-          "type": "string"
-        },
-        "configurationConstraints": {
-          "$ref": "InterconnectAttachmentConfigurationConstraints",
-          "description": "[Output Only] Constraints for this attachment, if any. The attachment does not work if these constraints are not met."
-        },
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
-          "type": "string"
-        },
-        "customerRouterIpAddress": {
-          "description": "[Output Only] IPv4 address + prefix length to be configured on the customer router subinterface for this interconnect attachment.",
-          "type": "string"
-        },
-        "customerRouterIpv6Address": {
-          "description": "[Output Only] IPv6 address + prefix length to be configured on the customer router subinterface for this interconnect attachment.",
-          "type": "string"
-        },
-        "customerRouterIpv6InterfaceId": {
-          "description": "This field is not available.",
-          "type": "string"
-        },
-        "dataplaneVersion": {
-          "description": "[Output Only] Dataplane version for this InterconnectAttachment. This field is only present for Dataplane version 2 and higher. Absence of this field in the API output indicates that the Dataplane is version 1.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "description": {
-          "description": "An optional description of this resource.",
-          "type": "string"
+            "type": "string"
+          },
+          "type": "array"
         },
-        "edgeAvailabilityDomain": {
-          "description": "Desired availability domain for the attachment. Only available for type PARTNER, at creation time, and can take one of the following values: - AVAILABILITY_DOMAIN_ANY - AVAILABILITY_DOMAIN_1 - AVAILABILITY_DOMAIN_2 For improved reliability, customers should configure a pair of attachments, one per availability domain. The selected availability domain will be provided to the Partner via the pairing key, so that the provisioned circuit will lie in the specified domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY.",
+        "preference": {
+          "description": "Preference for a given location. Set to either ALLOW or DENY.",
           "enum": [
-            "AVAILABILITY_DOMAIN_1",
-            "AVAILABILITY_DOMAIN_2",
-            "AVAILABILITY_DOMAIN_ANY"
+            "ALLOW",
+            "DENY",
+            "PREFERENCE_UNSPECIFIED"
           ],
           "enumDescriptions": [
-            "",
-            "",
-            ""
+            "Location is allowed for use.",
+            "Location is prohibited.",
+            "Default value, unused."
           ],
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "LocationPolicyLocationConstraints": {
+      "description": "Per-zone constraints on location policy for this zone.",
+      "id": "LocationPolicyLocationConstraints",
+      "properties": {
+        "maxCount": {
+          "description": "Maximum number of items that are allowed to be placed in this zone. The value must be non-negative.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "LogConfig": {
+      "description": "This is deprecated and has no effect. Do not use.",
+      "id": "LogConfig",
+      "properties": {
+        "cloudAudit": {
+          "$ref": "LogConfigCloudAuditOptions",
+          "description": "This is deprecated and has no effect. Do not use."
         },
-        "encryption": {
-          "description": "Indicates the user-supplied encryption option of this VLAN attachment (interconnectAttachment). Can only be specified at attachment creation for PARTNER or DEDICATED attachments. Possible values are: - NONE - This is the default value, which means that the VLAN attachment carries unencrypted traffic. VMs are able to send traffic to, or receive traffic from, such a VLAN attachment. - IPSEC - The VLAN attachment carries only encrypted traffic that is encrypted by an IPsec device, such as an HA VPN gateway or third-party IPsec VPN. VMs cannot directly send traffic to, or receive traffic from, such a VLAN attachment. To use *HA VPN over Cloud Interconnect*, the VLAN attachment must be created with this option. ",
+        "counter": {
+          "$ref": "LogConfigCounterOptions",
+          "description": "This is deprecated and has no effect. Do not use."
+        },
+        "dataAccess": {
+          "$ref": "LogConfigDataAccessOptions",
+          "description": "This is deprecated and has no effect. Do not use."
+        }
+      },
+      "type": "object"
+    },
+    "LogConfigCloudAuditOptions": {
+      "description": "This is deprecated and has no effect. Do not use.",
+      "id": "LogConfigCloudAuditOptions",
+      "properties": {
+        "authorizationLoggingOptions": {
+          "$ref": "AuthorizationLoggingOptions",
+          "description": "This is deprecated and has no effect. Do not use."
+        },
+        "logName": {
+          "description": "This is deprecated and has no effect. Do not use.",
           "enum": [
-            "IPSEC",
-            "NONE"
+            "ADMIN_ACTIVITY",
+            "DATA_ACCESS",
+            "UNSPECIFIED_LOG_NAME"
           ],
           "enumDescriptions": [
-            "The interconnect attachment will carry only encrypted traffic that is encrypted by an IPsec device such as HA VPN gateway; VMs cannot directly send traffic to or receive traffic from such an interconnect attachment. To use HA VPN over Cloud Interconnect, the interconnect attachment must be created with this option.",
-            "This is the default value, which means the Interconnect Attachment will carry unencrypted traffic. VMs will be able to send traffic to or receive traffic from such interconnect attachment."
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use."
           ],
           "type": "string"
-        },
-        "googleReferenceId": {
-          "description": "[Output Only] Google reference ID, to be used when raising support tickets with Google or otherwise to debug backend connectivity issues. [Deprecated] This field is not used.",
-          "type": "string"
-        },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "interconnect": {
-          "description": "URL of the underlying Interconnect object that this attachment's traffic will traverse through.",
-          "type": "string"
-        },
-        "ipsecInternalAddresses": {
-          "description": "A list of URLs of addresses that have been reserved for the VLAN attachment. Used only for the VLAN attachment that has the encryption option as IPSEC. The addresses must be regional internal IP address ranges. When creating an HA VPN gateway over the VLAN attachment, if the attachment is configured to use a regional internal IP address, then the VPN gateway's IP address is allocated from the IP address range specified here. For example, if the HA VPN gateway's interface 0 is paired to this VLAN attachment, then a regional internal IP address for the VPN gateway interface 0 will be allocated from the IP address specified for this VLAN attachment. If this field is not specified when creating the VLAN attachment, then later on when creating an HA VPN gateway on this VLAN attachment, the HA VPN gateway's IP address is allocated from the regional external IP address pool. Not currently available publicly. ",
+        }
+      },
+      "type": "object"
+    },
+    "LogConfigCounterOptions": {
+      "description": "This is deprecated and has no effect. Do not use.",
+      "id": "LogConfigCounterOptions",
+      "properties": {
+        "customFields": {
+          "description": "This is deprecated and has no effect. Do not use.",
           "items": {
-            "type": "string"
+            "$ref": "LogConfigCounterOptionsCustomField"
           },
           "type": "array"
         },
-        "kind": {
-          "default": "compute#interconnectAttachment",
-          "description": "[Output Only] Type of the resource. Always compute#interconnectAttachment for interconnect attachments.",
+        "field": {
+          "description": "This is deprecated and has no effect. Do not use.",
           "type": "string"
         },
-        "labelFingerprint": {
-          "description": "A fingerprint for the labels being applied to this InterconnectAttachment, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve an InterconnectAttachment.",
-          "format": "byte",
+        "metric": {
+          "description": "This is deprecated and has no effect. Do not use.",
           "type": "string"
-        },
-        "labels": {
-          "additionalProperties": {
-            "type": "string"
-          },
-          "description": "Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.",
-          "type": "object"
-        },
-        "mtu": {
-          "description": "Maximum Transmission Unit (MTU), in bytes, of packets passing through this interconnect attachment. Only 1440 and 1500 are allowed. If not specified, the value will default to 1440.",
-          "format": "int32",
-          "type": "integer"
-        },
+        }
+      },
+      "type": "object"
+    },
+    "LogConfigCounterOptionsCustomField": {
+      "description": "This is deprecated and has no effect. Do not use.",
+      "id": "LogConfigCounterOptionsCustomField",
+      "properties": {
         "name": {
-          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "description": "This is deprecated and has no effect. Do not use.",
           "type": "string"
         },
-        "operationalStatus": {
-          "description": "[Output Only] The current status of whether or not this interconnect attachment is functional, which can take one of the following values: - OS_ACTIVE: The attachment has been turned up and is ready to use. - OS_UNPROVISIONED: The attachment is not ready to use yet, because turnup is not complete. ",
+        "value": {
+          "description": "This is deprecated and has no effect. Do not use.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "LogConfigDataAccessOptions": {
+      "description": "This is deprecated and has no effect. Do not use.",
+      "id": "LogConfigDataAccessOptions",
+      "properties": {
+        "logMode": {
+          "description": "This is deprecated and has no effect. Do not use.",
           "enum": [
-            "OS_ACTIVE",
-            "OS_UNPROVISIONED"
+            "LOG_FAIL_CLOSED",
+            "LOG_MODE_UNSPECIFIED"
           ],
           "enumDescriptions": [
-            "Indicates that attachment has been turned up and is ready to use.",
-            "Indicates that attachment is not ready to use yet, because turnup is not complete."
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use."
           ],
           "type": "string"
-        },
-        "pairingKey": {
-          "description": "[Output only for type PARTNER. Input only for PARTNER_PROVIDER. Not present for DEDICATED]. The opaque identifier of an PARTNER attachment used to initiate provisioning with a selected partner. Of the form \"XXXXX/region/domain\"",
+        }
+      },
+      "type": "object"
+    },
+    "MachineImage": {
+      "description": "Represents a machine image resource. A machine image is a Compute Engine resource that stores all the configuration, metadata, permissions, and data from one or more disks required to create a Virtual machine (VM) instance. For more information, see Machine images.",
+      "id": "MachineImage",
+      "properties": {
+        "creationTimestamp": {
+          "description": "[Output Only] The creation timestamp for this machine image in RFC3339 text format.",
           "type": "string"
         },
-        "partnerAsn": {
-          "description": "Optional BGP ASN for the router supplied by a Layer 3 Partner if they configured BGP on behalf of the customer. Output only for PARTNER type, input only for PARTNER_PROVIDER, not available for DEDICATED.",
-          "format": "int64",
+        "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
           "type": "string"
         },
-        "partnerMetadata": {
-          "$ref": "InterconnectAttachmentPartnerMetadata",
-          "description": "Informational metadata about Partner attachments from Partners to display to customers. Output only for for PARTNER type, mutable for PARTNER_PROVIDER, not available for DEDICATED."
-        },
-        "privateInterconnectInfo": {
-          "$ref": "InterconnectAttachmentPrivateInfo",
-          "description": "[Output Only] Information specific to an InterconnectAttachment. This property is populated if the interconnect that this is attached to is of type DEDICATED."
+        "guestFlush": {
+          "description": "[Input Only] Whether to attempt an application consistent machine image by informing the OS to prepare for the snapshot process.",
+          "type": "boolean"
         },
-        "region": {
-          "description": "[Output Only] URL of the region where the regional interconnect attachment resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
+        "id": {
+          "description": "[Output Only] A unique identifier for this machine image. The server defines this identifier.",
+          "format": "uint64",
           "type": "string"
         },
-        "remoteService": {
-          "description": "[Output Only] If the attachment is on a Cross-Cloud Interconnect connection, this field contains the interconnect's remote location service provider. Example values: \"Amazon Web Services\" \"Microsoft Azure\". The field is set only for attachments on Cross-Cloud Interconnect connections. Its value is copied from the InterconnectRemoteLocation remoteService field.",
+        "instanceProperties": {
+          "$ref": "InstanceProperties",
+          "description": "[Output Only] Properties of source instance"
+        },
+        "kind": {
+          "default": "compute#machineImage",
+          "description": "[Output Only] The resource type, which is always compute#machineImage for machine image.",
           "type": "string"
         },
-        "router": {
-          "description": "URL of the Cloud Router to be used for dynamic routing. This router must be in the same region as this InterconnectAttachment. The InterconnectAttachment will automatically connect the Interconnect to the network \u0026 region within which the Cloud Router is configured.",
+        "machineImageEncryptionKey": {
+          "$ref": "CustomerEncryptionKey",
+          "description": "Encrypts the machine image using a customer-supplied encryption key. After you encrypt a machine image using a customer-supplied key, you must provide the same key if you use the machine image later. For example, you must provide the encryption key when you create an instance from the encrypted machine image in a future request. Customer-supplied encryption keys do not protect access to metadata of the machine image. If you do not provide an encryption key when creating the machine image, then the machine image will be encrypted using an automatically generated key and you do not need to provide a key to use the machine image later."
+        },
+        "name": {
+          "annotations": {
+            "required": [
+              "compute.machineImages.insert"
+            ]
+          },
+          "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
         },
         "satisfiesPzs": {
-          "description": "[Output Only] Set to true if the resource satisfies the zone separation organization policy constraints and false otherwise. Defaults to false if the field is not present.",
+          "description": "[Output Only] Reserved for future use.",
           "type": "boolean"
         },
+        "savedDisks": {
+          "description": "An array of Machine Image specific properties for disks attached to the source instance",
+          "items": {
+            "$ref": "SavedDisk"
+          },
+          "type": "array"
+        },
         "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
+          "description": "[Output Only] The URL for this machine image. The server defines this URL.",
           "type": "string"
         },
         "selfLinkWithId": {
           "description": "[Output Only] Server-defined URL for this resource with the resource id.",
           "type": "string"
         },
-        "stackType": {
-          "description": "The stack type for this interconnect attachment to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used. This field can be both set at interconnect attachments creation and update interconnect attachment operations.",
-          "enum": [
-            "IPV4_IPV6",
-            "IPV4_ONLY"
-          ],
-          "enumDescriptions": [
-            "The interconnect attachment can have both IPv4 and IPv6 addresses.",
-            "The interconnect attachment will only be assigned IPv4 addresses."
-          ],
+        "sourceDiskEncryptionKeys": {
+          "description": "[Input Only] The customer-supplied encryption key of the disks attached to the source instance. Required if the source disk is protected by a customer-supplied encryption key.",
+          "items": {
+            "$ref": "SourceDiskEncryptionKey"
+          },
+          "type": "array"
+        },
+        "sourceInstance": {
+          "description": "The source instance used to create the machine image. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /instances/instance - projects/project/zones/zone/instances/instance ",
           "type": "string"
         },
-        "state": {
-          "description": "[Output Only] The current state of this attachment's functionality. Enum values ACTIVE and UNPROVISIONED are shared by DEDICATED/PRIVATE, PARTNER, and PARTNER_PROVIDER interconnect attachments, while enum values PENDING_PARTNER, PARTNER_REQUEST_RECEIVED, and PENDING_CUSTOMER are used for only PARTNER and PARTNER_PROVIDER interconnect attachments. This state can take one of the following values: - ACTIVE: The attachment has been turned up and is ready to use. - UNPROVISIONED: The attachment is not ready to use yet, because turnup is not complete. - PENDING_PARTNER: A newly-created PARTNER attachment that has not yet been configured on the Partner side. - PARTNER_REQUEST_RECEIVED: A PARTNER attachment is in the process of provisioning after a PARTNER_PROVIDER attachment was created that references it. - PENDING_CUSTOMER: A PARTNER or PARTNER_PROVIDER attachment that is waiting for a customer to activate it. - DEFUNCT: The attachment was deleted externally and is no longer functional. This could be because the associated Interconnect was removed, or because the other side of a Partner attachment was deleted. ",
+        "sourceInstanceProperties": {
+          "$ref": "SourceInstanceProperties",
+          "description": "[Output Only] DEPRECATED: Please use instance_properties instead for source instance related properties. New properties will not be added to this field."
+        },
+        "status": {
+          "description": "[Output Only] The status of the machine image. One of the following values: INVALID, CREATING, READY, DELETING, and UPLOADING.",
           "enum": [
-            "ACTIVE",
-            "DEFUNCT",
-            "PARTNER_REQUEST_RECEIVED",
-            "PENDING_CUSTOMER",
-            "PENDING_PARTNER",
-            "STATE_UNSPECIFIED",
-            "UNPROVISIONED"
+            "CREATING",
+            "DELETING",
+            "INVALID",
+            "READY",
+            "UPLOADING"
           ],
           "enumDescriptions": [
-            "Indicates that attachment has been turned up and is ready to use.",
-            "The attachment was deleted externally and is no longer functional. This could be because the associated Interconnect was wiped out, or because the other side of a Partner attachment was deleted.",
-            "A PARTNER attachment is in the process of provisioning after a PARTNER_PROVIDER attachment was created that references it.",
-            "PARTNER or PARTNER_PROVIDER attachment that is waiting for the customer to activate.",
-            "A newly created PARTNER attachment that has not yet been configured on the Partner side.",
             "",
-            "Indicates that attachment is not ready to use yet, because turnup is not complete."
+            "",
+            "",
+            "",
+            ""
           ],
           "type": "string"
         },
-        "subnetLength": {
-          "description": "Length of the IPv4 subnet mask. Allowed values: - 29 (default) - 30 The default value is 29, except for Cross-Cloud Interconnect connections that use an InterconnectRemoteLocation with a constraints.subnetLengthRange.min equal to 30. For example, connections that use an Azure remote location fall into this category. In these cases, the default value is 30, and requesting 29 returns an error. Where both 29 and 30 are allowed, 29 is preferred, because it gives Google Cloud Support more debugging visibility. ",
-          "format": "int32",
-          "type": "integer"
+        "storageLocations": {
+          "description": "The regional or multi-regional Cloud Storage bucket location where the machine image is stored.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         },
-        "type": {
-          "description": "The type of interconnect attachment this is, which can take one of the following values: - DEDICATED: an attachment to a Dedicated Interconnect. - PARTNER: an attachment to a Partner Interconnect, created by the customer. - PARTNER_PROVIDER: an attachment to a Partner Interconnect, created by the partner. ",
-          "enum": [
-            "DEDICATED",
-            "PARTNER",
-            "PARTNER_PROVIDER"
-          ],
-          "enumDescriptions": [
-            "Attachment to a dedicated interconnect.",
-            "Attachment to a partner interconnect, created by the customer.",
-            "Attachment to a partner interconnect, created by the partner."
-          ],
+        "totalStorageBytes": {
+          "description": "[Output Only] Total size of the storage used by the machine image.",
+          "format": "int64",
           "type": "string"
-        },
-        "vlanTag8021q": {
-          "description": "The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4093. Only specified at creation time.",
-          "format": "int32",
-          "type": "integer"
         }
       },
       "type": "object"
     },
-    "InterconnectAttachmentAggregatedList": {
-      "id": "InterconnectAttachmentAggregatedList",
+    "MachineImageList": {
+      "description": "A list of machine images.",
+      "id": "MachineImageList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "additionalProperties": {
-            "$ref": "InterconnectAttachmentsScopedList",
-            "description": "Name of the scope containing this set of interconnect attachments."
+          "description": "A list of MachineImage resources.",
+          "items": {
+            "$ref": "MachineImage"
           },
-          "description": "A list of InterconnectAttachmentsScopedList resources.",
-          "type": "object"
+          "type": "array"
         },
         "kind": {
-          "default": "compute#interconnectAttachmentAggregatedList",
-          "description": "[Output Only] Type of resource. Always compute#interconnectAttachmentAggregatedList for aggregated lists of interconnect attachments.",
+          "default": "compute#machineImageList",
+          "description": "[Output Only] The resource type, which is always compute#machineImagesListResponse for machine image lists.",
           "type": "string"
         },
         "nextPageToken": {
@@ -57187,13 +64331,6 @@
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
-        "unreachables": {
-          "description": "[Output Only] Unreachable resources.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -57210,6 +64347,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -57228,6 +64366,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -57239,6 +64407,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -57286,65 +64455,130 @@
       },
       "type": "object"
     },
-    "InterconnectAttachmentConfigurationConstraints": {
-      "id": "InterconnectAttachmentConfigurationConstraints",
+    "MachineType": {
+      "description": "Represents a Machine Type resource. You can use specific machine types for your VM instances based on performance and pricing requirements. For more information, read Machine Types.",
+      "id": "MachineType",
       "properties": {
-        "bgpMd5": {
-          "description": "[Output Only] Whether the attachment's BGP session requires/allows/disallows BGP MD5 authentication. This can take one of the following values: MD5_OPTIONAL, MD5_REQUIRED, MD5_UNSUPPORTED. For example, a Cross-Cloud Interconnect connection to a remote cloud provider that requires BGP MD5 authentication has the interconnectRemoteLocation attachment_configuration_constraints.bgp_md5 field set to MD5_REQUIRED, and that property is propagated to the attachment. Similarly, if BGP MD5 is MD5_UNSUPPORTED, an error is returned if MD5 is requested.",
+        "accelerators": {
+          "description": "[Output Only] A list of accelerator configurations assigned to this machine type.",
+          "items": {
+            "properties": {
+              "guestAcceleratorCount": {
+                "description": "Number of accelerator cards exposed to the guest.",
+                "format": "int32",
+                "type": "integer"
+              },
+              "guestAcceleratorType": {
+                "description": "The accelerator type resource name, not a full URL, e.g. nvidia-tesla-t4.",
+                "type": "string"
+              }
+            },
+            "type": "object"
+          },
+          "type": "array"
+        },
+        "architecture": {
+          "description": "[Output Only] The architecture of the machine type.",
           "enum": [
-            "MD5_OPTIONAL",
-            "MD5_REQUIRED",
-            "MD5_UNSUPPORTED"
+            "ARCHITECTURE_UNSPECIFIED",
+            "ARM64",
+            "X86_64"
           ],
           "enumDescriptions": [
-            "MD5_OPTIONAL: BGP MD5 authentication is supported and can optionally be configured.",
-            "MD5_REQUIRED: BGP MD5 authentication must be configured.",
-            "MD5_UNSUPPORTED: BGP MD5 authentication must not be configured"
+            "Default value indicating Architecture is not set.",
+            "Machines with architecture ARM64",
+            "Machines with architecture X86_64"
           ],
           "type": "string"
         },
-        "bgpPeerAsnRanges": {
-          "description": "[Output Only] List of ASN ranges that the remote location is known to support. Formatted as an array of inclusive ranges {min: min-value, max: max-value}. For example, [{min: 123, max: 123}, {min: 64512, max: 65534}] allows the peer ASN to be 123 or anything in the range 64512-65534. This field is only advisory. Although the API accepts other ranges, these are the ranges that we recommend.",
-          "items": {
-            "$ref": "InterconnectAttachmentConfigurationConstraintsBgpPeerASNRange"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "InterconnectAttachmentConfigurationConstraintsBgpPeerASNRange": {
-      "id": "InterconnectAttachmentConfigurationConstraintsBgpPeerASNRange",
-      "properties": {
-        "max": {
-          "format": "uint32",
+        "bundledLocalSsds": {
+          "$ref": "BundledLocalSsds",
+          "description": "[Output Only] The configuration of bundled local SSD for the machine type."
+        },
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
+        },
+        "deprecated": {
+          "$ref": "DeprecationStatus",
+          "description": "[Output Only] The deprecation status associated with this machine type. Only applicable if the machine type is unavailable."
+        },
+        "description": {
+          "description": "[Output Only] An optional textual description of the resource.",
+          "type": "string"
+        },
+        "guestCpus": {
+          "description": "[Output Only] The number of virtual CPUs that are available to the instance.",
+          "format": "int32",
           "type": "integer"
         },
-        "min": {
-          "format": "uint32",
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "isSharedCpu": {
+          "description": "[Output Only] Whether this machine type has a shared CPU. See Shared-core machine types for more information.",
+          "type": "boolean"
+        },
+        "kind": {
+          "default": "compute#machineType",
+          "description": "[Output Only] The type of the resource. Always compute#machineType for machine types.",
+          "type": "string"
+        },
+        "maximumPersistentDisks": {
+          "description": "[Output Only] Maximum persistent disks allowed.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "maximumPersistentDisksSizeGb": {
+          "description": "[Output Only] Maximum total persistent disks size (GB) allowed.",
+          "format": "int64",
+          "type": "string"
+        },
+        "memoryMb": {
+          "description": "[Output Only] The amount of physical memory available to the instance, defined in MB.",
+          "format": "int32",
           "type": "integer"
+        },
+        "name": {
+          "description": "[Output Only] Name of the resource.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
+          "type": "string"
+        },
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "type": "string"
+        },
+        "zone": {
+          "description": "[Output Only] The name of the zone where the machine type resides, such as us-central1-a.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "InterconnectAttachmentList": {
-      "description": "Response to the list request, and contains a list of interconnect attachments.",
-      "id": "InterconnectAttachmentList",
+    "MachineTypeAggregatedList": {
+      "id": "MachineTypeAggregatedList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of InterconnectAttachment resources.",
-          "items": {
-            "$ref": "InterconnectAttachment"
+          "additionalProperties": {
+            "$ref": "MachineTypesScopedList",
+            "description": "[Output Only] Name of the scope containing this set of machine types."
           },
-          "type": "array"
+          "description": "A list of MachineTypesScopedList resources.",
+          "type": "object"
         },
         "kind": {
-          "default": "compute#interconnectAttachmentList",
-          "description": "[Output Only] Type of resource. Always compute#interconnectAttachmentList for lists of interconnect attachments.",
+          "default": "compute#machineTypeAggregatedList",
+          "description": "[Output Only] Type of resource. Always compute#machineTypeAggregatedList for aggregated lists of machine types.",
           "type": "string"
         },
         "nextPageToken": {
@@ -57355,6 +64589,13 @@
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -57371,6 +64612,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -57389,6 +64631,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -57400,6 +64672,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -57447,49 +64720,36 @@
       },
       "type": "object"
     },
-    "InterconnectAttachmentPartnerMetadata": {
-      "description": "Informational metadata about Partner attachments from Partners to display to customers. These fields are propagated from PARTNER_PROVIDER attachments to their corresponding PARTNER attachments.",
-      "id": "InterconnectAttachmentPartnerMetadata",
+    "MachineTypeList": {
+      "description": "Contains a list of machine types.",
+      "id": "MachineTypeList",
       "properties": {
-        "interconnectName": {
-          "description": "Plain text name of the Interconnect this attachment is connected to, as displayed in the Partner's portal. For instance \"Chicago 1\". This value may be validated to match approved Partner values.",
-          "type": "string"
-        },
-        "partnerName": {
-          "description": "Plain text name of the Partner providing this attachment. This value may be validated to match approved Partner values.",
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
-        "portalUrl": {
-          "description": "URL of the Partner's portal for this Attachment. Partners may customise this to be a deep link to the specific resource on the Partner portal. This value may be validated to match approved Partner values.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "InterconnectAttachmentPrivateInfo": {
-      "description": "Information for an interconnect attachment when this belongs to an interconnect of type DEDICATED.",
-      "id": "InterconnectAttachmentPrivateInfo",
-      "properties": {
-        "tag8021q": {
-          "description": "[Output Only] 802.1q encapsulation tag to be used for traffic between Google and the customer, going to and from this network and region.",
-          "format": "uint32",
-          "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "InterconnectAttachmentsScopedList": {
-      "id": "InterconnectAttachmentsScopedList",
-      "properties": {
-        "interconnectAttachments": {
-          "description": "A list of interconnect attachments contained in this scope.",
+        "items": {
+          "description": "A list of MachineType resources.",
           "items": {
-            "$ref": "InterconnectAttachment"
+            "$ref": "MachineType"
           },
           "type": "array"
         },
+        "kind": {
+          "default": "compute#machineTypeList",
+          "description": "[Output Only] Type of resource. Always compute#machineTypeList for lists of machine types.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
         "warning": {
-          "description": "Informational warning which replaces the list of addresses when the list is empty.",
+          "description": "[Output Only] Informational warning message.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -57504,6 +64764,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -57522,6 +64783,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -57533,6 +64824,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -57580,237 +64872,18 @@
       },
       "type": "object"
     },
-    "InterconnectCircuitInfo": {
-      "description": "Describes a single physical circuit between the Customer and Google. CircuitInfo objects are created by Google, so all fields are output only.",
-      "id": "InterconnectCircuitInfo",
-      "properties": {
-        "customerDemarcId": {
-          "description": "Customer-side demarc ID for this circuit.",
-          "type": "string"
-        },
-        "googleCircuitId": {
-          "description": "Google-assigned unique ID for this circuit. Assigned at circuit turn-up.",
-          "type": "string"
-        },
-        "googleDemarcId": {
-          "description": "Google-side demarc ID for this circuit. Assigned at circuit turn-up and provided by Google to the customer in the LOA.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "InterconnectDiagnostics": {
-      "description": "Diagnostics information about interconnect, contains detailed and current technical information about Google's side of the connection.",
-      "id": "InterconnectDiagnostics",
-      "properties": {
-        "arpCaches": {
-          "description": "A list of InterconnectDiagnostics.ARPEntry objects, describing individual neighbors currently seen by the Google router in the ARP cache for the Interconnect. This will be empty when the Interconnect is not bundled.",
-          "items": {
-            "$ref": "InterconnectDiagnosticsARPEntry"
-          },
-          "type": "array"
-        },
-        "bundleAggregationType": {
-          "description": "The aggregation type of the bundle interface.",
-          "enum": [
-            "BUNDLE_AGGREGATION_TYPE_LACP",
-            "BUNDLE_AGGREGATION_TYPE_STATIC"
-          ],
-          "enumDescriptions": [
-            "LACP is enabled.",
-            "LACP is disabled."
-          ],
-          "type": "string"
-        },
-        "bundleOperationalStatus": {
-          "description": "The operational status of the bundle interface.",
-          "enum": [
-            "BUNDLE_OPERATIONAL_STATUS_DOWN",
-            "BUNDLE_OPERATIONAL_STATUS_UP"
-          ],
-          "enumDescriptions": [
-            "If bundleAggregationType is LACP: LACP is not established and/or all links in the bundle have DOWN operational status. If bundleAggregationType is STATIC: one or more links in the bundle has DOWN operational status.",
-            "If bundleAggregationType is LACP: LACP is established and at least one link in the bundle has UP operational status. If bundleAggregationType is STATIC: all links in the bundle (typically just one) have UP operational status."
-          ],
-          "type": "string"
-        },
-        "links": {
-          "description": "A list of InterconnectDiagnostics.LinkStatus objects, describing the status for each link on the Interconnect.",
-          "items": {
-            "$ref": "InterconnectDiagnosticsLinkStatus"
-          },
-          "type": "array"
-        },
-        "macAddress": {
-          "description": "The MAC address of the Interconnect's bundle interface.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "InterconnectDiagnosticsARPEntry": {
-      "description": "Describing the ARP neighbor entries seen on this link",
-      "id": "InterconnectDiagnosticsARPEntry",
-      "properties": {
-        "ipAddress": {
-          "description": "The IP address of this ARP neighbor.",
-          "type": "string"
-        },
-        "macAddress": {
-          "description": "The MAC address of this ARP neighbor.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "InterconnectDiagnosticsLinkLACPStatus": {
-      "id": "InterconnectDiagnosticsLinkLACPStatus",
-      "properties": {
-        "googleSystemId": {
-          "description": "System ID of the port on Google's side of the LACP exchange.",
-          "type": "string"
-        },
-        "neighborSystemId": {
-          "description": "System ID of the port on the neighbor's side of the LACP exchange.",
-          "type": "string"
-        },
-        "state": {
-          "description": "The state of a LACP link, which can take one of the following values: - ACTIVE: The link is configured and active within the bundle. - DETACHED: The link is not configured within the bundle. This means that the rest of the object should be empty. ",
-          "enum": [
-            "ACTIVE",
-            "DETACHED"
-          ],
-          "enumDescriptions": [
-            "The link is configured and active within the bundle.",
-            "The link is not configured within the bundle, this means the rest of the object should be empty."
-          ],
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "InterconnectDiagnosticsLinkOpticalPower": {
-      "id": "InterconnectDiagnosticsLinkOpticalPower",
-      "properties": {
-        "state": {
-          "description": "The status of the current value when compared to the warning and alarm levels for the receiving or transmitting transceiver. Possible states include: - OK: The value has not crossed a warning threshold. - LOW_WARNING: The value has crossed below the low warning threshold. - HIGH_WARNING: The value has crossed above the high warning threshold. - LOW_ALARM: The value has crossed below the low alarm threshold. - HIGH_ALARM: The value has crossed above the high alarm threshold. ",
-          "enum": [
-            "HIGH_ALARM",
-            "HIGH_WARNING",
-            "LOW_ALARM",
-            "LOW_WARNING",
-            "OK"
-          ],
-          "enumDescriptions": [
-            "The value has crossed above the high alarm threshold.",
-            "The value of the current optical power has crossed above the high warning threshold.",
-            "The value of the current optical power has crossed below the low alarm threshold.",
-            "The value of the current optical power has crossed below the low warning threshold.",
-            "The value of the current optical power has not crossed a warning threshold."
-          ],
-          "type": "string"
-        },
-        "value": {
-          "description": "Value of the current receiving or transmitting optical power, read in dBm. Take a known good optical value, give it a 10% margin and trigger warnings relative to that value. In general, a -7dBm warning and a -11dBm alarm are good optical value estimates for most links.",
-          "format": "float",
-          "type": "number"
-        }
-      },
-      "type": "object"
-    },
-    "InterconnectDiagnosticsLinkStatus": {
-      "id": "InterconnectDiagnosticsLinkStatus",
-      "properties": {
-        "arpCaches": {
-          "description": "A list of InterconnectDiagnostics.ARPEntry objects, describing the ARP neighbor entries seen on this link. This will be empty if the link is bundled",
-          "items": {
-            "$ref": "InterconnectDiagnosticsARPEntry"
-          },
-          "type": "array"
-        },
-        "circuitId": {
-          "description": "The unique ID for this link assigned during turn up by Google.",
-          "type": "string"
-        },
-        "googleDemarc": {
-          "description": "The Demarc address assigned by Google and provided in the LoA.",
-          "type": "string"
-        },
-        "lacpStatus": {
-          "$ref": "InterconnectDiagnosticsLinkLACPStatus"
-        },
-        "macsec": {
-          "$ref": "InterconnectDiagnosticsMacsecStatus",
-          "description": "Describes the status of MACsec encryption on this link."
-        },
-        "operationalStatus": {
-          "description": "The operational status of the link.",
-          "enum": [
-            "LINK_OPERATIONAL_STATUS_DOWN",
-            "LINK_OPERATIONAL_STATUS_UP"
-          ],
-          "enumDescriptions": [
-            "The interface is unable to communicate with the remote end.",
-            "The interface has low level communication with the remote end."
-          ],
-          "type": "string"
-        },
-        "receivingOpticalPower": {
-          "$ref": "InterconnectDiagnosticsLinkOpticalPower",
-          "description": "An InterconnectDiagnostics.LinkOpticalPower object, describing the current value and status of the received light level."
-        },
-        "transmittingOpticalPower": {
-          "$ref": "InterconnectDiagnosticsLinkOpticalPower",
-          "description": "An InterconnectDiagnostics.LinkOpticalPower object, describing the current value and status of the transmitted light level."
-        }
-      },
-      "type": "object"
-    },
-    "InterconnectDiagnosticsMacsecStatus": {
-      "description": "Describes the status of MACsec encryption on the link.",
-      "id": "InterconnectDiagnosticsMacsecStatus",
-      "properties": {
-        "ckn": {
-          "description": "Indicates the Connectivity Association Key Name (CKN) currently being used if MACsec is operational.",
-          "type": "string"
-        },
-        "operational": {
-          "description": "Indicates whether or not MACsec is operational on this link.",
-          "type": "boolean"
-        }
-      },
-      "type": "object"
-    },
-    "InterconnectList": {
-      "description": "Response to the list request, and contains a list of interconnects.",
-      "id": "InterconnectList",
+    "MachineTypesScopedList": {
+      "id": "MachineTypesScopedList",
       "properties": {
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
-          "type": "string"
-        },
-        "items": {
-          "description": "A list of Interconnect resources.",
+        "machineTypes": {
+          "description": "[Output Only] A list of machine types contained in this scope.",
           "items": {
-            "$ref": "Interconnect"
+            "$ref": "MachineType"
           },
           "type": "array"
         },
-        "kind": {
-          "default": "compute#interconnectList",
-          "description": "[Output Only] Type of resource. Always compute#interconnectList for lists of interconnects.",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
-          "type": "string"
-        },
         "warning": {
-          "description": "[Output Only] Informational warning message.",
+          "description": "[Output Only] An informational warning that appears when the machine types list is empty.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -57825,6 +64898,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -57843,6 +64917,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -57854,6 +64958,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -57901,450 +65006,625 @@
       },
       "type": "object"
     },
-    "InterconnectLocation": {
-      "description": "Represents an Interconnect Attachment (VLAN) Location resource. You can use this resource to find location details about an Interconnect attachment (VLAN). For more information about interconnect attachments, read Creating VLAN Attachments.",
-      "id": "InterconnectLocation",
+    "ManagedInstance": {
+      "description": "A Managed Instance resource.",
+      "id": "ManagedInstance",
       "properties": {
-        "address": {
-          "description": "[Output Only] The postal address of the Point of Presence, each line in the address is separated by a newline character.",
+        "allInstancesConfig": {
+          "$ref": "ManagedInstanceAllInstancesConfig",
+          "description": "[Output Only] Current all-instances configuration revision applied to this instance."
+        },
+        "currentAction": {
+          "description": "[Output Only] The current action that the managed instance group has scheduled for the instance. Possible values: - NONE The instance is running, and the managed instance group does not have any scheduled actions for this instance. - CREATING The managed instance group is creating this instance. If the group fails to create this instance, it will try again until it is successful. - CREATING_WITHOUT_RETRIES The managed instance group is attempting to create this instance only once. If the group fails to create this instance, it does not try again and the group's targetSize value is decreased instead. - RECREATING The managed instance group is recreating this instance. - DELETING The managed instance group is permanently deleting this instance. - ABANDONING The managed instance group is abandoning this instance. The instance will be removed from the instance group and from any target pools that are associated with this group. - RESTARTING The managed instance group is restarting the instance. - REFRESHING The managed instance group is applying configuration changes to the instance without stopping it. For example, the group can update the target pool list for an instance without stopping that instance. - VERIFYING The managed instance group has created the instance and it is in the process of being verified. ",
+          "enum": [
+            "ABANDONING",
+            "CREATING",
+            "CREATING_ATOMICALLY",
+            "CREATING_IN_BULK",
+            "CREATING_WITHOUT_RETRIES",
+            "DELETING",
+            "NONE",
+            "QUEUING",
+            "RECREATING",
+            "REFRESHING",
+            "RESTARTING",
+            "RESUMING",
+            "STARTING",
+            "STOPPING",
+            "SUSPENDING",
+            "VERIFYING"
+          ],
+          "enumDescriptions": [
+            "The managed instance group is abandoning this instance. The instance will be removed from the instance group and from any target pools that are associated with this group.",
+            "The managed instance group is creating this instance. If the group fails to create this instance, it will try again until it is successful.",
+            "The managed instance group is creating this instance atomically.",
+            "The managed instance group is creating this instance in bulk.",
+            "The managed instance group is attempting to create this instance only once. If the group fails to create this instance, it does not try again and the group's targetSize value is decreased.",
+            "The managed instance group is permanently deleting this instance.",
+            "The managed instance group has not scheduled any actions for this instance.",
+            "The managed instance group is queuing this instance.",
+            "The managed instance group is recreating this instance.",
+            "The managed instance group is applying configuration changes to the instance without stopping it. For example, the group can update the target pool list for an instance without stopping that instance.",
+            "The managed instance group is restarting this instance.",
+            "The managed instance group is resuming this instance.",
+            "The managed instance group is starting this instance.",
+            "The managed instance group is stopping this instance.",
+            "The managed instance group is suspending this instance.",
+            "The managed instance group is verifying this already created instance. Verification happens every time the instance is (re)created or restarted and consists of: 1. Waiting until health check specified as part of this managed instance group's autohealing policy reports HEALTHY. Note: Applies only if autohealing policy has a health check specified 2. Waiting for addition verification steps performed as post-instance creation (subject to future extensions)."
+          ],
           "type": "string"
         },
-        "availabilityZone": {
-          "description": "[Output Only] Availability zone for this InterconnectLocation. Within a metropolitan area (metro), maintenance will not be simultaneously scheduled in more than one availability zone. Example: \"zone1\" or \"zone2\".",
+        "id": {
+          "description": "[Output only] The unique identifier for this resource. This field is empty when instance does not exist.",
+          "format": "uint64",
           "type": "string"
         },
-        "city": {
-          "description": "[Output Only] Metropolitan area designator that indicates which city an interconnect is located. For example: \"Chicago, IL\", \"Amsterdam, Netherlands\".",
+        "instance": {
+          "description": "[Output Only] The URL of the instance. The URL can exist even if the instance has not yet been created.",
           "type": "string"
         },
-        "continent": {
-          "description": "[Output Only] Continent for this location, which can take one of the following values: - AFRICA - ASIA_PAC - EUROPE - NORTH_AMERICA - SOUTH_AMERICA ",
+        "instanceHealth": {
+          "description": "[Output Only] Health state of the instance per health-check.",
+          "items": {
+            "$ref": "ManagedInstanceInstanceHealth"
+          },
+          "type": "array"
+        },
+        "instanceStatus": {
+          "description": "[Output Only] The status of the instance. This field is empty when the instance does not exist.",
           "enum": [
-            "AFRICA",
-            "ASIA_PAC",
-            "C_AFRICA",
-            "C_ASIA_PAC",
-            "C_EUROPE",
-            "C_NORTH_AMERICA",
-            "C_SOUTH_AMERICA",
-            "EUROPE",
-            "NORTH_AMERICA",
-            "SOUTH_AMERICA"
+            "DEPROVISIONING",
+            "PROVISIONING",
+            "REPAIRING",
+            "RUNNING",
+            "STAGING",
+            "STOPPED",
+            "STOPPING",
+            "SUSPENDED",
+            "SUSPENDING",
+            "TERMINATED"
           ],
           "enumDescriptions": [
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            ""
+            "The instance is halted and we are performing tear down tasks like network deprogramming, releasing quota, IP, tearing down disks etc.",
+            "Resources are being allocated for the instance.",
+            "The instance is in repair.",
+            "The instance is running.",
+            "All required resources have been allocated and the instance is being started.",
+            "The instance has stopped successfully.",
+            "The instance is currently stopping (either being deleted or killed).",
+            "The instance has suspended.",
+            "The instance is suspending.",
+            "The instance has stopped (either by explicit action or underlying failure)."
           ],
           "type": "string"
         },
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+        "instanceTemplate": {
+          "deprecated": true,
+          "description": "[Output Only] The intended template of the instance. This field is empty when current_action is one of { DELETING, ABANDONING }.",
           "type": "string"
         },
-        "description": {
-          "description": "[Output Only] An optional description of the resource.",
+        "lastAttempt": {
+          "$ref": "ManagedInstanceLastAttempt",
+          "description": "[Output Only] Information about the last attempt to create or delete the instance."
+        },
+        "name": {
+          "description": "[Output Only] The name of the instance. The name will always exist even if the instance has not yet been created.",
           "type": "string"
         },
-        "facilityProvider": {
-          "description": "[Output Only] The name of the provider for this facility (e.g., EQUINIX).",
+        "preservedStateFromConfig": {
+          "$ref": "PreservedState",
+          "description": "[Output Only] Preserved state applied from per-instance config for this instance."
+        },
+        "preservedStateFromPolicy": {
+          "$ref": "PreservedState",
+          "description": "[Output Only] Preserved state generated based on stateful policy for this instance."
+        },
+        "tag": {
+          "deprecated": true,
+          "description": "[Output Only] Tag describing the version.",
           "type": "string"
         },
-        "facilityProviderFacilityId": {
-          "description": "[Output Only] A provider-assigned Identifier for this facility (e.g., Ashburn-DC1).",
+        "targetStatus": {
+          "description": "[Output Only] The eventual status of the instance. The instance group manager will not be identified as stable till each managed instance reaches its targetStatus.",
+          "enum": [
+            "ABANDONED",
+            "DELETED",
+            "RUNNING",
+            "STOPPED",
+            "SUSPENDED"
+          ],
+          "enumDescriptions": [
+            "The managed instance will eventually be ABANDONED, i.e. dissociated from the managed instance group.",
+            "The managed instance will eventually be DELETED.",
+            "The managed instance will eventually reach status RUNNING.",
+            "The managed instance will eventually reach status TERMINATED.",
+            "The managed instance will eventually reach status SUSPENDED."
+          ],
           "type": "string"
         },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
+        "version": {
+          "$ref": "ManagedInstanceVersion",
+          "description": "[Output Only] Intended version of this instance."
+        }
+      },
+      "type": "object"
+    },
+    "ManagedInstanceAllInstancesConfig": {
+      "id": "ManagedInstanceAllInstancesConfig",
+      "properties": {
+        "revision": {
+          "description": "[Output Only] Current all-instances configuration revision. This value is in RFC3339 text format.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ManagedInstanceInstanceHealth": {
+      "id": "ManagedInstanceInstanceHealth",
+      "properties": {
+        "detailedHealthState": {
+          "description": "[Output Only] The current detailed instance health state.",
+          "enum": [
+            "DRAINING",
+            "HEALTHY",
+            "TIMEOUT",
+            "UNHEALTHY",
+            "UNKNOWN"
+          ],
+          "enumDescriptions": [
+            "The instance is being drained. The existing connections to the instance have time to complete, but the new ones are being refused.",
+            "The instance is reachable i.e. a connection to the application health checking endpoint can be established, and conforms to the requirements defined by the health check.",
+            "The instance is unreachable i.e. a connection to the application health checking endpoint cannot be established, or the server does not respond within the specified timeout.",
+            "The instance is reachable, but does not conform to the requirements defined by the health check.",
+            "The health checking system is aware of the instance but its health is not known at the moment."
+          ],
           "type": "string"
         },
-        "kind": {
-          "default": "compute#interconnectLocation",
-          "description": "[Output Only] Type of the resource. Always compute#interconnectLocation for interconnect locations.",
+        "healthCheck": {
+          "description": "[Output Only] The URL for the health check that verifies whether the instance is healthy.",
+          "type": "string"
+        },
+        "healthState": {
+          "deprecated": true,
+          "description": "[Output Only] The current instance health state. This field will not get promoted to beta/GA and might be removed from alpha APIs after 01/12/2019. Please use detailed_health_state field instead.",
+          "enum": [
+            "HEALTHY",
+            "UNHEALTHY"
+          ],
+          "enumDescriptions": [
+            "The instance is reachable i.e. a connection to the application health checking endpoint can be established, and conforms to the requirements defined by the health check.",
+            "The instance is reachable, but does not conform to the requirements defined by the health check."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ManagedInstanceLastAttempt": {
+      "id": "ManagedInstanceLastAttempt",
+      "properties": {
+        "errors": {
+          "description": "[Output Only] Encountered errors during the last attempt to create or delete the instance.",
+          "properties": {
+            "errors": {
+              "description": "[Output Only] The array of errors encountered while processing this operation.",
+              "items": {
+                "properties": {
+                  "code": {
+                    "description": "[Output Only] The error type identifier for this error.",
+                    "type": "string"
+                  },
+                  "errorDetails": {
+                    "description": "[Output Only] An optional list of messages that contain the error details. There is a set of defined message types to use for providing details.The syntax depends on the error code. For example, QuotaExceededInfo will have details when the error code is QUOTA_EXCEEDED.",
+                    "items": {
+                      "properties": {
+                        "errorInfo": {
+                          "$ref": "ErrorInfo"
+                        },
+                        "help": {
+                          "$ref": "Help"
+                        },
+                        "localizedMessage": {
+                          "$ref": "LocalizedMessage"
+                        },
+                        "quotaInfo": {
+                          "$ref": "QuotaExceededInfo"
+                        }
+                      },
+                      "type": "object"
+                    },
+                    "type": "array"
+                  },
+                  "location": {
+                    "description": "[Output Only] Indicates the field in the request that caused the error. This property is optional.",
+                    "type": "string"
+                  },
+                  "message": {
+                    "description": "[Output Only] An optional, human-readable error message.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "ManagedInstanceVersion": {
+      "id": "ManagedInstanceVersion",
+      "properties": {
+        "instanceTemplate": {
+          "description": "[Output Only] The intended template of the instance. This field is empty when current_action is one of { DELETING, ABANDONING }.",
           "type": "string"
         },
         "name": {
-          "description": "[Output Only] Name of the resource.",
+          "description": "[Output Only] Name of the version.",
           "type": "string"
-        },
-        "peeringdbFacilityId": {
-          "description": "[Output Only] The peeringdb identifier for this facility (corresponding with a netfac type in peeringdb).",
+        }
+      },
+      "type": "object"
+    },
+    "Metadata": {
+      "description": "A metadata key/value entry.",
+      "id": "Metadata",
+      "properties": {
+        "fingerprint": {
+          "description": "Specifies a fingerprint for this request, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve the resource.",
+          "format": "byte",
           "type": "string"
         },
-        "regionInfos": {
-          "description": "[Output Only] A list of InterconnectLocation.RegionInfo objects, that describe parameters pertaining to the relation between this InterconnectLocation and various Google Cloud regions.",
+        "items": {
+          "description": "Array of key/value pairs. The total size of all keys and values must be less than 512 KB.",
           "items": {
-            "$ref": "InterconnectLocationRegionInfo"
+            "description": "Metadata",
+            "properties": {
+              "key": {
+                "annotations": {
+                  "required": [
+                    "compute.instances.insert",
+                    "compute.projects.setCommonInstanceMetadata"
+                  ]
+                },
+                "description": "Key for the metadata entry. Keys must conform to the following regexp: [a-zA-Z0-9-_]+, and be less than 128 bytes in length. This is reflected as part of a URL in the metadata server. Additionally, to avoid ambiguity, keys must not conflict with any other metadata keys for the project.",
+                "pattern": "[a-zA-Z0-9-_]{1,128}",
+                "type": "string"
+              },
+              "value": {
+                "annotations": {
+                  "required": [
+                    "compute.instances.insert",
+                    "compute.projects.setCommonInstanceMetadata"
+                  ]
+                },
+                "description": "Value for the metadata entry. These are free-form strings, and only have meaning as interpreted by the image running in the instance. The only restriction placed on values is that their size must be less than or equal to 262144 bytes (256 KiB).",
+                "type": "string"
+              }
+            },
+            "type": "object"
           },
           "type": "array"
         },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
+        "kind": {
+          "default": "compute#metadata",
+          "description": "[Output Only] Type of the resource. Always compute#metadata for metadata.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MetadataCredentialsFromPlugin": {
+      "description": "[Deprecated] Custom authenticator credentials. Custom authenticator credentials.",
+      "id": "MetadataCredentialsFromPlugin",
+      "properties": {
+        "name": {
+          "description": "Plugin name.",
           "type": "string"
         },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+        "structConfig": {
+          "description": "A text proto that conforms to a Struct type definition interpreted by the plugin.",
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MetadataFilter": {
+      "description": "Opaque filter criteria used by load balancers to restrict routing configuration to a limited set of load balancing proxies. Proxies and sidecars involved in load balancing would typically present metadata to the load balancers that need to match criteria specified here. If a match takes place, the relevant configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels provided in the metadata. An example for using metadataFilters would be: if load balancing involves Envoys, they receive routing configuration when values in metadataFilters match values supplied in of their XDS requests to loadbalancers.",
+      "id": "MetadataFilter",
+      "properties": {
+        "filterLabels": {
+          "description": "The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries.",
+          "items": {
+            "$ref": "MetadataFilterLabelMatch"
+          },
+          "type": "array"
         },
-        "status": {
-          "description": "[Output Only] The status of this InterconnectLocation, which can take one of the following values: - CLOSED: The InterconnectLocation is closed and is unavailable for provisioning new Interconnects. - AVAILABLE: The InterconnectLocation is available for provisioning new Interconnects. ",
+        "filterMatchCriteria": {
+          "description": "Specifies how individual filter label matches within the list of filterLabels and contributes toward the overall metadataFilter match. Supported values are: - MATCH_ANY: at least one of the filterLabels must have a matching label in the provided metadata. - MATCH_ALL: all filterLabels must have matching labels in the provided metadata. ",
           "enum": [
-            "AVAILABLE",
-            "CLOSED"
+            "MATCH_ALL",
+            "MATCH_ANY",
+            "NOT_SET"
           ],
           "enumDescriptions": [
-            "The InterconnectLocation is available for provisioning new Interconnects.",
-            "The InterconnectLocation is closed for provisioning new Interconnects."
+            "Specifies that all filterLabels must match for the metadataFilter to be considered a match.",
+            "Specifies that any filterLabel must match for the metadataFilter to be considered a match.",
+            "Indicates that the match criteria was not set. A metadataFilter must never be created with this value."
           ],
           "type": "string"
-        },
-        "supportsPzs": {
-          "description": "[Output Only] Set to true for locations that support physical zone separation. Defaults to false if the field is not present.",
-          "type": "boolean"
         }
       },
       "type": "object"
     },
-    "InterconnectLocationList": {
-      "description": "Response to the list request, and contains a list of interconnect locations.",
-      "id": "InterconnectLocationList",
+    "MetadataFilterLabelMatch": {
+      "description": "MetadataFilter label name value pairs that are expected to match corresponding labels presented as metadata to the load balancer.",
+      "id": "MetadataFilterLabelMatch",
       "properties": {
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+        "name": {
+          "description": "Name of metadata label. The name can have a maximum length of 1024 characters and must be at least 1 character long.",
           "type": "string"
         },
-        "items": {
-          "description": "A list of InterconnectLocation resources.",
-          "items": {
-            "$ref": "InterconnectLocation"
-          },
-          "type": "array"
-        },
-        "kind": {
-          "default": "compute#interconnectLocationList",
-          "description": "[Output Only] Type of resource. Always compute#interconnectLocationList for lists of interconnect locations.",
+        "value": {
+          "description": "The value of the label must match the specified value. value can have a maximum length of 1024 characters.",
           "type": "string"
-        },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+        }
+      },
+      "type": "object"
+    },
+    "Money": {
+      "description": "Represents an amount of money with its currency type.",
+      "id": "Money",
+      "properties": {
+        "currencyCode": {
+          "description": "The three-letter currency code defined in ISO 4217.",
           "type": "string"
         },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
-          "type": "string"
+        "nanos": {
+          "description": "Number of nano (10^-9) units of the amount. The value must be between -999,999,999 and +999,999,999 inclusive. If `units` is positive, `nanos` must be positive or zero. If `units` is zero, `nanos` can be positive, zero, or negative. If `units` is negative, `nanos` must be negative or zero. For example $-1.75 is represented as `units`=-1 and `nanos`=-750,000,000.",
+          "format": "int32",
+          "type": "integer"
         },
-        "warning": {
-          "description": "[Output Only] Informational warning message.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
-              ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
+        "units": {
+          "description": "The whole units of the amount. For example if `currencyCode` is `\"USD\"`, then 1 unit is one US dollar.",
+          "format": "int64",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "InterconnectLocationRegionInfo": {
-      "description": "Information about any potential InterconnectAttachments between an Interconnect at a specific InterconnectLocation, and a specific Cloud Region.",
-      "id": "InterconnectLocationRegionInfo",
+    "MutualTls": {
+      "description": "[Deprecated] Configuration for the mutual Tls mode for peer authentication. Configuration for the mutual Tls mode for peer authentication.",
+      "id": "MutualTls",
       "properties": {
-        "expectedRttMs": {
-          "description": "Expected round-trip time in milliseconds, from this InterconnectLocation to a VM in this region.",
-          "format": "int64",
-          "type": "string"
-        },
-        "locationPresence": {
-          "description": "Identifies the network presence of this location.",
+        "mode": {
+          "description": "Specifies if the server TLS is configured to be strict or permissive. This field can be set to one of the following: STRICT: Client certificate must be presented, connection is in TLS. PERMISSIVE: Client certificate can be omitted, connection can be either plaintext or TLS.",
           "enum": [
-            "GLOBAL",
-            "LOCAL_REGION",
-            "LP_GLOBAL",
-            "LP_LOCAL_REGION"
+            "INVALID",
+            "PERMISSIVE",
+            "STRICT"
           ],
           "enumDescriptions": [
-            "This region is not in any common network presence with this InterconnectLocation.",
-            "This region shares the same regional network presence as this InterconnectLocation.",
-            "[Deprecated] This region is not in any common network presence with this InterconnectLocation.",
-            "[Deprecated] This region shares the same regional network presence as this InterconnectLocation."
+            "",
+            "Client certificate can be omitted, connection can be either plaintext or TLS.",
+            "Client certificate must be presented, connection is in TLS."
           ],
           "type": "string"
-        },
-        "region": {
-          "description": "URL for the region of this location.",
-          "type": "string"
         }
       },
       "type": "object"
     },
-    "InterconnectMacsec": {
-      "description": "Configuration information for enabling Media Access Control security (Macsec) on this Interconnect between Google and your on-premises router.",
-      "id": "InterconnectMacsec",
+    "NamedPort": {
+      "description": "The named port. For example: \u003c\"http\", 80\u003e.",
+      "id": "NamedPort",
       "properties": {
-        "failOpen": {
-          "description": "If set to true, the Interconnect will be configured with a should-secure MACsec security policy, that allows the Google router to fallback to cleartext traffic if the MKA session cannot be established. By default, the Interconnect will be configured with a must-secure security policy that drops all traffic if the MKA session cannot be established with your router.",
-          "type": "boolean"
+        "name": {
+          "description": "The name for this named port. The name must be 1-63 characters long, and comply with RFC1035.",
+          "type": "string"
         },
-        "preSharedKeys": {
-          "description": "Required. A keychain placeholder describing a set of named key objects along with their start times. A MACsec CKN/CAK will be generated for each key in the key chain. Google router will automatically pick the key with the most recent startTime when establishing or re-establishing a MACsec secure link.",
-          "items": {
-            "$ref": "InterconnectMacsecPreSharedKey"
-          },
-          "type": "array"
+        "port": {
+          "description": "The port number, which can be a value between 1 and 65535.",
+          "format": "int32",
+          "type": "integer"
         }
       },
       "type": "object"
     },
-    "InterconnectMacsecConfig": {
-      "description": "MACsec configuration information for the Interconnect. Contains the generated Connectivity Association Key Name (CKN) and the key (CAK) for this Interconnect.",
-      "id": "InterconnectMacsecConfig",
+    "NatIpInfo": {
+      "description": "Contains NAT IP information of a NAT config (i.e. usage status, mode).",
+      "id": "NatIpInfo",
       "properties": {
-        "preSharedKeys": {
-          "description": "A keychain placeholder describing a set of named key objects along with their start times. A MACsec CKN/CAK will be generated for each key in the key chain. Google router will automatically pick the key with the most recent startTime when establishing or re-establishing a MACsec secure link.",
+        "natIpInfoMappings": {
+          "description": "A list of all NAT IPs assigned to this NAT config.",
           "items": {
-            "$ref": "InterconnectMacsecConfigPreSharedKey"
+            "$ref": "NatIpInfoNatIpInfoMapping"
           },
           "type": "array"
+        },
+        "natName": {
+          "description": "Name of the NAT config which the NAT IP belongs to.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "InterconnectMacsecConfigPreSharedKey": {
-      "description": "Describes a pre-shared key used to setup MACsec in static connectivity association key (CAK) mode.",
-      "id": "InterconnectMacsecConfigPreSharedKey",
+    "NatIpInfoNatIpInfoMapping": {
+      "description": "Contains information of a NAT IP.",
+      "id": "NatIpInfoNatIpInfoMapping",
       "properties": {
-        "cak": {
-          "description": "An auto-generated Connectivity Association Key (CAK) for this key.",
-          "type": "string"
-        },
-        "ckn": {
-          "description": "An auto-generated Connectivity Association Key Name (CKN) for this key.",
+        "mode": {
+          "description": "Specifies whether NAT IP is auto or manual.",
+          "enum": [
+            "AUTO",
+            "MANUAL"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
           "type": "string"
         },
-        "name": {
-          "description": "User provided name for this pre-shared key.",
+        "natIp": {
+          "description": "NAT IP address. For example: 203.0.113.11.",
           "type": "string"
         },
-        "startTime": {
-          "description": "User provided timestamp on or after which this key is valid.",
+        "usage": {
+          "description": "Specifies whether NAT IP is currently serving at least one endpoint or not.",
+          "enum": [
+            "IN_USE",
+            "UNUSED"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
           "type": "string"
         }
       },
       "type": "object"
     },
-    "InterconnectMacsecPreSharedKey": {
-      "description": "Describes a pre-shared key used to setup MACsec in static connectivity association key (CAK) mode.",
-      "id": "InterconnectMacsecPreSharedKey",
+    "NatIpInfoResponse": {
+      "id": "NatIpInfoResponse",
       "properties": {
-        "name": {
-          "description": "Required. A name for this pre-shared key. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "type": "string"
-        },
-        "startTime": {
-          "description": "A RFC3339 timestamp on or after which the key is valid. startTime can be in the future. If the keychain has a single key, startTime can be omitted. If the keychain has multiple keys, startTime is mandatory for each key. The start times of keys must be in increasing order. The start times of two consecutive keys must be at least 6 hours apart.",
-          "type": "string"
+        "result": {
+          "description": "[Output Only] A list of NAT IP information.",
+          "items": {
+            "$ref": "NatIpInfo"
+          },
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "InterconnectOutageNotification": {
-      "description": "Description of a planned outage on this Interconnect.",
-      "id": "InterconnectOutageNotification",
+    "Network": {
+      "description": "Represents a VPC Network resource. Networks connect resources to each other and to the internet. For more information, read Virtual Private Cloud (VPC) Network.",
+      "id": "Network",
       "properties": {
-        "affectedCircuits": {
-          "description": "If issue_type is IT_PARTIAL_OUTAGE, a list of the Google-side circuit IDs that will be affected.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "IPv4Range": {
+          "deprecated": true,
+          "description": "Deprecated in favor of subnet mode networks. The range of internal addresses that are legal on this network. This range is a CIDR specification, for example: 192.168.0.0/16. Provided by the client when the network is created.",
+          "pattern": "[0-9]{1,3}(?:\\.[0-9]{1,3}){3}/[0-9]{1,2}",
+          "type": "string"
+        },
+        "autoCreateSubnetworks": {
+          "description": "Must be set to create a VPC network. If not set, a legacy network is created. When set to true, the VPC network is created in auto mode. When set to false, the VPC network is created in custom mode. An auto mode VPC network starts with one subnet per region. Each subnet has a predetermined range as described in Auto mode VPC network IP ranges. For custom mode VPC networks, you can add subnets using the subnetworks insert method.",
+          "type": "boolean"
+        },
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
         },
         "description": {
-          "description": "A description about the purpose of the outage.",
+          "description": "An optional description of this resource. Provide this field when you create the resource.",
           "type": "string"
         },
-        "endTime": {
-          "description": "Scheduled end time for the outage (milliseconds since Unix epoch).",
-          "format": "int64",
+        "enableUlaInternalIpv6": {
+          "description": "Enable ULA internal ipv6 on this network. Enabling this feature will assign a /48 from google defined ULA prefix fd20::/20. .",
+          "type": "boolean"
+        },
+        "firewallPolicy": {
+          "description": "[Output Only] URL of the firewall policy the network is associated with.",
           "type": "string"
         },
-        "issueType": {
-          "description": "Form this outage is expected to take, which can take one of the following values: - OUTAGE: The Interconnect may be completely out of service for some or all of the specified window. - PARTIAL_OUTAGE: Some circuits comprising the Interconnect as a whole should remain up, but with reduced bandwidth. Note that the versions of this enum prefixed with \"IT_\" have been deprecated in favor of the unprefixed values.",
-          "enum": [
-            "IT_OUTAGE",
-            "IT_PARTIAL_OUTAGE",
-            "OUTAGE",
-            "PARTIAL_OUTAGE"
-          ],
-          "enumDescriptions": [
-            "[Deprecated] The Interconnect may be completely out of service for some or all of the specified window.",
-            "[Deprecated] Some circuits comprising the Interconnect will be out of service during the expected window. The interconnect as a whole should remain up, albeit with reduced bandwidth.",
-            "The Interconnect may be completely out of service for some or all of the specified window.",
-            "Some circuits comprising the Interconnect will be out of service during the expected window. The interconnect as a whole should remain up, albeit with reduced bandwidth."
-          ],
+        "gatewayIPv4": {
+          "description": "[Output Only] The gateway address for default routing out of the network, selected by Google Cloud.",
+          "pattern": "[0-9]{1,3}(?:\\.[0-9]{1,3}){3}",
+          "type": "string"
+        },
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "internalIpv6Range": {
+          "description": "When enabling ula internal ipv6, caller optionally can specify the /48 range they want from the google defined ULA prefix fd20::/20. The input must be a valid /48 ULA IPv6 address and must be within the fd20::/20. Operation will fail if the speficied /48 is already in used by another resource. If the field is not speficied, then a /48 range will be randomly allocated from fd20::/20 and returned via this field. .",
           "type": "string"
         },
+        "kind": {
+          "default": "compute#network",
+          "description": "[Output Only] Type of the resource. Always compute#network for networks.",
+          "type": "string"
+        },
+        "mtu": {
+          "description": "Maximum Transmission Unit in bytes. The minimum value for this field is 1300 and the maximum value is 8896. The suggested value is 1500, which is the default MTU used on the Internet, or 8896 if you want to use Jumbo frames. If unspecified, the value defaults to 1460.",
+          "format": "int32",
+          "type": "integer"
+        },
         "name": {
-          "description": "Unique identifier for this outage notification.",
+          "annotations": {
+            "required": [
+              "compute.networks.insert"
+            ]
+          },
+          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
         },
-        "source": {
-          "description": "The party that generated this notification, which can take the following value: - GOOGLE: this notification as generated by Google. Note that the value of NSRC_GOOGLE has been deprecated in favor of GOOGLE.",
+        "networkFirewallPolicyEnforcementOrder": {
+          "description": "The network firewall policy enforcement order. Can be either AFTER_CLASSIC_FIREWALL or BEFORE_CLASSIC_FIREWALL. Defaults to AFTER_CLASSIC_FIREWALL if the field is not specified.",
           "enum": [
-            "GOOGLE",
-            "NSRC_GOOGLE"
+            "AFTER_CLASSIC_FIREWALL",
+            "BEFORE_CLASSIC_FIREWALL"
           ],
           "enumDescriptions": [
-            "This notification was generated by Google.",
-            "[Deprecated] This notification was generated by Google."
+            "",
+            ""
           ],
           "type": "string"
         },
-        "startTime": {
-          "description": "Scheduled start time for the outage (milliseconds since Unix epoch).",
-          "format": "int64",
+        "peerings": {
+          "description": "[Output Only] A list of network peerings for the resource.",
+          "items": {
+            "$ref": "NetworkPeering"
+          },
+          "type": "array"
+        },
+        "region": {
+          "description": "[Output Only] URL of the region where the regional network resides. This field is not applicable to global network. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
           "type": "string"
         },
-        "state": {
-          "description": "State of this notification, which can take one of the following values: - ACTIVE: This outage notification is active. The event could be in the past, present, or future. See start_time and end_time for scheduling. - CANCELLED: The outage associated with this notification was cancelled before the outage was due to start. - COMPLETED: The outage associated with this notification is complete. Note that the versions of this enum prefixed with \"NS_\" have been deprecated in favor of the unprefixed values.",
-          "enum": [
-            "ACTIVE",
-            "CANCELLED",
-            "COMPLETED",
-            "NS_ACTIVE",
-            "NS_CANCELED"
-          ],
-          "enumDescriptions": [
-            "This outage notification is active. The event could be in the future, present, or past. See start_time and end_time for scheduling.",
-            "The outage associated with this notification was cancelled before the outage was due to start.",
-            "The outage associated with this notification is complete.",
-            "[Deprecated] This outage notification is active. The event could be in the future, present, or past. See start_time and end_time for scheduling.",
-            "[Deprecated] The outage associated with this notification was canceled before the outage was due to start."
-          ],
+        "routingConfig": {
+          "$ref": "NetworkRoutingConfig",
+          "description": "The network-level routing configuration for this network. Used by Cloud Router to determine what type of network-wide routing behavior to enforce."
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
           "type": "string"
+        },
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "type": "string"
+        },
+        "subnetworks": {
+          "description": "[Output Only] Server-defined fully-qualified URLs for all subnetworks in this VPC network.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "InterconnectRemoteLocation": {
-      "description": "Represents an Cross-Cloud Interconnect Remote Location resource. You can use this resource to find remote location details about an Interconnect attachment (VLAN).",
-      "id": "InterconnectRemoteLocation",
+    "NetworkAttachment": {
+      "description": "NetworkAttachments A network attachment resource ...",
+      "id": "NetworkAttachment",
       "properties": {
-        "address": {
-          "description": "[Output Only] The postal address of the Point of Presence, each line in the address is separated by a newline character.",
-          "type": "string"
-        },
-        "attachmentConfigurationConstraints": {
-          "$ref": "InterconnectAttachmentConfigurationConstraints",
-          "description": "[Output Only] Subset of fields from InterconnectAttachment's |configurationConstraints| field that apply to all attachments for this remote location."
-        },
-        "city": {
-          "description": "[Output Only] Metropolitan area designator that indicates which city an interconnect is located. For example: \"Chicago, IL\", \"Amsterdam, Netherlands\".",
-          "type": "string"
-        },
-        "constraints": {
-          "$ref": "InterconnectRemoteLocationConstraints",
-          "description": "[Output Only] Constraints on the parameters for creating Cross-Cloud Interconnect and associated InterconnectAttachments."
+        "connectionEndpoints": {
+          "description": "[Output Only] An array of connections for all the producers connected to this network attachment.",
+          "items": {
+            "$ref": "NetworkAttachmentConnectedEndpoint"
+          },
+          "type": "array"
         },
-        "continent": {
-          "description": "[Output Only] Continent for this location, which can take one of the following values: - AFRICA - ASIA_PAC - EUROPE - NORTH_AMERICA - SOUTH_AMERICA ",
+        "connectionPreference": {
           "enum": [
-            "AFRICA",
-            "ASIA_PAC",
-            "EUROPE",
-            "NORTH_AMERICA",
-            "SOUTH_AMERICA"
+            "ACCEPT_AUTOMATIC",
+            "ACCEPT_MANUAL",
+            "INVALID"
           ],
           "enumDescriptions": [
-            "",
-            "",
             "",
             "",
             ""
@@ -58356,66 +65636,54 @@
           "type": "string"
         },
         "description": {
-          "description": "[Output Only] An optional description of the resource.",
-          "type": "string"
-        },
-        "facilityProvider": {
-          "description": "[Output Only] The name of the provider for this facility (e.g., EQUINIX).",
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
           "type": "string"
         },
-        "facilityProviderFacilityId": {
-          "description": "[Output Only] A provider-assigned Identifier for this facility (e.g., Ashburn-DC1).",
+        "fingerprint": {
+          "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. An up-to-date fingerprint must be provided in order to patch.",
+          "format": "byte",
           "type": "string"
         },
         "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "description": "[Output Only] The unique identifier for the resource type. The server generates this identifier.",
           "format": "uint64",
           "type": "string"
         },
         "kind": {
-          "default": "compute#interconnectRemoteLocation",
-          "description": "[Output Only] Type of the resource. Always compute#interconnectRemoteLocation for interconnect remote locations.",
-          "type": "string"
-        },
-        "lacp": {
-          "description": "[Output Only] Link Aggregation Control Protocol (LACP) constraints, which can take one of the following values: LACP_SUPPORTED, LACP_UNSUPPORTED",
-          "enum": [
-            "LACP_SUPPORTED",
-            "LACP_UNSUPPORTED"
-          ],
-          "enumDescriptions": [
-            "LACP_SUPPORTED: LACP is supported, and enabled by default on the Cross-Cloud Interconnect.",
-            "LACP_UNSUPPORTED: LACP is not supported and will not be enabled on this port. GetDiagnostics will show bundleAggregationType as \"static\". GCP does not support LAGs without LACP, so requestedLinkCount must be 1."
-          ],
+          "default": "compute#networkAttachment",
+          "description": "[Output Only] Type of the resource.",
           "type": "string"
         },
-        "maxLagSize100Gbps": {
-          "description": "[Output Only] The maximum number of 100 Gbps ports supported in a link aggregation group (LAG). When linkType is 100 Gbps, requestedLinkCount cannot exceed max_lag_size_100_gbps.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "maxLagSize10Gbps": {
-          "description": "[Output Only] The maximum number of 10 Gbps ports supported in a link aggregation group (LAG). When linkType is 10 Gbps, requestedLinkCount cannot exceed max_lag_size_10_gbps.",
-          "format": "int32",
-          "type": "integer"
-        },
         "name": {
-          "description": "[Output Only] Name of the resource.",
+          "annotations": {
+            "required": [
+              "compute.networkAttachments.insert"
+            ]
+          },
+          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
         },
-        "peeringdbFacilityId": {
-          "description": "[Output Only] The peeringdb identifier for this facility (corresponding with a netfac type in peeringdb).",
+        "network": {
+          "description": "[Output Only] The URL of the network which the Network Attachment belongs to. Practically it is inferred by fetching the network of the first subnetwork associated. Because it is required that all the subnetworks must be from the same network, it is assured that the Network Attachment belongs to the same network as all the subnetworks.",
           "type": "string"
         },
-        "permittedConnections": {
-          "description": "[Output Only] Permitted connections.",
+        "producerAcceptLists": {
+          "description": "Projects that are allowed to connect to this network attachment. The project can be specified using its id or number.",
           "items": {
-            "$ref": "InterconnectRemoteLocationPermittedConnections"
+            "type": "string"
           },
           "type": "array"
         },
-        "remoteService": {
-          "description": "[Output Only] Indicates the service provider present at the remote location. Example values: \"Amazon Web Services\", \"Microsoft Azure\".",
+        "producerRejectLists": {
+          "description": "Projects that are not allowed to connect to this network attachment. The project can be specified using its id or number.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "region": {
+          "description": "[Output Only] URL of the region where the network attachment resides. This field applies only to the region resource. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
           "type": "string"
         },
         "selfLink": {
@@ -58423,90 +65691,37 @@
           "type": "string"
         },
         "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
-          "type": "string"
-        },
-        "status": {
-          "description": "[Output Only] The status of this InterconnectRemoteLocation, which can take one of the following values: - CLOSED: The InterconnectRemoteLocation is closed and is unavailable for provisioning new Cross-Cloud Interconnects. - AVAILABLE: The InterconnectRemoteLocation is available for provisioning new Cross-Cloud Interconnects. ",
-          "enum": [
-            "AVAILABLE",
-            "CLOSED"
-          ],
-          "enumDescriptions": [
-            "The InterconnectRemoteLocation is available for provisioning new Cross-Cloud Interconnects.",
-            "The InterconnectRemoteLocation is closed for provisioning new Cross-Cloud Interconnects."
-          ],
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "InterconnectRemoteLocationConstraints": {
-      "id": "InterconnectRemoteLocationConstraints",
-      "properties": {
-        "portPairRemoteLocation": {
-          "description": "[Output Only] Port pair remote location constraints, which can take one of the following values: PORT_PAIR_UNCONSTRAINED_REMOTE_LOCATION, PORT_PAIR_MATCHING_REMOTE_LOCATION. GCP's API refers only to individual ports, but the UI uses this field when ordering a pair of ports, to prevent users from accidentally ordering something that is incompatible with their cloud provider. Specifically, when ordering a redundant pair of Cross-Cloud Interconnect ports, and one of them uses a remote location with portPairMatchingRemoteLocation set to matching, the UI will require that both ports use the same remote location.",
-          "enum": [
-            "PORT_PAIR_MATCHING_REMOTE_LOCATION",
-            "PORT_PAIR_UNCONSTRAINED_REMOTE_LOCATION"
-          ],
-          "enumDescriptions": [
-            "If PORT_PAIR_MATCHING_REMOTE_LOCATION, the remote cloud provider allocates ports in pairs, and the user should choose the same remote location for both ports.",
-            "If PORT_PAIR_UNCONSTRAINED_REMOTE_LOCATION, a user may opt to provision a redundant pair of Cross-Cloud Interconnects using two different remote locations in the same city."
-          ],
-          "type": "string"
-        },
-        "portPairVlan": {
-          "description": "[Output Only] Port pair VLAN constraints, which can take one of the following values: PORT_PAIR_UNCONSTRAINED_VLAN, PORT_PAIR_MATCHING_VLAN",
-          "enum": [
-            "PORT_PAIR_MATCHING_VLAN",
-            "PORT_PAIR_UNCONSTRAINED_VLAN"
-          ],
-          "enumDescriptions": [
-            "If PORT_PAIR_MATCHING_VLAN, the Interconnect for this attachment is part of a pair of ports that should have matching VLAN allocations. This occurs with Cross-Cloud Interconnect to Azure remote locations. While GCP's API does not explicitly group pairs of ports, the UI uses this field to ensure matching VLAN ids when configuring a redundant VLAN pair.",
-            "PORT_PAIR_UNCONSTRAINED_VLAN means there is no constraint."
-          ],
+          "description": "[Output Only] Server-defined URL for this resource's resource id.",
           "type": "string"
         },
-        "subnetLengthRange": {
-          "$ref": "InterconnectRemoteLocationConstraintsSubnetLengthRange",
-          "description": "[Output Only] [min-length, max-length] The minimum and maximum value (inclusive) for the IPv4 subnet length. For example, an interconnectRemoteLocation for Azure has {min: 30, max: 30} because Azure requires /30 subnets. This range specifies the values supported by both cloud providers. Interconnect currently supports /29 and /30 IPv4 subnet lengths. If a remote cloud has no constraint on IPv4 subnet length, the range would thus be {min: 29, max: 30}. "
-        }
-      },
-      "type": "object"
-    },
-    "InterconnectRemoteLocationConstraintsSubnetLengthRange": {
-      "id": "InterconnectRemoteLocationConstraintsSubnetLengthRange",
-      "properties": {
-        "max": {
-          "format": "int32",
-          "type": "integer"
-        },
-        "min": {
-          "format": "int32",
-          "type": "integer"
+        "subnetworks": {
+          "description": "An array of URLs where each entry is the URL of a subnet provided by the service consumer to use for endpoints in the producers that connect to this network attachment.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "InterconnectRemoteLocationList": {
-      "description": "Response to the list request, and contains a list of interconnect remote locations.",
-      "id": "InterconnectRemoteLocationList",
+    "NetworkAttachmentAggregatedList": {
+      "description": "Contains a list of NetworkAttachmentsScopedList.",
+      "id": "NetworkAttachmentAggregatedList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of InterconnectRemoteLocation resources.",
-          "items": {
-            "$ref": "InterconnectRemoteLocation"
+          "additionalProperties": {
+            "$ref": "NetworkAttachmentsScopedList",
+            "description": "Name of the scope containing this set of NetworkAttachments."
           },
-          "type": "array"
+          "description": "A list of NetworkAttachmentsScopedList resources.",
+          "type": "object"
         },
         "kind": {
-          "default": "compute#interconnectRemoteLocationList",
-          "description": "[Output Only] Type of resource. Always compute#interconnectRemoteLocationList for lists of interconnect remote locations.",
+          "default": "compute#networkAttachmentAggregatedList",
           "type": "string"
         },
         "nextPageToken": {
@@ -58533,6 +65748,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -58551,6 +65767,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -58562,6 +65808,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -58609,122 +65856,72 @@
       },
       "type": "object"
     },
-    "InterconnectRemoteLocationPermittedConnections": {
-      "id": "InterconnectRemoteLocationPermittedConnections",
-      "properties": {
-        "interconnectLocation": {
-          "description": "[Output Only] URL of an Interconnect location that is permitted to connect to this Interconnect remote location.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "InterconnectsGetDiagnosticsResponse": {
-      "description": "Response for the InterconnectsGetDiagnosticsRequest.",
-      "id": "InterconnectsGetDiagnosticsResponse",
-      "properties": {
-        "result": {
-          "$ref": "InterconnectDiagnostics"
-        }
-      },
-      "type": "object"
-    },
-    "InterconnectsGetMacsecConfigResponse": {
-      "description": "Response for the InterconnectsGetMacsecConfigRequest.",
-      "id": "InterconnectsGetMacsecConfigResponse",
-      "properties": {
-        "etag": {
-          "description": "end_interface: MixerGetResponseWithEtagBuilder",
-          "type": "string"
-        },
-        "result": {
-          "$ref": "InterconnectMacsecConfig"
-        }
-      },
-      "type": "object"
-    },
-    "InternalIpAddress": {
-      "id": "InternalIpAddress",
+    "NetworkAttachmentConnectedEndpoint": {
+      "description": "[Output Only] A connection connected to this network attachment.",
+      "id": "NetworkAttachmentConnectedEndpoint",
       "properties": {
-        "cidr": {
-          "description": "IP CIDR address or range.",
+        "ipAddress": {
+          "description": "The IPv4 address assigned to the producer instance network interface. This value will be a range in case of Serverless.",
           "type": "string"
         },
-        "owner": {
-          "description": "The owner of the internal IP address.",
+        "ipv6Address": {
+          "description": "The IPv6 address assigned to the producer instance network interface. This is only assigned when the stack types of both the instance network interface and the consumer subnet are IPv4_IPv6.",
           "type": "string"
         },
-        "purpose": {
-          "description": "The purpose of the internal IP address if applicable.",
+        "projectIdOrNum": {
+          "description": "The project id or number of the interface to which the IP was assigned.",
           "type": "string"
         },
-        "region": {
-          "description": "The region of the internal IP address if applicable.",
-          "type": "string"
+        "secondaryIpCidrRanges": {
+          "description": "Alias IP ranges from the same subnetwork.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         },
-        "type": {
-          "description": "The type of the internal IP address.",
+        "status": {
+          "description": "The status of a connected endpoint to this network attachment.",
           "enum": [
-            "PEER_RESERVED",
-            "PEER_USED",
-            "REMOTE_RESERVED",
-            "REMOTE_USED",
-            "RESERVED",
-            "SUBNETWORK",
-            "TYPE_UNSPECIFIED"
+            "ACCEPTED",
+            "CLOSED",
+            "NEEDS_ATTENTION",
+            "PENDING",
+            "REJECTED",
+            "STATUS_UNSPECIFIED"
           ],
           "enumDescriptions": [
-            "Reserved IP ranges on peer networks.",
-            "Used IP ranges on peer networks, including peer subnetwork IP ranges.",
-            "Reserved IP ranges on peer networks of peer networks.",
-            "Used IP ranges on peer networks of peer networks.",
-            "Reserved IP ranges on local network.",
-            "Subnetwork IP ranges on local network.",
+            "The consumer allows traffic from the producer to reach its VPC.",
+            "The consumer network attachment no longer exists.",
+            "The consumer needs to take further action before traffic can be served.",
+            "The consumer neither allows nor prohibits traffic from the producer to reach its VPC.",
+            "The consumer prohibits traffic from the producer to reach its VPC.",
             ""
           ],
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "InternalIpOwner": {
-      "id": "InternalIpOwner",
-      "properties": {
-        "ipCidrRange": {
-          "description": "IP CIDR range being owned.",
-          "type": "string"
-        },
-        "owners": {
-          "description": "URLs of the IP owners of the IP CIDR range.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
         },
-        "systemOwned": {
-          "description": "Whether this IP CIDR range is reserved for system use.",
-          "type": "boolean"
+        "subnetwork": {
+          "description": "The subnetwork used to assign the IP to the producer instance network interface.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "IpAddressesList": {
-      "id": "IpAddressesList",
+    "NetworkAttachmentList": {
+      "id": "NetworkAttachmentList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of InternalIpAddress resources.",
+          "description": "A list of NetworkAttachment resources.",
           "items": {
-            "$ref": "InternalIpAddress"
+            "$ref": "NetworkAttachment"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#ipAddressesList",
-          "description": "[Output Only] Type of resource. Always compute#ipAddressesList for IP addresses lists.",
+          "default": "compute#networkAttachmentList",
           "type": "string"
         },
         "nextPageToken": {
@@ -58751,6 +65948,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -58769,6 +65967,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -58780,6 +66008,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -58827,36 +66056,18 @@
       },
       "type": "object"
     },
-    "IpOwnerList": {
-      "description": "Contains a list of IP owners.",
-      "id": "IpOwnerList",
+    "NetworkAttachmentsScopedList": {
+      "id": "NetworkAttachmentsScopedList",
       "properties": {
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
-          "type": "string"
-        },
-        "items": {
-          "description": "A list of InternalIpOwner resources.",
+        "networkAttachments": {
+          "description": "A list of NetworkAttachments contained in this scope.",
           "items": {
-            "$ref": "InternalIpOwner"
+            "$ref": "NetworkAttachment"
           },
           "type": "array"
         },
-        "kind": {
-          "default": "compute#ipOwnerList",
-          "description": "[Output Only] Type of resource. Always compute#ipOwnerList for lists of IP owners.",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
-          "type": "string"
-        },
         "warning": {
-          "description": "[Output Only] Informational warning message.",
+          "description": "Informational warning which replaces the list of network attachments when the list is empty.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -58871,6 +66082,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -58889,6 +66101,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -58900,6 +66142,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -58947,126 +66190,21 @@
       },
       "type": "object"
     },
-    "Jwt": {
-      "description": "[Deprecated] JWT configuration for origin authentication. JWT configuration for origin authentication.",
-      "id": "Jwt",
-      "properties": {
-        "audiences": {
-          "description": "A JWT containing any of these audiences will be accepted. The service name will be accepted if audiences is empty. Examples: bookstore_android.apps.googleusercontent.com, bookstore_web.apps.googleusercontent.com",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "issuer": {
-          "description": "Identifies the issuer that issued the JWT, which is usually a URL or an email address. Examples: https://securetoken.google.com, 1234567-compute@developer.gserviceaccount.com",
-          "type": "string"
-        },
-        "jwksPublicKeys": {
-          "description": "The provider's public key set to validate the signature of the JWT.",
-          "type": "string"
-        },
-        "jwtHeaders": {
-          "description": "jwt_headers and jwt_params define where to extract the JWT from an HTTP request. If no explicit location is specified, the following default locations are tried in order: 1. The Authorization header using the Bearer schema. See `here `_. Example: Authorization: Bearer . 2. `access_token` query parameter. See `this `_ Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations its issuer specified or from the default locations. This field is set if JWT is sent in a request header. This field specifies the header name. For example, if `header=x-goog-iap-jwt-assertion`, the header format will be x-goog-iap-jwt-assertion: .",
-          "items": {
-            "$ref": "JwtHeader"
-          },
-          "type": "array"
-        },
-        "jwtParams": {
-          "description": "This field is set if JWT is sent in a query parameter. This field specifies the query parameter name. For example, if jwt_params[0] is jwt_token, the JWT format in the query parameter is /path?jwt_token=.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "JwtHeader": {
-      "description": "[Deprecated] This message specifies a header location to extract JWT token. This message specifies a header location to extract JWT token.",
-      "id": "JwtHeader",
-      "properties": {
-        "name": {
-          "description": "The HTTP header name.",
-          "type": "string"
-        },
-        "valuePrefix": {
-          "description": "The value prefix. The value format is \"value_prefix\" For example, for \"Authorization: Bearer \", value_prefix=\"Bearer \" with a space at the end.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "License": {
-      "description": "Represents a License resource. A License represents billing and aggregate usage data for public and marketplace images. *Caution* This resource is intended for use only by third-party partners who are creating Cloud Marketplace images. ",
-      "id": "License",
+    "NetworkEdgeSecurityService": {
+      "description": "Represents a Google Cloud Armor network edge security service resource.",
+      "id": "NetworkEdgeSecurityService",
       "properties": {
-        "chargesUseFee": {
-          "description": "[Output Only] Deprecated. This field no longer reflects whether a license charges a usage fee.",
-          "type": "boolean"
-        },
         "creationTimestamp": {
           "description": "[Output Only] Creation timestamp in RFC3339 text format.",
           "type": "string"
         },
         "description": {
-          "description": "An optional textual description of the resource; provided by the client when the resource is created.",
-          "type": "string"
-        },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "kind": {
-          "default": "compute#license",
-          "description": "[Output Only] Type of resource. Always compute#license for licenses.",
-          "type": "string"
-        },
-        "licenseCode": {
-          "description": "[Output Only] The unique code used to attach this license to images, snapshots, and disks.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "name": {
-          "annotations": {
-            "required": [
-              "compute.images.insert"
-            ]
-          },
-          "description": "Name of the resource. The name must be 1-63 characters long and comply with RFC1035.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "resourceRequirements": {
-          "$ref": "LicenseResourceRequirements"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
-          "type": "string"
-        },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
-          "type": "string"
-        },
-        "transferable": {
-          "description": "If false, licenses will not be copied from the source resource when creating an image from a disk, disk from snapshot, or snapshot from disk.",
-          "type": "boolean"
-        }
-      },
-      "type": "object"
-    },
-    "LicenseCode": {
-      "description": "Represents a License Code resource. A License Code is a unique identifier used to represent a license resource. *Caution* This resource is intended for use only by third-party partners who are creating Cloud Marketplace images. ",
-      "id": "LicenseCode",
-      "properties": {
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
           "type": "string"
         },
-        "description": {
-          "description": "[Output Only] Description of this License Code.",
+        "fingerprint": {
+          "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a NetworkEdgeSecurityService. An up-to-date fingerprint must be provided in order to update the NetworkEdgeSecurityService, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a NetworkEdgeSecurityService.",
+          "format": "byte",
           "type": "string"
         },
         "id": {
@@ -59075,119 +66213,56 @@
           "type": "string"
         },
         "kind": {
-          "default": "compute#licenseCode",
-          "description": "[Output Only] Type of resource. Always compute#licenseCode for licenses.",
+          "default": "compute#networkEdgeSecurityService",
+          "description": "[Output only] Type of the resource. Always compute#networkEdgeSecurityService for NetworkEdgeSecurityServices",
           "type": "string"
         },
-        "licenseAlias": {
-          "description": "[Output Only] URL and description aliases of Licenses with the same License Code.",
-          "items": {
-            "$ref": "LicenseCodeLicenseAlias"
-          },
-          "type": "array"
-        },
         "name": {
-          "annotations": {
-            "required": [
-              "compute.licenses.insert"
-            ]
-          },
-          "description": "[Output Only] Name of the resource. The name is 1-20 characters long and must be a valid 64 bit integer.",
-          "pattern": "[0-9]{0,20}?",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
+          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
         },
-        "state": {
-          "description": "[Output Only] Current state of this License Code.",
-          "enum": [
-            "DISABLED",
-            "ENABLED",
-            "RESTRICTED",
-            "STATE_UNSPECIFIED",
-            "TERMINATED"
-          ],
-          "enumDescriptions": [
-            "Machines are not allowed to attach boot disks with this License Code. Requests to create new resources with this license will be rejected.",
-            "Use is allowed for anyone with USE_READ_ONLY access to this License Code.",
-            "Use of this license is limited to a project whitelist.",
-            "",
-            "Reserved state."
-          ],
+        "region": {
+          "description": "[Output Only] URL of the region where the resource resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
           "type": "string"
         },
-        "transferable": {
-          "description": "[Output Only] If true, the license will remain attached when creating images or snapshots from disks. Otherwise, the license is not transferred.",
-          "type": "boolean"
-        }
-      },
-      "type": "object"
-    },
-    "LicenseCodeLicenseAlias": {
-      "id": "LicenseCodeLicenseAlias",
-      "properties": {
-        "description": {
-          "description": "[Output Only] Description of this License Code.",
+        "securityPolicy": {
+          "description": "The resource URL for the network edge security service associated with this network edge security service.",
           "type": "string"
         },
         "selfLink": {
-          "description": "[Output Only] URL of license corresponding to this License Code.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "LicenseResourceCommitment": {
-      "description": "Commitment for a particular license resource.",
-      "id": "LicenseResourceCommitment",
-      "properties": {
-        "amount": {
-          "description": "The number of licenses purchased.",
-          "format": "int64",
-          "type": "string"
-        },
-        "coresPerLicense": {
-          "description": "Specifies the core range of the instance for which this license applies.",
+          "description": "[Output Only] Server-defined URL for the resource.",
           "type": "string"
         },
-        "license": {
-          "description": "Any applicable license URI.",
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "LicenseResourceRequirements": {
-      "id": "LicenseResourceRequirements",
-      "properties": {
-        "minGuestCpuCount": {
-          "description": "Minimum number of guest cpus required to use the Instance. Enforced at Instance creation and Instance start.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "minMemoryMb": {
-          "description": "Minimum memory required to use the Instance. Enforced at Instance creation and Instance start.",
-          "format": "int32",
-          "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "LicensesListResponse": {
-      "id": "LicensesListResponse",
+    "NetworkEdgeSecurityServiceAggregatedList": {
+      "id": "NetworkEdgeSecurityServiceAggregatedList",
       "properties": {
+        "etag": {
+          "type": "string"
+        },
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of License resources.",
-          "items": {
-            "$ref": "License"
+          "additionalProperties": {
+            "$ref": "NetworkEdgeSecurityServicesScopedList",
+            "description": "Name of the scope containing this set of security policies."
           },
-          "type": "array"
+          "description": "A list of NetworkEdgeSecurityServicesScopedList resources.",
+          "type": "object"
+        },
+        "kind": {
+          "default": "compute#networkEdgeSecurityServiceAggregatedList",
+          "description": "[Output Only] Type of resource. Always compute#networkEdgeSecurityServiceAggregatedList for lists of Network Edge Security Services.",
+          "type": "string"
         },
         "nextPageToken": {
           "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
@@ -59197,6 +66272,13 @@
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -59213,6 +66295,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -59231,6 +66314,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -59242,6 +66355,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -59289,353 +66403,18 @@
       },
       "type": "object"
     },
-    "LocalDisk": {
-      "id": "LocalDisk",
-      "properties": {
-        "diskCount": {
-          "description": "Specifies the number of such disks.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "diskSizeGb": {
-          "description": "Specifies the size of the disk in base-2 GB.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "diskType": {
-          "description": "Specifies the desired disk type on the node. This disk type must be a local storage type (e.g.: local-ssd). Note that for nodeTemplates, this should be the name of the disk type and not its URL.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "LocalizedMessage": {
-      "description": "Provides a localized error message that is safe to return to the user which can be attached to an RPC error.",
-      "id": "LocalizedMessage",
-      "properties": {
-        "locale": {
-          "description": "The locale used following the specification defined at https://www.rfc-editor.org/rfc/bcp/bcp47.txt. Examples are: \"en-US\", \"fr-CH\", \"es-MX\"",
-          "type": "string"
-        },
-        "message": {
-          "description": "The localized error message in the above locale.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "LocationPolicy": {
-      "description": "Configuration for location policy among multiple possible locations (e.g. preferences for zone selection among zones in a single region).",
-      "id": "LocationPolicy",
-      "properties": {
-        "locations": {
-          "additionalProperties": {
-            "$ref": "LocationPolicyLocation"
-          },
-          "description": "Location configurations mapped by location name. Currently only zone names are supported and must be represented as valid internal URLs, such as zones/us-central1-a.",
-          "type": "object"
-        },
-        "targetShape": {
-          "description": "Strategy for distributing VMs across zones in a region.",
-          "enum": [
-            "ANY",
-            "ANY_SINGLE_ZONE",
-            "BALANCED"
-          ],
-          "enumDescriptions": [
-            "GCE picks zones for creating VM instances to fulfill the requested number of VMs within present resource constraints and to maximize utilization of unused zonal reservations. Recommended for batch workloads that do not require high availability.",
-            "GCE always selects a single zone for all the VMs, optimizing for resource quotas, available reservations and general capacity. Recommended for batch workloads that cannot tollerate distribution over multiple zones. This the default shape in Bulk Insert and Capacity Advisor APIs.",
-            "GCE prioritizes acquisition of resources, scheduling VMs in zones where resources are available while distributing VMs as evenly as possible across allowed zones to minimize the impact of zonal failure. Recommended for highly available serving workloads."
-          ],
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "LocationPolicyLocation": {
-      "id": "LocationPolicyLocation",
-      "properties": {
-        "constraints": {
-          "$ref": "LocationPolicyLocationConstraints",
-          "description": "Constraints that the caller requires on the result distribution in this zone."
-        },
-        "names": {
-          "description": "Names of resources to be put in the location. Must contain unique, correct resource names. If used, targetShape must be left unset.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "preference": {
-          "description": "Preference for a given location. Set to either ALLOW or DENY.",
-          "enum": [
-            "ALLOW",
-            "DENY",
-            "PREFERENCE_UNSPECIFIED"
-          ],
-          "enumDescriptions": [
-            "Location is allowed for use.",
-            "Location is prohibited.",
-            "Default value, unused."
-          ],
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "LocationPolicyLocationConstraints": {
-      "description": "Per-zone constraints on location policy for this zone.",
-      "id": "LocationPolicyLocationConstraints",
-      "properties": {
-        "maxCount": {
-          "description": "Maximum number of items that are allowed to be placed in this zone. The value must be non-negative.",
-          "format": "int32",
-          "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "LogConfig": {
-      "description": "This is deprecated and has no effect. Do not use.",
-      "id": "LogConfig",
-      "properties": {
-        "cloudAudit": {
-          "$ref": "LogConfigCloudAuditOptions",
-          "description": "This is deprecated and has no effect. Do not use."
-        },
-        "counter": {
-          "$ref": "LogConfigCounterOptions",
-          "description": "This is deprecated and has no effect. Do not use."
-        },
-        "dataAccess": {
-          "$ref": "LogConfigDataAccessOptions",
-          "description": "This is deprecated and has no effect. Do not use."
-        }
-      },
-      "type": "object"
-    },
-    "LogConfigCloudAuditOptions": {
-      "description": "This is deprecated and has no effect. Do not use.",
-      "id": "LogConfigCloudAuditOptions",
-      "properties": {
-        "authorizationLoggingOptions": {
-          "$ref": "AuthorizationLoggingOptions",
-          "description": "This is deprecated and has no effect. Do not use."
-        },
-        "logName": {
-          "description": "This is deprecated and has no effect. Do not use.",
-          "enum": [
-            "ADMIN_ACTIVITY",
-            "DATA_ACCESS",
-            "UNSPECIFIED_LOG_NAME"
-          ],
-          "enumDescriptions": [
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use."
-          ],
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "LogConfigCounterOptions": {
-      "description": "This is deprecated and has no effect. Do not use.",
-      "id": "LogConfigCounterOptions",
-      "properties": {
-        "customFields": {
-          "description": "This is deprecated and has no effect. Do not use.",
-          "items": {
-            "$ref": "LogConfigCounterOptionsCustomField"
-          },
-          "type": "array"
-        },
-        "field": {
-          "description": "This is deprecated and has no effect. Do not use.",
-          "type": "string"
-        },
-        "metric": {
-          "description": "This is deprecated and has no effect. Do not use.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "LogConfigCounterOptionsCustomField": {
-      "description": "This is deprecated and has no effect. Do not use.",
-      "id": "LogConfigCounterOptionsCustomField",
-      "properties": {
-        "name": {
-          "description": "This is deprecated and has no effect. Do not use.",
-          "type": "string"
-        },
-        "value": {
-          "description": "This is deprecated and has no effect. Do not use.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "LogConfigDataAccessOptions": {
-      "description": "This is deprecated and has no effect. Do not use.",
-      "id": "LogConfigDataAccessOptions",
-      "properties": {
-        "logMode": {
-          "description": "This is deprecated and has no effect. Do not use.",
-          "enum": [
-            "LOG_FAIL_CLOSED",
-            "LOG_MODE_UNSPECIFIED"
-          ],
-          "enumDescriptions": [
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use."
-          ],
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "MachineImage": {
-      "description": "Represents a machine image resource. A machine image is a Compute Engine resource that stores all the configuration, metadata, permissions, and data from one or more disks required to create a Virtual machine (VM) instance. For more information, see Machine images.",
-      "id": "MachineImage",
-      "properties": {
-        "creationTimestamp": {
-          "description": "[Output Only] The creation timestamp for this machine image in RFC3339 text format.",
-          "type": "string"
-        },
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
-          "type": "string"
-        },
-        "guestFlush": {
-          "description": "[Input Only] Whether to attempt an application consistent machine image by informing the OS to prepare for the snapshot process.",
-          "type": "boolean"
-        },
-        "id": {
-          "description": "[Output Only] A unique identifier for this machine image. The server defines this identifier.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "instanceProperties": {
-          "$ref": "InstanceProperties",
-          "description": "[Output Only] Properties of source instance"
-        },
-        "kind": {
-          "default": "compute#machineImage",
-          "description": "[Output Only] The resource type, which is always compute#machineImage for machine image.",
-          "type": "string"
-        },
-        "machineImageEncryptionKey": {
-          "$ref": "CustomerEncryptionKey",
-          "description": "Encrypts the machine image using a customer-supplied encryption key. After you encrypt a machine image using a customer-supplied key, you must provide the same key if you use the machine image later. For example, you must provide the encryption key when you create an instance from the encrypted machine image in a future request. Customer-supplied encryption keys do not protect access to metadata of the machine image. If you do not provide an encryption key when creating the machine image, then the machine image will be encrypted using an automatically generated key and you do not need to provide a key to use the machine image later."
-        },
-        "name": {
-          "annotations": {
-            "required": [
-              "compute.machineImages.insert"
-            ]
-          },
-          "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "satisfiesPzs": {
-          "description": "[Output Only] Reserved for future use.",
-          "type": "boolean"
-        },
-        "savedDisks": {
-          "description": "An array of Machine Image specific properties for disks attached to the source instance",
-          "items": {
-            "$ref": "SavedDisk"
-          },
-          "type": "array"
-        },
-        "selfLink": {
-          "description": "[Output Only] The URL for this machine image. The server defines this URL.",
-          "type": "string"
-        },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
-          "type": "string"
-        },
-        "sourceDiskEncryptionKeys": {
-          "description": "[Input Only] The customer-supplied encryption key of the disks attached to the source instance. Required if the source disk is protected by a customer-supplied encryption key.",
-          "items": {
-            "$ref": "SourceDiskEncryptionKey"
-          },
-          "type": "array"
-        },
-        "sourceInstance": {
-          "description": "The source instance used to create the machine image. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /instances/instance - projects/project/zones/zone/instances/instance ",
-          "type": "string"
-        },
-        "sourceInstanceProperties": {
-          "$ref": "SourceInstanceProperties",
-          "description": "[Output Only] DEPRECATED: Please use instance_properties instead for source instance related properties. New properties will not be added to this field."
-        },
-        "status": {
-          "description": "[Output Only] The status of the machine image. One of the following values: INVALID, CREATING, READY, DELETING, and UPLOADING.",
-          "enum": [
-            "CREATING",
-            "DELETING",
-            "INVALID",
-            "READY",
-            "UPLOADING"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "storageLocations": {
-          "description": "The regional or multi-regional Cloud Storage bucket location where the machine image is stored.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "totalStorageBytes": {
-          "description": "[Output Only] Total size of the storage used by the machine image.",
-          "format": "int64",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "MachineImageList": {
-      "description": "A list of machine images.",
-      "id": "MachineImageList",
+    "NetworkEdgeSecurityServicesScopedList": {
+      "id": "NetworkEdgeSecurityServicesScopedList",
       "properties": {
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
-          "type": "string"
-        },
-        "items": {
-          "description": "A list of MachineImage resources.",
+        "networkEdgeSecurityServices": {
+          "description": "A list of NetworkEdgeSecurityServices contained in this scope.",
           "items": {
-            "$ref": "MachineImage"
+            "$ref": "NetworkEdgeSecurityService"
           },
           "type": "array"
         },
-        "kind": {
-          "default": "compute#machineImageList",
-          "description": "[Output Only] The resource type, which is always compute#machineImagesListResponse for machine image lists.",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
-          "type": "string"
-        },
         "warning": {
-          "description": "[Output Only] Informational warning message.",
+          "description": "Informational warning which replaces the list of security policies when the list is empty.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -59650,6 +66429,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -59668,6 +66448,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -59679,6 +66489,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -59726,114 +66537,175 @@
       },
       "type": "object"
     },
-    "MachineType": {
-      "description": "Represents a Machine Type resource. You can use specific machine types for your VM instances based on performance and pricing requirements. For more information, read Machine Types.",
-      "id": "MachineType",
+    "NetworkEndpoint": {
+      "description": "The network endpoint.",
+      "id": "NetworkEndpoint",
       "properties": {
-        "accelerators": {
-          "description": "[Output Only] A list of accelerator configurations assigned to this machine type.",
-          "items": {
-            "properties": {
-              "guestAcceleratorCount": {
-                "description": "Number of accelerator cards exposed to the guest.",
-                "format": "int32",
-                "type": "integer"
-              },
-              "guestAcceleratorType": {
-                "description": "The accelerator type resource name, not a full URL, e.g. 'nvidia-tesla-k80'.",
-                "type": "string"
-              }
-            },
-            "type": "object"
+        "annotations": {
+          "additionalProperties": {
+            "type": "string"
           },
-          "type": "array"
+          "description": "Metadata defined as annotations on the network endpoint.",
+          "type": "object"
         },
-        "architecture": {
-          "description": "[Output Only] The architecture of the machine type.",
-          "enum": [
-            "ARCHITECTURE_UNSPECIFIED",
-            "ARM64",
-            "X86_64"
-          ],
-          "enumDescriptions": [
-            "Default value indicating Architecture is not set.",
-            "Machines with architecture ARM64",
-            "Machines with architecture X86_64"
-          ],
+        "fqdn": {
+          "description": "Optional fully qualified domain name of network endpoint. This can only be specified when NetworkEndpointGroup.network_endpoint_type is NON_GCP_FQDN_PORT.",
           "type": "string"
         },
-        "bundledLocalSsds": {
-          "$ref": "BundledLocalSsds",
-          "description": "[Output Only] The configuration of bundled local SSD for the machine type."
+        "instance": {
+          "description": "The name for a specific VM instance that the IP address belongs to. This is required for network endpoints of type GCE_VM_IP_PORT. The instance must be in the same zone of network endpoint group. The name must be 1-63 characters long, and comply with RFC1035.",
+          "type": "string"
+        },
+        "ipAddress": {
+          "description": "Optional IPv4 address of network endpoint. The IP address must belong to a VM in Compute Engine (either the primary IP or as part of an aliased IP range). If the IP address is not specified, then the primary IP address for the VM instance in the network that the network endpoint group belongs to will be used.",
+          "type": "string"
+        },
+        "ipv6Address": {
+          "description": "Optional IPv6 address of network endpoint.",
+          "type": "string"
+        },
+        "port": {
+          "description": "Optional port number of network endpoint. If not specified, the defaultPort for the network endpoint group will be used.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "NetworkEndpointGroup": {
+      "description": "Represents a collection of network endpoints. A network endpoint group (NEG) defines how a set of endpoints should be reached, whether they are reachable, and where they are located. For more information about using NEGs, see Setting up external HTTP(S) Load Balancing with internet NEGs, Setting up zonal NEGs, or Setting up external HTTP(S) Load Balancing with serverless NEGs.",
+      "id": "NetworkEndpointGroup",
+      "properties": {
+        "annotations": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Metadata defined as annotations on the network endpoint group.",
+          "type": "object"
+        },
+        "appEngine": {
+          "$ref": "NetworkEndpointGroupAppEngine",
+          "description": "Only valid when networkEndpointType is \"SERVERLESS\". Only one of cloudRun, appEngine or cloudFunction may be set."
+        },
+        "cloudFunction": {
+          "$ref": "NetworkEndpointGroupCloudFunction",
+          "description": "Only valid when networkEndpointType is \"SERVERLESS\". Only one of cloudRun, appEngine or cloudFunction may be set."
+        },
+        "cloudRun": {
+          "$ref": "NetworkEndpointGroupCloudRun",
+          "description": "Only valid when networkEndpointType is \"SERVERLESS\". Only one of cloudRun, appEngine or cloudFunction may be set."
         },
         "creationTimestamp": {
           "description": "[Output Only] Creation timestamp in RFC3339 text format.",
           "type": "string"
         },
-        "deprecated": {
-          "$ref": "DeprecationStatus",
-          "description": "[Output Only] The deprecation status associated with this machine type. Only applicable if the machine type is unavailable."
+        "defaultPort": {
+          "description": "The default port used if the port number is not specified in the network endpoint.",
+          "format": "int32",
+          "type": "integer"
         },
         "description": {
-          "description": "[Output Only] An optional textual description of the resource.",
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
+          "type": "string"
+        },
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "kind": {
+          "default": "compute#networkEndpointGroup",
+          "description": "[Output Only] Type of the resource. Always compute#networkEndpointGroup for network endpoint group.",
+          "type": "string"
+        },
+        "loadBalancer": {
+          "$ref": "NetworkEndpointGroupLbNetworkEndpointGroup",
+          "deprecated": true,
+          "description": "This field is only valid when the network endpoint group is used for load balancing. [Deprecated] This field is deprecated."
+        },
+        "name": {
+          "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "type": "string"
+        },
+        "network": {
+          "description": "The URL of the network to which all network endpoints in the NEG belong. Uses \"default\" project network if unspecified.",
+          "type": "string"
+        },
+        "networkEndpointType": {
+          "description": "Type of network endpoints in this network endpoint group. Can be one of GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_FQDN_PORT, INTERNET_IP_PORT, SERVERLESS, PRIVATE_SERVICE_CONNECT.",
+          "enum": [
+            "GCE_VM_IP",
+            "GCE_VM_IP_PORT",
+            "GCE_VM_PRIMARY_IP",
+            "INTERNET_FQDN_PORT",
+            "INTERNET_IP_PORT",
+            "NON_GCP_PRIVATE_IP_PORT",
+            "PRIVATE_SERVICE_CONNECT",
+            "SERVERLESS"
+          ],
+          "enumDescriptions": [
+            "The network endpoint is represented by an IP address.",
+            "The network endpoint is represented by IP address and port pair.",
+            "The network endpoint is the primary IP address on any network interface of a VM in Compute Engine.",
+            "The network endpoint is represented by fully qualified domain name and port.",
+            "The network endpoint is represented by an internet IP address and port.",
+            "The network endpoint is represented by an IP address and port. The endpoint belongs to a VM or pod running in a customer's on-premises.",
+            "The network endpoint is either public Google APIs or services exposed by other GCP Project with a Service Attachment. The connection is set up by private service connect",
+            "The network endpoint is handled by specified serverless infrastructure."
+          ],
           "type": "string"
         },
-        "guestCpus": {
-          "description": "[Output Only] The number of virtual CPUs that are available to the instance.",
-          "format": "int32",
-          "type": "integer"
+        "pscData": {
+          "$ref": "NetworkEndpointGroupPscData"
         },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
+        "pscTargetService": {
+          "description": "The target service url used to set up private service connection to a Google API or a PSC Producer Service Attachment. An example value is: \"asia-northeast3-cloudkms.googleapis.com\"",
           "type": "string"
         },
-        "isSharedCpu": {
-          "description": "[Output Only] Whether this machine type has a shared CPU. See Shared-core machine types for more information.",
-          "type": "boolean"
-        },
-        "kind": {
-          "default": "compute#machineType",
-          "description": "[Output Only] The type of the resource. Always compute#machineType for machine types.",
+        "region": {
+          "description": "[Output Only] The URL of the region where the network endpoint group is located.",
           "type": "string"
         },
-        "maximumPersistentDisks": {
-          "description": "[Output Only] Maximum persistent disks allowed.",
-          "format": "int32",
-          "type": "integer"
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
+          "type": "string"
         },
-        "maximumPersistentDisksSizeGb": {
-          "description": "[Output Only] Maximum total persistent disks size (GB) allowed.",
-          "format": "int64",
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
           "type": "string"
         },
-        "memoryMb": {
-          "description": "[Output Only] The amount of physical memory available to the instance, defined in MB.",
+        "serverlessDeployment": {
+          "$ref": "NetworkEndpointGroupServerlessDeployment",
+          "description": "Only valid when networkEndpointType is \"SERVERLESS\". Only one of cloudRun, appEngine, cloudFunction or serverlessDeployment may be set."
+        },
+        "size": {
+          "description": "[Output only] Number of network endpoints in the network endpoint group.",
           "format": "int32",
           "type": "integer"
         },
-        "name": {
-          "description": "[Output Only] Name of the resource.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
+        "subnetwork": {
+          "description": "Optional URL of the subnetwork to which all network endpoints in the NEG belong.",
           "type": "string"
         },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+        "type": {
+          "description": "Specify the type of this network endpoint group. Only LOAD_BALANCING is valid for now.",
+          "enum": [
+            "LOAD_BALANCING"
+          ],
+          "enumDescriptions": [
+            "The network endpoint group is a backend of a load balancer."
+          ],
           "type": "string"
         },
         "zone": {
-          "description": "[Output Only] The name of the zone where the machine type resides, such as us-central1-a.",
+          "description": "[Output Only] The URL of the zone where the network endpoint group is located.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "MachineTypeAggregatedList": {
-      "id": "MachineTypeAggregatedList",
+    "NetworkEndpointGroupAggregatedList": {
+      "id": "NetworkEndpointGroupAggregatedList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
@@ -59841,15 +66713,15 @@
         },
         "items": {
           "additionalProperties": {
-            "$ref": "MachineTypesScopedList",
-            "description": "[Output Only] Name of the scope containing this set of machine types."
+            "$ref": "NetworkEndpointGroupsScopedList",
+            "description": "The name of the scope that contains this set of network endpoint groups."
           },
-          "description": "A list of MachineTypesScopedList resources.",
+          "description": "A list of NetworkEndpointGroupsScopedList resources.",
           "type": "object"
         },
         "kind": {
-          "default": "compute#machineTypeAggregatedList",
-          "description": "[Output Only] Type of resource. Always compute#machineTypeAggregatedList for aggregated lists of machine types.",
+          "default": "compute#networkEndpointGroupAggregatedList",
+          "description": "[Output Only] The resource type, which is always compute#networkEndpointGroupAggregatedList for aggregated lists of network endpoint groups.",
           "type": "string"
         },
         "nextPageToken": {
@@ -59883,6 +66755,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -59901,6 +66774,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -59912,6 +66815,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -59959,24 +66863,104 @@
       },
       "type": "object"
     },
-    "MachineTypeList": {
-      "description": "Contains a list of machine types.",
-      "id": "MachineTypeList",
+    "NetworkEndpointGroupAppEngine": {
+      "description": "Configuration for an App Engine network endpoint group (NEG). The service is optional, may be provided explicitly or in the URL mask. The version is optional and can only be provided explicitly or in the URL mask when service is present. Note: App Engine service must be in the same project and located in the same region as the Serverless NEG.",
+      "id": "NetworkEndpointGroupAppEngine",
+      "properties": {
+        "service": {
+          "description": "Optional serving service. The service name is case-sensitive and must be 1-63 characters long. Example value: \"default\", \"my-service\".",
+          "type": "string"
+        },
+        "urlMask": {
+          "description": "A template to parse service and version fields from a request URL. URL mask allows for routing to multiple App Engine services without having to create multiple Network Endpoint Groups and backend services. For example, the request URLs \"foo1-dot-appname.appspot.com/v1\" and \"foo1-dot-appname.appspot.com/v2\" can be backed by the same Serverless NEG with URL mask \"\u003cservice\u003e-dot-appname.appspot.com/\u003cversion\u003e\". The URL mask will parse them to { service = \"foo1\", version = \"v1\" } and { service = \"foo1\", version = \"v2\" } respectively.",
+          "type": "string"
+        },
+        "version": {
+          "description": "Optional serving version. The version name is case-sensitive and must be 1-100 characters long. Example value: \"v1\", \"v2\".",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "NetworkEndpointGroupCloudFunction": {
+      "description": "Configuration for a Cloud Function network endpoint group (NEG). The function must be provided explicitly or in the URL mask. Note: Cloud Function must be in the same project and located in the same region as the Serverless NEG.",
+      "id": "NetworkEndpointGroupCloudFunction",
+      "properties": {
+        "function": {
+          "description": "A user-defined name of the Cloud Function. The function name is case-sensitive and must be 1-63 characters long. Example value: \"func1\".",
+          "type": "string"
+        },
+        "urlMask": {
+          "description": "A template to parse function field from a request URL. URL mask allows for routing to multiple Cloud Functions without having to create multiple Network Endpoint Groups and backend services. For example, request URLs \" mydomain.com/function1\" and \"mydomain.com/function2\" can be backed by the same Serverless NEG with URL mask \"/\u003cfunction\u003e\". The URL mask will parse them to { function = \"function1\" } and { function = \"function2\" } respectively.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "NetworkEndpointGroupCloudRun": {
+      "description": "Configuration for a Cloud Run network endpoint group (NEG). The service must be provided explicitly or in the URL mask. The tag is optional, may be provided explicitly or in the URL mask. Note: Cloud Run service must be in the same project and located in the same region as the Serverless NEG.",
+      "id": "NetworkEndpointGroupCloudRun",
+      "properties": {
+        "service": {
+          "description": "Cloud Run service is the main resource of Cloud Run. The service must be 1-63 characters long, and comply with RFC1035. Example value: \"run-service\".",
+          "type": "string"
+        },
+        "tag": {
+          "description": "Optional Cloud Run tag represents the \"named-revision\" to provide additional fine-grained traffic routing information. The tag must be 1-63 characters long, and comply with RFC1035. Example value: \"revision-0010\".",
+          "type": "string"
+        },
+        "urlMask": {
+          "description": "A template to parse \u003cservice\u003e and \u003ctag\u003e fields from a request URL. URL mask allows for routing to multiple Run services without having to create multiple network endpoint groups and backend services. For example, request URLs \"foo1.domain.com/bar1\" and \"foo1.domain.com/bar2\" can be backed by the same Serverless Network Endpoint Group (NEG) with URL mask \"\u003ctag\u003e.domain.com/\u003cservice\u003e\". The URL mask will parse them to { service=\"bar1\", tag=\"foo1\" } and { service=\"bar2\", tag=\"foo2\" } respectively.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "NetworkEndpointGroupLbNetworkEndpointGroup": {
+      "description": "Load balancing specific fields for network endpoint group.",
+      "id": "NetworkEndpointGroupLbNetworkEndpointGroup",
+      "properties": {
+        "defaultPort": {
+          "deprecated": true,
+          "description": "The default port used if the port number is not specified in the network endpoint. [Deprecated] This field is deprecated.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "network": {
+          "deprecated": true,
+          "description": "The URL of the network to which all network endpoints in the NEG belong. Uses \"default\" project network if unspecified. [Deprecated] This field is deprecated.",
+          "type": "string"
+        },
+        "subnetwork": {
+          "deprecated": true,
+          "description": "Optional URL of the subnetwork to which all network endpoints in the NEG belong. [Deprecated] This field is deprecated.",
+          "type": "string"
+        },
+        "zone": {
+          "deprecated": true,
+          "description": "[Output Only] The URL of the zone where the network endpoint group is located. [Deprecated] This field is deprecated.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "NetworkEndpointGroupList": {
+      "id": "NetworkEndpointGroupList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of MachineType resources.",
+          "description": "A list of NetworkEndpointGroup resources.",
           "items": {
-            "$ref": "MachineType"
+            "$ref": "NetworkEndpointGroup"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#machineTypeList",
-          "description": "[Output Only] Type of resource. Always compute#machineTypeList for lists of machine types.",
+          "default": "compute#networkEndpointGroupList",
+          "description": "[Output Only] The resource type, which is always compute#networkEndpointGroupList for network endpoint group lists.",
           "type": "string"
         },
         "nextPageToken": {
@@ -60003,6 +66987,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -60021,6 +67006,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -60032,6 +67047,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -60079,18 +67095,150 @@
       },
       "type": "object"
     },
-    "MachineTypesScopedList": {
-      "id": "MachineTypesScopedList",
+    "NetworkEndpointGroupPscData": {
+      "description": "All data that is specifically relevant to only network endpoint groups of type PRIVATE_SERVICE_CONNECT.",
+      "id": "NetworkEndpointGroupPscData",
       "properties": {
-        "machineTypes": {
-          "description": "[Output Only] A list of machine types contained in this scope.",
+        "consumerPscAddress": {
+          "description": "[Output Only] Address allocated from given subnetwork for PSC. This IP address acts as a VIP for a PSC NEG, allowing it to act as an endpoint in L7 PSC-XLB.",
+          "type": "string"
+        },
+        "pscConnectionId": {
+          "description": "[Output Only] The PSC connection id of the PSC Network Endpoint Group Consumer.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "pscConnectionStatus": {
+          "description": "[Output Only] The connection status of the PSC Forwarding Rule.",
+          "enum": [
+            "ACCEPTED",
+            "CLOSED",
+            "NEEDS_ATTENTION",
+            "PENDING",
+            "REJECTED",
+            "STATUS_UNSPECIFIED"
+          ],
+          "enumDescriptions": [
+            "The connection has been accepted by the producer.",
+            "The connection has been closed by the producer and will not serve traffic going forward.",
+            "The connection has been accepted by the producer, but the producer needs to take further action before the forwarding rule can serve traffic.",
+            "The connection is pending acceptance by the producer.",
+            "The connection has been rejected by the producer.",
+            ""
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "NetworkEndpointGroupServerlessDeployment": {
+      "description": "Configuration for a serverless network endpoint group (NEG). The platform must be provided. Note: The target backend service must be in the same project and located in the same region as the Serverless NEG.",
+      "id": "NetworkEndpointGroupServerlessDeployment",
+      "properties": {
+        "platform": {
+          "description": "The platform of the backend target(s) of this NEG. The only supported value is API Gateway: apigateway.googleapis.com.",
+          "type": "string"
+        },
+        "resource": {
+          "description": "The user-defined name of the workload/instance. This value must be provided explicitly or in the urlMask. The resource identified by this value is platform-specific and is as follows: 1. API Gateway: The gateway ID 2. App Engine: The service name 3. Cloud Functions: The function name 4. Cloud Run: The service name ",
+          "type": "string"
+        },
+        "urlMask": {
+          "description": "A template to parse platform-specific fields from a request URL. URL mask allows for routing to multiple resources on the same serverless platform without having to create multiple Network Endpoint Groups and backend resources. The fields parsed by this template are platform-specific and are as follows: 1. API Gateway: The gateway ID 2. App Engine: The service and version 3. Cloud Functions: The function name 4. Cloud Run: The service and tag ",
+          "type": "string"
+        },
+        "version": {
+          "description": "The optional resource version. The version identified by this value is platform-specific and is follows: 1. API Gateway: Unused 2. App Engine: The service version 3. Cloud Functions: Unused 4. Cloud Run: The service tag ",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "NetworkEndpointGroupsAttachEndpointsRequest": {
+      "id": "NetworkEndpointGroupsAttachEndpointsRequest",
+      "properties": {
+        "networkEndpoints": {
+          "description": "The list of network endpoints to be attached.",
           "items": {
-            "$ref": "MachineType"
+            "$ref": "NetworkEndpoint"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "NetworkEndpointGroupsDetachEndpointsRequest": {
+      "id": "NetworkEndpointGroupsDetachEndpointsRequest",
+      "properties": {
+        "networkEndpoints": {
+          "description": "The list of network endpoints to be detached.",
+          "items": {
+            "$ref": "NetworkEndpoint"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "NetworkEndpointGroupsListEndpointsRequest": {
+      "id": "NetworkEndpointGroupsListEndpointsRequest",
+      "properties": {
+        "endpointFilters": {
+          "description": "Optional list of endpoints to query. This is a more efficient but also limited version of filter parameter. Endpoints in the filter must have ip_address and port fields populated, other fields are not supported.",
+          "items": {
+            "$ref": "NetworkEndpointGroupsListEndpointsRequestNetworkEndpointFilter"
+          },
+          "type": "array"
+        },
+        "healthStatus": {
+          "description": "Optional query parameter for showing the health status of each network endpoint. Valid options are SKIP or SHOW. If you don't specify this parameter, the health status of network endpoints will not be provided.",
+          "enum": [
+            "SHOW",
+            "SKIP"
+          ],
+          "enumDescriptions": [
+            "Show the health status for each network endpoint. Impacts latency of the call.",
+            "Health status for network endpoints will not be provided."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "NetworkEndpointGroupsListEndpointsRequestNetworkEndpointFilter": {
+      "id": "NetworkEndpointGroupsListEndpointsRequestNetworkEndpointFilter",
+      "properties": {
+        "networkEndpoint": {
+          "$ref": "NetworkEndpoint"
+        }
+      },
+      "type": "object"
+    },
+    "NetworkEndpointGroupsListNetworkEndpoints": {
+      "id": "NetworkEndpointGroupsListNetworkEndpoints",
+      "properties": {
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "type": "string"
+        },
+        "items": {
+          "description": "A list of NetworkEndpointWithHealthStatus resources.",
+          "items": {
+            "$ref": "NetworkEndpointWithHealthStatus"
           },
           "type": "array"
         },
+        "kind": {
+          "default": "compute#networkEndpointGroupsListNetworkEndpoints",
+          "description": "[Output Only] The resource type, which is always compute#networkEndpointGroupsListNetworkEndpoints for the list of network endpoints in the specified network endpoint group.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
         "warning": {
-          "description": "[Output Only] An informational warning that appears when the machine types list is empty.",
+          "description": "[Output Only] Informational warning message.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -60105,6 +67253,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -60123,6 +67272,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -60134,6 +67313,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -60165,258 +67345,149 @@
                   "value": {
                     "description": "[Output Only] A warning data value corresponding to the key.",
                     "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "ManagedInstance": {
-      "description": "A Managed Instance resource.",
-      "id": "ManagedInstance",
-      "properties": {
-        "allInstancesConfig": {
-          "$ref": "ManagedInstanceAllInstancesConfig",
-          "description": "[Output Only] Current all-instances configuration revision applied to this instance."
-        },
-        "currentAction": {
-          "description": "[Output Only] The current action that the managed instance group has scheduled for the instance. Possible values: - NONE The instance is running, and the managed instance group does not have any scheduled actions for this instance. - CREATING The managed instance group is creating this instance. If the group fails to create this instance, it will try again until it is successful. - CREATING_WITHOUT_RETRIES The managed instance group is attempting to create this instance only once. If the group fails to create this instance, it does not try again and the group's targetSize value is decreased instead. - RECREATING The managed instance group is recreating this instance. - DELETING The managed instance group is permanently deleting this instance. - ABANDONING The managed instance group is abandoning this instance. The instance will be removed from the instance group and from any target pools that are associated with this group. - RESTARTING The managed instance group is restarting the instance. - REFRESHING The managed instance group is applying configuration changes to the instance without stopping it. For example, the group can update the target pool list for an instance without stopping that instance. - VERIFYING The managed instance group has created the instance and it is in the process of being verified. ",
-          "enum": [
-            "ABANDONING",
-            "CREATING",
-            "CREATING_ATOMICALLY",
-            "CREATING_WITHOUT_RETRIES",
-            "DELETING",
-            "NONE",
-            "QUEUING",
-            "RECREATING",
-            "REFRESHING",
-            "RESTARTING",
-            "RESUMING",
-            "STARTING",
-            "STOPPING",
-            "SUSPENDING",
-            "VERIFYING"
-          ],
-          "enumDescriptions": [
-            "The managed instance group is abandoning this instance. The instance will be removed from the instance group and from any target pools that are associated with this group.",
-            "The managed instance group is creating this instance. If the group fails to create this instance, it will try again until it is successful.",
-            "The managed instance group is creating this instance atomically.",
-            "The managed instance group is attempting to create this instance only once. If the group fails to create this instance, it does not try again and the group's targetSize value is decreased.",
-            "The managed instance group is permanently deleting this instance.",
-            "The managed instance group has not scheduled any actions for this instance.",
-            "The managed instance group is queuing this instance.",
-            "The managed instance group is recreating this instance.",
-            "The managed instance group is applying configuration changes to the instance without stopping it. For example, the group can update the target pool list for an instance without stopping that instance.",
-            "The managed instance group is restarting this instance.",
-            "The managed instance group is resuming this instance.",
-            "The managed instance group is starting this instance.",
-            "The managed instance group is stopping this instance.",
-            "The managed instance group is suspending this instance.",
-            "The managed instance group is verifying this already created instance. Verification happens every time the instance is (re)created or restarted and consists of: 1. Waiting until health check specified as part of this managed instance group's autohealing policy reports HEALTHY. Note: Applies only if autohealing policy has a health check specified 2. Waiting for addition verification steps performed as post-instance creation (subject to future extensions)."
-          ],
-          "type": "string"
-        },
-        "id": {
-          "description": "[Output only] The unique identifier for this resource. This field is empty when instance does not exist.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "instance": {
-          "description": "[Output Only] The URL of the instance. The URL can exist even if the instance has not yet been created.",
-          "type": "string"
-        },
-        "instanceHealth": {
-          "description": "[Output Only] Health state of the instance per health-check.",
-          "items": {
-            "$ref": "ManagedInstanceInstanceHealth"
-          },
-          "type": "array"
-        },
-        "instanceStatus": {
-          "description": "[Output Only] The status of the instance. This field is empty when the instance does not exist.",
-          "enum": [
-            "DEPROVISIONING",
-            "PROVISIONING",
-            "REPAIRING",
-            "RUNNING",
-            "STAGING",
-            "STOPPED",
-            "STOPPING",
-            "SUSPENDED",
-            "SUSPENDING",
-            "TERMINATED"
-          ],
-          "enumDescriptions": [
-            "The Nanny is halted and we are performing tear down tasks like network deprogramming, releasing quota, IP, tearing down disks etc.",
-            "Resources are being allocated for the instance.",
-            "The instance is in repair.",
-            "The instance is running.",
-            "All required resources have been allocated and the instance is being started.",
-            "The instance has stopped successfully.",
-            "The instance is currently stopping (either being deleted or killed).",
-            "The instance has suspended.",
-            "The instance is suspending.",
-            "The instance has stopped (either by explicit action or underlying failure)."
-          ],
-          "type": "string"
-        },
-        "instanceTemplate": {
-          "description": "[Output Only] The intended template of the instance. This field is empty when current_action is one of { DELETING, ABANDONING }.",
-          "type": "string"
-        },
-        "lastAttempt": {
-          "$ref": "ManagedInstanceLastAttempt",
-          "description": "[Output Only] Information about the last attempt to create or delete the instance."
-        },
-        "name": {
-          "description": "[Output Only] The name of the instance. The name will always exist even if the instance has not yet been created.",
-          "type": "string"
-        },
-        "preservedStateFromConfig": {
-          "$ref": "PreservedState",
-          "description": "[Output Only] Preserved state applied from per-instance config for this instance."
-        },
-        "preservedStateFromPolicy": {
-          "$ref": "PreservedState",
-          "description": "[Output Only] Preserved state generated based on stateful policy for this instance."
-        },
-        "tag": {
-          "description": "[Output Only] Tag describing the version.",
-          "type": "string"
-        },
-        "targetStatus": {
-          "description": "[Output Only] The eventual status of the instance. The instance group manager will not be identified as stable till each managed instance reaches its targetStatus.",
-          "enum": [
-            "ABANDONED",
-            "DELETED",
-            "RUNNING",
-            "STOPPED",
-            "SUSPENDED"
-          ],
-          "enumDescriptions": [
-            "The managed instance will eventually be ABANDONED, i.e. dissociated from the managed instance group.",
-            "The managed instance will eventually be DELETED.",
-            "The managed instance will eventually reach status RUNNING.",
-            "The managed instance will eventually reach status TERMINATED.",
-            "The managed instance will eventually reach status SUSPENDED."
-          ],
-          "type": "string"
-        },
-        "version": {
-          "$ref": "ManagedInstanceVersion",
-          "description": "[Output Only] Intended version of this instance."
-        }
-      },
-      "type": "object"
-    },
-    "ManagedInstanceAllInstancesConfig": {
-      "id": "ManagedInstanceAllInstancesConfig",
-      "properties": {
-        "revision": {
-          "description": "[Output Only] Current all-instances configuration revision. This value is in RFC3339 text format.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "ManagedInstanceInstanceHealth": {
-      "id": "ManagedInstanceInstanceHealth",
-      "properties": {
-        "detailedHealthState": {
-          "description": "[Output Only] The current detailed instance health state.",
-          "enum": [
-            "DRAINING",
-            "HEALTHY",
-            "TIMEOUT",
-            "UNHEALTHY",
-            "UNKNOWN"
-          ],
-          "enumDescriptions": [
-            "The instance is being drained. The existing connections to the instance have time to complete, but the new ones are being refused.",
-            "The instance is reachable i.e. a connection to the application health checking endpoint can be established, and conforms to the requirements defined by the health check.",
-            "The instance is unreachable i.e. a connection to the application health checking endpoint cannot be established, or the server does not respond within the specified timeout.",
-            "The instance is reachable, but does not conform to the requirements defined by the health check.",
-            "The health checking system is aware of the instance but its health is not known at the moment."
-          ],
-          "type": "string"
-        },
-        "healthCheck": {
-          "description": "[Output Only] The URL for the health check that verifies whether the instance is healthy.",
-          "type": "string"
-        },
-        "healthState": {
-          "description": "[Output Only] The current instance health state. This field will not get promoted to beta/GA and might be removed from alpha APIs after 01/12/2019. Please use detailed_health_state field instead.",
-          "enum": [
-            "HEALTHY",
-            "UNHEALTHY"
-          ],
-          "enumDescriptions": [
-            "The instance is reachable i.e. a connection to the application health checking endpoint can be established, and conforms to the requirements defined by the health check.",
-            "The instance is reachable, but does not conform to the requirements defined by the health check."
-          ],
-          "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
         }
       },
       "type": "object"
     },
-    "ManagedInstanceLastAttempt": {
-      "id": "ManagedInstanceLastAttempt",
+    "NetworkEndpointGroupsScopedList": {
+      "id": "NetworkEndpointGroupsScopedList",
       "properties": {
-        "errors": {
-          "description": "[Output Only] Encountered errors during the last attempt to create or delete the instance.",
+        "networkEndpointGroups": {
+          "description": "[Output Only] The list of network endpoint groups that are contained in this scope.",
+          "items": {
+            "$ref": "NetworkEndpointGroup"
+          },
+          "type": "array"
+        },
+        "warning": {
+          "description": "[Output Only] An informational warning that replaces the list of network endpoint groups when the list is empty.",
           "properties": {
-            "errors": {
-              "description": "[Output Only] The array of errors encountered while processing this operation.",
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
               "items": {
                 "properties": {
-                  "code": {
-                    "description": "[Output Only] The error type identifier for this error.",
-                    "type": "string"
-                  },
-                  "errorDetails": {
-                    "description": "[Output Only] An optional list of messages that contain the error details. There is a set of defined message types to use for providing details.The syntax depends on the error code. For example, QuotaExceededInfo will have details when the error code is QUOTA_EXCEEDED.",
-                    "items": {
-                      "properties": {
-                        "errorInfo": {
-                          "$ref": "ErrorInfo"
-                        },
-                        "help": {
-                          "$ref": "Help"
-                        },
-                        "localizedMessage": {
-                          "$ref": "LocalizedMessage"
-                        },
-                        "quotaInfo": {
-                          "$ref": "QuotaExceededInfo"
-                        }
-                      },
-                      "type": "object"
-                    },
-                    "type": "array"
-                  },
-                  "location": {
-                    "description": "[Output Only] Indicates the field in the request that caused the error. This property is optional.",
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
                     "type": "string"
                   },
-                  "message": {
-                    "description": "[Output Only] An optional, human-readable error message.",
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
                     "type": "string"
                   }
                 },
                 "type": "object"
               },
               "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
             }
           },
           "type": "object"
@@ -60424,386 +67495,199 @@
       },
       "type": "object"
     },
-    "ManagedInstanceVersion": {
-      "id": "ManagedInstanceVersion",
+    "NetworkEndpointWithHealthStatus": {
+      "id": "NetworkEndpointWithHealthStatus",
       "properties": {
-        "instanceTemplate": {
-          "description": "[Output Only] The intended template of the instance. This field is empty when current_action is one of { DELETING, ABANDONING }.",
-          "type": "string"
+        "healths": {
+          "description": "[Output only] The health status of network endpoint;",
+          "items": {
+            "$ref": "HealthStatusForNetworkEndpoint"
+          },
+          "type": "array"
         },
-        "name": {
-          "description": "[Output Only] Name of the version.",
-          "type": "string"
+        "networkEndpoint": {
+          "$ref": "NetworkEndpoint",
+          "description": "[Output only] The network endpoint;"
         }
       },
       "type": "object"
     },
-    "Metadata": {
-      "description": "A metadata key/value entry.",
-      "id": "Metadata",
+    "NetworkInterface": {
+      "description": "A network interface resource attached to an instance.",
+      "id": "NetworkInterface",
       "properties": {
-        "fingerprint": {
-          "description": "Specifies a fingerprint for this request, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve the resource.",
-          "format": "byte",
-          "type": "string"
+        "accessConfigs": {
+          "description": "An array of configurations for this interface. Currently, only one access config, ONE_TO_ONE_NAT, is supported. If there are no accessConfigs specified, then this instance will have no external internet access.",
+          "items": {
+            "$ref": "AccessConfig"
+          },
+          "type": "array"
         },
-        "items": {
-          "description": "Array of key/value pairs. The total size of all keys and values must be less than 512 KB.",
+        "aliasIpRanges": {
+          "description": "An array of alias IP ranges for this network interface. You can only specify this field for network interfaces in VPC networks.",
           "items": {
-            "description": "Metadata",
-            "properties": {
-              "key": {
-                "annotations": {
-                  "required": [
-                    "compute.instances.insert",
-                    "compute.projects.setCommonInstanceMetadata"
-                  ]
-                },
-                "description": "Key for the metadata entry. Keys must conform to the following regexp: [a-zA-Z0-9-_]+, and be less than 128 bytes in length. This is reflected as part of a URL in the metadata server. Additionally, to avoid ambiguity, keys must not conflict with any other metadata keys for the project.",
-                "pattern": "[a-zA-Z0-9-_]{1,128}",
-                "type": "string"
-              },
-              "value": {
-                "annotations": {
-                  "required": [
-                    "compute.instances.insert",
-                    "compute.projects.setCommonInstanceMetadata"
-                  ]
-                },
-                "description": "Value for the metadata entry. These are free-form strings, and only have meaning as interpreted by the image running in the instance. The only restriction placed on values is that their size must be less than or equal to 262144 bytes (256 KiB).",
-                "type": "string"
-              }
-            },
-            "type": "object"
+            "$ref": "AliasIpRange"
           },
           "type": "array"
         },
-        "kind": {
-          "default": "compute#metadata",
-          "description": "[Output Only] Type of the resource. Always compute#metadata for metadata.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "MetadataCredentialsFromPlugin": {
-      "description": "[Deprecated] Custom authenticator credentials. Custom authenticator credentials.",
-      "id": "MetadataCredentialsFromPlugin",
-      "properties": {
-        "name": {
-          "description": "Plugin name.",
+        "fingerprint": {
+          "description": "Fingerprint hash of contents stored in this network interface. This field will be ignored when inserting an Instance or adding a NetworkInterface. An up-to-date fingerprint must be provided in order to update the NetworkInterface. The request will fail with error 400 Bad Request if the fingerprint is not provided, or 412 Precondition Failed if the fingerprint is out of date.",
+          "format": "byte",
           "type": "string"
         },
-        "structConfig": {
-          "description": "A text proto that conforms to a Struct type definition interpreted by the plugin.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "MetadataFilter": {
-      "description": "Opaque filter criteria used by load balancers to restrict routing configuration to a limited set of load balancing proxies. Proxies and sidecars involved in load balancing would typically present metadata to the load balancers that need to match criteria specified here. If a match takes place, the relevant configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels provided in the metadata. An example for using metadataFilters would be: if load balancing involves Envoys, they receive routing configuration when values in metadataFilters match values supplied in of their XDS requests to loadbalancers.",
-      "id": "MetadataFilter",
-      "properties": {
-        "filterLabels": {
-          "description": "The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries.",
+        "internalIpv6PrefixLength": {
+          "description": "The prefix length of the primary internal IPv6 range.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "ipv6AccessConfigs": {
+          "description": "An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.",
           "items": {
-            "$ref": "MetadataFilterLabelMatch"
+            "$ref": "AccessConfig"
           },
           "type": "array"
         },
-        "filterMatchCriteria": {
-          "description": "Specifies how individual filter label matches within the list of filterLabels and contributes toward the overall metadataFilter match. Supported values are: - MATCH_ANY: at least one of the filterLabels must have a matching label in the provided metadata. - MATCH_ALL: all filterLabels must have matching labels in the provided metadata. ",
-          "enum": [
-            "MATCH_ALL",
-            "MATCH_ANY",
-            "NOT_SET"
-          ],
-          "enumDescriptions": [
-            "Specifies that all filterLabels must match for the metadataFilter to be considered a match.",
-            "Specifies that any filterLabel must match for the metadataFilter to be considered a match.",
-            "Indicates that the match criteria was not set. A metadataFilter must never be created with this value."
-          ],
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "MetadataFilterLabelMatch": {
-      "description": "MetadataFilter label name value pairs that are expected to match corresponding labels presented as metadata to the load balancer.",
-      "id": "MetadataFilterLabelMatch",
-      "properties": {
-        "name": {
-          "description": "Name of metadata label. The name can have a maximum length of 1024 characters and must be at least 1 character long.",
-          "type": "string"
-        },
-        "value": {
-          "description": "The value of the label must match the specified value. value can have a maximum length of 1024 characters.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "MutualTls": {
-      "description": "[Deprecated] Configuration for the mutual Tls mode for peer authentication. Configuration for the mutual Tls mode for peer authentication.",
-      "id": "MutualTls",
-      "properties": {
-        "mode": {
-          "description": "Specifies if the server TLS is configured to be strict or permissive. This field can be set to one of the following: STRICT: Client certificate must be presented, connection is in TLS. PERMISSIVE: Client certificate can be omitted, connection can be either plaintext or TLS.",
+        "ipv6AccessType": {
+          "description": "[Output Only] One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork. Valid only if stackType is IPV4_IPV6.",
           "enum": [
-            "INVALID",
-            "PERMISSIVE",
-            "STRICT"
+            "EXTERNAL",
+            "INTERNAL"
           ],
           "enumDescriptions": [
-            "",
-            "Client certificate can be omitted, connection can be either plaintext or TLS.",
-            "Client certificate must be presented, connection is in TLS."
+            "This network interface can have external IPv6.",
+            "This network interface can have internal IPv6."
           ],
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "NamedPort": {
-      "description": "The named port. For example: \u003c\"http\", 80\u003e.",
-      "id": "NamedPort",
-      "properties": {
-        "name": {
-          "description": "The name for this named port. The name must be 1-63 characters long, and comply with RFC1035.",
-          "type": "string"
         },
-        "port": {
-          "description": "The port number, which can be a value between 1 and 65535.",
-          "format": "int32",
-          "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "Network": {
-      "description": "Represents a VPC Network resource. Networks connect resources to each other and to the internet. For more information, read Virtual Private Cloud (VPC) Network.",
-      "id": "Network",
-      "properties": {
-        "IPv4Range": {
-          "description": "Deprecated in favor of subnet mode networks. The range of internal addresses that are legal on this network. This range is a CIDR specification, for example: 192.168.0.0/16. Provided by the client when the network is created.",
-          "pattern": "[0-9]{1,3}(?:\\.[0-9]{1,3}){3}/[0-9]{1,2}",
+        "ipv6Address": {
+          "description": "An IPv6 internal network address for this network interface. To use a static internal IP address, it must be unused and in the same region as the instance's zone. If not specified, Google Cloud will automatically assign an internal IPv6 address from the instance's subnetwork.",
           "type": "string"
         },
-        "autoCreateSubnetworks": {
-          "description": "Must be set to create a VPC network. If not set, a legacy network is created. When set to true, the VPC network is created in auto mode. When set to false, the VPC network is created in custom mode. An auto mode VPC network starts with one subnet per region. Each subnet has a predetermined range as described in Auto mode VPC network IP ranges. For custom mode VPC networks, you can add subnets using the subnetworks insert method.",
-          "type": "boolean"
-        },
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+        "kind": {
+          "default": "compute#networkInterface",
+          "description": "[Output Only] Type of the resource. Always compute#networkInterface for network interfaces.",
           "type": "string"
         },
-        "description": {
-          "description": "An optional description of this resource. Provide this field when you create the resource.",
+        "name": {
+          "description": "[Output Only] The name of the network interface, which is generated by the server. For a VM, the network interface uses the nicN naming format. Where N is a value between 0 and 7. The default interface value is nic0.",
           "type": "string"
         },
-        "enableUlaInternalIpv6": {
-          "description": "Enable ULA internal ipv6 on this network. Enabling this feature will assign a /48 from google defined ULA prefix fd20::/20. .",
-          "type": "boolean"
-        },
-        "firewallPolicy": {
-          "description": "[Output Only] URL of the firewall policy the network is associated with.",
+        "network": {
+          "description": "URL of the VPC network resource for this instance. When creating an instance, if neither the network nor the subnetwork is specified, the default network global/networks/default is used. If the selected project doesn't have the default network, you must specify a network or subnet. If the network is not specified but the subnetwork is specified, the network is inferred. If you specify this property, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/global/networks/ network - projects/project/global/networks/network - global/networks/default ",
           "type": "string"
         },
-        "gatewayIPv4": {
-          "description": "[Output Only] The gateway address for default routing out of the network, selected by GCP.",
-          "pattern": "[0-9]{1,3}(?:\\.[0-9]{1,3}){3}",
+        "networkAttachment": {
+          "description": "The URL of the network attachment that this interface should connect to in the following format: projects/{project_number}/regions/{region_name}/networkAttachments/{network_attachment_name}.",
           "type": "string"
         },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
+        "networkIP": {
+          "description": "An IPv4 internal IP address to assign to the instance for this network interface. If not specified by the user, an unused internal IP is assigned by the system.",
           "type": "string"
         },
-        "internalIpv6Range": {
-          "description": "When enabling ula internal ipv6, caller optionally can specify the /48 range they want from the google defined ULA prefix fd20::/20. The input must be a valid /48 ULA IPv6 address and must be within the fd20::/20. Operation will fail if the speficied /48 is already in used by another resource. If the field is not speficied, then a /48 range will be randomly allocated from fd20::/20 and returned via this field. .",
+        "nicType": {
+          "description": "The type of vNIC to be used on this interface. This may be gVNIC or VirtioNet.",
+          "enum": [
+            "GVNIC",
+            "UNSPECIFIED_NIC_TYPE",
+            "VIRTIO_NET"
+          ],
+          "enumDescriptions": [
+            "GVNIC",
+            "No type specified.",
+            "VIRTIO"
+          ],
           "type": "string"
         },
-        "kind": {
-          "default": "compute#network",
-          "description": "[Output Only] Type of the resource. Always compute#network for networks.",
+        "parentNicName": {
+          "description": "Name of the parent network interface of a VLAN based nic. If this field is specified, vlan must be set.",
           "type": "string"
         },
-        "mtu": {
-          "description": "Maximum Transmission Unit in bytes. The minimum value for this field is 1300 and the maximum value is 8896. The suggested value is 1500, which is the default MTU used on the Internet, or 8896 if you want to use Jumbo frames. If unspecified, the value defaults to 1460.",
+        "queueCount": {
+          "description": "The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It'll be empty if not specified by the users.",
           "format": "int32",
           "type": "integer"
         },
-        "name": {
-          "annotations": {
-            "required": [
-              "compute.networks.insert"
-            ]
-          },
-          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "networkFirewallPolicyEnforcementOrder": {
-          "description": "The network firewall policy enforcement order. Can be either AFTER_CLASSIC_FIREWALL or BEFORE_CLASSIC_FIREWALL. Defaults to AFTER_CLASSIC_FIREWALL if the field is not specified.",
+        "stackType": {
+          "description": "The stack type for this network interface. To assign only IPv4 addresses, use IPV4_ONLY. To assign both IPv4 and IPv6 addresses, use IPV4_IPV6. If not specified, IPV4_ONLY is used. This field can be both set at instance creation and update network interface operations.",
           "enum": [
-            "AFTER_CLASSIC_FIREWALL",
-            "BEFORE_CLASSIC_FIREWALL"
+            "IPV4_IPV6",
+            "IPV4_ONLY"
           ],
           "enumDescriptions": [
-            "",
-            ""
+            "The network interface can have both IPv4 and IPv6 addresses.",
+            "The network interface will be assigned IPv4 address."
           ],
           "type": "string"
         },
-        "peerings": {
-          "description": "[Output Only] A list of network peerings for the resource.",
+        "subinterfaces": {
+          "description": "SubInterfaces help enable L2 communication for the instance over subnetworks that support L2. Every network interface will get a default untagged (vlan not specified) subinterface. Users can specify additional tagged subinterfaces which are sub-fields to the Network Interface.",
           "items": {
-            "$ref": "NetworkPeering"
+            "$ref": "NetworkInterfaceSubInterface"
           },
           "type": "array"
         },
-        "region": {
-          "description": "[Output Only] URL of the region where the regional network resides. This field is not applicable to global network. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
-          "type": "string"
-        },
-        "routingConfig": {
-          "$ref": "NetworkRoutingConfig",
-          "description": "The network-level routing configuration for this network. Used by Cloud Router to determine what type of network-wide routing behavior to enforce."
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
-          "type": "string"
-        },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+        "subnetwork": {
+          "description": "The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not specify this field. If the network is in auto subnet mode, specifying the subnetwork is optional. If the network is in custom subnet mode, specifying the subnetwork is required. If you specify this field, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork ",
           "type": "string"
         },
-        "subnetworks": {
-          "description": "[Output Only] Server-defined fully-qualified URLs for all subnetworks in this VPC network.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "vlan": {
+          "description": "VLAN tag of a VLAN based network interface, must be in range from 2 to 4094 inclusively. This field is mandatory if the parent network interface name is set.",
+          "format": "int32",
+          "type": "integer"
         }
       },
       "type": "object"
     },
-    "NetworkAttachment": {
-      "description": "NetworkAttachments A network attachment resource ...",
-      "id": "NetworkAttachment",
+    "NetworkInterfaceSubInterface": {
+      "id": "NetworkInterfaceSubInterface",
       "properties": {
-        "connectionEndpoints": {
-          "description": "[Output Only] An array of connections for all the producers connected to this network attachment.",
-          "items": {
-            "$ref": "NetworkAttachmentConnectedEndpoint"
-          },
-          "type": "array"
+        "ipAddress": {
+          "description": "An IPv4 internal IP address to assign to the instance for this subinterface. If specified, ip_allocation_mode should be set to ALLOCATE_IP.",
+          "type": "string"
         },
-        "connectionPreference": {
+        "ipAllocationMode": {
           "enum": [
-            "ACCEPT_AUTOMATIC",
-            "ACCEPT_MANUAL",
-            "INVALID"
+            "ALLOCATE_IP",
+            "DO_NOT_ALLOCATE_IP",
+            "UNSPECIFIED"
           ],
           "enumDescriptions": [
-            "",
-            "",
+            "Allocates an internal IPv4 IP address from subnets secondary IP Range.",
+            "No IP allocation is done for the subinterface.",
             ""
           ],
           "type": "string"
         },
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
-          "type": "string"
-        },
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
-          "type": "string"
-        },
-        "fingerprint": {
-          "description": "[Output Only] Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. An up-to-date fingerprint must be provided in order to patch.",
-          "format": "byte",
-          "type": "string"
-        },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource type. The server generates this identifier.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "kind": {
-          "default": "compute#networkAttachment",
-          "description": "[Output Only] Type of the resource.",
-          "type": "string"
-        },
-        "name": {
-          "annotations": {
-            "required": [
-              "compute.networkAttachments.insert"
-            ]
-          },
-          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "network": {
-          "description": "[Output Only] The URL of the network which the Network Attachment belongs to.",
-          "type": "string"
-        },
-        "producerAcceptLists": {
-          "description": "Projects that are allowed to connect to this network attachment. The project can be specified using its id or number.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "producerRejectLists": {
-          "description": "Projects that are not allowed to connect to this network attachment. The project can be specified using its id or number.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "region": {
-          "description": "[Output Only] URL of the region where the network attachment resides. This field applies only to the region resource. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
-          "type": "string"
-        },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource's resource id.",
-          "type": "string"
-        },
-        "subnetworks": {
-          "description": "An array of URLs where each entry is the URL of a subnet provided by the service consumer to use for endpoints in the producers that connect to this network attachment.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "subnetwork": {
+          "description": "If specified, this subnetwork must belong to the same network as that of the network interface. If not specified the subnet of network interface will be used. If you specify this property, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork ",
+          "type": "string"
+        },
+        "vlan": {
+          "description": "VLAN tag. Should match the VLAN(s) supported by the subnetwork to which this subinterface is connecting.",
+          "format": "int32",
+          "type": "integer"
         }
       },
       "type": "object"
     },
-    "NetworkAttachmentAggregatedList": {
-      "description": "Contains a list of NetworkAttachmentsScopedList.",
-      "id": "NetworkAttachmentAggregatedList",
+    "NetworkList": {
+      "description": "Contains a list of networks.",
+      "id": "NetworkList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "additionalProperties": {
-            "$ref": "NetworkAttachmentsScopedList",
-            "description": "Name of the scope containing this set of NetworkAttachments."
+          "description": "A list of Network resources.",
+          "items": {
+            "$ref": "Network"
           },
-          "description": "A list of NetworkAttachmentsScopedList resources.",
-          "type": "object"
+          "type": "array"
         },
         "kind": {
-          "default": "compute#networkAttachmentAggregatedList",
+          "default": "compute#networkList",
+          "description": "[Output Only] Type of resource. Always compute#networkList for lists of networks.",
           "type": "string"
         },
         "nextPageToken": {
@@ -60830,6 +67714,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -60848,6 +67733,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -60859,6 +67774,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -60906,276 +67822,277 @@
       },
       "type": "object"
     },
-    "NetworkAttachmentConnectedEndpoint": {
-      "description": "[Output Only] A connection connected to this network attachment.",
-      "id": "NetworkAttachmentConnectedEndpoint",
+    "NetworkPeering": {
+      "description": "A network peering attached to a network resource. The message includes the peering name, peer network, peering state, and a flag indicating whether Google Compute Engine should automatically create routes for the peering.",
+      "id": "NetworkPeering",
       "properties": {
-        "ipAddress": {
-          "description": "The IP address assigned to the producer instance network interface. This value will be a range in case of Serverless.",
+        "advertisePeerSubnetsViaRouters": {
+          "description": "Whether Cloud Routers in this network can automatically advertise subnets from the peer network.",
+          "type": "boolean"
+        },
+        "autoCreateRoutes": {
+          "description": "This field will be deprecated soon. Use the exchange_subnet_routes field instead. Indicates whether full mesh connectivity is created and managed automatically between peered networks. Currently this field should always be true since Google Compute Engine will automatically create and manage subnetwork routes between two networks when peering state is ACTIVE.",
+          "type": "boolean"
+        },
+        "exchangeSubnetRoutes": {
+          "description": "Indicates whether full mesh connectivity is created and managed automatically between peered networks. Currently this field should always be true since Google Compute Engine will automatically create and manage subnetwork routes between two networks when peering state is ACTIVE.",
+          "type": "boolean"
+        },
+        "exportCustomRoutes": {
+          "description": "Whether to export the custom routes to peer network. The default value is false.",
+          "type": "boolean"
+        },
+        "exportSubnetRoutesWithPublicIp": {
+          "description": "Whether subnet routes with public IP range are exported. The default value is true, all subnet routes are exported. IPv4 special-use ranges are always exported to peers and are not controlled by this field.",
+          "type": "boolean"
+        },
+        "importCustomRoutes": {
+          "description": "Whether to import the custom routes from peer network. The default value is false.",
+          "type": "boolean"
+        },
+        "importSubnetRoutesWithPublicIp": {
+          "description": "Whether subnet routes with public IP range are imported. The default value is false. IPv4 special-use ranges are always imported from peers and are not controlled by this field.",
+          "type": "boolean"
+        },
+        "name": {
+          "description": "Name of this peering. Provided by the client when the peering is created. The name must comply with RFC1035. Specifically, the name must be 1-63 characters long and match regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all the following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
           "type": "string"
         },
-        "projectIdOrNum": {
-          "description": "The project id or number of the interface to which the IP was assigned.",
+        "network": {
+          "description": "The URL of the peer network. It can be either full URL or partial URL. The peer network may belong to a different project. If the partial URL does not contain project, it is assumed that the peer network is in the same project as the current network.",
           "type": "string"
         },
-        "secondaryIpCidrRanges": {
-          "description": "Alias IP ranges from the same subnetwork",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "peerMtu": {
+          "description": "Maximum Transmission Unit in bytes.",
+          "format": "int32",
+          "type": "integer"
         },
-        "status": {
-          "description": "The status of a connected endpoint to this network attachment.",
+        "stackType": {
+          "description": "Which IP version(s) of traffic and routes are allowed to be imported or exported between peer networks. The default value is IPV4_ONLY.",
           "enum": [
-            "ACCEPTED",
-            "CLOSED",
-            "NEEDS_ATTENTION",
-            "PENDING",
-            "REJECTED",
-            "STATUS_UNSPECIFIED"
+            "IPV4_IPV6",
+            "IPV4_ONLY"
           ],
           "enumDescriptions": [
-            "The consumer allows traffic from the producer to reach its VPC.",
-            "The consumer network attachment no longer exists.",
-            "The consumer needs to take further action before traffic can be served.",
-            "The consumer neither allows nor prohibits traffic from the producer to reach its VPC.",
-            "The consumer prohibits traffic from the producer to reach its VPC.",
+            "This Peering will allow IPv4 traffic and routes to be exchanged. Additionally if the matching peering is IPV4_IPV6, IPv6 traffic and routes will be exchanged as well.",
+            "This Peering will only allow IPv4 traffic and routes to be exchanged, even if the matching peering is IPV4_IPV6."
+          ],
+          "type": "string"
+        },
+        "state": {
+          "description": "[Output Only] State for the peering, either `ACTIVE` or `INACTIVE`. The peering is `ACTIVE` when there's a matching configuration in the peer network.",
+          "enum": [
+            "ACTIVE",
+            "INACTIVE"
+          ],
+          "enumDescriptions": [
+            "Matching configuration exists on the peer.",
+            "There is no matching configuration on the peer, including the case when peer does not exist."
+          ],
+          "type": "string"
+        },
+        "stateDetails": {
+          "description": "[Output Only] Details about the current state of the peering.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "NetworkPerformanceConfig": {
+      "id": "NetworkPerformanceConfig",
+      "properties": {
+        "externalIpEgressBandwidthTier": {
+          "enum": [
+            "DEFAULT",
+            "TIER_1"
+          ],
+          "enumDescriptions": [
+            "",
             ""
           ],
           "type": "string"
         },
-        "subnetwork": {
-          "description": "The subnetwork used to assign the IP to the producer instance network interface.",
+        "totalEgressBandwidthTier": {
+          "enum": [
+            "DEFAULT",
+            "TIER_1"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
           "type": "string"
         }
       },
       "type": "object"
     },
-    "NetworkAttachmentList": {
-      "id": "NetworkAttachmentList",
+    "NetworkRoutingConfig": {
+      "description": "A routing configuration attached to a network resource. The message includes the list of routers associated with the network, and a flag indicating the type of routing behavior to enforce network-wide.",
+      "id": "NetworkRoutingConfig",
       "properties": {
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+        "routingMode": {
+          "description": "The network-wide routing mode to use. If set to REGIONAL, this network's Cloud Routers will only advertise routes with subnets of this network in the same region as the router. If set to GLOBAL, this network's Cloud Routers will advertise routes with all subnets of this network, across regions.",
+          "enum": [
+            "GLOBAL",
+            "REGIONAL"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "NetworksAddPeeringRequest": {
+      "id": "NetworksAddPeeringRequest",
+      "properties": {
+        "autoCreateRoutes": {
+          "description": "This field will be deprecated soon. Use exchange_subnet_routes in network_peering instead. Indicates whether full mesh connectivity is created and managed automatically between peered networks. Currently this field should always be true since Google Compute Engine will automatically create and manage subnetwork routes between two networks when peering state is ACTIVE.",
+          "type": "boolean"
+        },
+        "exportCustomRoutes": {
+          "description": "This field will be deprecated soon. Use export_custom_routes in network_peering instead. Whether to export the custom routes to peer network.",
+          "type": "boolean"
+        },
+        "importCustomRoutes": {
+          "description": "This field will be deprecated soon. Use import_custom_routes in network_peering instead. Whether to import the custom routes from peer network.",
+          "type": "boolean"
+        },
+        "name": {
+          "annotations": {
+            "required": [
+              "compute.networks.addPeering"
+            ]
+          },
+          "description": "Name of the peering, which should conform to RFC1035.",
           "type": "string"
         },
-        "items": {
-          "description": "A list of NetworkAttachment resources.",
+        "networkPeering": {
+          "$ref": "NetworkPeering",
+          "description": "Network peering parameters. In order to specify route policies for peering using import and export custom routes, you must specify all peering related parameters (name, peer network, exchange_subnet_routes) in the network_peering field. The corresponding fields in NetworksAddPeeringRequest will be deprecated soon."
+        },
+        "peerNetwork": {
+          "description": "URL of the peer network. It can be either full URL or partial URL. The peer network may belong to a different project. If the partial URL does not contain project, it is assumed that the peer network is in the same project as the current network.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "NetworksGetEffectiveFirewallsResponse": {
+      "id": "NetworksGetEffectiveFirewallsResponse",
+      "properties": {
+        "firewallPolicys": {
+          "description": "Effective firewalls from firewall policy.",
           "items": {
-            "$ref": "NetworkAttachment"
+            "$ref": "NetworksGetEffectiveFirewallsResponseEffectiveFirewallPolicy"
           },
           "type": "array"
         },
-        "kind": {
-          "default": "compute#networkAttachmentList",
-          "type": "string"
+        "firewalls": {
+          "description": "Effective firewalls on the network.",
+          "items": {
+            "$ref": "Firewall"
+          },
+          "type": "array"
         },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+        "organizationFirewalls": {
+          "description": "Effective firewalls from organization policies.",
+          "items": {
+            "$ref": "NetworksGetEffectiveFirewallsResponseOrganizationFirewallPolicy"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "NetworksGetEffectiveFirewallsResponseEffectiveFirewallPolicy": {
+      "id": "NetworksGetEffectiveFirewallsResponseEffectiveFirewallPolicy",
+      "properties": {
+        "displayName": {
+          "deprecated": true,
+          "description": "[Output Only] Deprecated, please use short name instead. The display name of the firewall policy.",
           "type": "string"
         },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
+        "name": {
+          "description": "[Output Only] The name of the firewall policy.",
           "type": "string"
         },
-        "warning": {
-          "description": "[Output Only] Informational warning message.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
-              ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
+        "rules": {
+          "description": "The rules that apply to the network.",
+          "items": {
+            "$ref": "FirewallPolicyRule"
           },
-          "type": "object"
+          "type": "array"
+        },
+        "shortName": {
+          "description": "[Output Only] The short name of the firewall policy.",
+          "type": "string"
+        },
+        "type": {
+          "description": "[Output Only] The type of the firewall policy.",
+          "enum": [
+            "HIERARCHY",
+            "NETWORK",
+            "UNSPECIFIED"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "NetworkAttachmentsScopedList": {
-      "id": "NetworkAttachmentsScopedList",
+    "NetworksGetEffectiveFirewallsResponseOrganizationFirewallPolicy": {
+      "description": "A pruned SecurityPolicy containing ID and any applicable firewall rules.",
+      "id": "NetworksGetEffectiveFirewallsResponseOrganizationFirewallPolicy",
       "properties": {
-        "networkAttachments": {
-          "description": "A list of NetworkAttachments contained in this scope.",
+        "id": {
+          "description": "[Output Only] The unique identifier for the security policy. This identifier is defined by the server.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "rules": {
+          "description": "The rules that apply to the network.",
           "items": {
-            "$ref": "NetworkAttachment"
+            "$ref": "SecurityPolicyRule"
           },
           "type": "array"
-        },
-        "warning": {
-          "description": "Informational warning which replaces the list of network attachments when the list is empty.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
-              ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
         }
       },
       "type": "object"
     },
-    "NetworkEdgeSecurityService": {
-      "description": "Represents a Google Cloud Armor network edge security service resource.",
-      "id": "NetworkEdgeSecurityService",
+    "NetworksRemovePeeringRequest": {
+      "id": "NetworksRemovePeeringRequest",
+      "properties": {
+        "name": {
+          "description": "Name of the peering, which should conform to RFC1035.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "NetworksUpdatePeeringRequest": {
+      "id": "NetworksUpdatePeeringRequest",
+      "properties": {
+        "networkPeering": {
+          "$ref": "NetworkPeering"
+        }
+      },
+      "type": "object"
+    },
+    "NodeGroup": {
+      "description": "Represents a sole-tenant Node Group resource. A sole-tenant node is a physical server that is dedicated to hosting VM instances only for your specific project. Use sole-tenant nodes to keep your instances physically separated from instances in other projects, or to group your instances together on the same host hardware. For more information, read Sole-tenant nodes.",
+      "id": "NodeGroup",
       "properties": {
+        "autoscalingPolicy": {
+          "$ref": "NodeGroupAutoscalingPolicy",
+          "description": "Specifies how autoscaling should behave."
+        },
         "creationTimestamp": {
           "description": "[Output Only] Creation timestamp in RFC3339 text format.",
           "type": "string"
@@ -61185,7 +68102,6 @@
           "type": "string"
         },
         "fingerprint": {
-          "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a NetworkEdgeSecurityService. An up-to-date fingerprint must be provided in order to update the NetworkEdgeSecurityService, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a NetworkEdgeSecurityService.",
           "format": "byte",
           "type": "string"
         },
@@ -61195,21 +68111,53 @@
           "type": "string"
         },
         "kind": {
-          "default": "compute#networkEdgeSecurityService",
-          "description": "[Output only] Type of the resource. Always compute#networkEdgeSecurityService for NetworkEdgeSecurityServices",
+          "default": "compute#nodeGroup",
+          "description": "[Output Only] The type of the resource. Always compute#nodeGroup for node group.",
           "type": "string"
         },
-        "name": {
-          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+        "locationHint": {
+          "description": "An opaque location hint used to place the Node close to other resources. This field is for use by internal tools that use the public API. The location hint here on the NodeGroup overrides any location_hint present in the NodeTemplate.",
+          "type": "string"
+        },
+        "maintenanceInterval": {
+          "description": "Specifies the frequency of planned maintenance events. The accepted values are: `AS_NEEDED` and `RECURRENT`.",
+          "enum": [
+            "AS_NEEDED",
+            "PERIODIC",
+            "RECURRENT"
+          ],
+          "enumDescriptions": [
+            "VMs are eligible to receive infrastructure and hypervisor updates as they become available. This may result in more maintenance operations (live migrations or terminations) for the VM than the PERIODIC and RECURRENT options.",
+            "VMs receive infrastructure and hypervisor updates on a periodic basis, minimizing the number of maintenance operations (live migrations or terminations) on an individual VM. This may mean a VM will take longer to receive an update than if it was configured for AS_NEEDED. Security updates will still be applied as soon as they are available.",
+            "VMs receive infrastructure and hypervisor updates on a periodic basis, minimizing the number of maintenance operations (live migrations or terminations) on an individual VM. This may mean a VM will take longer to receive an update than if it was configured for AS_NEEDED. Security updates will still be applied as soon as they are available. RECURRENT is used for GEN3 and Slice of Hardware VMs."
+          ],
+          "type": "string"
+        },
+        "maintenancePolicy": {
+          "description": "Specifies how to handle instances when a node in the group undergoes maintenance. Set to one of: DEFAULT, RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value is DEFAULT. For more information, see Maintenance policies.",
+          "enum": [
+            "DEFAULT",
+            "MAINTENANCE_POLICY_UNSPECIFIED",
+            "MIGRATE_WITHIN_NODE_GROUP",
+            "RESTART_IN_PLACE"
+          ],
+          "enumDescriptions": [
+            "Allow the node and corresponding instances to retain default maintenance behavior.",
+            "",
+            "When maintenance must be done on a node, the instances on that node will be moved to other nodes in the group. Instances with onHostMaintenance = MIGRATE will live migrate to their destinations while instances with onHostMaintenance = TERMINATE will terminate and then restart on their destination nodes if automaticRestart = true.",
+            "Instances in this group will restart on the same node when maintenance has completed. Instances must have onHostMaintenance = TERMINATE, and they will only restart if automaticRestart = true."
+          ],
           "type": "string"
         },
-        "region": {
-          "description": "[Output Only] URL of the region where the resource resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
+        "maintenanceWindow": {
+          "$ref": "NodeGroupMaintenanceWindow"
+        },
+        "name": {
+          "description": "The name of the resource, provided by the client when initially creating the resource. The resource name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
           "type": "string"
         },
-        "securityPolicy": {
-          "description": "The resource URL for the network edge security service associated with this network edge security service.",
+        "nodeTemplate": {
+          "description": "URL of the node template to create the node group from.",
           "type": "string"
         },
         "selfLink": {
@@ -61219,31 +68167,56 @@
         "selfLinkWithId": {
           "description": "[Output Only] Server-defined URL for this resource with the resource id.",
           "type": "string"
+        },
+        "shareSettings": {
+          "$ref": "ShareSettings",
+          "description": "Share-settings for the node group"
+        },
+        "size": {
+          "description": "[Output Only] The total number of nodes in the node group.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "status": {
+          "enum": [
+            "CREATING",
+            "DELETING",
+            "INVALID",
+            "READY"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "zone": {
+          "description": "[Output Only] The name of the zone where the node group resides, such as us-central1-a.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "NetworkEdgeSecurityServiceAggregatedList": {
-      "id": "NetworkEdgeSecurityServiceAggregatedList",
+    "NodeGroupAggregatedList": {
+      "id": "NodeGroupAggregatedList",
       "properties": {
-        "etag": {
-          "type": "string"
-        },
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
           "additionalProperties": {
-            "$ref": "NetworkEdgeSecurityServicesScopedList",
-            "description": "Name of the scope containing this set of security policies."
+            "$ref": "NodeGroupsScopedList",
+            "description": "[Output Only] Name of the scope containing this set of node groups."
           },
-          "description": "A list of NetworkEdgeSecurityServicesScopedList resources.",
+          "description": "A list of NodeGroupsScopedList resources.",
           "type": "object"
         },
         "kind": {
-          "default": "compute#networkEdgeSecurityServiceAggregatedList",
-          "description": "[Output Only] Type of resource. Always compute#networkEdgeSecurityServiceAggregatedList for lists of Network Edge Security Services.",
+          "default": "compute#nodeGroupAggregatedList",
+          "description": "[Output Only] Type of resource.Always compute#nodeGroupAggregatedList for aggregated lists of node groups.",
           "type": "string"
         },
         "nextPageToken": {
@@ -61277,6 +68250,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -61295,107 +68269,35 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "NetworkEdgeSecurityServicesScopedList": {
-      "id": "NetworkEdgeSecurityServicesScopedList",
-      "properties": {
-        "networkEdgeSecurityServices": {
-          "description": "A list of NetworkEdgeSecurityServices contained in this scope.",
-          "items": {
-            "$ref": "NetworkEdgeSecurityService"
-          },
-          "type": "array"
-        },
-        "warning": {
-          "description": "Informational warning which replaces the list of security policies when the list is empty.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
               ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
@@ -61408,6 +68310,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -61455,186 +68358,56 @@
       },
       "type": "object"
     },
-    "NetworkEndpoint": {
-      "description": "The network endpoint.",
-      "id": "NetworkEndpoint",
-      "properties": {
-        "annotations": {
-          "additionalProperties": {
-            "type": "string"
-          },
-          "description": "Metadata defined as annotations on the network endpoint.",
-          "type": "object"
-        },
-        "fqdn": {
-          "description": "Optional fully qualified domain name of network endpoint. This can only be specified when NetworkEndpointGroup.network_endpoint_type is NON_GCP_FQDN_PORT.",
-          "type": "string"
-        },
-        "instance": {
-          "description": "The name for a specific VM instance that the IP address belongs to. This is required for network endpoints of type GCE_VM_IP_PORT. The instance must be in the same zone of network endpoint group. The name must be 1-63 characters long, and comply with RFC1035.",
-          "type": "string"
-        },
-        "ipAddress": {
-          "description": "Optional IPv4 address of network endpoint. The IP address must belong to a VM in Compute Engine (either the primary IP or as part of an aliased IP range). If the IP address is not specified, then the primary IP address for the VM instance in the network that the network endpoint group belongs to will be used.",
-          "type": "string"
-        },
-        "port": {
-          "description": "Optional port number of network endpoint. If not specified, the defaultPort for the network endpoint group will be used.",
-          "format": "int32",
-          "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "NetworkEndpointGroup": {
-      "description": "Represents a collection of network endpoints. A network endpoint group (NEG) defines how a set of endpoints should be reached, whether they are reachable, and where they are located. For more information about using NEGs, see Setting up external HTTP(S) Load Balancing with internet NEGs, Setting up zonal NEGs, or Setting up external HTTP(S) Load Balancing with serverless NEGs.",
-      "id": "NetworkEndpointGroup",
+    "NodeGroupAutoscalingPolicy": {
+      "id": "NodeGroupAutoscalingPolicy",
       "properties": {
-        "annotations": {
-          "additionalProperties": {
-            "type": "string"
-          },
-          "description": "Metadata defined as annotations on the network endpoint group.",
-          "type": "object"
-        },
-        "appEngine": {
-          "$ref": "NetworkEndpointGroupAppEngine",
-          "description": "Only valid when networkEndpointType is \"SERVERLESS\". Only one of cloudRun, appEngine or cloudFunction may be set."
-        },
-        "cloudFunction": {
-          "$ref": "NetworkEndpointGroupCloudFunction",
-          "description": "Only valid when networkEndpointType is \"SERVERLESS\". Only one of cloudRun, appEngine or cloudFunction may be set."
-        },
-        "cloudRun": {
-          "$ref": "NetworkEndpointGroupCloudRun",
-          "description": "Only valid when networkEndpointType is \"SERVERLESS\". Only one of cloudRun, appEngine or cloudFunction may be set."
-        },
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
-          "type": "string"
-        },
-        "defaultPort": {
-          "description": "The default port used if the port number is not specified in the network endpoint.",
+        "maxNodes": {
+          "description": "The maximum number of nodes that the group should have. Must be set if autoscaling is enabled. Maximum value allowed is 100.",
           "format": "int32",
           "type": "integer"
         },
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
-          "type": "string"
-        },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "kind": {
-          "default": "compute#networkEndpointGroup",
-          "description": "[Output Only] Type of the resource. Always compute#networkEndpointGroup for network endpoint group.",
-          "type": "string"
-        },
-        "loadBalancer": {
-          "$ref": "NetworkEndpointGroupLbNetworkEndpointGroup",
-          "description": "This field is only valid when the network endpoint group is used for load balancing. [Deprecated] This field is deprecated."
-        },
-        "name": {
-          "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "type": "string"
-        },
-        "network": {
-          "description": "The URL of the network to which all network endpoints in the NEG belong. Uses \"default\" project network if unspecified.",
-          "type": "string"
-        },
-        "networkEndpointType": {
-          "description": "Type of network endpoints in this network endpoint group. Can be one of GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_FQDN_PORT, INTERNET_IP_PORT, SERVERLESS, PRIVATE_SERVICE_CONNECT.",
-          "enum": [
-            "GCE_VM_IP",
-            "GCE_VM_IP_PORT",
-            "GCE_VM_PRIMARY_IP",
-            "INTERNET_FQDN_PORT",
-            "INTERNET_IP_PORT",
-            "NON_GCP_PRIVATE_IP_PORT",
-            "PRIVATE_SERVICE_CONNECT",
-            "SERVERLESS"
-          ],
-          "enumDescriptions": [
-            "The network endpoint is represented by an IP address.",
-            "The network endpoint is represented by IP address and port pair.",
-            "The network endpoint is the primary IP address on any network interface of a VM in Compute Engine.",
-            "The network endpoint is represented by fully qualified domain name and port.",
-            "The network endpoint is represented by an internet IP address and port.",
-            "The network endpoint is represented by an IP address and port. The endpoint belongs to a VM or pod running in a customer's on-premises.",
-            "The network endpoint is either public Google APIs or services exposed by other GCP Project with a Service Attachment. The connection is set up by private service connect",
-            "The network endpoint is handled by specified serverless infrastructure."
-          ],
-          "type": "string"
-        },
-        "pscData": {
-          "$ref": "NetworkEndpointGroupPscData"
-        },
-        "pscTargetService": {
-          "description": "The target service url used to set up private service connection to a Google API or a PSC Producer Service Attachment. An example value is: \"asia-northeast3-cloudkms.googleapis.com\"",
-          "type": "string"
-        },
-        "region": {
-          "description": "[Output Only] The URL of the region where the network endpoint group is located.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
-          "type": "string"
-        },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
-          "type": "string"
-        },
-        "serverlessDeployment": {
-          "$ref": "NetworkEndpointGroupServerlessDeployment",
-          "description": "Only valid when networkEndpointType is \"SERVERLESS\". Only one of cloudRun, appEngine, cloudFunction or serverlessDeployment may be set."
-        },
-        "size": {
-          "description": "[Output only] Number of network endpoints in the network endpoint group.",
+        "minNodes": {
+          "description": "The minimum number of nodes that the group should have.",
           "format": "int32",
           "type": "integer"
         },
-        "subnetwork": {
-          "description": "Optional URL of the subnetwork to which all network endpoints in the NEG belong.",
-          "type": "string"
-        },
-        "type": {
-          "description": "Specify the type of this network endpoint group. Only LOAD_BALANCING is valid for now.",
+        "mode": {
+          "description": "The autoscaling mode. Set to one of: ON, OFF, or ONLY_SCALE_OUT. For more information, see Autoscaler modes.",
           "enum": [
-            "LOAD_BALANCING"
+            "MODE_UNSPECIFIED",
+            "OFF",
+            "ON",
+            "ONLY_SCALE_OUT"
           ],
           "enumDescriptions": [
-            "The network endpoint group is a backend of a load balancer."
+            "",
+            "Autoscaling is disabled.",
+            "Autocaling is fully enabled.",
+            "Autoscaling will only scale out and will not remove nodes."
           ],
           "type": "string"
-        },
-        "zone": {
-          "description": "[Output Only] The URL of the zone where the network endpoint group is located.",
-          "type": "string"
         }
       },
       "type": "object"
     },
-    "NetworkEndpointGroupAggregatedList": {
-      "id": "NetworkEndpointGroupAggregatedList",
+    "NodeGroupList": {
+      "description": "Contains a list of nodeGroups.",
+      "id": "NodeGroupList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "additionalProperties": {
-            "$ref": "NetworkEndpointGroupsScopedList",
-            "description": "The name of the scope that contains this set of network endpoint groups."
+          "description": "A list of NodeGroup resources.",
+          "items": {
+            "$ref": "NodeGroup"
           },
-          "description": "A list of NetworkEndpointGroupsScopedList resources.",
-          "type": "object"
+          "type": "array"
         },
         "kind": {
-          "default": "compute#networkEndpointGroupAggregatedList",
-          "description": "[Output Only] The resource type, which is always compute#networkEndpointGroupAggregatedList for aggregated lists of network endpoint groups.",
+          "default": "compute#nodeGroupList",
+          "description": "[Output Only] Type of resource.Always compute#nodeGroupList for lists of node groups.",
           "type": "string"
         },
         "nextPageToken": {
@@ -61645,13 +68418,6 @@
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
-        "unreachables": {
-          "description": "[Output Only] Unreachable resources.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -61668,6 +68434,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -61686,6 +68453,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -61697,6 +68494,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -61744,100 +68542,164 @@
       },
       "type": "object"
     },
-    "NetworkEndpointGroupAppEngine": {
-      "description": "Configuration for an App Engine network endpoint group (NEG). The service is optional, may be provided explicitly or in the URL mask. The version is optional and can only be provided explicitly or in the URL mask when service is present. Note: App Engine service must be in the same project and located in the same region as the Serverless NEG.",
-      "id": "NetworkEndpointGroupAppEngine",
+    "NodeGroupMaintenanceWindow": {
+      "description": "Time window specified for daily maintenance operations. GCE's internal maintenance will be performed within this window.",
+      "id": "NodeGroupMaintenanceWindow",
       "properties": {
-        "service": {
-          "description": "Optional serving service. The service name is case-sensitive and must be 1-63 characters long. Example value: \"default\", \"my-service\".",
+        "duration": {
+          "deprecated": true,
+          "description": "[Output only] A predetermined duration for the window, automatically chosen to be the smallest possible in the given scenario.",
           "type": "string"
         },
-        "urlMask": {
-          "description": "A template to parse service and version fields from a request URL. URL mask allows for routing to multiple App Engine services without having to create multiple Network Endpoint Groups and backend services. For example, the request URLs \"foo1-dot-appname.appspot.com/v1\" and \"foo1-dot-appname.appspot.com/v2\" can be backed by the same Serverless NEG with URL mask \"\u003cservice\u003e-dot-appname.appspot.com/\u003cversion\u003e\". The URL mask will parse them to { service = \"foo1\", version = \"v1\" } and { service = \"foo1\", version = \"v2\" } respectively.",
-          "type": "string"
+        "maintenanceDuration": {
+          "$ref": "Duration",
+          "description": "[Output only] A predetermined duration for the window, automatically chosen to be the smallest possible in the given scenario."
         },
-        "version": {
-          "description": "Optional serving version. The version name is case-sensitive and must be 1-100 characters long. Example value: \"v1\", \"v2\".",
+        "startTime": {
+          "description": "Start time of the window. This must be in UTC format that resolves to one of 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and 08:00 are valid.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "NetworkEndpointGroupCloudFunction": {
-      "description": "Configuration for a Cloud Function network endpoint group (NEG). The function must be provided explicitly or in the URL mask. Note: Cloud Function must be in the same project and located in the same region as the Serverless NEG.",
-      "id": "NetworkEndpointGroupCloudFunction",
+    "NodeGroupNode": {
+      "id": "NodeGroupNode",
       "properties": {
-        "function": {
-          "description": "A user-defined name of the Cloud Function. The function name is case-sensitive and must be 1-63 characters long. Example value: \"func1\".",
+        "accelerators": {
+          "description": "Accelerators for this node.",
+          "items": {
+            "$ref": "AcceleratorConfig"
+          },
+          "type": "array"
+        },
+        "consumedResources": {
+          "$ref": "InstanceConsumptionInfo",
+          "description": "Node resources that are reserved by all instances."
+        },
+        "cpuOvercommitType": {
+          "description": "CPU overcommit.",
+          "enum": [
+            "CPU_OVERCOMMIT_TYPE_UNSPECIFIED",
+            "ENABLED",
+            "NONE"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            ""
+          ],
           "type": "string"
         },
-        "urlMask": {
-          "description": "A template to parse function field from a request URL. URL mask allows for routing to multiple Cloud Functions without having to create multiple Network Endpoint Groups and backend services. For example, request URLs \" mydomain.com/function1\" and \"mydomain.com/function2\" can be backed by the same Serverless NEG with URL mask \"/\u003cfunction\u003e\". The URL mask will parse them to { function = \"function1\" } and { function = \"function2\" } respectively.",
+        "disks": {
+          "description": "Local disk configurations.",
+          "items": {
+            "$ref": "LocalDisk"
+          },
+          "type": "array"
+        },
+        "instanceConsumptionData": {
+          "description": "Instance data that shows consumed resources on the node.",
+          "items": {
+            "$ref": "InstanceConsumptionData"
+          },
+          "type": "array"
+        },
+        "instances": {
+          "description": "Instances scheduled on this node.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "name": {
+          "description": "The name of the node.",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "NetworkEndpointGroupCloudRun": {
-      "description": "Configuration for a Cloud Run network endpoint group (NEG). The service must be provided explicitly or in the URL mask. The tag is optional, may be provided explicitly or in the URL mask. Note: Cloud Run service must be in the same project and located in the same region as the Serverless NEG.",
-      "id": "NetworkEndpointGroupCloudRun",
-      "properties": {
-        "service": {
-          "description": "Cloud Run service is the main resource of Cloud Run. The service must be 1-63 characters long, and comply with RFC1035. Example value: \"run-service\".",
+        },
+        "nodeType": {
+          "description": "The type of this node.",
           "type": "string"
         },
-        "tag": {
-          "description": "Optional Cloud Run tag represents the \"named-revision\" to provide additional fine-grained traffic routing information. The tag must be 1-63 characters long, and comply with RFC1035. Example value: \"revision-0010\".",
+        "satisfiesPzs": {
+          "description": "[Output Only] Reserved for future use.",
+          "type": "boolean"
+        },
+        "serverBinding": {
+          "$ref": "ServerBinding",
+          "description": "Binding properties for the physical server."
+        },
+        "serverId": {
+          "description": "Server ID associated with this node.",
           "type": "string"
         },
-        "urlMask": {
-          "description": "A template to parse \u003cservice\u003e and \u003ctag\u003e fields from a request URL. URL mask allows for routing to multiple Run services without having to create multiple network endpoint groups and backend services. For example, request URLs \"foo1.domain.com/bar1\" and \"foo1.domain.com/bar2\" can be backed by the same Serverless Network Endpoint Group (NEG) with URL mask \"\u003ctag\u003e.domain.com/\u003cservice\u003e\". The URL mask will parse them to { service=\"bar1\", tag=\"foo1\" } and { service=\"bar2\", tag=\"foo2\" } respectively.",
+        "status": {
+          "enum": [
+            "CREATING",
+            "DELETING",
+            "INVALID",
+            "READY",
+            "REPAIRING"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            "",
+            "",
+            ""
+          ],
           "type": "string"
+        },
+        "totalResources": {
+          "$ref": "InstanceConsumptionInfo",
+          "description": "Total amount of available resources on the node."
+        },
+        "upcomingMaintenance": {
+          "$ref": "UpcomingMaintenance",
+          "description": "[Output Only] The information about an upcoming maintenance event."
         }
       },
       "type": "object"
     },
-    "NetworkEndpointGroupLbNetworkEndpointGroup": {
-      "description": "Load balancing specific fields for network endpoint group.",
-      "id": "NetworkEndpointGroupLbNetworkEndpointGroup",
+    "NodeGroupsAddNodesRequest": {
+      "id": "NodeGroupsAddNodesRequest",
       "properties": {
-        "defaultPort": {
-          "description": "The default port used if the port number is not specified in the network endpoint. [Deprecated] This field is deprecated.",
+        "additionalNodeCount": {
+          "description": "Count of additional nodes to be added to the node group.",
           "format": "int32",
           "type": "integer"
-        },
-        "network": {
-          "description": "The URL of the network to which all network endpoints in the NEG belong. Uses \"default\" project network if unspecified. [Deprecated] This field is deprecated.",
-          "type": "string"
-        },
-        "subnetwork": {
-          "description": "Optional URL of the subnetwork to which all network endpoints in the NEG belong. [Deprecated] This field is deprecated.",
-          "type": "string"
-        },
-        "zone": {
-          "description": "[Output Only] The URL of the zone where the network endpoint group is located. [Deprecated] This field is deprecated.",
-          "type": "string"
         }
       },
       "type": "object"
     },
-    "NetworkEndpointGroupList": {
-      "id": "NetworkEndpointGroupList",
+    "NodeGroupsDeleteNodesRequest": {
+      "id": "NodeGroupsDeleteNodesRequest",
+      "properties": {
+        "nodes": {
+          "description": "Names of the nodes to delete.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "NodeGroupsListNodes": {
+      "id": "NodeGroupsListNodes",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of NetworkEndpointGroup resources.",
+          "description": "A list of Node resources.",
           "items": {
-            "$ref": "NetworkEndpointGroup"
+            "$ref": "NodeGroupNode"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#networkEndpointGroupList",
-          "description": "[Output Only] The resource type, which is always compute#networkEndpointGroupList for network endpoint group lists.",
+          "default": "compute#nodeGroupsListNodes",
+          "description": "[Output Only] The resource type, which is always compute.nodeGroupsListNodes for the list of nodes in the specified node group.",
           "type": "string"
         },
         "nextPageToken": {
@@ -61864,6 +68726,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -61882,6 +68745,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -61893,6 +68786,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -61940,148 +68834,321 @@
       },
       "type": "object"
     },
-    "NetworkEndpointGroupPscData": {
-      "description": "All data that is specifically relevant to only network endpoint groups of type PRIVATE_SERVICE_CONNECT.",
-      "id": "NetworkEndpointGroupPscData",
+    "NodeGroupsPerformMaintenanceRequest": {
+      "id": "NodeGroupsPerformMaintenanceRequest",
       "properties": {
-        "consumerPscAddress": {
-          "description": "[Output Only] Address allocated from given subnetwork for PSC. This IP address acts as a VIP for a PSC NEG, allowing it to act as an endpoint in L7 PSC-XLB.",
-          "type": "string"
-        },
-        "pscConnectionId": {
-          "description": "[Output Only] The PSC connection id of the PSC Network Endpoint Group Consumer.",
-          "format": "uint64",
-          "type": "string"
+        "nodes": {
+          "description": "[Required] List of nodes affected by the call.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         },
-        "pscConnectionStatus": {
-          "description": "[Output Only] The connection status of the PSC Forwarding Rule.",
-          "enum": [
-            "ACCEPTED",
-            "CLOSED",
-            "NEEDS_ATTENTION",
-            "PENDING",
-            "REJECTED",
-            "STATUS_UNSPECIFIED"
-          ],
-          "enumDescriptions": [
-            "The connection has been accepted by the producer.",
-            "The connection has been closed by the producer and will not serve traffic going forward.",
-            "The connection has been accepted by the producer, but the producer needs to take further action before the forwarding rule can serve traffic.",
-            "The connection is pending acceptance by the producer.",
-            "The connection has been rejected by the producer.",
-            ""
-          ],
+        "startTime": {
+          "description": "The start time of the schedule. The timestamp is an RFC3339 string.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "NetworkEndpointGroupServerlessDeployment": {
-      "description": "Configuration for a serverless network endpoint group (NEG). The platform must be provided. Note: The target backend service must be in the same project and located in the same region as the Serverless NEG.",
-      "id": "NetworkEndpointGroupServerlessDeployment",
+    "NodeGroupsScopedList": {
+      "id": "NodeGroupsScopedList",
       "properties": {
-        "platform": {
-          "description": "The platform of the backend target(s) of this NEG. The only supported value is API Gateway: apigateway.googleapis.com.",
-          "type": "string"
-        },
-        "resource": {
-          "description": "The user-defined name of the workload/instance. This value must be provided explicitly or in the urlMask. The resource identified by this value is platform-specific and is as follows: 1. API Gateway: The gateway ID 2. App Engine: The service name 3. Cloud Functions: The function name 4. Cloud Run: The service name ",
-          "type": "string"
-        },
-        "urlMask": {
-          "description": "A template to parse platform-specific fields from a request URL. URL mask allows for routing to multiple resources on the same serverless platform without having to create multiple Network Endpoint Groups and backend resources. The fields parsed by this template are platform-specific and are as follows: 1. API Gateway: The gateway ID 2. App Engine: The service and version 3. Cloud Functions: The function name 4. Cloud Run: The service and tag ",
-          "type": "string"
+        "nodeGroups": {
+          "description": "[Output Only] A list of node groups contained in this scope.",
+          "items": {
+            "$ref": "NodeGroup"
+          },
+          "type": "array"
         },
-        "version": {
-          "description": "The optional resource version. The version identified by this value is platform-specific and is follows: 1. API Gateway: Unused 2. App Engine: The service version 3. Cloud Functions: Unused 4. Cloud Run: The service tag ",
-          "type": "string"
+        "warning": {
+          "description": "[Output Only] An informational warning that appears when the nodeGroup list is empty.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
         }
       },
       "type": "object"
     },
-    "NetworkEndpointGroupsAttachEndpointsRequest": {
-      "id": "NetworkEndpointGroupsAttachEndpointsRequest",
+    "NodeGroupsSetNodeTemplateRequest": {
+      "id": "NodeGroupsSetNodeTemplateRequest",
       "properties": {
-        "networkEndpoints": {
-          "description": "The list of network endpoints to be attached.",
-          "items": {
-            "$ref": "NetworkEndpoint"
-          },
-          "type": "array"
+        "nodeTemplate": {
+          "description": "Full or partial URL of the node template resource to be updated for this node group.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "NetworkEndpointGroupsDetachEndpointsRequest": {
-      "id": "NetworkEndpointGroupsDetachEndpointsRequest",
+    "NodeGroupsSimulateMaintenanceEventRequest": {
+      "id": "NodeGroupsSimulateMaintenanceEventRequest",
       "properties": {
-        "networkEndpoints": {
-          "description": "The list of network endpoints to be detached.",
+        "nodes": {
+          "description": "Names of the nodes to go under maintenance simulation.",
           "items": {
-            "$ref": "NetworkEndpoint"
+            "type": "string"
           },
           "type": "array"
         }
       },
       "type": "object"
     },
-    "NetworkEndpointGroupsListEndpointsRequest": {
-      "id": "NetworkEndpointGroupsListEndpointsRequest",
+    "NodeTemplate": {
+      "description": "Represent a sole-tenant Node Template resource. You can use a template to define properties for nodes in a node group. For more information, read Creating node groups and instances.",
+      "id": "NodeTemplate",
       "properties": {
-        "endpointFilters": {
-          "description": "Optional list of endpoints to query. This is a more efficient but also limited version of filter parameter. Endpoints in the filter must have ip_address and port fields populated, other fields are not supported.",
+        "accelerators": {
           "items": {
-            "$ref": "NetworkEndpointGroupsListEndpointsRequestNetworkEndpointFilter"
+            "$ref": "AcceleratorConfig"
           },
           "type": "array"
         },
-        "healthStatus": {
-          "description": "Optional query parameter for showing the health status of each network endpoint. Valid options are SKIP or SHOW. If you don't specify this parameter, the health status of network endpoints will not be provided.",
+        "cpuOvercommitType": {
+          "description": "CPU overcommit.",
           "enum": [
-            "SHOW",
-            "SKIP"
+            "CPU_OVERCOMMIT_TYPE_UNSPECIFIED",
+            "ENABLED",
+            "NONE"
           ],
           "enumDescriptions": [
-            "Show the health status for each network endpoint. Impacts latency of the call.",
-            "Health status for network endpoints will not be provided."
+            "",
+            "",
+            ""
           ],
           "type": "string"
+        },
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
+        },
+        "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
+          "type": "string"
+        },
+        "disks": {
+          "items": {
+            "$ref": "LocalDisk"
+          },
+          "type": "array"
+        },
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "kind": {
+          "default": "compute#nodeTemplate",
+          "description": "[Output Only] The type of the resource. Always compute#nodeTemplate for node templates.",
+          "type": "string"
+        },
+        "name": {
+          "description": "The name of the resource, provided by the client when initially creating the resource. The resource name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "type": "string"
+        },
+        "nodeAffinityLabels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Labels to use for node affinity, which will be used in instance scheduling.",
+          "type": "object"
+        },
+        "nodeType": {
+          "description": "The node type to use for nodes group that are created from this template.",
+          "type": "string"
+        },
+        "nodeTypeFlexibility": {
+          "$ref": "NodeTemplateNodeTypeFlexibility",
+          "description": "Do not use. Instead, use the node_type property."
+        },
+        "region": {
+          "description": "[Output Only] The name of the region where the node template resides, such as us-central1.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
+          "type": "string"
+        },
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "type": "string"
+        },
+        "serverBinding": {
+          "$ref": "ServerBinding",
+          "description": "Sets the binding properties for the physical server. Valid values include: - *[Default]* RESTART_NODE_ON_ANY_SERVER: Restarts VMs on any available physical server - RESTART_NODE_ON_MINIMAL_SERVER: Restarts VMs on the same physical server whenever possible See Sole-tenant node options for more information."
+        },
+        "status": {
+          "description": "[Output Only] The status of the node template. One of the following values: CREATING, READY, and DELETING.",
+          "enum": [
+            "CREATING",
+            "DELETING",
+            "INVALID",
+            "READY"
+          ],
+          "enumDescriptions": [
+            "Resources are being allocated.",
+            "The node template is currently being deleted.",
+            "Invalid status.",
+            "The node template is ready."
+          ],
+          "type": "string"
+        },
+        "statusMessage": {
+          "description": "[Output Only] An optional, human-readable explanation of the status.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "NetworkEndpointGroupsListEndpointsRequestNetworkEndpointFilter": {
-      "id": "NetworkEndpointGroupsListEndpointsRequestNetworkEndpointFilter",
-      "properties": {
-        "networkEndpoint": {
-          "$ref": "NetworkEndpoint"
-        }
-      },
-      "type": "object"
-    },
-    "NetworkEndpointGroupsListNetworkEndpoints": {
-      "id": "NetworkEndpointGroupsListNetworkEndpoints",
+    "NodeTemplateAggregatedList": {
+      "id": "NodeTemplateAggregatedList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of NetworkEndpointWithHealthStatus resources.",
-          "items": {
-            "$ref": "NetworkEndpointWithHealthStatus"
+          "additionalProperties": {
+            "$ref": "NodeTemplatesScopedList",
+            "description": "[Output Only] Name of the scope containing this set of node templates."
           },
-          "type": "array"
+          "description": "A list of NodeTemplatesScopedList resources.",
+          "type": "object"
         },
         "kind": {
-          "default": "compute#networkEndpointGroupsListNetworkEndpoints",
-          "description": "[Output Only] The resource type, which is always compute#networkEndpointGroupsListNetworkEndpoints for the list of network endpoints in the specified network endpoint group.",
+          "default": "compute#nodeTemplateAggregatedList",
+          "description": "[Output Only] Type of resource.Always compute#nodeTemplateAggregatedList for aggregated lists of node templates.",
           "type": "string"
         },
         "nextPageToken": {
           "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
           "type": "string"
         },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -62098,6 +69165,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -62116,6 +69184,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -62127,6 +69225,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -62174,18 +69273,36 @@
       },
       "type": "object"
     },
-    "NetworkEndpointGroupsScopedList": {
-      "id": "NetworkEndpointGroupsScopedList",
+    "NodeTemplateList": {
+      "description": "Contains a list of node templates.",
+      "id": "NodeTemplateList",
       "properties": {
-        "networkEndpointGroups": {
-          "description": "[Output Only] The list of network endpoint groups that are contained in this scope.",
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "type": "string"
+        },
+        "items": {
+          "description": "A list of NodeTemplate resources.",
           "items": {
-            "$ref": "NetworkEndpointGroup"
+            "$ref": "NodeTemplate"
           },
           "type": "array"
         },
+        "kind": {
+          "default": "compute#nodeTemplateList",
+          "description": "[Output Only] Type of resource.Always compute#nodeTemplateList for lists of node templates.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
         "warning": {
-          "description": "[Output Only] An informational warning that replaces the list of network endpoint groups when the list is empty.",
+          "description": "[Output Only] Informational warning message.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -62200,6 +69317,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -62218,6 +69336,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -62229,6 +69377,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -62276,211 +69425,33 @@
       },
       "type": "object"
     },
-    "NetworkEndpointWithHealthStatus": {
-      "id": "NetworkEndpointWithHealthStatus",
-      "properties": {
-        "healths": {
-          "description": "[Output only] The health status of network endpoint;",
-          "items": {
-            "$ref": "HealthStatusForNetworkEndpoint"
-          },
-          "type": "array"
-        },
-        "networkEndpoint": {
-          "$ref": "NetworkEndpoint",
-          "description": "[Output only] The network endpoint;"
-        }
-      },
-      "type": "object"
-    },
-    "NetworkInterface": {
-      "description": "A network interface resource attached to an instance.",
-      "id": "NetworkInterface",
-      "properties": {
-        "accessConfigs": {
-          "description": "An array of configurations for this interface. Currently, only one access config, ONE_TO_ONE_NAT, is supported. If there are no accessConfigs specified, then this instance will have no external internet access.",
-          "items": {
-            "$ref": "AccessConfig"
-          },
-          "type": "array"
-        },
-        "aliasIpRanges": {
-          "description": "An array of alias IP ranges for this network interface. You can only specify this field for network interfaces in VPC networks.",
-          "items": {
-            "$ref": "AliasIpRange"
-          },
-          "type": "array"
-        },
-        "fingerprint": {
-          "description": "Fingerprint hash of contents stored in this network interface. This field will be ignored when inserting an Instance or adding a NetworkInterface. An up-to-date fingerprint must be provided in order to update the NetworkInterface. The request will fail with error 400 Bad Request if the fingerprint is not provided, or 412 Precondition Failed if the fingerprint is out of date.",
-          "format": "byte",
-          "type": "string"
-        },
-        "internalIpv6PrefixLength": {
-          "description": "The prefix length of the primary internal IPv6 range.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "ipv6AccessConfigs": {
-          "description": "An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.",
-          "items": {
-            "$ref": "AccessConfig"
-          },
-          "type": "array"
-        },
-        "ipv6AccessType": {
-          "description": "[Output Only] One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork. Valid only if stackType is IPV4_IPV6.",
-          "enum": [
-            "EXTERNAL",
-            "INTERNAL"
-          ],
-          "enumDescriptions": [
-            "This network interface can have external IPv6.",
-            "This network interface can have internal IPv6."
-          ],
-          "type": "string"
-        },
-        "ipv6Address": {
-          "description": "An IPv6 internal network address for this network interface. To use a static internal IP address, it must be unused and in the same region as the instance's zone. If not specified, GCP will automatically assign an internal IPv6 address from the instance's subnetwork.",
-          "type": "string"
-        },
-        "kind": {
-          "default": "compute#networkInterface",
-          "description": "[Output Only] Type of the resource. Always compute#networkInterface for network interfaces.",
-          "type": "string"
-        },
-        "name": {
-          "description": "[Output Only] The name of the network interface, which is generated by the server. For a VM, the network interface uses the nicN naming format. Where N is a value between 0 and 7. The default interface value is nic0.",
-          "type": "string"
-        },
-        "network": {
-          "description": "URL of the VPC network resource for this instance. When creating an instance, if neither the network nor the subnetwork is specified, the default network global/networks/default is used. If the selected project doesn't have the default network, you must specify a network or subnet. If the network is not specified but the subnetwork is specified, the network is inferred. If you specify this property, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/global/networks/ network - projects/project/global/networks/network - global/networks/default ",
-          "type": "string"
-        },
-        "networkAttachment": {
-          "description": "The URL of the network attachment that this interface should connect to in the following format: projects/{project_number}/regions/{region_name}/networkAttachments/{network_attachment_name}.",
-          "type": "string"
-        },
-        "networkIP": {
-          "description": "An IPv4 internal IP address to assign to the instance for this network interface. If not specified by the user, an unused internal IP is assigned by the system.",
-          "type": "string"
-        },
-        "nicType": {
-          "description": "The type of vNIC to be used on this interface. This may be gVNIC or VirtioNet.",
-          "enum": [
-            "GVNIC",
-            "UNSPECIFIED_NIC_TYPE",
-            "VIRTIO_NET"
-          ],
-          "enumDescriptions": [
-            "GVNIC",
-            "No type specified.",
-            "VIRTIO"
-          ],
-          "type": "string"
-        },
-        "parentNicName": {
-          "description": "Name of the parent network interface of a VLAN based nic. If this field is specified, vlan must be set.",
-          "type": "string"
-        },
-        "queueCount": {
-          "description": "The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It'll be empty if not specified by the users.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "stackType": {
-          "description": "The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used. This field can be both set at instance creation and update network interface operations.",
-          "enum": [
-            "IPV4_IPV6",
-            "IPV4_ONLY"
-          ],
-          "enumDescriptions": [
-            "The network interface can have both IPv4 and IPv6 addresses.",
-            "The network interface will be assigned IPv4 address."
-          ],
-          "type": "string"
-        },
-        "subinterfaces": {
-          "description": "SubInterfaces help enable L2 communication for the instance over subnetworks that support L2. Every network interface will get a default untagged (vlan not specified) subinterface. Users can specify additional tagged subinterfaces which are sub-fields to the Network Interface.",
-          "items": {
-            "$ref": "NetworkInterfaceSubInterface"
-          },
-          "type": "array"
-        },
-        "subnetwork": {
-          "description": "The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not specify this field. If the network is in auto subnet mode, specifying the subnetwork is optional. If the network is in custom subnet mode, specifying the subnetwork is required. If you specify this field, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork ",
-          "type": "string"
-        },
-        "vlan": {
-          "description": "VLAN tag of a VLAN based network interface, must be in range from 2 to 4094 inclusively. This field is mandatory if the parent network interface name is set.",
-          "format": "int32",
-          "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "NetworkInterfaceSubInterface": {
-      "id": "NetworkInterfaceSubInterface",
+    "NodeTemplateNodeTypeFlexibility": {
+      "id": "NodeTemplateNodeTypeFlexibility",
       "properties": {
-        "ipAddress": {
-          "description": "An IPv4 internal IP address to assign to the instance for this subinterface. If specified, ip_allocation_mode should be set to ALLOCATE_IP.",
-          "type": "string"
-        },
-        "ipAllocationMode": {
-          "enum": [
-            "ALLOCATE_IP",
-            "DO_NOT_ALLOCATE_IP",
-            "UNSPECIFIED"
-          ],
-          "enumDescriptions": [
-            "Allocates an internal IPv4 IP address from subnets secondary IP Range.",
-            "No IP allocation is done for the subinterface.",
-            ""
-          ],
+        "cpus": {
           "type": "string"
         },
-        "subnetwork": {
-          "description": "If specified, this subnetwork must belong to the same network as that of the network interface. If not specified the subnet of network interface will be used. If you specify this property, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork ",
+        "localSsd": {
           "type": "string"
         },
-        "vlan": {
-          "description": "VLAN tag. Should match the VLAN(s) supported by the subnetwork to which this subinterface is connecting.",
-          "format": "int32",
-          "type": "integer"
+        "memory": {
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "NetworkList": {
-      "description": "Contains a list of networks.",
-      "id": "NetworkList",
+    "NodeTemplatesScopedList": {
+      "id": "NodeTemplatesScopedList",
       "properties": {
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
-          "type": "string"
-        },
-        "items": {
-          "description": "A list of Network resources.",
+        "nodeTemplates": {
+          "description": "[Output Only] A list of node templates contained in this scope.",
           "items": {
-            "$ref": "Network"
+            "$ref": "NodeTemplate"
           },
           "type": "array"
         },
-        "kind": {
-          "default": "compute#networkList",
-          "description": "[Output Only] Type of resource. Always compute#networkList for lists of networks.",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
-          "type": "string"
-        },
         "warning": {
-          "description": "[Output Only] Informational warning message.",
+          "description": "[Output Only] An informational warning that appears when the node templates list is empty.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -62495,6 +69466,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -62513,6 +69485,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -62524,6 +69526,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -62571,386 +69574,248 @@
       },
       "type": "object"
     },
-    "NetworkPeering": {
-      "description": "A network peering attached to a network resource. The message includes the peering name, peer network, peering state, and a flag indicating whether Google Compute Engine should automatically create routes for the peering.",
-      "id": "NetworkPeering",
+    "NodeType": {
+      "description": "Represent a sole-tenant Node Type resource. Each node within a node group must have a node type. A node type specifies the total amount of cores and memory for that node. Currently, the only available node type is n1-node-96-624 node type that has 96 vCPUs and 624 GB of memory, available in multiple zones. For more information read Node types.",
+      "id": "NodeType",
       "properties": {
-        "advertisePeerSubnetsViaRouters": {
-          "description": "Whether Cloud Routers in this network can automatically advertise subnets from the peer network.",
-          "type": "boolean"
-        },
-        "autoCreateRoutes": {
-          "description": "This field will be deprecated soon. Use the exchange_subnet_routes field instead. Indicates whether full mesh connectivity is created and managed automatically between peered networks. Currently this field should always be true since Google Compute Engine will automatically create and manage subnetwork routes between two networks when peering state is ACTIVE.",
-          "type": "boolean"
-        },
-        "exchangeSubnetRoutes": {
-          "description": "Indicates whether full mesh connectivity is created and managed automatically between peered networks. Currently this field should always be true since Google Compute Engine will automatically create and manage subnetwork routes between two networks when peering state is ACTIVE.",
-          "type": "boolean"
-        },
-        "exportCustomRoutes": {
-          "description": "Whether to export the custom routes to peer network. The default value is false.",
-          "type": "boolean"
-        },
-        "exportSubnetRoutesWithPublicIp": {
-          "description": "Whether subnet routes with public IP range are exported. The default value is true, all subnet routes are exported. IPv4 special-use ranges are always exported to peers and are not controlled by this field.",
-          "type": "boolean"
-        },
-        "importCustomRoutes": {
-          "description": "Whether to import the custom routes from peer network. The default value is false.",
-          "type": "boolean"
-        },
-        "importSubnetRoutesWithPublicIp": {
-          "description": "Whether subnet routes with public IP range are imported. The default value is false. IPv4 special-use ranges are always imported from peers and are not controlled by this field.",
-          "type": "boolean"
-        },
-        "name": {
-          "description": "Name of this peering. Provided by the client when the peering is created. The name must comply with RFC1035. Specifically, the name must be 1-63 characters long and match regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all the following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+        "cpuPlatform": {
+          "description": "[Output Only] The CPU platform used by this node type.",
           "type": "string"
         },
-        "network": {
-          "description": "The URL of the peer network. It can be either full URL or partial URL. The peer network may belong to a different project. If the partial URL does not contain project, it is assumed that the peer network is in the same project as the current network.",
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
           "type": "string"
         },
-        "peerMtu": {
-          "description": "Maximum Transmission Unit in bytes.",
-          "format": "int32",
-          "type": "integer"
+        "deprecated": {
+          "$ref": "DeprecationStatus",
+          "description": "[Output Only] The deprecation status associated with this node type."
         },
-        "stackType": {
-          "description": "Which IP version(s) of traffic and routes are allowed to be imported or exported between peer networks. The default value is IPV4_ONLY.",
-          "enum": [
-            "IPV4_IPV6",
-            "IPV4_ONLY"
-          ],
-          "enumDescriptions": [
-            "This Peering will allow IPv4 traffic and routes to be exchanged. Additionally if the matching peering is IPV4_IPV6, IPv6 traffic and routes will be exchanged as well.",
-            "This Peering will only allow IPv4 traffic and routes to be exchanged, even if the matching peering is IPV4_IPV6."
-          ],
+        "description": {
+          "description": "[Output Only] An optional textual description of the resource.",
           "type": "string"
         },
-        "state": {
-          "description": "[Output Only] State for the peering, either `ACTIVE` or `INACTIVE`. The peering is `ACTIVE` when there's a matching configuration in the peer network.",
-          "enum": [
-            "ACTIVE",
-            "INACTIVE"
-          ],
-          "enumDescriptions": [
-            "Matching configuration exists on the peer.",
-            "There is no matching configuration on the peer, including the case when peer does not exist."
-          ],
-          "type": "string"
+        "guestCpus": {
+          "description": "[Output Only] The number of virtual CPUs that are available to the node type.",
+          "format": "int32",
+          "type": "integer"
         },
-        "stateDetails": {
-          "description": "[Output Only] Details about the current state of the peering.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "NetworkPerformanceConfig": {
-      "id": "NetworkPerformanceConfig",
-      "properties": {
-        "externalIpEgressBandwidthTier": {
-          "enum": [
-            "DEFAULT",
-            "TIER_1"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
           "type": "string"
         },
-        "totalEgressBandwidthTier": {
-          "enum": [
-            "DEFAULT",
-            "TIER_1"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "NetworkRoutingConfig": {
-      "description": "A routing configuration attached to a network resource. The message includes the list of routers associated with the network, and a flag indicating the type of routing behavior to enforce network-wide.",
-      "id": "NetworkRoutingConfig",
-      "properties": {
-        "routingMode": {
-          "description": "The network-wide routing mode to use. If set to REGIONAL, this network's Cloud Routers will only advertise routes with subnets of this network in the same region as the router. If set to GLOBAL, this network's Cloud Routers will advertise routes with all subnets of this network, across regions.",
-          "enum": [
-            "GLOBAL",
-            "REGIONAL"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
+        "kind": {
+          "default": "compute#nodeType",
+          "description": "[Output Only] The type of the resource. Always compute#nodeType for node types.",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "NetworksAddPeeringRequest": {
-      "id": "NetworksAddPeeringRequest",
-      "properties": {
-        "autoCreateRoutes": {
-          "description": "This field will be deprecated soon. Use exchange_subnet_routes in network_peering instead. Indicates whether full mesh connectivity is created and managed automatically between peered networks. Currently this field should always be true since Google Compute Engine will automatically create and manage subnetwork routes between two networks when peering state is ACTIVE.",
-          "type": "boolean"
         },
-        "exportCustomRoutes": {
-          "description": "This field will be deprecated soon. Use export_custom_routes in network_peering instead. Whether to export the custom routes to peer network.",
-          "type": "boolean"
+        "localSsdGb": {
+          "description": "[Output Only] Local SSD available to the node type, defined in GB.",
+          "format": "int32",
+          "type": "integer"
         },
-        "importCustomRoutes": {
-          "description": "This field will be deprecated soon. Use import_custom_routes in network_peering instead. Whether to import the custom routes from peer network.",
-          "type": "boolean"
+        "memoryMb": {
+          "description": "[Output Only] The amount of physical memory available to the node type, defined in MB.",
+          "format": "int32",
+          "type": "integer"
         },
         "name": {
-          "annotations": {
-            "required": [
-              "compute.networks.addPeering"
-            ]
-          },
-          "description": "Name of the peering, which should conform to RFC1035.",
-          "type": "string"
-        },
-        "networkPeering": {
-          "$ref": "NetworkPeering",
-          "description": "Network peering parameters. In order to specify route policies for peering using import and export custom routes, you must specify all peering related parameters (name, peer network, exchange_subnet_routes) in the network_peering field. The corresponding fields in NetworksAddPeeringRequest will be deprecated soon."
-        },
-        "peerNetwork": {
-          "description": "URL of the peer network. It can be either full URL or partial URL. The peer network may belong to a different project. If the partial URL does not contain project, it is assumed that the peer network is in the same project as the current network.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "NetworksGetEffectiveFirewallsResponse": {
-      "id": "NetworksGetEffectiveFirewallsResponse",
-      "properties": {
-        "firewallPolicys": {
-          "description": "Effective firewalls from firewall policy.",
-          "items": {
-            "$ref": "NetworksGetEffectiveFirewallsResponseEffectiveFirewallPolicy"
-          },
-          "type": "array"
-        },
-        "firewalls": {
-          "description": "Effective firewalls on the network.",
-          "items": {
-            "$ref": "Firewall"
-          },
-          "type": "array"
-        },
-        "organizationFirewalls": {
-          "description": "Effective firewalls from organization policies.",
-          "items": {
-            "$ref": "NetworksGetEffectiveFirewallsResponseOrganizationFirewallPolicy"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "NetworksGetEffectiveFirewallsResponseEffectiveFirewallPolicy": {
-      "id": "NetworksGetEffectiveFirewallsResponseEffectiveFirewallPolicy",
-      "properties": {
-        "displayName": {
-          "description": "[Output Only] Deprecated, please use short name instead. The display name of the firewall policy.",
+          "description": "[Output Only] Name of the resource.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
         },
-        "name": {
-          "description": "[Output Only] The name of the firewall policy.",
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
           "type": "string"
         },
-        "rules": {
-          "description": "The rules that apply to the network.",
-          "items": {
-            "$ref": "FirewallPolicyRule"
-          },
-          "type": "array"
-        },
-        "shortName": {
-          "description": "[Output Only] The short name of the firewall policy.",
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
           "type": "string"
         },
-        "type": {
-          "description": "[Output Only] The type of the firewall policy.",
-          "enum": [
-            "HIERARCHY",
-            "NETWORK",
-            "UNSPECIFIED"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            ""
-          ],
+        "zone": {
+          "description": "[Output Only] The name of the zone where the node type resides, such as us-central1-a.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "NetworksGetEffectiveFirewallsResponseOrganizationFirewallPolicy": {
-      "description": "A pruned SecurityPolicy containing ID and any applicable firewall rules.",
-      "id": "NetworksGetEffectiveFirewallsResponseOrganizationFirewallPolicy",
+    "NodeTypeAggregatedList": {
+      "id": "NodeTypeAggregatedList",
       "properties": {
         "id": {
-          "description": "[Output Only] The unique identifier for the security policy. This identifier is defined by the server.",
-          "format": "uint64",
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
-        "rules": {
-          "description": "The rules that apply to the network.",
-          "items": {
-            "$ref": "SecurityPolicyRule"
+        "items": {
+          "additionalProperties": {
+            "$ref": "NodeTypesScopedList",
+            "description": "[Output Only] Name of the scope containing this set of node types."
           },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "NetworksRemovePeeringRequest": {
-      "id": "NetworksRemovePeeringRequest",
-      "properties": {
-        "name": {
-          "description": "Name of the peering, which should conform to RFC1035.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "NetworksUpdatePeeringRequest": {
-      "id": "NetworksUpdatePeeringRequest",
-      "properties": {
-        "networkPeering": {
-          "$ref": "NetworkPeering"
-        }
-      },
-      "type": "object"
-    },
-    "NodeGroup": {
-      "description": "Represents a sole-tenant Node Group resource. A sole-tenant node is a physical server that is dedicated to hosting VM instances only for your specific project. Use sole-tenant nodes to keep your instances physically separated from instances in other projects, or to group your instances together on the same host hardware. For more information, read Sole-tenant nodes.",
-      "id": "NodeGroup",
-      "properties": {
-        "autoscalingPolicy": {
-          "$ref": "NodeGroupAutoscalingPolicy",
-          "description": "Specifies how autoscaling should behave."
-        },
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
-          "type": "string"
-        },
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
-          "type": "string"
-        },
-        "fingerprint": {
-          "format": "byte",
-          "type": "string"
-        },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
-          "type": "string"
+          "description": "A list of NodeTypesScopedList resources.",
+          "type": "object"
         },
         "kind": {
-          "default": "compute#nodeGroup",
-          "description": "[Output Only] The type of the resource. Always compute#nodeGroup for node group.",
-          "type": "string"
-        },
-        "locationHint": {
-          "description": "An opaque location hint used to place the Node close to other resources. This field is for use by internal tools that use the public API. The location hint here on the NodeGroup overrides any location_hint present in the NodeTemplate.",
-          "type": "string"
-        },
-        "maintenancePolicy": {
-          "description": "Specifies how to handle instances when a node in the group undergoes maintenance. Set to one of: DEFAULT, RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value is DEFAULT. For more information, see Maintenance policies.",
-          "enum": [
-            "DEFAULT",
-            "MAINTENANCE_POLICY_UNSPECIFIED",
-            "MIGRATE_WITHIN_NODE_GROUP",
-            "RESTART_IN_PLACE"
-          ],
-          "enumDescriptions": [
-            "Allow the node and corresponding instances to retain default maintenance behavior.",
-            "",
-            "When maintenance must be done on a node, the instances on that node will be moved to other nodes in the group. Instances with onHostMaintenance = MIGRATE will live migrate to their destinations while instances with onHostMaintenance = TERMINATE will terminate and then restart on their destination nodes if automaticRestart = true.",
-            "Instances in this group will restart on the same node when maintenance has completed. Instances must have onHostMaintenance = TERMINATE, and they will only restart if automaticRestart = true."
-          ],
-          "type": "string"
-        },
-        "maintenanceWindow": {
-          "$ref": "NodeGroupMaintenanceWindow"
-        },
-        "name": {
-          "description": "The name of the resource, provided by the client when initially creating the resource. The resource name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "default": "compute#nodeTypeAggregatedList",
+          "description": "[Output Only] Type of resource.Always compute#nodeTypeAggregatedList for aggregated lists of node types.",
           "type": "string"
         },
-        "nodeTemplate": {
-          "description": "URL of the node template to create the node group from.",
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
           "type": "string"
         },
         "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
-          "type": "string"
-        },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
-        "shareSettings": {
-          "$ref": "ShareSettings",
-          "description": "Share-settings for the node group"
-        },
-        "size": {
-          "description": "[Output Only] The total number of nodes in the node group.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "status": {
-          "enum": [
-            "CREATING",
-            "DELETING",
-            "INVALID",
-            "READY"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         },
-        "zone": {
-          "description": "[Output Only] The name of the zone where the node group resides, such as us-central1-a.",
-          "type": "string"
+        "warning": {
+          "description": "[Output Only] Informational warning message.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
         }
       },
       "type": "object"
     },
-    "NodeGroupAggregatedList": {
-      "id": "NodeGroupAggregatedList",
+    "NodeTypeList": {
+      "description": "Contains a list of node types.",
+      "id": "NodeTypeList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "additionalProperties": {
-            "$ref": "NodeGroupsScopedList",
-            "description": "[Output Only] Name of the scope containing this set of node groups."
+          "description": "A list of NodeType resources.",
+          "items": {
+            "$ref": "NodeType"
           },
-          "description": "A list of NodeGroupsScopedList resources.",
-          "type": "object"
+          "type": "array"
         },
         "kind": {
-          "default": "compute#nodeGroupAggregatedList",
-          "description": "[Output Only] Type of resource.Always compute#nodeGroupAggregatedList for aggregated lists of node groups.",
+          "default": "compute#nodeTypeList",
+          "description": "[Output Only] Type of resource.Always compute#nodeTypeList for lists of node types.",
           "type": "string"
         },
         "nextPageToken": {
@@ -62961,15 +69826,142 @@
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
-        "unreachables": {
-          "description": "[Output Only] Unreachable resources.",
+        "warning": {
+          "description": "[Output Only] Informational warning message.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "NodeTypesScopedList": {
+      "id": "NodeTypesScopedList",
+      "properties": {
+        "nodeTypes": {
+          "description": "[Output Only] A list of node types contained in this scope.",
           "items": {
-            "type": "string"
+            "$ref": "NodeType"
           },
           "type": "array"
         },
         "warning": {
-          "description": "[Output Only] Informational warning message.",
+          "description": "[Output Only] An informational warning that appears when the node types list is empty.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -62984,6 +69976,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -63002,6 +69995,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -63013,6 +70036,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -63060,56 +70084,67 @@
       },
       "type": "object"
     },
-    "NodeGroupAutoscalingPolicy": {
-      "id": "NodeGroupAutoscalingPolicy",
+    "NotificationEndpoint": {
+      "description": "Represents a notification endpoint. A notification endpoint resource defines an endpoint to receive notifications when there are status changes detected by the associated health check service. For more information, see Health checks overview.",
+      "id": "NotificationEndpoint",
       "properties": {
-        "maxNodes": {
-          "description": "The maximum number of nodes that the group should have. Must be set if autoscaling is enabled. Maximum value allowed is 100.",
-          "format": "int32",
-          "type": "integer"
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
         },
-        "minNodes": {
-          "description": "The minimum number of nodes that the group should have.",
-          "format": "int32",
-          "type": "integer"
+        "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
+          "type": "string"
         },
-        "mode": {
-          "description": "The autoscaling mode. Set to one of: ON, OFF, or ONLY_SCALE_OUT. For more information, see Autoscaler modes.",
-          "enum": [
-            "MODE_UNSPECIFIED",
-            "OFF",
-            "ON",
-            "ONLY_SCALE_OUT"
-          ],
-          "enumDescriptions": [
-            "",
-            "Autoscaling is disabled.",
-            "Autocaling is fully enabled.",
-            "Autoscaling will only scale out and will not remove nodes."
-          ],
+        "grpcSettings": {
+          "$ref": "NotificationEndpointGrpcSettings",
+          "description": "Settings of the gRPC notification endpoint including the endpoint URL and the retry duration."
+        },
+        "id": {
+          "description": "[Output Only] A unique identifier for this resource type. The server generates this identifier.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "kind": {
+          "default": "compute#notificationEndpoint",
+          "description": "[Output Only] Type of the resource. Always compute#notificationEndpoint for notification endpoints.",
+          "type": "string"
+        },
+        "name": {
+          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "region": {
+          "description": "[Output Only] URL of the region where the notification endpoint resides. This field applies only to the regional resource. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "NodeGroupList": {
-      "description": "Contains a list of nodeGroups.",
-      "id": "NodeGroupList",
+    "NotificationEndpointAggregatedList": {
+      "description": "Contains a list of NotificationEndpointsScopedList.",
+      "id": "NotificationEndpointAggregatedList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of NodeGroup resources.",
-          "items": {
-            "$ref": "NodeGroup"
+          "additionalProperties": {
+            "$ref": "NotificationEndpointsScopedList",
+            "description": "Name of the scope containing this set of NotificationEndpoints."
           },
-          "type": "array"
+          "description": "A list of NotificationEndpointsScopedList resources.",
+          "type": "object"
         },
         "kind": {
-          "default": "compute#nodeGroupList",
-          "description": "[Output Only] Type of resource.Always compute#nodeGroupList for lists of node groups.",
+          "default": "compute#notificationEndpointAggregatedList",
+          "description": "Type of resource.",
           "type": "string"
         },
         "nextPageToken": {
@@ -63120,6 +70155,13 @@
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -63136,6 +70178,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -63154,6 +70197,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -63165,6 +70238,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -63212,159 +70286,51 @@
       },
       "type": "object"
     },
-    "NodeGroupMaintenanceWindow": {
-      "description": "Time window specified for daily maintenance operations. GCE's internal maintenance will be performed within this window.",
-      "id": "NodeGroupMaintenanceWindow",
-      "properties": {
-        "duration": {
-          "description": "[Output only] A predetermined duration for the window, automatically chosen to be the smallest possible in the given scenario.",
-          "type": "string"
-        },
-        "maintenanceDuration": {
-          "$ref": "Duration",
-          "description": "[Output only] A predetermined duration for the window, automatically chosen to be the smallest possible in the given scenario."
-        },
-        "startTime": {
-          "description": "Start time of the window. This must be in UTC format that resolves to one of 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and 08:00 are valid.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "NodeGroupNode": {
-      "id": "NodeGroupNode",
+    "NotificationEndpointGrpcSettings": {
+      "description": "Represents a gRPC setting that describes one gRPC notification endpoint and the retry duration attempting to send notification to this endpoint.",
+      "id": "NotificationEndpointGrpcSettings",
       "properties": {
-        "accelerators": {
-          "description": "Accelerators for this node.",
-          "items": {
-            "$ref": "AcceleratorConfig"
-          },
-          "type": "array"
-        },
-        "consumedResources": {
-          "$ref": "InstanceConsumptionInfo",
-          "description": "Node resources that are reserved by all instances."
-        },
-        "cpuOvercommitType": {
-          "description": "CPU overcommit.",
-          "enum": [
-            "CPU_OVERCOMMIT_TYPE_UNSPECIFIED",
-            "ENABLED",
-            "NONE"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "disks": {
-          "description": "Local disk configurations.",
-          "items": {
-            "$ref": "LocalDisk"
-          },
-          "type": "array"
-        },
-        "instanceConsumptionData": {
-          "description": "Instance data that shows consumed resources on the node.",
-          "items": {
-            "$ref": "InstanceConsumptionData"
-          },
-          "type": "array"
-        },
-        "instances": {
-          "description": "Instances scheduled on this node.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "name": {
-          "description": "The name of the node.",
+        "authority": {
+          "description": "Optional. If specified, this field is used to set the authority header by the sender of notifications. See https://tools.ietf.org/html/rfc7540#section-8.1.2.3",
           "type": "string"
         },
-        "nodeType": {
-          "description": "The type of this node.",
+        "endpoint": {
+          "description": "Endpoint to which gRPC notifications are sent. This must be a valid gRPCLB DNS name.",
           "type": "string"
         },
-        "satisfiesPzs": {
-          "description": "[Output Only] Reserved for future use.",
-          "type": "boolean"
-        },
-        "serverBinding": {
-          "$ref": "ServerBinding",
-          "description": "Binding properties for the physical server."
-        },
-        "serverId": {
-          "description": "Server ID associated with this node.",
+        "payloadName": {
+          "description": "Optional. If specified, this field is used to populate the \"name\" field in gRPC requests.",
           "type": "string"
         },
-        "status": {
-          "enum": [
-            "CREATING",
-            "DELETING",
-            "INVALID",
-            "READY",
-            "REPAIRING"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
+        "resendInterval": {
+          "$ref": "Duration",
+          "description": "Optional. This field is used to configure how often to send a full update of all non-healthy backends. If unspecified, full updates are not sent. If specified, must be in the range between 600 seconds to 3600 seconds. Nanos are disallowed. Can only be set for regional notification endpoints."
         },
-        "totalResources": {
-          "$ref": "InstanceConsumptionInfo",
-          "description": "Total amount of available resources on the node."
-        }
-      },
-      "type": "object"
-    },
-    "NodeGroupsAddNodesRequest": {
-      "id": "NodeGroupsAddNodesRequest",
-      "properties": {
-        "additionalNodeCount": {
-          "description": "Count of additional nodes to be added to the node group.",
-          "format": "int32",
+        "retryDurationSec": {
+          "description": "How much time (in seconds) is spent attempting notification retries until a successful response is received. Default is 30s. Limit is 20m (1200s). Must be a positive number.",
+          "format": "uint32",
           "type": "integer"
         }
       },
       "type": "object"
     },
-    "NodeGroupsDeleteNodesRequest": {
-      "id": "NodeGroupsDeleteNodesRequest",
-      "properties": {
-        "nodes": {
-          "description": "Names of the nodes to delete.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "NodeGroupsListNodes": {
-      "id": "NodeGroupsListNodes",
+    "NotificationEndpointList": {
+      "id": "NotificationEndpointList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of Node resources.",
+          "description": "A list of NotificationEndpoint resources.",
           "items": {
-            "$ref": "NodeGroupNode"
+            "$ref": "NotificationEndpoint"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#nodeGroupsListNodes",
-          "description": "[Output Only] The resource type, which is always compute.nodeGroupsListNodes for the list of nodes in the specified node group.",
+          "default": "compute#notificationEndpointList",
+          "description": "[Output Only] Type of the resource. Always compute#notificationEndpoint for notification endpoints.",
           "type": "string"
         },
         "nextPageToken": {
@@ -63391,6 +70357,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -63409,6 +70376,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -63420,6 +70417,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -63467,18 +70465,18 @@
       },
       "type": "object"
     },
-    "NodeGroupsScopedList": {
-      "id": "NodeGroupsScopedList",
+    "NotificationEndpointsScopedList": {
+      "id": "NotificationEndpointsScopedList",
       "properties": {
-        "nodeGroups": {
-          "description": "[Output Only] A list of node groups contained in this scope.",
+        "resources": {
+          "description": "A list of NotificationEndpoints contained in this scope.",
           "items": {
-            "$ref": "NodeGroup"
+            "$ref": "NotificationEndpoint"
           },
           "type": "array"
         },
         "warning": {
-          "description": "[Output Only] An informational warning that appears when the nodeGroup list is empty.",
+          "description": "Informational warning which replaces the list of notification endpoints when the list is empty.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -63493,6 +70491,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -63511,6 +70510,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -63522,6 +70551,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -63569,98 +70599,119 @@
       },
       "type": "object"
     },
-    "NodeGroupsSetNodeTemplateRequest": {
-      "id": "NodeGroupsSetNodeTemplateRequest",
-      "properties": {
-        "nodeTemplate": {
-          "description": "Full or partial URL of the node template resource to be updated for this node group.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "NodeGroupsSimulateMaintenanceEventRequest": {
-      "id": "NodeGroupsSimulateMaintenanceEventRequest",
-      "properties": {
-        "nodes": {
-          "description": "Names of the nodes to go under maintenance simulation.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "NodeTemplate": {
-      "description": "Represent a sole-tenant Node Template resource. You can use a template to define properties for nodes in a node group. For more information, read Creating node groups and instances.",
-      "id": "NodeTemplate",
+    "Operation": {
+      "description": "Represents an Operation resource. Google Compute Engine has three Operation resources: * [Global](/compute/docs/reference/rest/alpha/globalOperations) * [Regional](/compute/docs/reference/rest/alpha/regionOperations) * [Zonal](/compute/docs/reference/rest/alpha/zoneOperations) You can use an operation resource to manage asynchronous API requests. For more information, read Handling API responses. Operations can be global, regional or zonal. - For global operations, use the `globalOperations` resource. - For regional operations, use the `regionOperations` resource. - For zonal operations, use the `zonalOperations` resource. For more information, read Global, Regional, and Zonal Resources.",
+      "id": "Operation",
       "properties": {
-        "accelerators": {
-          "items": {
-            "$ref": "AcceleratorConfig"
-          },
-          "type": "array"
-        },
-        "cpuOvercommitType": {
-          "description": "CPU overcommit.",
-          "enum": [
-            "CPU_OVERCOMMIT_TYPE_UNSPECIFIED",
-            "ENABLED",
-            "NONE"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            ""
-          ],
+        "clientOperationId": {
+          "description": "[Output Only] The value of `requestId` if you provided it in the request. Not present otherwise.",
           "type": "string"
         },
         "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "description": "[Deprecated] This field is deprecated.",
           "type": "string"
         },
         "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
+          "description": "[Output Only] A textual description of the operation, which is set when the operation is created.",
           "type": "string"
         },
-        "disks": {
-          "items": {
-            "$ref": "LocalDisk"
+        "endTime": {
+          "description": "[Output Only] The time that this operation was completed. This value is in RFC3339 text format.",
+          "type": "string"
+        },
+        "error": {
+          "description": "[Output Only] If errors are generated during processing of the operation, this field will be populated.",
+          "properties": {
+            "errors": {
+              "description": "[Output Only] The array of errors encountered while processing this operation.",
+              "items": {
+                "properties": {
+                  "code": {
+                    "description": "[Output Only] The error type identifier for this error.",
+                    "type": "string"
+                  },
+                  "errorDetails": {
+                    "description": "[Output Only] An optional list of messages that contain the error details. There is a set of defined message types to use for providing details.The syntax depends on the error code. For example, QuotaExceededInfo will have details when the error code is QUOTA_EXCEEDED.",
+                    "items": {
+                      "properties": {
+                        "errorInfo": {
+                          "$ref": "ErrorInfo"
+                        },
+                        "help": {
+                          "$ref": "Help"
+                        },
+                        "localizedMessage": {
+                          "$ref": "LocalizedMessage"
+                        },
+                        "quotaInfo": {
+                          "$ref": "QuotaExceededInfo"
+                        }
+                      },
+                      "type": "object"
+                    },
+                    "type": "array"
+                  },
+                  "location": {
+                    "description": "[Output Only] Indicates the field in the request that caused the error. This property is optional.",
+                    "type": "string"
+                  },
+                  "message": {
+                    "description": "[Output Only] An optional, human-readable error message.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            }
           },
-          "type": "array"
+          "type": "object"
+        },
+        "httpErrorMessage": {
+          "description": "[Output Only] If the operation fails, this field contains the HTTP error message that was returned, such as `NOT FOUND`.",
+          "type": "string"
+        },
+        "httpErrorStatusCode": {
+          "description": "[Output Only] If the operation fails, this field contains the HTTP error status code that was returned. For example, a `404` means the resource was not found.",
+          "format": "int32",
+          "type": "integer"
         },
         "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "description": "[Output Only] The unique identifier for the operation. This identifier is defined by the server.",
           "format": "uint64",
           "type": "string"
         },
+        "insertTime": {
+          "description": "[Output Only] The time that this operation was requested. This value is in RFC3339 text format.",
+          "type": "string"
+        },
+        "instancesBulkInsertOperationMetadata": {
+          "$ref": "InstancesBulkInsertOperationMetadata"
+        },
         "kind": {
-          "default": "compute#nodeTemplate",
-          "description": "[Output Only] The type of the resource. Always compute#nodeTemplate for node templates.",
+          "default": "compute#operation",
+          "description": "[Output Only] Type of the resource. Always `compute#operation` for Operation resources.",
           "type": "string"
         },
         "name": {
-          "description": "The name of the resource, provided by the client when initially creating the resource. The resource name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "description": "[Output Only] Name of the operation.",
           "type": "string"
         },
-        "nodeAffinityLabels": {
-          "additionalProperties": {
-            "type": "string"
-          },
-          "description": "Labels to use for node affinity, which will be used in instance scheduling.",
-          "type": "object"
+        "operationGroupId": {
+          "description": "[Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.",
+          "type": "string"
         },
-        "nodeType": {
-          "description": "The node type to use for nodes group that are created from this template.",
+        "operationType": {
+          "description": "[Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.",
           "type": "string"
         },
-        "nodeTypeFlexibility": {
-          "$ref": "NodeTemplateNodeTypeFlexibility",
-          "description": "The flexible properties of the desired node type. Node groups that use this node template will create nodes of a type that matches these properties. This field is mutually exclusive with the node_type property; you can only define one or the other, but not both."
+        "progress": {
+          "description": "[Output Only] An optional progress indicator that ranges from 0 to 100. There is no requirement that this be linear or support any granularity of operations. This should not be used to guess when the operation will be complete. This number should monotonically increase as the operation progresses.",
+          "format": "int32",
+          "type": "integer"
         },
         "region": {
-          "description": "[Output Only] The name of the region where the node template resides, such as us-central1.",
+          "description": "[Output Only] The URL of the region where the operation resides. Only applicable when performing regional operations.",
           "type": "string"
         },
         "selfLink": {
@@ -63671,55 +70722,198 @@
           "description": "[Output Only] Server-defined URL for this resource with the resource id.",
           "type": "string"
         },
-        "serverBinding": {
-          "$ref": "ServerBinding",
-          "description": "Sets the binding properties for the physical server. Valid values include: - *[Default]* RESTART_NODE_ON_ANY_SERVER: Restarts VMs on any available physical server - RESTART_NODE_ON_MINIMAL_SERVER: Restarts VMs on the same physical server whenever possible See Sole-tenant node options for more information."
+        "setCommonInstanceMetadataOperationMetadata": {
+          "$ref": "SetCommonInstanceMetadataOperationMetadata",
+          "description": "[Output Only] If the operation is for projects.setCommonInstanceMetadata, this field will contain information on all underlying zonal actions and their state."
+        },
+        "startTime": {
+          "description": "[Output Only] The time that this operation was started by the server. This value is in RFC3339 text format.",
+          "type": "string"
         },
         "status": {
-          "description": "[Output Only] The status of the node template. One of the following values: CREATING, READY, and DELETING.",
+          "description": "[Output Only] The status of the operation, which can be one of the following: `PENDING`, `RUNNING`, or `DONE`.",
           "enum": [
-            "CREATING",
-            "DELETING",
-            "INVALID",
-            "READY"
+            "DONE",
+            "PENDING",
+            "RUNNING"
           ],
           "enumDescriptions": [
-            "Resources are being allocated.",
-            "The node template is currently being deleted.",
-            "Invalid status.",
-            "The node template is ready."
+            "",
+            "",
+            ""
           ],
           "type": "string"
         },
         "statusMessage": {
-          "description": "[Output Only] An optional, human-readable explanation of the status.",
+          "description": "[Output Only] An optional textual description of the current status of the operation.",
+          "type": "string"
+        },
+        "targetId": {
+          "description": "[Output Only] The unique target ID, which identifies a specific incarnation of the target resource.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "targetLink": {
+          "description": "[Output Only] The URL of the resource that the operation modifies. For operations related to creating a snapshot, this points to the persistent disk that the snapshot was created from.",
+          "type": "string"
+        },
+        "user": {
+          "description": "[Output Only] User who requested the operation, for example: `user@example.com` or `alice_smith_identifier (global/workforcePools/example-com-us-employees)`.",
+          "type": "string"
+        },
+        "warnings": {
+          "description": "[Output Only] If warning messages are generated during processing of the operation, this field will be populated.",
+          "items": {
+            "properties": {
+              "code": {
+                "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+                "enum": [
+                  "CLEANUP_FAILED",
+                  "DEPRECATED_RESOURCE_USED",
+                  "DEPRECATED_TYPE_USED",
+                  "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                  "EXPERIMENTAL_TYPE_USED",
+                  "EXTERNAL_API_WARNING",
+                  "FIELD_VALUE_OVERRIDEN",
+                  "INJECTED_KERNELS_DEPRECATED",
+                  "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                  "LARGE_DEPLOYMENT_WARNING",
+                  "LIST_OVERHEAD_QUOTA_EXCEED",
+                  "MISSING_TYPE_DEPENDENCY",
+                  "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                  "NEXT_HOP_CANNOT_IP_FORWARD",
+                  "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                  "NEXT_HOP_INSTANCE_NOT_FOUND",
+                  "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                  "NEXT_HOP_NOT_RUNNING",
+                  "NOT_CRITICAL_ERROR",
+                  "NO_RESULTS_ON_PAGE",
+                  "PARTIAL_SUCCESS",
+                  "REQUIRED_TOS_AGREEMENT",
+                  "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                  "RESOURCE_NOT_DELETED",
+                  "SCHEMA_VALIDATION_IGNORED",
+                  "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                  "UNDECLARED_PROPERTIES",
+                  "UNREACHABLE"
+                ],
+                "enumDeprecated": [
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  true,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false
+                ],
+                "enumDescriptions": [
+                  "Warning about failed cleanup of transient changes made by a failed operation.",
+                  "A link to a deprecated resource was created.",
+                  "When deploying and at least one of the resources has a type marked as deprecated",
+                  "The user created a boot disk that is larger than image size.",
+                  "When deploying and at least one of the resources has a type marked as experimental",
+                  "Warning that is present in an external api call",
+                  "Warning that value of a field has been overridden. Deprecated unused field.",
+                  "The operation involved use of an injected kernel, which is deprecated.",
+                  "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                  "When deploying a deployment with a exceedingly large number of resources",
+                  "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                  "A resource depends on a missing type",
+                  "The route's nextHopIp address is not assigned to an instance on the network.",
+                  "The route's next hop instance cannot ip forward.",
+                  "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                  "The route's nextHopInstance URL refers to an instance that does not exist.",
+                  "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                  "The route's next hop instance does not have a status of RUNNING.",
+                  "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                  "No results are present on a particular list page.",
+                  "Success is reported, but some results may be missing due to errors",
+                  "The user attempted to use a resource that requires a TOS they have not accepted.",
+                  "Warning that a resource is in use.",
+                  "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                  "When a resource schema validation is ignored.",
+                  "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                  "When undeclared properties in the schema are present",
+                  "A given scope cannot be reached."
+                ],
+                "type": "string"
+              },
+              "data": {
+                "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+                "items": {
+                  "properties": {
+                    "key": {
+                      "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                      "type": "string"
+                    },
+                    "value": {
+                      "description": "[Output Only] A warning data value corresponding to the key.",
+                      "type": "string"
+                    }
+                  },
+                  "type": "object"
+                },
+                "type": "array"
+              },
+              "message": {
+                "description": "[Output Only] A human-readable description of the warning code.",
+                "type": "string"
+              }
+            },
+            "type": "object"
+          },
+          "type": "array"
+        },
+        "zone": {
+          "description": "[Output Only] The URL of the zone where the operation resides. Only applicable when performing per-zone operations.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "NodeTemplateAggregatedList": {
-      "id": "NodeTemplateAggregatedList",
+    "OperationAggregatedList": {
+      "id": "OperationAggregatedList",
       "properties": {
         "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
           "type": "string"
         },
         "items": {
           "additionalProperties": {
-            "$ref": "NodeTemplatesScopedList",
-            "description": "[Output Only] Name of the scope containing this set of node templates."
+            "$ref": "OperationsScopedList",
+            "description": "[Output Only] Name of the scope containing this set of operations."
           },
-          "description": "A list of NodeTemplatesScopedList resources.",
+          "description": "[Output Only] A map of scoped operation lists.",
           "type": "object"
         },
         "kind": {
-          "default": "compute#nodeTemplateAggregatedList",
-          "description": "[Output Only] Type of resource.Always compute#nodeTemplateAggregatedList for aggregated lists of node templates.",
+          "default": "compute#operationAggregatedList",
+          "description": "[Output Only] Type of resource. Always `compute#operationAggregatedList` for aggregated lists of operations.",
           "type": "string"
         },
         "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than `maxResults`, use the `nextPageToken` as a value for the query parameter `pageToken` in the next list request. Subsequent list requests will have their own `nextPageToken` to continue paging through the results.",
           "type": "string"
         },
         "selfLink": {
@@ -63749,6 +70943,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -63767,6 +70962,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -63778,6 +71003,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -63825,28 +71051,28 @@
       },
       "type": "object"
     },
-    "NodeTemplateList": {
-      "description": "Contains a list of node templates.",
-      "id": "NodeTemplateList",
+    "OperationList": {
+      "description": "Contains a list of Operation resources.",
+      "id": "OperationList",
       "properties": {
         "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of NodeTemplate resources.",
+          "description": "[Output Only] A list of Operation resources.",
           "items": {
-            "$ref": "NodeTemplate"
+            "$ref": "Operation"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#nodeTemplateList",
-          "description": "[Output Only] Type of resource.Always compute#nodeTemplateList for lists of node templates.",
+          "default": "compute#operationList",
+          "description": "[Output Only] Type of resource. Always `compute#operations` for Operations resource.",
           "type": "string"
         },
         "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than `maxResults`, use the `nextPageToken` as a value for the query parameter `pageToken` in the next list request. Subsequent list requests will have their own `nextPageToken` to continue paging through the results.",
           "type": "string"
         },
         "selfLink": {
@@ -63869,6 +71095,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -63887,6 +71114,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -63898,6 +71155,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -63945,33 +71203,18 @@
       },
       "type": "object"
     },
-    "NodeTemplateNodeTypeFlexibility": {
-      "id": "NodeTemplateNodeTypeFlexibility",
-      "properties": {
-        "cpus": {
-          "type": "string"
-        },
-        "localSsd": {
-          "type": "string"
-        },
-        "memory": {
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "NodeTemplatesScopedList": {
-      "id": "NodeTemplatesScopedList",
+    "OperationsScopedList": {
+      "id": "OperationsScopedList",
       "properties": {
-        "nodeTemplates": {
-          "description": "[Output Only] A list of node templates contained in this scope.",
+        "operations": {
+          "description": "[Output Only] A list of operations contained in this scope.",
           "items": {
-            "$ref": "NodeTemplate"
+            "$ref": "Operation"
           },
           "type": "array"
         },
         "warning": {
-          "description": "[Output Only] An informational warning that appears when the node templates list is empty.",
+          "description": "[Output Only] Informational warning which replaces the list of operations when the list is empty.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -63986,6 +71229,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -64004,6 +71248,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -64015,6 +71289,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -64062,30 +71337,184 @@
       },
       "type": "object"
     },
-    "NodeType": {
-      "description": "Represent a sole-tenant Node Type resource. Each node within a node group must have a node type. A node type specifies the total amount of cores and memory for that node. Currently, the only available node type is n1-node-96-624 node type that has 96 vCPUs and 624 GB of memory, available in multiple zones. For more information read Node types.",
-      "id": "NodeType",
+    "OrganizationSecurityPoliciesListAssociationsResponse": {
+      "id": "OrganizationSecurityPoliciesListAssociationsResponse",
       "properties": {
-        "cpuPlatform": {
-          "description": "[Output Only] The CPU platform used by this node type.",
+        "associations": {
+          "description": "A list of associations.",
+          "items": {
+            "$ref": "SecurityPolicyAssociation"
+          },
+          "type": "array"
+        },
+        "kind": {
+          "default": "compute#organizationSecurityPoliciesListAssociationsResponse",
+          "description": "[Output Only] Type of securityPolicy associations. Always compute#organizationSecurityPoliciesListAssociations for lists of securityPolicy associations.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "OriginAuthenticationMethod": {
+      "description": "[Deprecated] Configuration for the origin authentication method. Configuration for the origin authentication method.",
+      "id": "OriginAuthenticationMethod",
+      "properties": {
+        "jwt": {
+          "$ref": "Jwt"
+        }
+      },
+      "type": "object"
+    },
+    "OutlierDetection": {
+      "description": "Settings controlling the eviction of unhealthy hosts from the load balancing pool for the backend service.",
+      "id": "OutlierDetection",
+      "properties": {
+        "baseEjectionTime": {
+          "$ref": "Duration",
+          "description": "The base time that a backend endpoint is ejected for. Defaults to 30000ms or 30s. After a backend endpoint is returned back to the load balancing pool, it can be ejected again in another ejection analysis. Thus, the total ejection time is equal to the base ejection time multiplied by the number of times the backend endpoint has been ejected. Defaults to 30000ms or 30s."
+        },
+        "consecutiveErrors": {
+          "description": "Number of consecutive errors before a backend endpoint is ejected from the load balancing pool. When the backend endpoint is accessed over HTTP, a 5xx return code qualifies as an error. Defaults to 5.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "consecutiveGatewayFailure": {
+          "description": "The number of consecutive gateway failures (502, 503, 504 status or connection errors that are mapped to one of those status codes) before a consecutive gateway failure ejection occurs. Defaults to 3.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "enforcingConsecutiveErrors": {
+          "description": "The percentage chance that a backend endpoint will be ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 0.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "enforcingConsecutiveGatewayFailure": {
+          "description": "The percentage chance that a backend endpoint will be ejected when an outlier status is detected through consecutive gateway failures. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "enforcingSuccessRate": {
+          "description": "The percentage chance that a backend endpoint will be ejected when an outlier status is detected through success rate statistics. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100. Not supported when the backend service uses Serverless NEG.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "interval": {
+          "$ref": "Duration",
+          "description": "Time interval between ejection analysis sweeps. This can result in both new ejections and backend endpoints being returned to service. The interval is equal to the number of seconds as defined in outlierDetection.interval.seconds plus the number of nanoseconds as defined in outlierDetection.interval.nanos. Defaults to 1 second."
+        },
+        "maxEjectionPercent": {
+          "description": "Maximum percentage of backend endpoints in the load balancing pool for the backend service that can be ejected if the ejection conditions are met. Defaults to 50%.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "successRateMinimumHosts": {
+          "description": "The number of backend endpoints in the load balancing pool that must have enough request volume to detect success rate outliers. If the number of backend endpoints is fewer than this setting, outlier detection via success rate statistics is not performed for any backend endpoint in the load balancing pool. Defaults to 5. Not supported when the backend service uses Serverless NEG.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "successRateRequestVolume": {
+          "description": "The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to include this backend endpoint in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that backend endpoint. Defaults to 100. Not supported when the backend service uses Serverless NEG.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "successRateStdevFactor": {
+          "description": "This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (stdev * successRateStdevFactor). This factor is divided by a thousand to get a double. That is, if the desired factor is 1.9, the runtime value should be 1900. Defaults to 1900. Not supported when the backend service uses Serverless NEG.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "PacketIntervals": {
+      "description": "Next free: 7",
+      "id": "PacketIntervals",
+      "properties": {
+        "avgMs": {
+          "description": "Average observed inter-packet interval in milliseconds.",
+          "format": "int64",
+          "type": "string"
+        },
+        "duration": {
+          "description": "From how long ago in the past these intervals were observed.",
+          "enum": [
+            "DURATION_UNSPECIFIED",
+            "HOUR",
+            "MAX",
+            "MINUTE"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            "From BfdSession object creation time.",
+            ""
+          ],
+          "type": "string"
+        },
+        "maxMs": {
+          "description": "Maximum observed inter-packet interval in milliseconds.",
+          "format": "int64",
+          "type": "string"
+        },
+        "minMs": {
+          "description": "Minimum observed inter-packet interval in milliseconds.",
+          "format": "int64",
+          "type": "string"
+        },
+        "numIntervals": {
+          "description": "Number of inter-packet intervals from which these statistics were derived.",
+          "format": "int64",
+          "type": "string"
+        },
+        "type": {
+          "description": "The type of packets for which inter-packet intervals were computed.",
+          "enum": [
+            "LOOPBACK",
+            "RECEIVE",
+            "TRANSMIT",
+            "TYPE_UNSPECIFIED"
+          ],
+          "enumDescriptions": [
+            "Only applies to Echo packets. This shows the intervals between sending and receiving the same packet.",
+            "Intervals between received packets.",
+            "Intervals between transmitted packets.",
+            ""
+          ],
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "PacketMirroring": {
+      "description": "Represents a Packet Mirroring resource. Packet Mirroring clones the traffic of specified instances in your Virtual Private Cloud (VPC) network and forwards it to a collector destination, such as an instance group of an internal TCP/UDP load balancer, for analysis or examination. For more information about setting up Packet Mirroring, see Using Packet Mirroring.",
+      "id": "PacketMirroring",
+      "properties": {
+        "collectorIlb": {
+          "$ref": "PacketMirroringForwardingRuleInfo",
+          "description": "The Forwarding Rule resource of type loadBalancingScheme=INTERNAL that will be used as collector for mirrored traffic. The specified forwarding rule must have isMirroringCollector set to true."
         },
         "creationTimestamp": {
           "description": "[Output Only] Creation timestamp in RFC3339 text format.",
           "type": "string"
         },
-        "deprecated": {
-          "$ref": "DeprecationStatus",
-          "description": "[Output Only] The deprecation status associated with this node type."
-        },
         "description": {
-          "description": "[Output Only] An optional textual description of the resource.",
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
           "type": "string"
         },
-        "guestCpus": {
-          "description": "[Output Only] The number of virtual CPUs that are available to the node type.",
-          "format": "int32",
-          "type": "integer"
+        "enable": {
+          "description": "Indicates whether or not this packet mirroring takes effect. If set to FALSE, this packet mirroring policy will not be enforced on the network. The default is TRUE.",
+          "enum": [
+            "FALSE",
+            "TRUE"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "filter": {
+          "$ref": "PacketMirroringFilter",
+          "description": "Filter for mirrored traffic. If unspecified, all traffic is mirrored."
         },
         "id": {
           "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
@@ -64093,25 +71522,42 @@
           "type": "string"
         },
         "kind": {
-          "default": "compute#nodeType",
-          "description": "[Output Only] The type of the resource. Always compute#nodeType for node types.",
+          "default": "compute#packetMirroring",
+          "description": "[Output Only] Type of the resource. Always compute#packetMirroring for packet mirrorings.",
           "type": "string"
         },
-        "localSsdGb": {
-          "description": "[Output Only] Local SSD available to the node type, defined in GB.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "memoryMb": {
-          "description": "[Output Only] The amount of physical memory available to the node type, defined in MB.",
-          "format": "int32",
-          "type": "integer"
+        "mirroredResources": {
+          "$ref": "PacketMirroringMirroredResourceInfo",
+          "description": "PacketMirroring mirroredResourceInfos. MirroredResourceInfo specifies a set of mirrored VM instances, subnetworks and/or tags for which traffic from/to all VM instances will be mirrored."
         },
         "name": {
-          "description": "[Output Only] Name of the resource.",
+          "annotations": {
+            "required": [
+              "compute.packetMirrorings.insert"
+            ]
+          },
+          "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
           "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
         },
+        "network": {
+          "$ref": "PacketMirroringNetworkInfo",
+          "annotations": {
+            "required": [
+              "compute.packetMirrorings.insert"
+            ]
+          },
+          "description": "Specifies the mirrored VPC network. Only packets in this network will be mirrored. All mirrored VMs should have a NIC in the given network. All mirrored subnetworks should belong to the given network."
+        },
+        "priority": {
+          "description": "The priority of applying this configuration. Priority is used to break ties in cases where there is more than one matching rule. In the case of two rules that apply for a given Instance, the one with the lowest-numbered priority value wins. Default value is 1000. Valid range is 0 through 65535.",
+          "format": "uint32",
+          "type": "integer"
+        },
+        "region": {
+          "description": "[Output Only] URI of the region where the packetMirroring resides.",
+          "type": "string"
+        },
         "selfLink": {
           "description": "[Output Only] Server-defined URL for the resource.",
           "type": "string"
@@ -64119,16 +71565,13 @@
         "selfLinkWithId": {
           "description": "[Output Only] Server-defined URL for this resource with the resource id.",
           "type": "string"
-        },
-        "zone": {
-          "description": "[Output Only] The name of the zone where the node type resides, such as us-central1-a.",
-          "type": "string"
         }
       },
       "type": "object"
     },
-    "NodeTypeAggregatedList": {
-      "id": "NodeTypeAggregatedList",
+    "PacketMirroringAggregatedList": {
+      "description": "Contains a list of packetMirrorings.",
+      "id": "PacketMirroringAggregatedList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
@@ -64136,15 +71579,15 @@
         },
         "items": {
           "additionalProperties": {
-            "$ref": "NodeTypesScopedList",
-            "description": "[Output Only] Name of the scope containing this set of node types."
+            "$ref": "PacketMirroringsScopedList",
+            "description": "Name of the scope containing this set of packetMirrorings."
           },
-          "description": "A list of NodeTypesScopedList resources.",
+          "description": "A list of PacketMirroring resources.",
           "type": "object"
         },
         "kind": {
-          "default": "compute#nodeTypeAggregatedList",
-          "description": "[Output Only] Type of resource.Always compute#nodeTypeAggregatedList for aggregated lists of node types.",
+          "default": "compute#packetMirroringAggregatedList",
+          "description": "Type of resource.",
           "type": "string"
         },
         "nextPageToken": {
@@ -64178,6 +71621,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -64196,6 +71640,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -64207,6 +71681,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -64254,24 +71729,72 @@
       },
       "type": "object"
     },
-    "NodeTypeList": {
-      "description": "Contains a list of node types.",
-      "id": "NodeTypeList",
+    "PacketMirroringFilter": {
+      "id": "PacketMirroringFilter",
+      "properties": {
+        "IPProtocols": {
+          "description": "Protocols that apply as filter on mirrored traffic. If no protocols are specified, all traffic that matches the specified CIDR ranges is mirrored. If neither cidrRanges nor IPProtocols is specified, all traffic is mirrored.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "cidrRanges": {
+          "description": "IP CIDR ranges that apply as filter on the source (ingress) or destination (egress) IP in the IP header. Only IPv4 is supported. If no ranges are specified, all traffic that matches the specified IPProtocols is mirrored. If neither cidrRanges nor IPProtocols is specified, all traffic is mirrored.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "direction": {
+          "description": "Direction of traffic to mirror, either INGRESS, EGRESS, or BOTH. The default is BOTH.",
+          "enum": [
+            "BOTH",
+            "EGRESS",
+            "INGRESS"
+          ],
+          "enumDescriptions": [
+            "Default, both directions are mirrored.",
+            "Only egress traffic is mirrored.",
+            "Only ingress traffic is mirrored."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "PacketMirroringForwardingRuleInfo": {
+      "id": "PacketMirroringForwardingRuleInfo",
+      "properties": {
+        "canonicalUrl": {
+          "description": "[Output Only] Unique identifier for the forwarding rule; defined by the server.",
+          "type": "string"
+        },
+        "url": {
+          "description": "Resource URL to the forwarding rule representing the ILB configured as destination of the mirrored traffic.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "PacketMirroringList": {
+      "description": "Contains a list of PacketMirroring resources.",
+      "id": "PacketMirroringList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of NodeType resources.",
+          "description": "A list of PacketMirroring resources.",
           "items": {
-            "$ref": "NodeType"
+            "$ref": "PacketMirroring"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#nodeTypeList",
-          "description": "[Output Only] Type of resource.Always compute#nodeTypeList for lists of node types.",
+          "default": "compute#packetMirroringList",
+          "description": "[Output Only] Type of resource. Always compute#packetMirroring for packetMirrorings.",
           "type": "string"
         },
         "nextPageToken": {
@@ -64298,6 +71821,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -64316,6 +71840,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -64327,6 +71881,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -64369,23 +71924,92 @@
               "type": "string"
             }
           },
-          "type": "object"
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "PacketMirroringMirroredResourceInfo": {
+      "id": "PacketMirroringMirroredResourceInfo",
+      "properties": {
+        "instances": {
+          "description": "A set of virtual machine instances that are being mirrored. They must live in zones contained in the same region as this packetMirroring. Note that this config will apply only to those network interfaces of the Instances that belong to the network specified in this packetMirroring. You may specify a maximum of 50 Instances.",
+          "items": {
+            "$ref": "PacketMirroringMirroredResourceInfoInstanceInfo"
+          },
+          "type": "array"
+        },
+        "subnetworks": {
+          "description": "A set of subnetworks for which traffic from/to all VM instances will be mirrored. They must live in the same region as this packetMirroring. You may specify a maximum of 5 subnetworks.",
+          "items": {
+            "$ref": "PacketMirroringMirroredResourceInfoSubnetInfo"
+          },
+          "type": "array"
+        },
+        "tags": {
+          "description": "A set of mirrored tags. Traffic from/to all VM instances that have one or more of these tags will be mirrored.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "NodeTypesScopedList": {
-      "id": "NodeTypesScopedList",
+    "PacketMirroringMirroredResourceInfoInstanceInfo": {
+      "id": "PacketMirroringMirroredResourceInfoInstanceInfo",
       "properties": {
-        "nodeTypes": {
-          "description": "[Output Only] A list of node types contained in this scope.",
+        "canonicalUrl": {
+          "description": "[Output Only] Unique identifier for the instance; defined by the server.",
+          "type": "string"
+        },
+        "url": {
+          "description": "Resource URL to the virtual machine instance which is being mirrored.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "PacketMirroringMirroredResourceInfoSubnetInfo": {
+      "id": "PacketMirroringMirroredResourceInfoSubnetInfo",
+      "properties": {
+        "canonicalUrl": {
+          "description": "[Output Only] Unique identifier for the subnetwork; defined by the server.",
+          "type": "string"
+        },
+        "url": {
+          "description": "Resource URL to the subnetwork for which traffic from/to all VM instances will be mirrored.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "PacketMirroringNetworkInfo": {
+      "id": "PacketMirroringNetworkInfo",
+      "properties": {
+        "canonicalUrl": {
+          "description": "[Output Only] Unique identifier for the network; defined by the server.",
+          "type": "string"
+        },
+        "url": {
+          "description": "URL of the network resource.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "PacketMirroringsScopedList": {
+      "id": "PacketMirroringsScopedList",
+      "properties": {
+        "packetMirrorings": {
+          "description": "A list of packetMirrorings contained in this scope.",
           "items": {
-            "$ref": "NodeType"
+            "$ref": "PacketMirroring"
           },
           "type": "array"
         },
         "warning": {
-          "description": "[Output Only] An informational warning that appears when the node types list is empty.",
+          "description": "Informational warning which replaces the list of packetMirrorings when the list is empty.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -64400,6 +72024,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -64418,6 +72043,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -64429,6 +72084,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -64476,714 +72132,835 @@
       },
       "type": "object"
     },
-    "NotificationEndpoint": {
-      "description": "Represents a notification endpoint. A notification endpoint resource defines an endpoint to receive notifications when there are status changes detected by the associated health check service. For more information, see Health checks overview.",
-      "id": "NotificationEndpoint",
+    "PartnerMetadata": {
+      "description": "Model definition of partner_metadata field. To be used in dedicated Partner Metadata methods and to be inlined in the Instance and InstanceTemplate resources.",
+      "id": "PartnerMetadata",
+      "properties": {
+        "fingerprint": {
+          "description": "Instance-level hash to be used for optimistic locking.",
+          "format": "byte",
+          "type": "string"
+        },
+        "partnerMetadata": {
+          "additionalProperties": {
+            "$ref": "StructuredEntries"
+          },
+          "description": "Partner Metadata assigned to the instance. A map from a subdomain to entries map. Subdomain name must be compliant with RFC1035 definition. The total size of all keys and values must be less than 2MB. Subdomain 'metadata.compute.googleapis.com' is reserverd for instance's metadata.",
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "PathMatcher": {
+      "description": "A matcher for the path portion of the URL. The BackendService from the longest-matched rule will serve the URL. If no rule was matched, the default service is used.",
+      "id": "PathMatcher",
+      "properties": {
+        "defaultCustomErrorResponsePolicy": {
+          "$ref": "CustomErrorResponsePolicy",
+          "description": "defaultCustomErrorResponsePolicy specifies how the Load Balancer returns error responses when BackendServiceor BackendBucket responds with an error. This policy takes effect at the PathMatcher level and applies only when no policy has been defined for the error code at lower levels like RouteRule and PathRule within this PathMatcher. If an error code does not have a policy defined in defaultCustomErrorResponsePolicy, then a policy defined for the error code in UrlMap.defaultCustomErrorResponsePolicy takes effect. For example, consider a UrlMap with the following configuration: - UrlMap.defaultCustomErrorResponsePolicy is configured with policies for 5xx and 4xx errors - A RouteRule for /coming_soon/ is configured for the error code 404. If the request is for www.myotherdomain.com and a 404 is encountered, the policy under UrlMap.defaultCustomErrorResponsePolicy takes effect. If a 404 response is encountered for the request www.example.com/current_events/, the pathMatcher's policy takes effect. If however, the request for www.example.com/coming_soon/ encounters a 404, the policy in RouteRule.customErrorResponsePolicy takes effect. If any of the requests in this example encounter a 500 error code, the policy at UrlMap.defaultCustomErrorResponsePolicy takes effect. When used in conjunction with pathMatcher.defaultRouteAction.retryPolicy, retries take precedence. Only once all retries are exhausted, the defaultCustomErrorResponsePolicy is applied. While attempting a retry, if load balancer is successful in reaching the service, the defaultCustomErrorResponsePolicy is ignored and the response from the service is returned to the client. defaultCustomErrorResponsePolicy is supported only for Global External HTTP(S) load balancing."
+        },
+        "defaultRouteAction": {
+          "$ref": "HttpRouteAction",
+          "description": "defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. Only one of defaultRouteAction or defaultUrlRedirect must be set. URL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within a path matcher's defaultRouteAction."
+        },
+        "defaultService": {
+          "description": "The full or partial URL to the BackendService resource. This URL is used if none of the pathRules or routeRules defined by this PathMatcher are matched. For example, the following are all valid URLs to a BackendService resource: - https://www.googleapis.com/compute/v1/projects/project /global/backendServices/backendService - compute/v1/projects/project/global/backendServices/backendService - global/backendServices/backendService If defaultRouteAction is also specified, advanced routing actions, such as URL rewrites, take effect before sending the request to the backend. However, if defaultService is specified, defaultRouteAction cannot contain any weightedBackendServices. Conversely, if defaultRouteAction specifies any weightedBackendServices, defaultService must not be specified. Only one of defaultService, defaultUrlRedirect , or defaultRouteAction.weightedBackendService must be set. Authorization requires one or more of the following Google IAM permissions on the specified resource default_service: - compute.backendBuckets.use - compute.backendServices.use ",
+          "type": "string"
+        },
+        "defaultUrlRedirect": {
+          "$ref": "HttpRedirectAction",
+          "description": "When none of the specified pathRules or routeRules match, the request is redirected to a URL specified by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or defaultRouteAction must not be set. Not supported when the URL map is bound to a target gRPC proxy."
+        },
+        "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
+          "type": "string"
+        },
+        "headerAction": {
+          "$ref": "HttpHeaderAction",
+          "description": "Specifies changes to request and response headers that need to take effect for the selected backend service. HeaderAction specified here are applied after the matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap HeaderAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true."
+        },
+        "name": {
+          "description": "The name to which this PathMatcher is referred by the HostRule.",
+          "type": "string"
+        },
+        "pathRules": {
+          "description": "The list of path rules. Use this list instead of routeRules when routing based on simple path matching is all that's required. The order by which path rules are specified does not matter. Matches are always done on the longest-path-first basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* irrespective of the order in which those paths appear in this list. Within a given pathMatcher, only one of pathRules or routeRules must be set.",
+          "items": {
+            "$ref": "PathRule"
+          },
+          "type": "array"
+        },
+        "routeRules": {
+          "description": "The list of HTTP route rules. Use this list instead of pathRules when advanced route matching and routing actions are desired. routeRules are evaluated in order of priority, from the lowest to highest number. Within a given pathMatcher, you can set only one of pathRules or routeRules.",
+          "items": {
+            "$ref": "HttpRouteRule"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "PathRule": {
+      "description": "A path-matching rule for a URL. If matched, will use the specified BackendService to handle the traffic arriving at this URL.",
+      "id": "PathRule",
+      "properties": {
+        "customErrorResponsePolicy": {
+          "$ref": "CustomErrorResponsePolicy",
+          "description": "customErrorResponsePolicy specifies how the Load Balancer returns error responses when BackendServiceor BackendBucket responds with an error. If a policy for an error code is not configured for the PathRule, a policy for the error code configured in pathMatcher.defaultCustomErrorResponsePolicy is applied. If one is not specified in pathMatcher.defaultCustomErrorResponsePolicy, the policy configured in UrlMap.defaultCustomErrorResponsePolicy takes effect. For example, consider a UrlMap with the following configuration: - UrlMap.defaultCustomErrorResponsePolicy are configured with policies for 5xx and 4xx errors - A PathRule for /coming_soon/ is configured for the error code 404. If the request is for www.myotherdomain.com and a 404 is encountered, the policy under UrlMap.defaultCustomErrorResponsePolicy takes effect. If a 404 response is encountered for the request www.example.com/current_events/, the pathMatcher's policy takes effect. If however, the request for www.example.com/coming_soon/ encounters a 404, the policy in PathRule.customErrorResponsePolicy takes effect. If any of the requests in this example encounter a 500 error code, the policy at UrlMap.defaultCustomErrorResponsePolicy takes effect. customErrorResponsePolicy is supported only for Global External HTTP(S) load balancing."
+        },
+        "paths": {
+          "description": "The list of path patterns to match. Each must start with / and the only place a * is allowed is at the end following a /. The string fed to the path matcher does not include any text after the first ? or #, and those chars are not allowed here.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "routeAction": {
+          "$ref": "HttpRouteAction",
+          "description": "In response to a matching path, the load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If routeAction specifies any weightedBackendServices, service must not be set. Conversely if service is set, routeAction cannot contain any weightedBackendServices. Only one of routeAction or urlRedirect must be set. URL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within a path rule's routeAction."
+        },
+        "service": {
+          "description": "The full or partial URL of the backend service resource to which traffic is directed if this rule is matched. If routeAction is also specified, advanced routing actions, such as URL rewrites, take effect before sending the request to the backend. However, if service is specified, routeAction cannot contain any weightedBackendServices. Conversely, if routeAction specifies any weightedBackendServices, service must not be specified. Only one of urlRedirect, service or routeAction.weightedBackendService must be set.",
+          "type": "string"
+        },
+        "urlRedirect": {
+          "$ref": "HttpRedirectAction",
+          "description": "When a path pattern is matched, the request is redirected to a URL specified by urlRedirect. If urlRedirect is specified, service or routeAction must not be set. Not supported when the URL map is bound to a target gRPC proxy."
+        }
+      },
+      "type": "object"
+    },
+    "PeerAuthenticationMethod": {
+      "description": "[Deprecated] Configuration for the peer authentication method. Configuration for the peer authentication method.",
+      "id": "PeerAuthenticationMethod",
+      "properties": {
+        "mtls": {
+          "$ref": "MutualTls",
+          "description": "Set if mTLS is used for peer authentication."
+        }
+      },
+      "type": "object"
+    },
+    "PerInstanceConfig": {
+      "id": "PerInstanceConfig",
+      "properties": {
+        "fingerprint": {
+          "description": "Fingerprint of this per-instance config. This field can be used in optimistic locking. It is ignored when inserting a per-instance config. An up-to-date fingerprint must be provided in order to update an existing per-instance configuration or the field needs to be unset.",
+          "format": "byte",
+          "type": "string"
+        },
+        "name": {
+          "description": "The name of a per-instance configuration and its corresponding instance. Serves as a merge key during UpdatePerInstanceConfigs operations, that is, if a per-instance configuration with the same name exists then it will be updated, otherwise a new one will be created for the VM instance with the same name. An attempt to create a per-instance configconfiguration for a VM instance that either doesn't exist or is not part of the group will result in an error.",
+          "type": "string"
+        },
+        "preservedState": {
+          "$ref": "PreservedState",
+          "description": "The intended preserved state for the given instance. Does not contain preserved state generated from a stateful policy."
+        },
+        "status": {
+          "description": "The status of applying this per-instance configuration on the corresponding managed instance.",
+          "enum": [
+            "APPLYING",
+            "DELETING",
+            "EFFECTIVE",
+            "NONE",
+            "UNAPPLIED",
+            "UNAPPLIED_DELETION"
+          ],
+          "enumDescriptions": [
+            "The per-instance configuration is being applied to the instance, but is not yet effective, possibly waiting for the instance to, for example, REFRESH.",
+            "The per-instance configuration deletion is being applied on the instance, possibly waiting for the instance to, for example, REFRESH.",
+            "The per-instance configuration is effective on the instance, meaning that all disks, ips and metadata specified in this configuration are attached or set on the instance.",
+            "*[Default]* The default status, when no per-instance configuration exists.",
+            "The per-instance configuration is set on an instance but not been applied yet.",
+            "The per-instance configuration has been deleted, but the deletion is not yet applied."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "Permission": {
+      "description": "[Deprecated] All fields defined in a permission are ANDed.",
+      "id": "Permission",
+      "properties": {
+        "constraints": {
+          "description": "Extra custom constraints. The constraints are ANDed together.",
+          "items": {
+            "$ref": "PermissionConstraint"
+          },
+          "type": "array"
+        },
+        "hosts": {
+          "description": "Used in Ingress or Egress Gateway cases to specify hosts that the policy applies to. Exact match, prefix match, and suffix match are supported.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "methods": {
+          "description": "HTTP method.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "notHosts": {
+          "description": "Negate of hosts. Specifies exclusions.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "notMethods": {
+          "description": "Negate of methods. Specifies exclusions.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "notPaths": {
+          "description": "Negate of paths. Specifies exclusions.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "notPorts": {
+          "description": "Negate of ports. Specifies exclusions.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "paths": {
+          "description": "HTTP request paths or gRPC methods. Exact match, prefix match, and suffix match are supported.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "ports": {
+          "description": "Port names or numbers.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "PermissionConstraint": {
+      "description": "Custom constraint that specifies a key and a list of allowed values for Istio attributes.",
+      "id": "PermissionConstraint",
+      "properties": {
+        "key": {
+          "description": "Key of the constraint.",
+          "type": "string"
+        },
+        "values": {
+          "description": "A list of allowed values.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "Policy": {
+      "description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user:mike@example.com\", \"group:admins@example.com\", \"domain:google.com\", \"serviceAccount:my-project-id@appspot.gserviceaccount.com\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user:eve@example.com\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time \u003c timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time \u003c timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).",
+      "id": "Policy",
+      "properties": {
+        "auditConfigs": {
+          "description": "Specifies cloud audit logging configuration for this policy.",
+          "items": {
+            "$ref": "AuditConfig"
+          },
+          "type": "array"
+        },
+        "bindings": {
+          "description": "Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.",
+          "items": {
+            "$ref": "Binding"
+          },
+          "type": "array"
+        },
+        "etag": {
+          "description": "`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.",
+          "format": "byte",
+          "type": "string"
+        },
+        "rules": {
+          "description": "This is deprecated and has no effect. Do not use.",
+          "items": {
+            "$ref": "Rule"
+          },
+          "type": "array"
+        },
+        "version": {
+          "description": "Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "PreconfiguredWafSet": {
+      "id": "PreconfiguredWafSet",
+      "properties": {
+        "expressionSets": {
+          "description": "List of entities that are currently supported for WAF rules.",
+          "items": {
+            "$ref": "WafExpressionSet"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "PreservedState": {
+      "description": "Preserved state for a given instance.",
+      "id": "PreservedState",
+      "properties": {
+        "disks": {
+          "additionalProperties": {
+            "$ref": "PreservedStatePreservedDisk"
+          },
+          "description": "Preserved disks defined for this instance. This map is keyed with the device names of the disks.",
+          "type": "object"
+        },
+        "externalIPs": {
+          "additionalProperties": {
+            "$ref": "PreservedStatePreservedNetworkIp"
+          },
+          "description": "Preserved external IPs defined for this instance. This map is keyed with the name of the network interface.",
+          "type": "object"
+        },
+        "internalIPs": {
+          "additionalProperties": {
+            "$ref": "PreservedStatePreservedNetworkIp"
+          },
+          "description": "Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface.",
+          "type": "object"
+        },
+        "metadata": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Preserved metadata defined for this instance.",
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "PreservedStatePreservedDisk": {
+      "id": "PreservedStatePreservedDisk",
+      "properties": {
+        "autoDelete": {
+          "description": "These stateful disks will never be deleted during autohealing, update, instance recreate operations. This flag is used to configure if the disk should be deleted after it is no longer used by the group, e.g. when the given instance or the whole MIG is deleted. Note: disks attached in READ_ONLY mode cannot be auto-deleted.",
+          "enum": [
+            "NEVER",
+            "ON_PERMANENT_INSTANCE_DELETION"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "mode": {
+          "description": "The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If not specified, the default is to attach the disk in READ_WRITE mode.",
+          "enum": [
+            "READ_ONLY",
+            "READ_WRITE"
+          ],
+          "enumDescriptions": [
+            "Attaches this disk in read-only mode. Multiple VM instances can use a disk in READ_ONLY mode at a time.",
+            "*[Default]* Attaches this disk in READ_WRITE mode. Only one VM instance at a time can be attached to a disk in READ_WRITE mode."
+          ],
+          "type": "string"
+        },
+        "source": {
+          "description": "The URL of the disk resource that is stateful and should be attached to the VM instance.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "PreservedStatePreservedNetworkIp": {
+      "id": "PreservedStatePreservedNetworkIp",
+      "properties": {
+        "autoDelete": {
+          "description": "These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted.",
+          "enum": [
+            "NEVER",
+            "ON_PERMANENT_INSTANCE_DELETION"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "ipAddress": {
+          "$ref": "PreservedStatePreservedNetworkIpIpAddress",
+          "description": "Ip address representation"
+        }
+      },
+      "type": "object"
+    },
+    "PreservedStatePreservedNetworkIpIpAddress": {
+      "id": "PreservedStatePreservedNetworkIpIpAddress",
+      "properties": {
+        "address": {
+          "description": "The URL of the reservation for this IP address.",
+          "type": "string"
+        },
+        "literal": {
+          "description": "An IPv4 internal network address to assign to the instance for this network interface.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "Principal": {
+      "description": "[Deprecated] All fields defined in a principal are ANDed.",
+      "id": "Principal",
+      "properties": {
+        "condition": {
+          "description": "An expression to specify custom condition.",
+          "type": "string"
+        },
+        "groups": {
+          "description": "The groups the principal belongs to. Exact match, prefix match, and suffix match are supported.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "ips": {
+          "description": "IPv4 or IPv6 address or range (In CIDR format)",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "namespaces": {
+          "description": "The namespaces. Exact match, prefix match, and suffix match are supported.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "notGroups": {
+          "description": "Negate of groups. Specifies exclusions.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "notIps": {
+          "description": "Negate of IPs. Specifies exclusions.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "notNamespaces": {
+          "description": "Negate of namespaces. Specifies exclusions.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "notUsers": {
+          "description": "Negate of users. Specifies exclusions.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "properties": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "A map of Istio attribute to expected values. Exact match, prefix match, and suffix match are supported for values. For example, `request.headers[version]: \"v1\"`. The properties are ANDed together.",
+          "type": "object"
+        },
+        "users": {
+          "description": "The user names/IDs or service accounts. Exact match, prefix match, and suffix match are supported.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "Project": {
+      "description": "Represents a Project resource. A project is used to organize resources in a Google Cloud Platform environment. For more information, read about the Resource Hierarchy.",
+      "id": "Project",
       "properties": {
+        "commonInstanceMetadata": {
+          "$ref": "Metadata",
+          "description": "Metadata key/value pairs available to all instances contained in this project. See Custom metadata for more information."
+        },
         "creationTimestamp": {
           "description": "[Output Only] Creation timestamp in RFC3339 text format.",
           "type": "string"
         },
+        "defaultNetworkTier": {
+          "description": "This signifies the default network tier used for configuring resources of the project and can only take the following values: PREMIUM, STANDARD. Initially the default network tier is PREMIUM.",
+          "enum": [
+            "FIXED_STANDARD",
+            "PREMIUM",
+            "SELECT",
+            "STANDARD",
+            "STANDARD_OVERRIDES_FIXED_STANDARD"
+          ],
+          "enumDescriptions": [
+            "Public internet quality with fixed bandwidth.",
+            "High quality, Google-grade network tier, support for all networking products.",
+            "Price competitive network tier, support for all networking products.",
+            "Public internet quality, only limited support for other networking products.",
+            "(Output only) Temporary tier for FIXED_STANDARD when fixed standard tier is expired or not configured."
+          ],
+          "type": "string"
+        },
+        "defaultServiceAccount": {
+          "description": "[Output Only] Default service account used by VMs running in this project.",
+          "type": "string"
+        },
         "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
+          "description": "An optional textual description of the resource.",
           "type": "string"
         },
-        "grpcSettings": {
-          "$ref": "NotificationEndpointGrpcSettings",
-          "description": "Settings of the gRPC notification endpoint including the endpoint URL and the retry duration."
+        "enabledFeatures": {
+          "description": "Restricted features enabled for use on this project.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         },
         "id": {
-          "description": "[Output Only] A unique identifier for this resource type. The server generates this identifier.",
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server. This is *not* the project ID, and is just a unique ID used by Compute Engine to identify resources.",
           "format": "uint64",
           "type": "string"
         },
         "kind": {
-          "default": "compute#notificationEndpoint",
-          "description": "[Output Only] Type of the resource. Always compute#notificationEndpoint for notification endpoints.",
+          "default": "compute#project",
+          "description": "[Output Only] Type of the resource. Always compute#project for projects.",
           "type": "string"
         },
-        "name": {
-          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+        "managedProtectionTier": {
+          "description": "[Output Only] The Cloud Armor Managed Protection (CAMP) tier for this project. It can be one of the following values: CA_STANDARD, CAMP_PLUS_MONTHLY. If this field is not specified, it is assumed to be CA_STANDARD.",
+          "enum": [
+            "CAMP_PLUS_ANNUAL",
+            "CAMP_PLUS_MONTHLY",
+            "CA_STANDARD"
+          ],
+          "enumDescriptions": [
+            "Plus tier protection annual.",
+            "Plus tier protection monthly.",
+            "Standard protection."
+          ],
           "type": "string"
         },
-        "region": {
-          "description": "[Output Only] URL of the region where the notification endpoint resides. This field applies only to the regional resource. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
+        "name": {
+          "description": "The project ID. For example: my-example-project. Use the project ID to make requests to Compute Engine.",
           "type": "string"
         },
+        "quotas": {
+          "description": "[Output Only] Quotas assigned to this project.",
+          "items": {
+            "$ref": "Quota"
+          },
+          "type": "array"
+        },
         "selfLink": {
           "description": "[Output Only] Server-defined URL for the resource.",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "NotificationEndpointAggregatedList": {
-      "description": "Contains a list of NotificationEndpointsScopedList.",
-      "id": "NotificationEndpointAggregatedList",
-      "properties": {
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
-          "type": "string"
-        },
-        "items": {
-          "additionalProperties": {
-            "$ref": "NotificationEndpointsScopedList",
-            "description": "Name of the scope containing this set of NotificationEndpoints."
-          },
-          "description": "A list of NotificationEndpointsScopedList resources.",
-          "type": "object"
         },
-        "kind": {
-          "default": "compute#notificationEndpointAggregatedList",
-          "description": "Type of resource.",
-          "type": "string"
+        "usageExportLocation": {
+          "$ref": "UsageExportLocation",
+          "description": "The naming prefix for daily usage reports and the Google Cloud Storage bucket where they are stored."
         },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+        "vmDnsSetting": {
+          "description": "[Output Only] Default internal DNS setting used by VMs running in this project.",
+          "enum": [
+            "GLOBAL_DEFAULT",
+            "UNSPECIFIED_VM_DNS_SETTING",
+            "ZONAL_DEFAULT",
+            "ZONAL_ONLY"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            "",
+            ""
+          ],
           "type": "string"
         },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
+        "xpnProjectStatus": {
+          "description": "[Output Only] The role this project has in a shared VPC configuration. Currently, only projects with the host role, which is specified by the value HOST, are differentiated.",
+          "enum": [
+            "HOST",
+            "UNSPECIFIED_XPN_PROJECT_STATUS"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
           "type": "string"
-        },
-        "unreachables": {
-          "description": "[Output Only] Unreachable resources.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "warning": {
-          "description": "[Output Only] Informational warning message.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
-              ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
         }
       },
       "type": "object"
     },
-    "NotificationEndpointGrpcSettings": {
-      "description": "Represents a gRPC setting that describes one gRPC notification endpoint and the retry duration attempting to send notification to this endpoint.",
-      "id": "NotificationEndpointGrpcSettings",
+    "ProjectsDisableXpnResourceRequest": {
+      "id": "ProjectsDisableXpnResourceRequest",
       "properties": {
-        "authority": {
-          "description": "Optional. If specified, this field is used to set the authority header by the sender of notifications. See https://tools.ietf.org/html/rfc7540#section-8.1.2.3",
-          "type": "string"
-        },
-        "endpoint": {
-          "description": "Endpoint to which gRPC notifications are sent. This must be a valid gRPCLB DNS name.",
-          "type": "string"
-        },
-        "payloadName": {
-          "description": "Optional. If specified, this field is used to populate the \"name\" field in gRPC requests.",
-          "type": "string"
-        },
-        "resendInterval": {
-          "$ref": "Duration",
-          "description": "Optional. This field is used to configure how often to send a full update of all non-healthy backends. If unspecified, full updates are not sent. If specified, must be in the range between 600 seconds to 3600 seconds. Nanos are disallowed. Can only be set for regional notification endpoints."
-        },
-        "retryDurationSec": {
-          "description": "How much time (in seconds) is spent attempting notification retries until a successful response is received. Default is 30s. Limit is 20m (1200s). Must be a positive number.",
-          "format": "uint32",
-          "type": "integer"
+        "xpnResource": {
+          "$ref": "XpnResourceId",
+          "description": "Service resource (a.k.a service project) ID."
         }
       },
       "type": "object"
     },
-    "NotificationEndpointList": {
-      "id": "NotificationEndpointList",
+    "ProjectsEnableXpnResourceRequest": {
+      "id": "ProjectsEnableXpnResourceRequest",
+      "properties": {
+        "xpnResource": {
+          "$ref": "XpnResourceId",
+          "description": "Service resource (a.k.a service project) ID."
+        }
+      },
+      "type": "object"
+    },
+    "ProjectsGetXpnResources": {
+      "id": "ProjectsGetXpnResources",
       "properties": {
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
-          "type": "string"
-        },
-        "items": {
-          "description": "A list of NotificationEndpoint resources.",
-          "items": {
-            "$ref": "NotificationEndpoint"
-          },
-          "type": "array"
-        },
         "kind": {
-          "default": "compute#notificationEndpointList",
-          "description": "[Output Only] Type of the resource. Always compute#notificationEndpoint for notification endpoints.",
+          "default": "compute#projectsGetXpnResources",
+          "description": "[Output Only] Type of resource. Always compute#projectsGetXpnResources for lists of service resources (a.k.a service projects)",
           "type": "string"
         },
         "nextPageToken": {
           "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
           "type": "string"
         },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
-          "type": "string"
-        },
-        "warning": {
-          "description": "[Output Only] Informational warning message.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
-              ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
+        "resources": {
+          "description": "Service resources (a.k.a service projects) attached to this project as their shared VPC host.",
+          "items": {
+            "$ref": "XpnResourceId"
           },
-          "type": "object"
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "NotificationEndpointsScopedList": {
-      "id": "NotificationEndpointsScopedList",
+    "ProjectsListXpnHostsRequest": {
+      "id": "ProjectsListXpnHostsRequest",
       "properties": {
-        "resources": {
-          "description": "A list of NotificationEndpoints contained in this scope.",
-          "items": {
-            "$ref": "NotificationEndpoint"
-          },
-          "type": "array"
+        "organization": {
+          "description": "Optional organization ID managed by Cloud Resource Manager, for which to list shared VPC host projects. If not specified, the organization will be inferred from the project.",
+          "type": "string"
         },
-        "warning": {
-          "description": "Informational warning which replaces the list of notification endpoints when the list is empty.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
-              ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
+        "returnPartialPage": {
+          "description": "Opt-in for partial page behavior which provides a partial filled page (number of items on which may be smaller than maxResults) within the API deadline. If opt-in, then the user should rely on if nextPageToken is empty in the response to determine if there is a next page. Empty page is also valid and possible. The default value is false.",
+          "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
+    "ProjectsSetDefaultNetworkTierRequest": {
+      "id": "ProjectsSetDefaultNetworkTierRequest",
+      "properties": {
+        "networkTier": {
+          "description": "Default network tier to be set.",
+          "enum": [
+            "FIXED_STANDARD",
+            "PREMIUM",
+            "SELECT",
+            "STANDARD",
+            "STANDARD_OVERRIDES_FIXED_STANDARD"
+          ],
+          "enumDescriptions": [
+            "Public internet quality with fixed bandwidth.",
+            "High quality, Google-grade network tier, support for all networking products.",
+            "Price competitive network tier, support for all networking products.",
+            "Public internet quality, only limited support for other networking products.",
+            "(Output only) Temporary tier for FIXED_STANDARD when fixed standard tier is expired or not configured."
+          ],
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "Operation": {
-      "description": "Represents an Operation resource. Google Compute Engine has three Operation resources: * [Global](/compute/docs/reference/rest/alpha/globalOperations) * [Regional](/compute/docs/reference/rest/alpha/regionOperations) * [Zonal](/compute/docs/reference/rest/alpha/zoneOperations) You can use an operation resource to manage asynchronous API requests. For more information, read Handling API responses. Operations can be global, regional or zonal. - For global operations, use the `globalOperations` resource. - For regional operations, use the `regionOperations` resource. - For zonal operations, use the `zonalOperations` resource. For more information, read Global, Regional, and Zonal Resources.",
-      "id": "Operation",
+    "ProjectsSetDefaultServiceAccountRequest": {
+      "id": "ProjectsSetDefaultServiceAccountRequest",
       "properties": {
-        "clientOperationId": {
-          "description": "[Output Only] The value of `requestId` if you provided it in the request. Not present otherwise.",
+        "email": {
+          "description": "Email address of the service account.",
           "type": "string"
-        },
+        }
+      },
+      "type": "object"
+    },
+    "ProjectsSetManagedProtectionTierRequest": {
+      "id": "ProjectsSetManagedProtectionTierRequest",
+      "properties": {
+        "managedProtectionTier": {
+          "description": "Managed protection tier to be set.",
+          "enum": [
+            "CAMP_PLUS_ANNUAL",
+            "CAMP_PLUS_MONTHLY",
+            "CA_STANDARD"
+          ],
+          "enumDescriptions": [
+            "Plus tier protection annual.",
+            "Plus tier protection monthly.",
+            "Standard protection."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "PublicAdvertisedPrefix": {
+      "description": "A public advertised prefix represents an aggregated IP prefix or netblock which customers bring to cloud. The IP prefix is a single unit of route advertisement and is announced globally to the internet.",
+      "id": "PublicAdvertisedPrefix",
+      "properties": {
         "creationTimestamp": {
-          "description": "[Deprecated] This field is deprecated.",
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
           "type": "string"
         },
         "description": {
-          "description": "[Output Only] A textual description of the operation, which is set when the operation is created.",
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
           "type": "string"
         },
-        "endTime": {
-          "description": "[Output Only] The time that this operation was completed. This value is in RFC3339 text format.",
+        "dnsVerificationIp": {
+          "description": "The address to be used for reverse DNS verification.",
           "type": "string"
         },
-        "error": {
-          "description": "[Output Only] If errors are generated during processing of the operation, this field will be populated.",
-          "properties": {
-            "errors": {
-              "description": "[Output Only] The array of errors encountered while processing this operation.",
-              "items": {
-                "properties": {
-                  "code": {
-                    "description": "[Output Only] The error type identifier for this error.",
-                    "type": "string"
-                  },
-                  "errorDetails": {
-                    "description": "[Output Only] An optional list of messages that contain the error details. There is a set of defined message types to use for providing details.The syntax depends on the error code. For example, QuotaExceededInfo will have details when the error code is QUOTA_EXCEEDED.",
-                    "items": {
-                      "properties": {
-                        "errorInfo": {
-                          "$ref": "ErrorInfo"
-                        },
-                        "help": {
-                          "$ref": "Help"
-                        },
-                        "localizedMessage": {
-                          "$ref": "LocalizedMessage"
-                        },
-                        "quotaInfo": {
-                          "$ref": "QuotaExceededInfo"
-                        }
-                      },
-                      "type": "object"
-                    },
-                    "type": "array"
-                  },
-                  "location": {
-                    "description": "[Output Only] Indicates the field in the request that caused the error. This property is optional.",
-                    "type": "string"
-                  },
-                  "message": {
-                    "description": "[Output Only] An optional, human-readable error message.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            }
-          },
-          "type": "object"
-        },
-        "httpErrorMessage": {
-          "description": "[Output Only] If the operation fails, this field contains the HTTP error message that was returned, such as `NOT FOUND`.",
+        "fingerprint": {
+          "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a new PublicAdvertisedPrefix. An up-to-date fingerprint must be provided in order to update the PublicAdvertisedPrefix, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a PublicAdvertisedPrefix.",
+          "format": "byte",
           "type": "string"
         },
-        "httpErrorStatusCode": {
-          "description": "[Output Only] If the operation fails, this field contains the HTTP error status code that was returned. For example, a `404` means the resource was not found.",
-          "format": "int32",
-          "type": "integer"
-        },
         "id": {
-          "description": "[Output Only] The unique identifier for the operation. This identifier is defined by the server.",
+          "description": "[Output Only] The unique identifier for the resource type. The server generates this identifier.",
           "format": "uint64",
           "type": "string"
         },
-        "insertTime": {
-          "description": "[Output Only] The time that this operation was requested. This value is in RFC3339 text format.",
+        "ipCidrRange": {
+          "description": "The address range, in CIDR format, represented by this public advertised prefix.",
           "type": "string"
         },
         "kind": {
-          "default": "compute#operation",
-          "description": "[Output Only] Type of the resource. Always `compute#operation` for Operation resources.",
+          "default": "compute#publicAdvertisedPrefix",
+          "description": "[Output Only] Type of the resource. Always compute#publicAdvertisedPrefix for public advertised prefixes.",
           "type": "string"
         },
         "name": {
-          "description": "[Output Only] Name of the operation.",
-          "type": "string"
-        },
-        "operationGroupId": {
-          "description": "[Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.",
+          "annotations": {
+            "required": [
+              "compute.publicAdvertisedPrefixes.insert"
+            ]
+          },
+          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
         },
-        "operationType": {
-          "description": "[Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.",
+        "pdpScope": {
+          "description": "Specifies how child public delegated prefix will be scoped. It could be one of following values: - `REGIONAL`: The public delegated prefix is regional only. The provisioning will take a few minutes. - `GLOBAL`: The public delegated prefix is global only. The provisioning will take ~4 weeks. - `GLOBAL_AND_REGIONAL` [output only]: The public delegated prefixes is BYOIP V1 legacy prefix. This is output only value and no longer supported in BYOIP V2. ",
+          "enum": [
+            "GLOBAL",
+            "GLOBAL_AND_REGIONAL",
+            "REGIONAL"
+          ],
+          "enumDescriptions": [
+            "The public delegated prefix is global only. The provisioning will take ~4 weeks.",
+            "The public delegated prefixes is BYOIP V1 legacy prefix. This is output only value and no longer supported in BYOIP V2.",
+            "The public delegated prefix is regional only. The provisioning will take a few minutes."
+          ],
           "type": "string"
         },
-        "progress": {
-          "description": "[Output Only] An optional progress indicator that ranges from 0 to 100. There is no requirement that this be linear or support any granularity of operations. This should not be used to guess when the operation will be complete. This number should monotonically increase as the operation progresses.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "region": {
-          "description": "[Output Only] The URL of the region where the operation resides. Only applicable when performing regional operations.",
-          "type": "string"
+        "publicDelegatedPrefixs": {
+          "description": "[Output Only] The list of public delegated prefixes that exist for this public advertised prefix.",
+          "items": {
+            "$ref": "PublicAdvertisedPrefixPublicDelegatedPrefix"
+          },
+          "type": "array"
         },
         "selfLink": {
           "description": "[Output Only] Server-defined URL for the resource.",
           "type": "string"
         },
         "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "description": "[Output Only] Server-defined URL with id for the resource.",
           "type": "string"
         },
-        "startTime": {
-          "description": "[Output Only] The time that this operation was started by the server. This value is in RFC3339 text format.",
+        "sharedSecret": {
+          "description": "[Output Only] The shared secret to be used for reverse DNS verification.",
           "type": "string"
         },
         "status": {
-          "description": "[Output Only] The status of the operation, which can be one of the following: `PENDING`, `RUNNING`, or `DONE`.",
+          "description": "The status of the public advertised prefix. Possible values include: - `INITIAL`: RPKI validation is complete. - `PTR_CONFIGURED`: User has configured the PTR. - `VALIDATED`: Reverse DNS lookup is successful. - `REVERSE_DNS_LOOKUP_FAILED`: Reverse DNS lookup failed. - `PREFIX_CONFIGURATION_IN_PROGRESS`: The prefix is being configured. - `PREFIX_CONFIGURATION_COMPLETE`: The prefix is fully configured. - `PREFIX_REMOVAL_IN_PROGRESS`: The prefix is being removed. ",
           "enum": [
-            "DONE",
-            "PENDING",
-            "RUNNING"
+            "ANNOUNCED_TO_INTERNET",
+            "INITIAL",
+            "PREFIX_CONFIGURATION_COMPLETE",
+            "PREFIX_CONFIGURATION_IN_PROGRESS",
+            "PREFIX_REMOVAL_IN_PROGRESS",
+            "PTR_CONFIGURED",
+            "READY_TO_ANNOUNCE",
+            "REVERSE_DNS_LOOKUP_FAILED",
+            "VALIDATED"
           ],
           "enumDescriptions": [
-            "",
-            "",
-            ""
+            "The prefix is announced to Internet.",
+            "RPKI validation is complete.",
+            "The prefix is fully configured.",
+            "The prefix is being configured.",
+            "The prefix is being removed.",
+            "User has configured the PTR.",
+            "The prefix is currently withdrawn but ready to be announced.",
+            "Reverse DNS lookup failed.",
+            "Reverse DNS lookup is successful."
           ],
           "type": "string"
-        },
-        "statusMessage": {
-          "description": "[Output Only] An optional textual description of the current status of the operation.",
-          "type": "string"
-        },
-        "targetId": {
-          "description": "[Output Only] The unique target ID, which identifies a specific incarnation of the target resource.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "targetLink": {
-          "description": "[Output Only] The URL of the resource that the operation modifies. For operations related to creating a snapshot, this points to the persistent disk that the snapshot was created from.",
-          "type": "string"
-        },
-        "user": {
-          "description": "[Output Only] User who requested the operation, for example: `user@example.com`.",
-          "type": "string"
-        },
-        "warnings": {
-          "description": "[Output Only] If warning messages are generated during processing of the operation, this field will be populated.",
-          "items": {
-            "properties": {
-              "code": {
-                "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-                "enum": [
-                  "CLEANUP_FAILED",
-                  "DEPRECATED_RESOURCE_USED",
-                  "DEPRECATED_TYPE_USED",
-                  "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                  "EXPERIMENTAL_TYPE_USED",
-                  "EXTERNAL_API_WARNING",
-                  "FIELD_VALUE_OVERRIDEN",
-                  "INJECTED_KERNELS_DEPRECATED",
-                  "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                  "LARGE_DEPLOYMENT_WARNING",
-                  "MISSING_TYPE_DEPENDENCY",
-                  "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                  "NEXT_HOP_CANNOT_IP_FORWARD",
-                  "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                  "NEXT_HOP_INSTANCE_NOT_FOUND",
-                  "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                  "NEXT_HOP_NOT_RUNNING",
-                  "NOT_CRITICAL_ERROR",
-                  "NO_RESULTS_ON_PAGE",
-                  "PARTIAL_SUCCESS",
-                  "REQUIRED_TOS_AGREEMENT",
-                  "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                  "RESOURCE_NOT_DELETED",
-                  "SCHEMA_VALIDATION_IGNORED",
-                  "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                  "UNDECLARED_PROPERTIES",
-                  "UNREACHABLE"
-                ],
-                "enumDescriptions": [
-                  "Warning about failed cleanup of transient changes made by a failed operation.",
-                  "A link to a deprecated resource was created.",
-                  "When deploying and at least one of the resources has a type marked as deprecated",
-                  "The user created a boot disk that is larger than image size.",
-                  "When deploying and at least one of the resources has a type marked as experimental",
-                  "Warning that is present in an external api call",
-                  "Warning that value of a field has been overridden. Deprecated unused field.",
-                  "The operation involved use of an injected kernel, which is deprecated.",
-                  "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                  "When deploying a deployment with a exceedingly large number of resources",
-                  "A resource depends on a missing type",
-                  "The route's nextHopIp address is not assigned to an instance on the network.",
-                  "The route's next hop instance cannot ip forward.",
-                  "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                  "The route's nextHopInstance URL refers to an instance that does not exist.",
-                  "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                  "The route's next hop instance does not have a status of RUNNING.",
-                  "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                  "No results are present on a particular list page.",
-                  "Success is reported, but some results may be missing due to errors",
-                  "The user attempted to use a resource that requires a TOS they have not accepted.",
-                  "Warning that a resource is in use.",
-                  "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                  "When a resource schema validation is ignored.",
-                  "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                  "When undeclared properties in the schema are present",
-                  "A given scope cannot be reached."
-                ],
-                "type": "string"
-              },
-              "data": {
-                "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-                "items": {
-                  "properties": {
-                    "key": {
-                      "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                      "type": "string"
-                    },
-                    "value": {
-                      "description": "[Output Only] A warning data value corresponding to the key.",
-                      "type": "string"
-                    }
-                  },
-                  "type": "object"
-                },
-                "type": "array"
-              },
-              "message": {
-                "description": "[Output Only] A human-readable description of the warning code.",
-                "type": "string"
-              }
-            },
-            "type": "object"
-          },
-          "type": "array"
-        },
-        "zone": {
-          "description": "[Output Only] The URL of the zone where the operation resides. Only applicable when performing per-zone operations.",
-          "type": "string"
         }
       },
       "type": "object"
     },
-    "OperationAggregatedList": {
-      "id": "OperationAggregatedList",
+    "PublicAdvertisedPrefixList": {
+      "id": "PublicAdvertisedPrefixList",
       "properties": {
         "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "additionalProperties": {
-            "$ref": "OperationsScopedList",
-            "description": "[Output Only] Name of the scope containing this set of operations."
+          "description": "A list of PublicAdvertisedPrefix resources.",
+          "items": {
+            "$ref": "PublicAdvertisedPrefix"
           },
-          "description": "[Output Only] A map of scoped operation lists.",
-          "type": "object"
+          "type": "array"
         },
         "kind": {
-          "default": "compute#operationAggregatedList",
-          "description": "[Output Only] Type of resource. Always `compute#operationAggregatedList` for aggregated lists of operations.",
+          "default": "compute#publicAdvertisedPrefixList",
+          "description": "[Output Only] Type of the resource. Always compute#publicAdvertisedPrefix for public advertised prefixes.",
           "type": "string"
         },
         "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than `maxResults`, use the `nextPageToken` as a value for the query parameter `pageToken` in the next list request. Subsequent list requests will have their own `nextPageToken` to continue paging through the results.",
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
           "type": "string"
         },
         "selfLink": {
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
-        "unreachables": {
-          "description": "[Output Only] Unreachable resources.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -65200,6 +72977,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -65218,6 +72996,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -65229,6 +73037,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -65276,138 +73085,178 @@
       },
       "type": "object"
     },
-    "OperationList": {
-      "description": "Contains a list of Operation resources.",
-      "id": "OperationList",
+    "PublicAdvertisedPrefixPublicDelegatedPrefix": {
+      "description": "Represents a CIDR range which can be used to assign addresses.",
+      "id": "PublicAdvertisedPrefixPublicDelegatedPrefix",
+      "properties": {
+        "ipRange": {
+          "description": "The IP address range of the public delegated prefix",
+          "type": "string"
+        },
+        "name": {
+          "description": "The name of the public delegated prefix",
+          "type": "string"
+        },
+        "project": {
+          "description": "The project number of the public delegated prefix",
+          "type": "string"
+        },
+        "region": {
+          "description": "The region of the public delegated prefix if it is regional. If absent, the prefix is global.",
+          "type": "string"
+        },
+        "status": {
+          "description": "The status of the public delegated prefix. Possible values are: INITIALIZING: The public delegated prefix is being initialized and addresses cannot be created yet. ANNOUNCED: The public delegated prefix is active.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "PublicDelegatedPrefix": {
+      "description": "A PublicDelegatedPrefix resource represents an IP block within a PublicAdvertisedPrefix that is configured within a single cloud scope (global or region). IPs in the block can be allocated to resources within that scope. Public delegated prefixes may be further broken up into smaller IP blocks in the same scope as the parent block.",
+      "id": "PublicDelegatedPrefix",
       "properties": {
+        "allocatablePrefixLength": {
+          "description": "The allocatable prefix length supported by this public delegated prefix. This field is optional and cannot be set for prefixes in DELEGATION mode. It cannot be set for IPv4 prefixes either, and it always defaults to 32.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
+        },
+        "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
+          "type": "string"
+        },
+        "fingerprint": {
+          "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a new PublicDelegatedPrefix. An up-to-date fingerprint must be provided in order to update the PublicDelegatedPrefix, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a PublicDelegatedPrefix.",
+          "format": "byte",
+          "type": "string"
+        },
         "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "description": "[Output Only] The unique identifier for the resource type. The server generates this identifier.",
+          "format": "uint64",
           "type": "string"
         },
-        "items": {
-          "description": "[Output Only] A list of Operation resources.",
+        "ipCidrRange": {
+          "description": "The IP address range, in CIDR format, represented by this public delegated prefix.",
+          "type": "string"
+        },
+        "isLiveMigration": {
+          "description": "If true, the prefix will be live migrated.",
+          "type": "boolean"
+        },
+        "kind": {
+          "default": "compute#publicDelegatedPrefix",
+          "description": "[Output Only] Type of the resource. Always compute#publicDelegatedPrefix for public delegated prefixes.",
+          "type": "string"
+        },
+        "mode": {
+          "description": "The public delegated prefix mode for IPv6 only.",
+          "enum": [
+            "DELEGATION",
+            "IPV6_FORWARDING_RULE_CREATION"
+          ],
+          "enumDescriptions": [
+            "The public delegated prefix is used for further sub-delegation only. Such prefixes cannot set allocatablePrefixLength.",
+            "The public delegated prefix is used for creating forwarding rules only. Such prefixes cannot set publicDelegatedSubPrefixes."
+          ],
+          "type": "string"
+        },
+        "name": {
+          "annotations": {
+            "required": [
+              "compute.publicDelegatedPrefixes.insert"
+            ]
+          },
+          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "parentPrefix": {
+          "description": "The URL of parent prefix. Either PublicAdvertisedPrefix or PublicDelegatedPrefix.",
+          "type": "string"
+        },
+        "publicDelegatedSubPrefixs": {
+          "description": "The list of sub public delegated prefixes that exist for this public delegated prefix.",
           "items": {
-            "$ref": "Operation"
+            "$ref": "PublicDelegatedPrefixPublicDelegatedSubPrefix"
           },
           "type": "array"
         },
-        "kind": {
-          "default": "compute#operationList",
-          "description": "[Output Only] Type of resource. Always `compute#operations` for Operations resource.",
+        "region": {
+          "description": "[Output Only] URL of the region where the public delegated prefix resides. This field applies only to the region resource. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
           "type": "string"
         },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than `maxResults`, use the `nextPageToken` as a value for the query parameter `pageToken` in the next list request. Subsequent list requests will have their own `nextPageToken` to continue paging through the results.",
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
           "type": "string"
         },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL with id for the resource.",
           "type": "string"
         },
-        "warning": {
-          "description": "[Output Only] Informational warning message.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
-              ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
+        "status": {
+          "description": "[Output Only] The status of the public delegated prefix, which can be one of following values: - `INITIALIZING` The public delegated prefix is being initialized and addresses cannot be created yet. - `READY_TO_ANNOUNCE` The public delegated prefix is a live migration prefix and is active. - `ANNOUNCED` The public delegated prefix is active. - `DELETING` The public delegated prefix is being deprovsioned. ",
+          "enum": [
+            "ANNOUNCED",
+            "ANNOUNCED_TO_GOOGLE",
+            "ANNOUNCED_TO_INTERNET",
+            "DELETING",
+            "INITIALIZING",
+            "READY_TO_ANNOUNCE"
+          ],
+          "enumDescriptions": [
+            "The public delegated prefix is active.",
+            "The prefix is announced within Google network.",
+            "The prefix is announced to Internet and within Google.",
+            "The public delegated prefix is being deprovsioned.",
+            "The public delegated prefix is being initialized and addresses cannot be created yet.",
+            "The public delegated prefix is currently withdrawn but ready to be announced."
+          ],
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "OperationsScopedList": {
-      "id": "OperationsScopedList",
+    "PublicDelegatedPrefixAggregatedList": {
+      "id": "PublicDelegatedPrefixAggregatedList",
       "properties": {
-        "operations": {
-          "description": "[Output Only] A list of operations contained in this scope.",
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "type": "string"
+        },
+        "items": {
+          "additionalProperties": {
+            "$ref": "PublicDelegatedPrefixesScopedList",
+            "description": "[Output Only] Name of the scope containing this set of PublicDelegatedPrefixes."
+          },
+          "description": "A list of PublicDelegatedPrefixesScopedList resources.",
+          "type": "object"
+        },
+        "kind": {
+          "default": "compute#publicDelegatedPrefixAggregatedList",
+          "description": "[Output Only] Type of the resource. Always compute#publicDelegatedPrefixAggregatedList for aggregated lists of public delegated prefixes.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources.",
           "items": {
-            "$ref": "Operation"
+            "type": "string"
           },
           "type": "array"
         },
         "warning": {
-          "description": "[Output Only] Informational warning which replaces the list of operations when the list is empty.",
+          "description": "[Output Only] Informational warning message.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -65422,6 +73271,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -65440,6 +73290,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -65451,6 +73331,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -65498,257 +73379,23 @@
       },
       "type": "object"
     },
-    "OrganizationSecurityPoliciesListAssociationsResponse": {
-      "id": "OrganizationSecurityPoliciesListAssociationsResponse",
-      "properties": {
-        "associations": {
-          "description": "A list of associations.",
-          "items": {
-            "$ref": "SecurityPolicyAssociation"
-          },
-          "type": "array"
-        },
-        "kind": {
-          "default": "compute#organizationSecurityPoliciesListAssociationsResponse",
-          "description": "[Output Only] Type of securityPolicy associations. Always compute#organizationSecurityPoliciesListAssociations for lists of securityPolicy associations.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "OriginAuthenticationMethod": {
-      "description": "[Deprecated] Configuration for the origin authentication method. Configuration for the origin authentication method.",
-      "id": "OriginAuthenticationMethod",
-      "properties": {
-        "jwt": {
-          "$ref": "Jwt"
-        }
-      },
-      "type": "object"
-    },
-    "OutlierDetection": {
-      "description": "Settings controlling the eviction of unhealthy hosts from the load balancing pool for the backend service.",
-      "id": "OutlierDetection",
-      "properties": {
-        "baseEjectionTime": {
-          "$ref": "Duration",
-          "description": "The base time that a host is ejected for. The real ejection time is equal to the base ejection time multiplied by the number of times the host has been ejected. Defaults to 30000ms or 30s."
-        },
-        "consecutiveErrors": {
-          "description": "Number of errors before a host is ejected from the connection pool. When the backend host is accessed over HTTP, a 5xx return code qualifies as an error. Defaults to 5. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "consecutiveGatewayFailure": {
-          "description": "The number of consecutive gateway failures (502, 503, 504 status or connection errors that are mapped to one of those status codes) before a consecutive gateway failure ejection occurs. Defaults to 3. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "enforcingConsecutiveErrors": {
-          "description": "The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 0. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "enforcingConsecutiveGatewayFailure": {
-          "description": "The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive gateway failures. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "enforcingSuccessRate": {
-          "description": "The percentage chance that a host will be actually ejected when an outlier status is detected through success rate statistics. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "interval": {
-          "$ref": "Duration",
-          "description": "Time interval between ejection analysis sweeps. This can result in both new ejections as well as hosts being returned to service. Defaults to 1 second."
-        },
-        "maxEjectionPercent": {
-          "description": "Maximum percentage of hosts in the load balancing pool for the backend service that can be ejected. Defaults to 50%.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "successRateMinimumHosts": {
-          "description": "The number of hosts in a cluster that must have enough request volume to detect success rate outliers. If the number of hosts is less than this setting, outlier detection via success rate statistics is not performed for any host in the cluster. Defaults to 5.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "successRateRequestVolume": {
-          "description": "The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to include this host in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that host. Defaults to 100.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "successRateStdevFactor": {
-          "description": "This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided by a thousand to get a double. That is, if the desired factor is 1.9, the runtime value should be 1900. Defaults to 1900.",
-          "format": "int32",
-          "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "PacketIntervals": {
-      "description": "Next free: 7",
-      "id": "PacketIntervals",
-      "properties": {
-        "avgMs": {
-          "description": "Average observed inter-packet interval in milliseconds.",
-          "format": "int64",
-          "type": "string"
-        },
-        "duration": {
-          "description": "From how long ago in the past these intervals were observed.",
-          "enum": [
-            "DURATION_UNSPECIFIED",
-            "HOUR",
-            "MAX",
-            "MINUTE"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            "From BfdSession object creation time.",
-            ""
-          ],
-          "type": "string"
-        },
-        "maxMs": {
-          "description": "Maximum observed inter-packet interval in milliseconds.",
-          "format": "int64",
-          "type": "string"
-        },
-        "minMs": {
-          "description": "Minimum observed inter-packet interval in milliseconds.",
-          "format": "int64",
-          "type": "string"
-        },
-        "numIntervals": {
-          "description": "Number of inter-packet intervals from which these statistics were derived.",
-          "format": "int64",
-          "type": "string"
-        },
-        "type": {
-          "description": "The type of packets for which inter-packet intervals were computed.",
-          "enum": [
-            "LOOPBACK",
-            "RECEIVE",
-            "TRANSMIT",
-            "TYPE_UNSPECIFIED"
-          ],
-          "enumDescriptions": [
-            "Only applies to Echo packets. This shows the intervals between sending and receiving the same packet.",
-            "Intervals between received packets.",
-            "Intervals between transmitted packets.",
-            ""
-          ],
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "PacketMirroring": {
-      "description": "Represents a Packet Mirroring resource. Packet Mirroring clones the traffic of specified instances in your Virtual Private Cloud (VPC) network and forwards it to a collector destination, such as an instance group of an internal TCP/UDP load balancer, for analysis or examination. For more information about setting up Packet Mirroring, see Using Packet Mirroring.",
-      "id": "PacketMirroring",
-      "properties": {
-        "collectorIlb": {
-          "$ref": "PacketMirroringForwardingRuleInfo",
-          "description": "The Forwarding Rule resource of type loadBalancingScheme=INTERNAL that will be used as collector for mirrored traffic. The specified forwarding rule must have isMirroringCollector set to true."
-        },
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
-          "type": "string"
-        },
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
-          "type": "string"
-        },
-        "enable": {
-          "description": "Indicates whether or not this packet mirroring takes effect. If set to FALSE, this packet mirroring policy will not be enforced on the network. The default is TRUE.",
-          "enum": [
-            "FALSE",
-            "TRUE"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "filter": {
-          "$ref": "PacketMirroringFilter",
-          "description": "Filter for mirrored traffic. If unspecified, all traffic is mirrored."
-        },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "kind": {
-          "default": "compute#packetMirroring",
-          "description": "[Output Only] Type of the resource. Always compute#packetMirroring for packet mirrorings.",
-          "type": "string"
-        },
-        "mirroredResources": {
-          "$ref": "PacketMirroringMirroredResourceInfo",
-          "description": "PacketMirroring mirroredResourceInfos. MirroredResourceInfo specifies a set of mirrored VM instances, subnetworks and/or tags for which traffic from/to all VM instances will be mirrored."
-        },
-        "name": {
-          "annotations": {
-            "required": [
-              "compute.packetMirrorings.insert"
-            ]
-          },
-          "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "network": {
-          "$ref": "PacketMirroringNetworkInfo",
-          "annotations": {
-            "required": [
-              "compute.packetMirrorings.insert"
-            ]
-          },
-          "description": "Specifies the mirrored VPC network. Only packets in this network will be mirrored. All mirrored VMs should have a NIC in the given network. All mirrored subnetworks should belong to the given network."
-        },
-        "priority": {
-          "description": "The priority of applying this configuration. Priority is used to break ties in cases where there is more than one matching rule. In the case of two rules that apply for a given Instance, the one with the lowest-numbered priority value wins. Default value is 1000. Valid range is 0 through 65535.",
-          "format": "uint32",
-          "type": "integer"
-        },
-        "region": {
-          "description": "[Output Only] URI of the region where the packetMirroring resides.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
-          "type": "string"
-        },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "PacketMirroringAggregatedList": {
-      "description": "Contains a list of packetMirrorings.",
-      "id": "PacketMirroringAggregatedList",
+    "PublicDelegatedPrefixList": {
+      "id": "PublicDelegatedPrefixList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "additionalProperties": {
-            "$ref": "PacketMirroringsScopedList",
-            "description": "Name of the scope containing this set of packetMirrorings."
+          "description": "A list of PublicDelegatedPrefix resources.",
+          "items": {
+            "$ref": "PublicDelegatedPrefix"
           },
-          "description": "A list of PacketMirroring resources.",
-          "type": "object"
+          "type": "array"
         },
         "kind": {
-          "default": "compute#packetMirroringAggregatedList",
-          "description": "Type of resource.",
+          "default": "compute#publicDelegatedPrefixList",
+          "description": "[Output Only] Type of the resource. Always compute#publicDelegatedPrefixList for public delegated prefixes.",
           "type": "string"
         },
         "nextPageToken": {
@@ -65759,13 +73406,6 @@
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
-        "unreachables": {
-          "description": "[Output Only] Unreachable resources.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -65782,6 +73422,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -65800,6 +73441,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -65811,6 +73482,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -65858,84 +73530,78 @@
       },
       "type": "object"
     },
-    "PacketMirroringFilter": {
-      "id": "PacketMirroringFilter",
+    "PublicDelegatedPrefixPublicDelegatedSubPrefix": {
+      "description": "Represents a sub PublicDelegatedPrefix.",
+      "id": "PublicDelegatedPrefixPublicDelegatedSubPrefix",
       "properties": {
-        "IPProtocols": {
-          "description": "Protocols that apply as filter on mirrored traffic. If no protocols are specified, all traffic that matches the specified CIDR ranges is mirrored. If neither cidrRanges nor IPProtocols is specified, all traffic is mirrored.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "allocatablePrefixLength": {
+          "description": "The allocatable prefix length supported by this PublicDelegatedSubPrefix.",
+          "format": "int32",
+          "type": "integer"
         },
-        "cidrRanges": {
-          "description": "IP CIDR ranges that apply as filter on the source (ingress) or destination (egress) IP in the IP header. Only IPv4 is supported. If no ranges are specified, all traffic that matches the specified IPProtocols is mirrored. If neither cidrRanges nor IPProtocols is specified, all traffic is mirrored.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "delegateeProject": {
+          "description": "Name of the project scoping this PublicDelegatedSubPrefix.",
+          "type": "string"
         },
-        "direction": {
-          "description": "Direction of traffic to mirror, either INGRESS, EGRESS, or BOTH. The default is BOTH.",
+        "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
+          "type": "string"
+        },
+        "ipCidrRange": {
+          "description": "The IP address range, in CIDR format, represented by this sub public delegated prefix.",
+          "type": "string"
+        },
+        "isAddress": {
+          "description": "Whether the sub prefix is delegated to create Address resources in the delegatee project.",
+          "type": "boolean"
+        },
+        "mode": {
+          "description": "The PublicDelegatedSubPrefix mode for IPv6 only.",
           "enum": [
-            "BOTH",
-            "EGRESS",
-            "INGRESS"
+            "DELEGATION",
+            "IPV6_FORWARDING_RULE_CREATION"
           ],
           "enumDescriptions": [
-            "Default, both directions are mirrored.",
-            "Only egress traffic is mirrored.",
-            "Only ingress traffic is mirrored."
+            "The public delegated prefix is used for further sub-delegation only. Such prefixes cannot set allocatablePrefixLength.",
+            "The public delegated prefix is used for creating forwarding rules only. Such prefixes cannot set publicDelegatedSubPrefixes."
           ],
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "PacketMirroringForwardingRuleInfo": {
-      "id": "PacketMirroringForwardingRuleInfo",
-      "properties": {
-        "canonicalUrl": {
-          "description": "[Output Only] Unique identifier for the forwarding rule; defined by the server.",
+        },
+        "name": {
+          "description": "The name of the sub public delegated prefix.",
           "type": "string"
         },
-        "url": {
-          "description": "Resource URL to the forwarding rule representing the ILB configured as destination of the mirrored traffic.",
+        "region": {
+          "description": "[Output Only] The region of the sub public delegated prefix if it is regional. If absent, the sub prefix is global.",
+          "type": "string"
+        },
+        "status": {
+          "description": "[Output Only] The status of the sub public delegated prefix.",
+          "enum": [
+            "ACTIVE",
+            "INACTIVE"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
           "type": "string"
         }
       },
       "type": "object"
     },
-    "PacketMirroringList": {
-      "description": "Contains a list of PacketMirroring resources.",
-      "id": "PacketMirroringList",
+    "PublicDelegatedPrefixesScopedList": {
+      "id": "PublicDelegatedPrefixesScopedList",
       "properties": {
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
-          "type": "string"
-        },
-        "items": {
-          "description": "A list of PacketMirroring resources.",
+        "publicDelegatedPrefixes": {
+          "description": "[Output Only] A list of PublicDelegatedPrefixes contained in this scope.",
           "items": {
-            "$ref": "PacketMirroring"
+            "$ref": "PublicDelegatedPrefix"
           },
           "type": "array"
         },
-        "kind": {
-          "default": "compute#packetMirroringList",
-          "description": "[Output Only] Type of resource. Always compute#packetMirroring for packetMirrorings.",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
-          "type": "string"
-        },
         "warning": {
-          "description": "[Output Only] Informational warning message.",
+          "description": "[Output Only] Informational warning which replaces the list of public delegated prefixes when the list is empty.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -65950,6 +73616,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -65968,6 +73635,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -65979,6 +73676,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -66026,87 +73724,120 @@
       },
       "type": "object"
     },
-    "PacketMirroringMirroredResourceInfo": {
-      "id": "PacketMirroringMirroredResourceInfo",
+    "QueuedResource": {
+      "description": "QueuedResource represents a request for future capacity. The capacity is delivered in the form of other GCE resources, either Instances or Reservations.",
+      "id": "QueuedResource",
       "properties": {
-        "instances": {
-          "description": "A set of virtual machine instances that are being mirrored. They must live in zones contained in the same region as this packetMirroring. Note that this config will apply only to those network interfaces of the Instances that belong to the network specified in this packetMirroring. You may specify a maximum of 50 Instances.",
-          "items": {
-            "$ref": "PacketMirroringMirroredResourceInfoInstanceInfo"
-          },
-          "type": "array"
+        "bulkInsertInstanceResource": {
+          "$ref": "BulkInsertInstanceResource",
+          "description": "Specification of VM instances to create."
         },
-        "subnetworks": {
-          "description": "A set of subnetworks for which traffic from/to all VM instances will be mirrored. They must live in the same region as this packetMirroring. You may specify a maximum of 5 subnetworks.",
-          "items": {
-            "$ref": "PacketMirroringMirroredResourceInfoSubnetInfo"
-          },
-          "type": "array"
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
         },
-        "tags": {
-          "description": "A set of mirrored tags. Traffic from/to all VM instances that have one or more of these tags will be mirrored.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "PacketMirroringMirroredResourceInfoInstanceInfo": {
-      "id": "PacketMirroringMirroredResourceInfoInstanceInfo",
-      "properties": {
-        "canonicalUrl": {
-          "description": "[Output Only] Unique identifier for the instance; defined by the server.",
+        "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
           "type": "string"
         },
-        "url": {
-          "description": "Resource URL to the virtual machine instance which is being mirrored.",
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "PacketMirroringMirroredResourceInfoSubnetInfo": {
-      "id": "PacketMirroringMirroredResourceInfoSubnetInfo",
-      "properties": {
-        "canonicalUrl": {
-          "description": "[Output Only] Unique identifier for the subnetwork; defined by the server.",
+        },
+        "kind": {
+          "default": "compute#queuedResource",
+          "description": "[Output Only] Type of the resource. Always compute#queuedResource for QueuedResources.",
           "type": "string"
         },
-        "url": {
-          "description": "Resource URL to the subnetwork for which traffic from/to all VM instances will be mirrored.",
+        "name": {
+          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "PacketMirroringNetworkInfo": {
-      "id": "PacketMirroringNetworkInfo",
-      "properties": {
-        "canonicalUrl": {
-          "description": "[Output Only] Unique identifier for the network; defined by the server.",
+        },
+        "queuingPolicy": {
+          "$ref": "QueuingPolicy",
+          "description": "Queuing parameters for the requested capacity."
+        },
+        "selfLink": {
+          "description": "[Output only] Server-defined URL for the resource.",
           "type": "string"
         },
-        "url": {
-          "description": "URL of the network resource.",
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "type": "string"
+        },
+        "state": {
+          "description": "[Output only] High-level status of the request.",
+          "enum": [
+            "ACCEPTED",
+            "CANCELLED",
+            "CREATING",
+            "DELETING",
+            "FAILED",
+            "PROVISIONING",
+            "STATE_UNSPECIFIED",
+            "SUCCEEDED"
+          ],
+          "enumDescriptions": [
+            "The request was created successfully and was accepted for provisioning when the capacity becomes available.",
+            "The request was canceled by the user.",
+            "QueuedResource is being created and may still fail creation.",
+            "The request is being deleted.",
+            "The request failed before or during provisioning.",
+            "The target resource(s) are being provisioned.",
+            "",
+            "The request succeeded."
+          ],
+          "type": "string"
+        },
+        "status": {
+          "$ref": "QueuedResourceStatus",
+          "description": "[Output only] Result of queuing and provisioning based on deferred capacity."
+        },
+        "zone": {
+          "description": "[Output Only] URL of the zone where the resource resides. Only applicable for zonal resources. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "PacketMirroringsScopedList": {
-      "id": "PacketMirroringsScopedList",
+    "QueuedResourceList": {
+      "id": "QueuedResourceList",
       "properties": {
-        "packetMirrorings": {
-          "description": "A list of packetMirrorings contained in this scope.",
+        "id": {
+          "description": "Unique identifier for the resource; defined by the server.",
+          "type": "string"
+        },
+        "items": {
+          "description": "A list of QueuedResource resources.",
           "items": {
-            "$ref": "PacketMirroring"
+            "$ref": "QueuedResource"
+          },
+          "type": "array"
+        },
+        "kind": {
+          "default": "compute#queuedResourceList",
+          "description": "Type of resource.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "This token allows you to get the next page of results for maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output only] Server-defined URL for this resource.",
+          "type": "string"
+        },
+        "unreachables": {
+          "description": "[Output only] Unreachable resources.",
+          "items": {
+            "type": "string"
           },
           "type": "array"
         },
         "warning": {
-          "description": "Informational warning which replaces the list of packetMirrorings when the list is empty.",
+          "description": "Informational warning message.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -66121,6 +73852,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -66139,6 +73871,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -66150,6 +73912,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -66197,711 +73960,868 @@
       },
       "type": "object"
     },
-    "PathMatcher": {
-      "description": "A matcher for the path portion of the URL. The BackendService from the longest-matched rule will serve the URL. If no rule was matched, the default service is used.",
-      "id": "PathMatcher",
-      "properties": {
-        "defaultCustomErrorResponsePolicy": {
-          "$ref": "CustomErrorResponsePolicy",
-          "description": "defaultCustomErrorResponsePolicy specifies how the Load Balancer returns error responses when BackendServiceor BackendBucket responds with an error. This policy takes effect at the PathMatcher level and applies only when no policy has been defined for the error code at lower levels like RouteRule and PathRule within this PathMatcher. If an error code does not have a policy defined in defaultCustomErrorResponsePolicy, then a policy defined for the error code in UrlMap.defaultCustomErrorResponsePolicy takes effect. For example, consider a UrlMap with the following configuration: - UrlMap.defaultCustomErrorResponsePolicy is configured with policies for 5xx and 4xx errors - A RouteRule for /coming_soon/ is configured for the error code 404. If the request is for www.myotherdomain.com and a 404 is encountered, the policy under UrlMap.defaultCustomErrorResponsePolicy takes effect. If a 404 response is encountered for the request www.example.com/current_events/, the pathMatcher's policy takes effect. If however, the request for www.example.com/coming_soon/ encounters a 404, the policy in RouteRule.customErrorResponsePolicy takes effect. If any of the requests in this example encounter a 500 error code, the policy at UrlMap.defaultCustomErrorResponsePolicy takes effect. When used in conjunction with pathMatcher.defaultRouteAction.retryPolicy, retries take precedence. Only once all retries are exhausted, the defaultCustomErrorResponsePolicy is applied. While attempting a retry, if load balancer is successful in reaching the service, the defaultCustomErrorResponsePolicy is ignored and the response from the service is returned to the client. defaultCustomErrorResponsePolicy is supported only for Global External HTTP(S) load balancing."
-        },
-        "defaultRouteAction": {
-          "$ref": "HttpRouteAction",
-          "description": "defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. Only one of defaultRouteAction or defaultUrlRedirect must be set. URL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within a path matcher's defaultRouteAction."
-        },
-        "defaultService": {
-          "description": "The full or partial URL to the BackendService resource. This URL is used if none of the pathRules or routeRules defined by this PathMatcher are matched. For example, the following are all valid URLs to a BackendService resource: - https://www.googleapis.com/compute/v1/projects/project /global/backendServices/backendService - compute/v1/projects/project/global/backendServices/backendService - global/backendServices/backendService If defaultRouteAction is also specified, advanced routing actions, such as URL rewrites, take effect before sending the request to the backend. However, if defaultService is specified, defaultRouteAction cannot contain any weightedBackendServices. Conversely, if defaultRouteAction specifies any weightedBackendServices, defaultService must not be specified. Only one of defaultService, defaultUrlRedirect , or defaultRouteAction.weightedBackendService must be set. Authorization requires one or more of the following Google IAM permissions on the specified resource default_service: - compute.backendBuckets.use - compute.backendServices.use ",
-          "type": "string"
-        },
-        "defaultUrlRedirect": {
-          "$ref": "HttpRedirectAction",
-          "description": "When none of the specified pathRules or routeRules match, the request is redirected to a URL specified by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or defaultRouteAction must not be set. Not supported when the URL map is bound to a target gRPC proxy."
-        },
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
-          "type": "string"
-        },
-        "headerAction": {
-          "$ref": "HttpHeaderAction",
-          "description": "Specifies changes to request and response headers that need to take effect for the selected backend service. HeaderAction specified here are applied after the matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap HeaderAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true."
-        },
-        "name": {
-          "description": "The name to which this PathMatcher is referred by the HostRule.",
-          "type": "string"
-        },
-        "pathRules": {
-          "description": "The list of path rules. Use this list instead of routeRules when routing based on simple path matching is all that's required. The order by which path rules are specified does not matter. Matches are always done on the longest-path-first basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* irrespective of the order in which those paths appear in this list. Within a given pathMatcher, only one of pathRules or routeRules must be set.",
-          "items": {
-            "$ref": "PathRule"
-          },
-          "type": "array"
-        },
-        "routeRules": {
-          "description": "The list of HTTP route rules. Use this list instead of pathRules when advanced route matching and routing actions are desired. routeRules are evaluated in order of priority, from the lowest to highest number. Within a given pathMatcher, you can set only one of pathRules or routeRules.",
-          "items": {
-            "$ref": "HttpRouteRule"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "PathRule": {
-      "description": "A path-matching rule for a URL. If matched, will use the specified BackendService to handle the traffic arriving at this URL.",
-      "id": "PathRule",
-      "properties": {
-        "customErrorResponsePolicy": {
-          "$ref": "CustomErrorResponsePolicy",
-          "description": "customErrorResponsePolicy specifies how the Load Balancer returns error responses when BackendServiceor BackendBucket responds with an error. If a policy for an error code is not configured for the PathRule, a policy for the error code configured in pathMatcher.defaultCustomErrorResponsePolicy is applied. If one is not specified in pathMatcher.defaultCustomErrorResponsePolicy, the policy configured in UrlMap.defaultCustomErrorResponsePolicy takes effect. For example, consider a UrlMap with the following configuration: - UrlMap.defaultCustomErrorResponsePolicy are configured with policies for 5xx and 4xx errors - A PathRule for /coming_soon/ is configured for the error code 404. If the request is for www.myotherdomain.com and a 404 is encountered, the policy under UrlMap.defaultCustomErrorResponsePolicy takes effect. If a 404 response is encountered for the request www.example.com/current_events/, the pathMatcher's policy takes effect. If however, the request for www.example.com/coming_soon/ encounters a 404, the policy in PathRule.customErrorResponsePolicy takes effect. If any of the requests in this example encounter a 500 error code, the policy at UrlMap.defaultCustomErrorResponsePolicy takes effect. customErrorResponsePolicy is supported only for Global External HTTP(S) load balancing."
-        },
-        "paths": {
-          "description": "The list of path patterns to match. Each must start with / and the only place a * is allowed is at the end following a /. The string fed to the path matcher does not include any text after the first ? or #, and those chars are not allowed here.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "routeAction": {
-          "$ref": "HttpRouteAction",
-          "description": "In response to a matching path, the load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If routeAction specifies any weightedBackendServices, service must not be set. Conversely if service is set, routeAction cannot contain any weightedBackendServices. Only one of routeAction or urlRedirect must be set. URL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within a path rule's routeAction."
-        },
-        "service": {
-          "description": "The full or partial URL of the backend service resource to which traffic is directed if this rule is matched. If routeAction is also specified, advanced routing actions, such as URL rewrites, take effect before sending the request to the backend. However, if service is specified, routeAction cannot contain any weightedBackendServices. Conversely, if routeAction specifies any weightedBackendServices, service must not be specified. Only one of urlRedirect, service or routeAction.weightedBackendService must be set.",
-          "type": "string"
-        },
-        "urlRedirect": {
-          "$ref": "HttpRedirectAction",
-          "description": "When a path pattern is matched, the request is redirected to a URL specified by urlRedirect. If urlRedirect is specified, service or routeAction must not be set. Not supported when the URL map is bound to a target gRPC proxy."
-        }
-      },
-      "type": "object"
-    },
-    "PeerAuthenticationMethod": {
-      "description": "[Deprecated] Configuration for the peer authentication method. Configuration for the peer authentication method.",
-      "id": "PeerAuthenticationMethod",
-      "properties": {
-        "mtls": {
-          "$ref": "MutualTls",
-          "description": "Set if mTLS is used for peer authentication."
-        }
-      },
-      "type": "object"
-    },
-    "PerInstanceConfig": {
-      "id": "PerInstanceConfig",
-      "properties": {
-        "fingerprint": {
-          "description": "Fingerprint of this per-instance config. This field can be used in optimistic locking. It is ignored when inserting a per-instance config. An up-to-date fingerprint must be provided in order to update an existing per-instance configuration or the field needs to be unset.",
-          "format": "byte",
-          "type": "string"
-        },
-        "name": {
-          "description": "The name of a per-instance configuration and its corresponding instance. Serves as a merge key during UpdatePerInstanceConfigs operations, that is, if a per-instance configuration with the same name exists then it will be updated, otherwise a new one will be created for the VM instance with the same name. An attempt to create a per-instance configconfiguration for a VM instance that either doesn't exist or is not part of the group will result in an error.",
-          "type": "string"
-        },
-        "preservedState": {
-          "$ref": "PreservedState",
-          "description": "The intended preserved state for the given instance. Does not contain preserved state generated from a stateful policy."
-        },
-        "status": {
-          "description": "The status of applying this per-instance configuration on the corresponding managed instance.",
-          "enum": [
-            "APPLYING",
-            "DELETING",
-            "EFFECTIVE",
-            "NONE",
-            "UNAPPLIED",
-            "UNAPPLIED_DELETION"
-          ],
-          "enumDescriptions": [
-            "The per-instance configuration is being applied to the instance, but is not yet effective, possibly waiting for the instance to, for example, REFRESH.",
-            "The per-instance configuration deletion is being applied on the instance, possibly waiting for the instance to, for example, REFRESH.",
-            "The per-instance configuration is effective on the instance, meaning that all disks, ips and metadata specified in this configuration are attached or set on the instance.",
-            "*[Default]* The default status, when no per-instance configuration exists.",
-            "The per-instance configuration is set on an instance but not been applied yet.",
-            "The per-instance configuration has been deleted, but the deletion is not yet applied."
-          ],
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "Permission": {
-      "description": "[Deprecated] All fields defined in a permission are ANDed.",
-      "id": "Permission",
+    "QueuedResourceStatus": {
+      "description": "[Output only] Result of queuing and provisioning based on deferred capacity.",
+      "id": "QueuedResourceStatus",
       "properties": {
-        "constraints": {
-          "description": "Extra custom constraints. The constraints are ANDed together.",
-          "items": {
-            "$ref": "PermissionConstraint"
-          },
-          "type": "array"
-        },
-        "hosts": {
-          "description": "Used in Ingress or Egress Gateway cases to specify hosts that the policy applies to. Exact match, prefix match, and suffix match are supported.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "methods": {
-          "description": "HTTP method.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "notHosts": {
-          "description": "Negate of hosts. Specifies exclusions.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "notMethods": {
-          "description": "Negate of methods. Specifies exclusions.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "notPaths": {
-          "description": "Negate of paths. Specifies exclusions.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "notPorts": {
-          "description": "Negate of ports. Specifies exclusions.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "failedData": {
+          "$ref": "QueuedResourceStatusFailedData",
+          "description": "Additional status detail for the FAILED state."
         },
-        "paths": {
-          "description": "HTTP request paths or gRPC methods. Exact match, prefix match, and suffix match are supported.",
+        "provisioningOperations": {
+          "description": "[Output only] Fully qualified URL of the provisioning GCE operation to track the provisioning along with provisioning errors. The referenced operation may not exist after having been deleted or expired.",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
-        "ports": {
-          "description": "Port names or numbers.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "queuingPolicy": {
+          "$ref": "QueuingPolicy",
+          "description": "Constraints for the time when the resource(s) start provisioning. Always exposed as absolute times."
         }
       },
       "type": "object"
     },
-    "PermissionConstraint": {
-      "description": "Custom constraint that specifies a key and a list of allowed values for Istio attributes.",
-      "id": "PermissionConstraint",
+    "QueuedResourceStatusFailedData": {
+      "description": "Additional status detail for the FAILED state.",
+      "id": "QueuedResourceStatusFailedData",
       "properties": {
-        "key": {
-          "description": "Key of the constraint.",
-          "type": "string"
-        },
-        "values": {
-          "description": "A list of allowed values.",
-          "items": {
-            "type": "string"
+        "error": {
+          "description": "The error(s) that caused the QueuedResource to enter the FAILED state.",
+          "properties": {
+            "errors": {
+              "description": "[Output Only] The array of errors encountered while processing this operation.",
+              "items": {
+                "properties": {
+                  "code": {
+                    "description": "[Output Only] The error type identifier for this error.",
+                    "type": "string"
+                  },
+                  "errorDetails": {
+                    "description": "[Output Only] An optional list of messages that contain the error details. There is a set of defined message types to use for providing details.The syntax depends on the error code. For example, QuotaExceededInfo will have details when the error code is QUOTA_EXCEEDED.",
+                    "items": {
+                      "properties": {
+                        "errorInfo": {
+                          "$ref": "ErrorInfo"
+                        },
+                        "help": {
+                          "$ref": "Help"
+                        },
+                        "localizedMessage": {
+                          "$ref": "LocalizedMessage"
+                        },
+                        "quotaInfo": {
+                          "$ref": "QuotaExceededInfo"
+                        }
+                      },
+                      "type": "object"
+                    },
+                    "type": "array"
+                  },
+                  "location": {
+                    "description": "[Output Only] Indicates the field in the request that caused the error. This property is optional.",
+                    "type": "string"
+                  },
+                  "message": {
+                    "description": "[Output Only] An optional, human-readable error message.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            }
           },
-          "type": "array"
+          "type": "object"
         }
       },
       "type": "object"
     },
-    "Policy": {
-      "description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user:mike@example.com\", \"group:admins@example.com\", \"domain:google.com\", \"serviceAccount:my-project-id@appspot.gserviceaccount.com\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user:eve@example.com\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time \u003c timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time \u003c timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).",
-      "id": "Policy",
+    "QueuedResourcesAggregatedList": {
+      "id": "QueuedResourcesAggregatedList",
       "properties": {
-        "auditConfigs": {
-          "description": "Specifies cloud audit logging configuration for this policy.",
-          "items": {
-            "$ref": "AuditConfig"
-          },
-          "type": "array"
-        },
-        "bindings": {
-          "description": "Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.",
-          "items": {
-            "$ref": "Binding"
-          },
-          "type": "array"
-        },
-        "etag": {
-          "description": "`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.",
-          "format": "byte",
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
-        "rules": {
-          "description": "This is deprecated and has no effect. Do not use.",
-          "items": {
-            "$ref": "Rule"
-          },
-          "type": "array"
-        },
-        "version": {
-          "description": "Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
-          "format": "int32",
-          "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "PreconfiguredWafSet": {
-      "id": "PreconfiguredWafSet",
-      "properties": {
-        "expressionSets": {
-          "description": "List of entities that are currently supported for WAF rules.",
-          "items": {
-            "$ref": "WafExpressionSet"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "PreservedState": {
-      "description": "Preserved state for a given instance.",
-      "id": "PreservedState",
-      "properties": {
-        "disks": {
-          "additionalProperties": {
-            "$ref": "PreservedStatePreservedDisk"
-          },
-          "description": "Preserved disks defined for this instance. This map is keyed with the device names of the disks.",
-          "type": "object"
-        },
-        "externalIPs": {
-          "additionalProperties": {
-            "$ref": "PreservedStatePreservedNetworkIp"
-          },
-          "description": "Preserved external IPs defined for this instance. This map is keyed with the name of the network interface.",
-          "type": "object"
-        },
-        "internalIPs": {
+        "items": {
           "additionalProperties": {
-            "$ref": "PreservedStatePreservedNetworkIp"
+            "$ref": "QueuedResourcesScopedList",
+            "description": "Name of the scope containing this set of queued resources."
           },
-          "description": "Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface.",
+          "description": "A list of QueuedResourcesScopedList resources.",
           "type": "object"
         },
-        "metadata": {
-          "additionalProperties": {
-            "type": "string"
-          },
-          "description": "Preserved metadata defined for this instance.",
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "PreservedStatePreservedDisk": {
-      "id": "PreservedStatePreservedDisk",
-      "properties": {
-        "autoDelete": {
-          "description": "These stateful disks will never be deleted during autohealing, update, instance recreate operations. This flag is used to configure if the disk should be deleted after it is no longer used by the group, e.g. when the given instance or the whole MIG is deleted. Note: disks attached in READ_ONLY mode cannot be auto-deleted.",
-          "enum": [
-            "NEVER",
-            "ON_PERMANENT_INSTANCE_DELETION"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
+        "kind": {
+          "default": "compute#queuedResources",
+          "description": "[Output Only] Type of resource. Always compute#queuedResourcesAggregatedList for lists of QueuedResource.",
           "type": "string"
         },
-        "mode": {
-          "description": "The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If not specified, the default is to attach the disk in READ_WRITE mode.",
-          "enum": [
-            "READ_ONLY",
-            "READ_WRITE"
-          ],
-          "enumDescriptions": [
-            "Attaches this disk in read-only mode. Multiple VM instances can use a disk in READ_ONLY mode at a time.",
-            "*[Default]* Attaches this disk in READ_WRITE mode. Only one VM instance at a time can be attached to a disk in READ_WRITE mode."
-          ],
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
           "type": "string"
         },
-        "source": {
-          "description": "The URL of the disk resource that is stateful and should be attached to the VM instance.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "PreservedStatePreservedNetworkIp": {
-      "id": "PreservedStatePreservedNetworkIp",
-      "properties": {
-        "autoDelete": {
-          "description": "These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted.",
-          "enum": [
-            "NEVER",
-            "ON_PERMANENT_INSTANCE_DELETION"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
-        "ipAddress": {
-          "$ref": "PreservedStatePreservedNetworkIpIpAddress",
-          "description": "Ip address representation"
-        }
-      },
-      "type": "object"
-    },
-    "PreservedStatePreservedNetworkIpIpAddress": {
-      "id": "PreservedStatePreservedNetworkIpIpAddress",
-      "properties": {
-        "address": {
-          "description": "The URL of the reservation for this IP address.",
-          "type": "string"
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         },
-        "literal": {
-          "description": "An IPv4 internal network address to assign to the instance for this network interface.",
-          "type": "string"
+        "warning": {
+          "description": "[Output Only] Informational warning message.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
         }
       },
       "type": "object"
     },
-    "Principal": {
-      "description": "[Deprecated] All fields defined in a principal are ANDed.",
-      "id": "Principal",
+    "QueuedResourcesScopedList": {
+      "id": "QueuedResourcesScopedList",
       "properties": {
-        "condition": {
-          "description": "An expression to specify custom condition.",
-          "type": "string"
-        },
-        "groups": {
-          "description": "The groups the principal belongs to. Exact match, prefix match, and suffix match are supported.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "ips": {
-          "description": "IPv4 or IPv6 address or range (In CIDR format)",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "namespaces": {
-          "description": "The namespaces. Exact match, prefix match, and suffix match are supported.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "notGroups": {
-          "description": "Negate of groups. Specifies exclusions.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "notIps": {
-          "description": "Negate of IPs. Specifies exclusions.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "notNamespaces": {
-          "description": "Negate of namespaces. Specifies exclusions.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "notUsers": {
-          "description": "Negate of users. Specifies exclusions.",
+        "queuedResources": {
+          "description": "List of QueuedResources contained in this scope.",
           "items": {
-            "type": "string"
+            "$ref": "QueuedResource"
           },
           "type": "array"
         },
-        "properties": {
-          "additionalProperties": {
-            "type": "string"
+        "warning": {
+          "description": "Informational warning which replaces the list of backend services when the list is empty.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
           },
-          "description": "A map of Istio attribute to expected values. Exact match, prefix match, and suffix match are supported for values. For example, `request.headers[version]: \"v1\"`. The properties are ANDed together.",
           "type": "object"
-        },
-        "users": {
-          "description": "The user names/IDs or service accounts. Exact match, prefix match, and suffix match are supported.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
         }
       },
       "type": "object"
     },
-    "Project": {
-      "description": "Represents a Project resource. A project is used to organize resources in a Google Cloud Platform environment. For more information, read about the Resource Hierarchy.",
-      "id": "Project",
+    "QueuingPolicy": {
+      "description": "Queuing parameters for the requested deferred capacity.",
+      "id": "QueuingPolicy",
       "properties": {
-        "commonInstanceMetadata": {
-          "$ref": "Metadata",
-          "description": "Metadata key/value pairs available to all instances contained in this project. See Custom metadata for more information."
+        "validUntilDuration": {
+          "$ref": "Duration",
+          "description": "Relative deadline for waiting for capacity."
         },
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+        "validUntilTime": {
+          "description": "Absolute deadline for waiting for capacity in RFC3339 text format.",
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "Quota": {
+      "description": "A quotas entry.",
+      "id": "Quota",
+      "properties": {
+        "limit": {
+          "description": "[Output Only] Quota limit for this metric.",
+          "format": "double",
+          "type": "number"
         },
-        "defaultNetworkTier": {
-          "description": "This signifies the default network tier used for configuring resources of the project and can only take the following values: PREMIUM, STANDARD. Initially the default network tier is PREMIUM.",
+        "metric": {
+          "description": "[Output Only] Name of the quota metric.",
           "enum": [
-            "FIXED_STANDARD",
-            "PREMIUM",
-            "SELECT",
-            "STANDARD",
-            "STANDARD_OVERRIDES_FIXED_STANDARD"
+            "A2_CPUS",
+            "AFFINITY_GROUPS",
+            "AMD_S9300_GPUS",
+            "AUTOSCALERS",
+            "BACKEND_BUCKETS",
+            "BACKEND_SERVICES",
+            "C2D_CPUS",
+            "C2_CPUS",
+            "C3_CPUS",
+            "COMMITMENTS",
+            "COMMITTED_A2_CPUS",
+            "COMMITTED_C2D_CPUS",
+            "COMMITTED_C2_CPUS",
+            "COMMITTED_C3_CPUS",
+            "COMMITTED_CPUS",
+            "COMMITTED_E2_CPUS",
+            "COMMITTED_LICENSES",
+            "COMMITTED_LOCAL_SSD_TOTAL_GB",
+            "COMMITTED_M3_CPUS",
+            "COMMITTED_MEMORY_OPTIMIZED_CPUS",
+            "COMMITTED_N2A_CPUS",
+            "COMMITTED_N2D_CPUS",
+            "COMMITTED_N2_CPUS",
+            "COMMITTED_NVIDIA_A100_80GB_GPUS",
+            "COMMITTED_NVIDIA_A100_GPUS",
+            "COMMITTED_NVIDIA_K80_GPUS",
+            "COMMITTED_NVIDIA_L4_GPUS",
+            "COMMITTED_NVIDIA_P100_GPUS",
+            "COMMITTED_NVIDIA_P4_GPUS",
+            "COMMITTED_NVIDIA_T4_GPUS",
+            "COMMITTED_NVIDIA_V100_GPUS",
+            "COMMITTED_T2A_CPUS",
+            "COMMITTED_T2D_CPUS",
+            "CPUS",
+            "CPUS_ALL_REGIONS",
+            "DISKS_TOTAL_GB",
+            "E2_CPUS",
+            "EXTERNAL_MANAGED_FORWARDING_RULES",
+            "EXTERNAL_NETWORK_LB_FORWARDING_RULES",
+            "EXTERNAL_PROTOCOL_FORWARDING_RULES",
+            "EXTERNAL_VPN_GATEWAYS",
+            "FIREWALLS",
+            "FORWARDING_RULES",
+            "GLOBAL_EXTERNAL_MANAGED_BACKEND_SERVICES",
+            "GLOBAL_EXTERNAL_MANAGED_FORWARDING_RULES",
+            "GLOBAL_EXTERNAL_PROXY_LB_BACKEND_SERVICES",
+            "GLOBAL_INTERNAL_ADDRESSES",
+            "GLOBAL_INTERNAL_MANAGED_BACKEND_SERVICES",
+            "GLOBAL_INTERNAL_TRAFFIC_DIRECTOR_BACKEND_SERVICES",
+            "GPUS_ALL_REGIONS",
+            "HEALTH_CHECKS",
+            "IMAGES",
+            "INSTANCES",
+            "INSTANCE_GROUPS",
+            "INSTANCE_GROUP_MANAGERS",
+            "INSTANCE_TEMPLATES",
+            "INTERCONNECTS",
+            "INTERCONNECT_ATTACHMENTS_PER_REGION",
+            "INTERCONNECT_ATTACHMENTS_TOTAL_MBPS",
+            "INTERCONNECT_TOTAL_GBPS",
+            "INTERNAL_ADDRESSES",
+            "INTERNAL_TRAFFIC_DIRECTOR_FORWARDING_RULES",
+            "IN_PLACE_SNAPSHOTS",
+            "IN_USE_ADDRESSES",
+            "IN_USE_BACKUP_SCHEDULES",
+            "IN_USE_MAINTENANCE_WINDOWS",
+            "IN_USE_SNAPSHOT_SCHEDULES",
+            "LOCAL_SSD_TOTAL_GB",
+            "M1_CPUS",
+            "M2_CPUS",
+            "M3_CPUS",
+            "MACHINE_IMAGES",
+            "N2A_CPUS",
+            "N2D_CPUS",
+            "N2_CPUS",
+            "NETWORKS",
+            "NETWORK_ATTACHMENTS",
+            "NETWORK_ENDPOINT_GROUPS",
+            "NETWORK_FIREWALL_POLICIES",
+            "NET_LB_SECURITY_POLICIES_PER_REGION",
+            "NET_LB_SECURITY_POLICY_RULES_PER_REGION",
+            "NET_LB_SECURITY_POLICY_RULE_ATTRIBUTES_PER_REGION",
+            "NODE_GROUPS",
+            "NODE_TEMPLATES",
+            "NVIDIA_A100_80GB_GPUS",
+            "NVIDIA_A100_GPUS",
+            "NVIDIA_K80_GPUS",
+            "NVIDIA_L4_GPUS",
+            "NVIDIA_P100_GPUS",
+            "NVIDIA_P100_VWS_GPUS",
+            "NVIDIA_P4_GPUS",
+            "NVIDIA_P4_VWS_GPUS",
+            "NVIDIA_T4_GPUS",
+            "NVIDIA_T4_VWS_GPUS",
+            "NVIDIA_V100_GPUS",
+            "PACKET_MIRRORINGS",
+            "PD_EXTREME_TOTAL_PROVISIONED_IOPS",
+            "PREEMPTIBLE_CPUS",
+            "PREEMPTIBLE_LOCAL_SSD_GB",
+            "PREEMPTIBLE_NVIDIA_A100_80GB_GPUS",
+            "PREEMPTIBLE_NVIDIA_A100_GPUS",
+            "PREEMPTIBLE_NVIDIA_K80_GPUS",
+            "PREEMPTIBLE_NVIDIA_L4_GPUS",
+            "PREEMPTIBLE_NVIDIA_P100_GPUS",
+            "PREEMPTIBLE_NVIDIA_P100_VWS_GPUS",
+            "PREEMPTIBLE_NVIDIA_P4_GPUS",
+            "PREEMPTIBLE_NVIDIA_P4_VWS_GPUS",
+            "PREEMPTIBLE_NVIDIA_T4_GPUS",
+            "PREEMPTIBLE_NVIDIA_T4_VWS_GPUS",
+            "PREEMPTIBLE_NVIDIA_V100_GPUS",
+            "PREEMPTIBLE_TPU_LITE_DEVICE_V4",
+            "PREEMPTIBLE_TPU_LITE_DEVICE_V5",
+            "PREEMPTIBLE_TPU_LITE_PODSLICE_V5",
+            "PREEMPTIBLE_TPU_PODSLICE_V4",
+            "PRIVATE_V6_ACCESS_SUBNETWORKS",
+            "PSC_ILB_CONSUMER_FORWARDING_RULES_PER_PRODUCER_NETWORK",
+            "PSC_INTERNAL_LB_FORWARDING_RULES",
+            "PUBLIC_ADVERTISED_PREFIXES",
+            "PUBLIC_DELEGATED_PREFIXES",
+            "QUEUED_RESOURCES",
+            "REGIONAL_AUTOSCALERS",
+            "REGIONAL_EXTERNAL_MANAGED_BACKEND_SERVICES",
+            "REGIONAL_EXTERNAL_NETWORK_LB_BACKEND_SERVICES",
+            "REGIONAL_INSTANCE_GROUP_MANAGERS",
+            "REGIONAL_INTERNAL_LB_BACKEND_SERVICES",
+            "REGIONAL_INTERNAL_MANAGED_BACKEND_SERVICES",
+            "RESERVATIONS",
+            "RESOURCE_POLICIES",
+            "ROUTERS",
+            "ROUTES",
+            "SECURITY_POLICIES",
+            "SECURITY_POLICIES_PER_REGION",
+            "SECURITY_POLICY_ADVANCED_RULES_PER_REGION",
+            "SECURITY_POLICY_CEVAL_RULES",
+            "SECURITY_POLICY_RULES",
+            "SECURITY_POLICY_RULES_PER_REGION",
+            "SERVICE_ATTACHMENTS",
+            "SNAPSHOTS",
+            "SSD_TOTAL_GB",
+            "SSL_CERTIFICATES",
+            "STATIC_ADDRESSES",
+            "STATIC_BYOIP_ADDRESSES",
+            "STATIC_EXTERNAL_IPV6_ADDRESS_RANGES",
+            "SUBNETWORKS",
+            "T2A_CPUS",
+            "T2D_CPUS",
+            "TARGET_HTTPS_PROXIES",
+            "TARGET_HTTP_PROXIES",
+            "TARGET_INSTANCES",
+            "TARGET_POOLS",
+            "TARGET_SSL_PROXIES",
+            "TARGET_TCP_PROXIES",
+            "TARGET_VPN_GATEWAYS",
+            "TPU_LITE_DEVICE_V4",
+            "TPU_LITE_DEVICE_V5",
+            "TPU_LITE_PODSLICE_V5",
+            "TPU_PODSLICE_V4",
+            "URL_MAPS",
+            "VPN_GATEWAYS",
+            "VPN_TUNNELS",
+            "XPN_SERVICE_PROJECTS"
           ],
           "enumDescriptions": [
-            "Public internet quality with fixed bandwidth.",
-            "High quality, Google-grade network tier, support for all networking products.",
-            "Price competitive network tier, support for all networking products.",
-            "Public internet quality, only limited support for other networking products.",
-            "(Output only) Temporary tier for FIXED_STANDARD when fixed standard tier is expired or not configured."
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "Guest CPUs",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "The total number of snapshots allowed for a single project.",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            ""
           ],
           "type": "string"
         },
-        "defaultServiceAccount": {
-          "description": "[Output Only] Default service account used by VMs running in this project.",
-          "type": "string"
-        },
-        "description": {
-          "description": "An optional textual description of the resource.",
+        "owner": {
+          "description": "[Output Only] Owning resource. This is the resource on which this quota is applied.",
           "type": "string"
         },
-        "enabledFeatures": {
-          "description": "Restricted features enabled for use on this project.",
-          "items": {
+        "usage": {
+          "description": "[Output Only] Current usage of this metric.",
+          "format": "double",
+          "type": "number"
+        }
+      },
+      "type": "object"
+    },
+    "QuotaExceededInfo": {
+      "description": "Additional details for quota exceeded error for resource quota.",
+      "id": "QuotaExceededInfo",
+      "properties": {
+        "dimensions": {
+          "additionalProperties": {
             "type": "string"
           },
-          "type": "array"
-        },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server. This is *not* the project ID, and is just a unique ID used by Compute Engine to identify resources.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "kind": {
-          "default": "compute#project",
-          "description": "[Output Only] Type of the resource. Always compute#project for projects.",
-          "type": "string"
+          "description": "The map holding related quota dimensions.",
+          "type": "object"
         },
-        "name": {
-          "description": "The project ID. For example: my-example-project. Use the project ID to make requests to Compute Engine.",
-          "type": "string"
+        "futureLimit": {
+          "description": "Future quota limit being rolled out. The limit's unit depends on the quota type or metric.",
+          "format": "double",
+          "type": "number"
         },
-        "quotas": {
-          "description": "[Output Only] Quotas assigned to this project.",
-          "items": {
-            "$ref": "Quota"
-          },
-          "type": "array"
+        "limit": {
+          "description": "Current effective quota limit. The limit's unit depends on the quota type or metric.",
+          "format": "double",
+          "type": "number"
         },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
+        "limitName": {
+          "description": "The name of the quota limit.",
           "type": "string"
         },
-        "usageExportLocation": {
-          "$ref": "UsageExportLocation",
-          "description": "The naming prefix for daily usage reports and the Google Cloud Storage bucket where they are stored."
-        },
-        "vmDnsSetting": {
-          "description": "[Output Only] Default internal DNS setting used by VMs running in this project.",
-          "enum": [
-            "GLOBAL_DEFAULT",
-            "UNSPECIFIED_VM_DNS_SETTING",
-            "ZONAL_DEFAULT",
-            "ZONAL_ONLY"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            "",
-            ""
-          ],
+        "metricName": {
+          "description": "The Compute Engine quota metric name.",
           "type": "string"
         },
-        "xpnProjectStatus": {
-          "description": "[Output Only] The role this project has in a shared VPC configuration. Currently, only projects with the host role, which is specified by the value HOST, are differentiated.",
+        "rolloutStatus": {
+          "description": "Rollout status of the future quota limit.",
           "enum": [
-            "HOST",
-            "UNSPECIFIED_XPN_PROJECT_STATUS"
+            "IN_PROGRESS",
+            "ROLLOUT_STATUS_UNSPECIFIED"
           ],
           "enumDescriptions": [
-            "",
-            ""
+            "IN_PROGRESS - A rollout is in process which will change the limit value to future limit.",
+            "ROLLOUT_STATUS_UNSPECIFIED - Rollout status is not specified. The default value."
           ],
           "type": "string"
         }
       },
       "type": "object"
     },
-    "ProjectsDisableXpnResourceRequest": {
-      "id": "ProjectsDisableXpnResourceRequest",
-      "properties": {
-        "xpnResource": {
-          "$ref": "XpnResourceId",
-          "description": "Service resource (a.k.a service project) ID."
-        }
-      },
-      "type": "object"
-    },
-    "ProjectsEnableXpnResourceRequest": {
-      "id": "ProjectsEnableXpnResourceRequest",
-      "properties": {
-        "xpnResource": {
-          "$ref": "XpnResourceId",
-          "description": "Service resource (a.k.a service project) ID."
-        }
-      },
-      "type": "object"
-    },
-    "ProjectsGetXpnResources": {
-      "id": "ProjectsGetXpnResources",
+    "RbacPolicy": {
+      "id": "RbacPolicy",
       "properties": {
-        "kind": {
-          "default": "compute#projectsGetXpnResources",
-          "description": "[Output Only] Type of resource. Always compute#projectsGetXpnResources for lists of service resources (a.k.a service projects)",
+        "name": {
+          "description": "Name of the RbacPolicy.",
           "type": "string"
         },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
-          "type": "string"
+        "permissions": {
+          "description": "The list of permissions.",
+          "items": {
+            "$ref": "Permission"
+          },
+          "type": "array"
         },
-        "resources": {
-          "description": "Service resources (a.k.a service projects) attached to this project as their shared VPC host.",
+        "principals": {
+          "description": "The list of principals.",
           "items": {
-            "$ref": "XpnResourceId"
+            "$ref": "Principal"
           },
           "type": "array"
         }
       },
       "type": "object"
     },
-    "ProjectsListXpnHostsRequest": {
-      "id": "ProjectsListXpnHostsRequest",
+    "Reference": {
+      "description": "Represents a reference to a resource.",
+      "id": "Reference",
       "properties": {
-        "organization": {
-          "description": "Optional organization ID managed by Cloud Resource Manager, for which to list shared VPC host projects. If not specified, the organization will be inferred from the project.",
+        "kind": {
+          "default": "compute#reference",
+          "description": "[Output Only] Type of the resource. Always compute#reference for references.",
           "type": "string"
         },
-        "returnPartialPage": {
-          "description": "Opt-in for partial page behavior which provides a partial filled page (number of items on which may be smaller than maxResults) within the API deadline. If opt-in, then the user should rely on if nextPageToken is empty in the response to determine if there is a next page. Empty page is also valid and possible. The default value is false.",
-          "type": "boolean"
-        }
-      },
-      "type": "object"
-    },
-    "ProjectsSetDefaultNetworkTierRequest": {
-      "id": "ProjectsSetDefaultNetworkTierRequest",
-      "properties": {
-        "networkTier": {
-          "description": "Default network tier to be set.",
-          "enum": [
-            "FIXED_STANDARD",
-            "PREMIUM",
-            "SELECT",
-            "STANDARD",
-            "STANDARD_OVERRIDES_FIXED_STANDARD"
-          ],
-          "enumDescriptions": [
-            "Public internet quality with fixed bandwidth.",
-            "High quality, Google-grade network tier, support for all networking products.",
-            "Price competitive network tier, support for all networking products.",
-            "Public internet quality, only limited support for other networking products.",
-            "(Output only) Temporary tier for FIXED_STANDARD when fixed standard tier is expired or not configured."
-          ],
+        "referenceType": {
+          "description": "A description of the reference type with no implied semantics. Possible values include: 1. MEMBER_OF ",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "ProjectsSetDefaultServiceAccountRequest": {
-      "id": "ProjectsSetDefaultServiceAccountRequest",
-      "properties": {
-        "email": {
-          "description": "Email address of the service account.",
+        },
+        "referrer": {
+          "description": "URL of the resource which refers to the target.",
+          "type": "string"
+        },
+        "target": {
+          "description": "URL of the resource to which this reference points.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "PublicAdvertisedPrefix": {
-      "description": "A public advertised prefix represents an aggregated IP prefix or netblock which customers bring to cloud. The IP prefix is a single unit of route advertisement and is announced globally to the internet.",
-      "id": "PublicAdvertisedPrefix",
+    "Region": {
+      "description": "Represents a Region resource. A region is a geographical area where a resource is located. For more information, read Regions and Zones.",
+      "id": "Region",
       "properties": {
         "creationTimestamp": {
           "description": "[Output Only] Creation timestamp in RFC3339 text format.",
           "type": "string"
         },
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
-          "type": "string"
-        },
-        "dnsVerificationIp": {
-          "description": "The IPv4 address to be used for reverse DNS verification.",
-          "type": "string"
+        "deprecated": {
+          "$ref": "DeprecationStatus",
+          "description": "[Output Only] The deprecation status associated with this region."
         },
-        "fingerprint": {
-          "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a new PublicAdvertisedPrefix. An up-to-date fingerprint must be provided in order to update the PublicAdvertisedPrefix, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a PublicAdvertisedPrefix.",
-          "format": "byte",
+        "description": {
+          "description": "[Output Only] Textual description of the resource.",
           "type": "string"
         },
         "id": {
-          "description": "[Output Only] The unique identifier for the resource type. The server generates this identifier.",
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
           "format": "uint64",
           "type": "string"
         },
-        "ipCidrRange": {
-          "description": "The IPv4 address range, in CIDR format, represented by this public advertised prefix.",
-          "type": "string"
-        },
         "kind": {
-          "default": "compute#publicAdvertisedPrefix",
-          "description": "[Output Only] Type of the resource. Always compute#publicAdvertisedPrefix for public advertised prefixes.",
+          "default": "compute#region",
+          "description": "[Output Only] Type of the resource. Always compute#region for regions.",
           "type": "string"
         },
         "name": {
-          "annotations": {
-            "required": [
-              "compute.publicAdvertisedPrefixes.insert"
-            ]
-          },
-          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "pdpScope": {
-          "description": "Specifies how child public delegated prefix will be scoped. It could be one of following values: - `REGIONAL`: The public delegated prefix is regional only. The provisioning will take a few minutes. - `GLOBAL`: The public delegated prefix is global only. The provisioning will take ~4 weeks. - `GLOBAL_AND_REGIONAL` [output only]: The public delegated prefixes is BYOIP V1 legacy prefix. This is output only value and no longer supported in BYOIP V2. ",
-          "enum": [
-            "GLOBAL",
-            "GLOBAL_AND_REGIONAL",
-            "REGIONAL"
-          ],
-          "enumDescriptions": [
-            "The public delegated prefix is global only. The provisioning will take ~4 weeks.",
-            "The public delegated prefixes is BYOIP V1 legacy prefix. This is output only value and no longer supported in BYOIP V2.",
-            "The public delegated prefix is regional only. The provisioning will take a few minutes."
-          ],
+          "description": "[Output Only] Name of the resource.",
           "type": "string"
         },
-        "publicDelegatedPrefixs": {
-          "description": "[Output Only] The list of public delegated prefixes that exist for this public advertised prefix.",
+        "quotas": {
+          "description": "[Output Only] Quotas assigned to this region.",
           "items": {
-            "$ref": "PublicAdvertisedPrefixPublicDelegatedPrefix"
+            "$ref": "Quota"
           },
           "type": "array"
         },
@@ -66910,297 +74830,67 @@
           "type": "string"
         },
         "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL with id for the resource.",
-          "type": "string"
-        },
-        "sharedSecret": {
-          "description": "[Output Only] The shared secret to be used for reverse DNS verification.",
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
           "type": "string"
         },
         "status": {
-          "description": "The status of the public advertised prefix. Possible values include: - `INITIAL`: RPKI validation is complete. - `PTR_CONFIGURED`: User has configured the PTR. - `VALIDATED`: Reverse DNS lookup is successful. - `REVERSE_DNS_LOOKUP_FAILED`: Reverse DNS lookup failed. - `PREFIX_CONFIGURATION_IN_PROGRESS`: The prefix is being configured. - `PREFIX_CONFIGURATION_COMPLETE`: The prefix is fully configured. - `PREFIX_REMOVAL_IN_PROGRESS`: The prefix is being removed. ",
+          "description": "[Output Only] Status of the region, either UP or DOWN.",
           "enum": [
-            "ANNOUNCED_TO_INTERNET",
-            "INITIAL",
-            "PREFIX_CONFIGURATION_COMPLETE",
-            "PREFIX_CONFIGURATION_IN_PROGRESS",
-            "PREFIX_REMOVAL_IN_PROGRESS",
-            "PTR_CONFIGURED",
-            "READY_TO_ANNOUNCE",
-            "REVERSE_DNS_LOOKUP_FAILED",
-            "VALIDATED"
+            "DOWN",
+            "UP"
           ],
           "enumDescriptions": [
-            "The prefix is announced to Internet.",
-            "RPKI validation is complete.",
-            "The prefix is fully configured.",
-            "The prefix is being configured.",
-            "The prefix is being removed.",
-            "User has configured the PTR.",
-            "The prefix is currently withdrawn but ready to be announced.",
-            "Reverse DNS lookup failed.",
-            "Reverse DNS lookup is successful."
+            "",
+            ""
           ],
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "PublicAdvertisedPrefixList": {
-      "id": "PublicAdvertisedPrefixList",
-      "properties": {
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
-          "type": "string"
         },
-        "items": {
-          "description": "A list of PublicAdvertisedPrefix resources.",
+        "supportsPzs": {
+          "description": "[Output Only] Reserved for future use.",
+          "type": "boolean"
+        },
+        "zones": {
+          "description": "[Output Only] A list of zones available in this region, in the form of resource URLs.",
           "items": {
-            "$ref": "PublicAdvertisedPrefix"
+            "type": "string"
           },
           "type": "array"
-        },
-        "kind": {
-          "default": "compute#publicAdvertisedPrefixList",
-          "description": "[Output Only] Type of the resource. Always compute#publicAdvertisedPrefix for public advertised prefixes.",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
-          "type": "string"
-        },
-        "warning": {
-          "description": "[Output Only] Informational warning message.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
-              ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "PublicAdvertisedPrefixPublicDelegatedPrefix": {
-      "description": "Represents a CIDR range which can be used to assign addresses.",
-      "id": "PublicAdvertisedPrefixPublicDelegatedPrefix",
-      "properties": {
-        "ipRange": {
-          "description": "The IP address range of the public delegated prefix",
-          "type": "string"
-        },
-        "name": {
-          "description": "The name of the public delegated prefix",
-          "type": "string"
-        },
-        "project": {
-          "description": "The project number of the public delegated prefix",
-          "type": "string"
-        },
-        "region": {
-          "description": "The region of the public delegated prefix if it is regional. If absent, the prefix is global.",
-          "type": "string"
-        },
-        "status": {
-          "description": "The status of the public delegated prefix. Possible values are: INITIALIZING: The public delegated prefix is being initialized and addresses cannot be created yet. ANNOUNCED: The public delegated prefix is active.",
-          "type": "string"
         }
       },
       "type": "object"
     },
-    "PublicDelegatedPrefix": {
-      "description": "A PublicDelegatedPrefix resource represents an IP block within a PublicAdvertisedPrefix that is configured within a single cloud scope (global or region). IPs in the block can be allocated to resources within that scope. Public delegated prefixes may be further broken up into smaller IP blocks in the same scope as the parent block.",
-      "id": "PublicDelegatedPrefix",
+    "RegionAddressesMoveRequest": {
+      "id": "RegionAddressesMoveRequest",
       "properties": {
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
-          "type": "string"
-        },
         "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
-          "type": "string"
-        },
-        "fingerprint": {
-          "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a new PublicDelegatedPrefix. An up-to-date fingerprint must be provided in order to update the PublicDelegatedPrefix, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a PublicDelegatedPrefix.",
-          "format": "byte",
-          "type": "string"
-        },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource type. The server generates this identifier.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "ipCidrRange": {
-          "description": "The IPv4 address range, in CIDR format, represented by this public delegated prefix.",
-          "type": "string"
-        },
-        "isLiveMigration": {
-          "description": "If true, the prefix will be live migrated.",
-          "type": "boolean"
-        },
-        "kind": {
-          "default": "compute#publicDelegatedPrefix",
-          "description": "[Output Only] Type of the resource. Always compute#publicDelegatedPrefix for public delegated prefixes.",
-          "type": "string"
-        },
-        "name": {
-          "annotations": {
-            "required": [
-              "compute.publicDelegatedPrefixes.insert"
-            ]
-          },
-          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "parentPrefix": {
-          "description": "The URL of parent prefix. Either PublicAdvertisedPrefix or PublicDelegatedPrefix.",
-          "type": "string"
-        },
-        "publicDelegatedSubPrefixs": {
-          "description": "The list of sub public delegated prefixes that exist for this public delegated prefix.",
-          "items": {
-            "$ref": "PublicDelegatedPrefixPublicDelegatedSubPrefix"
-          },
-          "type": "array"
-        },
-        "region": {
-          "description": "[Output Only] URL of the region where the public delegated prefix resides. This field applies only to the region resource. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
-          "type": "string"
-        },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL with id for the resource.",
+          "description": "An optional destination address description if intended to be different from the source.",
           "type": "string"
         },
-        "status": {
-          "description": "[Output Only] The status of the public delegated prefix, which can be one of following values: - `INITIALIZING` The public delegated prefix is being initialized and addresses cannot be created yet. - `READY_TO_ANNOUNCE` The public delegated prefix is a live migration prefix and is active. - `ANNOUNCED` The public delegated prefix is active. - `DELETING` The public delegated prefix is being deprovsioned. ",
-          "enum": [
-            "ANNOUNCED",
-            "ANNOUNCED_TO_GOOGLE",
-            "ANNOUNCED_TO_INTERNET",
-            "DELETING",
-            "INITIALIZING",
-            "READY_TO_ANNOUNCE"
-          ],
-          "enumDescriptions": [
-            "The public delegated prefix is active.",
-            "The prefix is announced within Google network.",
-            "The prefix is announced to Internet and within Google.",
-            "The public delegated prefix is being deprovsioned.",
-            "The public delegated prefix is being initialized and addresses cannot be created yet.",
-            "The public delegated prefix is currently withdrawn but ready to be announced."
-          ],
+        "destinationAddress": {
+          "description": "The URL of the destination address to move to. This can be a full or partial URL. For example, the following are all valid URLs to a address: - https://www.googleapis.com/compute/v1/projects/project/regions/region /addresses/address - projects/project/regions/region/addresses/address Note that destination project must be different from the source project. So /regions/region/addresses/address is not valid partial url.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "PublicDelegatedPrefixAggregatedList": {
-      "id": "PublicDelegatedPrefixAggregatedList",
+    "RegionAutoscalerList": {
+      "description": "Contains a list of autoscalers.",
+      "id": "RegionAutoscalerList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "additionalProperties": {
-            "$ref": "PublicDelegatedPrefixesScopedList",
-            "description": "[Output Only] Name of the scope containing this set of PublicDelegatedPrefixes."
+          "description": "A list of Autoscaler resources.",
+          "items": {
+            "$ref": "Autoscaler"
           },
-          "description": "A list of PublicDelegatedPrefixesScopedList resources.",
-          "type": "object"
+          "type": "array"
         },
         "kind": {
-          "default": "compute#publicDelegatedPrefixAggregatedList",
-          "description": "[Output Only] Type of the resource. Always compute#publicDelegatedPrefixAggregatedList for aggregated lists of public delegated prefixes.",
+          "default": "compute#regionAutoscalerList",
+          "description": "Type of resource.",
           "type": "string"
         },
         "nextPageToken": {
@@ -67211,13 +74901,6 @@
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
-        "unreachables": {
-          "description": "[Output Only] Unreachable resources.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -67234,6 +74917,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -67252,6 +74936,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -67263,6 +74977,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -67310,23 +75025,36 @@
       },
       "type": "object"
     },
-    "PublicDelegatedPrefixList": {
-      "id": "PublicDelegatedPrefixList",
+    "RegionCommitmentsUpdateReservationsRequest": {
+      "id": "RegionCommitmentsUpdateReservationsRequest",
+      "properties": {
+        "reservations": {
+          "description": "A list of two reservations to transfer GPUs and local SSD between.",
+          "items": {
+            "$ref": "Reservation"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "RegionDiskTypeList": {
+      "id": "RegionDiskTypeList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of PublicDelegatedPrefix resources.",
+          "description": "A list of DiskType resources.",
           "items": {
-            "$ref": "PublicDelegatedPrefix"
+            "$ref": "DiskType"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#publicDelegatedPrefixList",
-          "description": "[Output Only] Type of the resource. Always compute#publicDelegatedPrefixList for public delegated prefixes.",
+          "default": "compute#regionDiskTypeList",
+          "description": "[Output Only] Type of resource. Always compute#regionDiskTypeList for region disk types.",
           "type": "string"
         },
         "nextPageToken": {
@@ -67353,6 +75081,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -67371,6 +75100,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -67382,6 +75141,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -67429,265 +75189,83 @@
       },
       "type": "object"
     },
-    "PublicDelegatedPrefixPublicDelegatedSubPrefix": {
-      "description": "Represents a sub PublicDelegatedPrefix.",
-      "id": "PublicDelegatedPrefixPublicDelegatedSubPrefix",
+    "RegionDisksAddResourcePoliciesRequest": {
+      "id": "RegionDisksAddResourcePoliciesRequest",
       "properties": {
-        "delegateeProject": {
-          "description": "Name of the project scoping this PublicDelegatedSubPrefix.",
-          "type": "string"
-        },
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
-          "type": "string"
-        },
-        "ipCidrRange": {
-          "description": "The IPv4 address range, in CIDR format, represented by this sub public delegated prefix.",
-          "type": "string"
-        },
-        "isAddress": {
-          "description": "Whether the sub prefix is delegated to create Address resources in the delegatee project.",
-          "type": "boolean"
-        },
-        "name": {
-          "description": "The name of the sub public delegated prefix.",
-          "type": "string"
-        },
-        "region": {
-          "description": "[Output Only] The region of the sub public delegated prefix if it is regional. If absent, the sub prefix is global.",
-          "type": "string"
-        },
-        "status": {
-          "description": "[Output Only] The status of the sub public delegated prefix.",
-          "enum": [
-            "ACTIVE",
-            "INACTIVE"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
-          "type": "string"
+        "resourcePolicies": {
+          "description": "Resource policies to be added to this disk.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "PublicDelegatedPrefixesScopedList": {
-      "id": "PublicDelegatedPrefixesScopedList",
+    "RegionDisksRemoveResourcePoliciesRequest": {
+      "id": "RegionDisksRemoveResourcePoliciesRequest",
       "properties": {
-        "publicDelegatedPrefixes": {
-          "description": "[Output Only] A list of PublicDelegatedPrefixes contained in this scope.",
+        "resourcePolicies": {
+          "description": "Resource policies to be removed from this disk.",
           "items": {
-            "$ref": "PublicDelegatedPrefix"
+            "type": "string"
           },
           "type": "array"
-        },
-        "warning": {
-          "description": "[Output Only] Informational warning which replaces the list of public delegated prefixes when the list is empty.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
-              ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
         }
       },
       "type": "object"
     },
-    "QueuedResource": {
-      "description": "QueuedResource represents a request for future capacity. The capacity is delivered in the form of other GCE resources, either Instances or Reservations.",
-      "id": "QueuedResource",
+    "RegionDisksResizeRequest": {
+      "id": "RegionDisksResizeRequest",
       "properties": {
-        "bulkInsertInstanceResource": {
-          "$ref": "BulkInsertInstanceResource",
-          "description": "Specification of VM instances to create."
-        },
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
-          "type": "string"
-        },
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
-          "type": "string"
-        },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "kind": {
-          "default": "compute#queuedResource",
-          "description": "[Output Only] Type of the resource. Always compute#queuedResource for QueuedResources.",
-          "type": "string"
-        },
-        "name": {
-          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "queuingPolicy": {
-          "$ref": "QueuingPolicy",
-          "description": "Queuing parameters for the requested capacity."
-        },
-        "selfLink": {
-          "description": "[Output only] Server-defined URL for the resource.",
-          "type": "string"
-        },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
-          "type": "string"
-        },
-        "state": {
-          "description": "[Output only] High-level status of the request.",
-          "enum": [
-            "ACCEPTED",
-            "CANCELLED",
-            "CREATING",
-            "DELETING",
-            "FAILED",
-            "PROVISIONING",
-            "STATE_UNSPECIFIED",
-            "SUCCEEDED"
-          ],
-          "enumDescriptions": [
-            "The request was created successfully and was accepted for provisioning when the capacity becomes available.",
-            "The request was canceled by the user.",
-            "QueuedResource is being created and may still fail creation.",
-            "The request is being deleted.",
-            "The request failed before or during provisioning.",
-            "The target resource(s) are being provisioned.",
-            "",
-            "The request succeeded."
-          ],
+        "sizeGb": {
+          "description": "The new size of the regional persistent disk, which is specified in GB.",
+          "format": "int64",
           "type": "string"
-        },
-        "status": {
-          "$ref": "QueuedResourceStatus",
-          "description": "[Output only] Result of queuing and provisioning based on deferred capacity."
-        },
-        "zone": {
-          "description": "[Output Only] URL of the zone where the resource resides. Only applicable for zonal resources. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
+        }
+      },
+      "type": "object"
+    },
+    "RegionDisksStartAsyncReplicationRequest": {
+      "id": "RegionDisksStartAsyncReplicationRequest",
+      "properties": {
+        "asyncSecondaryDisk": {
+          "description": "The secondary disk to start asynchronous replication to. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - https://www.googleapis.com/compute/v1/projects/project/regions/region /disks/disk - projects/project/zones/zone/disks/disk - projects/project/regions/region/disks/disk - zones/zone/disks/disk - regions/region/disks/disk ",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "QueuedResourceList": {
-      "id": "QueuedResourceList",
+    "RegionInstanceGroupList": {
+      "description": "Contains a list of InstanceGroup resources.",
+      "id": "RegionInstanceGroupList",
       "properties": {
         "id": {
-          "description": "Unique identifier for the resource; defined by the server.",
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of QueuedResource resources.",
+          "description": "A list of InstanceGroup resources.",
           "items": {
-            "$ref": "QueuedResource"
+            "$ref": "InstanceGroup"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#queuedResourceList",
-          "description": "Type of resource.",
+          "default": "compute#regionInstanceGroupList",
+          "description": "The resource type.",
           "type": "string"
         },
         "nextPageToken": {
-          "description": "This token allows you to get the next page of results for maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
           "type": "string"
         },
         "selfLink": {
-          "description": "[Output only] Server-defined URL for this resource.",
+          "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
-        "unreachables": {
-          "description": "[Output only] Unreachable resources.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
         "warning": {
-          "description": "Informational warning message.",
+          "description": "[Output Only] Informational warning message.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -67702,6 +75280,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -67720,6 +75299,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -67731,6 +75340,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -67778,101 +75388,38 @@
       },
       "type": "object"
     },
-    "QueuedResourceStatus": {
-      "description": "[Output only] Result of queuing and provisioning based on deferred capacity.",
-      "id": "QueuedResourceStatus",
+    "RegionInstanceGroupManagerDeleteInstanceConfigReq": {
+      "description": "RegionInstanceGroupManagers.deletePerInstanceConfigs",
+      "id": "RegionInstanceGroupManagerDeleteInstanceConfigReq",
       "properties": {
-        "failedData": {
-          "$ref": "QueuedResourceStatusFailedData",
-          "description": "Additional status detail for the FAILED state."
-        },
-        "provisioningOperations": {
-          "description": "[Output only] Fully qualified URL of the provisioning GCE operation to track the provisioning along with provisioning errors. The referenced operation may not exist after having been deleted or expired.",
+        "names": {
+          "description": "The list of instance names for which we want to delete per-instance configs on this managed instance group.",
           "items": {
             "type": "string"
           },
           "type": "array"
-        },
-        "queuingPolicy": {
-          "$ref": "QueuingPolicy",
-          "description": "Constraints for the time when the resource(s) start provisioning. Always exposed as absolute times."
-        }
-      },
-      "type": "object"
-    },
-    "QueuedResourceStatusFailedData": {
-      "description": "Additional status detail for the FAILED state.",
-      "id": "QueuedResourceStatusFailedData",
-      "properties": {
-        "error": {
-          "description": "The error(s) that caused the QueuedResource to enter the FAILED state.",
-          "properties": {
-            "errors": {
-              "description": "[Output Only] The array of errors encountered while processing this operation.",
-              "items": {
-                "properties": {
-                  "code": {
-                    "description": "[Output Only] The error type identifier for this error.",
-                    "type": "string"
-                  },
-                  "errorDetails": {
-                    "description": "[Output Only] An optional list of messages that contain the error details. There is a set of defined message types to use for providing details.The syntax depends on the error code. For example, QuotaExceededInfo will have details when the error code is QUOTA_EXCEEDED.",
-                    "items": {
-                      "properties": {
-                        "errorInfo": {
-                          "$ref": "ErrorInfo"
-                        },
-                        "help": {
-                          "$ref": "Help"
-                        },
-                        "localizedMessage": {
-                          "$ref": "LocalizedMessage"
-                        },
-                        "quotaInfo": {
-                          "$ref": "QuotaExceededInfo"
-                        }
-                      },
-                      "type": "object"
-                    },
-                    "type": "array"
-                  },
-                  "location": {
-                    "description": "[Output Only] Indicates the field in the request that caused the error. This property is optional.",
-                    "type": "string"
-                  },
-                  "message": {
-                    "description": "[Output Only] An optional, human-readable error message.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            }
-          },
-          "type": "object"
         }
       },
       "type": "object"
     },
-    "QueuedResourcesAggregatedList": {
-      "id": "QueuedResourcesAggregatedList",
+    "RegionInstanceGroupManagerList": {
+      "description": "Contains a list of managed instance groups.",
+      "id": "RegionInstanceGroupManagerList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "additionalProperties": {
-            "$ref": "QueuedResourcesScopedList",
-            "description": "Name of the scope containing this set of queued resources."
+          "description": "A list of InstanceGroupManager resources.",
+          "items": {
+            "$ref": "InstanceGroupManager"
           },
-          "description": "A list of QueuedResourcesScopedList resources.",
-          "type": "object"
+          "type": "array"
         },
         "kind": {
-          "default": "compute#queuedResources",
-          "description": "[Output Only] Type of resource. Always compute#queuedResourcesAggregatedList for lists of QueuedResource.",
+          "default": "compute#regionInstanceGroupManagerList",
+          "description": "[Output Only] The resource type, which is always compute#instanceGroupManagerList for a list of managed instance groups that exist in th regional scope.",
           "type": "string"
         },
         "nextPageToken": {
@@ -67883,13 +75430,6 @@
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
-        "unreachables": {
-          "description": "[Output Only] Unreachable resources.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -67906,6 +75446,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -67924,6 +75465,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -67935,6 +75506,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -67977,23 +75549,187 @@
               "type": "string"
             }
           },
-          "type": "object"
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "RegionInstanceGroupManagerPatchInstanceConfigReq": {
+      "description": "RegionInstanceGroupManagers.patchPerInstanceConfigs",
+      "id": "RegionInstanceGroupManagerPatchInstanceConfigReq",
+      "properties": {
+        "perInstanceConfigs": {
+          "description": "The list of per-instance configurations to insert or patch on this managed instance group.",
+          "items": {
+            "$ref": "PerInstanceConfig"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "RegionInstanceGroupManagerUpdateInstanceConfigReq": {
+      "description": "RegionInstanceGroupManagers.updatePerInstanceConfigs",
+      "id": "RegionInstanceGroupManagerUpdateInstanceConfigReq",
+      "properties": {
+        "perInstanceConfigs": {
+          "description": "The list of per-instance configurations to insert or patch on this managed instance group.",
+          "items": {
+            "$ref": "PerInstanceConfig"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "RegionInstanceGroupManagersAbandonInstancesRequest": {
+      "id": "RegionInstanceGroupManagersAbandonInstancesRequest",
+      "properties": {
+        "instances": {
+          "description": "The URLs of one or more instances to abandon. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "RegionInstanceGroupManagersApplyUpdatesRequest": {
+      "description": "RegionInstanceGroupManagers.applyUpdatesToInstances",
+      "id": "RegionInstanceGroupManagersApplyUpdatesRequest",
+      "properties": {
+        "allInstances": {
+          "description": "Flag to update all instances instead of specified list of “instances”. If the flag is set to true then the instances may not be specified in the request.",
+          "type": "boolean"
+        },
+        "instances": {
+          "description": "The list of URLs of one or more instances for which you want to apply updates. Each URL can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "maximalAction": {
+          "description": "The maximal action that should be performed on the instances. By default REPLACE. This field is deprecated, please use most_disruptive_allowed_action.",
+          "enum": [
+            "NONE",
+            "REFRESH",
+            "REPLACE",
+            "RESTART"
+          ],
+          "enumDescriptions": [
+            "Do not perform any action.",
+            "Do not stop the instance.",
+            "(Default.) Replace the instance according to the replacement method option.",
+            "Stop the instance and start it again."
+          ],
+          "type": "string"
+        },
+        "minimalAction": {
+          "description": "The minimal action that you want to perform on each instance during the update: - REPLACE: At minimum, delete the instance and create it again. - RESTART: Stop the instance and start it again. - REFRESH: Do not stop the instance and limit disruption as much as possible. - NONE: Do not disrupt the instance at all. By default, the minimum action is NONE. If your update requires a more disruptive action than you set with this flag, the necessary action is performed to execute the update.",
+          "enum": [
+            "NONE",
+            "REFRESH",
+            "REPLACE",
+            "RESTART"
+          ],
+          "enumDescriptions": [
+            "Do not perform any action.",
+            "Do not stop the instance.",
+            "(Default.) Replace the instance according to the replacement method option.",
+            "Stop the instance and start it again."
+          ],
+          "type": "string"
+        },
+        "mostDisruptiveAllowedAction": {
+          "description": "The most disruptive action that you want to perform on each instance during the update: - REPLACE: Delete the instance and create it again. - RESTART: Stop the instance and start it again. - REFRESH: Do not stop the instance and limit disruption as much as possible. - NONE: Do not disrupt the instance at all. By default, the most disruptive allowed action is REPLACE. If your update requires a more disruptive action than you set with this flag, the update request will fail.",
+          "enum": [
+            "NONE",
+            "REFRESH",
+            "REPLACE",
+            "RESTART"
+          ],
+          "enumDescriptions": [
+            "Do not perform any action.",
+            "Do not stop the instance.",
+            "(Default.) Replace the instance according to the replacement method option.",
+            "Stop the instance and start it again."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "RegionInstanceGroupManagersCreateInstancesRequest": {
+      "description": "RegionInstanceGroupManagers.createInstances",
+      "id": "RegionInstanceGroupManagersCreateInstancesRequest",
+      "properties": {
+        "instances": {
+          "description": "[Required] List of specifications of per-instance configs.",
+          "items": {
+            "$ref": "PerInstanceConfig"
+          },
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "QueuedResourcesScopedList": {
-      "id": "QueuedResourcesScopedList",
+    "RegionInstanceGroupManagersDeleteInstancesRequest": {
+      "id": "RegionInstanceGroupManagersDeleteInstancesRequest",
       "properties": {
-        "queuedResources": {
-          "description": "List of QueuedResources contained in this scope.",
+        "instances": {
+          "description": "The URLs of one or more instances to delete. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
           "items": {
-            "$ref": "QueuedResource"
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "skipInapplicableInstances": {
+          "deprecated": true,
+          "description": "Skip instances which cannot be deleted (instances not belonging to this managed group, already being deleted or being abandoned). If `false`, fail whole flow, if such instance is passed. DEPRECATED: Use skip_instances_on_validation_error instead.",
+          "type": "boolean"
+        },
+        "skipInstancesOnValidationError": {
+          "description": "Specifies whether the request should proceed despite the inclusion of instances that are not members of the group or that are already in the process of being deleted or abandoned. If this field is set to `false` and such an instance is specified in the request, the operation fails. The operation always fails if the request contains a malformed instance URL or a reference to an instance that exists in a zone or region other than the group's zone or region.",
+          "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
+    "RegionInstanceGroupManagersListErrorsResponse": {
+      "id": "RegionInstanceGroupManagersListErrorsResponse",
+      "properties": {
+        "items": {
+          "description": "[Output Only] The list of errors of the managed instance group.",
+          "items": {
+            "$ref": "InstanceManagedByIgmError"
+          },
+          "type": "array"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "RegionInstanceGroupManagersListInstanceConfigsResp": {
+      "id": "RegionInstanceGroupManagersListInstanceConfigsResp",
+      "properties": {
+        "items": {
+          "description": "[Output Only] The list of PerInstanceConfig.",
+          "items": {
+            "$ref": "PerInstanceConfig"
           },
           "type": "array"
         },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
         "warning": {
-          "description": "Informational warning which replaces the list of backend services when the list is empty.",
+          "description": "[Output Only] Informational warning message.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -68008,6 +75744,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -68026,6 +75763,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -68037,6 +75804,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -68084,522 +75852,371 @@
       },
       "type": "object"
     },
-    "QueuingPolicy": {
-      "description": "Queuing parameters for the requested deferred capacity.",
-      "id": "QueuingPolicy",
+    "RegionInstanceGroupManagersListInstancesResponse": {
+      "id": "RegionInstanceGroupManagersListInstancesResponse",
       "properties": {
-        "validUntilDuration": {
-          "$ref": "Duration",
-          "description": "Relative deadline for waiting for capacity."
+        "managedInstances": {
+          "description": "A list of managed instances.",
+          "items": {
+            "$ref": "ManagedInstance"
+          },
+          "type": "array"
         },
-        "validUntilTime": {
-          "description": "Absolute deadline for waiting for capacity in RFC3339 text format.",
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "Quota": {
-      "description": "A quotas entry.",
-      "id": "Quota",
+    "RegionInstanceGroupManagersRecreateRequest": {
+      "id": "RegionInstanceGroupManagersRecreateRequest",
       "properties": {
-        "limit": {
-          "description": "[Output Only] Quota limit for this metric.",
-          "format": "double",
-          "type": "number"
-        },
-        "metric": {
-          "description": "[Output Only] Name of the quota metric.",
-          "enum": [
-            "A2_CPUS",
-            "AFFINITY_GROUPS",
-            "AMD_S9300_GPUS",
-            "AUTOSCALERS",
-            "BACKEND_BUCKETS",
-            "BACKEND_SERVICES",
-            "C2D_CPUS",
-            "C2_CPUS",
-            "C3_CPUS",
-            "COMMITMENTS",
-            "COMMITTED_A2_CPUS",
-            "COMMITTED_C2D_CPUS",
-            "COMMITTED_C2_CPUS",
-            "COMMITTED_C3_CPUS",
-            "COMMITTED_CPUS",
-            "COMMITTED_E2_CPUS",
-            "COMMITTED_LICENSES",
-            "COMMITTED_LOCAL_SSD_TOTAL_GB",
-            "COMMITTED_M3_CPUS",
-            "COMMITTED_MEMORY_OPTIMIZED_CPUS",
-            "COMMITTED_N2A_CPUS",
-            "COMMITTED_N2D_CPUS",
-            "COMMITTED_N2_CPUS",
-            "COMMITTED_NVIDIA_A100_80GB_GPUS",
-            "COMMITTED_NVIDIA_A100_GPUS",
-            "COMMITTED_NVIDIA_K80_GPUS",
-            "COMMITTED_NVIDIA_L4_GPUS",
-            "COMMITTED_NVIDIA_P100_GPUS",
-            "COMMITTED_NVIDIA_P4_GPUS",
-            "COMMITTED_NVIDIA_T4_GPUS",
-            "COMMITTED_NVIDIA_V100_GPUS",
-            "COMMITTED_T2A_CPUS",
-            "COMMITTED_T2D_CPUS",
-            "CPUS",
-            "CPUS_ALL_REGIONS",
-            "DISKS_TOTAL_GB",
-            "E2_CPUS",
-            "EXTERNAL_MANAGED_FORWARDING_RULES",
-            "EXTERNAL_NETWORK_LB_FORWARDING_RULES",
-            "EXTERNAL_PROTOCOL_FORWARDING_RULES",
-            "EXTERNAL_VPN_GATEWAYS",
-            "FIREWALLS",
-            "FORWARDING_RULES",
-            "GLOBAL_EXTERNAL_MANAGED_BACKEND_SERVICES",
-            "GLOBAL_EXTERNAL_MANAGED_FORWARDING_RULES",
-            "GLOBAL_EXTERNAL_PROXY_LB_BACKEND_SERVICES",
-            "GLOBAL_INTERNAL_ADDRESSES",
-            "GLOBAL_INTERNAL_MANAGED_BACKEND_SERVICES",
-            "GLOBAL_INTERNAL_TRAFFIC_DIRECTOR_BACKEND_SERVICES",
-            "GPUS_ALL_REGIONS",
-            "HEALTH_CHECKS",
-            "IMAGES",
-            "INSTANCES",
-            "INSTANCE_GROUPS",
-            "INSTANCE_GROUP_MANAGERS",
-            "INSTANCE_TEMPLATES",
-            "INTERCONNECTS",
-            "INTERCONNECT_ATTACHMENTS_PER_REGION",
-            "INTERCONNECT_ATTACHMENTS_TOTAL_MBPS",
-            "INTERCONNECT_TOTAL_GBPS",
-            "INTERNAL_ADDRESSES",
-            "INTERNAL_TRAFFIC_DIRECTOR_FORWARDING_RULES",
-            "IN_PLACE_SNAPSHOTS",
-            "IN_USE_ADDRESSES",
-            "IN_USE_BACKUP_SCHEDULES",
-            "IN_USE_MAINTENANCE_WINDOWS",
-            "IN_USE_SNAPSHOT_SCHEDULES",
-            "LOCAL_SSD_TOTAL_GB",
-            "M1_CPUS",
-            "M2_CPUS",
-            "M3_CPUS",
-            "MACHINE_IMAGES",
-            "N2A_CPUS",
-            "N2D_CPUS",
-            "N2_CPUS",
-            "NETWORKS",
-            "NETWORK_ATTACHMENTS",
-            "NETWORK_ENDPOINT_GROUPS",
-            "NETWORK_FIREWALL_POLICIES",
-            "NODE_GROUPS",
-            "NODE_TEMPLATES",
-            "NVIDIA_A100_80GB_GPUS",
-            "NVIDIA_A100_GPUS",
-            "NVIDIA_K80_GPUS",
-            "NVIDIA_P100_GPUS",
-            "NVIDIA_P100_VWS_GPUS",
-            "NVIDIA_P4_GPUS",
-            "NVIDIA_P4_VWS_GPUS",
-            "NVIDIA_T4_GPUS",
-            "NVIDIA_T4_VWS_GPUS",
-            "NVIDIA_V100_GPUS",
-            "PACKET_MIRRORINGS",
-            "PD_EXTREME_TOTAL_PROVISIONED_IOPS",
-            "PREEMPTIBLE_CPUS",
-            "PREEMPTIBLE_LOCAL_SSD_GB",
-            "PREEMPTIBLE_NVIDIA_A100_80GB_GPUS",
-            "PREEMPTIBLE_NVIDIA_A100_GPUS",
-            "PREEMPTIBLE_NVIDIA_K80_GPUS",
-            "PREEMPTIBLE_NVIDIA_P100_GPUS",
-            "PREEMPTIBLE_NVIDIA_P100_VWS_GPUS",
-            "PREEMPTIBLE_NVIDIA_P4_GPUS",
-            "PREEMPTIBLE_NVIDIA_P4_VWS_GPUS",
-            "PREEMPTIBLE_NVIDIA_T4_GPUS",
-            "PREEMPTIBLE_NVIDIA_T4_VWS_GPUS",
-            "PREEMPTIBLE_NVIDIA_V100_GPUS",
-            "PRIVATE_V6_ACCESS_SUBNETWORKS",
-            "PSC_ILB_CONSUMER_FORWARDING_RULES_PER_PRODUCER_NETWORK",
-            "PSC_INTERNAL_LB_FORWARDING_RULES",
-            "PUBLIC_ADVERTISED_PREFIXES",
-            "PUBLIC_DELEGATED_PREFIXES",
-            "QUEUED_RESOURCES",
-            "REGIONAL_AUTOSCALERS",
-            "REGIONAL_EXTERNAL_MANAGED_BACKEND_SERVICES",
-            "REGIONAL_EXTERNAL_NETWORK_LB_BACKEND_SERVICES",
-            "REGIONAL_INSTANCE_GROUP_MANAGERS",
-            "REGIONAL_INTERNAL_LB_BACKEND_SERVICES",
-            "REGIONAL_INTERNAL_MANAGED_BACKEND_SERVICES",
-            "RESERVATIONS",
-            "RESOURCE_POLICIES",
-            "ROUTERS",
-            "ROUTES",
-            "SECURITY_POLICIES",
-            "SECURITY_POLICIES_PER_REGION",
-            "SECURITY_POLICY_CEVAL_RULES",
-            "SECURITY_POLICY_RULES",
-            "SECURITY_POLICY_RULES_PER_REGION",
-            "SERVICE_ATTACHMENTS",
-            "SNAPSHOTS",
-            "SSD_TOTAL_GB",
-            "SSL_CERTIFICATES",
-            "STATIC_ADDRESSES",
-            "STATIC_BYOIP_ADDRESSES",
-            "STATIC_EXTERNAL_IPV6_ADDRESS_RANGES",
-            "SUBNETWORKS",
-            "T2A_CPUS",
-            "T2D_CPUS",
-            "TARGET_HTTPS_PROXIES",
-            "TARGET_HTTP_PROXIES",
-            "TARGET_INSTANCES",
-            "TARGET_POOLS",
-            "TARGET_SSL_PROXIES",
-            "TARGET_TCP_PROXIES",
-            "TARGET_VPN_GATEWAYS",
-            "URL_MAPS",
-            "VPN_GATEWAYS",
-            "VPN_TUNNELS",
-            "XPN_SERVICE_PROJECTS"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "Guest CPUs",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "The total number of snapshots allowed for a single project.",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "owner": {
-          "description": "[Output Only] Owning resource. This is the resource on which this quota is applied.",
-          "type": "string"
+        "instances": {
+          "description": "The URLs of one or more instances to recreate. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "RegionInstanceGroupManagersResizeAdvancedRequest": {
+      "id": "RegionInstanceGroupManagersResizeAdvancedRequest",
+      "properties": {
+        "noCreationRetries": {
+          "description": "If this flag is true, the managed instance group attempts to create all instances initiated by this resize request only once. If there is an error during creation, the managed instance group does not retry create this instance, and we will decrease the targetSize of the request instead. If the flag is false, the group attempts to recreate each instance continuously until it succeeds. This flag matters only in the first attempt of creation of an instance. After an instance is successfully created while this flag is enabled, the instance behaves the same way as all the other instances created with a regular resize request. In particular, if a running instance dies unexpectedly at a later time and needs to be recreated, this mode does not affect the recreation behavior in that scenario. This flag is applicable only to the current resize request. It does not influence other resize requests in any way. You can see which instances ar being created in which mode by calling the get or listManagedInstances API.",
+          "type": "boolean"
         },
-        "usage": {
-          "description": "[Output Only] Current usage of this metric.",
-          "format": "double",
-          "type": "number"
+        "targetSize": {
+          "description": "The number of running instances that the managed instance group should maintain at any given time. The group automatically adds or removes instances to maintain the number of instances specified by this parameter.",
+          "format": "int32",
+          "type": "integer"
         }
       },
       "type": "object"
     },
-    "QuotaExceededInfo": {
-      "description": "Additional details for quota exceeded error for resource quota.",
-      "id": "QuotaExceededInfo",
+    "RegionInstanceGroupManagersResumeInstancesRequest": {
+      "id": "RegionInstanceGroupManagersResumeInstancesRequest",
       "properties": {
-        "dimensions": {
-          "additionalProperties": {
+        "instances": {
+          "description": "The URLs of one or more instances to resume. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
+          "items": {
             "type": "string"
           },
-          "description": "The map holding related quota dimensions.",
-          "type": "object"
-        },
-        "limit": {
-          "description": "Current effective quota limit. The limit's unit depends on the quota type or metric.",
-          "format": "double",
-          "type": "number"
-        },
-        "limitName": {
-          "description": "The name of the quota limit.",
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "RegionInstanceGroupManagersSetAutoHealingRequest": {
+      "id": "RegionInstanceGroupManagersSetAutoHealingRequest",
+      "properties": {
+        "autoHealingPolicies": {
+          "items": {
+            "$ref": "InstanceGroupManagerAutoHealingPolicy"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "RegionInstanceGroupManagersSetTargetPoolsRequest": {
+      "id": "RegionInstanceGroupManagersSetTargetPoolsRequest",
+      "properties": {
+        "fingerprint": {
+          "description": "Fingerprint of the target pools information, which is a hash of the contents. This field is used for optimistic locking when you update the target pool entries. This field is optional.",
+          "format": "byte",
           "type": "string"
         },
-        "metricName": {
-          "description": "The Compute Engine quota metric name.",
-          "type": "string"
+        "targetPools": {
+          "description": "The URL of all TargetPool resources to which instances in the instanceGroup field are added. The target pools automatically apply to all of the instances in the managed instance group.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "RbacPolicy": {
-      "id": "RbacPolicy",
+    "RegionInstanceGroupManagersSetTemplateRequest": {
+      "id": "RegionInstanceGroupManagersSetTemplateRequest",
       "properties": {
-        "name": {
-          "description": "Name of the RbacPolicy.",
+        "instanceTemplate": {
+          "description": "URL of the InstanceTemplate resource from which all new instances will be created.",
           "type": "string"
-        },
-        "permissions": {
-          "description": "The list of permissions.",
+        }
+      },
+      "type": "object"
+    },
+    "RegionInstanceGroupManagersStartInstancesRequest": {
+      "id": "RegionInstanceGroupManagersStartInstancesRequest",
+      "properties": {
+        "instances": {
+          "description": "The URLs of one or more instances to start. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
           "items": {
-            "$ref": "Permission"
+            "type": "string"
           },
           "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "RegionInstanceGroupManagersStopInstancesRequest": {
+      "id": "RegionInstanceGroupManagersStopInstancesRequest",
+      "properties": {
+        "forceStop": {
+          "description": "If this flag is set to true, the Instance Group Manager will proceed to stop the instances, skipping initialization on them.",
+          "type": "boolean"
         },
-        "principals": {
-          "description": "The list of principals.",
+        "instances": {
+          "description": "The URLs of one or more instances to stop. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
           "items": {
-            "$ref": "Principal"
+            "type": "string"
           },
           "type": "array"
         }
       },
       "type": "object"
     },
-    "Reference": {
-      "description": "Represents a reference to a resource.",
-      "id": "Reference",
+    "RegionInstanceGroupManagersSuspendInstancesRequest": {
+      "id": "RegionInstanceGroupManagersSuspendInstancesRequest",
       "properties": {
-        "kind": {
-          "default": "compute#reference",
-          "description": "[Output Only] Type of the resource. Always compute#reference for references.",
-          "type": "string"
-        },
-        "referenceType": {
-          "description": "A description of the reference type with no implied semantics. Possible values include: 1. MEMBER_OF ",
-          "type": "string"
-        },
-        "referrer": {
-          "description": "URL of the resource which refers to the target.",
-          "type": "string"
+        "forceSuspend": {
+          "description": "If this flag is set to true, the Instance Group Manager will proceed to suspend the instances, skipping initialization on them.",
+          "type": "boolean"
         },
-        "target": {
-          "description": "URL of the resource to which this reference points.",
-          "type": "string"
+        "instances": {
+          "description": "The URLs of one or more instances to suspend. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "Region": {
-      "description": "Represents a Region resource. A region is a geographical area where a resource is located. For more information, read Regions and Zones.",
-      "id": "Region",
+    "RegionInstanceGroupsListInstances": {
+      "id": "RegionInstanceGroupsListInstances",
       "properties": {
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
-          "type": "string"
-        },
-        "deprecated": {
-          "$ref": "DeprecationStatus",
-          "description": "[Output Only] The deprecation status associated with this region."
-        },
-        "description": {
-          "description": "[Output Only] Textual description of the resource.",
-          "type": "string"
-        },
         "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "kind": {
-          "default": "compute#region",
-          "description": "[Output Only] Type of the resource. Always compute#region for regions.",
-          "type": "string"
-        },
-        "name": {
-          "description": "[Output Only] Name of the resource.",
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
-        "quotas": {
-          "description": "[Output Only] Quotas assigned to this region.",
+        "items": {
+          "description": "A list of InstanceWithNamedPorts resources.",
           "items": {
-            "$ref": "Quota"
+            "$ref": "InstanceWithNamedPorts"
           },
           "type": "array"
         },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
+        "kind": {
+          "default": "compute#regionInstanceGroupsListInstances",
+          "description": "The resource type.",
           "type": "string"
         },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
           "type": "string"
         },
-        "status": {
-          "description": "[Output Only] Status of the region, either UP or DOWN.",
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
+        "warning": {
+          "description": "[Output Only] Informational warning message.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "RegionInstanceGroupsListInstancesRequest": {
+      "id": "RegionInstanceGroupsListInstancesRequest",
+      "properties": {
+        "instanceState": {
+          "description": "Instances in which state should be returned. Valid options are: 'ALL', 'RUNNING'. By default, it lists all instances.",
           "enum": [
-            "DOWN",
-            "UP"
+            "ALL",
+            "RUNNING"
           ],
           "enumDescriptions": [
-            "",
-            ""
+            "Matches any status of the instances, running, non-running and others.",
+            "Instance is in RUNNING state if it is running."
           ],
           "type": "string"
         },
-        "supportsPzs": {
-          "description": "[Output Only] Reserved for future use.",
-          "type": "boolean"
+        "portName": {
+          "description": "Name of port user is interested in. It is optional. If it is set, only information about this ports will be returned. If it is not set, all the named ports will be returned. Always lists all instances.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "RegionInstanceGroupsSetNamedPortsRequest": {
+      "id": "RegionInstanceGroupsSetNamedPortsRequest",
+      "properties": {
+        "fingerprint": {
+          "description": "The fingerprint of the named ports information for this instance group. Use this optional property to prevent conflicts when multiple users change the named ports settings concurrently. Obtain the fingerprint with the instanceGroups.get method. Then, include the fingerprint in your request to ensure that you do not overwrite changes that were applied from another concurrent request.",
+          "format": "byte",
+          "type": "string"
         },
-        "zones": {
-          "description": "[Output Only] A list of zones available in this region, in the form of resource URLs.",
+        "namedPorts": {
+          "description": "The list of named ports to set for this instance group.",
           "items": {
-            "type": "string"
+            "$ref": "NamedPort"
           },
           "type": "array"
         }
       },
       "type": "object"
     },
-    "RegionAddressesMoveRequest": {
-      "id": "RegionAddressesMoveRequest",
+    "RegionInstantSnapshotsExportRequest": {
+      "id": "RegionInstantSnapshotsExportRequest",
       "properties": {
-        "description": {
-          "description": "An optional destination address description if intended to be different from the source.",
-          "type": "string"
-        },
-        "destinationAddress": {
-          "description": "The URL of the destination address to move to. This can be a full or partial URL. For example, the following are all valid URLs to a address: - https://www.googleapis.com/compute/v1/projects/project/regions/region /addresses/address - projects/project/regions/region/addresses/address Note that destination project must be different from the source project. So /regions/region/addresses/address is not valid partial url.",
-          "type": "string"
+        "exportParams": {
+          "$ref": "InstantSnapshotExportParams",
+          "description": "Parameters to export the changed blocks."
         }
       },
       "type": "object"
     },
-    "RegionAutoscalerList": {
-      "description": "Contains a list of autoscalers.",
-      "id": "RegionAutoscalerList",
+    "RegionList": {
+      "description": "Contains a list of region resources.",
+      "id": "RegionList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of Autoscaler resources.",
+          "description": "A list of Region resources.",
           "items": {
-            "$ref": "Autoscaler"
+            "$ref": "Region"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#regionAutoscalerList",
-          "description": "Type of resource.",
+          "default": "compute#regionList",
+          "description": "[Output Only] Type of resource. Always compute#regionList for lists of regions.",
           "type": "string"
         },
         "nextPageToken": {
@@ -68626,6 +76243,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -68644,6 +76262,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -68655,6 +76303,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -68702,36 +76351,328 @@
       },
       "type": "object"
     },
-    "RegionCommitmentsUpdateReservationsRequest": {
-      "id": "RegionCommitmentsUpdateReservationsRequest",
+    "RegionNetworkEndpointGroupsAttachEndpointsRequest": {
+      "id": "RegionNetworkEndpointGroupsAttachEndpointsRequest",
+      "properties": {
+        "networkEndpoints": {
+          "description": "The list of network endpoints to be attached.",
+          "items": {
+            "$ref": "NetworkEndpoint"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "RegionNetworkEndpointGroupsDetachEndpointsRequest": {
+      "id": "RegionNetworkEndpointGroupsDetachEndpointsRequest",
+      "properties": {
+        "networkEndpoints": {
+          "description": "The list of network endpoints to be detached.",
+          "items": {
+            "$ref": "NetworkEndpoint"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "RegionNetworkFirewallPoliciesGetEffectiveFirewallsResponse": {
+      "id": "RegionNetworkFirewallPoliciesGetEffectiveFirewallsResponse",
+      "properties": {
+        "firewallPolicys": {
+          "description": "Effective firewalls from firewall policy.",
+          "items": {
+            "$ref": "RegionNetworkFirewallPoliciesGetEffectiveFirewallsResponseEffectiveFirewallPolicy"
+          },
+          "type": "array"
+        },
+        "firewalls": {
+          "description": "Effective firewalls on the network.",
+          "items": {
+            "$ref": "Firewall"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "RegionNetworkFirewallPoliciesGetEffectiveFirewallsResponseEffectiveFirewallPolicy": {
+      "id": "RegionNetworkFirewallPoliciesGetEffectiveFirewallsResponseEffectiveFirewallPolicy",
+      "properties": {
+        "displayName": {
+          "description": "[Output Only] The display name of the firewall policy.",
+          "type": "string"
+        },
+        "name": {
+          "description": "[Output Only] The name of the firewall policy.",
+          "type": "string"
+        },
+        "rules": {
+          "description": "The rules that apply to the network.",
+          "items": {
+            "$ref": "FirewallPolicyRule"
+          },
+          "type": "array"
+        },
+        "type": {
+          "description": "[Output Only] The type of the firewall policy. Can be one of HIERARCHY, NETWORK, NETWORK_REGIONAL.",
+          "enum": [
+            "HIERARCHY",
+            "NETWORK",
+            "NETWORK_REGIONAL",
+            "UNSPECIFIED"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "RegionSetLabelsRequest": {
+      "id": "RegionSetLabelsRequest",
+      "properties": {
+        "labelFingerprint": {
+          "description": "The fingerprint of the previous set of labels for this resource, used to detect conflicts. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels. Make a get() request to the resource to get the latest fingerprint.",
+          "format": "byte",
+          "type": "string"
+        },
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "The labels to set for this resource.",
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "RegionSetPolicyRequest": {
+      "id": "RegionSetPolicyRequest",
+      "properties": {
+        "bindings": {
+          "description": "Flatten Policy to create a backwacd compatible wire-format. Deprecated. Use 'policy' to specify bindings.",
+          "items": {
+            "$ref": "Binding"
+          },
+          "type": "array"
+        },
+        "etag": {
+          "description": "Flatten Policy to create a backward compatible wire-format. Deprecated. Use 'policy' to specify the etag.",
+          "format": "byte",
+          "type": "string"
+        },
+        "policy": {
+          "$ref": "Policy",
+          "description": "REQUIRED: The complete policy to be applied to the 'resource'. The size of the policy is limited to a few 10s of KB. An empty policy is in general a valid policy but certain services (like Projects) might reject them."
+        }
+      },
+      "type": "object"
+    },
+    "RegionTargetHttpsProxiesSetSslCertificatesRequest": {
+      "id": "RegionTargetHttpsProxiesSetSslCertificatesRequest",
+      "properties": {
+        "sslCertificates": {
+          "description": "New set of SslCertificate resources to associate with this TargetHttpsProxy resource.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "RegionUrlMapsValidateRequest": {
+      "id": "RegionUrlMapsValidateRequest",
+      "properties": {
+        "resource": {
+          "$ref": "UrlMap",
+          "description": "Content of the UrlMap to be validated."
+        }
+      },
+      "type": "object"
+    },
+    "RequestMirrorPolicy": {
+      "description": "A policy that specifies how requests intended for the route's backends are shadowed to a separate mirrored backend service. The load balancer doesn't wait for responses from the shadow service. Before sending traffic to the shadow service, the host or authority header is suffixed with -shadow.",
+      "id": "RequestMirrorPolicy",
+      "properties": {
+        "backendService": {
+          "description": "The full or partial URL to the BackendService resource being mirrored to. The backend service configured for a mirroring policy must reference backends that are of the same type as the original backend service matched in the URL map. Serverless NEG backends are not currently supported as a mirrored backend service. ",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "Reservation": {
+      "description": "Represents a reservation resource. A reservation ensures that capacity is held in a specific zone even if the reserved VMs are not running. For more information, read Reserving zonal resources.",
+      "id": "Reservation",
+      "properties": {
+        "aggregateReservation": {
+          "$ref": "AllocationAggregateReservation",
+          "description": "Reservation for aggregated resources, providing shape flexibility."
+        },
+        "commitment": {
+          "description": "[Output Only] Full or partial URL to a parent commitment. This field displays for reservations that are tied to a commitment.",
+          "type": "string"
+        },
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
+        },
+        "deleteAfterDuration": {
+          "$ref": "Duration",
+          "description": "Duration time relative to reservation creation when GCE will automatically delete this resource."
+        },
+        "deleteAtTime": {
+          "description": "Absolute time in future when the reservation will be auto-deleted by GCE. Timestamp is represented in RFC3339 text format.",
+          "type": "string"
+        },
+        "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
+          "type": "string"
+        },
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "kind": {
+          "default": "compute#reservation",
+          "description": "[Output Only] Type of the resource. Always compute#reservations for reservations.",
+          "type": "string"
+        },
+        "name": {
+          "annotations": {
+            "required": [
+              "compute.instances.insert"
+            ]
+          },
+          "description": "The name of the resource, provided by the client when initially creating the resource. The resource name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "resourcePolicies": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Resource policies to be added to this reservation. The key is defined by user, and the value is resource policy url. This is to define placement policy with reservation.",
+          "type": "object"
+        },
+        "resourceStatus": {
+          "$ref": "AllocationResourceStatus",
+          "description": "[Output Only] Status information for Reservation resource."
+        },
+        "satisfiesPzs": {
+          "description": "[Output Only] Reserved for future use.",
+          "type": "boolean"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined fully-qualified URL for this resource.",
+          "type": "string"
+        },
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "type": "string"
+        },
+        "shareSettings": {
+          "$ref": "ShareSettings",
+          "description": "Specify share-settings to create a shared reservation. This property is optional. For more information about the syntax and options for this field and its subfields, see the guide for creating a shared reservation."
+        },
+        "specificReservation": {
+          "$ref": "AllocationSpecificSKUReservation",
+          "description": "Reservation for instances with specific machine shapes."
+        },
+        "specificReservationRequired": {
+          "description": "Indicates whether the reservation can be consumed by VMs with affinity for \"any\" reservation. If the field is set, then only VMs that target the reservation by name can consume from this reservation.",
+          "type": "boolean"
+        },
+        "status": {
+          "description": "[Output Only] The status of the reservation.",
+          "enum": [
+            "CREATING",
+            "DELETING",
+            "INVALID",
+            "READY",
+            "UPDATING"
+          ],
+          "enumDescriptions": [
+            "Resources are being allocated for the reservation.",
+            "Reservation is currently being deleted.",
+            "",
+            "Reservation has allocated all its resources.",
+            "Reservation is currently being resized."
+          ],
+          "type": "string"
+        },
+        "zone": {
+          "description": "Zone in which the reservation resides. A zone must be provided if the reservation is created within a commitment.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ReservationAffinity": {
+      "description": "Specifies the reservations that this instance can consume from.",
+      "id": "ReservationAffinity",
       "properties": {
-        "reservations": {
-          "description": "A list of two reservations to transfer GPUs and local SSD between.",
+        "consumeReservationType": {
+          "description": "Specifies the type of reservation from which this instance can consume resources: ANY_RESERVATION (default), SPECIFIC_RESERVATION, or NO_RESERVATION. See Consuming reserved instances for examples.",
+          "enum": [
+            "ANY_RESERVATION",
+            "NO_RESERVATION",
+            "SPECIFIC_RESERVATION",
+            "SPECIFIC_THEN_ANY_RESERVATION",
+            "SPECIFIC_THEN_NO_RESERVATION",
+            "UNSPECIFIED"
+          ],
+          "enumDescriptions": [
+            "Consume any allocation available.",
+            "Do not consume from any allocated capacity.",
+            "Must consume from a specific reservation. Must specify key value fields for specifying the reservations.",
+            "Prefer to consume from a specific reservation, but still consume any reservation available if the specified reservation is not available or exhausted. Must specify key value fields for specifying the reservations.",
+            "Prefer to consume from a specific reservation, but still consume from the on-demand pool if the specified reservation is exhausted. Must specify key value fields for specifying the reservations.",
+            ""
+          ],
+          "type": "string"
+        },
+        "key": {
+          "description": "Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify googleapis.com/reservation-name as the key and specify the name of your reservation as its value.",
+          "type": "string"
+        },
+        "values": {
+          "description": "Corresponds to the label values of a reservation resource. This can be either a name to a reservation in the same project or \"projects/different-project/reservations/some-reservation-name\" to target a shared reservation in the same zone but in a different project.",
           "items": {
-            "$ref": "Reservation"
+            "type": "string"
           },
           "type": "array"
         }
       },
       "type": "object"
     },
-    "RegionDiskTypeList": {
-      "id": "RegionDiskTypeList",
+    "ReservationAggregatedList": {
+      "description": "Contains a list of reservations.",
+      "id": "ReservationAggregatedList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of DiskType resources.",
-          "items": {
-            "$ref": "DiskType"
+          "additionalProperties": {
+            "$ref": "ReservationsScopedList",
+            "description": "Name of the scope containing this set of reservations."
           },
-          "type": "array"
+          "description": "A list of Allocation resources.",
+          "type": "object"
         },
         "kind": {
-          "default": "compute#regionDiskTypeList",
-          "description": "[Output Only] Type of resource. Always compute#regionDiskTypeList for region disk types.",
+          "default": "compute#reservationAggregatedList",
+          "description": "Type of resource.",
           "type": "string"
         },
         "nextPageToken": {
@@ -68742,6 +76683,13 @@
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -68758,6 +76706,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -68776,6 +76725,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -68787,6 +76766,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -68834,81 +76814,23 @@
       },
       "type": "object"
     },
-    "RegionDisksAddResourcePoliciesRequest": {
-      "id": "RegionDisksAddResourcePoliciesRequest",
-      "properties": {
-        "resourcePolicies": {
-          "description": "Resource policies to be added to this disk.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "RegionDisksRemoveResourcePoliciesRequest": {
-      "id": "RegionDisksRemoveResourcePoliciesRequest",
-      "properties": {
-        "resourcePolicies": {
-          "description": "Resource policies to be removed from this disk.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "RegionDisksResizeRequest": {
-      "id": "RegionDisksResizeRequest",
-      "properties": {
-        "sizeGb": {
-          "description": "The new size of the regional persistent disk, which is specified in GB.",
-          "format": "int64",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "RegionDisksStartAsyncReplicationRequest": {
-      "id": "RegionDisksStartAsyncReplicationRequest",
-      "properties": {
-        "asyncSecondaryDisk": {
-          "description": "The secondary disk to start asynchronous replication to. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - https://www.googleapis.com/compute/v1/projects/project/regions/region /disks/disk - projects/project/zones/zone/disks/disk - projects/project/regions/region/disks/disk - zones/zone/disks/disk - regions/region/disks/disk ",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "RegionDisksStopAsyncReplicationRequest": {
-      "id": "RegionDisksStopAsyncReplicationRequest",
-      "properties": {
-        "asyncSecondaryDisk": {
-          "description": "[Deprecated] The secondary disk to stop asynchronous replication to. This field will not be included in the beta or v1 APIs and will be removed from the alpha API in the near future.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "RegionInstanceGroupList": {
-      "description": "Contains a list of InstanceGroup resources.",
-      "id": "RegionInstanceGroupList",
+    "ReservationList": {
+      "id": "ReservationList",
       "properties": {
         "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of InstanceGroup resources.",
+          "description": "[Output Only] A list of Allocation resources.",
           "items": {
-            "$ref": "InstanceGroup"
+            "$ref": "Reservation"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#regionInstanceGroupList",
-          "description": "The resource type.",
+          "default": "compute#reservationList",
+          "description": "[Output Only] Type of resource.Always compute#reservationsList for listsof reservations",
           "type": "string"
         },
         "nextPageToken": {
@@ -68935,6 +76857,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -68953,6 +76876,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -68964,6 +76917,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -69011,50 +76965,29 @@
       },
       "type": "object"
     },
-    "RegionInstanceGroupManagerDeleteInstanceConfigReq": {
-      "description": "RegionInstanceGroupManagers.deletePerInstanceConfigs",
-      "id": "RegionInstanceGroupManagerDeleteInstanceConfigReq",
+    "ReservationsResizeRequest": {
+      "id": "ReservationsResizeRequest",
       "properties": {
-        "names": {
-          "description": "The list of instance names for which we want to delete per-instance configs on this managed instance group.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "specificSkuCount": {
+          "description": "Number of allocated resources can be resized with minimum = 1 and maximum = 1000.",
+          "format": "int64",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "RegionInstanceGroupManagerList": {
-      "description": "Contains a list of managed instance groups.",
-      "id": "RegionInstanceGroupManagerList",
+    "ReservationsScopedList": {
+      "id": "ReservationsScopedList",
       "properties": {
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
-          "type": "string"
-        },
-        "items": {
-          "description": "A list of InstanceGroupManager resources.",
+        "reservations": {
+          "description": "A list of reservations contained in this scope.",
           "items": {
-            "$ref": "InstanceGroupManager"
+            "$ref": "Reservation"
           },
           "type": "array"
         },
-        "kind": {
-          "default": "compute#regionInstanceGroupManagerList",
-          "description": "[Output Only] The resource type, which is always compute#instanceGroupManagerList for a list of managed instance groups that exist in th regional scope.",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
-          "type": "string"
-        },
         "warning": {
-          "description": "[Output Only] Informational warning message.",
+          "description": "Informational warning which replaces the list of reservations when the list is empty.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -69069,6 +77002,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -69087,6 +77021,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -69098,6 +77062,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -69145,181 +77110,62 @@
       },
       "type": "object"
     },
-    "RegionInstanceGroupManagerPatchInstanceConfigReq": {
-      "description": "RegionInstanceGroupManagers.patchPerInstanceConfigs",
-      "id": "RegionInstanceGroupManagerPatchInstanceConfigReq",
-      "properties": {
-        "perInstanceConfigs": {
-          "description": "The list of per-instance configurations to insert or patch on this managed instance group.",
-          "items": {
-            "$ref": "PerInstanceConfig"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "RegionInstanceGroupManagerUpdateInstanceConfigReq": {
-      "description": "RegionInstanceGroupManagers.updatePerInstanceConfigs",
-      "id": "RegionInstanceGroupManagerUpdateInstanceConfigReq",
-      "properties": {
-        "perInstanceConfigs": {
-          "description": "The list of per-instance configurations to insert or patch on this managed instance group.",
-          "items": {
-            "$ref": "PerInstanceConfig"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "RegionInstanceGroupManagersAbandonInstancesRequest": {
-      "id": "RegionInstanceGroupManagersAbandonInstancesRequest",
-      "properties": {
-        "instances": {
-          "description": "The URLs of one or more instances to abandon. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "RegionInstanceGroupManagersApplyUpdatesRequest": {
-      "description": "RegionInstanceGroupManagers.applyUpdatesToInstances",
-      "id": "RegionInstanceGroupManagersApplyUpdatesRequest",
+    "ResourceCommitment": {
+      "description": "Commitment for a particular resource (a Commitment is composed of one or more of these).",
+      "id": "ResourceCommitment",
       "properties": {
-        "allInstances": {
-          "description": "Flag to update all instances instead of specified list of “instances”. If the flag is set to true then the instances may not be specified in the request.",
-          "type": "boolean"
-        },
-        "instances": {
-          "description": "The list of URLs of one or more instances for which you want to apply updates. Each URL can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "maximalAction": {
-          "description": "The maximal action that should be performed on the instances. By default REPLACE. This field is deprecated, please use most_disruptive_allowed_action.",
-          "enum": [
-            "NONE",
-            "REFRESH",
-            "REPLACE",
-            "RESTART"
-          ],
-          "enumDescriptions": [
-            "Do not perform any action.",
-            "Updates applied in runtime, instances will not be disrupted.",
-            "Old instances will be deleted. New instances will be created from the target template.",
-            "Every instance will be restarted."
-          ],
+        "acceleratorType": {
+          "description": "Name of the accelerator type resource. Applicable only when the type is ACCELERATOR.",
           "type": "string"
         },
-        "minimalAction": {
-          "description": "The minimal action that you want to perform on each instance during the update: - REPLACE: At minimum, delete the instance and create it again. - RESTART: Stop the instance and start it again. - REFRESH: Do not stop the instance. - NONE: Do not disrupt the instance at all. By default, the minimum action is NONE. If your update requires a more disruptive action than you set with this flag, the necessary action is performed to execute the update.",
-          "enum": [
-            "NONE",
-            "REFRESH",
-            "REPLACE",
-            "RESTART"
-          ],
-          "enumDescriptions": [
-            "Do not perform any action.",
-            "Updates applied in runtime, instances will not be disrupted.",
-            "Old instances will be deleted. New instances will be created from the target template.",
-            "Every instance will be restarted."
-          ],
+        "amount": {
+          "description": "The amount of the resource purchased (in a type-dependent unit, such as bytes). For vCPUs, this can just be an integer. For memory, this must be provided in MB. Memory must be a multiple of 256 MB, with up to 6.5GB of memory per every vCPU.",
+          "format": "int64",
           "type": "string"
         },
-        "mostDisruptiveAllowedAction": {
-          "description": "The most disruptive action that you want to perform on each instance during the update: - REPLACE: Delete the instance and create it again. - RESTART: Stop the instance and start it again. - REFRESH: Do not stop the instance. - NONE: Do not disrupt the instance at all. By default, the most disruptive allowed action is REPLACE. If your update requires a more disruptive action than you set with this flag, the update request will fail.",
+        "type": {
+          "description": "Type of resource for which this commitment applies. Possible values are VCPU, MEMORY, LOCAL_SSD, and ACCELERATOR.",
           "enum": [
-            "NONE",
-            "REFRESH",
-            "REPLACE",
-            "RESTART"
+            "ACCELERATOR",
+            "LOCAL_SSD",
+            "MEMORY",
+            "UNSPECIFIED",
+            "VCPU"
           ],
           "enumDescriptions": [
-            "Do not perform any action.",
-            "Updates applied in runtime, instances will not be disrupted.",
-            "Old instances will be deleted. New instances will be created from the target template.",
-            "Every instance will be restarted."
+            "",
+            "",
+            "",
+            "",
+            ""
           ],
           "type": "string"
         }
       },
       "type": "object"
     },
-    "RegionInstanceGroupManagersCreateInstancesRequest": {
-      "description": "RegionInstanceGroupManagers.createInstances",
-      "id": "RegionInstanceGroupManagersCreateInstancesRequest",
-      "properties": {
-        "instances": {
-          "description": "[Required] List of specifications of per-instance configs.",
-          "items": {
-            "$ref": "PerInstanceConfig"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "RegionInstanceGroupManagersDeleteInstancesRequest": {
-      "id": "RegionInstanceGroupManagersDeleteInstancesRequest",
-      "properties": {
-        "instances": {
-          "description": "The URLs of one or more instances to delete. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "skipInapplicableInstances": {
-          "description": "Skip instances which cannot be deleted (instances not belonging to this managed group, already being deleted or being abandoned). If `false`, fail whole flow, if such instance is passed. DEPRECATED: Use skip_instances_on_validation_error instead.",
-          "type": "boolean"
-        },
-        "skipInstancesOnValidationError": {
-          "description": "Specifies whether the request should proceed despite the inclusion of instances that are not members of the group or that are already in the process of being deleted or abandoned. If this field is set to `false` and such an instance is specified in the request, the operation fails. The operation always fails if the request contains a malformed instance URL or a reference to an instance that exists in a zone or region other than the group's zone or region.",
-          "type": "boolean"
-        }
-      },
-      "type": "object"
-    },
-    "RegionInstanceGroupManagersListErrorsResponse": {
-      "id": "RegionInstanceGroupManagersListErrorsResponse",
+    "ResourceGroupReference": {
+      "id": "ResourceGroupReference",
       "properties": {
-        "items": {
-          "description": "[Output Only] The list of errors of the managed instance group.",
-          "items": {
-            "$ref": "InstanceManagedByIgmError"
-          },
-          "type": "array"
-        },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+        "group": {
+          "description": "A URI referencing one of the instance groups or network endpoint groups listed in the backend service.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "RegionInstanceGroupManagersListInstanceConfigsResp": {
-      "id": "RegionInstanceGroupManagersListInstanceConfigsResp",
+    "ResourcePoliciesScopedList": {
+      "id": "ResourcePoliciesScopedList",
       "properties": {
-        "items": {
-          "description": "[Output Only] The list of PerInstanceConfig.",
+        "resourcePolicies": {
+          "description": "A list of resourcePolicies contained in this scope.",
           "items": {
-            "$ref": "PerInstanceConfig"
+            "$ref": "ResourcePolicy"
           },
           "type": "array"
         },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
-          "type": "string"
-        },
         "warning": {
-          "description": "[Output Only] Informational warning message.",
+          "description": "Informational warning which replaces the list of resourcePolicies when the list is empty.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -69334,6 +77180,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -69352,6 +77199,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -69363,6 +77240,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -69410,168 +77288,115 @@
       },
       "type": "object"
     },
-    "RegionInstanceGroupManagersListInstancesResponse": {
-      "id": "RegionInstanceGroupManagersListInstancesResponse",
+    "ResourcePolicy": {
+      "description": "Represents a Resource Policy resource. You can use resource policies to schedule actions for some Compute Engine resources. For example, you can use them to schedule persistent disk snapshots.",
+      "id": "ResourcePolicy",
       "properties": {
-        "managedInstances": {
-          "description": "A list of managed instances.",
-          "items": {
-            "$ref": "ManagedInstance"
-          },
-          "type": "array"
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
         },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+        "description": {
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "RegionInstanceGroupManagersRecreateRequest": {
-      "id": "RegionInstanceGroupManagersRecreateRequest",
-      "properties": {
-        "instances": {
-          "description": "The URLs of one or more instances to recreate. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "RegionInstanceGroupManagersResizeAdvancedRequest": {
-      "id": "RegionInstanceGroupManagersResizeAdvancedRequest",
-      "properties": {
-        "noCreationRetries": {
-          "description": "If this flag is true, the managed instance group attempts to create all instances initiated by this resize request only once. If there is an error during creation, the managed instance group does not retry create this instance, and we will decrease the targetSize of the request instead. If the flag is false, the group attempts to recreate each instance continuously until it succeeds. This flag matters only in the first attempt of creation of an instance. After an instance is successfully created while this flag is enabled, the instance behaves the same way as all the other instances created with a regular resize request. In particular, if a running instance dies unexpectedly at a later time and needs to be recreated, this mode does not affect the recreation behavior in that scenario. This flag is applicable only to the current resize request. It does not influence other resize requests in any way. You can see which instances ar being created in which mode by calling the get or listManagedInstances API.",
-          "type": "boolean"
         },
-        "targetSize": {
-          "description": "The number of running instances that the managed instance group should maintain at any given time. The group automatically adds or removes instances to maintain the number of instances specified by this parameter.",
-          "format": "int32",
-          "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "RegionInstanceGroupManagersResumeInstancesRequest": {
-      "id": "RegionInstanceGroupManagersResumeInstancesRequest",
-      "properties": {
-        "instances": {
-          "description": "The URLs of one or more instances to resume. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "RegionInstanceGroupManagersSetAutoHealingRequest": {
-      "id": "RegionInstanceGroupManagersSetAutoHealingRequest",
-      "properties": {
-        "autoHealingPolicies": {
-          "items": {
-            "$ref": "InstanceGroupManagerAutoHealingPolicy"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "RegionInstanceGroupManagersSetTargetPoolsRequest": {
-      "id": "RegionInstanceGroupManagersSetTargetPoolsRequest",
-      "properties": {
-        "fingerprint": {
-          "description": "Fingerprint of the target pools information, which is a hash of the contents. This field is used for optimistic locking when you update the target pool entries. This field is optional.",
-          "format": "byte",
+        "diskConsistencyGroupPolicy": {
+          "$ref": "ResourcePolicyDiskConsistencyGroupPolicy",
+          "description": "Resource policy for disk consistency groups."
+        },
+        "groupPlacementPolicy": {
+          "$ref": "ResourcePolicyGroupPlacementPolicy",
+          "description": "Resource policy for instances for placement configuration."
+        },
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
           "type": "string"
         },
-        "targetPools": {
-          "description": "The URL of all TargetPool resources to which instances in the instanceGroup field are added. The target pools automatically apply to all of the instances in the managed instance group.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "RegionInstanceGroupManagersSetTemplateRequest": {
-      "id": "RegionInstanceGroupManagersSetTemplateRequest",
-      "properties": {
-        "instanceTemplate": {
-          "description": "URL of the InstanceTemplate resource from which all new instances will be created.",
+        "instanceSchedulePolicy": {
+          "$ref": "ResourcePolicyInstanceSchedulePolicy",
+          "description": "Resource policy for scheduling instance operations."
+        },
+        "kind": {
+          "default": "compute#resourcePolicy",
+          "description": "[Output Only] Type of the resource. Always compute#resource_policies for resource policies.",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "RegionInstanceGroupManagersStartInstancesRequest": {
-      "id": "RegionInstanceGroupManagersStartInstancesRequest",
-      "properties": {
-        "instances": {
-          "description": "The URLs of one or more instances to start. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
-          "items": {
-            "type": "string"
+        },
+        "name": {
+          "annotations": {
+            "required": [
+              "compute.instances.insert"
+            ]
           },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "RegionInstanceGroupManagersStopInstancesRequest": {
-      "id": "RegionInstanceGroupManagersStopInstancesRequest",
-      "properties": {
-        "forceStop": {
-          "description": "If this flag is set to true, the Instance Group Manager will proceed to stop the instances, skipping initialization on them.",
-          "type": "boolean"
+          "description": "The name of the resource, provided by the client when initially creating the resource. The resource name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "region": {
+          "type": "string"
+        },
+        "resourceStatus": {
+          "$ref": "ResourcePolicyResourceStatus",
+          "description": "[Output Only] The system status of the resource policy."
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined fully-qualified URL for this resource.",
+          "type": "string"
+        },
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "type": "string"
+        },
+        "snapshotSchedulePolicy": {
+          "$ref": "ResourcePolicySnapshotSchedulePolicy",
+          "description": "Resource policy for persistent disks for creating snapshots."
         },
-        "instances": {
-          "description": "The URLs of one or more instances to stop. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "RegionInstanceGroupManagersSuspendInstancesRequest": {
-      "id": "RegionInstanceGroupManagersSuspendInstancesRequest",
-      "properties": {
-        "forceSuspend": {
-          "description": "If this flag is set to true, the Instance Group Manager will proceed to suspend the instances, skipping initialization on them.",
-          "type": "boolean"
+        "status": {
+          "description": "[Output Only] The status of resource policy creation.",
+          "enum": [
+            "CREATING",
+            "DELETING",
+            "EXPIRED",
+            "INVALID",
+            "READY"
+          ],
+          "enumDescriptions": [
+            "Resource policy is being created.",
+            "Resource policy is being deleted.",
+            "Resource policy is expired and will not run again.",
+            "",
+            "Resource policy is ready to be used."
+          ],
+          "type": "string"
         },
-        "instances": {
-          "description": "The URLs of one or more instances to suspend. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "vmMaintenancePolicy": {
+          "$ref": "ResourcePolicyVmMaintenancePolicy",
+          "description": "Resource policy applicable to VMs for infrastructure maintenance."
         }
       },
       "type": "object"
     },
-    "RegionInstanceGroupsListInstances": {
-      "id": "RegionInstanceGroupsListInstances",
+    "ResourcePolicyAggregatedList": {
+      "description": "Contains a list of resourcePolicies.",
+      "id": "ResourcePolicyAggregatedList",
       "properties": {
+        "etag": {
+          "type": "string"
+        },
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of InstanceWithNamedPorts resources.",
-          "items": {
-            "$ref": "InstanceWithNamedPorts"
+          "additionalProperties": {
+            "$ref": "ResourcePoliciesScopedList",
+            "description": "Name of the scope containing this set of resourcePolicies."
           },
-          "type": "array"
+          "description": "A list of ResourcePolicy resources.",
+          "type": "object"
         },
         "kind": {
-          "default": "compute#regionInstanceGroupsListInstances",
-          "description": "The resource type.",
+          "default": "compute#resourcePolicyAggregatedList",
+          "description": "Type of resource.",
           "type": "string"
         },
         "nextPageToken": {
@@ -69582,6 +77407,13 @@
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -69598,6 +77430,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -69616,6 +77449,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -69627,6 +77490,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -69674,75 +77538,190 @@
       },
       "type": "object"
     },
-    "RegionInstanceGroupsListInstancesRequest": {
-      "id": "RegionInstanceGroupsListInstancesRequest",
+    "ResourcePolicyDailyCycle": {
+      "description": "Time window specified for daily operations.",
+      "id": "ResourcePolicyDailyCycle",
       "properties": {
-        "instanceState": {
-          "description": "Instances in which state should be returned. Valid options are: 'ALL', 'RUNNING'. By default, it lists all instances.",
+        "daysInCycle": {
+          "description": "Defines a schedule with units measured in days. The value determines how many days pass between the start of each cycle.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "duration": {
+          "description": "[Output only] A predetermined duration for the window, automatically chosen to be the smallest possible in the given scenario.",
+          "type": "string"
+        },
+        "startTime": {
+          "description": "Start time of the window. This must be in UTC format that resolves to one of 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and 08:00 are valid.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ResourcePolicyDiskConsistencyGroupPolicy": {
+      "description": "Resource policy for disk consistency groups.",
+      "id": "ResourcePolicyDiskConsistencyGroupPolicy",
+      "properties": {},
+      "type": "object"
+    },
+    "ResourcePolicyGroupPlacementPolicy": {
+      "description": "A GroupPlacementPolicy specifies resource placement configuration. It specifies the failure bucket separation as well as network locality",
+      "id": "ResourcePolicyGroupPlacementPolicy",
+      "properties": {
+        "availabilityDomainCount": {
+          "description": "The number of availability domains to spread instances across. If two instances are in different availability domain, they are not in the same low latency network.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "collocation": {
+          "description": "Specifies network collocation",
           "enum": [
-            "ALL",
-            "RUNNING"
+            "CLUSTERED",
+            "COLLOCATED",
+            "UNSPECIFIED_COLLOCATION"
           ],
           "enumDescriptions": [
-            "Matches any status of the instances, running, non-running and others.",
-            "Instance is in RUNNING state if it is running."
+            "Specifies collocation option that provides tight collocation with minimum network latency.",
+            "",
+            ""
           ],
           "type": "string"
         },
-        "portName": {
-          "description": "Name of port user is interested in. It is optional. If it is set, only information about this ports will be returned. If it is not set, all the named ports will be returned. Always lists all instances.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+        "locality": {
+          "description": "Specifies network locality",
+          "enum": [
+            "BEST_EFFORT",
+            "STRICT",
+            "UNSPECIFIED_LOCALITY"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "maxDistance": {
+          "description": "Specifies the number of max logical switches.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "scope": {
+          "description": "Scope specifies the availability domain to which the VMs should be spread.",
+          "enum": [
+            "HOST",
+            "UNSPECIFIED_SCOPE"
+          ],
+          "enumDescriptions": [
+            "Specifies availability domain scope across hosts. VMs will be spread across different hosts.",
+            "VMs will be spread across different instrastructure to not share power, host and networking."
+          ],
+          "type": "string"
+        },
+        "style": {
+          "description": "Specifies instances to hosts placement relationship",
+          "enum": [
+            "COMPACT",
+            "FULLY_SPREAD",
+            "UNSPECIFIED_PLACEMENT_TYPE"
+          ],
+          "enumDescriptions": [
+            "VMs are placed without regard for shared hosts",
+            "VMs do not share the same hosts",
+            ""
+          ],
+          "type": "string"
+        },
+        "tpuTopology": {
+          "description": "Specifies the shape of the TPU slice",
           "type": "string"
+        },
+        "vmCount": {
+          "description": "Number of VMs in this placement group. Google does not recommend that you use this field unless you use a compact policy and you want your policy to work only if it contains this exact number of VMs.",
+          "format": "int32",
+          "type": "integer"
         }
       },
       "type": "object"
     },
-    "RegionInstanceGroupsSetNamedPortsRequest": {
-      "id": "RegionInstanceGroupsSetNamedPortsRequest",
+    "ResourcePolicyHourlyCycle": {
+      "description": "Time window specified for hourly operations.",
+      "id": "ResourcePolicyHourlyCycle",
       "properties": {
-        "fingerprint": {
-          "description": "The fingerprint of the named ports information for this instance group. Use this optional property to prevent conflicts when multiple users change the named ports settings concurrently. Obtain the fingerprint with the instanceGroups.get method. Then, include the fingerprint in your request to ensure that you do not overwrite changes that were applied from another concurrent request.",
-          "format": "byte",
+        "duration": {
+          "description": "[Output only] Duration of the time window, automatically chosen to be smallest possible in the given scenario.",
           "type": "string"
         },
-        "namedPorts": {
-          "description": "The list of named ports to set for this instance group.",
-          "items": {
-            "$ref": "NamedPort"
-          },
-          "type": "array"
+        "hoursInCycle": {
+          "description": "Defines a schedule with units measured in hours. The value determines how many hours pass between the start of each cycle.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "startTime": {
+          "description": "Time within the window to start the operations. It must be in format \"HH:MM\", where HH : [00-23] and MM : [00-00] GMT.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "RegionInstantSnapshotsExportRequest": {
-      "id": "RegionInstantSnapshotsExportRequest",
+    "ResourcePolicyInstanceSchedulePolicy": {
+      "description": "An InstanceSchedulePolicy specifies when and how frequent certain operations are performed on the instance.",
+      "id": "ResourcePolicyInstanceSchedulePolicy",
       "properties": {
-        "exportParams": {
-          "$ref": "InstantSnapshotExportParams",
-          "description": "Parameters to export the changed blocks."
+        "expirationTime": {
+          "description": "The expiration time of the schedule. The timestamp is an RFC3339 string.",
+          "type": "string"
+        },
+        "startTime": {
+          "description": "The start time of the schedule. The timestamp is an RFC3339 string.",
+          "type": "string"
+        },
+        "timeZone": {
+          "description": "Specifies the time zone to be used in interpreting Schedule.schedule. The value of this field must be a time zone name from the tz database: https://wikipedia.org/wiki/Tz_database.",
+          "type": "string"
+        },
+        "vmStartSchedule": {
+          "$ref": "ResourcePolicyInstanceSchedulePolicySchedule",
+          "description": "Specifies the schedule for starting instances."
+        },
+        "vmStopSchedule": {
+          "$ref": "ResourcePolicyInstanceSchedulePolicySchedule",
+          "description": "Specifies the schedule for stopping instances."
         }
       },
       "type": "object"
     },
-    "RegionList": {
-      "description": "Contains a list of region resources.",
-      "id": "RegionList",
+    "ResourcePolicyInstanceSchedulePolicySchedule": {
+      "description": "Schedule for an instance operation.",
+      "id": "ResourcePolicyInstanceSchedulePolicySchedule",
+      "properties": {
+        "schedule": {
+          "description": "Specifies the frequency for the operation, using the unix-cron format.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ResourcePolicyList": {
+      "id": "ResourcePolicyList",
       "properties": {
+        "etag": {
+          "type": "string"
+        },
         "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of Region resources.",
+          "description": "[Output Only] A list of ResourcePolicy resources.",
           "items": {
-            "$ref": "Region"
+            "$ref": "ResourcePolicy"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#regionList",
-          "description": "[Output Only] Type of resource. Always compute#regionList for lists of regions.",
+          "default": "compute#resourcePolicyList",
+          "description": "[Output Only] Type of resource.Always compute#resourcePoliciesList for listsof resourcePolicies",
           "type": "string"
         },
         "nextPageToken": {
@@ -69769,6 +77748,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -69787,6 +77767,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -69798,6 +77808,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -69845,80 +77856,81 @@
       },
       "type": "object"
     },
-    "RegionNetworkEndpointGroupsAttachEndpointsRequest": {
-      "id": "RegionNetworkEndpointGroupsAttachEndpointsRequest",
+    "ResourcePolicyResourceStatus": {
+      "description": "Contains output only fields. Use this sub-message for all output fields set on ResourcePolicy. The internal structure of this \"status\" field should mimic the structure of ResourcePolicy proto specification.",
+      "id": "ResourcePolicyResourceStatus",
       "properties": {
-        "networkEndpoints": {
-          "description": "The list of network endpoints to be attached.",
-          "items": {
-            "$ref": "NetworkEndpoint"
-          },
-          "type": "array"
+        "instanceSchedulePolicy": {
+          "$ref": "ResourcePolicyResourceStatusInstanceSchedulePolicyStatus",
+          "description": "[Output Only] Specifies a set of output values reffering to the instance_schedule_policy system status. This field should have the same name as corresponding policy field."
         }
       },
       "type": "object"
     },
-    "RegionNetworkEndpointGroupsDetachEndpointsRequest": {
-      "id": "RegionNetworkEndpointGroupsDetachEndpointsRequest",
+    "ResourcePolicyResourceStatusInstanceSchedulePolicyStatus": {
+      "id": "ResourcePolicyResourceStatusInstanceSchedulePolicyStatus",
       "properties": {
-        "networkEndpoints": {
-          "description": "The list of network endpoints to be detached.",
-          "items": {
-            "$ref": "NetworkEndpoint"
-          },
-          "type": "array"
+        "lastRunStartTime": {
+          "description": "[Output Only] The last time the schedule successfully ran. The timestamp is an RFC3339 string.",
+          "type": "string"
+        },
+        "nextRunStartTime": {
+          "description": "[Output Only] The next time the schedule is planned to run. The actual time might be slightly different. The timestamp is an RFC3339 string.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "RegionNetworkFirewallPoliciesGetEffectiveFirewallsResponse": {
-      "id": "RegionNetworkFirewallPoliciesGetEffectiveFirewallsResponse",
+    "ResourcePolicySnapshotSchedulePolicy": {
+      "description": "A snapshot schedule policy specifies when and how frequently snapshots are to be created for the target disk. Also specifies how many and how long these scheduled snapshots should be retained.",
+      "id": "ResourcePolicySnapshotSchedulePolicy",
       "properties": {
-        "firewallPolicys": {
-          "description": "Effective firewalls from firewall policy.",
-          "items": {
-            "$ref": "RegionNetworkFirewallPoliciesGetEffectiveFirewallsResponseEffectiveFirewallPolicy"
-          },
-          "type": "array"
+        "retentionPolicy": {
+          "$ref": "ResourcePolicySnapshotSchedulePolicyRetentionPolicy",
+          "description": "Retention policy applied to snapshots created by this resource policy."
         },
-        "firewalls": {
-          "description": "Effective firewalls on the network.",
-          "items": {
-            "$ref": "Firewall"
-          },
-          "type": "array"
+        "schedule": {
+          "$ref": "ResourcePolicySnapshotSchedulePolicySchedule",
+          "description": "A Vm Maintenance Policy specifies what kind of infrastructure maintenance we are allowed to perform on this VM and when. Schedule that is applied to disks covered by this policy."
+        },
+        "snapshotProperties": {
+          "$ref": "ResourcePolicySnapshotSchedulePolicySnapshotProperties",
+          "description": "Properties with which snapshots are created such as labels, encryption keys."
         }
       },
       "type": "object"
     },
-    "RegionNetworkFirewallPoliciesGetEffectiveFirewallsResponseEffectiveFirewallPolicy": {
-      "id": "RegionNetworkFirewallPoliciesGetEffectiveFirewallsResponseEffectiveFirewallPolicy",
+    "ResourcePolicySnapshotSchedulePolicyRetentionPolicy": {
+      "description": "Policy for retention of scheduled snapshots.",
+      "id": "ResourcePolicySnapshotSchedulePolicyRetentionPolicy",
       "properties": {
-        "displayName": {
-          "description": "[Output Only] The display name of the firewall policy.",
-          "type": "string"
+        "maxRetentionDays": {
+          "description": "Maximum age of the snapshot that is allowed to be kept.",
+          "format": "int32",
+          "type": "integer"
         },
-        "name": {
-          "description": "[Output Only] The name of the firewall policy.",
+        "onPolicySwitch": {
+          "deprecated": true,
+          "enum": [
+            "DO_NOT_RETROACTIVELY_APPLY",
+            "RETROACTIVELY_APPLY",
+            "UNSPECIFIED_ON_POLICY_SWITCH"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            ""
+          ],
           "type": "string"
         },
-        "rules": {
-          "description": "The rules that apply to the network.",
-          "items": {
-            "$ref": "FirewallPolicyRule"
-          },
-          "type": "array"
-        },
-        "type": {
-          "description": "[Output Only] The type of the firewall policy. Can be one of HIERARCHY, NETWORK, NETWORK_REGIONAL.",
+        "onSourceDiskDelete": {
+          "description": "Specifies the behavior to apply to scheduled snapshots when the source disk is deleted.",
           "enum": [
-            "HIERARCHY",
-            "NETWORK",
-            "NETWORK_REGIONAL",
-            "UNSPECIFIED"
+            "APPLY_RETENTION_POLICY",
+            "KEEP_AUTO_SNAPSHOTS",
+            "UNSPECIFIED_ON_SOURCE_DISK_DELETE"
           ],
           "enumDescriptions": [
-            "",
             "",
             "",
             ""
@@ -69928,98 +77940,260 @@
       },
       "type": "object"
     },
-    "RegionSetLabelsRequest": {
-      "id": "RegionSetLabelsRequest",
+    "ResourcePolicySnapshotSchedulePolicySchedule": {
+      "description": "A schedule for disks where the schedueled operations are performed.",
+      "id": "ResourcePolicySnapshotSchedulePolicySchedule",
       "properties": {
-        "labelFingerprint": {
-          "description": "The fingerprint of the previous set of labels for this resource, used to detect conflicts. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels. Make a get() request to the resource to get the latest fingerprint.",
-          "format": "byte",
+        "dailySchedule": {
+          "$ref": "ResourcePolicyDailyCycle"
+        },
+        "hourlySchedule": {
+          "$ref": "ResourcePolicyHourlyCycle"
+        },
+        "weeklySchedule": {
+          "$ref": "ResourcePolicyWeeklyCycle"
+        }
+      },
+      "type": "object"
+    },
+    "ResourcePolicySnapshotSchedulePolicySnapshotProperties": {
+      "description": "Specified snapshot properties for scheduled snapshots created by this policy.",
+      "id": "ResourcePolicySnapshotSchedulePolicySnapshotProperties",
+      "properties": {
+        "chainName": {
+          "description": "Chain name that the snapshot is created in.",
           "type": "string"
         },
+        "guestFlush": {
+          "description": "Indication to perform a 'guest aware' snapshot.",
+          "type": "boolean"
+        },
         "labels": {
           "additionalProperties": {
             "type": "string"
           },
-          "description": "The labels to set for this resource.",
+          "description": "Labels to apply to scheduled snapshots. These can be later modified by the setLabels method. Label values may be empty.",
           "type": "object"
+        },
+        "storageLocations": {
+          "description": "Cloud Storage bucket storage location of the auto snapshot (regional or multi-regional).",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "RegionSetPolicyRequest": {
-      "id": "RegionSetPolicyRequest",
+    "ResourcePolicyVmMaintenancePolicy": {
+      "id": "ResourcePolicyVmMaintenancePolicy",
       "properties": {
-        "bindings": {
-          "description": "Flatten Policy to create a backwacd compatible wire-format. Deprecated. Use 'policy' to specify bindings.",
+        "concurrencyControlGroup": {
+          "$ref": "ResourcePolicyVmMaintenancePolicyConcurrencyControl"
+        },
+        "maintenanceWindow": {
+          "$ref": "ResourcePolicyVmMaintenancePolicyMaintenanceWindow",
+          "description": "Maintenance windows that are applied to VMs covered by this policy."
+        }
+      },
+      "type": "object"
+    },
+    "ResourcePolicyVmMaintenancePolicyConcurrencyControl": {
+      "description": "A concurrency control configuration. Defines a group config that, when attached to an instance, recognizes that instance as part of a group of instances where only up the concurrency_limit of instances in that group can undergo simultaneous maintenance. For more information: go/concurrency-control-design-doc",
+      "id": "ResourcePolicyVmMaintenancePolicyConcurrencyControl",
+      "properties": {
+        "concurrencyLimit": {
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "ResourcePolicyVmMaintenancePolicyMaintenanceWindow": {
+      "description": "A maintenance window for VMs. When set, we restrict our maintenance operations to this window.",
+      "id": "ResourcePolicyVmMaintenancePolicyMaintenanceWindow",
+      "properties": {
+        "dailyMaintenanceWindow": {
+          "$ref": "ResourcePolicyDailyCycle"
+        }
+      },
+      "type": "object"
+    },
+    "ResourcePolicyWeeklyCycle": {
+      "description": "Time window specified for weekly operations.",
+      "id": "ResourcePolicyWeeklyCycle",
+      "properties": {
+        "dayOfWeeks": {
+          "description": "Up to 7 intervals/windows, one for each day of the week.",
           "items": {
-            "$ref": "Binding"
+            "$ref": "ResourcePolicyWeeklyCycleDayOfWeek"
           },
           "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "ResourcePolicyWeeklyCycleDayOfWeek": {
+      "id": "ResourcePolicyWeeklyCycleDayOfWeek",
+      "properties": {
+        "day": {
+          "description": "Defines a schedule that runs on specific days of the week. Specify one or more days. The following options are available: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY.",
+          "enum": [
+            "FRIDAY",
+            "INVALID",
+            "MONDAY",
+            "SATURDAY",
+            "SUNDAY",
+            "THURSDAY",
+            "TUESDAY",
+            "WEDNESDAY"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
         },
-        "etag": {
-          "description": "Flatten Policy to create a backward compatible wire-format. Deprecated. Use 'policy' to specify the etag.",
-          "format": "byte",
+        "duration": {
+          "description": "[Output only] Duration of the time window, automatically chosen to be smallest possible in the given scenario.",
+          "type": "string"
+        },
+        "startTime": {
+          "description": "Time within the window to start the operations. It must be in format \"HH:MM\", where HH : [00-23] and MM : [00-00] GMT.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ResourceStatus": {
+      "description": "Contains output only fields. Use this sub-message for actual values set on Instance attributes as compared to the value requested by the user (intent) in their instance CRUD calls.",
+      "id": "ResourceStatus",
+      "properties": {
+        "physicalHost": {
+          "description": "[Output Only] An opaque ID of the host on which the VM is running.",
           "type": "string"
         },
-        "policy": {
-          "$ref": "Policy",
-          "description": "REQUIRED: The complete policy to be applied to the 'resource'. The size of the policy is limited to a few 10s of KB. An empty policy is in general a valid policy but certain services (like Projects) might reject them."
+        "scheduling": {
+          "$ref": "ResourceStatusScheduling"
+        },
+        "serviceIntegrationStatuses": {
+          "additionalProperties": {
+            "$ref": "ResourceStatusServiceIntegrationStatus"
+          },
+          "description": "[Output Only] Represents the status of the service integration specs defined by the user in instance.serviceIntegrationSpecs.",
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "ResourceStatusScheduling": {
+      "id": "ResourceStatusScheduling",
+      "properties": {
+        "availabilityDomain": {
+          "description": "Specifies the availability domain (AD), which this instance should be scheduled on. The AD belongs to the spread GroupPlacementPolicy resource policy that has been assigned to the instance. Specify a value between 1-max count of availability domains in your GroupPlacementPolicy. See go/placement-policy-extension for more details.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "terminationTimestamp": {
+          "description": "Time in future when the instance will be terminated in RFC3339 text format.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "RegionTargetHttpsProxiesSetSslCertificatesRequest": {
-      "id": "RegionTargetHttpsProxiesSetSslCertificatesRequest",
+    "ResourceStatusServiceIntegrationStatus": {
+      "description": "Represents the status of integration between instance and another service. See go/gce-backupdr-design for more details.",
+      "id": "ResourceStatusServiceIntegrationStatus",
       "properties": {
-        "sslCertificates": {
-          "description": "New set of SslCertificate resources to associate with this TargetHttpsProxy resource.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "backupDr": {
+          "$ref": "ResourceStatusServiceIntegrationStatusBackupDRStatus"
         }
       },
       "type": "object"
     },
-    "RegionUrlMapsValidateRequest": {
-      "id": "RegionUrlMapsValidateRequest",
+    "ResourceStatusServiceIntegrationStatusBackupDRStatus": {
+      "description": "Message defining compute perspective of the result of integration with Backup and DR. FAILED status indicates that the operation specified did not complete correctly and should be retried with the same value.",
+      "id": "ResourceStatusServiceIntegrationStatusBackupDRStatus",
       "properties": {
-        "resource": {
-          "$ref": "UrlMap",
-          "description": "Content of the UrlMap to be validated."
+        "integrationDetails": {
+          "description": "The PlanReference object created by Backup and DR to maintain the actual status of backups. May still be present if removing the backup plan fails.",
+          "type": "string"
+        },
+        "state": {
+          "description": "Enum representing the registration state of a Backup and DR backup plan for the instance.",
+          "enum": [
+            "ACTIVE",
+            "CREATING",
+            "DELETING",
+            "FAILED",
+            "STATE_UNSPECIFIED"
+          ],
+          "enumDescriptions": [
+            "The operation was successful and Backup and DR is trying to protect the instance with the specified backup plan. Check resource pointed to in integration_details for more information.",
+            "GCE is trying to attach the backup plan to the instance.",
+            "GCE is trying to remove the backup plan from the instance.",
+            "The operation failed, specifying the same value in BackupDrSpec.plan again (including null for delete) will attempt to repair the integration",
+            "Default value, should not be found on instances."
+          ],
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "RequestMirrorPolicy": {
-      "description": "A policy that specifies how requests intended for the route's backends are shadowed to a separate mirrored backend service. The load balancer doesn't wait for responses from the shadow service. Before sending traffic to the shadow service, the host or authority header is suffixed with -shadow.",
-      "id": "RequestMirrorPolicy",
+    "RolloutPolicy": {
+      "description": "A rollout policy configuration.",
+      "id": "RolloutPolicy",
       "properties": {
-        "backendService": {
-          "description": "The full or partial URL to the BackendService resource being mirrored to. The backend service configured for a mirroring policy must reference backends that are of the same type as the original backend service matched in the URL map. Serverless NEG backends are not currently supported as a mirrored backend service. ",
+        "defaultRolloutTime": {
+          "description": "An optional RFC3339 timestamp on or after which the update is considered rolled out to any zone that is not explicitly stated.",
           "type": "string"
+        },
+        "locationRolloutPolicies": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Location based rollout policies to apply to the resource. Currently only zone names are supported and must be represented as valid URLs, like: zones/us-central1-a. The value expects an RFC3339 timestamp on or after which the update is considered rolled out to the specified location.",
+          "type": "object"
         }
       },
       "type": "object"
     },
-    "Reservation": {
-      "description": "Represents a reservation resource. A reservation ensures that capacity is held in a specific zone even if the reserved VMs are not running. For more information, read Reserving zonal resources.",
-      "id": "Reservation",
+    "Route": {
+      "description": "Represents a Route resource. A route defines a path from VM instances in the VPC network to a specific destination. This destination can be inside or outside the VPC network. For more information, read the Routes overview.",
+      "id": "Route",
       "properties": {
-        "aggregateReservation": {
-          "$ref": "AllocationAggregateReservation",
-          "description": "Reservation for aggregated resources, providing shape flexibility."
+        "allowConflictingSubnetworks": {
+          "description": "Whether this route can conflict with existing subnetworks. Setting this to true allows this route to conflict with subnetworks that have already been configured on the corresponding network.",
+          "type": "boolean"
         },
-        "commitment": {
-          "description": "[Output Only] Full or partial URL to a parent commitment. This field displays for reservations that are tied to a commitment.",
-          "type": "string"
+        "asPaths": {
+          "description": "[Output Only] AS path.",
+          "items": {
+            "$ref": "RouteAsPath"
+          },
+          "type": "array"
         },
         "creationTimestamp": {
           "description": "[Output Only] Creation timestamp in RFC3339 text format.",
           "type": "string"
         },
         "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
+          "description": "An optional description of this resource. Provide this field when you create the resource.",
+          "type": "string"
+        },
+        "destRange": {
+          "annotations": {
+            "required": [
+              "compute.routes.insert"
+            ]
+          },
+          "description": "The destination range of outgoing packets that this route applies to. Both IPv4 and IPv6 are supported.",
           "type": "string"
         },
         "id": {
@@ -70027,504 +78201,290 @@
           "format": "uint64",
           "type": "string"
         },
+        "ilbRouteBehaviorOnUnhealthy": {
+          "description": "ILB route behavior when ILB is deemed unhealthy based on user specified threshold on the Backend Service of the internal load balancing.",
+          "enum": [
+            "DO_NOT_WITHDRAW_ROUTE_IF_ILB_UNHEALTHY",
+            "WITHDRAW_ROUTE_IF_ILB_UNHEALTHY"
+          ],
+          "enumDescriptions": [
+            "Do not Withdraw route if the ILB is deemed unhealthy based on user specified threshold on the Backend Service of the ILB. This is default behavior for ilb as next hop route without IlbRouteBehavior.",
+            "Withdraw route if the ILB is deemed unhealthy based on user specified threshold on the Backend Service of the internal load balancing. Currently the withdrawn route will be reinserted when the backends are restored to healthy. If you wish to prevent the re-insertion of the route and trigger the fall-back at your discretion, override the health result from the backends to signal as healthy only when ready to fallback."
+          ],
+          "type": "string"
+        },
         "kind": {
-          "default": "compute#reservation",
-          "description": "[Output Only] Type of the resource. Always compute#reservations for reservations.",
+          "default": "compute#route",
+          "description": "[Output Only] Type of this resource. Always compute#routes for Route resources.",
           "type": "string"
         },
         "name": {
           "annotations": {
             "required": [
-              "compute.instances.insert"
+              "compute.routes.insert"
             ]
           },
-          "description": "The name of the resource, provided by the client when initially creating the resource. The resource name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.",
           "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
         },
-        "resourcePolicies": {
-          "additionalProperties": {
-            "type": "string"
+        "network": {
+          "annotations": {
+            "required": [
+              "compute.routes.insert"
+            ]
           },
-          "description": "Resource policies to be added to this reservation. The key is defined by user, and the value is resource policy url. This is to define placement policy with reservation.",
-          "type": "object"
+          "description": "Fully-qualified URL of the network that this route applies to.",
+          "type": "string"
         },
-        "resourceStatus": {
-          "$ref": "AllocationResourceStatus",
-          "description": "[Output Only] Status information for Reservation resource."
+        "nextHopGateway": {
+          "description": "The URL to a gateway that should handle matching packets. You can only specify the internet gateway using a full or partial valid URL: projects/ project/global/gateways/default-internet-gateway",
+          "type": "string"
         },
-        "satisfiesPzs": {
-          "description": "[Output Only] Reserved for future use.",
-          "type": "boolean"
+        "nextHopHub": {
+          "description": "[Output Only] The full resource name of the Network Connectivity Center hub that will handle matching packets.",
+          "type": "string"
         },
-        "selfLink": {
-          "description": "[Output Only] Server-defined fully-qualified URL for this resource.",
+        "nextHopIlb": {
+          "description": "The URL to a forwarding rule of type loadBalancingScheme=INTERNAL that should handle matching packets or the IP address of the forwarding Rule. For example, the following are all valid URLs: - 10.128.0.56 - https://www.googleapis.com/compute/v1/projects/project/regions/region /forwardingRules/forwardingRule - regions/region/forwardingRules/forwardingRule ",
           "type": "string"
         },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+        "nextHopInstance": {
+          "description": "The URL to an instance that should handle matching packets. You can specify this as a full or partial URL. For example: https://www.googleapis.com/compute/v1/projects/project/zones/zone/instances/",
           "type": "string"
         },
-        "shareSettings": {
-          "$ref": "ShareSettings",
-          "description": "Specify share-settings to create a shared reservation. This property is optional. For more information about the syntax and options for this field and its subfields, see the guide for creating a shared reservation."
+        "nextHopInterconnectAttachment": {
+          "description": "[Output Only] The URL to an InterconnectAttachment which is the next hop for the route. This field will only be populated for the dynamic routes generated by Cloud Router with a linked interconnectAttachment.",
+          "type": "string"
         },
-        "specificReservation": {
-          "$ref": "AllocationSpecificSKUReservation",
-          "description": "Reservation for instances with specific machine shapes."
+        "nextHopIp": {
+          "description": "The network IP address of an instance that should handle matching packets. Only IPv4 is supported.",
+          "type": "string"
         },
-        "specificReservationRequired": {
-          "description": "Indicates whether the reservation can be consumed by VMs with affinity for \"any\" reservation. If the field is set, then only VMs that target the reservation by name can consume from this reservation.",
-          "type": "boolean"
+        "nextHopNetwork": {
+          "description": "The URL of the local network if it should handle matching packets.",
+          "type": "string"
         },
-        "status": {
-          "description": "[Output Only] The status of the reservation.",
+        "nextHopPeering": {
+          "description": "[Output Only] The network peering name that should handle matching packets, which should conform to RFC1035.",
+          "type": "string"
+        },
+        "nextHopVpnTunnel": {
+          "description": "The URL to a VpnTunnel that should handle matching packets.",
+          "type": "string"
+        },
+        "priority": {
+          "annotations": {
+            "required": [
+              "compute.routes.insert"
+            ]
+          },
+          "description": "The priority of this route. Priority is used to break ties in cases where there is more than one matching route of equal prefix length. In cases where multiple routes have equal prefix length, the one with the lowest-numbered priority value wins. The default value is `1000`. The priority value must be from `0` to `65535`, inclusive.",
+          "format": "uint32",
+          "type": "integer"
+        },
+        "routeStatus": {
+          "description": "[Output only] The status of the route.",
           "enum": [
-            "CREATING",
-            "DELETING",
-            "INVALID",
-            "READY",
-            "UPDATING"
+            "ACTIVE",
+            "DROPPED",
+            "INACTIVE",
+            "PENDING"
           ],
           "enumDescriptions": [
-            "Resources are being allocated for the reservation.",
-            "Reservation is currently being deleted.",
-            "",
-            "Reservation has allocated all its resources.",
-            "Reservation is currently being resized."
+            "This route is processed and active.",
+            "The route is dropped due to the VPC exceeding the dynamic route limit. For dynamic route limit, please refer to the Learned route example",
+            "This route is processed but inactive due to failure from the backend. The backend may have rejected the route",
+            "This route is being processed internally. The status will change once processed."
           ],
           "type": "string"
         },
-        "zone": {
-          "description": "Zone in which the reservation resides. A zone must be provided if the reservation is created within a commitment.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "ReservationAffinity": {
-      "description": "Specifies the reservations that this instance can consume from.",
-      "id": "ReservationAffinity",
-      "properties": {
-        "consumeReservationType": {
-          "description": "Specifies the type of reservation from which this instance can consume resources: ANY_RESERVATION (default), SPECIFIC_RESERVATION, or NO_RESERVATION. See Consuming reserved instances for examples.",
+        "routeType": {
+          "description": "[Output Only] The type of this route, which can be one of the following values: - 'TRANSIT' for a transit route that this router learned from another Cloud Router and will readvertise to one of its BGP peers - 'SUBNET' for a route from a subnet of the VPC - 'BGP' for a route learned from a BGP peer of this router - 'STATIC' for a static route",
           "enum": [
-            "ANY_RESERVATION",
-            "NO_RESERVATION",
-            "SPECIFIC_RESERVATION",
-            "SPECIFIC_THEN_ANY_RESERVATION",
-            "UNSPECIFIED"
+            "BGP",
+            "STATIC",
+            "SUBNET",
+            "TRANSIT"
           ],
           "enumDescriptions": [
-            "Consume any allocation available.",
-            "Do not consume from any allocated capacity.",
-            "Must consume from a specific reservation. Must specify key value fields for specifying the reservations.",
-            "Prefer to consume from a specific reservation, but still consume any reservation available if the specified reservation is not available or exhausted. Must specify key value fields for specifying the reservations.",
+            "",
+            "",
+            "",
             ""
           ],
           "type": "string"
         },
-        "key": {
-          "description": "Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify googleapis.com/reservation-name as the key and specify the name of your reservation as its value.",
+        "selfLink": {
+          "description": "[Output Only] Server-defined fully-qualified URL for this resource.",
           "type": "string"
         },
-        "values": {
-          "description": "Corresponds to the label values of a reservation resource. This can be either a name to a reservation in the same project or \"projects/different-project/reservations/some-reservation-name\" to target a shared reservation in the same zone but in a different project.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "ReservationAggregatedList": {
-      "description": "Contains a list of reservations.",
-      "id": "ReservationAggregatedList",
-      "properties": {
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
           "type": "string"
         },
-        "items": {
-          "additionalProperties": {
-            "$ref": "ReservationsScopedList",
-            "description": "Name of the scope containing this set of reservations."
+        "tags": {
+          "annotations": {
+            "required": [
+              "compute.routes.insert"
+            ]
           },
-          "description": "A list of Allocation resources.",
-          "type": "object"
-        },
-        "kind": {
-          "default": "compute#reservationAggregatedList",
-          "description": "Type of resource.",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
-          "type": "string"
-        },
-        "unreachables": {
-          "description": "[Output Only] Unreachable resources.",
+          "description": "A list of instance tags to which this route applies.",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
-        "warning": {
-          "description": "[Output Only] Informational warning message.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
-              ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "ReservationList": {
-      "id": "ReservationList",
-      "properties": {
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "type": "string"
-        },
-        "items": {
-          "description": "[Output Only] A list of Allocation resources.",
+        "warnings": {
+          "description": "[Output Only] If potential misconfigurations are detected for this route, this field will be populated with warning messages.",
           "items": {
-            "$ref": "Reservation"
-          },
-          "type": "array"
-        },
-        "kind": {
-          "default": "compute#reservationList",
-          "description": "[Output Only] Type of resource.Always compute#reservationsList for listsof reservations",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
-          "type": "string"
-        },
-        "warning": {
-          "description": "[Output Only] Informational warning message.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
-              ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
+            "properties": {
+              "code": {
+                "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+                "enum": [
+                  "CLEANUP_FAILED",
+                  "DEPRECATED_RESOURCE_USED",
+                  "DEPRECATED_TYPE_USED",
+                  "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                  "EXPERIMENTAL_TYPE_USED",
+                  "EXTERNAL_API_WARNING",
+                  "FIELD_VALUE_OVERRIDEN",
+                  "INJECTED_KERNELS_DEPRECATED",
+                  "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                  "LARGE_DEPLOYMENT_WARNING",
+                  "LIST_OVERHEAD_QUOTA_EXCEED",
+                  "MISSING_TYPE_DEPENDENCY",
+                  "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                  "NEXT_HOP_CANNOT_IP_FORWARD",
+                  "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                  "NEXT_HOP_INSTANCE_NOT_FOUND",
+                  "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                  "NEXT_HOP_NOT_RUNNING",
+                  "NOT_CRITICAL_ERROR",
+                  "NO_RESULTS_ON_PAGE",
+                  "PARTIAL_SUCCESS",
+                  "REQUIRED_TOS_AGREEMENT",
+                  "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                  "RESOURCE_NOT_DELETED",
+                  "SCHEMA_VALIDATION_IGNORED",
+                  "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                  "UNDECLARED_PROPERTIES",
+                  "UNREACHABLE"
+                ],
+                "enumDeprecated": [
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  true,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false
+                ],
+                "enumDescriptions": [
+                  "Warning about failed cleanup of transient changes made by a failed operation.",
+                  "A link to a deprecated resource was created.",
+                  "When deploying and at least one of the resources has a type marked as deprecated",
+                  "The user created a boot disk that is larger than image size.",
+                  "When deploying and at least one of the resources has a type marked as experimental",
+                  "Warning that is present in an external api call",
+                  "Warning that value of a field has been overridden. Deprecated unused field.",
+                  "The operation involved use of an injected kernel, which is deprecated.",
+                  "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                  "When deploying a deployment with a exceedingly large number of resources",
+                  "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                  "A resource depends on a missing type",
+                  "The route's nextHopIp address is not assigned to an instance on the network.",
+                  "The route's next hop instance cannot ip forward.",
+                  "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                  "The route's nextHopInstance URL refers to an instance that does not exist.",
+                  "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                  "The route's next hop instance does not have a status of RUNNING.",
+                  "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                  "No results are present on a particular list page.",
+                  "Success is reported, but some results may be missing due to errors",
+                  "The user attempted to use a resource that requires a TOS they have not accepted.",
+                  "Warning that a resource is in use.",
+                  "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                  "When a resource schema validation is ignored.",
+                  "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                  "When undeclared properties in the schema are present",
+                  "A given scope cannot be reached."
+                ],
+                "type": "string"
+              },
+              "data": {
+                "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+                "items": {
+                  "properties": {
+                    "key": {
+                      "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                      "type": "string"
+                    },
+                    "value": {
+                      "description": "[Output Only] A warning data value corresponding to the key.",
+                      "type": "string"
+                    }
                   },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
+                  "type": "object"
                 },
-                "type": "object"
+                "type": "array"
               },
-              "type": "array"
+              "message": {
+                "description": "[Output Only] A human-readable description of the warning code.",
+                "type": "string"
+              }
             },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
+            "type": "object"
           },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "ReservationsResizeRequest": {
-      "id": "ReservationsResizeRequest",
-      "properties": {
-        "specificSkuCount": {
-          "description": "Number of allocated resources can be resized with minimum = 1 and maximum = 1000.",
-          "format": "int64",
-          "type": "string"
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "ReservationsScopedList": {
-      "id": "ReservationsScopedList",
+    "RouteAsPath": {
+      "id": "RouteAsPath",
       "properties": {
-        "reservations": {
-          "description": "A list of reservations contained in this scope.",
+        "asLists": {
+          "description": "[Output Only] The AS numbers of the AS Path.",
           "items": {
-            "$ref": "Reservation"
+            "format": "uint32",
+            "type": "integer"
           },
           "type": "array"
         },
-        "warning": {
-          "description": "Informational warning which replaces the list of reservations when the list is empty.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
-              ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "ResourceCommitment": {
-      "description": "Commitment for a particular resource (a Commitment is composed of one or more of these).",
-      "id": "ResourceCommitment",
-      "properties": {
-        "acceleratorType": {
-          "description": "Name of the accelerator type resource. Applicable only when the type is ACCELERATOR.",
-          "type": "string"
-        },
-        "amount": {
-          "description": "The amount of the resource purchased (in a type-dependent unit, such as bytes). For vCPUs, this can just be an integer. For memory, this must be provided in MB. Memory must be a multiple of 256 MB, with up to 6.5GB of memory per every vCPU.",
-          "format": "int64",
-          "type": "string"
-        },
-        "type": {
-          "description": "Type of resource for which this commitment applies. Possible values are VCPU, MEMORY, LOCAL_SSD, and ACCELERATOR.",
+        "pathSegmentType": {
+          "description": "[Output Only] The type of the AS Path, which can be one of the following values: - 'AS_SET': unordered set of autonomous systems that the route in has traversed - 'AS_SEQUENCE': ordered set of autonomous systems that the route has traversed - 'AS_CONFED_SEQUENCE': ordered set of Member Autonomous Systems in the local confederation that the route has traversed - 'AS_CONFED_SET': unordered set of Member Autonomous Systems in the local confederation that the route has traversed ",
           "enum": [
-            "ACCELERATOR",
-            "LOCAL_SSD",
-            "MEMORY",
-            "UNSPECIFIED",
-            "VCPU"
+            "AS_CONFED_SEQUENCE",
+            "AS_CONFED_SET",
+            "AS_SEQUENCE",
+            "AS_SET"
           ],
           "enumDescriptions": [
             "",
             "",
             "",
-            "",
             ""
           ],
           "type": "string"
@@ -70532,28 +78492,36 @@
       },
       "type": "object"
     },
-    "ResourceGroupReference": {
-      "id": "ResourceGroupReference",
+    "RouteList": {
+      "description": "Contains a list of Route resources.",
+      "id": "RouteList",
       "properties": {
-        "group": {
-          "description": "A URI referencing one of the instance groups or network endpoint groups listed in the backend service.",
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "ResourcePoliciesScopedList": {
-      "id": "ResourcePoliciesScopedList",
-      "properties": {
-        "resourcePolicies": {
-          "description": "A list of resourcePolicies contained in this scope.",
+        },
+        "items": {
+          "description": "A list of Route resources.",
           "items": {
-            "$ref": "ResourcePolicy"
+            "$ref": "Route"
           },
           "type": "array"
         },
+        "kind": {
+          "default": "compute#routeList",
+          "description": "Type of resource.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
         "warning": {
-          "description": "Informational warning which replaces the list of resourcePolicies when the list is empty.",
+          "description": "[Output Only] Informational warning message.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -70568,6 +78536,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -70586,6 +78555,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -70597,6 +78596,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -70644,114 +78644,132 @@
       },
       "type": "object"
     },
-    "ResourcePolicy": {
-      "description": "Represents a Resource Policy resource. You can use resource policies to schedule actions for some Compute Engine resources. For example, you can use them to schedule persistent disk snapshots.",
-      "id": "ResourcePolicy",
+    "Router": {
+      "description": "Represents a Cloud Router resource. For more information about Cloud Router, read the Cloud Router overview.",
+      "id": "Router",
       "properties": {
+        "bgp": {
+          "$ref": "RouterBgp",
+          "description": "BGP information specific to this router."
+        },
+        "bgpPeers": {
+          "description": "BGP information that must be configured into the routing stack to establish BGP peering. This information must specify the peer ASN and either the interface name, IP address, or peer IP address. Please refer to RFC4273.",
+          "items": {
+            "$ref": "RouterBgpPeer"
+          },
+          "type": "array"
+        },
         "creationTimestamp": {
           "description": "[Output Only] Creation timestamp in RFC3339 text format.",
           "type": "string"
         },
         "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
           "type": "string"
         },
-        "diskConsistencyGroupPolicy": {
-          "$ref": "ResourcePolicyDiskConsistencyGroupPolicy",
-          "description": "Resource policy for disk consistency groups."
-        },
-        "groupPlacementPolicy": {
-          "$ref": "ResourcePolicyGroupPlacementPolicy",
-          "description": "Resource policy for instances for placement configuration."
+        "encryptedInterconnectRouter": {
+          "description": "Indicates if a router is dedicated for use with encrypted VLAN attachments (interconnectAttachments).",
+          "type": "boolean"
         },
         "id": {
           "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
           "format": "uint64",
           "type": "string"
         },
-        "instanceSchedulePolicy": {
-          "$ref": "ResourcePolicyInstanceSchedulePolicy",
-          "description": "Resource policy for scheduling instance operations."
+        "interfaces": {
+          "description": "Router interfaces. Each interface requires either one linked resource, (for example, linkedVpnTunnel), or IP address and IP address range (for example, ipRange), or both.",
+          "items": {
+            "$ref": "RouterInterface"
+          },
+          "type": "array"
         },
         "kind": {
-          "default": "compute#resourcePolicy",
-          "description": "[Output Only] Type of the resource. Always compute#resource_policies for resource policies.",
+          "default": "compute#router",
+          "description": "[Output Only] Type of resource. Always compute#router for routers.",
           "type": "string"
         },
+        "md5AuthenticationKeys": {
+          "description": "Keys used for MD5 authentication.",
+          "items": {
+            "$ref": "RouterMd5AuthenticationKey"
+          },
+          "type": "array"
+        },
         "name": {
           "annotations": {
             "required": [
-              "compute.instances.insert"
+              "compute.routers.insert"
             ]
           },
-          "description": "The name of the resource, provided by the client when initially creating the resource. The resource name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
           "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
         },
-        "region": {
+        "nats": {
+          "description": "A list of NAT services created in this router.",
+          "items": {
+            "$ref": "RouterNat"
+          },
+          "type": "array"
+        },
+        "network": {
+          "annotations": {
+            "required": [
+              "compute.routers.insert",
+              "compute.routers.update"
+            ]
+          },
+          "description": "URI of the network to which this router belongs.",
           "type": "string"
         },
-        "resourceStatus": {
-          "$ref": "ResourcePolicyResourceStatus",
-          "description": "[Output Only] The system status of the resource policy."
+        "region": {
+          "description": "[Output Only] URI of the region where the router resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
+          "type": "string"
         },
         "selfLink": {
-          "description": "[Output Only] Server-defined fully-qualified URL for this resource.",
+          "description": "[Output Only] Server-defined URL for the resource.",
           "type": "string"
         },
         "selfLinkWithId": {
           "description": "[Output Only] Server-defined URL for this resource with the resource id.",
           "type": "string"
-        },
-        "snapshotSchedulePolicy": {
-          "$ref": "ResourcePolicySnapshotSchedulePolicy",
-          "description": "Resource policy for persistent disks for creating snapshots."
-        },
-        "status": {
-          "description": "[Output Only] The status of resource policy creation.",
-          "enum": [
-            "CREATING",
-            "DELETING",
-            "EXPIRED",
-            "INVALID",
-            "READY"
-          ],
-          "enumDescriptions": [
-            "Resource policy is being created.",
-            "Resource policy is being deleted.",
-            "Resource policy is expired and will not run again.",
-            "",
-            "Resource policy is ready to be used."
-          ],
-          "type": "string"
-        },
-        "vmMaintenancePolicy": {
-          "$ref": "ResourcePolicyVmMaintenancePolicy",
-          "description": "Resource policy applicable to VMs for infrastructure maintenance."
         }
       },
       "type": "object"
     },
-    "ResourcePolicyAggregatedList": {
-      "description": "Contains a list of resourcePolicies.",
-      "id": "ResourcePolicyAggregatedList",
+    "RouterAdvertisedIpRange": {
+      "description": "Description-tagged IP ranges for the router to advertise.",
+      "id": "RouterAdvertisedIpRange",
       "properties": {
-        "etag": {
+        "description": {
+          "description": "User-specified description for the IP range.",
           "type": "string"
         },
+        "range": {
+          "description": "The IP range to advertise. The value must be a CIDR-formatted string.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "RouterAggregatedList": {
+      "description": "Contains a list of routers.",
+      "id": "RouterAggregatedList",
+      "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
           "additionalProperties": {
-            "$ref": "ResourcePoliciesScopedList",
-            "description": "Name of the scope containing this set of resourcePolicies."
+            "$ref": "RoutersScopedList",
+            "description": "Name of the scope containing this set of routers."
           },
-          "description": "A list of ResourcePolicy resources.",
+          "description": "A list of Router resources.",
           "type": "object"
         },
         "kind": {
-          "default": "compute#resourcePolicyAggregatedList",
+          "default": "compute#routerAggregatedList",
           "description": "Type of resource.",
           "type": "string"
         },
@@ -70786,6 +78804,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -70804,6 +78823,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -70815,6 +78864,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -70857,66 +78907,237 @@
               "type": "string"
             }
           },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "ResourcePolicyDailyCycle": {
-      "description": "Time window specified for daily operations.",
-      "id": "ResourcePolicyDailyCycle",
-      "properties": {
-        "daysInCycle": {
-          "description": "Defines a schedule with units measured in days. The value determines how many days pass between the start of each cycle.",
-          "format": "int32",
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "RouterBgp": {
+      "id": "RouterBgp",
+      "properties": {
+        "advertiseMode": {
+          "description": "User-specified flag to indicate which mode to use for advertisement. The options are DEFAULT or CUSTOM.",
+          "enum": [
+            "CUSTOM",
+            "DEFAULT"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "advertisedGroups": {
+          "description": "User-specified list of prefix groups to advertise in custom mode. This field can only be populated if advertise_mode is CUSTOM and is advertised to all peers of the router. These groups will be advertised in addition to any specified prefixes. Leave this field blank to advertise no custom groups.",
+          "items": {
+            "enum": [
+              "ALL_PEER_VPC_SUBNETS",
+              "ALL_SUBNETS",
+              "ALL_VPC_SUBNETS"
+            ],
+            "enumDescriptions": [
+              "Advertise peer subnets of the router's VPC.",
+              "Advertise all available subnets (including peer VPC subnets).",
+              "Advertise the router's own VPC subnets."
+            ],
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "advertisedIpRanges": {
+          "description": "User-specified list of individual IP ranges to advertise in custom mode. This field can only be populated if advertise_mode is CUSTOM and is advertised to all peers of the router. These IP ranges will be advertised in addition to any specified groups. Leave this field blank to advertise no custom IP ranges.",
+          "items": {
+            "$ref": "RouterAdvertisedIpRange"
+          },
+          "type": "array"
+        },
+        "asn": {
+          "description": "Local BGP Autonomous System Number (ASN). Must be an RFC6996 private ASN, either 16-bit or 32-bit. The value will be fixed for this router resource. All VPN tunnels that link to this router will have the same local ASN.",
+          "format": "uint32",
+          "type": "integer"
+        },
+        "identifierRange": {
+          "description": "Explicitly specifies a range of valid BGP Identifiers for this Router. It is provided as a link-local IPv4 range (from 169.254.0.0/16), of size at least /30, even if the BGP sessions are over IPv6. It must not overlap with any IPv4 BGP session ranges. Other vendors commonly call this \"router ID\".",
+          "type": "string"
+        },
+        "keepaliveInterval": {
+          "description": "The interval in seconds between BGP keepalive messages that are sent to the peer. Hold time is three times the interval at which keepalive messages are sent, and the hold time is the maximum number of seconds allowed to elapse between successive keepalive messages that BGP receives from a peer. BGP will use the smaller of either the local hold time value or the peer's hold time value as the hold time for the BGP connection between the two peers. If set, this value must be between 20 and 60. The default is 20.",
+          "format": "uint32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "RouterBgpPeer": {
+      "id": "RouterBgpPeer",
+      "properties": {
+        "advertiseMode": {
+          "description": "User-specified flag to indicate which mode to use for advertisement.",
+          "enum": [
+            "CUSTOM",
+            "DEFAULT"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "advertisedGroups": {
+          "description": "User-specified list of prefix groups to advertise in custom mode, which currently supports the following option: - ALL_SUBNETS: Advertises all of the router's own VPC subnets. This excludes any routes learned for subnets that use VPC Network Peering. Note that this field can only be populated if advertise_mode is CUSTOM and overrides the list defined for the router (in the \"bgp\" message). These groups are advertised in addition to any specified prefixes. Leave this field blank to advertise no custom groups.",
+          "items": {
+            "enum": [
+              "ALL_PEER_VPC_SUBNETS",
+              "ALL_SUBNETS",
+              "ALL_VPC_SUBNETS"
+            ],
+            "enumDescriptions": [
+              "Advertise peer subnets of the router's VPC.",
+              "Advertise all available subnets (including peer VPC subnets).",
+              "Advertise the router's own VPC subnets."
+            ],
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "advertisedIpRanges": {
+          "description": "User-specified list of individual IP ranges to advertise in custom mode. This field can only be populated if advertise_mode is CUSTOM and overrides the list defined for the router (in the \"bgp\" message). These IP ranges are advertised in addition to any specified groups. Leave this field blank to advertise no custom IP ranges.",
+          "items": {
+            "$ref": "RouterAdvertisedIpRange"
+          },
+          "type": "array"
+        },
+        "advertisedRoutePriority": {
+          "description": "The priority of routes advertised to this BGP peer. Where there is more than one matching route of maximum length, the routes with the lowest priority value win.",
+          "format": "uint32",
+          "type": "integer"
+        },
+        "bfd": {
+          "$ref": "RouterBgpPeerBfd",
+          "description": "BFD configuration for the BGP peering."
+        },
+        "customLearnedIpRanges": {
+          "description": "A list of user-defined custom learned route IP address ranges for a BGP session.",
+          "items": {
+            "$ref": "RouterBgpPeerCustomLearnedIpRange"
+          },
+          "type": "array"
+        },
+        "customLearnedRoutePriority": {
+          "description": "The user-defined custom learned route priority for a BGP session. This value is applied to all custom learned route ranges for the session. You can choose a value from `0` to `65335`. If you don't provide a value, Google Cloud assigns a priority of `100` to the ranges.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "enable": {
+          "description": "The status of the BGP peer connection. If set to FALSE, any active session with the peer is terminated and all associated routing information is removed. If set to TRUE, the peer connection can be established with routing information. The default is TRUE.",
+          "enum": [
+            "FALSE",
+            "TRUE"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "enableIpv4": {
+          "description": "Enable IPv4 traffic over BGP Peer. It is enabled by default if the peerIpAddress is version 4.",
+          "type": "boolean"
+        },
+        "enableIpv6": {
+          "description": "Enable IPv6 traffic over BGP Peer. If not specified, it is disabled by default.",
+          "type": "boolean"
+        },
+        "interfaceName": {
+          "description": "Name of the interface the BGP peer is associated with.",
+          "type": "string"
+        },
+        "ipAddress": {
+          "description": "IP address of the interface inside Google Cloud Platform. Only IPv4 is supported.",
+          "type": "string"
+        },
+        "ipv4NexthopAddress": {
+          "description": "IPv4 address of the interface inside Google Cloud Platform.",
+          "type": "string"
+        },
+        "ipv6NexthopAddress": {
+          "description": "IPv6 address of the interface inside Google Cloud Platform.",
+          "type": "string"
+        },
+        "managementType": {
+          "description": "[Output Only] The resource that configures and manages this BGP peer. - MANAGED_BY_USER is the default value and can be managed by you or other users - MANAGED_BY_ATTACHMENT is a BGP peer that is configured and managed by Cloud Interconnect, specifically by an InterconnectAttachment of type PARTNER. Google automatically creates, updates, and deletes this type of BGP peer when the PARTNER InterconnectAttachment is created, updated, or deleted. ",
+          "enum": [
+            "MANAGED_BY_ATTACHMENT",
+            "MANAGED_BY_USER"
+          ],
+          "enumDescriptions": [
+            "The BGP peer is automatically created for PARTNER type InterconnectAttachment; Google will automatically create/delete this BGP peer when the PARTNER InterconnectAttachment is created/deleted, and Google will update the ipAddress and peerIpAddress when the PARTNER InterconnectAttachment is provisioned. This type of BGP peer cannot be created or deleted, but can be modified for all fields except for name, ipAddress and peerIpAddress.",
+            "Default value, the BGP peer is manually created and managed by user."
+          ],
+          "type": "string"
+        },
+        "md5AuthenticationKeyName": {
+          "description": "Present if MD5 authentication is enabled for the peering. Must be the name of one of the entries in the Router.md5_authentication_keys. The field must comply with RFC1035.",
+          "type": "string"
+        },
+        "name": {
+          "annotations": {
+            "required": [
+              "compute.routers.insert"
+            ]
+          },
+          "description": "Name of this BGP peer. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "peerAsn": {
+          "annotations": {
+            "required": [
+              "compute.routers.insert"
+            ]
+          },
+          "description": "Peer BGP Autonomous System Number (ASN). Each BGP interface may use a different value.",
+          "format": "uint32",
           "type": "integer"
         },
-        "duration": {
-          "description": "[Output only] A predetermined duration for the window, automatically chosen to be the smallest possible in the given scenario.",
+        "peerIpAddress": {
+          "description": "IP address of the BGP interface outside Google Cloud Platform. Only IPv4 is supported.",
           "type": "string"
         },
-        "startTime": {
-          "description": "Start time of the window. This must be in UTC format that resolves to one of 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and 08:00 are valid.",
+        "peerIpv4NexthopAddress": {
+          "description": "IPv4 address of the BGP interface outside Google Cloud Platform.",
+          "type": "string"
+        },
+        "peerIpv6NexthopAddress": {
+          "description": "IPv6 address of the BGP interface outside Google Cloud Platform.",
+          "type": "string"
+        },
+        "routerApplianceInstance": {
+          "description": "URI of the VM instance that is used as third-party router appliances such as Next Gen Firewalls, Virtual Routers, or Router Appliances. The VM instance must be located in zones contained in the same region as this Cloud Router. The VM instance is the peer side of the BGP session.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "ResourcePolicyDiskConsistencyGroupPolicy": {
-      "description": "Resource policy for disk consistency groups.",
-      "id": "ResourcePolicyDiskConsistencyGroupPolicy",
-      "properties": {},
-      "type": "object"
-    },
-    "ResourcePolicyGroupPlacementPolicy": {
-      "description": "A GroupPlacementPolicy specifies resource placement configuration. It specifies the failure bucket separation as well as network locality",
-      "id": "ResourcePolicyGroupPlacementPolicy",
+    "RouterBgpPeerBfd": {
+      "id": "RouterBgpPeerBfd",
       "properties": {
-        "availabilityDomainCount": {
-          "description": "The number of availability domains to spread instances across. If two instances are in different availability domain, they are not in the same low latency network.",
-          "format": "int32",
+        "minReceiveInterval": {
+          "description": "The minimum interval, in milliseconds, between BFD control packets received from the peer router. The actual value is negotiated between the two routers and is equal to the greater of this value and the transmit interval of the other router. If set, this value must be between 1000 and 30000. The default is 1000.",
+          "format": "uint32",
           "type": "integer"
         },
-        "collocation": {
-          "description": "Specifies network collocation",
-          "enum": [
-            "CLUSTERED",
-            "COLLOCATED",
-            "UNSPECIFIED_COLLOCATION"
-          ],
-          "enumDescriptions": [
-            "Specifies collocation option that provides tight collocation with minimum network latency.",
-            "",
-            ""
-          ],
-          "type": "string"
+        "minTransmitInterval": {
+          "description": "The minimum interval, in milliseconds, between BFD control packets transmitted to the peer router. The actual value is negotiated between the two routers and is equal to the greater of this value and the corresponding receive interval of the other router. If set, this value must be between 1000 and 30000. The default is 1000.",
+          "format": "uint32",
+          "type": "integer"
         },
-        "locality": {
-          "description": "Specifies network locality",
+        "mode": {
+          "description": "The BFD session initialization mode for this BGP peer. If set to ACTIVE, the Cloud Router will initiate the BFD session for this BGP peer. If set to PASSIVE, the Cloud Router will wait for the peer router to initiate the BFD session for this BGP peer. If set to DISABLED, BFD is disabled for this BGP peer. The default is PASSIVE.",
           "enum": [
-            "BEST_EFFORT",
-            "STRICT",
-            "UNSPECIFIED_LOCALITY"
+            "ACTIVE",
+            "DISABLED",
+            "PASSIVE"
           ],
           "enumDescriptions": [
             "",
@@ -70925,127 +79146,138 @@
           ],
           "type": "string"
         },
-        "maxDistance": {
-          "description": "Specifies the number of max logical switches.",
-          "format": "int32",
+        "multiplier": {
+          "description": "The number of consecutive BFD packets that must be missed before BFD declares that a peer is unavailable. If set, the value must be a value between 5 and 16. The default is 5.",
+          "format": "uint32",
           "type": "integer"
         },
-        "scope": {
-          "description": "Scope specifies the availability domain to which the VMs should be spread.",
+        "packetMode": {
+          "description": "The BFD packet mode for this BGP peer. If set to CONTROL_AND_ECHO, BFD echo mode is enabled for this BGP peer. In this mode, if the peer router also has BFD echo mode enabled, BFD echo packets will be sent to the other router. If the peer router does not have BFD echo mode enabled, only control packets will be sent. If set to CONTROL_ONLY, BFD echo mode is disabled for this BGP peer. If this router and the peer router have a multihop connection, this should be set to CONTROL_ONLY as BFD echo mode is only supported on singlehop connections. The default is CONTROL_AND_ECHO.",
           "enum": [
-            "HOST",
-            "UNSPECIFIED_SCOPE"
+            "CONTROL_AND_ECHO",
+            "CONTROL_ONLY"
           ],
           "enumDescriptions": [
-            "Specifies availability domain scope across hosts. VMs will be spread across different hosts.",
-            "VMs will be spread across different instrastructure to not share power, host and networking."
+            "",
+            ""
           ],
           "type": "string"
         },
-        "style": {
-          "description": "Specifies instances to hosts placement relationship",
+        "sessionInitializationMode": {
+          "description": "The BFD session initialization mode for this BGP peer. If set to ACTIVE, the Cloud Router will initiate the BFD session for this BGP peer. If set to PASSIVE, the Cloud Router will wait for the peer router to initiate the BFD session for this BGP peer. If set to DISABLED, BFD is disabled for this BGP peer. The default is DISABLED.",
           "enum": [
-            "COMPACT",
-            "FULLY_SPREAD",
-            "UNSPECIFIED_PLACEMENT_TYPE"
+            "ACTIVE",
+            "DISABLED",
+            "PASSIVE"
           ],
           "enumDescriptions": [
-            "VMs are placed without regard for shared hosts",
-            "VMs do not share the same hosts",
+            "",
+            "",
             ""
           ],
           "type": "string"
         },
-        "tpuTopology": {
-          "description": "Specifies the shape of the TPU slice",
-          "type": "string"
-        },
-        "vmCount": {
-          "description": "Number of VMs in this placement group. Google does not recommend that you use this field unless you use a compact policy and you want your policy to work only if it contains this exact number of VMs.",
-          "format": "int32",
+        "slowTimerInterval": {
+          "description": "The minimum interval, in milliseconds, between BFD control packets transmitted to and received from the peer router when BFD echo mode is enabled on both routers. The actual transmit and receive intervals are negotiated between the two routers and are equal to the greater of this value and the corresponding interval on the other router. If set, this value must be between 1000 and 30000. The default is 5000.",
+          "format": "uint32",
           "type": "integer"
         }
       },
       "type": "object"
     },
-    "ResourcePolicyHourlyCycle": {
-      "description": "Time window specified for hourly operations.",
-      "id": "ResourcePolicyHourlyCycle",
+    "RouterBgpPeerCustomLearnedIpRange": {
+      "id": "RouterBgpPeerCustomLearnedIpRange",
       "properties": {
-        "duration": {
-          "description": "[Output only] Duration of the time window, automatically chosen to be smallest possible in the given scenario.",
-          "type": "string"
-        },
-        "hoursInCycle": {
-          "description": "Defines a schedule with units measured in hours. The value determines how many hours pass between the start of each cycle.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "startTime": {
-          "description": "Time within the window to start the operations. It must be in format \"HH:MM\", where HH : [00-23] and MM : [00-00] GMT.",
+        "range": {
+          "description": "The custom learned route IP address range. Must be a valid CIDR-formatted prefix. If an IP address is provided without a subnet mask, it is interpreted as, for IPv4, a `/32` singular IP address range, and, for IPv6, `/128`.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "ResourcePolicyInstanceSchedulePolicy": {
-      "description": "An InstanceSchedulePolicy specifies when and how frequent certain operations are performed on the instance.",
-      "id": "ResourcePolicyInstanceSchedulePolicy",
+    "RouterInterface": {
+      "id": "RouterInterface",
       "properties": {
-        "expirationTime": {
-          "description": "The expiration time of the schedule. The timestamp is an RFC3339 string.",
+        "ipRange": {
+          "description": "IP address and range of the interface. The IP range must be in the RFC3927 link-local IP address space. The value must be a CIDR-formatted string, for example: 169.254.0.1/30. NOTE: Do not truncate the address as it represents the IP address of the interface.",
           "type": "string"
         },
-        "startTime": {
-          "description": "The start time of the schedule. The timestamp is an RFC3339 string.",
+        "ipVersion": {
+          "description": "IP version of this interface.",
+          "enum": [
+            "IPV4",
+            "IPV6"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
           "type": "string"
         },
-        "timeZone": {
-          "description": "Specifies the time zone to be used in interpreting Schedule.schedule. The value of this field must be a time zone name from the tz database: http://en.wikipedia.org/wiki/Tz_database.",
+        "linkedInterconnectAttachment": {
+          "description": "URI of the linked Interconnect attachment. It must be in the same region as the router. Each interface can have one linked resource, which can be a VPN tunnel, an Interconnect attachment, or a virtual machine instance.",
           "type": "string"
         },
-        "vmStartSchedule": {
-          "$ref": "ResourcePolicyInstanceSchedulePolicySchedule",
-          "description": "Specifies the schedule for starting instances."
+        "linkedVpnTunnel": {
+          "description": "URI of the linked VPN tunnel, which must be in the same region as the router. Each interface can have one linked resource, which can be a VPN tunnel, an Interconnect attachment, or a virtual machine instance.",
+          "type": "string"
         },
-        "vmStopSchedule": {
-          "$ref": "ResourcePolicyInstanceSchedulePolicySchedule",
-          "description": "Specifies the schedule for stopping instances."
-        }
-      },
-      "type": "object"
-    },
-    "ResourcePolicyInstanceSchedulePolicySchedule": {
-      "description": "Schedule for an instance operation.",
-      "id": "ResourcePolicyInstanceSchedulePolicySchedule",
-      "properties": {
-        "schedule": {
-          "description": "Specifies the frequency for the operation, using the unix-cron format.",
+        "managementType": {
+          "description": "[Output Only] The resource that configures and manages this interface. - MANAGED_BY_USER is the default value and can be managed directly by users. - MANAGED_BY_ATTACHMENT is an interface that is configured and managed by Cloud Interconnect, specifically, by an InterconnectAttachment of type PARTNER. Google automatically creates, updates, and deletes this type of interface when the PARTNER InterconnectAttachment is created, updated, or deleted. ",
+          "enum": [
+            "MANAGED_BY_ATTACHMENT",
+            "MANAGED_BY_USER"
+          ],
+          "enumDescriptions": [
+            "The interface is automatically created for PARTNER type InterconnectAttachment, Google will automatically create/update/delete this interface when the PARTNER InterconnectAttachment is created/provisioned/deleted. This type of interface cannot be manually managed by user.",
+            "Default value, the interface is manually created and managed by user."
+          ],
+          "type": "string"
+        },
+        "name": {
+          "annotations": {
+            "required": [
+              "compute.routers.insert"
+            ]
+          },
+          "description": "Name of this interface entry. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "privateIpAddress": {
+          "description": "The regional private internal IP address that is used to establish BGP sessions to a VM instance acting as a third-party Router Appliance, such as a Next Gen Firewall, a Virtual Router, or an SD-WAN VM.",
+          "type": "string"
+        },
+        "redundantInterface": {
+          "description": "Name of the interface that will be redundant with the current interface you are creating. The redundantInterface must belong to the same Cloud Router as the interface here. To establish the BGP session to a Router Appliance VM, you must create two BGP peers. The two BGP peers must be attached to two separate interfaces that are redundant with each other. The redundant_interface must be 1-63 characters long, and comply with RFC1035. Specifically, the redundant_interface must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "subnetwork": {
+          "description": "The URI of the subnetwork resource that this interface belongs to, which must be in the same region as the Cloud Router. When you establish a BGP session to a VM instance using this interface, the VM instance must belong to the same subnetwork as the subnetwork specified here.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "ResourcePolicyList": {
-      "id": "ResourcePolicyList",
+    "RouterList": {
+      "description": "Contains a list of Router resources.",
+      "id": "RouterList",
       "properties": {
-        "etag": {
-          "type": "string"
-        },
         "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "[Output Only] A list of ResourcePolicy resources.",
+          "description": "A list of Router resources.",
           "items": {
-            "$ref": "ResourcePolicy"
+            "$ref": "Router"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#resourcePolicyList",
-          "description": "[Output Only] Type of resource.Always compute#resourcePoliciesList for listsof resourcePolicies",
+          "default": "compute#routerList",
+          "description": "[Output Only] Type of resource. Always compute#router for routers.",
           "type": "string"
         },
         "nextPageToken": {
@@ -71072,6 +79304,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -71090,6 +79323,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -71101,6 +79364,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -71148,648 +79412,573 @@
       },
       "type": "object"
     },
-    "ResourcePolicyResourceStatus": {
-      "description": "Contains output only fields. Use this sub-message for all output fields set on ResourcePolicy. The internal structure of this \"status\" field should mimic the structure of ResourcePolicy proto specification.",
-      "id": "ResourcePolicyResourceStatus",
-      "properties": {
-        "instanceSchedulePolicy": {
-          "$ref": "ResourcePolicyResourceStatusInstanceSchedulePolicyStatus",
-          "description": "[Output Only] Specifies a set of output values reffering to the instance_schedule_policy system status. This field should have the same name as corresponding policy field."
-        }
-      },
-      "type": "object"
-    },
-    "ResourcePolicyResourceStatusInstanceSchedulePolicyStatus": {
-      "id": "ResourcePolicyResourceStatusInstanceSchedulePolicyStatus",
+    "RouterMd5AuthenticationKey": {
+      "id": "RouterMd5AuthenticationKey",
       "properties": {
-        "lastRunStartTime": {
-          "description": "[Output Only] The last time the schedule successfully ran. The timestamp is an RFC3339 string.",
+        "key": {
+          "annotations": {
+            "required": [
+              "compute.routers.insert"
+            ]
+          },
+          "description": "[Input only] Value of the key. For patch and update calls, it can be skipped to copy the value from the previous configuration. This is allowed if the key with the same name existed before the operation. Maximum length is 80 characters. Can only contain printable ASCII characters.",
           "type": "string"
         },
-        "nextRunStartTime": {
-          "description": "[Output Only] The next time the schedule is planned to run. The actual time might be slightly different. The timestamp is an RFC3339 string.",
+        "name": {
+          "annotations": {
+            "required": [
+              "compute.routers.insert",
+              "compute.routers.update"
+            ]
+          },
+          "description": "Name used to identify the key. Must be unique within a router. Must be referenced by at least one bgpPeer. Must comply with RFC1035.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "ResourcePolicySnapshotSchedulePolicy": {
-      "description": "A snapshot schedule policy specifies when and how frequently snapshots are to be created for the target disk. Also specifies how many and how long these scheduled snapshots should be retained.",
-      "id": "ResourcePolicySnapshotSchedulePolicy",
-      "properties": {
-        "retentionPolicy": {
-          "$ref": "ResourcePolicySnapshotSchedulePolicyRetentionPolicy",
-          "description": "Retention policy applied to snapshots created by this resource policy."
-        },
-        "schedule": {
-          "$ref": "ResourcePolicySnapshotSchedulePolicySchedule",
-          "description": "A Vm Maintenance Policy specifies what kind of infrastructure maintenance we are allowed to perform on this VM and when. Schedule that is applied to disks covered by this policy."
-        },
-        "snapshotProperties": {
-          "$ref": "ResourcePolicySnapshotSchedulePolicySnapshotProperties",
-          "description": "Properties with which snapshots are created such as labels, encryption keys."
-        }
-      },
-      "type": "object"
-    },
-    "ResourcePolicySnapshotSchedulePolicyRetentionPolicy": {
-      "description": "Policy for retention of scheduled snapshots.",
-      "id": "ResourcePolicySnapshotSchedulePolicyRetentionPolicy",
+    "RouterNat": {
+      "description": "Represents a Nat resource. It enables the VMs within the specified subnetworks to access Internet without external IP addresses. It specifies a list of subnetworks (and the ranges within) that want to use NAT. Customers can also provide the external IPs that would be used for NAT. GCP would auto-allocate ephemeral IPs if no external IPs are provided.",
+      "id": "RouterNat",
       "properties": {
-        "maxRetentionDays": {
-          "description": "Maximum age of the snapshot that is allowed to be kept.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "onPolicySwitch": {
-          "enum": [
-            "DO_NOT_RETROACTIVELY_APPLY",
-            "RETROACTIVELY_APPLY",
-            "UNSPECIFIED_ON_POLICY_SWITCH"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "onSourceDiskDelete": {
-          "description": "Specifies the behavior to apply to scheduled snapshots when the source disk is deleted.",
+        "autoNetworkTier": {
+          "description": "The network tier to use when automatically reserving IP addresses. Must be one of: PREMIUM, STANDARD. If not specified, PREMIUM tier will be used.",
           "enum": [
-            "APPLY_RETENTION_POLICY",
-            "KEEP_AUTO_SNAPSHOTS",
-            "UNSPECIFIED_ON_SOURCE_DISK_DELETE"
+            "FIXED_STANDARD",
+            "PREMIUM",
+            "SELECT",
+            "STANDARD",
+            "STANDARD_OVERRIDES_FIXED_STANDARD"
           ],
           "enumDescriptions": [
-            "",
-            "",
-            ""
+            "Public internet quality with fixed bandwidth.",
+            "High quality, Google-grade network tier, support for all networking products.",
+            "Price competitive network tier, support for all networking products.",
+            "Public internet quality, only limited support for other networking products.",
+            "(Output only) Temporary tier for FIXED_STANDARD when fixed standard tier is expired or not configured."
           ],
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "ResourcePolicySnapshotSchedulePolicySchedule": {
-      "description": "A schedule for disks where the schedueled operations are performed.",
-      "id": "ResourcePolicySnapshotSchedulePolicySchedule",
-      "properties": {
-        "dailySchedule": {
-          "$ref": "ResourcePolicyDailyCycle"
-        },
-        "hourlySchedule": {
-          "$ref": "ResourcePolicyHourlyCycle"
         },
-        "weeklySchedule": {
-          "$ref": "ResourcePolicyWeeklyCycle"
-        }
-      },
-      "type": "object"
-    },
-    "ResourcePolicySnapshotSchedulePolicySnapshotProperties": {
-      "description": "Specified snapshot properties for scheduled snapshots created by this policy.",
-      "id": "ResourcePolicySnapshotSchedulePolicySnapshotProperties",
-      "properties": {
-        "chainName": {
-          "description": "Chain name that the snapshot is created in.",
-          "type": "string"
+        "drainNatIps": {
+          "description": "A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT. These IPs should be used for updating/patching a NAT only.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         },
-        "guestFlush": {
-          "description": "Indication to perform a 'guest aware' snapshot.",
+        "enableDynamicPortAllocation": {
+          "description": "Enable Dynamic Port Allocation. If not specified, it is disabled by default. If set to true, - Dynamic Port Allocation will be enabled on this NAT config. - enableEndpointIndependentMapping cannot be set to true. - If minPorts is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. ",
           "type": "boolean"
         },
-        "labels": {
-          "additionalProperties": {
-            "type": "string"
-          },
-          "description": "Labels to apply to scheduled snapshots. These can be later modified by the setLabels method. Label values may be empty.",
-          "type": "object"
+        "enableEndpointIndependentMapping": {
+          "type": "boolean"
         },
-        "storageLocations": {
-          "description": "Cloud Storage bucket storage location of the auto snapshot (regional or multi-regional).",
+        "endpointTypes": {
+          "description": "List of NAT-ted endpoint types supported by the Nat Gateway. If the list is empty, then it will be equivalent to include ENDPOINT_TYPE_VM",
           "items": {
+            "enum": [
+              "ENDPOINT_TYPE_MANAGED_PROXY_LB",
+              "ENDPOINT_TYPE_SWG",
+              "ENDPOINT_TYPE_VM"
+            ],
+            "enumDescriptions": [
+              "This is used for Regional Internal/External HTTP(S) and TCP Proxy load balancer endpoints.",
+              "This is used for Secure Web Gateway endpoints.",
+              "This is the default."
+            ],
             "type": "string"
           },
           "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "ResourcePolicyVmMaintenancePolicy": {
-      "id": "ResourcePolicyVmMaintenancePolicy",
-      "properties": {
-        "concurrencyControlGroup": {
-          "$ref": "ResourcePolicyVmMaintenancePolicyConcurrencyControl"
         },
-        "maintenanceWindow": {
-          "$ref": "ResourcePolicyVmMaintenancePolicyMaintenanceWindow",
-          "description": "Maintenance windows that are applied to VMs covered by this policy."
-        }
-      },
-      "type": "object"
-    },
-    "ResourcePolicyVmMaintenancePolicyConcurrencyControl": {
-      "description": "A concurrency control configuration. Defines a group config that, when attached to an instance, recognizes that instance as part of a group of instances where only up the concurrency_limit of instances in that group can undergo simultaneous maintenance. For more information: go/concurrency-control-design-doc",
-      "id": "ResourcePolicyVmMaintenancePolicyConcurrencyControl",
-      "properties": {
-        "concurrencyLimit": {
+        "icmpIdleTimeoutSec": {
+          "description": "Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.",
           "format": "int32",
           "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "ResourcePolicyVmMaintenancePolicyMaintenanceWindow": {
-      "description": "A maintenance window for VMs. When set, we restrict our maintenance operations to this window.",
-      "id": "ResourcePolicyVmMaintenancePolicyMaintenanceWindow",
-      "properties": {
-        "dailyMaintenanceWindow": {
-          "$ref": "ResourcePolicyDailyCycle"
-        }
-      },
-      "type": "object"
-    },
-    "ResourcePolicyWeeklyCycle": {
-      "description": "Time window specified for weekly operations.",
-      "id": "ResourcePolicyWeeklyCycle",
-      "properties": {
-        "dayOfWeeks": {
-          "description": "Up to 7 intervals/windows, one for each day of the week.",
+        },
+        "logConfig": {
+          "$ref": "RouterNatLogConfig",
+          "description": "Configure logging on this NAT."
+        },
+        "maxPortsPerVm": {
+          "description": "Maximum number of ports allocated to a VM from this NAT config when Dynamic Port Allocation is enabled. If Dynamic Port Allocation is not enabled, this field has no effect. If Dynamic Port Allocation is enabled, and this field is set, it must be set to a power of two greater than minPortsPerVm, or 64 if minPortsPerVm is not set. If Dynamic Port Allocation is enabled and this field is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "minPortsPerVm": {
+          "description": "Minimum number of ports allocated to a VM from this NAT config. If not set, a default number of ports is allocated to a VM. This is rounded up to the nearest power of 2. For example, if the value of this field is 50, at least 64 ports are allocated to a VM.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "name": {
+          "description": "Unique name of this Nat service. The name must be 1-63 characters long and comply with RFC1035.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "natIpAllocateOption": {
+          "description": "Specify the NatIpAllocateOption, which can take one of the following values: - MANUAL_ONLY: Uses only Nat IP addresses provided by customers. When there are not enough specified Nat IPs, the Nat service fails for new VMs. - AUTO_ONLY: Nat IPs are allocated by Google Cloud Platform; customers can't specify any Nat IPs. When choosing AUTO_ONLY, then nat_ip should be empty. ",
+          "enum": [
+            "AUTO_ONLY",
+            "MANUAL_ONLY"
+          ],
+          "enumDescriptions": [
+            "Nat IPs are allocated by GCP; customers can not specify any Nat IPs.",
+            "Only use Nat IPs provided by customers. When specified Nat IPs are not enough then the Nat service fails for new VMs."
+          ],
+          "type": "string"
+        },
+        "natIps": {
+          "description": "A list of URLs of the IP resources used for this Nat service. These IP addresses must be valid static external IP addresses assigned to the project.",
           "items": {
-            "$ref": "ResourcePolicyWeeklyCycleDayOfWeek"
+            "type": "string"
           },
           "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "ResourcePolicyWeeklyCycleDayOfWeek": {
-      "id": "ResourcePolicyWeeklyCycleDayOfWeek",
-      "properties": {
-        "day": {
-          "description": "Defines a schedule that runs on specific days of the week. Specify one or more days. The following options are available: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY.",
+        },
+        "rules": {
+          "description": "A list of rules associated with this NAT.",
+          "items": {
+            "$ref": "RouterNatRule"
+          },
+          "type": "array"
+        },
+        "sourceSubnetworkIpRangesToNat": {
+          "description": "Specify the Nat option, which can take one of the following values: - ALL_SUBNETWORKS_ALL_IP_RANGES: All of the IP ranges in every Subnetwork are allowed to Nat. - ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES: All of the primary IP ranges in every Subnetwork are allowed to Nat. - LIST_OF_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below) The default is SUBNETWORK_IP_RANGE_TO_NAT_OPTION_UNSPECIFIED. Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES then there should not be any other Router.Nat section in any Router for this network in this region.",
           "enum": [
-            "FRIDAY",
-            "INVALID",
-            "MONDAY",
-            "SATURDAY",
-            "SUNDAY",
-            "THURSDAY",
-            "TUESDAY",
-            "WEDNESDAY"
+            "ALL_SUBNETWORKS_ALL_IP_RANGES",
+            "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES",
+            "LIST_OF_SUBNETWORKS"
           ],
           "enumDescriptions": [
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            ""
+            "All the IP ranges in every Subnetwork are allowed to Nat.",
+            "All the primary IP ranges in every Subnetwork are allowed to Nat.",
+            "A list of Subnetworks are allowed to Nat (specified in the field subnetwork below)"
           ],
           "type": "string"
         },
-        "duration": {
-          "description": "[Output only] Duration of the time window, automatically chosen to be smallest possible in the given scenario.",
-          "type": "string"
-        },
-        "startTime": {
-          "description": "Time within the window to start the operations. It must be in format \"HH:MM\", where HH : [00-23] and MM : [00-00] GMT.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "ResourceStatus": {
-      "description": "Contains output only fields. Use this sub-message for actual values set on Instance attributes as compared to the value requested by the user (intent) in their instance CRUD calls.",
-      "id": "ResourceStatus",
-      "properties": {
-        "physicalHost": {
-          "description": "[Output Only] An opaque ID of the host on which the VM is running.",
-          "type": "string"
+        "subnetworks": {
+          "description": "A list of Subnetwork resources whose traffic should be translated by NAT Gateway. It is used only when LIST_OF_SUBNETWORKS is selected for the SubnetworkIpRangeToNatOption above.",
+          "items": {
+            "$ref": "RouterNatSubnetworkToNat"
+          },
+          "type": "array"
         },
-        "scheduling": {
-          "$ref": "ResourceStatusScheduling"
+        "tcpEstablishedIdleTimeoutSec": {
+          "description": "Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set.",
+          "format": "int32",
+          "type": "integer"
         },
-        "serviceIntegrationStatuses": {
-          "additionalProperties": {
-            "$ref": "ResourceStatusServiceIntegrationStatus"
-          },
-          "description": "[Output Only] Represents the status of the service integration specs defined by the user in instance.serviceIntegrationSpecs.",
-          "type": "object"
+        "tcpTimeWaitTimeoutSec": {
+          "description": "Timeout (in seconds) for TCP connections that are in TIME_WAIT state. Defaults to 120s if not set.",
+          "format": "int32",
+          "type": "integer"
         },
-        "upcomingMaintenance": {
-          "$ref": "ResourceStatusUpcomingMaintenance"
-        }
-      },
-      "type": "object"
-    },
-    "ResourceStatusScheduling": {
-      "id": "ResourceStatusScheduling",
-      "properties": {
-        "availabilityDomain": {
-          "description": "Specifies the availability domain (AD), which this instance should be scheduled on. The AD belongs to the spread GroupPlacementPolicy resource policy that has been assigned to the instance. Specify a value between 1-max count of availability domains in your GroupPlacementPolicy. See go/placement-policy-extension for more details.",
+        "tcpTransitoryIdleTimeoutSec": {
+          "description": "Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set.",
           "format": "int32",
           "type": "integer"
         },
-        "terminationTimestamp": {
-          "description": "Time in future when the instance will be terminated in RFC3339 text format.",
+        "type": {
+          "description": "Indicates whether this NAT is used for public or private IP translation. If unspecified, it defaults to PUBLIC.",
+          "enum": [
+            "PRIVATE",
+            "PUBLIC"
+          ],
+          "enumDescriptions": [
+            "NAT used for private IP translation.",
+            "NAT used for public IP translation. This is the default."
+          ],
           "type": "string"
+        },
+        "udpIdleTimeoutSec": {
+          "description": "Timeout (in seconds) for UDP connections. Defaults to 30s if not set.",
+          "format": "int32",
+          "type": "integer"
         }
       },
       "type": "object"
     },
-    "ResourceStatusServiceIntegrationStatus": {
-      "description": "Represents the status of integration between instance and another service. See go/gce-backupdr-design for more details.",
-      "id": "ResourceStatusServiceIntegrationStatus",
+    "RouterNatLogConfig": {
+      "description": "Configuration of logging on a NAT.",
+      "id": "RouterNatLogConfig",
       "properties": {
-        "backupDr": {
-          "$ref": "ResourceStatusServiceIntegrationStatusBackupDRStatus"
+        "enable": {
+          "description": "Indicates whether or not to export logs. This is false by default.",
+          "type": "boolean"
+        },
+        "filter": {
+          "description": "Specify the desired filtering of logs on this NAT. If unspecified, logs are exported for all connections handled by this NAT. This option can take one of the following values: - ERRORS_ONLY: Export logs only for connection failures. - TRANSLATIONS_ONLY: Export logs only for successful connections. - ALL: Export logs for all connections, successful and unsuccessful. ",
+          "enum": [
+            "ALL",
+            "ERRORS_ONLY",
+            "TRANSLATIONS_ONLY"
+          ],
+          "enumDescriptions": [
+            "Export logs for all (successful and unsuccessful) connections.",
+            "Export logs for connection failures only.",
+            "Export logs for successful connections only."
+          ],
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "ResourceStatusServiceIntegrationStatusBackupDRStatus": {
-      "description": "Message defining compute perspective of the result of integration with Backup and DR. FAILED status indicates that the operation specified did not complete correctly and should be retried with the same value.",
-      "id": "ResourceStatusServiceIntegrationStatusBackupDRStatus",
+    "RouterNatRule": {
+      "id": "RouterNatRule",
       "properties": {
-        "integrationDetails": {
-          "description": "The PlanReference object created by Backup and DR to maintain the actual status of backups. May still be present if removing the backup plan fails.",
+        "action": {
+          "$ref": "RouterNatRuleAction",
+          "description": "The action to be enforced for traffic that matches this rule."
+        },
+        "description": {
+          "description": "An optional description of this rule.",
           "type": "string"
         },
-        "state": {
-          "description": "Enum representing the registration state of a Backup and DR backup plan for the instance.",
-          "enum": [
-            "ACTIVE",
-            "CREATING",
-            "DELETING",
-            "FAILED",
-            "STATE_UNSPECIFIED"
-          ],
-          "enumDescriptions": [
-            "The operation was successful and Backup and DR is trying to protect the instance with the specified backup plan. Check resource pointed to in integration_details for more information.",
-            "GCE is trying to attach the backup plan to the instance.",
-            "GCE is trying to remove the backup plan from the instance.",
-            "The operation failed, specifying the same value in BackupDrSpec.plan again (including null for delete) will attempt to repair the integration",
-            "Default value, should not be found on instances."
-          ],
+        "match": {
+          "description": "CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. If it evaluates to true, the corresponding `action` is enforced. The following examples are valid match expressions for public NAT: \"inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')\" \"destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'\" The following example is a valid match expression for private NAT: \"nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'\"",
           "type": "string"
+        },
+        "ruleNumber": {
+          "description": "An integer uniquely identifying a rule in the list. The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT.",
+          "format": "uint32",
+          "type": "integer"
         }
       },
       "type": "object"
     },
-    "ResourceStatusUpcomingMaintenance": {
-      "id": "ResourceStatusUpcomingMaintenance",
+    "RouterNatRuleAction": {
+      "id": "RouterNatRuleAction",
       "properties": {
-        "canReschedule": {
-          "description": "Indicates if the maintenance can be customer triggered. See go/sf-ctm-design for more details",
-          "type": "boolean"
+        "sourceNatActiveIps": {
+          "description": "A list of URLs of the IP resources used for this NAT rule. These IP addresses must be valid static external IP addresses assigned to the project. This field is used for public NAT.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "sourceNatActiveRanges": {
+          "description": "A list of URLs of the subnetworks used as source ranges for this NAT Rule. These subnetworks must have purpose set to PRIVATE_NAT. This field is used for private NAT.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "sourceNatDrainIps": {
+          "description": "A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT. These IPs should be used for updating/patching a NAT rule only. This field is used for public NAT.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "sourceNatDrainRanges": {
+          "description": "A list of URLs of subnetworks representing source ranges to be drained. This is only supported on patch/update, and these subnetworks must have previously been used as active ranges in this NAT Rule. This field is used for private NAT.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "RolloutPolicy": {
-      "description": "A rollout policy configuration.",
-      "id": "RolloutPolicy",
+    "RouterNatSubnetworkToNat": {
+      "description": "Defines the IP ranges that want to use NAT for a subnetwork.",
+      "id": "RouterNatSubnetworkToNat",
       "properties": {
-        "defaultRolloutTime": {
-          "description": "An optional RFC3339 timestamp on or after which the update is considered rolled out to any zone that is not explicitly stated.",
+        "name": {
+          "description": "URL for the subnetwork resource that will use NAT.",
           "type": "string"
         },
-        "locationRolloutPolicies": {
-          "additionalProperties": {
+        "secondaryIpRangeNames": {
+          "description": "A list of the secondary ranges of the Subnetwork that are allowed to use NAT. This can be populated only if \"LIST_OF_SECONDARY_IP_RANGES\" is one of the values in source_ip_ranges_to_nat.",
+          "items": {
             "type": "string"
           },
-          "description": "Location based rollout policies to apply to the resource. Currently only zone names are supported and must be represented as valid URLs, like: zones/us-central1-a. The value expects an RFC3339 timestamp on or after which the update is considered rolled out to the specified location.",
-          "type": "object"
+          "type": "array"
+        },
+        "sourceIpRangesToNat": {
+          "description": "Specify the options for NAT ranges in the Subnetwork. All options of a single value are valid except NAT_IP_RANGE_OPTION_UNSPECIFIED. The only valid option with multiple values is: [\"PRIMARY_IP_RANGE\", \"LIST_OF_SECONDARY_IP_RANGES\"] Default: [ALL_IP_RANGES]",
+          "items": {
+            "enum": [
+              "ALL_IP_RANGES",
+              "LIST_OF_SECONDARY_IP_RANGES",
+              "PRIMARY_IP_RANGE"
+            ],
+            "enumDescriptions": [
+              "The primary and all the secondary ranges are allowed to Nat.",
+              "A list of secondary ranges are allowed to Nat.",
+              "The primary range is allowed to Nat."
+            ],
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "Route": {
-      "description": "Represents a Route resource. A route defines a path from VM instances in the VPC network to a specific destination. This destination can be inside or outside the VPC network. For more information, read the Routes overview.",
-      "id": "Route",
+    "RouterStatus": {
+      "id": "RouterStatus",
       "properties": {
-        "allowConflictingSubnetworks": {
-          "description": "Whether this route can conflict with existing subnetworks. Setting this to true allows this route to conflict with subnetworks that have already been configured on the corresponding network.",
-          "type": "boolean"
-        },
-        "asPaths": {
-          "description": "[Output Only] AS path.",
+        "bestRoutes": {
+          "description": "Best routes for this router's network.",
           "items": {
-            "$ref": "RouteAsPath"
+            "$ref": "Route"
           },
           "type": "array"
         },
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
-          "type": "string"
-        },
-        "description": {
-          "description": "An optional description of this resource. Provide this field when you create the resource.",
-          "type": "string"
+        "bestRoutesForRouter": {
+          "description": "Best routes learned by this router.",
+          "items": {
+            "$ref": "Route"
+          },
+          "type": "array"
         },
-        "destRange": {
-          "annotations": {
-            "required": [
-              "compute.routes.insert"
-            ]
+        "bgpPeerStatus": {
+          "items": {
+            "$ref": "RouterStatusBgpPeerStatus"
           },
-          "description": "The destination range of outgoing packets that this route applies to. Both IPv4 and IPv6 are supported.",
-          "type": "string"
+          "type": "array"
         },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
-          "type": "string"
+        "natStatus": {
+          "items": {
+            "$ref": "RouterStatusNatStatus"
+          },
+          "type": "array"
         },
-        "ilbRouteBehaviorOnUnhealthy": {
-          "description": "ILB route behavior when ILB is deemed unhealthy based on user specified threshold on the Backend Service of the internal load balancing.",
-          "enum": [
-            "DO_NOT_WITHDRAW_ROUTE_IF_ILB_UNHEALTHY",
-            "WITHDRAW_ROUTE_IF_ILB_UNHEALTHY"
-          ],
-          "enumDescriptions": [
-            "Do not Withdraw route if the ILB is deemed unhealthy based on user specified threshold on the Backend Service of the ILB. This is default behavior for ilb as next hop route without IlbRouteBehavior.",
-            "Withdraw route if the ILB is deemed unhealthy based on user specified threshold on the Backend Service of the internal load balancing. Currently the withdrawn route will be reinserted when the backends are restored to healthy. If you wish to prevent the re-insertion of the route and trigger the fall-back at your discretion, override the health result from the backends to signal as healthy only when ready to fallback."
-          ],
+        "network": {
+          "description": "URI of the network to which this router belongs.",
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "RouterStatusBgpPeerStatus": {
+      "id": "RouterStatusBgpPeerStatus",
+      "properties": {
+        "advertisedRoutes": {
+          "description": "Routes that were advertised to the remote BGP peer",
+          "items": {
+            "$ref": "Route"
+          },
+          "type": "array"
         },
-        "kind": {
-          "default": "compute#route",
-          "description": "[Output Only] Type of this resource. Always compute#routes for Route resources.",
-          "type": "string"
+        "bfdStatus": {
+          "$ref": "BfdStatus"
         },
-        "name": {
-          "annotations": {
-            "required": [
-              "compute.routes.insert"
-            ]
-          },
-          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
+        "enableIpv6": {
+          "description": "Enable IPv6 traffic over BGP Peer. If not specified, it is disabled by default.",
+          "type": "boolean"
         },
-        "network": {
-          "annotations": {
-            "required": [
-              "compute.routes.insert"
-            ]
-          },
-          "description": "Fully-qualified URL of the network that this route applies to.",
+        "ipAddress": {
+          "description": "IP address of the local BGP interface.",
           "type": "string"
         },
-        "nextHopGateway": {
-          "description": "The URL to a gateway that should handle matching packets. You can only specify the internet gateway using a full or partial valid URL: projects/ project/global/gateways/default-internet-gateway",
+        "ipv6NexthopAddress": {
+          "description": "IPv6 address of the local BGP interface.",
           "type": "string"
         },
-        "nextHopIlb": {
-          "description": "The URL to a forwarding rule of type loadBalancingScheme=INTERNAL that should handle matching packets or the IP address of the forwarding Rule. For example, the following are all valid URLs: - 10.128.0.56 - https://www.googleapis.com/compute/v1/projects/project/regions/region /forwardingRules/forwardingRule - regions/region/forwardingRules/forwardingRule ",
+        "linkedVpnTunnel": {
+          "description": "URL of the VPN tunnel that this BGP peer controls.",
           "type": "string"
         },
-        "nextHopInstance": {
-          "description": "The URL to an instance that should handle matching packets. You can specify this as a full or partial URL. For example: https://www.googleapis.com/compute/v1/projects/project/zones/zone/instances/",
-          "type": "string"
+        "md5AuthEnabled": {
+          "description": "Informs whether MD5 authentication is enabled on this BGP peer.",
+          "type": "boolean"
         },
-        "nextHopInterconnectAttachment": {
-          "description": "[Output Only] The URL to an InterconnectAttachment which is the next hop for the route. This field will only be populated for the dynamic routes generated by Cloud Router with a linked interconnectAttachment.",
+        "name": {
+          "description": "Name of this BGP peer. Unique within the Routers resource.",
           "type": "string"
         },
-        "nextHopIp": {
-          "description": "The network IP address of an instance that should handle matching packets. Only IPv4 is supported.",
-          "type": "string"
+        "numLearnedRoutes": {
+          "description": "Number of routes learned from the remote BGP Peer.",
+          "format": "uint32",
+          "type": "integer"
         },
-        "nextHopNetwork": {
-          "description": "The URL of the local network if it should handle matching packets.",
+        "peerIpAddress": {
+          "description": "IP address of the remote BGP interface.",
           "type": "string"
         },
-        "nextHopPeering": {
-          "description": "[Output Only] The network peering name that should handle matching packets, which should conform to RFC1035.",
+        "peerIpv6NexthopAddress": {
+          "description": "IPv6 address of the remote BGP interface.",
           "type": "string"
         },
-        "nextHopVpnTunnel": {
-          "description": "The URL to a VpnTunnel that should handle matching packets.",
+        "routerApplianceInstance": {
+          "description": "[Output only] URI of the VM instance that is used as third-party router appliances such as Next Gen Firewalls, Virtual Routers, or Router Appliances. The VM instance is the peer side of the BGP session.",
           "type": "string"
         },
-        "priority": {
-          "annotations": {
-            "required": [
-              "compute.routes.insert"
-            ]
-          },
-          "description": "The priority of this route. Priority is used to break ties in cases where there is more than one matching route of equal prefix length. In cases where multiple routes have equal prefix length, the one with the lowest-numbered priority value wins. The default value is `1000`. The priority value must be from `0` to `65535`, inclusive.",
-          "format": "uint32",
-          "type": "integer"
-        },
-        "routeStatus": {
-          "description": "[Output only] The status of the route.",
-          "enum": [
-            "ACTIVE",
-            "DROPPED",
-            "INACTIVE",
-            "PENDING"
-          ],
-          "enumDescriptions": [
-            "This route is processed and active.",
-            "The route is dropped due to the VPC exceeding the dynamic route limit. For dynamic route limit, please refer to the Learned route example",
-            "This route is processed but inactive due to failure from the backend. The backend may have rejected the route",
-            "This route is being processed internally. The status will change once processed."
-          ],
+        "state": {
+          "description": "The state of the BGP session. For a list of possible values for this field, see BGP session states.",
           "type": "string"
         },
-        "routeType": {
-          "description": "[Output Only] The type of this route, which can be one of the following values: - 'TRANSIT' for a transit route that this router learned from another Cloud Router and will readvertise to one of its BGP peers - 'SUBNET' for a route from a subnet of the VPC - 'BGP' for a route learned from a BGP peer of this router - 'STATIC' for a static route",
+        "status": {
+          "description": "Status of the BGP peer: {UP, DOWN}",
           "enum": [
-            "BGP",
-            "STATIC",
-            "SUBNET",
-            "TRANSIT"
+            "DOWN",
+            "UNKNOWN",
+            "UP"
           ],
           "enumDescriptions": [
-            "",
             "",
             "",
             ""
           ],
           "type": "string"
         },
-        "selfLink": {
-          "description": "[Output Only] Server-defined fully-qualified URL for this resource.",
-          "type": "string"
-        },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
-          "type": "string"
-        },
-        "tags": {
-          "annotations": {
-            "required": [
-              "compute.routes.insert"
-            ]
-          },
-          "description": "A list of instance tags to which this route applies.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "warnings": {
-          "description": "[Output Only] If potential misconfigurations are detected for this route, this field will be populated with warning messages.",
-          "items": {
-            "properties": {
-              "code": {
-                "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-                "enum": [
-                  "CLEANUP_FAILED",
-                  "DEPRECATED_RESOURCE_USED",
-                  "DEPRECATED_TYPE_USED",
-                  "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                  "EXPERIMENTAL_TYPE_USED",
-                  "EXTERNAL_API_WARNING",
-                  "FIELD_VALUE_OVERRIDEN",
-                  "INJECTED_KERNELS_DEPRECATED",
-                  "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                  "LARGE_DEPLOYMENT_WARNING",
-                  "MISSING_TYPE_DEPENDENCY",
-                  "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                  "NEXT_HOP_CANNOT_IP_FORWARD",
-                  "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                  "NEXT_HOP_INSTANCE_NOT_FOUND",
-                  "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                  "NEXT_HOP_NOT_RUNNING",
-                  "NOT_CRITICAL_ERROR",
-                  "NO_RESULTS_ON_PAGE",
-                  "PARTIAL_SUCCESS",
-                  "REQUIRED_TOS_AGREEMENT",
-                  "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                  "RESOURCE_NOT_DELETED",
-                  "SCHEMA_VALIDATION_IGNORED",
-                  "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                  "UNDECLARED_PROPERTIES",
-                  "UNREACHABLE"
-                ],
-                "enumDescriptions": [
-                  "Warning about failed cleanup of transient changes made by a failed operation.",
-                  "A link to a deprecated resource was created.",
-                  "When deploying and at least one of the resources has a type marked as deprecated",
-                  "The user created a boot disk that is larger than image size.",
-                  "When deploying and at least one of the resources has a type marked as experimental",
-                  "Warning that is present in an external api call",
-                  "Warning that value of a field has been overridden. Deprecated unused field.",
-                  "The operation involved use of an injected kernel, which is deprecated.",
-                  "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                  "When deploying a deployment with a exceedingly large number of resources",
-                  "A resource depends on a missing type",
-                  "The route's nextHopIp address is not assigned to an instance on the network.",
-                  "The route's next hop instance cannot ip forward.",
-                  "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                  "The route's nextHopInstance URL refers to an instance that does not exist.",
-                  "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                  "The route's next hop instance does not have a status of RUNNING.",
-                  "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                  "No results are present on a particular list page.",
-                  "Success is reported, but some results may be missing due to errors",
-                  "The user attempted to use a resource that requires a TOS they have not accepted.",
-                  "Warning that a resource is in use.",
-                  "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                  "When a resource schema validation is ignored.",
-                  "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                  "When undeclared properties in the schema are present",
-                  "A given scope cannot be reached."
-                ],
-                "type": "string"
-              },
-              "data": {
-                "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-                "items": {
-                  "properties": {
-                    "key": {
-                      "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                      "type": "string"
-                    },
-                    "value": {
-                      "description": "[Output Only] A warning data value corresponding to the key.",
-                      "type": "string"
-                    }
-                  },
-                  "type": "object"
-                },
-                "type": "array"
-              },
-              "message": {
-                "description": "[Output Only] A human-readable description of the warning code.",
-                "type": "string"
-              }
-            },
-            "type": "object"
-          },
-          "type": "array"
+        "statusReason": {
+          "description": "Indicates why particular status was returned.",
+          "enum": [
+            "MD5_AUTH_INTERNAL_PROBLEM",
+            "STATUS_REASON_UNSPECIFIED"
+          ],
+          "enumDescriptions": [
+            "Indicates internal problems with configuration of MD5 authentication. This particular reason can only be returned when md5AuthEnabled is true and status is DOWN.",
+            ""
+          ],
+          "type": "string"
+        },
+        "uptime": {
+          "description": "Time this session has been up. Format: 14 years, 51 weeks, 6 days, 23 hours, 59 minutes, 59 seconds",
+          "type": "string"
+        },
+        "uptimeSeconds": {
+          "description": "Time this session has been up, in seconds. Format: 145",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "RouteAsPath": {
-      "id": "RouteAsPath",
+    "RouterStatusNatStatus": {
+      "description": "Status of a NAT contained in this router.",
+      "id": "RouterStatusNatStatus",
       "properties": {
-        "asLists": {
-          "description": "[Output Only] The AS numbers of the AS Path.",
+        "autoAllocatedNatIps": {
+          "description": "A list of IPs auto-allocated for NAT. Example: [\"1.1.1.1\", \"129.2.16.89\"]",
           "items": {
-            "format": "uint32",
-            "type": "integer"
+            "type": "string"
           },
           "type": "array"
         },
-        "pathSegmentType": {
-          "description": "[Output Only] The type of the AS Path, which can be one of the following values: - 'AS_SET': unordered set of autonomous systems that the route in has traversed - 'AS_SEQUENCE': ordered set of autonomous systems that the route has traversed - 'AS_CONFED_SEQUENCE': ordered set of Member Autonomous Systems in the local confederation that the route has traversed - 'AS_CONFED_SET': unordered set of Member Autonomous Systems in the local confederation that the route has traversed ",
-          "enum": [
-            "AS_CONFED_SEQUENCE",
-            "AS_CONFED_SET",
-            "AS_SEQUENCE",
-            "AS_SET"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            "",
-            ""
-          ],
+        "drainAutoAllocatedNatIps": {
+          "description": "A list of IPs auto-allocated for NAT that are in drain mode. Example: [\"1.1.1.1\", \"179.12.26.133\"].",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "drainUserAllocatedNatIps": {
+          "description": "A list of IPs user-allocated for NAT that are in drain mode. Example: [\"1.1.1.1\", \"179.12.26.133\"].",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "minExtraNatIpsNeeded": {
+          "description": "The number of extra IPs to allocate. This will be greater than 0 only if user-specified IPs are NOT enough to allow all configured VMs to use NAT. This value is meaningful only when auto-allocation of NAT IPs is *not* used.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "name": {
+          "description": "Unique name of this NAT.",
           "type": "string"
+        },
+        "numVmEndpointsWithNatMappings": {
+          "description": "Number of VM endpoints (i.e., Nics) that can use NAT.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "ruleStatus": {
+          "description": "Status of rules in this NAT.",
+          "items": {
+            "$ref": "RouterStatusNatStatusNatRuleStatus"
+          },
+          "type": "array"
+        },
+        "userAllocatedNatIpResources": {
+          "description": "A list of fully qualified URLs of reserved IP address resources.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "userAllocatedNatIps": {
+          "description": "A list of IPs user-allocated for NAT. They will be raw IP strings like \"179.12.26.133\".",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "RouteList": {
-      "description": "Contains a list of Route resources.",
-      "id": "RouteList",
+    "RouterStatusNatStatusNatRuleStatus": {
+      "description": "Status of a NAT Rule contained in this NAT.",
+      "id": "RouterStatusNatStatusNatRuleStatus",
       "properties": {
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
-          "type": "string"
+        "activeNatIps": {
+          "description": "A list of active IPs for NAT. Example: [\"1.1.1.1\", \"179.12.26.133\"].",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         },
-        "items": {
-          "description": "A list of Route resources.",
+        "drainNatIps": {
+          "description": "A list of IPs for NAT that are in drain mode. Example: [\"1.1.1.1\", \"179.12.26.133\"].",
           "items": {
-            "$ref": "Route"
+            "type": "string"
           },
           "type": "array"
         },
+        "minExtraIpsNeeded": {
+          "description": "The number of extra IPs to allocate. This will be greater than 0 only if the existing IPs in this NAT Rule are NOT enough to allow all configured VMs to use NAT.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "numVmEndpointsWithNatMappings": {
+          "description": "Number of VM endpoints (i.e., NICs) that have NAT Mappings from this NAT Rule.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "ruleNumber": {
+          "description": "Rule number of the rule.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "RouterStatusResponse": {
+      "id": "RouterStatusResponse",
+      "properties": {
         "kind": {
-          "default": "compute#routeList",
+          "default": "compute#routerStatusResponse",
           "description": "Type of resource.",
           "type": "string"
         },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
-          "type": "string"
+        "result": {
+          "$ref": "RouterStatus"
+        }
+      },
+      "type": "object"
+    },
+    "RoutersPreviewResponse": {
+      "id": "RoutersPreviewResponse",
+      "properties": {
+        "resource": {
+          "$ref": "Router",
+          "description": "Preview of given router."
+        }
+      },
+      "type": "object"
+    },
+    "RoutersScopedList": {
+      "id": "RoutersScopedList",
+      "properties": {
+        "routers": {
+          "description": "A list of routers contained in this scope.",
+          "items": {
+            "$ref": "Router"
+          },
+          "type": "array"
         },
         "warning": {
-          "description": "[Output Only] Informational warning message.",
+          "description": "Informational warning which replaces the list of routers when the list is empty.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -71804,6 +79993,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -71822,6 +80012,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -71833,6 +80053,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -71880,133 +80101,517 @@
       },
       "type": "object"
     },
-    "Router": {
-      "description": "Represents a Cloud Router resource. For more information about Cloud Router, read the Cloud Router overview.",
-      "id": "Router",
+    "Rule": {
+      "description": "This is deprecated and has no effect. Do not use.",
+      "id": "Rule",
       "properties": {
-        "bgp": {
-          "$ref": "RouterBgp",
-          "description": "BGP information specific to this router."
+        "action": {
+          "description": "This is deprecated and has no effect. Do not use.",
+          "enum": [
+            "ALLOW",
+            "ALLOW_WITH_LOG",
+            "DENY",
+            "DENY_WITH_LOG",
+            "LOG",
+            "NO_ACTION"
+          ],
+          "enumDescriptions": [
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use.",
+            "This is deprecated and has no effect. Do not use."
+          ],
+          "type": "string"
         },
-        "bgpPeers": {
-          "description": "BGP information that must be configured into the routing stack to establish BGP peering. This information must specify the peer ASN and either the interface name, IP address, or peer IP address. Please refer to RFC4273.",
+        "conditions": {
+          "description": "This is deprecated and has no effect. Do not use.",
           "items": {
-            "$ref": "RouterBgpPeer"
+            "$ref": "Condition"
           },
           "type": "array"
         },
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+        "description": {
+          "description": "This is deprecated and has no effect. Do not use.",
           "type": "string"
         },
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
+        "ins": {
+          "description": "This is deprecated and has no effect. Do not use.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "logConfigs": {
+          "description": "This is deprecated and has no effect. Do not use.",
+          "items": {
+            "$ref": "LogConfig"
+          },
+          "type": "array"
+        },
+        "notIns": {
+          "description": "This is deprecated and has no effect. Do not use.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "permissions": {
+          "description": "This is deprecated and has no effect. Do not use.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "SSLHealthCheck": {
+      "id": "SSLHealthCheck",
+      "properties": {
+        "port": {
+          "description": "The TCP port number to which the health check prober sends packets. The default value is 443. Valid values are 1 through 65535.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "portName": {
+          "description": "Not supported.",
+          "type": "string"
+        },
+        "portSpecification": {
+          "description": "Specifies how a port is selected for health checking. Can be one of the following values: USE_FIXED_PORT: Specifies a port number explicitly using the port field in the health check. Supported by backend services for pass-through load balancers and backend services for proxy load balancers. Not supported by target pools. The health check supports all backends supported by the backend service provided the backend can be health checked. For example, GCE_VM_IP network endpoint groups, GCE_VM_IP_PORT network endpoint groups, and instance group backends. USE_NAMED_PORT: Not supported. USE_SERVING_PORT: Provides an indirect method of specifying the health check port by referring to the backend service. Only supported by backend services for proxy load balancers. Not supported by target pools. Not supported by backend services for pass-through load balancers. Supports all backends that can be health checked; for example, GCE_VM_IP_PORT network endpoint groups and instance group backends. For GCE_VM_IP_PORT network endpoint group backends, the health check uses the port number specified for each endpoint in the network endpoint group. For instance group backends, the health check uses the port number determined by looking up the backend service's named port in the instance group's list of named ports.",
+          "enum": [
+            "USE_FIXED_PORT",
+            "USE_NAMED_PORT",
+            "USE_SERVING_PORT"
+          ],
+          "enumDescriptions": [
+            "The port number in the health check's port is used for health checking. Applies to network endpoint group and instance group backends.",
+            "Not supported.",
+            "For network endpoint group backends, the health check uses the port number specified on each endpoint in the network endpoint group. For instance group backends, the health check uses the port number specified for the backend service's named port defined in the instance group's named ports."
+          ],
+          "type": "string"
+        },
+        "proxyHeader": {
+          "description": "Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. The default is NONE.",
+          "enum": [
+            "NONE",
+            "PROXY_V1"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "request": {
+          "description": "Instructs the health check prober to send this exact ASCII string, up to 1024 bytes in length, after establishing the TCP connection and SSL handshake.",
+          "type": "string"
+        },
+        "response": {
+          "description": "Creates a content-based SSL health check. In addition to establishing a TCP connection and the TLS handshake, you can configure the health check to pass only when the backend sends this exact response ASCII string, up to 1024 bytes in length. For details, see: https://cloud.google.com/load-balancing/docs/health-check-concepts#criteria-protocol-ssl-tcp",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "SavedAttachedDisk": {
+      "description": "DEPRECATED: Please use compute#savedDisk instead. An instance-attached disk resource.",
+      "id": "SavedAttachedDisk",
+      "properties": {
+        "autoDelete": {
+          "description": "Specifies whether the disk will be auto-deleted when the instance is deleted (but not when the disk is detached from the instance).",
+          "type": "boolean"
+        },
+        "boot": {
+          "description": "Indicates that this is a boot disk. The virtual machine will use the first partition of the disk for its root filesystem.",
+          "type": "boolean"
+        },
+        "deviceName": {
+          "description": "Specifies the name of the disk attached to the source instance.",
+          "type": "string"
+        },
+        "diskEncryptionKey": {
+          "$ref": "CustomerEncryptionKey",
+          "description": "The encryption key for the disk."
+        },
+        "diskSizeGb": {
+          "description": "The size of the disk in base-2 GB.",
+          "format": "int64",
+          "type": "string"
+        },
+        "diskType": {
+          "description": "[Output Only] URL of the disk type resource. For example: projects/project /zones/zone/diskTypes/pd-standard or pd-ssd",
+          "type": "string"
+        },
+        "guestOsFeatures": {
+          "description": "A list of features to enable on the guest operating system. Applicable only for bootable images. Read Enabling guest operating system features to see a list of available options.",
+          "items": {
+            "$ref": "GuestOsFeature"
+          },
+          "type": "array"
+        },
+        "index": {
+          "description": "Specifies zero-based index of the disk that is attached to the source instance.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "interface": {
+          "description": "Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME.",
+          "enum": [
+            "NVDIMM",
+            "NVME",
+            "SCSI"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "kind": {
+          "default": "compute#savedAttachedDisk",
+          "description": "[Output Only] Type of the resource. Always compute#attachedDisk for attached disks.",
+          "type": "string"
+        },
+        "licenses": {
+          "description": "[Output Only] Any valid publicly visible licenses.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "mode": {
+          "description": "The mode in which this disk is attached to the source instance, either READ_WRITE or READ_ONLY.",
+          "enum": [
+            "READ_ONLY",
+            "READ_WRITE"
+          ],
+          "enumDescriptions": [
+            "Attaches this disk in read-only mode. Multiple virtual machines can use a disk in read-only mode at a time.",
+            "*[Default]* Attaches this disk in read-write mode. Only one virtual machine at a time can be attached to a disk in read-write mode."
+          ],
+          "type": "string"
+        },
+        "source": {
+          "description": "Specifies a URL of the disk attached to the source instance.",
+          "type": "string"
+        },
+        "storageBytes": {
+          "description": "[Output Only] A size of the storage used by the disk's snapshot by this machine image.",
+          "format": "int64",
+          "type": "string"
+        },
+        "storageBytesStatus": {
+          "description": "[Output Only] An indicator whether storageBytes is in a stable state or it is being adjusted as a result of shared storage reallocation. This status can either be UPDATING, meaning the size of the snapshot is being updated, or UP_TO_DATE, meaning the size of the snapshot is up-to-date.",
+          "enum": [
+            "UPDATING",
+            "UP_TO_DATE"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "type": {
+          "description": "Specifies the type of the attached disk, either SCRATCH or PERSISTENT.",
+          "enum": [
+            "PERSISTENT",
+            "SCRATCH"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "SavedDisk": {
+      "description": "An instance-attached disk resource.",
+      "id": "SavedDisk",
+      "properties": {
+        "architecture": {
+          "description": "[Output Only] The architecture of the attached disk.",
+          "enum": [
+            "ARCHITECTURE_UNSPECIFIED",
+            "ARM64",
+            "X86_64"
+          ],
+          "enumDescriptions": [
+            "Default value indicating Architecture is not set.",
+            "Machines with architecture ARM64",
+            "Machines with architecture X86_64"
+          ],
+          "type": "string"
+        },
+        "kind": {
+          "default": "compute#savedDisk",
+          "description": "[Output Only] Type of the resource. Always compute#savedDisk for attached disks.",
+          "type": "string"
+        },
+        "sourceDisk": {
+          "description": "Specifies a URL of the disk attached to the source instance.",
+          "type": "string"
+        },
+        "storageBytes": {
+          "description": "[Output Only] Size of the individual disk snapshot used by this machine image.",
+          "format": "int64",
+          "type": "string"
+        },
+        "storageBytesStatus": {
+          "description": "[Output Only] An indicator whether storageBytes is in a stable state or it is being adjusted as a result of shared storage reallocation. This status can either be UPDATING, meaning the size of the snapshot is being updated, or UP_TO_DATE, meaning the size of the snapshot is up-to-date.",
+          "enum": [
+            "UPDATING",
+            "UP_TO_DATE"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ScalingScheduleStatus": {
+      "id": "ScalingScheduleStatus",
+      "properties": {
+        "lastStartTime": {
+          "description": "[Output Only] The last time the scaling schedule became active. Note: this is a timestamp when a schedule actually became active, not when it was planned to do so. The timestamp is in RFC3339 text format.",
+          "type": "string"
+        },
+        "nextStartTime": {
+          "description": "[Output Only] The next time the scaling schedule is to become active. Note: this is a timestamp when a schedule is planned to run, but the actual time might be slightly different. The timestamp is in RFC3339 text format.",
+          "type": "string"
+        },
+        "state": {
+          "description": "[Output Only] The current state of a scaling schedule.",
+          "enum": [
+            "ACTIVE",
+            "DISABLED",
+            "OBSOLETE",
+            "READY"
+          ],
+          "enumDescriptions": [
+            "The current autoscaling recommendation is influenced by this scaling schedule.",
+            "This scaling schedule has been disabled by the user.",
+            "This scaling schedule will never become active again.",
+            "The current autoscaling recommendation is not influenced by this scaling schedule."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "Scheduling": {
+      "description": "Sets the scheduling options for an Instance.",
+      "id": "Scheduling",
+      "properties": {
+        "automaticRestart": {
+          "description": "Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). You can only set the automatic restart option for standard instances. Preemptible instances cannot be automatically restarted. By default, this is set to true so an instance is automatically restarted if it is terminated by Compute Engine.",
+          "type": "boolean"
+        },
+        "availabilityDomain": {
+          "description": "Specifies the availability domain (AD), which this instance should be scheduled on. The AD belongs to the spread GroupPlacementPolicy resource policy that has been assigned to the instance. Specify a value between 1-max count of availability domains in your GroupPlacementPolicy. See go/placement-policy-extension for more details.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "currentCpus": {
+          "description": "Current number of vCPUs available for VM. 0 or unset means default vCPUs of the current machine type.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "currentMemoryMb": {
+          "description": "Current amount of memory (in MB) available for VM. 0 or unset means default amount of memory of the current machine type.",
+          "format": "int64",
+          "type": "string"
+        },
+        "hostErrorTimeoutSeconds": {
+          "description": "Specify the time in seconds for host error detection, the value must be within the range of [90, 330] with the increment of 30, if unset, the default behavior of host error recovery will be used.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "instanceTerminationAction": {
+          "description": "Specifies the termination action for the instance.",
+          "enum": [
+            "DELETE",
+            "INSTANCE_TERMINATION_ACTION_UNSPECIFIED",
+            "STOP"
+          ],
+          "enumDescriptions": [
+            "Delete the VM.",
+            "Default value. This value is unused.",
+            "Stop the VM without storing in-memory content. default action."
+          ],
           "type": "string"
         },
-        "encryptedInterconnectRouter": {
-          "description": "Indicates if a router is dedicated for use with encrypted VLAN attachments (interconnectAttachments).",
+        "latencyTolerant": {
+          "description": "Defines whether the instance is tolerant of higher cpu latency. This can only be set during instance creation, or when the instance is not currently running. It must not be set if the preemptible option is also set.",
           "type": "boolean"
         },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
+        "localSsdRecoveryTimeout": {
+          "$ref": "Duration",
+          "description": "Specifies the maximum amount of time a Local Ssd Vm should wait while recovery of the Local Ssd state is attempted. Its value should be in between 0 and 168 hours with hour granularity and the default value being 1 hour."
+        },
+        "locationHint": {
+          "description": "An opaque location hint used to place the instance close to other resources. This field is for use by internal tools that use the public API.",
           "type": "string"
         },
-        "interfaces": {
-          "description": "Router interfaces. Each interface requires either one linked resource, (for example, linkedVpnTunnel), or IP address and IP address range (for example, ipRange), or both.",
-          "items": {
-            "$ref": "RouterInterface"
-          },
-          "type": "array"
+        "maintenanceFreezeDurationHours": {
+          "description": "Specifies the number of hours after VM instance creation where the VM won't be scheduled for maintenance.",
+          "format": "int32",
+          "type": "integer"
         },
-        "kind": {
-          "default": "compute#router",
-          "description": "[Output Only] Type of resource. Always compute#router for routers.",
+        "maintenanceInterval": {
+          "description": "Specifies the frequency of planned maintenance events. The accepted values are: `PERIODIC`.",
+          "enum": [
+            "AS_NEEDED",
+            "PERIODIC",
+            "RECURRENT"
+          ],
+          "enumDescriptions": [
+            "VMs are eligible to receive infrastructure and hypervisor updates as they become available. This may result in more maintenance operations (live migrations or terminations) for the VM than the PERIODIC and RECURRENT options.",
+            "VMs receive infrastructure and hypervisor updates on a periodic basis, minimizing the number of maintenance operations (live migrations or terminations) on an individual VM. This may mean a VM will take longer to receive an update than if it was configured for AS_NEEDED. Security updates will still be applied as soon as they are available.",
+            "VMs receive infrastructure and hypervisor updates on a periodic basis, minimizing the number of maintenance operations (live migrations or terminations) on an individual VM. This may mean a VM will take longer to receive an update than if it was configured for AS_NEEDED. Security updates will still be applied as soon as they are available. RECURRENT is used for GEN3 and Slice of Hardware VMs."
+          ],
           "type": "string"
         },
-        "md5AuthenticationKeys": {
-          "description": "Keys used for MD5 authentication.",
-          "items": {
-            "$ref": "RouterMd5AuthenticationKey"
-          },
-          "type": "array"
+        "maxRunDuration": {
+          "$ref": "Duration",
+          "description": "Specifies the max run duration for the given instance. If specified, the instance termination action will be performed at the end of the run duration."
         },
-        "name": {
-          "annotations": {
-            "required": [
-              "compute.routers.insert"
-            ]
-          },
-          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
+        "minNodeCpus": {
+          "description": "The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node.",
+          "format": "int32",
+          "type": "integer"
         },
-        "nats": {
-          "description": "A list of NAT services created in this router.",
+        "nodeAffinities": {
+          "description": "A set of node affinity and anti-affinity configurations. Refer to Configuring node affinity for more information. Overrides reservationAffinity.",
           "items": {
-            "$ref": "RouterNat"
+            "$ref": "SchedulingNodeAffinity"
           },
           "type": "array"
         },
-        "network": {
-          "annotations": {
-            "required": [
-              "compute.routers.insert",
-              "compute.routers.update"
-            ]
-          },
-          "description": "URI of the network to which this router belongs.",
+        "onHostMaintenance": {
+          "description": "Defines the maintenance behavior for this instance. For standard instances, the default behavior is MIGRATE. For preemptible instances, the default and only possible behavior is TERMINATE. For more information, see Set VM host maintenance policy.",
+          "enum": [
+            "MIGRATE",
+            "TERMINATE"
+          ],
+          "enumDescriptions": [
+            "*[Default]* Allows Compute Engine to automatically migrate instances out of the way of maintenance events.",
+            "Tells Compute Engine to terminate and (optionally) restart the instance away from the maintenance activity. If you would like your instance to be restarted, set the automaticRestart flag to true. Your instance may be restarted more than once, and it may be restarted outside the window of maintenance events."
+          ],
           "type": "string"
         },
-        "region": {
-          "description": "[Output Only] URI of the region where the router resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
+        "preemptible": {
+          "description": "Defines whether the instance is preemptible. This can only be set during instance creation or while the instance is stopped and therefore, in a `TERMINATED` state. See Instance Life Cycle for more information on the possible instance states.",
+          "type": "boolean"
+        },
+        "provisioningModel": {
+          "description": "Specifies the provisioning model of the instance.",
+          "enum": [
+            "SPOT",
+            "STANDARD"
+          ],
+          "enumDescriptions": [
+            "Heavily discounted, no guaranteed runtime.",
+            "Standard provisioning with user controlled runtime, no discounts."
+          ],
           "type": "string"
         },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
+        "terminationTime": {
+          "description": "Specifies the timestamp, when the instance will be terminated, in RFC3339 text format. If specified, the instance termination action will be performed at the termination time.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "SchedulingNodeAffinity": {
+      "description": "Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled.",
+      "id": "SchedulingNodeAffinity",
+      "properties": {
+        "key": {
+          "description": "Corresponds to the label key of Node resource.",
           "type": "string"
         },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+        "operator": {
+          "description": "Defines the operation of node selection. Valid operators are IN for affinity and NOT_IN for anti-affinity.",
+          "enum": [
+            "IN",
+            "NOT_IN",
+            "OPERATOR_UNSPECIFIED"
+          ],
+          "enumDescriptions": [
+            "Requires Compute Engine to seek for matched nodes.",
+            "Requires Compute Engine to avoid certain nodes.",
+            ""
+          ],
           "type": "string"
+        },
+        "values": {
+          "description": "Corresponds to the label values of Node resource.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "RouterAdvertisedIpRange": {
-      "description": "Description-tagged IP ranges for the router to advertise.",
-      "id": "RouterAdvertisedIpRange",
+    "Screenshot": {
+      "description": "An instance's screenshot.",
+      "id": "Screenshot",
       "properties": {
-        "description": {
-          "description": "User-specified description for the IP range.",
+        "contents": {
+          "description": "[Output Only] The Base64-encoded screenshot data.",
           "type": "string"
         },
-        "range": {
-          "description": "The IP range to advertise. The value must be a CIDR-formatted string.",
+        "kind": {
+          "default": "compute#screenshot",
+          "description": "[Output Only] Type of the resource. Always compute#screenshot for the screenshots.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "RouterAggregatedList": {
-      "description": "Contains a list of routers.",
-      "id": "RouterAggregatedList",
+    "SdsConfig": {
+      "description": "[Deprecated] The configuration to access the SDS server. The configuration to access the SDS server.",
+      "id": "SdsConfig",
+      "properties": {
+        "grpcServiceConfig": {
+          "$ref": "GrpcServiceConfig",
+          "description": "The configuration to access the SDS server over GRPC."
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPoliciesAggregatedList": {
+      "id": "SecurityPoliciesAggregatedList",
       "properties": {
+        "etag": {
+          "type": "string"
+        },
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
           "additionalProperties": {
-            "$ref": "RoutersScopedList",
-            "description": "Name of the scope containing this set of routers."
+            "$ref": "SecurityPoliciesScopedList",
+            "description": "Name of the scope containing this set of security policies."
           },
-          "description": "A list of Router resources.",
+          "description": "A list of SecurityPoliciesScopedList resources.",
           "type": "object"
         },
         "kind": {
-          "default": "compute#routerAggregatedList",
-          "description": "Type of resource.",
+          "default": "compute#securityPoliciesAggregatedList",
+          "description": "[Output Only] Type of resource. Always compute#securityPolicyAggregatedList for lists of Security Policies.",
           "type": "string"
         },
         "nextPageToken": {
@@ -72040,6 +80645,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -72058,6 +80664,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -72069,6 +80705,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -72116,356 +80753,27 @@
       },
       "type": "object"
     },
-    "RouterBgp": {
-      "id": "RouterBgp",
-      "properties": {
-        "advertiseMode": {
-          "description": "User-specified flag to indicate which mode to use for advertisement. The options are DEFAULT or CUSTOM.",
-          "enum": [
-            "CUSTOM",
-            "DEFAULT"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "advertisedGroups": {
-          "description": "User-specified list of prefix groups to advertise in custom mode. This field can only be populated if advertise_mode is CUSTOM and is advertised to all peers of the router. These groups will be advertised in addition to any specified prefixes. Leave this field blank to advertise no custom groups.",
-          "items": {
-            "enum": [
-              "ALL_PEER_VPC_SUBNETS",
-              "ALL_SUBNETS",
-              "ALL_VPC_SUBNETS"
-            ],
-            "enumDescriptions": [
-              "Advertise peer subnets of the router's VPC.",
-              "Advertise all available subnets (including peer VPC subnets).",
-              "Advertise the router's own VPC subnets."
-            ],
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "advertisedIpRanges": {
-          "description": "User-specified list of individual IP ranges to advertise in custom mode. This field can only be populated if advertise_mode is CUSTOM and is advertised to all peers of the router. These IP ranges will be advertised in addition to any specified groups. Leave this field blank to advertise no custom IP ranges.",
-          "items": {
-            "$ref": "RouterAdvertisedIpRange"
-          },
-          "type": "array"
-        },
-        "asn": {
-          "description": "Local BGP Autonomous System Number (ASN). Must be an RFC6996 private ASN, either 16-bit or 32-bit. The value will be fixed for this router resource. All VPN tunnels that link to this router will have the same local ASN.",
-          "format": "uint32",
-          "type": "integer"
-        },
-        "keepaliveInterval": {
-          "description": "The interval in seconds between BGP keepalive messages that are sent to the peer. Hold time is three times the interval at which keepalive messages are sent, and the hold time is the maximum number of seconds allowed to elapse between successive keepalive messages that BGP receives from a peer. BGP will use the smaller of either the local hold time value or the peer's hold time value as the hold time for the BGP connection between the two peers. If set, this value must be between 20 and 60. The default is 20.",
-          "format": "uint32",
-          "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "RouterBgpPeer": {
-      "id": "RouterBgpPeer",
-      "properties": {
-        "advertiseMode": {
-          "description": "User-specified flag to indicate which mode to use for advertisement.",
-          "enum": [
-            "CUSTOM",
-            "DEFAULT"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "advertisedGroups": {
-          "description": "User-specified list of prefix groups to advertise in custom mode, which can take one of the following options: - ALL_SUBNETS: Advertises all available subnets, including peer VPC subnets. - ALL_VPC_SUBNETS: Advertises the router's own VPC subnets. Note that this field can only be populated if advertise_mode is CUSTOM and overrides the list defined for the router (in the \"bgp\" message). These groups are advertised in addition to any specified prefixes. Leave this field blank to advertise no custom groups.",
-          "items": {
-            "enum": [
-              "ALL_PEER_VPC_SUBNETS",
-              "ALL_SUBNETS",
-              "ALL_VPC_SUBNETS"
-            ],
-            "enumDescriptions": [
-              "Advertise peer subnets of the router's VPC.",
-              "Advertise all available subnets (including peer VPC subnets).",
-              "Advertise the router's own VPC subnets."
-            ],
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "advertisedIpRanges": {
-          "description": "User-specified list of individual IP ranges to advertise in custom mode. This field can only be populated if advertise_mode is CUSTOM and overrides the list defined for the router (in the \"bgp\" message). These IP ranges are advertised in addition to any specified groups. Leave this field blank to advertise no custom IP ranges.",
-          "items": {
-            "$ref": "RouterAdvertisedIpRange"
-          },
-          "type": "array"
-        },
-        "advertisedRoutePriority": {
-          "description": "The priority of routes advertised to this BGP peer. Where there is more than one matching route of maximum length, the routes with the lowest priority value win.",
-          "format": "uint32",
-          "type": "integer"
-        },
-        "bfd": {
-          "$ref": "RouterBgpPeerBfd",
-          "description": "BFD configuration for the BGP peering."
-        },
-        "customLearnedIpRanges": {
-          "description": "User-defined Custom Learned Route IP range list for a BGP session.",
-          "items": {
-            "$ref": "RouterBgpPeerCustomLearnedIpRange"
-          },
-          "type": "array"
-        },
-        "customLearnedRoutePriority": {
-          "description": "User-defined Custom Learned Route Priority for a BGP session. This will be applied to all Custom Learned Route ranges of the BGP session, if not given, google-managed priority of 100 is used.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "enable": {
-          "description": "The status of the BGP peer connection. If set to FALSE, any active session with the peer is terminated and all associated routing information is removed. If set to TRUE, the peer connection can be established with routing information. The default is TRUE.",
-          "enum": [
-            "FALSE",
-            "TRUE"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "enableIpv6": {
-          "description": "Enable IPv6 traffic over BGP Peer. If not specified, it is disabled by default.",
-          "type": "boolean"
-        },
-        "interfaceName": {
-          "description": "Name of the interface the BGP peer is associated with.",
-          "type": "string"
-        },
-        "ipAddress": {
-          "description": "IP address of the interface inside Google Cloud Platform. Only IPv4 is supported.",
-          "type": "string"
-        },
-        "ipv6NexthopAddress": {
-          "description": "IPv6 address of the interface inside Google Cloud Platform.",
-          "type": "string"
-        },
-        "managementType": {
-          "description": "[Output Only] The resource that configures and manages this BGP peer. - MANAGED_BY_USER is the default value and can be managed by you or other users - MANAGED_BY_ATTACHMENT is a BGP peer that is configured and managed by Cloud Interconnect, specifically by an InterconnectAttachment of type PARTNER. Google automatically creates, updates, and deletes this type of BGP peer when the PARTNER InterconnectAttachment is created, updated, or deleted. ",
-          "enum": [
-            "MANAGED_BY_ATTACHMENT",
-            "MANAGED_BY_USER"
-          ],
-          "enumDescriptions": [
-            "The BGP peer is automatically created for PARTNER type InterconnectAttachment; Google will automatically create/delete this BGP peer when the PARTNER InterconnectAttachment is created/deleted, and Google will update the ipAddress and peerIpAddress when the PARTNER InterconnectAttachment is provisioned. This type of BGP peer cannot be created or deleted, but can be modified for all fields except for name, ipAddress and peerIpAddress.",
-            "Default value, the BGP peer is manually created and managed by user."
-          ],
-          "type": "string"
-        },
-        "md5AuthenticationKeyName": {
-          "description": "Present if MD5 authentication is enabled for the peering. Must be the name of one of the entries in the Router.md5_authentication_keys. The field must comply with RFC1035.",
-          "type": "string"
-        },
-        "name": {
-          "annotations": {
-            "required": [
-              "compute.routers.insert"
-            ]
-          },
-          "description": "Name of this BGP peer. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "peerAsn": {
-          "annotations": {
-            "required": [
-              "compute.routers.insert"
-            ]
-          },
-          "description": "Peer BGP Autonomous System Number (ASN). Each BGP interface may use a different value.",
-          "format": "uint32",
-          "type": "integer"
-        },
-        "peerIpAddress": {
-          "description": "IP address of the BGP interface outside Google Cloud Platform. Only IPv4 is supported.",
-          "type": "string"
-        },
-        "peerIpv6NexthopAddress": {
-          "description": "IPv6 address of the BGP interface outside Google Cloud Platform.",
-          "type": "string"
-        },
-        "routerApplianceInstance": {
-          "description": "URI of the VM instance that is used as third-party router appliances such as Next Gen Firewalls, Virtual Routers, or Router Appliances. The VM instance must be located in zones contained in the same region as this Cloud Router. The VM instance is the peer side of the BGP session.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "RouterBgpPeerBfd": {
-      "id": "RouterBgpPeerBfd",
-      "properties": {
-        "minReceiveInterval": {
-          "description": "The minimum interval, in milliseconds, between BFD control packets received from the peer router. The actual value is negotiated between the two routers and is equal to the greater of this value and the transmit interval of the other router. If set, this value must be between 1000 and 30000. The default is 1000.",
-          "format": "uint32",
-          "type": "integer"
-        },
-        "minTransmitInterval": {
-          "description": "The minimum interval, in milliseconds, between BFD control packets transmitted to the peer router. The actual value is negotiated between the two routers and is equal to the greater of this value and the corresponding receive interval of the other router. If set, this value must be between 1000 and 30000. The default is 1000.",
-          "format": "uint32",
-          "type": "integer"
-        },
-        "mode": {
-          "description": "The BFD session initialization mode for this BGP peer. If set to ACTIVE, the Cloud Router will initiate the BFD session for this BGP peer. If set to PASSIVE, the Cloud Router will wait for the peer router to initiate the BFD session for this BGP peer. If set to DISABLED, BFD is disabled for this BGP peer. The default is PASSIVE.",
-          "enum": [
-            "ACTIVE",
-            "DISABLED",
-            "PASSIVE"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "multiplier": {
-          "description": "The number of consecutive BFD packets that must be missed before BFD declares that a peer is unavailable. If set, the value must be a value between 5 and 16. The default is 5.",
-          "format": "uint32",
-          "type": "integer"
-        },
-        "packetMode": {
-          "description": "The BFD packet mode for this BGP peer. If set to CONTROL_AND_ECHO, BFD echo mode is enabled for this BGP peer. In this mode, if the peer router also has BFD echo mode enabled, BFD echo packets will be sent to the other router. If the peer router does not have BFD echo mode enabled, only control packets will be sent. If set to CONTROL_ONLY, BFD echo mode is disabled for this BGP peer. If this router and the peer router have a multihop connection, this should be set to CONTROL_ONLY as BFD echo mode is only supported on singlehop connections. The default is CONTROL_AND_ECHO.",
-          "enum": [
-            "CONTROL_AND_ECHO",
-            "CONTROL_ONLY"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "sessionInitializationMode": {
-          "description": "The BFD session initialization mode for this BGP peer. If set to ACTIVE, the Cloud Router will initiate the BFD session for this BGP peer. If set to PASSIVE, the Cloud Router will wait for the peer router to initiate the BFD session for this BGP peer. If set to DISABLED, BFD is disabled for this BGP peer. The default is DISABLED.",
-          "enum": [
-            "ACTIVE",
-            "DISABLED",
-            "PASSIVE"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "slowTimerInterval": {
-          "description": "The minimum interval, in milliseconds, between BFD control packets transmitted to and received from the peer router when BFD echo mode is enabled on both routers. The actual transmit and receive intervals are negotiated between the two routers and are equal to the greater of this value and the corresponding interval on the other router. If set, this value must be between 1000 and 30000. The default is 5000.",
-          "format": "uint32",
-          "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "RouterBgpPeerCustomLearnedIpRange": {
-      "id": "RouterBgpPeerCustomLearnedIpRange",
-      "properties": {
-        "range": {
-          "description": "The Custom Learned Route IP range. Must be a valid CIDR-formatted prefix. If an IP is provided without a subnet mask, it is interpreted as a /32 singular IP range for IPv4, and /128 for IPv6.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "RouterInterface": {
-      "id": "RouterInterface",
+    "SecurityPoliciesListPreconfiguredExpressionSetsResponse": {
+      "id": "SecurityPoliciesListPreconfiguredExpressionSetsResponse",
       "properties": {
-        "ipRange": {
-          "description": "IP address and range of the interface. The IP range must be in the RFC3927 link-local IP address space. The value must be a CIDR-formatted string, for example: 169.254.0.1/30. NOTE: Do not truncate the address as it represents the IP address of the interface.",
-          "type": "string"
-        },
-        "linkedInterconnectAttachment": {
-          "description": "URI of the linked Interconnect attachment. It must be in the same region as the router. Each interface can have one linked resource, which can be a VPN tunnel, an Interconnect attachment, or a virtual machine instance.",
-          "type": "string"
-        },
-        "linkedVpnTunnel": {
-          "description": "URI of the linked VPN tunnel, which must be in the same region as the router. Each interface can have one linked resource, which can be a VPN tunnel, an Interconnect attachment, or a virtual machine instance.",
-          "type": "string"
-        },
-        "managementType": {
-          "description": "[Output Only] The resource that configures and manages this interface. - MANAGED_BY_USER is the default value and can be managed directly by users. - MANAGED_BY_ATTACHMENT is an interface that is configured and managed by Cloud Interconnect, specifically, by an InterconnectAttachment of type PARTNER. Google automatically creates, updates, and deletes this type of interface when the PARTNER InterconnectAttachment is created, updated, or deleted. ",
-          "enum": [
-            "MANAGED_BY_ATTACHMENT",
-            "MANAGED_BY_USER"
-          ],
-          "enumDescriptions": [
-            "The interface is automatically created for PARTNER type InterconnectAttachment, Google will automatically create/update/delete this interface when the PARTNER InterconnectAttachment is created/provisioned/deleted. This type of interface cannot be manually managed by user.",
-            "Default value, the interface is manually created and managed by user."
-          ],
-          "type": "string"
-        },
-        "name": {
-          "annotations": {
-            "required": [
-              "compute.routers.insert"
-            ]
-          },
-          "description": "Name of this interface entry. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "privateIpAddress": {
-          "description": "The regional private internal IP address that is used to establish BGP sessions to a VM instance acting as a third-party Router Appliance, such as a Next Gen Firewall, a Virtual Router, or an SD-WAN VM.",
-          "type": "string"
-        },
-        "redundantInterface": {
-          "description": "Name of the interface that will be redundant with the current interface you are creating. The redundantInterface must belong to the same Cloud Router as the interface here. To establish the BGP session to a Router Appliance VM, you must create two BGP peers. The two BGP peers must be attached to two separate interfaces that are redundant with each other. The redundant_interface must be 1-63 characters long, and comply with RFC1035. Specifically, the redundant_interface must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "subnetwork": {
-          "description": "The URI of the subnetwork resource that this interface belongs to, which must be in the same region as the Cloud Router. When you establish a BGP session to a VM instance using this interface, the VM instance must belong to the same subnetwork as the subnetwork specified here.",
-          "type": "string"
+        "preconfiguredExpressionSets": {
+          "$ref": "SecurityPoliciesWafConfig"
         }
       },
       "type": "object"
     },
-    "RouterList": {
-      "description": "Contains a list of Router resources.",
-      "id": "RouterList",
-      "properties": {
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
-          "type": "string"
-        },
-        "items": {
-          "description": "A list of Router resources.",
+    "SecurityPoliciesScopedList": {
+      "id": "SecurityPoliciesScopedList",
+      "properties": {
+        "securityPolicies": {
+          "description": "A list of SecurityPolicies contained in this scope.",
           "items": {
-            "$ref": "Router"
+            "$ref": "SecurityPolicy"
           },
           "type": "array"
         },
-        "kind": {
-          "default": "compute#routerList",
-          "description": "[Output Only] Type of resource. Always compute#router for routers.",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
-          "type": "string"
-        },
         "warning": {
-          "description": "[Output Only] Informational warning message.",
+          "description": "Informational warning which replaces the list of security policies when the list is empty.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -72480,6 +80788,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -72498,6 +80807,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -72509,6 +80848,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -72556,493 +80896,269 @@
       },
       "type": "object"
     },
-    "RouterMd5AuthenticationKey": {
-      "id": "RouterMd5AuthenticationKey",
+    "SecurityPoliciesWafConfig": {
+      "id": "SecurityPoliciesWafConfig",
       "properties": {
-        "key": {
-          "annotations": {
-            "required": [
-              "compute.routers.insert"
-            ]
-          },
-          "description": "[Input only] Value of the key. For patch and update calls, it can be skipped to copy the value from the previous configuration. This is allowed if the key with the same name existed before the operation. Maximum length is 80 characters. Can only contain printable ASCII characters.",
-          "type": "string"
-        },
-        "name": {
-          "annotations": {
-            "required": [
-              "compute.routers.insert",
-              "compute.routers.update"
-            ]
-          },
-          "description": "Name used to identify the key. Must be unique within a router. Must be referenced by at least one bgpPeer. Must comply with RFC1035.",
-          "type": "string"
+        "wafRules": {
+          "$ref": "PreconfiguredWafSet"
         }
       },
       "type": "object"
     },
-    "RouterNat": {
-      "description": "Represents a Nat resource. It enables the VMs within the specified subnetworks to access Internet without external IP addresses. It specifies a list of subnetworks (and the ranges within) that want to use NAT. Customers can also provide the external IPs that would be used for NAT. GCP would auto-allocate ephemeral IPs if no external IPs are provided.",
-      "id": "RouterNat",
+    "SecurityPolicy": {
+      "description": "Represents a Google Cloud Armor security policy resource. Only external backend services that use load balancers can reference a security policy. For more information, see Google Cloud Armor security policy overview.",
+      "id": "SecurityPolicy",
       "properties": {
-        "autoNetworkTier": {
-          "description": "The network tier to use when automatically reserving IP addresses. Must be one of: PREMIUM, STANDARD. If not specified, PREMIUM tier will be used.",
-          "enum": [
-            "FIXED_STANDARD",
-            "PREMIUM",
-            "SELECT",
-            "STANDARD",
-            "STANDARD_OVERRIDES_FIXED_STANDARD"
-          ],
-          "enumDescriptions": [
-            "Public internet quality with fixed bandwidth.",
-            "High quality, Google-grade network tier, support for all networking products.",
-            "Price competitive network tier, support for all networking products.",
-            "Public internet quality, only limited support for other networking products.",
-            "(Output only) Temporary tier for FIXED_STANDARD when fixed standard tier is expired or not configured."
-          ],
-          "type": "string"
+        "adaptiveProtectionConfig": {
+          "$ref": "SecurityPolicyAdaptiveProtectionConfig"
         },
-        "drainNatIps": {
-          "description": "A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT. These IPs should be used for updating/patching a NAT only.",
+        "advancedOptionsConfig": {
+          "$ref": "SecurityPolicyAdvancedOptionsConfig"
+        },
+        "associations": {
+          "description": "A list of associations that belong to this policy.",
           "items": {
-            "type": "string"
+            "$ref": "SecurityPolicyAssociation"
           },
           "type": "array"
         },
-        "enableDynamicPortAllocation": {
-          "description": "Enable Dynamic Port Allocation. If not specified, it is disabled by default. If set to true, - Dynamic Port Allocation will be enabled on this NAT config. - enableEndpointIndependentMapping cannot be set to true. - If minPorts is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. ",
-          "type": "boolean"
+        "cloudArmorConfig": {
+          "$ref": "SecurityPolicyCloudArmorConfig"
         },
-        "enableEndpointIndependentMapping": {
-          "type": "boolean"
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
         },
-        "endpointTypes": {
-          "description": "List of NAT-ted endpoint types supported by the Nat Gateway. If the list is empty, then it will be equivalent to include ENDPOINT_TYPE_VM",
-          "items": {
-            "enum": [
-              "ENDPOINT_TYPE_MANAGED_PROXY_LB",
-              "ENDPOINT_TYPE_SWG",
-              "ENDPOINT_TYPE_VM"
-            ],
-            "enumDescriptions": [
-              "This is used for Regional Internal/External HTTP(S) and TCP Proxy load balancer endpoints.",
-              "This is used for Secure Web Gateway endpoints.",
-              "This is the default."
-            ],
-            "type": "string"
-          },
-          "type": "array"
+        "ddosProtectionConfig": {
+          "$ref": "SecurityPolicyDdosProtectionConfig"
         },
-        "icmpIdleTimeoutSec": {
-          "description": "Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.",
-          "format": "int32",
-          "type": "integer"
+        "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
+          "type": "string"
         },
-        "logConfig": {
-          "$ref": "RouterNatLogConfig",
-          "description": "Configure logging on this NAT."
+        "displayName": {
+          "description": "User-provided name of the Organization security plicy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is FIREWALL. The name must be 1-63 characters long, and comply with https://www.ietf.org/rfc/rfc1035.txt. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
         },
-        "maxPortsPerVm": {
-          "description": "Maximum number of ports allocated to a VM from this NAT config when Dynamic Port Allocation is enabled. If Dynamic Port Allocation is not enabled, this field has no effect. If Dynamic Port Allocation is enabled, and this field is set, it must be set to a power of two greater than minPortsPerVm, or 64 if minPortsPerVm is not set. If Dynamic Port Allocation is enabled and this field is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.",
-          "format": "int32",
-          "type": "integer"
+        "fingerprint": {
+          "description": "Specifies a fingerprint for this resource, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make get() request to the security policy.",
+          "format": "byte",
+          "type": "string"
         },
-        "minPortsPerVm": {
-          "description": "Minimum number of ports allocated to a VM from this NAT config. If not set, a default number of ports is allocated to a VM. This is rounded up to the nearest power of 2. For example, if the value of this field is 50, at least 64 ports are allocated to a VM.",
-          "format": "int32",
-          "type": "integer"
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
+          "type": "string"
         },
-        "name": {
-          "description": "Unique name of this Nat service. The name must be 1-63 characters long and comply with RFC1035.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+        "kind": {
+          "default": "compute#securityPolicy",
+          "description": "[Output only] Type of the resource. Always compute#securityPolicyfor security policies",
           "type": "string"
         },
-        "natIpAllocateOption": {
-          "description": "Specify the NatIpAllocateOption, which can take one of the following values: - MANUAL_ONLY: Uses only Nat IP addresses provided by customers. When there are not enough specified Nat IPs, the Nat service fails for new VMs. - AUTO_ONLY: Nat IPs are allocated by Google Cloud Platform; customers can't specify any Nat IPs. When choosing AUTO_ONLY, then nat_ip should be empty. ",
-          "enum": [
-            "AUTO_ONLY",
-            "MANUAL_ONLY"
-          ],
-          "enumDescriptions": [
-            "Nat IPs are allocated by GCP; customers can not specify any Nat IPs.",
-            "Only use Nat IPs provided by customers. When specified Nat IPs are not enough then the Nat service fails for new VMs."
-          ],
+        "labelFingerprint": {
+          "description": "A fingerprint for the labels being applied to this security policy, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels. To see the latest fingerprint, make get() request to the security policy.",
+          "format": "byte",
           "type": "string"
         },
-        "natIps": {
-          "description": "A list of URLs of the IP resources used for this Nat service. These IP addresses must be valid static external IP addresses assigned to the project.",
-          "items": {
+        "labels": {
+          "additionalProperties": {
             "type": "string"
           },
-          "type": "array"
+          "description": "Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.",
+          "type": "object"
         },
-        "rules": {
-          "description": "A list of rules associated with this NAT.",
-          "items": {
-            "$ref": "RouterNatRule"
-          },
-          "type": "array"
+        "name": {
+          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
         },
-        "sourceSubnetworkIpRangesToNat": {
-          "description": "Specify the Nat option, which can take one of the following values: - ALL_SUBNETWORKS_ALL_IP_RANGES: All of the IP ranges in every Subnetwork are allowed to Nat. - ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES: All of the primary IP ranges in every Subnetwork are allowed to Nat. - LIST_OF_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below) The default is SUBNETWORK_IP_RANGE_TO_NAT_OPTION_UNSPECIFIED. Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES or ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any other Router.Nat section in any Router for this network in this region.",
-          "enum": [
-            "ALL_SUBNETWORKS_ALL_IP_RANGES",
-            "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES",
-            "LIST_OF_SUBNETWORKS"
-          ],
-          "enumDescriptions": [
-            "All the IP ranges in every Subnetwork are allowed to Nat.",
-            "All the primary IP ranges in every Subnetwork are allowed to Nat.",
-            "A list of Subnetworks are allowed to Nat (specified in the field subnetwork below)"
-          ],
+        "parent": {
+          "description": "[Output Only] The parent of the security policy.",
           "type": "string"
         },
-        "subnetworks": {
-          "description": "A list of Subnetwork resources whose traffic should be translated by NAT Gateway. It is used only when LIST_OF_SUBNETWORKS is selected for the SubnetworkIpRangeToNatOption above.",
-          "items": {
-            "$ref": "RouterNatSubnetworkToNat"
-          },
-          "type": "array"
+        "recaptchaOptionsConfig": {
+          "$ref": "SecurityPolicyRecaptchaOptionsConfig"
         },
-        "tcpEstablishedIdleTimeoutSec": {
-          "description": "Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set.",
-          "format": "int32",
-          "type": "integer"
+        "region": {
+          "description": "[Output Only] URL of the region where the regional security policy resides. This field is not applicable to global security policies.",
+          "type": "string"
         },
-        "tcpTimeWaitTimeoutSec": {
-          "description": "Timeout (in seconds) for TCP connections that are in TIME_WAIT state. Defaults to 120s if not set.",
+        "ruleTupleCount": {
+          "description": "[Output Only] Total count of all security policy rule tuples. A security policy can not exceed a set number of tuples.",
           "format": "int32",
           "type": "integer"
         },
-        "tcpTransitoryIdleTimeoutSec": {
-          "description": "Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set.",
-          "format": "int32",
-          "type": "integer"
+        "rules": {
+          "description": "A list of rules that belong to this policy. There must always be a default rule which is a rule with priority 2147483647 and match all condition (for the match condition this means match \"*\" for srcIpRanges and for the networkMatch condition every field must be either match \"*\" or not set). If no rules are provided when creating a security policy, a default rule with action \"allow\" will be added.",
+          "items": {
+            "$ref": "SecurityPolicyRule"
+          },
+          "type": "array"
         },
-        "type": {
-          "description": "Indicates whether this NAT is used for public or private IP translation. If unspecified, it defaults to PUBLIC.",
-          "enum": [
-            "PRIVATE",
-            "PUBLIC"
-          ],
-          "enumDescriptions": [
-            "NAT used for private IP translation.",
-            "NAT used for public IP translation. This is the default."
-          ],
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
           "type": "string"
         },
-        "udpIdleTimeoutSec": {
-          "description": "Timeout (in seconds) for UDP connections. Defaults to 30s if not set.",
-          "format": "int32",
-          "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "RouterNatLogConfig": {
-      "description": "Configuration of logging on a NAT.",
-      "id": "RouterNatLogConfig",
-      "properties": {
-        "enable": {
-          "description": "Indicates whether or not to export logs. This is false by default.",
-          "type": "boolean"
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "type": "string"
         },
-        "filter": {
-          "description": "Specify the desired filtering of logs on this NAT. If unspecified, logs are exported for all connections handled by this NAT. This option can take one of the following values: - ERRORS_ONLY: Export logs only for connection failures. - TRANSLATIONS_ONLY: Export logs only for successful connections. - ALL: Export logs for all connections, successful and unsuccessful. ",
+        "type": {
+          "description": "The type indicates the intended use of the security policy. - CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers. - CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache. - CLOUD_ARMOR_INTERNAL_SERVICE: Cloud Armor internal service policies can be configured to filter HTTP requests targeting services managed by Traffic Director in a service mesh. They filter requests before the request is served from the application. - CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time.",
           "enum": [
-            "ALL",
-            "ERRORS_ONLY",
-            "TRANSLATIONS_ONLY"
+            "CLOUD_ARMOR",
+            "CLOUD_ARMOR_EDGE",
+            "CLOUD_ARMOR_INTERNAL_SERVICE",
+            "CLOUD_ARMOR_NETWORK",
+            "FIREWALL"
           ],
           "enumDescriptions": [
-            "Export logs for all (successful and unsuccessful) connections.",
-            "Export logs for connection failures only.",
-            "Export logs for successful connections only."
+            "",
+            "",
+            "",
+            "",
+            ""
           ],
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "RouterNatRule": {
-      "id": "RouterNatRule",
-      "properties": {
-        "action": {
-          "$ref": "RouterNatRuleAction",
-          "description": "The action to be enforced for traffic that matches this rule."
-        },
-        "description": {
-          "description": "An optional description of this rule.",
-          "type": "string"
-        },
-        "match": {
-          "description": "CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. If it evaluates to true, the corresponding `action` is enforced. The following examples are valid match expressions for public NAT: \"inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')\" \"destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'\" The following example is a valid match expression for private NAT: \"nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'\"",
-          "type": "string"
-        },
-        "ruleNumber": {
-          "description": "An integer uniquely identifying a rule in the list. The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT.",
-          "format": "uint32",
-          "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "RouterNatRuleAction": {
-      "id": "RouterNatRuleAction",
-      "properties": {
-        "sourceNatActiveIps": {
-          "description": "A list of URLs of the IP resources used for this NAT rule. These IP addresses must be valid static external IP addresses assigned to the project. This field is used for public NAT.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "sourceNatActiveRanges": {
-          "description": "A list of URLs of the subnetworks used as source ranges for this NAT Rule. These subnetworks must have purpose set to PRIVATE_NAT. This field is used for private NAT.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "sourceNatDrainIps": {
-          "description": "A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT. These IPs should be used for updating/patching a NAT rule only. This field is used for public NAT.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
         },
-        "sourceNatDrainRanges": {
-          "description": "A list of URLs of subnetworks representing source ranges to be drained. This is only supported on patch/update, and these subnetworks must have previously been used as active ranges in this NAT Rule. This field is used for private NAT.",
+        "userDefinedFields": {
+          "description": "Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies. A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits. Rules may then specify matching values for these fields. Example: userDefinedFields: - name: \"ipv4_fragment_offset\" base: IPV4 offset: 6 size: 2 mask: \"0x1fff\"",
           "items": {
-            "type": "string"
+            "$ref": "SecurityPolicyUserDefinedField"
           },
           "type": "array"
         }
       },
       "type": "object"
     },
-    "RouterNatSubnetworkToNat": {
-      "description": "Defines the IP ranges that want to use NAT for a subnetwork.",
-      "id": "RouterNatSubnetworkToNat",
+    "SecurityPolicyAdaptiveProtectionConfig": {
+      "description": "Configuration options for Cloud Armor Adaptive Protection (CAAP).",
+      "id": "SecurityPolicyAdaptiveProtectionConfig",
       "properties": {
-        "name": {
-          "description": "URL for the subnetwork resource that will use NAT.",
-          "type": "string"
-        },
-        "secondaryIpRangeNames": {
-          "description": "A list of the secondary ranges of the Subnetwork that are allowed to use NAT. This can be populated only if \"LIST_OF_SECONDARY_IP_RANGES\" is one of the values in source_ip_ranges_to_nat.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "autoDeployConfig": {
+          "$ref": "SecurityPolicyAdaptiveProtectionConfigAutoDeployConfig"
         },
-        "sourceIpRangesToNat": {
-          "description": "Specify the options for NAT ranges in the Subnetwork. All options of a single value are valid except NAT_IP_RANGE_OPTION_UNSPECIFIED. The only valid option with multiple values is: [\"PRIMARY_IP_RANGE\", \"LIST_OF_SECONDARY_IP_RANGES\"] Default: [ALL_IP_RANGES]",
-          "items": {
-            "enum": [
-              "ALL_IP_RANGES",
-              "LIST_OF_SECONDARY_IP_RANGES",
-              "PRIMARY_IP_RANGE"
-            ],
-            "enumDescriptions": [
-              "The primary and all the secondary ranges are allowed to Nat.",
-              "A list of secondary ranges are allowed to Nat.",
-              "The primary range is allowed to Nat."
-            ],
-            "type": "string"
-          },
-          "type": "array"
+        "layer7DdosDefenseConfig": {
+          "$ref": "SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfig",
+          "description": "If set to true, enables Cloud Armor Machine Learning."
         }
       },
       "type": "object"
     },
-    "RouterStatus": {
-      "id": "RouterStatus",
+    "SecurityPolicyAdaptiveProtectionConfigAutoDeployConfig": {
+      "description": "Configuration options for Adaptive Protection auto-deploy feature.",
+      "id": "SecurityPolicyAdaptiveProtectionConfigAutoDeployConfig",
       "properties": {
-        "bestRoutes": {
-          "description": "Best routes for this router's network.",
-          "items": {
-            "$ref": "Route"
-          },
-          "type": "array"
-        },
-        "bestRoutesForRouter": {
-          "description": "Best routes learned by this router.",
-          "items": {
-            "$ref": "Route"
-          },
-          "type": "array"
+        "confidenceThreshold": {
+          "format": "float",
+          "type": "number"
         },
-        "bgpPeerStatus": {
-          "items": {
-            "$ref": "RouterStatusBgpPeerStatus"
-          },
-          "type": "array"
+        "expirationSec": {
+          "format": "int32",
+          "type": "integer"
         },
-        "natStatus": {
-          "items": {
-            "$ref": "RouterStatusNatStatus"
-          },
-          "type": "array"
+        "impactedBaselineThreshold": {
+          "format": "float",
+          "type": "number"
         },
-        "network": {
-          "description": "URI of the network to which this router belongs.",
-          "type": "string"
+        "loadThreshold": {
+          "format": "float",
+          "type": "number"
         }
       },
       "type": "object"
     },
-    "RouterStatusBgpPeerStatus": {
-      "id": "RouterStatusBgpPeerStatus",
+    "SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfig": {
+      "description": "Configuration options for L7 DDoS detection. This field is only supported in Global Security Policies of type CLOUD_ARMOR.",
+      "id": "SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfig",
       "properties": {
-        "advertisedRoutes": {
-          "description": "Routes that were advertised to the remote BGP peer",
-          "items": {
-            "$ref": "Route"
-          },
-          "type": "array"
-        },
-        "bfdStatus": {
-          "$ref": "BfdStatus"
-        },
-        "enableIpv6": {
-          "description": "Enable IPv6 traffic over BGP Peer. If not specified, it is disabled by default.",
-          "type": "boolean"
-        },
-        "ipAddress": {
-          "description": "IP address of the local BGP interface.",
-          "type": "string"
-        },
-        "ipv6NexthopAddress": {
-          "description": "IPv6 address of the local BGP interface.",
-          "type": "string"
-        },
-        "linkedVpnTunnel": {
-          "description": "URL of the VPN tunnel that this BGP peer controls.",
-          "type": "string"
-        },
-        "md5AuthEnabled": {
-          "description": "Informs whether MD5 authentication is enabled on this BGP peer.",
+        "enable": {
+          "description": "If set to true, enables CAAP for L7 DDoS detection. This field is only supported in Global Security Policies of type CLOUD_ARMOR.",
           "type": "boolean"
         },
-        "name": {
-          "description": "Name of this BGP peer. Unique within the Routers resource.",
-          "type": "string"
-        },
-        "numLearnedRoutes": {
-          "description": "Number of routes learned from the remote BGP Peer.",
-          "format": "uint32",
-          "type": "integer"
-        },
-        "peerIpAddress": {
-          "description": "IP address of the remote BGP interface.",
-          "type": "string"
-        },
-        "peerIpv6NexthopAddress": {
-          "description": "IPv6 address of the remote BGP interface.",
-          "type": "string"
-        },
-        "routerApplianceInstance": {
-          "description": "[Output only] URI of the VM instance that is used as third-party router appliances such as Next Gen Firewalls, Virtual Routers, or Router Appliances. The VM instance is the peer side of the BGP session.",
-          "type": "string"
-        },
-        "state": {
-          "description": "The state of the BGP session. For a list of possible values for this field, see BGP session states.",
-          "type": "string"
-        },
-        "status": {
-          "description": "Status of the BGP peer: {UP, DOWN}",
+        "ruleVisibility": {
+          "description": "Rule visibility can be one of the following: STANDARD - opaque rules. (default) PREMIUM - transparent rules. This field is only supported in Global Security Policies of type CLOUD_ARMOR.",
           "enum": [
-            "DOWN",
-            "UNKNOWN",
-            "UP"
+            "PREMIUM",
+            "STANDARD"
           ],
           "enumDescriptions": [
             "",
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "statusReason": {
-          "description": "Indicates why particular status was returned.",
-          "enum": [
-            "MD5_AUTH_INTERNAL_PROBLEM",
-            "STATUS_REASON_UNSPECIFIED"
-          ],
-          "enumDescriptions": [
-            "Indicates internal problems with configuration of MD5 authentication. This particular reason can only be returned when md5AuthEnabled is true and status is DOWN.",
             ""
           ],
-          "type": "string"
-        },
-        "uptime": {
-          "description": "Time this session has been up. Format: 14 years, 51 weeks, 6 days, 23 hours, 59 minutes, 59 seconds",
-          "type": "string"
-        },
-        "uptimeSeconds": {
-          "description": "Time this session has been up, in seconds. Format: 145",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "RouterStatusNatStatus": {
-      "description": "Status of a NAT contained in this router.",
-      "id": "RouterStatusNatStatus",
-      "properties": {
-        "autoAllocatedNatIps": {
-          "description": "A list of IPs auto-allocated for NAT. Example: [\"1.1.1.1\", \"129.2.16.89\"]",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "drainAutoAllocatedNatIps": {
-          "description": "A list of IPs auto-allocated for NAT that are in drain mode. Example: [\"1.1.1.1\", \"179.12.26.133\"].",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+          "type": "string"
         },
-        "drainUserAllocatedNatIps": {
-          "description": "A list of IPs user-allocated for NAT that are in drain mode. Example: [\"1.1.1.1\", \"179.12.26.133\"].",
+        "thresholdConfigs": {
+          "description": "Configuration options for layer7 adaptive protection for various customizable thresholds.",
           "items": {
-            "type": "string"
+            "$ref": "SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfig"
           },
           "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfig": {
+      "id": "SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfig",
+      "properties": {
+        "autoDeployConfidenceThreshold": {
+          "format": "float",
+          "type": "number"
         },
-        "minExtraNatIpsNeeded": {
-          "description": "The number of extra IPs to allocate. This will be greater than 0 only if user-specified IPs are NOT enough to allow all configured VMs to use NAT. This value is meaningful only when auto-allocation of NAT IPs is *not* used.",
+        "autoDeployExpirationSec": {
           "format": "int32",
           "type": "integer"
         },
+        "autoDeployImpactedBaselineThreshold": {
+          "format": "float",
+          "type": "number"
+        },
+        "autoDeployLoadThreshold": {
+          "format": "float",
+          "type": "number"
+        },
         "name": {
-          "description": "Unique name of this NAT.",
+          "description": "The name must be 1-63 characters long, and comply with RFC1035. The name must be unique within the security policy.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPolicyAdvancedOptionsConfig": {
+      "id": "SecurityPolicyAdvancedOptionsConfig",
+      "properties": {
+        "jsonCustomConfig": {
+          "$ref": "SecurityPolicyAdvancedOptionsConfigJsonCustomConfig",
+          "description": "Custom configuration to apply the JSON parsing. Only applicable when json_parsing is set to STANDARD."
         },
-        "numVmEndpointsWithNatMappings": {
-          "description": "Number of VM endpoints (i.e., Nics) that can use NAT.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "ruleStatus": {
-          "description": "Status of rules in this NAT.",
-          "items": {
-            "$ref": "RouterStatusNatStatusNatRuleStatus"
-          },
-          "type": "array"
+        "jsonParsing": {
+          "enum": [
+            "DISABLED",
+            "STANDARD",
+            "STANDARD_WITH_GRAPHQL"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
         },
-        "userAllocatedNatIpResources": {
-          "description": "A list of fully qualified URLs of reserved IP address resources.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "logLevel": {
+          "enum": [
+            "NORMAL",
+            "VERBOSE"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
+          "type": "string"
         },
-        "userAllocatedNatIps": {
-          "description": "A list of IPs user-allocated for NAT. They will be raw IP strings like \"179.12.26.133\".",
+        "userIpRequestHeaders": {
+          "description": "An optional list of case-insensitive request header names to use for resolving the callers client IP address.",
           "items": {
             "type": "string"
           },
@@ -73051,78 +81167,106 @@
       },
       "type": "object"
     },
-    "RouterStatusNatStatusNatRuleStatus": {
-      "description": "Status of a NAT Rule contained in this NAT.",
-      "id": "RouterStatusNatStatusNatRuleStatus",
+    "SecurityPolicyAdvancedOptionsConfigJsonCustomConfig": {
+      "id": "SecurityPolicyAdvancedOptionsConfigJsonCustomConfig",
       "properties": {
-        "activeNatIps": {
-          "description": "A list of active IPs for NAT. Example: [\"1.1.1.1\", \"179.12.26.133\"].",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "drainNatIps": {
-          "description": "A list of IPs for NAT that are in drain mode. Example: [\"1.1.1.1\", \"179.12.26.133\"].",
+        "contentTypes": {
+          "description": "A list of custom Content-Type header values to apply the JSON parsing. As per RFC 1341, a Content-Type header value has the following format: Content-Type := type \"/\" subtype *[\";\" parameter] When configuring a custom Content-Type header value, only the type/subtype needs to be specified, and the parameters should be excluded.",
           "items": {
             "type": "string"
           },
           "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPolicyAssociation": {
+      "id": "SecurityPolicyAssociation",
+      "properties": {
+        "attachmentId": {
+          "description": "The resource that the security policy is attached to.",
+          "type": "string"
         },
-        "minExtraIpsNeeded": {
-          "description": "The number of extra IPs to allocate. This will be greater than 0 only if the existing IPs in this NAT Rule are NOT enough to allow all configured VMs to use NAT.",
-          "format": "int32",
-          "type": "integer"
+        "displayName": {
+          "description": "[Output Only] The display name of the security policy of the association.",
+          "type": "string"
         },
-        "numVmEndpointsWithNatMappings": {
-          "description": "Number of VM endpoints (i.e., NICs) that have NAT Mappings from this NAT Rule.",
-          "format": "int32",
-          "type": "integer"
+        "name": {
+          "description": "The name for an association.",
+          "type": "string"
         },
-        "ruleNumber": {
-          "description": "Rule number of the rule.",
-          "format": "int32",
-          "type": "integer"
+        "securityPolicyId": {
+          "description": "[Output Only] The security policy ID of the association.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "RouterStatusResponse": {
-      "id": "RouterStatusResponse",
+    "SecurityPolicyCloudArmorConfig": {
+      "description": "Configuration options for Cloud Armor.",
+      "id": "SecurityPolicyCloudArmorConfig",
       "properties": {
-        "kind": {
-          "default": "compute#routerStatusResponse",
-          "description": "Type of resource.",
-          "type": "string"
-        },
-        "result": {
-          "$ref": "RouterStatus"
+        "enableMl": {
+          "description": "If set to true, enables Cloud Armor Machine Learning.",
+          "type": "boolean"
         }
       },
       "type": "object"
     },
-    "RoutersPreviewResponse": {
-      "id": "RoutersPreviewResponse",
+    "SecurityPolicyDdosProtectionConfig": {
+      "id": "SecurityPolicyDdosProtectionConfig",
       "properties": {
-        "resource": {
-          "$ref": "Router",
-          "description": "Preview of given router."
+        "ddosProtection": {
+          "enum": [
+            "ADVANCED",
+            "ADVANCED_PREVIEW",
+            "STANDARD"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "RoutersScopedList": {
-      "id": "RoutersScopedList",
+    "SecurityPolicyList": {
+      "id": "SecurityPolicyList",
       "properties": {
-        "routers": {
-          "description": "A list of routers contained in this scope.",
+        "etag": {
+          "type": "string"
+        },
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "type": "string"
+        },
+        "items": {
+          "description": "A list of SecurityPolicy resources.",
           "items": {
-            "$ref": "Router"
+            "$ref": "SecurityPolicy"
+          },
+          "type": "array"
+        },
+        "kind": {
+          "default": "compute#securityPolicyList",
+          "description": "[Output Only] Type of resource. Always compute#securityPolicyList for listsof securityPolicies",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources.",
+          "items": {
+            "type": "string"
           },
           "type": "array"
         },
         "warning": {
-          "description": "Informational warning which replaces the list of routers when the list is empty.",
+          "description": "[Output Only] Informational warning message.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -73137,6 +81281,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -73155,6 +81300,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -73166,6 +81341,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -73208,231 +81384,639 @@
               "type": "string"
             }
           },
-          "type": "object"
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPolicyRecaptchaOptionsConfig": {
+      "id": "SecurityPolicyRecaptchaOptionsConfig",
+      "properties": {
+        "redirectSiteKey": {
+          "description": "An optional field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used. This field is only supported in Global Security Policies of type CLOUD_ARMOR.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPolicyReference": {
+      "id": "SecurityPolicyReference",
+      "properties": {
+        "securityPolicy": {
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPolicyRule": {
+      "description": "Represents a rule that describes one or more match conditions along with the action to be taken when traffic matches this condition (allow or deny).",
+      "id": "SecurityPolicyRule",
+      "properties": {
+        "action": {
+          "description": "The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for `STATUS` are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this. ",
+          "type": "string"
+        },
+        "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
+          "type": "string"
+        },
+        "direction": {
+          "description": "The direction in which this rule applies. This field may only be specified when versioned_expr is set to FIREWALL.",
+          "enum": [
+            "EGRESS",
+            "INGRESS"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "enableLogging": {
+          "description": "Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on \"goto_next\" rules. This field may only be specified when the versioned_expr is set to FIREWALL.",
+          "type": "boolean"
+        },
+        "headerAction": {
+          "$ref": "SecurityPolicyRuleHttpHeaderAction",
+          "description": "Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR."
+        },
+        "kind": {
+          "default": "compute#securityPolicyRule",
+          "description": "[Output only] Type of the resource. Always compute#securityPolicyRule for security policy rules",
+          "type": "string"
+        },
+        "match": {
+          "$ref": "SecurityPolicyRuleMatcher",
+          "description": "A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced."
+        },
+        "networkMatch": {
+          "$ref": "SecurityPolicyRuleNetworkMatcher",
+          "description": "A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - \"192.0.2.0/24\" - \"198.51.100.0/24\" userDefinedFields: - name: \"ipv4_fragment_offset\" values: - \"1-0x1fff\" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named \"ipv4_fragment_offset\" with a value between 1 and 0x1fff inclusive."
+        },
+        "preconfiguredWafConfig": {
+          "$ref": "SecurityPolicyRulePreconfiguredWafConfig",
+          "description": "Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect."
+        },
+        "preview": {
+          "description": "If set to true, the specified action is not enforced.",
+          "type": "boolean"
+        },
+        "priority": {
+          "description": "An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "rateLimitOptions": {
+          "$ref": "SecurityPolicyRuleRateLimitOptions",
+          "description": "Must be specified if the action is \"rate_based_ban\" or \"throttle\". Cannot be specified for any other actions."
+        },
+        "redirectOptions": {
+          "$ref": "SecurityPolicyRuleRedirectOptions",
+          "description": "Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR."
+        },
+        "redirectTarget": {
+          "description": "This must be specified for redirect actions. Cannot be specified for any other actions.",
+          "type": "string"
+        },
+        "ruleManagedProtectionTier": {
+          "deprecated": true,
+          "description": "[Output Only] The minimum managed protection tier required for this rule. [Deprecated] Use requiredManagedProtectionTiers instead.",
+          "enum": [
+            "CAMP_PLUS_ANNUAL",
+            "CAMP_PLUS_MONTHLY",
+            "CA_STANDARD"
+          ],
+          "enumDescriptions": [
+            "Plus tier protection annual.",
+            "Plus tier protection monthly.",
+            "Standard protection."
+          ],
+          "type": "string"
+        },
+        "ruleNumber": {
+          "description": "Identifier for the rule. This is only unique within the given security policy. This can only be set during rule creation, if rule number is not specified it will be generated by the server.",
+          "format": "int64",
+          "type": "string"
+        },
+        "ruleTupleCount": {
+          "description": "[Output Only] Calculation of the complexity of a single firewall security policy rule.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "targetResources": {
+          "description": "A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule. This field may only be specified when versioned_expr is set to FIREWALL.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "targetServiceAccounts": {
+          "description": "A list of service accounts indicating the sets of instances that are applied with this rule.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPolicyRuleHttpHeaderAction": {
+      "id": "SecurityPolicyRuleHttpHeaderAction",
+      "properties": {
+        "requestHeadersToAdds": {
+          "description": "The list of request headers to add or overwrite if they're already present.",
+          "items": {
+            "$ref": "SecurityPolicyRuleHttpHeaderActionHttpHeaderOption"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPolicyRuleHttpHeaderActionHttpHeaderOption": {
+      "id": "SecurityPolicyRuleHttpHeaderActionHttpHeaderOption",
+      "properties": {
+        "headerName": {
+          "description": "The name of the header to set.",
+          "type": "string"
+        },
+        "headerValue": {
+          "description": "The value to set the named header to.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPolicyRuleMatcher": {
+      "description": "Represents a match condition that incoming traffic is evaluated against. Exactly one field must be specified.",
+      "id": "SecurityPolicyRuleMatcher",
+      "properties": {
+        "config": {
+          "$ref": "SecurityPolicyRuleMatcherConfig",
+          "description": "The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified."
+        },
+        "expr": {
+          "$ref": "Expr",
+          "description": "User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Expressions containing `evaluateThreatIntelligence` require Cloud Armor Managed Protection Plus tier and are not supported in Edge Policies nor in Regional Policies. Expressions containing `evaluatePreconfiguredExpr('sourceiplist-*')` require Cloud Armor Managed Protection Plus tier and are only supported in Global Security Policies."
+        },
+        "exprOptions": {
+          "$ref": "SecurityPolicyRuleMatcherExprOptions",
+          "description": "The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr')."
+        },
+        "versionedExpr": {
+          "description": "Preconfigured versioned expression. If this field is specified, config must also be specified. Available preconfigured expressions along with their requirements are: SRC_IPS_V1 - must specify the corresponding src_ip_range field in config.",
+          "enum": [
+            "FIREWALL",
+            "SRC_IPS_V1"
+          ],
+          "enumDescriptions": [
+            "",
+            "Matches the source IP address of a request to the IP ranges supplied in config."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPolicyRuleMatcherConfig": {
+      "id": "SecurityPolicyRuleMatcherConfig",
+      "properties": {
+        "destIpRanges": {
+          "description": "CIDR IP address range. This field may only be specified when versioned_expr is set to FIREWALL.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "destPorts": {
+          "description": "Pairs of IP protocols and ports that the rule should match. This field may only be specified when versioned_expr is set to FIREWALL.",
+          "items": {
+            "$ref": "SecurityPolicyRuleMatcherConfigDestinationPort"
+          },
+          "type": "array"
+        },
+        "layer4Configs": {
+          "description": "Pairs of IP protocols and ports that the rule should match. This field may only be specified when versioned_expr is set to FIREWALL.",
+          "items": {
+            "$ref": "SecurityPolicyRuleMatcherConfigLayer4Config"
+          },
+          "type": "array"
+        },
+        "srcIpRanges": {
+          "description": "CIDR IP address range. Maximum number of src_ip_ranges allowed is 10.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPolicyRuleMatcherConfigDestinationPort": {
+      "id": "SecurityPolicyRuleMatcherConfigDestinationPort",
+      "properties": {
+        "ipProtocol": {
+          "description": "The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.",
+          "type": "string"
+        },
+        "ports": {
+          "description": "An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: [\"22\"], [\"80\",\"443\"], and [\"12345-12349\"]. This field may only be specified when versioned_expr is set to FIREWALL.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPolicyRuleMatcherConfigLayer4Config": {
+      "id": "SecurityPolicyRuleMatcherConfigLayer4Config",
+      "properties": {
+        "ipProtocol": {
+          "description": "The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.",
+          "type": "string"
+        },
+        "ports": {
+          "description": "An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: [\"22\"], [\"80\",\"443\"], and [\"12345-12349\"]. This field may only be specified when versioned_expr is set to FIREWALL.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPolicyRuleMatcherExprOptions": {
+      "id": "SecurityPolicyRuleMatcherExprOptions",
+      "properties": {
+        "recaptchaOptions": {
+          "$ref": "SecurityPolicyRuleMatcherExprOptionsRecaptchaOptions",
+          "description": "reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field will have no effect."
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPolicyRuleMatcherExprOptionsRecaptchaOptions": {
+      "id": "SecurityPolicyRuleMatcherExprOptionsRecaptchaOptions",
+      "properties": {
+        "actionTokenSiteKeys": {
+          "description": "A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "sessionTokenSiteKeys": {
+          "description": "A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPolicyRuleNetworkMatcher": {
+      "description": "Represents a match condition that incoming network traffic is evaluated against.",
+      "id": "SecurityPolicyRuleNetworkMatcher",
+      "properties": {
+        "destIpRanges": {
+          "description": "Destination IPv4/IPv6 addresses or CIDR prefixes, in standard text format.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "destPorts": {
+          "description": "Destination port numbers for TCP/UDP/SCTP. Each element can be a 16-bit unsigned decimal number (e.g. \"80\") or range (e.g. \"0-1023\").",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "ipProtocols": {
+          "description": "IPv4 protocol / IPv6 next header (after extension headers). Each element can be an 8-bit unsigned decimal number (e.g. \"6\"), range (e.g. \"253-254\"), or one of the following protocol names: \"tcp\", \"udp\", \"icmp\", \"esp\", \"ah\", \"ipip\", or \"sctp\".",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "srcAsns": {
+          "description": "BGP Autonomous System Number associated with the source IP address.",
+          "items": {
+            "format": "uint32",
+            "type": "integer"
+          },
+          "type": "array"
+        },
+        "srcIpRanges": {
+          "description": "Source IPv4/IPv6 addresses or CIDR prefixes, in standard text format.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "srcPorts": {
+          "description": "Source port numbers for TCP/UDP/SCTP. Each element can be a 16-bit unsigned decimal number (e.g. \"80\") or range (e.g. \"0-1023\").",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "srcRegionCodes": {
+          "description": "Two-letter ISO 3166-1 alpha-2 country code associated with the source IP address.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "userDefinedFields": {
+          "description": "User-defined fields. Each element names a defined field and lists the matching values for that field.",
+          "items": {
+            "$ref": "SecurityPolicyRuleNetworkMatcherUserDefinedFieldMatch"
+          },
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "Rule": {
-      "description": "This is deprecated and has no effect. Do not use.",
-      "id": "Rule",
+    "SecurityPolicyRuleNetworkMatcherUserDefinedFieldMatch": {
+      "id": "SecurityPolicyRuleNetworkMatcherUserDefinedFieldMatch",
       "properties": {
-        "action": {
-          "description": "This is deprecated and has no effect. Do not use.",
-          "enum": [
-            "ALLOW",
-            "ALLOW_WITH_LOG",
-            "DENY",
-            "DENY_WITH_LOG",
-            "LOG",
-            "NO_ACTION"
-          ],
-          "enumDescriptions": [
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use.",
-            "This is deprecated and has no effect. Do not use."
-          ],
+        "name": {
+          "description": "Name of the user-defined field, as given in the definition.",
           "type": "string"
         },
-        "conditions": {
-          "description": "This is deprecated and has no effect. Do not use.",
+        "values": {
+          "description": "Matching values of the field. Each element can be a 32-bit unsigned decimal or hexadecimal (starting with \"0x\") number (e.g. \"64\") or range (e.g. \"0x400-0x7ff\").",
           "items": {
-            "$ref": "Condition"
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPolicyRulePreconfiguredWafConfig": {
+      "id": "SecurityPolicyRulePreconfiguredWafConfig",
+      "properties": {
+        "exclusions": {
+          "description": "A list of exclusions to apply during preconfigured WAF evaluation.",
+          "items": {
+            "$ref": "SecurityPolicyRulePreconfiguredWafConfigExclusion"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPolicyRulePreconfiguredWafConfigExclusion": {
+      "id": "SecurityPolicyRulePreconfiguredWafConfigExclusion",
+      "properties": {
+        "requestCookiesToExclude": {
+          "description": "A list of request cookie names whose value will be excluded from inspection during preconfigured WAF evaluation.",
+          "items": {
+            "$ref": "SecurityPolicyRulePreconfiguredWafConfigExclusionFieldParams"
           },
           "type": "array"
         },
-        "description": {
-          "description": "This is deprecated and has no effect. Do not use.",
-          "type": "string"
-        },
-        "ins": {
-          "description": "This is deprecated and has no effect. Do not use.",
+        "requestHeadersToExclude": {
+          "description": "A list of request header names whose value will be excluded from inspection during preconfigured WAF evaluation.",
           "items": {
-            "type": "string"
+            "$ref": "SecurityPolicyRulePreconfiguredWafConfigExclusionFieldParams"
           },
           "type": "array"
         },
-        "logConfigs": {
-          "description": "This is deprecated and has no effect. Do not use.",
+        "requestQueryParamsToExclude": {
+          "description": "A list of request query parameter names whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body.",
           "items": {
-            "$ref": "LogConfig"
+            "$ref": "SecurityPolicyRulePreconfiguredWafConfigExclusionFieldParams"
           },
           "type": "array"
         },
-        "notIns": {
-          "description": "This is deprecated and has no effect. Do not use.",
+        "requestUrisToExclude": {
+          "description": "A list of request URIs from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded.",
           "items": {
-            "type": "string"
+            "$ref": "SecurityPolicyRulePreconfiguredWafConfigExclusionFieldParams"
           },
           "type": "array"
         },
-        "permissions": {
-          "description": "This is deprecated and has no effect. Do not use.",
+        "targetRuleIds": {
+          "description": "A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set.",
           "items": {
             "type": "string"
           },
           "type": "array"
+        },
+        "targetRuleSet": {
+          "description": "Target WAF rule set to apply the preconfigured WAF exclusion.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "SSLHealthCheck": {
-      "id": "SSLHealthCheck",
+    "SecurityPolicyRulePreconfiguredWafConfigExclusionFieldParams": {
+      "id": "SecurityPolicyRulePreconfiguredWafConfigExclusionFieldParams",
       "properties": {
-        "port": {
-          "description": "The TCP port number to which the health check prober sends packets. The default value is 443. Valid values are 1 through 65535.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "portName": {
-          "description": "Not supported.",
-          "type": "string"
-        },
-        "portSpecification": {
-          "description": "Specifies how a port is selected for health checking. Can be one of the following values: USE_FIXED_PORT: Specifies a port number explicitly using the port field in the health check. Supported by backend services for pass-through load balancers and backend services for proxy load balancers. Not supported by target pools. The health check supports all backends supported by the backend service provided the backend can be health checked. For example, GCE_VM_IP network endpoint groups, GCE_VM_IP_PORT network endpoint groups, and instance group backends. USE_NAMED_PORT: Not supported. USE_SERVING_PORT: Provides an indirect method of specifying the health check port by referring to the backend service. Only supported by backend services for proxy load balancers. Not supported by target pools. Not supported by backend services for pass-through load balancers. Supports all backends that can be health checked; for example, GCE_VM_IP_PORT network endpoint groups and instance group backends. For GCE_VM_IP_PORT network endpoint group backends, the health check uses the port number specified for each endpoint in the network endpoint group. For instance group backends, the health check uses the port number determined by looking up the backend service's named port in the instance group's list of named ports.",
-          "enum": [
-            "USE_FIXED_PORT",
-            "USE_NAMED_PORT",
-            "USE_SERVING_PORT"
-          ],
-          "enumDescriptions": [
-            "The port number in the health check's port is used for health checking. Applies to network endpoint group and instance group backends.",
-            "Not supported.",
-            "For network endpoint group backends, the health check uses the port number specified on each endpoint in the network endpoint group. For instance group backends, the health check uses the port number specified for the backend service's named port defined in the instance group's named ports."
-          ],
-          "type": "string"
-        },
-        "proxyHeader": {
-          "description": "Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. The default is NONE.",
+        "op": {
+          "description": "The match operator for the field.",
           "enum": [
-            "NONE",
-            "PROXY_V1"
+            "CONTAINS",
+            "ENDS_WITH",
+            "EQUALS",
+            "EQUALS_ANY",
+            "STARTS_WITH"
           ],
           "enumDescriptions": [
-            "",
-            ""
+            "The operator matches if the field value contains the specified value.",
+            "The operator matches if the field value ends with the specified value.",
+            "The operator matches if the field value equals the specified value.",
+            "The operator matches if the field value is any value.",
+            "The operator matches if the field value starts with the specified value."
           ],
           "type": "string"
         },
-        "request": {
-          "description": "Instructs the health check prober to send this exact ASCII string, up to 1024 bytes in length, after establishing the TCP connection and SSL handshake.",
-          "type": "string"
-        },
-        "response": {
-          "description": "Creates a content-based SSL health check. In addition to establishing a TCP connection and the TLS handshake, you can configure the health check to pass only when the backend sends this exact response ASCII string, up to 1024 bytes in length. For details, see: https://cloud.google.com/load-balancing/docs/health-check-concepts#criteria-protocol-ssl-tcp",
+        "val": {
+          "description": "The value of the field.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "SavedAttachedDisk": {
-      "description": "DEPRECATED: Please use compute#savedDisk instead. An instance-attached disk resource.",
-      "id": "SavedAttachedDisk",
+    "SecurityPolicyRuleRateLimitOptions": {
+      "id": "SecurityPolicyRuleRateLimitOptions",
       "properties": {
-        "autoDelete": {
-          "description": "Specifies whether the disk will be auto-deleted when the instance is deleted (but not when the disk is detached from the instance).",
-          "type": "boolean"
-        },
-        "boot": {
-          "description": "Indicates that this is a boot disk. The virtual machine will use the first partition of the disk for its root filesystem.",
-          "type": "boolean"
-        },
-        "deviceName": {
-          "description": "Specifies the name of the disk attached to the source instance.",
-          "type": "string"
-        },
-        "diskEncryptionKey": {
-          "$ref": "CustomerEncryptionKey",
-          "description": "The encryption key for the disk."
+        "banDurationSec": {
+          "description": "Can only be specified if the action for the rule is \"rate_based_ban\". If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.",
+          "format": "int32",
+          "type": "integer"
         },
-        "diskSizeGb": {
-          "description": "The size of the disk in base-2 GB.",
-          "format": "int64",
-          "type": "string"
+        "banThreshold": {
+          "$ref": "SecurityPolicyRuleRateLimitOptionsThreshold",
+          "description": "Can only be specified if the action for the rule is \"rate_based_ban\". If specified, the key will be banned for the configured 'ban_duration_sec' when the number of requests that exceed the 'rate_limit_threshold' also exceed this 'ban_threshold'."
         },
-        "diskType": {
-          "description": "[Output Only] URL of the disk type resource. For example: projects/project /zones/zone/diskTypes/pd-standard or pd-ssd",
+        "conformAction": {
+          "description": "Action to take for requests that are under the configured rate limit threshold. Valid option is \"allow\" only.",
           "type": "string"
         },
-        "guestOsFeatures": {
-          "description": "A list of features to enable on the guest operating system. Applicable only for bootable images. Read Enabling guest operating system features to see a list of available options.",
-          "items": {
-            "$ref": "GuestOsFeature"
-          },
-          "type": "array"
-        },
-        "index": {
-          "description": "Specifies zero-based index of the disk that is attached to the source instance.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "interface": {
-          "description": "Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME.",
+        "enforceOnKey": {
+          "description": "Determines the key to enforce the rate_limit_threshold on. Possible values are: - ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if \"enforceOnKey\" is not configured. - IP: The source IP address of the request is the key. Each IP has this limit enforced separately. - HTTP_HEADER: The value of the HTTP header whose name is configured under \"enforceOnKeyName\". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL. - XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP. - HTTP_COOKIE: The value of the HTTP cookie whose name is configured under \"enforceOnKeyName\". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL. - HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes. - SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session. - REGION_CODE: The country/region from which the request originates. ",
           "enum": [
-            "NVDIMM",
-            "NVME",
-            "SCSI"
+            "ALL",
+            "ALL_IPS",
+            "HTTP_COOKIE",
+            "HTTP_HEADER",
+            "HTTP_PATH",
+            "IP",
+            "REGION_CODE",
+            "SNI",
+            "XFF_IP"
+          ],
+          "enumDeprecated": [
+            false,
+            true,
+            false,
+            false,
+            false,
+            false,
+            false,
+            false,
+            false
           ],
           "enumDescriptions": [
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
             "",
             "",
             ""
           ],
           "type": "string"
         },
-        "kind": {
-          "default": "compute#savedAttachedDisk",
-          "description": "[Output Only] Type of the resource. Always compute#attachedDisk for attached disks.",
-          "type": "string"
-        },
-        "licenses": {
-          "description": "[Output Only] Any valid publicly visible licenses.",
+        "enforceOnKeyConfigs": {
+          "description": "If specified, any combination of values of enforce_on_key_type/enforce_on_key_name is treated as the key on which ratelimit threshold/action is enforced. You can specify up to 3 enforce_on_key_configs. If enforce_on_key_configs is specified, enforce_on_key must not be specified.",
           "items": {
-            "type": "string"
+            "$ref": "SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig"
           },
           "type": "array"
         },
-        "mode": {
-          "description": "The mode in which this disk is attached to the source instance, either READ_WRITE or READ_ONLY.",
-          "enum": [
-            "READ_ONLY",
-            "READ_WRITE"
-          ],
-          "enumDescriptions": [
-            "Attaches this disk in read-only mode. Multiple virtual machines can use a disk in read-only mode at a time.",
-            "*[Default]* Attaches this disk in read-write mode. Only one virtual machine at a time can be attached to a disk in read-write mode."
-          ],
+        "enforceOnKeyName": {
+          "description": "Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.",
           "type": "string"
         },
-        "source": {
-          "description": "Specifies a URL of the disk attached to the source instance.",
+        "exceedAction": {
+          "description": "Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are `deny(STATUS)`, where valid values for `STATUS` are 403, 404, 429, and 502, and `redirect`, where the redirect parameters come from `exceedRedirectOptions` below. The `redirect` action is only supported in Global Security Policies of type CLOUD_ARMOR.",
           "type": "string"
         },
-        "storageBytes": {
-          "description": "[Output Only] A size of the storage used by the disk's snapshot by this machine image.",
-          "format": "int64",
+        "exceedActionRpcStatus": {
+          "$ref": "SecurityPolicyRuleRateLimitOptionsRpcStatus",
+          "description": "Specified gRPC response status for proxyless gRPC requests that are above the configured rate limit threshold"
+        },
+        "exceedRedirectOptions": {
+          "$ref": "SecurityPolicyRuleRedirectOptions",
+          "description": "Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect. This field is only supported in Global Security Policies of type CLOUD_ARMOR."
+        },
+        "rateLimitThreshold": {
+          "$ref": "SecurityPolicyRuleRateLimitOptionsThreshold",
+          "description": "Threshold at which to begin ratelimiting."
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig": {
+      "id": "SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig",
+      "properties": {
+        "enforceOnKeyName": {
+          "description": "Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.",
           "type": "string"
         },
-        "storageBytesStatus": {
-          "description": "[Output Only] An indicator whether storageBytes is in a stable state or it is being adjusted as a result of shared storage reallocation. This status can either be UPDATING, meaning the size of the snapshot is being updated, or UP_TO_DATE, meaning the size of the snapshot is up-to-date.",
+        "enforceOnKeyType": {
+          "description": "Determines the key to enforce the rate_limit_threshold on. Possible values are: - ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if \"enforceOnKeyConfigs\" is not configured. - IP: The source IP address of the request is the key. Each IP has this limit enforced separately. - HTTP_HEADER: The value of the HTTP header whose name is configured under \"enforceOnKeyName\". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL. - XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP. - HTTP_COOKIE: The value of the HTTP cookie whose name is configured under \"enforceOnKeyName\". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL. - HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes. - SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session. - REGION_CODE: The country/region from which the request originates. ",
           "enum": [
-            "UPDATING",
-            "UP_TO_DATE"
+            "ALL",
+            "ALL_IPS",
+            "HTTP_COOKIE",
+            "HTTP_HEADER",
+            "HTTP_PATH",
+            "IP",
+            "REGION_CODE",
+            "SNI",
+            "XFF_IP"
+          ],
+          "enumDeprecated": [
+            false,
+            true,
+            false,
+            false,
+            false,
+            false,
+            false,
+            false,
+            false
           ],
           "enumDescriptions": [
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
             "",
             ""
           ],
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPolicyRuleRateLimitOptionsRpcStatus": {
+      "description": "Simplified google.rpc.Status type (omitting details).",
+      "id": "SecurityPolicyRuleRateLimitOptionsRpcStatus",
+      "properties": {
+        "code": {
+          "description": "The status code, which should be an enum value of google.rpc.Code.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "message": {
+          "description": "A developer-facing error message, which should be in English.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPolicyRuleRateLimitOptionsThreshold": {
+      "id": "SecurityPolicyRuleRateLimitOptionsThreshold",
+      "properties": {
+        "count": {
+          "description": "Number of HTTP(S) requests for calculating the threshold.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "intervalSec": {
+          "description": "Interval over which the threshold is computed.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPolicyRuleRedirectOptions": {
+      "id": "SecurityPolicyRuleRedirectOptions",
+      "properties": {
+        "target": {
+          "description": "Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.",
+          "type": "string"
         },
         "type": {
-          "description": "Specifies the type of the attached disk, either SCRATCH or PERSISTENT.",
+          "description": "Type of the redirect action.",
           "enum": [
-            "PERSISTENT",
-            "SCRATCH"
+            "EXTERNAL_302",
+            "GOOGLE_RECAPTCHA"
           ],
           "enumDescriptions": [
             "",
@@ -73443,281 +82027,321 @@
       },
       "type": "object"
     },
-    "SavedDisk": {
-      "description": "An instance-attached disk resource.",
-      "id": "SavedDisk",
+    "SecurityPolicyUserDefinedField": {
+      "id": "SecurityPolicyUserDefinedField",
       "properties": {
-        "architecture": {
-          "description": "[Output Only] The architecture of the attached disk.",
+        "base": {
+          "description": "The base relative to which 'offset' is measured. Possible values are: - IPV4: Points to the beginning of the IPv4 header. - IPV6: Points to the beginning of the IPv6 header. - TCP: Points to the beginning of the TCP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments. - UDP: Points to the beginning of the UDP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments. required",
           "enum": [
-            "ARCHITECTURE_UNSPECIFIED",
-            "ARM64",
-            "X86_64"
+            "IPV4",
+            "IPV6",
+            "TCP",
+            "UDP"
           ],
           "enumDescriptions": [
-            "Default value indicating Architecture is not set.",
-            "Machines with architecture ARM64",
-            "Machines with architecture X86_64"
+            "",
+            "",
+            "",
+            ""
           ],
           "type": "string"
         },
-        "kind": {
-          "default": "compute#savedDisk",
-          "description": "[Output Only] Type of the resource. Always compute#savedDisk for attached disks.",
+        "mask": {
+          "description": "If specified, apply this mask (bitwise AND) to the field to ignore bits before matching. Encoded as a hexadecimal number (starting with \"0x\"). The last byte of the field (in network byte order) corresponds to the least significant byte of the mask.",
           "type": "string"
         },
-        "sourceDisk": {
-          "description": "Specifies a URL of the disk attached to the source instance.",
+        "name": {
+          "description": "The name of this field. Must be unique within the policy.",
           "type": "string"
         },
-        "storageBytes": {
-          "description": "[Output Only] Size of the individual disk snapshot used by this machine image.",
-          "format": "int64",
-          "type": "string"
+        "offset": {
+          "description": "Offset of the first byte of the field (in network byte order) relative to 'base'.",
+          "format": "int32",
+          "type": "integer"
         },
-        "storageBytesStatus": {
-          "description": "[Output Only] An indicator whether storageBytes is in a stable state or it is being adjusted as a result of shared storage reallocation. This status can either be UPDATING, meaning the size of the snapshot is being updated, or UP_TO_DATE, meaning the size of the snapshot is up-to-date.",
-          "enum": [
-            "UPDATING",
-            "UP_TO_DATE"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
-          "type": "string"
+        "size": {
+          "description": "Size of the field in bytes. Valid values: 1-4.",
+          "format": "int32",
+          "type": "integer"
         }
       },
       "type": "object"
     },
-    "ScalingScheduleStatus": {
-      "id": "ScalingScheduleStatus",
+    "SecuritySettings": {
+      "description": "The authentication and authorization settings for a BackendService.",
+      "id": "SecuritySettings",
       "properties": {
-        "lastStartTime": {
-          "description": "[Output Only] The last time the scaling schedule became active. Note: this is a timestamp when a schedule actually became active, not when it was planned to do so. The timestamp is in RFC3339 text format.",
+        "authentication": {
+          "deprecated": true,
+          "description": "[Deprecated] Use clientTlsPolicy instead.",
           "type": "string"
         },
-        "nextStartTime": {
-          "description": "[Output Only] The next time the scaling schedule is to become active. Note: this is a timestamp when a schedule is planned to run, but the actual time might be slightly different. The timestamp is in RFC3339 text format.",
-          "type": "string"
+        "authenticationPolicy": {
+          "$ref": "AuthenticationPolicy",
+          "description": "[Deprecated] Authentication policy defines what authentication methods can be accepted on backends, and if authenticated, which method/certificate will set the request principal. request principal."
         },
-        "state": {
-          "description": "[Output Only] The current state of a scaling schedule.",
-          "enum": [
-            "ACTIVE",
-            "DISABLED",
-            "OBSOLETE",
-            "READY"
-          ],
-          "enumDescriptions": [
-            "The current autoscaling recommendation is influenced by this scaling schedule.",
-            "This scaling schedule has been disabled by the user.",
-            "This scaling schedule will never become active again.",
-            "The current autoscaling recommendation is not influenced by this scaling schedule."
-          ],
+        "authorizationConfig": {
+          "$ref": "AuthorizationConfig",
+          "description": "[Deprecated] Authorization config defines the Role Based Access Control (RBAC) config. Authorization config defines the Role Based Access Control (RBAC) config."
+        },
+        "awsV4Authentication": {
+          "$ref": "AWSV4Signature",
+          "description": "The configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication. Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends."
+        },
+        "clientTlsPolicy": {
+          "description": "Optional. A URL referring to a networksecurity.ClientTlsPolicy resource that describes how clients should authenticate with this service's backends. clientTlsPolicy only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED. If left blank, communications are not encrypted.",
           "type": "string"
+        },
+        "clientTlsSettings": {
+          "$ref": "ClientTlsSettings",
+          "description": "[Deprecated] TLS Settings for the backend service."
+        },
+        "subjectAltNames": {
+          "description": "Optional. A list of Subject Alternative Names (SANs) that the client verifies during a mutual TLS handshake with an server/endpoint for this BackendService. When the server presents its X.509 certificate to the client, the client inspects the certificate's subjectAltName field. If the field contains one of the specified values, the communication continues. Otherwise, it fails. This additional check enables the client to verify that the server is authorized to run the requested service. Note that the contents of the server certificate's subjectAltName field are configured by the Public Key Infrastructure which provisions server identities. Only applies to a global BackendService with loadBalancingScheme set to INTERNAL_SELF_MANAGED. Only applies when BackendService has an attached clientTlsPolicy with clientCertificate (mTLS mode).",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "Scheduling": {
-      "description": "Sets the scheduling options for an Instance.",
-      "id": "Scheduling",
+    "SerialPortOutput": {
+      "description": "An instance serial console output.",
+      "id": "SerialPortOutput",
       "properties": {
-        "automaticRestart": {
-          "description": "Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). You can only set the automatic restart option for standard instances. Preemptible instances cannot be automatically restarted. By default, this is set to true so an instance is automatically restarted if it is terminated by Compute Engine.",
-          "type": "boolean"
-        },
-        "availabilityDomain": {
-          "description": "Specifies the availability domain (AD), which this instance should be scheduled on. The AD belongs to the spread GroupPlacementPolicy resource policy that has been assigned to the instance. Specify a value between 1-max count of availability domains in your GroupPlacementPolicy. See go/placement-policy-extension for more details.",
-          "format": "int32",
-          "type": "integer"
+        "contents": {
+          "description": "[Output Only] The contents of the console output.",
+          "type": "string"
         },
-        "currentCpus": {
-          "description": "Current number of vCPUs available for VM. 0 or unset means default vCPUs of the current machine type.",
-          "format": "int32",
-          "type": "integer"
+        "kind": {
+          "default": "compute#serialPortOutput",
+          "description": "[Output Only] Type of the resource. Always compute#serialPortOutput for serial port output.",
+          "type": "string"
         },
-        "currentMemoryMb": {
-          "description": "Current amount of memory (in MB) available for VM. 0 or unset means default amount of memory of the current machine type.",
+        "next": {
+          "description": "[Output Only] The position of the next byte of content, regardless of whether the content exists, following the output returned in the `contents` property. Use this value in the next request as the start parameter.",
           "format": "int64",
           "type": "string"
         },
-        "hostErrorTimeoutSeconds": {
-          "description": "Specify the time in seconds for host error detection, the value must be within the range of [90, 330] with the increment of 30, if unset, the default behavior of host error recovery will be used.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "instanceTerminationAction": {
-          "description": "Specifies the termination action for the instance.",
-          "enum": [
-            "DELETE",
-            "INSTANCE_TERMINATION_ACTION_UNSPECIFIED",
-            "STOP"
-          ],
-          "enumDescriptions": [
-            "Delete the VM.",
-            "Default value. This value is unused.",
-            "Stop the VM without storing in-memory content. default action."
-          ],
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
-        "latencyTolerant": {
-          "description": "Defines whether the instance is tolerant of higher cpu latency. This can only be set during instance creation, or when the instance is not currently running. It must not be set if the preemptible option is also set.",
-          "type": "boolean"
-        },
-        "locationHint": {
-          "description": "An opaque location hint used to place the instance close to other resources. This field is for use by internal tools that use the public API.",
+        "start": {
+          "description": "The starting byte position of the output that was returned. This should match the start parameter sent with the request. If the serial console output exceeds the size of the buffer (1 MB), older output is overwritten by newer content. The output start value will indicate the byte position of the output that was returned, which might be different than the `start` value that was specified in the request.",
+          "format": "int64",
           "type": "string"
-        },
-        "maintenanceFreezeDurationHours": {
-          "description": "Specifies the number of hours after VM instance creation where the VM won't be scheduled for maintenance.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "maintenanceInterval": {
-          "description": "Specifies the frequency of planned maintenance events. The accepted values are: `PERIODIC`.",
+        }
+      },
+      "type": "object"
+    },
+    "ServerBinding": {
+      "id": "ServerBinding",
+      "properties": {
+        "type": {
           "enum": [
-            "PERIODIC",
-            "RECURRENT"
+            "RESTART_NODE_ON_ANY_SERVER",
+            "RESTART_NODE_ON_MINIMAL_SERVERS",
+            "SERVER_BINDING_TYPE_UNSPECIFIED"
           ],
           "enumDescriptions": [
-            "VMs receive infrastructure and hypervisor updates on a periodic basis, minimizing the number of maintenance operations (live migrations or terminations) on an individual VM. This may mean a VM will take longer to receive an update than if it was configured for AS_NEEDED. Security updates will still be applied as soon as they are available.",
-            "VMs receive infrastructure and hypervisor updates on a periodic basis, minimizing the number of maintenance operations (live migrations or terminations) on an individual VM. This may mean a VM will take longer to receive an update than if it was configured for AS_NEEDED. Security updates will still be applied as soon as they are available. RECURRENT is used for GEN3 and Slice of Hardware VMs."
+            "Node may associate with any physical server over its lifetime.",
+            "Node may associate with minimal physical servers over its lifetime.",
+            ""
           ],
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ServerTlsSettings": {
+      "description": "The TLS settings for the server.",
+      "id": "ServerTlsSettings",
+      "properties": {
+        "proxyTlsContext": {
+          "$ref": "TlsContext",
+          "description": "Configures the mechanism to obtain security certificates and identity information."
         },
-        "maxRunDuration": {
-          "$ref": "Duration",
-          "description": "Specifies the max run duration for the given instance. If specified, the instance termination action will be performed at the end of the run duration."
-        },
-        "minNodeCpus": {
-          "description": "The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "nodeAffinities": {
-          "description": "A set of node affinity and anti-affinity configurations. Refer to Configuring node affinity for more information. Overrides reservationAffinity.",
+        "subjectAltNames": {
+          "description": "A list of alternate names to verify the subject identity in the certificate presented by the client.",
           "items": {
-            "$ref": "SchedulingNodeAffinity"
+            "type": "string"
           },
           "type": "array"
         },
-        "onHostMaintenance": {
-          "description": "Defines the maintenance behavior for this instance. For standard instances, the default behavior is MIGRATE. For preemptible instances, the default and only possible behavior is TERMINATE. For more information, see Set VM host maintenance policy.",
+        "tlsMode": {
+          "description": "Indicates whether connections should be secured using TLS. The value of this field determines how TLS is enforced. This field can be set to one of the following: - SIMPLE Secure connections with standard TLS semantics. - MUTUAL Secure connections to the backends using mutual TLS by presenting client certificates for authentication. ",
           "enum": [
-            "MIGRATE",
-            "TERMINATE"
+            "INVALID",
+            "MUTUAL",
+            "SIMPLE"
           ],
           "enumDescriptions": [
-            "*[Default]* Allows Compute Engine to automatically migrate instances out of the way of maintenance events.",
-            "Tells Compute Engine to terminate and (optionally) restart the instance away from the maintenance activity. If you would like your instance to be restarted, set the automaticRestart flag to true. Your instance may be restarted more than once, and it may be restarted outside the window of maintenance events."
+            "",
+            "Secure connections to the backends using mutual TLS by presenting client certificates for authentication.",
+            "Secure connections with standard TLS semantics."
           ],
           "type": "string"
-        },
-        "preemptible": {
-          "description": "Defines whether the instance is preemptible. This can only be set during instance creation or while the instance is stopped and therefore, in a `TERMINATED` state. See Instance Life Cycle for more information on the possible instance states.",
-          "type": "boolean"
-        },
-        "provisioningModel": {
-          "description": "Specifies the provisioning model of the instance.",
-          "enum": [
-            "SPOT",
-            "STANDARD"
-          ],
-          "enumDescriptions": [
-            "Heavily discounted, no guaranteed runtime.",
-            "Standard provisioning with user controlled runtime, no discounts."
-          ],
+        }
+      },
+      "type": "object"
+    },
+    "ServiceAccount": {
+      "description": "A service account.",
+      "id": "ServiceAccount",
+      "properties": {
+        "email": {
+          "description": "Email address of the service account.",
           "type": "string"
         },
-        "terminationTime": {
-          "description": "Specifies the timestamp, when the instance will be terminated, in RFC3339 text format. If specified, the instance termination action will be performed at the termination time.",
-          "type": "string"
+        "scopes": {
+          "description": "The list of scopes to be made available for this service account.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "SchedulingNodeAffinity": {
-      "description": "Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled.",
-      "id": "SchedulingNodeAffinity",
+    "ServiceAttachment": {
+      "description": "Represents a ServiceAttachment resource. A service attachment represents a service that a producer has exposed. It encapsulates the load balancer which fronts the service runs and a list of NAT IP ranges that the producers uses to represent the consumers connecting to the service.",
+      "id": "ServiceAttachment",
       "properties": {
-        "key": {
-          "description": "Corresponds to the label key of Node resource.",
-          "type": "string"
+        "connectedEndpoints": {
+          "description": "[Output Only] An array of connections for all the consumers connected to this service attachment.",
+          "items": {
+            "$ref": "ServiceAttachmentConnectedEndpoint"
+          },
+          "type": "array"
         },
-        "operator": {
-          "description": "Defines the operation of node selection. Valid operators are IN for affinity and NOT_IN for anti-affinity.",
+        "connectionPreference": {
+          "description": "The connection preference of service attachment. The value can be set to ACCEPT_AUTOMATIC. An ACCEPT_AUTOMATIC service attachment is one that always accepts the connection from consumer forwarding rules.",
           "enum": [
-            "IN",
-            "NOT_IN",
-            "OPERATOR_UNSPECIFIED"
+            "ACCEPT_AUTOMATIC",
+            "ACCEPT_MANUAL",
+            "CONNECTION_PREFERENCE_UNSPECIFIED"
           ],
           "enumDescriptions": [
-            "Requires Compute Engine to seek for matched nodes.",
-            "Requires Compute Engine to avoid certain nodes.",
+            "",
+            "",
             ""
           ],
           "type": "string"
         },
-        "values": {
-          "description": "Corresponds to the label values of Node resource.",
+        "consumerAcceptLists": {
+          "description": "Projects that are allowed to connect to this service attachment.",
+          "items": {
+            "$ref": "ServiceAttachmentConsumerProjectLimit"
+          },
+          "type": "array"
+        },
+        "consumerRejectLists": {
+          "description": "Projects that are not allowed to connect to this service attachment. The project can be specified using its id or number.",
           "items": {
             "type": "string"
           },
           "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "Screenshot": {
-      "description": "An instance's screenshot.",
-      "id": "Screenshot",
-      "properties": {
-        "contents": {
-          "description": "[Output Only] The Base64-encoded screenshot data.",
+        },
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
+        },
+        "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
+          "type": "string"
+        },
+        "domainNames": {
+          "description": "If specified, the domain name will be used during the integration between the PSC connected endpoints and the Cloud DNS. For example, this is a valid domain name: \"p.mycompany.com.\". Current max number of domain names supported is 1.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "enableProxyProtocol": {
+          "description": "If true, enable the proxy protocol which is for supplying client TCP/IP address data in TCP connections that traverse proxies on their way to destination servers.",
+          "type": "boolean"
+        },
+        "fingerprint": {
+          "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a ServiceAttachment. An up-to-date fingerprint must be provided in order to patch/update the ServiceAttachment; otherwise, the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve the ServiceAttachment.",
+          "format": "byte",
+          "type": "string"
+        },
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource type. The server generates this identifier.",
+          "format": "uint64",
           "type": "string"
         },
         "kind": {
-          "default": "compute#screenshot",
-          "description": "[Output Only] Type of the resource. Always compute#screenshot for the screenshots.",
+          "default": "compute#serviceAttachment",
+          "description": "[Output Only] Type of the resource. Always compute#serviceAttachment for service attachments.",
+          "type": "string"
+        },
+        "name": {
+          "annotations": {
+            "required": [
+              "compute.serviceAttachments.insert"
+            ]
+          },
+          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "natSubnets": {
+          "description": "An array of URLs where each entry is the URL of a subnet provided by the service producer to use for NAT in this service attachment.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "producerForwardingRule": {
+          "deprecated": true,
+          "description": "The URL of a forwarding rule with loadBalancingScheme INTERNAL* that is serving the endpoint identified by this service attachment.",
+          "type": "string"
+        },
+        "pscServiceAttachmentId": {
+          "$ref": "Uint128",
+          "description": "[Output Only] An 128-bit global unique ID of the PSC service attachment."
+        },
+        "reconcileConnections": {
+          "description": "This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. - If false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified . - If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list. For newly created service attachment, this boolean defaults to true.",
+          "type": "boolean"
+        },
+        "region": {
+          "description": "[Output Only] URL of the region where the service attachment resides. This field applies only to the region resource. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
+          "type": "string"
+        },
+        "targetService": {
+          "description": "The URL of a service serving the endpoint identified by this service attachment.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "SdsConfig": {
-      "description": "[Deprecated] The configuration to access the SDS server. The configuration to access the SDS server.",
-      "id": "SdsConfig",
-      "properties": {
-        "grpcServiceConfig": {
-          "$ref": "GrpcServiceConfig",
-          "description": "The configuration to access the SDS server over GRPC."
-        }
-      },
-      "type": "object"
-    },
-    "SecurityPoliciesAggregatedList": {
-      "id": "SecurityPoliciesAggregatedList",
+    "ServiceAttachmentAggregatedList": {
+      "description": "Contains a list of ServiceAttachmentsScopedList.",
+      "id": "ServiceAttachmentAggregatedList",
       "properties": {
-        "etag": {
-          "type": "string"
-        },
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
           "additionalProperties": {
-            "$ref": "SecurityPoliciesScopedList",
-            "description": "Name of the scope containing this set of security policies."
+            "$ref": "ServiceAttachmentsScopedList",
+            "description": "Name of the scope containing this set of ServiceAttachments."
           },
-          "description": "A list of SecurityPoliciesScopedList resources.",
+          "description": "A list of ServiceAttachmentsScopedList resources.",
           "type": "object"
         },
         "kind": {
-          "default": "compute#securityPoliciesAggregatedList",
-          "description": "[Output Only] Type of resource. Always compute#securityPolicyAggregatedList for lists of Security Policies.",
+          "default": "compute#serviceAttachmentAggregatedList",
+          "description": "Type of resource.",
           "type": "string"
         },
         "nextPageToken": {
@@ -73751,6 +82375,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -73769,116 +82394,35 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "SecurityPoliciesListPreconfiguredExpressionSetsResponse": {
-      "id": "SecurityPoliciesListPreconfiguredExpressionSetsResponse",
-      "properties": {
-        "preconfiguredExpressionSets": {
-          "$ref": "SecurityPoliciesWafConfig"
-        }
-      },
-      "type": "object"
-    },
-    "SecurityPoliciesScopedList": {
-      "id": "SecurityPoliciesScopedList",
-      "properties": {
-        "securityPolicies": {
-          "description": "A list of SecurityPolicies contained in this scope.",
-          "items": {
-            "$ref": "SecurityPolicy"
-          },
-          "type": "array"
-        },
-        "warning": {
-          "description": "Informational warning which replaces the list of security policies when the list is empty.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
               ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
@@ -73891,6 +82435,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -73933,232 +82478,44 @@
               "type": "string"
             }
           },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "SecurityPoliciesWafConfig": {
-      "id": "SecurityPoliciesWafConfig",
-      "properties": {
-        "wafRules": {
-          "$ref": "PreconfiguredWafSet"
-        }
-      },
-      "type": "object"
-    },
-    "SecurityPolicy": {
-      "description": "Represents a Google Cloud Armor security policy resource. Only external backend services that use load balancers can reference a security policy. For more information, see Google Cloud Armor security policy overview.",
-      "id": "SecurityPolicy",
-      "properties": {
-        "adaptiveProtectionConfig": {
-          "$ref": "SecurityPolicyAdaptiveProtectionConfig"
-        },
-        "advancedOptionsConfig": {
-          "$ref": "SecurityPolicyAdvancedOptionsConfig"
-        },
-        "associations": {
-          "description": "A list of associations that belong to this policy.",
-          "items": {
-            "$ref": "SecurityPolicyAssociation"
-          },
-          "type": "array"
-        },
-        "cloudArmorConfig": {
-          "$ref": "SecurityPolicyCloudArmorConfig"
-        },
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
-          "type": "string"
-        },
-        "ddosProtectionConfig": {
-          "$ref": "SecurityPolicyDdosProtectionConfig"
-        },
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
-          "type": "string"
-        },
-        "displayName": {
-          "description": "User-provided name of the Organization security plicy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is FIREWALL. The name must be 1-63 characters long, and comply with https://www.ietf.org/rfc/rfc1035.txt. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "fingerprint": {
-          "description": "Specifies a fingerprint for this resource, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make get() request to the security policy.",
-          "format": "byte",
-          "type": "string"
-        },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "kind": {
-          "default": "compute#securityPolicy",
-          "description": "[Output only] Type of the resource. Always compute#securityPolicyfor security policies",
-          "type": "string"
-        },
-        "labelFingerprint": {
-          "description": "A fingerprint for the labels being applied to this security policy, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels. To see the latest fingerprint, make get() request to the security policy.",
-          "format": "byte",
-          "type": "string"
-        },
-        "labels": {
-          "additionalProperties": {
-            "type": "string"
-          },
-          "description": "Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.",
-          "type": "object"
-        },
-        "name": {
-          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "parent": {
-          "description": "[Output Only] The parent of the security policy.",
-          "type": "string"
-        },
-        "recaptchaOptionsConfig": {
-          "$ref": "SecurityPolicyRecaptchaOptionsConfig"
-        },
-        "region": {
-          "description": "[Output Only] URL of the region where the regional security policy resides. This field is not applicable to global security policies.",
-          "type": "string"
-        },
-        "ruleTupleCount": {
-          "description": "[Output Only] Total count of all security policy rule tuples. A security policy can not exceed a set number of tuples.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "rules": {
-          "description": "A list of rules that belong to this policy. There must always be a default rule which is a rule with priority 2147483647 and match all condition (for the match condition this means match \"*\" for srcIpRanges and for the networkMatch condition every field must be either match \"*\" or not set). If no rules are provided when creating a security policy, a default rule with action \"allow\" will be added.",
-          "items": {
-            "$ref": "SecurityPolicyRule"
-          },
-          "type": "array"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
-          "type": "string"
-        },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
-          "type": "string"
-        },
-        "type": {
-          "description": "The type indicates the intended use of the security policy. - CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers. - CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache. - CLOUD_ARMOR_INTERNAL_SERVICE: Cloud Armor internal service policies can be configured to filter HTTP requests targeting services managed by Traffic Director in a service mesh. They filter requests before the request is served from the application. - CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time.",
-          "enum": [
-            "CLOUD_ARMOR",
-            "CLOUD_ARMOR_EDGE",
-            "CLOUD_ARMOR_INTERNAL_SERVICE",
-            "CLOUD_ARMOR_NETWORK",
-            "FIREWALL"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "userDefinedFields": {
-          "description": "Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies. A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits. Rules may then specify matching values for these fields. Example: userDefinedFields: - name: \"ipv4_fragment_offset\" base: IPV4 offset: 6 size: 2 mask: \"0x1fff\"",
-          "items": {
-            "$ref": "SecurityPolicyUserDefinedField"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "SecurityPolicyAdaptiveProtectionConfig": {
-      "description": "Configuration options for Cloud Armor Adaptive Protection (CAAP).",
-      "id": "SecurityPolicyAdaptiveProtectionConfig",
-      "properties": {
-        "autoDeployConfig": {
-          "$ref": "SecurityPolicyAdaptiveProtectionConfigAutoDeployConfig"
-        },
-        "layer7DdosDefenseConfig": {
-          "$ref": "SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfig",
-          "description": "If set to true, enables Cloud Armor Machine Learning."
-        }
-      },
-      "type": "object"
-    },
-    "SecurityPolicyAdaptiveProtectionConfigAutoDeployConfig": {
-      "description": "Configuration options for Adaptive Protection auto-deploy feature.",
-      "id": "SecurityPolicyAdaptiveProtectionConfigAutoDeployConfig",
-      "properties": {
-        "confidenceThreshold": {
-          "format": "float",
-          "type": "number"
-        },
-        "expirationSec": {
-          "format": "int32",
-          "type": "integer"
-        },
-        "impactedBaselineThreshold": {
-          "format": "float",
-          "type": "number"
-        },
-        "loadThreshold": {
-          "format": "float",
-          "type": "number"
+          "type": "object"
         }
       },
       "type": "object"
     },
-    "SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfig": {
-      "description": "Configuration options for L7 DDoS detection.",
-      "id": "SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfig",
+    "ServiceAttachmentConnectedEndpoint": {
+      "description": "[Output Only] A connection connected to this service attachment.",
+      "id": "ServiceAttachmentConnectedEndpoint",
       "properties": {
-        "enable": {
-          "description": "If set to true, enables CAAP for L7 DDoS detection.",
-          "type": "boolean"
+        "consumerNetwork": {
+          "description": "The url of the consumer network.",
+          "type": "string"
         },
-        "ruleVisibility": {
-          "description": "Rule visibility can be one of the following: STANDARD - opaque rules. (default) PREMIUM - transparent rules.",
-          "enum": [
-            "PREMIUM",
-            "STANDARD"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
+        "endpoint": {
+          "description": "The url of a connected endpoint.",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "SecurityPolicyAdvancedOptionsConfig": {
-      "id": "SecurityPolicyAdvancedOptionsConfig",
-      "properties": {
-        "jsonCustomConfig": {
-          "$ref": "SecurityPolicyAdvancedOptionsConfigJsonCustomConfig",
-          "description": "Custom configuration to apply the JSON parsing. Only applicable when json_parsing is set to STANDARD."
         },
-        "jsonParsing": {
-          "enum": [
-            "DISABLED",
-            "STANDARD"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
+        "pscConnectionId": {
+          "description": "The PSC connection id of the connected endpoint.",
+          "format": "uint64",
           "type": "string"
         },
-        "logLevel": {
+        "status": {
+          "description": "The status of a connected endpoint to this service attachment.",
           "enum": [
-            "NORMAL",
-            "VERBOSE"
+            "ACCEPTED",
+            "CLOSED",
+            "NEEDS_ATTENTION",
+            "PENDING",
+            "REJECTED",
+            "STATUS_UNSPECIFIED"
           ],
           "enumDescriptions": [
-            "",
+            "The connection has been accepted by the producer.",
+            "The connection has been closed by the producer.",
+            "The connection has been accepted by the producer, but the producer needs to take further action before the forwarding rule can serve traffic.",
+            "The connection is pending acceptance by the producer.",
+            "The consumer is still connected but not using the connection.",
             ""
           ],
           "type": "string"
@@ -74166,104 +82523,188 @@
       },
       "type": "object"
     },
-    "SecurityPolicyAdvancedOptionsConfigJsonCustomConfig": {
-      "id": "SecurityPolicyAdvancedOptionsConfigJsonCustomConfig",
-      "properties": {
-        "contentTypes": {
-          "description": "A list of custom Content-Type header values to apply the JSON parsing. As per RFC 1341, a Content-Type header value has the following format: Content-Type := type \"/\" subtype *[\";\" parameter] When configuring a custom Content-Type header value, only the type/subtype needs to be specified, and the parameters should be excluded.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "SecurityPolicyAssociation": {
-      "id": "SecurityPolicyAssociation",
+    "ServiceAttachmentConsumerProjectLimit": {
+      "id": "ServiceAttachmentConsumerProjectLimit",
       "properties": {
-        "attachmentId": {
-          "description": "The resource that the security policy is attached to.",
-          "type": "string"
-        },
-        "displayName": {
-          "description": "[Output Only] The display name of the security policy of the association.",
-          "type": "string"
+        "connectionLimit": {
+          "description": "The value of the limit to set.",
+          "format": "uint32",
+          "type": "integer"
         },
-        "name": {
-          "description": "The name for an association.",
+        "networkUrl": {
+          "description": "The network URL for the network to set the limit for.",
           "type": "string"
         },
-        "securityPolicyId": {
-          "description": "[Output Only] The security policy ID of the association.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "SecurityPolicyCloudArmorConfig": {
-      "description": "Configuration options for Cloud Armor.",
-      "id": "SecurityPolicyCloudArmorConfig",
-      "properties": {
-        "enableMl": {
-          "description": "If set to true, enables Cloud Armor Machine Learning.",
-          "type": "boolean"
-        }
-      },
-      "type": "object"
-    },
-    "SecurityPolicyDdosProtectionConfig": {
-      "id": "SecurityPolicyDdosProtectionConfig",
-      "properties": {
-        "ddosProtection": {
-          "enum": [
-            "ADVANCED",
-            "STANDARD"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
+        "projectIdOrNum": {
+          "description": "The project id or number for the project to set the limit for.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "SecurityPolicyList": {
-      "id": "SecurityPolicyList",
+    "ServiceAttachmentList": {
+      "id": "ServiceAttachmentList",
       "properties": {
-        "etag": {
-          "type": "string"
-        },
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of SecurityPolicy resources.",
+          "description": "A list of ServiceAttachment resources.",
           "items": {
-            "$ref": "SecurityPolicy"
+            "$ref": "ServiceAttachment"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#securityPolicyList",
-          "description": "[Output Only] Type of resource. Always compute#securityPolicyList for listsof securityPolicies",
+          "default": "compute#serviceAttachmentList",
+          "description": "[Output Only] Type of the resource. Always compute#serviceAttachment for service attachments.",
           "type": "string"
         },
         "nextPageToken": {
           "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
           "type": "string"
         },
-        "unreachables": {
-          "description": "[Output Only] Unreachable resources.",
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
+        "warning": {
+          "description": "[Output Only] Informational warning message.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "ServiceAttachmentsScopedList": {
+      "id": "ServiceAttachmentsScopedList",
+      "properties": {
+        "serviceAttachments": {
+          "description": "A list of ServiceAttachments contained in this scope.",
           "items": {
-            "type": "string"
+            "$ref": "ServiceAttachment"
           },
           "type": "array"
         },
         "warning": {
-          "description": "[Output Only] Informational warning message.",
+          "description": "Informational warning which replaces the list of service attachments when the list is empty.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -74278,6 +82719,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -74296,6 +82738,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -74307,6 +82779,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -74354,655 +82827,525 @@
       },
       "type": "object"
     },
-    "SecurityPolicyRecaptchaOptionsConfig": {
-      "id": "SecurityPolicyRecaptchaOptionsConfig",
+    "ServiceIntegrationSpec": {
+      "description": "Specifies the parameters to configure an integration with instances.",
+      "id": "ServiceIntegrationSpec",
       "properties": {
-        "redirectSiteKey": {
-          "description": "An optional field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used.",
-          "type": "string"
+        "backupDr": {
+          "$ref": "ServiceIntegrationSpecBackupDRSpec"
         }
       },
       "type": "object"
     },
-    "SecurityPolicyReference": {
-      "id": "SecurityPolicyReference",
+    "ServiceIntegrationSpecBackupDRSpec": {
+      "description": "Specifies parameters to Backup and DR to attach a BackupPlan to a compute instance for managed VM backup.",
+      "id": "ServiceIntegrationSpecBackupDRSpec",
       "properties": {
-        "securityPolicy": {
+        "plan": {
+          "description": "The BackupPlan resource to attach to the instance. Specified as a resource reference in instances, and regional instance templates, and as just the plan name in global instance templates",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "SecurityPolicyRule": {
-      "description": "Represents a rule that describes one or more match conditions along with the action to be taken when traffic matches this condition (allow or deny).",
-      "id": "SecurityPolicyRule",
+    "SetCommonInstanceMetadataOperationMetadata": {
+      "id": "SetCommonInstanceMetadataOperationMetadata",
       "properties": {
-        "action": {
-          "description": "The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for `STATUS` are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this. ",
+        "clientOperationId": {
+          "description": "[Output Only] The client operation id.",
           "type": "string"
         },
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
-          "type": "string"
+        "perLocationOperations": {
+          "additionalProperties": {
+            "$ref": "SetCommonInstanceMetadataOperationMetadataPerLocationOperationInfo"
+          },
+          "description": "[Output Only] Status information per location (location name is key). Example key: zones/us-central1-a",
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "SetCommonInstanceMetadataOperationMetadataPerLocationOperationInfo": {
+      "id": "SetCommonInstanceMetadataOperationMetadataPerLocationOperationInfo",
+      "properties": {
+        "error": {
+          "$ref": "Status",
+          "description": "[Output Only] If state is `ABANDONED` or `FAILED`, this field is populated."
         },
-        "direction": {
-          "description": "The direction in which this rule applies. This field may only be specified when versioned_expr is set to FIREWALL.",
+        "state": {
+          "description": "[Output Only] Status of the action, which can be one of the following: `PROPAGATING`, `PROPAGATED`, `ABANDONED`, `FAILED`, or `DONE`.",
           "enum": [
-            "EGRESS",
-            "INGRESS"
+            "ABANDONED",
+            "DONE",
+            "FAILED",
+            "PROPAGATED",
+            "PROPAGATING",
+            "UNSPECIFIED"
           ],
           "enumDescriptions": [
-            "",
+            "Operation not tracked in this location e.g. zone is marked as DOWN.",
+            "Operation has completed successfully.",
+            "Operation is in an error state.",
+            "Operation is confirmed to be in the location.",
+            "Operation is not yet confirmed to have been created in the location.",
             ""
           ],
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ShareSettings": {
+      "description": "The share setting for reservations and sole tenancy node groups.",
+      "id": "ShareSettings",
+      "properties": {
+        "folderMap": {
+          "additionalProperties": {
+            "$ref": "ShareSettingsFolderConfig"
+          },
+          "description": "A map of folder id and folder config to specify consumer projects for this shared-reservation. This is only valid when share_type's value is DIRECT_PROJECTS_UNDER_SPECIFIC_FOLDERS. Folder id should be a string of number, and without \"folders/\" prefix.",
+          "type": "object"
         },
-        "enableLogging": {
-          "description": "Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on \"goto_next\" rules. This field may only be specified when the versioned_expr is set to FIREWALL.",
-          "type": "boolean"
-        },
-        "headerAction": {
-          "$ref": "SecurityPolicyRuleHttpHeaderAction",
-          "description": "Optional, additional actions that are performed on headers."
-        },
-        "kind": {
-          "default": "compute#securityPolicyRule",
-          "description": "[Output only] Type of the resource. Always compute#securityPolicyRule for security policy rules",
-          "type": "string"
-        },
-        "match": {
-          "$ref": "SecurityPolicyRuleMatcher",
-          "description": "A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced."
-        },
-        "networkMatch": {
-          "$ref": "SecurityPolicyRuleNetworkMatcher",
-          "description": "A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - \"192.0.2.0/24\" - \"198.51.100.0/24\" userDefinedFields: - name: \"ipv4_fragment_offset\" values: - \"1-0x1fff\" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named \"ipv4_fragment_offset\" with a value between 1 and 0x1fff inclusive."
-        },
-        "preconfiguredWafConfig": {
-          "$ref": "SecurityPolicyRulePreconfiguredWafConfig",
-          "description": "Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect."
-        },
-        "preview": {
-          "description": "If set to true, the specified action is not enforced.",
-          "type": "boolean"
-        },
-        "priority": {
-          "description": "An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "rateLimitOptions": {
-          "$ref": "SecurityPolicyRuleRateLimitOptions",
-          "description": "Must be specified if the action is \"rate_based_ban\" or \"throttle\". Cannot be specified for any other actions."
-        },
-        "redirectOptions": {
-          "$ref": "SecurityPolicyRuleRedirectOptions",
-          "description": "Parameters defining the redirect action. Cannot be specified for any other actions."
+        "projectMap": {
+          "additionalProperties": {
+            "$ref": "ShareSettingsProjectConfig"
+          },
+          "description": "A map of project id and project config. This is only valid when share_type's value is SPECIFIC_PROJECTS.",
+          "type": "object"
         },
-        "redirectTarget": {
-          "description": "This must be specified for redirect actions. Cannot be specified for any other actions.",
-          "type": "string"
+        "projects": {
+          "description": "A List of Project names to specify consumer projects for this shared-reservation. This is only valid when share_type's value is SPECIFIC_PROJECTS.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         },
-        "ruleManagedProtectionTier": {
-          "description": "[Output Only] The minimum managed protection tier required for this rule. [Deprecated] Use requiredManagedProtectionTiers instead.",
+        "shareType": {
+          "description": "Type of sharing for this shared-reservation",
           "enum": [
-            "NONE",
-            "PLUS"
+            "DIRECT_PROJECTS_UNDER_SPECIFIC_FOLDERS",
+            "LOCAL",
+            "ORGANIZATION",
+            "SHARE_TYPE_UNSPECIFIED",
+            "SPECIFIC_PROJECTS"
           ],
           "enumDescriptions": [
-            "Standard protection.",
-            "Plus tier protection."
+            "Shared-reservation is open to direct child projects of specific folders.",
+            "Default value.",
+            "Shared-reservation is open to entire Organization",
+            "Default value. This value is unused.",
+            "Shared-reservation is open to specific projects"
           ],
           "type": "string"
-        },
-        "ruleNumber": {
-          "description": "Identifier for the rule. This is only unique within the given security policy. This can only be set during rule creation, if rule number is not specified it will be generated by the server.",
-          "format": "int64",
-          "type": "string"
-        },
-        "ruleTupleCount": {
-          "description": "[Output Only] Calculation of the complexity of a single firewall security policy rule.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "targetResources": {
-          "description": "A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule. This field may only be specified when versioned_expr is set to FIREWALL.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "targetServiceAccounts": {
-          "description": "A list of service accounts indicating the sets of instances that are applied with this rule.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
         }
       },
       "type": "object"
     },
-    "SecurityPolicyRuleHttpHeaderAction": {
-      "id": "SecurityPolicyRuleHttpHeaderAction",
+    "ShareSettingsFolderConfig": {
+      "description": "Config for each folder in the share settings.",
+      "id": "ShareSettingsFolderConfig",
       "properties": {
-        "requestHeadersToAdds": {
-          "description": "The list of request headers to add or overwrite if they're already present.",
-          "items": {
-            "$ref": "SecurityPolicyRuleHttpHeaderActionHttpHeaderOption"
-          },
-          "type": "array"
+        "folderId": {
+          "description": "The folder ID, should be same as the key of this folder config in the parent map. Folder id should be a string of number, and without \"folders/\" prefix.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "SecurityPolicyRuleHttpHeaderActionHttpHeaderOption": {
-      "id": "SecurityPolicyRuleHttpHeaderActionHttpHeaderOption",
+    "ShareSettingsProjectConfig": {
+      "description": "Config for each project in the share settings.",
+      "id": "ShareSettingsProjectConfig",
       "properties": {
-        "headerName": {
-          "description": "The name of the header to set.",
-          "type": "string"
-        },
-        "headerValue": {
-          "description": "The value to set the named header to.",
+        "projectId": {
+          "description": "The project ID, should be same as the key of this project config in the parent map.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "SecurityPolicyRuleMatcher": {
-      "description": "Represents a match condition that incoming traffic is evaluated against. Exactly one field must be specified.",
-      "id": "SecurityPolicyRuleMatcher",
+    "ShieldedInstanceConfig": {
+      "description": "A set of Shielded Instance options.",
+      "id": "ShieldedInstanceConfig",
       "properties": {
-        "config": {
-          "$ref": "SecurityPolicyRuleMatcherConfig",
-          "description": "The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified."
+        "enableIntegrityMonitoring": {
+          "description": "Defines whether the instance has integrity monitoring enabled. Enabled by default.",
+          "type": "boolean"
         },
-        "expr": {
-          "$ref": "Expr",
-          "description": "User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header."
+        "enableSecureBoot": {
+          "description": "Defines whether the instance has Secure Boot enabled. Disabled by default.",
+          "type": "boolean"
         },
-        "versionedExpr": {
-          "description": "Preconfigured versioned expression. If this field is specified, config must also be specified. Available preconfigured expressions along with their requirements are: SRC_IPS_V1 - must specify the corresponding src_ip_range field in config.",
-          "enum": [
-            "FIREWALL",
-            "SRC_IPS_V1"
-          ],
-          "enumDescriptions": [
-            "",
-            "Matches the source IP address of a request to the IP ranges supplied in config."
-          ],
-          "type": "string"
+        "enableVtpm": {
+          "description": "Defines whether the instance has the vTPM enabled. Enabled by default.",
+          "type": "boolean"
         }
       },
       "type": "object"
     },
-    "SecurityPolicyRuleMatcherConfig": {
-      "id": "SecurityPolicyRuleMatcherConfig",
+    "ShieldedInstanceIdentity": {
+      "description": "A Shielded Instance Identity.",
+      "id": "ShieldedInstanceIdentity",
       "properties": {
-        "destIpRanges": {
-          "description": "CIDR IP address range. This field may only be specified when versioned_expr is set to FIREWALL.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "eccP256EncryptionKey": {
+          "$ref": "ShieldedInstanceIdentityEntry",
+          "description": "An Endorsement Key (EK) made by the ECC P256 algorithm issued to the Shielded Instance's vTPM."
         },
-        "destPorts": {
-          "description": "Pairs of IP protocols and ports that the rule should match. This field may only be specified when versioned_expr is set to FIREWALL.",
-          "items": {
-            "$ref": "SecurityPolicyRuleMatcherConfigDestinationPort"
-          },
-          "type": "array"
+        "eccP256SigningKey": {
+          "$ref": "ShieldedInstanceIdentityEntry",
+          "description": "An Attestation Key (AK) made by the ECC P256 algorithm issued to the Shielded Instance's vTPM."
         },
-        "layer4Configs": {
-          "description": "Pairs of IP protocols and ports that the rule should match. This field may only be specified when versioned_expr is set to FIREWALL.",
-          "items": {
-            "$ref": "SecurityPolicyRuleMatcherConfigLayer4Config"
-          },
-          "type": "array"
+        "encryptionKey": {
+          "$ref": "ShieldedInstanceIdentityEntry",
+          "description": "An Endorsement Key (EK) made by the RSA 2048 algorithm issued to the Shielded Instance's vTPM."
         },
-        "srcIpRanges": {
-          "description": "CIDR IP address range. Maximum number of src_ip_ranges allowed is 10.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "kind": {
+          "default": "compute#shieldedInstanceIdentity",
+          "description": "[Output Only] Type of the resource. Always compute#shieldedInstanceIdentity for shielded Instance identity entry.",
+          "type": "string"
+        },
+        "signingKey": {
+          "$ref": "ShieldedInstanceIdentityEntry",
+          "description": "An Attestation Key (AK) made by the RSA 2048 algorithm issued to the Shielded Instance's vTPM."
+        }
+      },
+      "type": "object"
+    },
+    "ShieldedInstanceIdentityEntry": {
+      "description": "A Shielded Instance Identity Entry.",
+      "id": "ShieldedInstanceIdentityEntry",
+      "properties": {
+        "ekCert": {
+          "description": "A PEM-encoded X.509 certificate. This field can be empty.",
+          "type": "string"
+        },
+        "ekPub": {
+          "description": "A PEM-encoded public key.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "SecurityPolicyRuleMatcherConfigDestinationPort": {
-      "id": "SecurityPolicyRuleMatcherConfigDestinationPort",
+    "ShieldedInstanceIntegrityPolicy": {
+      "description": "The policy describes the baseline against which Instance boot integrity is measured.",
+      "id": "ShieldedInstanceIntegrityPolicy",
       "properties": {
-        "ipProtocol": {
-          "description": "The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.",
-          "type": "string"
-        },
-        "ports": {
-          "description": "An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: [\"22\"], [\"80\",\"443\"], and [\"12345-12349\"]. This field may only be specified when versioned_expr is set to FIREWALL.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "updateAutoLearnPolicy": {
+          "description": "Updates the integrity policy baseline using the measurements from the VM instance's most recent boot.",
+          "type": "boolean"
         }
       },
       "type": "object"
     },
-    "SecurityPolicyRuleMatcherConfigLayer4Config": {
-      "id": "SecurityPolicyRuleMatcherConfigLayer4Config",
+    "ShieldedVmConfig": {
+      "description": "A set of Shielded VM options.",
+      "id": "ShieldedVmConfig",
       "properties": {
-        "ipProtocol": {
-          "description": "The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.",
-          "type": "string"
+        "enableIntegrityMonitoring": {
+          "description": "Defines whether the instance has integrity monitoring enabled.",
+          "type": "boolean"
         },
-        "ports": {
-          "description": "An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: [\"22\"], [\"80\",\"443\"], and [\"12345-12349\"]. This field may only be specified when versioned_expr is set to FIREWALL.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "enableSecureBoot": {
+          "description": "Defines whether the instance has Secure Boot enabled.",
+          "type": "boolean"
+        },
+        "enableVtpm": {
+          "description": "Defines whether the instance has the vTPM enabled.",
+          "type": "boolean"
         }
       },
       "type": "object"
     },
-    "SecurityPolicyRuleNetworkMatcher": {
-      "description": "Represents a match condition that incoming network traffic is evaluated against.",
-      "id": "SecurityPolicyRuleNetworkMatcher",
+    "ShieldedVmIdentity": {
+      "description": "A Shielded VM Identity.",
+      "id": "ShieldedVmIdentity",
       "properties": {
-        "destIpRanges": {
-          "description": "Destination IPv4/IPv6 addresses or CIDR prefixes, in standard text format.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "destPorts": {
-          "description": "Destination port numbers for TCP/UDP/SCTP. Each element can be a 16-bit unsigned decimal number (e.g. \"80\") or range (e.g. \"0-1023\").",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "ipProtocols": {
-          "description": "IPv4 protocol / IPv6 next header (after extension headers). Each element can be an 8-bit unsigned decimal number (e.g. \"6\"), range (e.g. \"253-254\"), or one of the following protocol names: \"tcp\", \"udp\", \"icmp\", \"esp\", \"ah\", \"ipip\", or \"sctp\".",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "srcAsns": {
-          "description": "BGP Autonomous System Number associated with the source IP address.",
-          "items": {
-            "format": "uint32",
-            "type": "integer"
-          },
-          "type": "array"
-        },
-        "srcIpRanges": {
-          "description": "Source IPv4/IPv6 addresses or CIDR prefixes, in standard text format.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "srcPorts": {
-          "description": "Source port numbers for TCP/UDP/SCTP. Each element can be a 16-bit unsigned decimal number (e.g. \"80\") or range (e.g. \"0-1023\").",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "encryptionKey": {
+          "$ref": "ShieldedVmIdentityEntry",
+          "description": "An Endorsement Key (EK) issued to the Shielded VM's vTPM."
         },
-        "srcRegionCodes": {
-          "description": "Two-letter ISO 3166-1 alpha-2 country code associated with the source IP address.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "kind": {
+          "default": "compute#shieldedVmIdentity",
+          "description": "[Output Only] Type of the resource. Always compute#shieldedVmIdentity for shielded VM identity entry.",
+          "type": "string"
         },
-        "userDefinedFields": {
-          "description": "User-defined fields. Each element names a defined field and lists the matching values for that field.",
-          "items": {
-            "$ref": "SecurityPolicyRuleNetworkMatcherUserDefinedFieldMatch"
-          },
-          "type": "array"
+        "signingKey": {
+          "$ref": "ShieldedVmIdentityEntry",
+          "description": "An Attestation Key (AK) issued to the Shielded VM's vTPM."
         }
       },
       "type": "object"
     },
-    "SecurityPolicyRuleNetworkMatcherUserDefinedFieldMatch": {
-      "id": "SecurityPolicyRuleNetworkMatcherUserDefinedFieldMatch",
+    "ShieldedVmIdentityEntry": {
+      "description": "A Shielded Instance Identity Entry.",
+      "id": "ShieldedVmIdentityEntry",
       "properties": {
-        "name": {
-          "description": "Name of the user-defined field, as given in the definition.",
+        "ekCert": {
+          "description": "A PEM-encoded X.509 certificate. This field can be empty.",
           "type": "string"
         },
-        "values": {
-          "description": "Matching values of the field. Each element can be a 32-bit unsigned decimal or hexadecimal (starting with \"0x\") number (e.g. \"64\") or range (e.g. \"0x400-0x7ff\").",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "ekPub": {
+          "description": "A PEM-encoded public key.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "SecurityPolicyRulePreconfiguredWafConfig": {
-      "id": "SecurityPolicyRulePreconfiguredWafConfig",
+    "ShieldedVmIntegrityPolicy": {
+      "description": "The policy describes the baseline against which VM instance boot integrity is measured.",
+      "id": "ShieldedVmIntegrityPolicy",
       "properties": {
-        "exclusions": {
-          "description": "A list of exclusions to apply during preconfigured WAF evaluation.",
-          "items": {
-            "$ref": "SecurityPolicyRulePreconfiguredWafConfigExclusion"
-          },
-          "type": "array"
+        "updateAutoLearnPolicy": {
+          "description": "Updates the integrity policy baseline using the measurements from the VM instance's most recent boot.",
+          "type": "boolean"
         }
       },
       "type": "object"
     },
-    "SecurityPolicyRulePreconfiguredWafConfigExclusion": {
-      "id": "SecurityPolicyRulePreconfiguredWafConfigExclusion",
+    "SignedUrlKey": {
+      "description": "Represents a customer-supplied Signing Key used by Cloud CDN Signed URLs",
+      "id": "SignedUrlKey",
       "properties": {
-        "requestCookiesToExclude": {
-          "description": "A list of request cookie names whose value will be excluded from inspection during preconfigured WAF evaluation.",
-          "items": {
-            "$ref": "SecurityPolicyRulePreconfiguredWafConfigExclusionFieldParams"
-          },
-          "type": "array"
-        },
-        "requestHeadersToExclude": {
-          "description": "A list of request header names whose value will be excluded from inspection during preconfigured WAF evaluation.",
-          "items": {
-            "$ref": "SecurityPolicyRulePreconfiguredWafConfigExclusionFieldParams"
-          },
-          "type": "array"
-        },
-        "requestQueryParamsToExclude": {
-          "description": "A list of request query parameter names whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body.",
-          "items": {
-            "$ref": "SecurityPolicyRulePreconfiguredWafConfigExclusionFieldParams"
-          },
-          "type": "array"
-        },
-        "requestUrisToExclude": {
-          "description": "A list of request URIs from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded.",
-          "items": {
-            "$ref": "SecurityPolicyRulePreconfiguredWafConfigExclusionFieldParams"
-          },
-          "type": "array"
-        },
-        "targetRuleIds": {
-          "description": "A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "keyName": {
+          "description": "Name of the key. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
         },
-        "targetRuleSet": {
-          "description": "Target WAF rule set to apply the preconfigured WAF exclusion.",
+        "keyValue": {
+          "description": "128-bit key value used for signing the URL. The key value must be a valid RFC 4648 Section 5 base64url encoded string.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "SecurityPolicyRulePreconfiguredWafConfigExclusionFieldParams": {
-      "id": "SecurityPolicyRulePreconfiguredWafConfigExclusionFieldParams",
+    "Snapshot": {
+      "description": "Represents a Persistent Disk Snapshot resource. You can use snapshots to back up data on a regular interval. For more information, read Creating persistent disk snapshots.",
+      "id": "Snapshot",
       "properties": {
-        "op": {
-          "description": "The match operator for the field.",
+        "architecture": {
+          "description": "[Output Only] The architecture of the snapshot. Valid values are ARM64 or X86_64.",
           "enum": [
-            "CONTAINS",
-            "ENDS_WITH",
-            "EQUALS",
-            "EQUALS_ANY",
-            "STARTS_WITH"
+            "ARCHITECTURE_UNSPECIFIED",
+            "ARM64",
+            "X86_64"
           ],
           "enumDescriptions": [
-            "The operator matches if the field value contains the specified value.",
-            "The operator matches if the field value ends with the specified value.",
-            "The operator matches if the field value equals the specified value.",
-            "The operator matches if the field value is any value.",
-            "The operator matches if the field value starts with the specified value."
+            "Default value indicating Architecture is not set.",
+            "Machines with architecture ARM64",
+            "Machines with architecture X86_64"
           ],
           "type": "string"
         },
-        "val": {
-          "description": "The value of the field.",
+        "autoCreated": {
+          "description": "[Output Only] Set to true if snapshots are automatically created by applying resource policy on the target disk.",
+          "type": "boolean"
+        },
+        "chainName": {
+          "description": "Creates the new snapshot in the snapshot chain labeled with the specified name. The chain name must be 1-63 characters long and comply with RFC1035. This is an uncommon option only for advanced service owners who needs to create separate snapshot chains, for example, for chargeback tracking. When you describe your snapshot resource, this field is visible only if it has a non-empty value.",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "SecurityPolicyRuleRateLimitOptions": {
-      "id": "SecurityPolicyRuleRateLimitOptions",
-      "properties": {
-        "banDurationSec": {
-          "description": "Can only be specified if the action for the rule is \"rate_based_ban\". If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.",
-          "format": "int32",
-          "type": "integer"
         },
-        "banThreshold": {
-          "$ref": "SecurityPolicyRuleRateLimitOptionsThreshold",
-          "description": "Can only be specified if the action for the rule is \"rate_based_ban\". If specified, the key will be banned for the configured 'ban_duration_sec' when the number of requests that exceed the 'rate_limit_threshold' also exceed this 'ban_threshold'."
+        "creationSizeBytes": {
+          "description": "[Output Only] Size in bytes of the snapshot at creation time.",
+          "format": "int64",
+          "type": "string"
         },
-        "conformAction": {
-          "description": "Action to take for requests that are under the configured rate limit threshold. Valid option is \"allow\" only.",
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
           "type": "string"
         },
-        "enforceOnKey": {
-          "description": "Determines the key to enforce the rate_limit_threshold on. Possible values are: - ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if \"enforceOnKey\" is not configured. - IP: The source IP address of the request is the key. Each IP has this limit enforced separately. - HTTP_HEADER: The value of the HTTP header whose name is configured under \"enforceOnKeyName\". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL. - XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP. - HTTP_COOKIE: The value of the HTTP cookie whose name is configured under \"enforceOnKeyName\". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL. - HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes. - SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session. - REGION_CODE: The country/region from which the request originates. ",
-          "enum": [
-            "ALL",
-            "ALL_IPS",
-            "HTTP_COOKIE",
-            "HTTP_HEADER",
-            "HTTP_PATH",
-            "IP",
-            "REGION_CODE",
-            "SNI",
-            "XFF_IP"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            ""
-          ],
+        "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
           "type": "string"
         },
-        "enforceOnKeyConfigs": {
-          "description": "If specified, any combination of values of enforce_on_key_type/enforce_on_key_name is treated as the key on which ratelimit threshold/action is enforced. You can specify up to 3 enforce_on_key_configs. If enforce_on_key_configs is specified, enforce_on_key must not be specified.",
+        "diskSizeGb": {
+          "description": "[Output Only] Size of the source disk, specified in GB.",
+          "format": "int64",
+          "type": "string"
+        },
+        "downloadBytes": {
+          "description": "[Output Only] Number of bytes downloaded to restore a snapshot to a disk.",
+          "format": "int64",
+          "type": "string"
+        },
+        "enableConfidentialCompute": {
+          "description": "Whether this snapshot is created from a confidential compute mode disk. [Output Only]: This field is not set by user, but from source disk.",
+          "type": "boolean"
+        },
+        "guestFlush": {
+          "description": "[Input Only] Whether to attempt an application consistent snapshot by informing the OS to prepare for the snapshot process.",
+          "type": "boolean"
+        },
+        "guestOsFeatures": {
+          "description": "[Output Only] A list of features to enable on the guest operating system. Applicable only for bootable images. Read Enabling guest operating system features to see a list of available options.",
           "items": {
-            "$ref": "SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig"
+            "$ref": "GuestOsFeature"
           },
           "type": "array"
         },
-        "enforceOnKeyName": {
-          "description": "Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.",
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
           "type": "string"
         },
-        "exceedAction": {
-          "description": "Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are `deny(STATUS)`, where valid values for `STATUS` are 403, 404, 429, and 502, and `redirect`, where the redirect parameters come from `exceedRedirectOptions` below.",
+        "kind": {
+          "default": "compute#snapshot",
+          "description": "[Output Only] Type of the resource. Always compute#snapshot for Snapshot resources.",
           "type": "string"
         },
-        "exceedActionRpcStatus": {
-          "$ref": "SecurityPolicyRuleRateLimitOptionsRpcStatus",
-          "description": "Specified gRPC response status for proxyless gRPC requests that are above the configured rate limit threshold"
+        "labelFingerprint": {
+          "description": "A fingerprint for the labels being applied to this snapshot, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a snapshot.",
+          "format": "byte",
+          "type": "string"
         },
-        "exceedRedirectOptions": {
-          "$ref": "SecurityPolicyRuleRedirectOptions",
-          "description": "Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect."
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Labels to apply to this snapshot. These can be later modified by the setLabels method. Label values may be empty.",
+          "type": "object"
         },
-        "rateLimitThreshold": {
-          "$ref": "SecurityPolicyRuleRateLimitOptionsThreshold",
-          "description": "Threshold at which to begin ratelimiting."
-        }
-      },
-      "type": "object"
-    },
-    "SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig": {
-      "id": "SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig",
-      "properties": {
-        "enforceOnKeyName": {
-          "description": "Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.",
-          "type": "string"
+        "licenseCodes": {
+          "description": "[Output Only] Integer license codes indicating which licenses are attached to this snapshot.",
+          "items": {
+            "format": "int64",
+            "type": "string"
+          },
+          "type": "array"
         },
-        "enforceOnKeyType": {
-          "description": "Determines the key to enforce the rate_limit_threshold on. Possible values are: - ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if \"enforceOnKeyConfigs\" is not configured. - IP: The source IP address of the request is the key. Each IP has this limit enforced separately. - HTTP_HEADER: The value of the HTTP header whose name is configured under \"enforceOnKeyName\". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL. - XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP. - HTTP_COOKIE: The value of the HTTP cookie whose name is configured under \"enforceOnKeyName\". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL. - HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes. - SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session. - REGION_CODE: The country/region from which the request originates. ",
-          "enum": [
-            "ALL",
-            "ALL_IPS",
-            "HTTP_COOKIE",
-            "HTTP_HEADER",
-            "HTTP_PATH",
-            "IP",
-            "REGION_CODE",
-            "SNI",
-            "XFF_IP"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            "",
-            ""
-          ],
+        "licenses": {
+          "description": "[Output Only] A list of public visible licenses that apply to this snapshot. This can be because the original image had licenses attached (such as a Windows image).",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "locationHint": {
+          "description": "An opaque location hint used to place the snapshot close to other resources. This field is for use by internal tools that use the public API.",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "SecurityPolicyRuleRateLimitOptionsRpcStatus": {
-      "description": "Simplified google.rpc.Status type (omitting details).",
-      "id": "SecurityPolicyRuleRateLimitOptionsRpcStatus",
-      "properties": {
-        "code": {
-          "description": "The status code, which should be an enum value of google.rpc.Code.",
+        },
+        "maxRetentionDays": {
+          "description": "Number of days the snapshot should be retained before being deleted automatically.",
           "format": "int32",
           "type": "integer"
         },
-        "message": {
-          "description": "A developer-facing error message, which should be in English.",
+        "name": {
+          "annotations": {
+            "required": [
+              "compute.disks.createSnapshot",
+              "compute.snapshots.insert"
+            ]
+          },
+          "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "SecurityPolicyRuleRateLimitOptionsThreshold": {
-      "id": "SecurityPolicyRuleRateLimitOptionsThreshold",
-      "properties": {
-        "count": {
-          "description": "Number of HTTP(S) requests for calculating the threshold.",
-          "format": "int32",
-          "type": "integer"
         },
-        "intervalSec": {
-          "description": "Interval over which the threshold is computed.",
-          "format": "int32",
-          "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "SecurityPolicyRuleRedirectOptions": {
-      "id": "SecurityPolicyRuleRedirectOptions",
-      "properties": {
-        "target": {
-          "description": "Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.",
+        "satisfiesPzs": {
+          "description": "[Output Only] Reserved for future use.",
+          "type": "boolean"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
           "type": "string"
         },
-        "type": {
-          "description": "Type of the redirect action.",
-          "enum": [
-            "EXTERNAL_302",
-            "GOOGLE_RECAPTCHA"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource's resource id.",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "SecurityPolicyUserDefinedField": {
-      "id": "SecurityPolicyUserDefinedField",
-      "properties": {
-        "base": {
-          "description": "The base relative to which 'offset' is measured. Possible values are: - IPV4: Points to the beginning of the IPv4 header. - IPV6: Points to the beginning of the IPv6 header. - TCP: Points to the beginning of the TCP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments. - UDP: Points to the beginning of the UDP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments. required",
+        },
+        "snapshotEncryptionKey": {
+          "$ref": "CustomerEncryptionKey",
+          "description": "Encrypts the snapshot using a customer-supplied encryption key. After you encrypt a snapshot using a customer-supplied key, you must provide the same key if you use the snapshot later. For example, you must provide the encryption key when you create a disk from the encrypted snapshot in a future request. Customer-supplied encryption keys do not protect access to metadata of the snapshot. If you do not provide an encryption key when creating the snapshot, then the snapshot will be encrypted using an automatically generated key and you do not need to provide a key to use the snapshot later."
+        },
+        "snapshotType": {
+          "description": "Indicates the type of the snapshot.",
           "enum": [
-            "IPV4",
-            "IPV6",
-            "TCP",
-            "UDP"
+            "ARCHIVE",
+            "STANDARD"
           ],
           "enumDescriptions": [
-            "",
-            "",
             "",
             ""
           ],
           "type": "string"
         },
-        "mask": {
-          "description": "If specified, apply this mask (bitwise AND) to the field to ignore bits before matching. Encoded as a hexadecimal number (starting with \"0x\"). The last byte of the field (in network byte order) corresponds to the least significant byte of the mask.",
+        "sourceDisk": {
+          "description": "The source disk used to create this snapshot.",
           "type": "string"
         },
-        "name": {
-          "description": "The name of this field. Must be unique within the policy.",
+        "sourceDiskEncryptionKey": {
+          "$ref": "CustomerEncryptionKey",
+          "description": "The customer-supplied encryption key of the source disk. Required if the source disk is protected by a customer-supplied encryption key."
+        },
+        "sourceDiskForRecoveryCheckpoint": {
+          "description": "The source disk whose recovery checkpoint will be used to create this snapshot.",
           "type": "string"
         },
-        "offset": {
-          "description": "Offset of the first byte of the field (in network byte order) relative to 'base'.",
-          "format": "int32",
-          "type": "integer"
+        "sourceDiskId": {
+          "description": "[Output Only] The ID value of the disk used to create this snapshot. This value may be used to determine whether the snapshot was taken from the current or a previous instance of a given disk name.",
+          "type": "string"
         },
-        "size": {
-          "description": "Size of the field in bytes. Valid values: 1-4.",
-          "format": "int32",
-          "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "SecuritySettings": {
-      "description": "The authentication and authorization settings for a BackendService.",
-      "id": "SecuritySettings",
-      "properties": {
-        "authentication": {
-          "description": "[Deprecated] Use clientTlsPolicy instead.",
+        "sourceInstantSnapshot": {
+          "description": "The source instant snapshot used to create this snapshot. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /instantSnapshots/instantSnapshot - projects/project/zones/zone/instantSnapshots/instantSnapshot - zones/zone/instantSnapshots/instantSnapshot ",
           "type": "string"
         },
-        "authenticationPolicy": {
-          "$ref": "AuthenticationPolicy",
-          "description": "[Deprecated] Authentication policy defines what authentication methods can be accepted on backends, and if authenticated, which method/certificate will set the request principal. request principal."
+        "sourceInstantSnapshotEncryptionKey": {
+          "$ref": "CustomerEncryptionKey",
+          "description": "Customer provided encryption key when creating Snapshot from Instant Snapshot."
+        },
+        "sourceInstantSnapshotId": {
+          "description": "[Output Only] The unique ID of the instant snapshot used to create this snapshot. This value identifies the exact instant snapshot that was used to create this persistent disk. For example, if you created the persistent disk from an instant snapshot that was later deleted and recreated under the same name, the source instant snapshot ID would identify the exact instant snapshot that was used.",
+          "type": "string"
+        },
+        "sourceSnapshotSchedulePolicy": {
+          "description": "[Output Only] URL of the resource policy which created this scheduled snapshot.",
+          "type": "string"
+        },
+        "sourceSnapshotSchedulePolicyId": {
+          "description": "[Output Only] ID of the resource policy which created this scheduled snapshot.",
+          "type": "string"
         },
-        "authorizationConfig": {
-          "$ref": "AuthorizationConfig",
-          "description": "[Deprecated] Authorization config defines the Role Based Access Control (RBAC) config. Authorization config defines the Role Based Access Control (RBAC) config."
+        "status": {
+          "description": "[Output Only] The status of the snapshot. This can be CREATING, DELETING, FAILED, READY, or UPLOADING.",
+          "enum": [
+            "CREATING",
+            "DELETING",
+            "FAILED",
+            "READY",
+            "UPLOADING"
+          ],
+          "enumDescriptions": [
+            "Snapshot creation is in progress.",
+            "Snapshot is currently being deleted.",
+            "Snapshot creation failed.",
+            "Snapshot has been created successfully.",
+            "Snapshot is being uploaded."
+          ],
+          "type": "string"
         },
-        "awsV4Authentication": {
-          "$ref": "AWSV4Signature",
-          "description": "The configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication. Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends."
+        "storageBytes": {
+          "description": "[Output Only] A size of the storage used by the snapshot. As snapshots share storage, this number is expected to change with snapshot creation/deletion.",
+          "format": "int64",
+          "type": "string"
         },
-        "clientTlsPolicy": {
-          "description": "Optional. A URL referring to a networksecurity.ClientTlsPolicy resource that describes how clients should authenticate with this service's backends. clientTlsPolicy only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED. If left blank, communications are not encrypted. Note: This field currently has no impact.",
+        "storageBytesStatus": {
+          "description": "[Output Only] An indicator whether storageBytes is in a stable state or it is being adjusted as a result of shared storage reallocation. This status can either be UPDATING, meaning the size of the snapshot is being updated, or UP_TO_DATE, meaning the size of the snapshot is up-to-date.",
+          "enum": [
+            "UPDATING",
+            "UP_TO_DATE"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
           "type": "string"
         },
-        "clientTlsSettings": {
-          "$ref": "ClientTlsSettings",
-          "description": "[Deprecated] TLS Settings for the backend service."
+        "storageLocations": {
+          "description": "Cloud Storage bucket storage location of the snapshot (regional or multi-regional).",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         },
-        "subjectAltNames": {
-          "description": "Optional. A list of Subject Alternative Names (SANs) that the client verifies during a mutual TLS handshake with an server/endpoint for this BackendService. When the server presents its X.509 certificate to the client, the client inspects the certificate's subjectAltName field. If the field contains one of the specified values, the communication continues. Otherwise, it fails. This additional check enables the client to verify that the server is authorized to run the requested service. Note that the contents of the server certificate's subjectAltName field are configured by the Public Key Infrastructure which provisions server identities. Only applies to a global BackendService with loadBalancingScheme set to INTERNAL_SELF_MANAGED. Only applies when BackendService has an attached clientTlsPolicy with clientCertificate (mTLS mode). Note: This field currently has no impact.",
+        "userLicenses": {
+          "description": "[Output Only] A list of user provided licenses represented by a list of URLs to the license resource.",
           "items": {
             "type": "string"
           },
@@ -75011,144 +83354,346 @@
       },
       "type": "object"
     },
-    "SerialPortOutput": {
-      "description": "An instance serial console output.",
-      "id": "SerialPortOutput",
+    "SnapshotList": {
+      "description": "Contains a list of Snapshot resources.",
+      "id": "SnapshotList",
       "properties": {
-        "contents": {
-          "description": "[Output Only] The contents of the console output.",
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
+        "items": {
+          "description": "A list of Snapshot resources.",
+          "items": {
+            "$ref": "Snapshot"
+          },
+          "type": "array"
+        },
         "kind": {
-          "default": "compute#serialPortOutput",
-          "description": "[Output Only] Type of the resource. Always compute#serialPortOutput for serial port output.",
+          "default": "compute#snapshotList",
+          "description": "Type of resource.",
           "type": "string"
         },
-        "next": {
-          "description": "[Output Only] The position of the next byte of content, regardless of whether the content exists, following the output returned in the `contents` property. Use this value in the next request as the start parameter.",
-          "format": "int64",
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
           "type": "string"
         },
         "selfLink": {
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
-        "start": {
-          "description": "The starting byte position of the output that was returned. This should match the start parameter sent with the request. If the serial console output exceeds the size of the buffer (1 MB), older output is overwritten by newer content. The output start value will indicate the byte position of the output that was returned, which might be different than the `start` value that was specified in the request.",
-          "format": "int64",
-          "type": "string"
+        "warning": {
+          "description": "[Output Only] Informational warning message.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
         }
       },
       "type": "object"
     },
-    "ServerBinding": {
-      "id": "ServerBinding",
+    "SnapshotSettings": {
+      "id": "SnapshotSettings",
       "properties": {
-        "type": {
-          "enum": [
-            "RESTART_NODE_ON_ANY_SERVER",
-            "RESTART_NODE_ON_MINIMAL_SERVERS",
-            "SERVER_BINDING_TYPE_UNSPECIFIED"
-          ],
-          "enumDescriptions": [
-            "Node may associate with any physical server over its lifetime.",
-            "Node may associate with minimal physical servers over its lifetime.",
-            ""
-          ],
-          "type": "string"
+        "storageLocation": {
+          "$ref": "SnapshotSettingsStorageLocationSettings",
+          "description": "Policy of which storage location is going to be resolved, and additional data that particularizes how the policy is going to be carried out."
         }
       },
       "type": "object"
     },
-    "ServerTlsSettings": {
-      "description": "The TLS settings for the server.",
-      "id": "ServerTlsSettings",
+    "SnapshotSettingsStorageLocationSettings": {
+      "id": "SnapshotSettingsStorageLocationSettings",
       "properties": {
-        "proxyTlsContext": {
-          "$ref": "TlsContext",
-          "description": "Configures the mechanism to obtain security certificates and identity information."
-        },
-        "subjectAltNames": {
-          "description": "A list of alternate names to verify the subject identity in the certificate presented by the client.",
-          "items": {
-            "type": "string"
+        "locations": {
+          "additionalProperties": {
+            "$ref": "SnapshotSettingsStorageLocationSettingsStorageLocationPreference"
           },
-          "type": "array"
+          "description": "When the policy is SPECIFIC_LOCATIONS, snapshots will be stored in the locations listed in this field. Keys are GCS bucket locations.",
+          "type": "object"
         },
-        "tlsMode": {
-          "description": "Indicates whether connections should be secured using TLS. The value of this field determines how TLS is enforced. This field can be set to one of the following: - SIMPLE Secure connections with standard TLS semantics. - MUTUAL Secure connections to the backends using mutual TLS by presenting client certificates for authentication. ",
+        "policy": {
+          "description": "The chosen location policy.",
           "enum": [
-            "INVALID",
-            "MUTUAL",
-            "SIMPLE"
+            "LOCAL_REGION",
+            "NEAREST_MULTI_REGION",
+            "SPECIFIC_LOCATIONS",
+            "STORAGE_LOCATION_POLICY_UNSPECIFIED"
           ],
           "enumDescriptions": [
-            "",
-            "Secure connections to the backends using mutual TLS by presenting client certificates for authentication.",
-            "Secure connections with standard TLS semantics."
+            "Store snapshot in the same region as with the originating disk. No additional parameters are needed.",
+            "Store snapshot to the nearest multi region GCS bucket, relative to the originating disk. No additional parameters are needed.",
+            "Store snapshot in the specific locations, as specified by the user. The list of regions to store must be defined under the `locations` field.",
+            ""
           ],
           "type": "string"
         }
       },
       "type": "object"
     },
-    "ServiceAccount": {
-      "description": "A service account.",
-      "id": "ServiceAccount",
+    "SnapshotSettingsStorageLocationSettingsStorageLocationPreference": {
+      "description": "A structure for specifying storage locations.",
+      "id": "SnapshotSettingsStorageLocationSettingsStorageLocationPreference",
       "properties": {
-        "email": {
-          "description": "Email address of the service account.",
+        "name": {
+          "description": "Name of the location. It should be one of the GCS buckets.",
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "SourceDiskEncryptionKey": {
+      "id": "SourceDiskEncryptionKey",
+      "properties": {
+        "diskEncryptionKey": {
+          "$ref": "CustomerEncryptionKey",
+          "description": "The customer-supplied encryption key of the source disk. Required if the source disk is protected by a customer-supplied encryption key."
         },
-        "scopes": {
-          "description": "The list of scopes to be made available for this service account.",
+        "sourceDisk": {
+          "description": "URL of the disk attached to the source instance. This can be a full or valid partial URL. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - projects/project/zones/zone/disks/disk - zones/zone/disks/disk ",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "SourceInstanceParams": {
+      "description": "A specification of the parameters to use when creating the instance template from a source instance.",
+      "id": "SourceInstanceParams",
+      "properties": {
+        "diskConfigs": {
+          "description": "Attached disks configuration. If not provided, defaults are applied: For boot disk and any other R/W disks, the source images for each disk will be used. For read-only disks, they will be attached in read-only mode. Local SSD disks will be created as blank volumes.",
           "items": {
-            "type": "string"
+            "$ref": "DiskInstantiationConfig"
           },
           "type": "array"
         }
       },
       "type": "object"
     },
-    "ServiceAttachment": {
-      "description": "Represents a ServiceAttachment resource. A service attachment represents a service that a producer has exposed. It encapsulates the load balancer which fronts the service runs and a list of NAT IP ranges that the producers uses to represent the consumers connecting to the service. next tag = 20",
-      "id": "ServiceAttachment",
+    "SourceInstanceProperties": {
+      "description": "DEPRECATED: Please use compute#instanceProperties instead. New properties will not be added to this field.",
+      "id": "SourceInstanceProperties",
       "properties": {
-        "connectedEndpoints": {
-          "description": "[Output Only] An array of connections for all the consumers connected to this service attachment.",
+        "canIpForward": {
+          "description": "Enables instances created based on this machine image to send packets with source IP addresses other than their own and receive packets with destination IP addresses other than their own. If these instances will be used as an IP gateway or it will be set as the next-hop in a Route resource, specify true. If unsure, leave this set to false. See the Enable IP forwarding documentation for more information.",
+          "type": "boolean"
+        },
+        "deletionProtection": {
+          "description": "Whether the instance created from this machine image should be protected against deletion.",
+          "type": "boolean"
+        },
+        "description": {
+          "description": "An optional text description for the instances that are created from this machine image.",
+          "type": "string"
+        },
+        "disks": {
+          "description": "An array of disks that are associated with the instances that are created from this machine image.",
           "items": {
-            "$ref": "ServiceAttachmentConnectedEndpoint"
+            "$ref": "SavedAttachedDisk"
           },
           "type": "array"
         },
-        "connectionPreference": {
-          "description": "The connection preference of service attachment. The value can be set to ACCEPT_AUTOMATIC. An ACCEPT_AUTOMATIC service attachment is one that always accepts the connection from consumer forwarding rules.",
+        "guestAccelerators": {
+          "description": "A list of guest accelerator cards' type and count to use for instances created from this machine image.",
+          "items": {
+            "$ref": "AcceleratorConfig"
+          },
+          "type": "array"
+        },
+        "keyRevocationActionType": {
+          "description": "KeyRevocationActionType of the instance. Supported options are \"STOP\" and \"NONE\". The default value is \"NONE\" if it is not specified.",
           "enum": [
-            "ACCEPT_AUTOMATIC",
-            "ACCEPT_MANUAL",
-            "CONNECTION_PREFERENCE_UNSPECIFIED"
+            "KEY_REVOCATION_ACTION_TYPE_UNSPECIFIED",
+            "NONE",
+            "STOP"
           ],
           "enumDescriptions": [
-            "",
-            "",
-            ""
+            "Default value. This value is unused.",
+            "Indicates user chose no operation.",
+            "Indicates user chose to opt for VM shutdown on key revocation."
           ],
           "type": "string"
         },
-        "consumerAcceptLists": {
-          "description": "Projects that are allowed to connect to this service attachment.",
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Labels to apply to instances that are created from this machine image.",
+          "type": "object"
+        },
+        "machineType": {
+          "description": "The machine type to use for instances that are created from this machine image.",
+          "type": "string"
+        },
+        "metadata": {
+          "$ref": "Metadata",
+          "description": "The metadata key/value pairs to assign to instances that are created from this machine image. These pairs can consist of custom metadata or predefined keys. See Project and instance metadata for more information."
+        },
+        "minCpuPlatform": {
+          "description": "Minimum cpu/platform to be used by instances created from this machine image. The instance may be scheduled on the specified or newer cpu/platform. Applicable values are the friendly names of CPU platforms, such as minCpuPlatform: \"Intel Haswell\" or minCpuPlatform: \"Intel Sandy Bridge\". For more information, read Specifying a Minimum CPU Platform.",
+          "type": "string"
+        },
+        "networkInterfaces": {
+          "description": "An array of network access configurations for this interface.",
           "items": {
-            "$ref": "ServiceAttachmentConsumerProjectLimit"
+            "$ref": "NetworkInterface"
           },
           "type": "array"
         },
-        "consumerRejectLists": {
-          "description": "Projects that are not allowed to connect to this service attachment. The project can be specified using its id or number.",
+        "postKeyRevocationActionType": {
+          "description": "PostKeyRevocationActionType of the instance.",
+          "enum": [
+            "NOOP",
+            "POST_KEY_REVOCATION_ACTION_TYPE_UNSPECIFIED",
+            "SHUTDOWN"
+          ],
+          "enumDescriptions": [
+            "Indicates user chose no operation.",
+            "Default value. This value is unused.",
+            "Indicates user chose to opt for VM shutdown on key revocation."
+          ],
+          "type": "string"
+        },
+        "scheduling": {
+          "$ref": "Scheduling",
+          "description": "Specifies the scheduling options for the instances that are created from this machine image."
+        },
+        "serviceAccounts": {
+          "description": "A list of service accounts with specified scopes. Access tokens for these service accounts are available to the instances that are created from this machine image. Use metadata queries to obtain the access tokens for these instances.",
           "items": {
-            "type": "string"
+            "$ref": "ServiceAccount"
           },
           "type": "array"
         },
+        "tags": {
+          "$ref": "Tags",
+          "description": "A list of tags to apply to the instances that are created from this machine image. The tags identify valid sources or targets for network firewalls. The setTags method can modify this list of tags. Each tag within the list must comply with RFC1035."
+        }
+      },
+      "type": "object"
+    },
+    "SslCertificate": {
+      "description": "Represents an SSL Certificate resource. Google Compute Engine has two SSL Certificate resources: * [Global](/compute/docs/reference/rest/alpha/sslCertificates) * [Regional](/compute/docs/reference/rest/alpha/regionSslCertificates) The sslCertificates are used by: - external HTTPS load balancers - SSL proxy load balancers The regionSslCertificates are used by internal HTTPS load balancers. Optionally, certificate file contents that you upload can contain a set of up to five PEM-encoded certificates. The API call creates an object (sslCertificate) that holds this data. You can use SSL keys and certificates to secure connections to a load balancer. For more information, read Creating and using SSL certificates, SSL certificates quotas and limits, and Troubleshooting SSL certificates.",
+      "id": "SslCertificate",
+      "properties": {
+        "certificate": {
+          "description": "A value read into memory from a certificate file. The certificate file must be in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert.",
+          "type": "string"
+        },
         "creationTimestamp": {
           "description": "[Output Only] Creation timestamp in RFC3339 text format.",
           "type": "string"
@@ -75157,75 +83702,75 @@
           "description": "An optional description of this resource. Provide this property when you create the resource.",
           "type": "string"
         },
-        "domainNames": {
-          "description": "If specified, the domain name will be used during the integration between the PSC connected endpoints and the Cloud DNS. For example, this is a valid domain name: \"p.mycompany.com.\". Current max number of domain names supported is 1.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "enableProxyProtocol": {
-          "description": "If true, enable the proxy protocol which is for supplying client TCP/IP address data in TCP connections that traverse proxies on their way to destination servers.",
-          "type": "boolean"
-        },
-        "fingerprint": {
-          "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a ServiceAttachment. An up-to-date fingerprint must be provided in order to patch/update the ServiceAttachment; otherwise, the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve the ServiceAttachment.",
-          "format": "byte",
+        "expireTime": {
+          "description": "[Output Only] Expire time of the certificate. RFC3339",
           "type": "string"
         },
         "id": {
-          "description": "[Output Only] The unique identifier for the resource type. The server generates this identifier.",
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
           "format": "uint64",
           "type": "string"
         },
         "kind": {
-          "default": "compute#serviceAttachment",
-          "description": "[Output Only] Type of the resource. Always compute#serviceAttachment for service attachments.",
+          "default": "compute#sslCertificate",
+          "description": "[Output Only] Type of the resource. Always compute#sslCertificate for SSL certificates.",
           "type": "string"
         },
+        "managed": {
+          "$ref": "SslCertificateManagedSslCertificate",
+          "description": "Configuration and status of a managed SSL certificate."
+        },
         "name": {
-          "annotations": {
-            "required": [
-              "compute.serviceAttachments.insert"
-            ]
-          },
           "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
           "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
         },
-        "natSubnets": {
-          "description": "An array of URLs where each entry is the URL of a subnet provided by the service producer to use for NAT in this service attachment.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "producerForwardingRule": {
-          "description": "The URL of a forwarding rule with loadBalancingScheme INTERNAL* that is serving the endpoint identified by this service attachment.",
+        "privateKey": {
+          "description": "A value read into memory from a write-only private key file. The private key file must be in PEM format. For security, only insert requests include this field.",
           "type": "string"
         },
-        "pscServiceAttachmentId": {
-          "$ref": "Uint128",
-          "description": "[Output Only] An 128-bit global unique ID of the PSC service attachment."
-        },
         "region": {
-          "description": "[Output Only] URL of the region where the service attachment resides. This field applies only to the region resource. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
+          "description": "[Output Only] URL of the region where the regional SSL Certificate resides. This field is not applicable to global SSL Certificate.",
           "type": "string"
         },
         "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
+          "description": "[Output only] Server-defined URL for the resource.",
           "type": "string"
         },
-        "targetService": {
-          "description": "The URL of a service serving the endpoint identified by this service attachment.",
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "type": "string"
+        },
+        "selfManaged": {
+          "$ref": "SslCertificateSelfManagedSslCertificate",
+          "description": "Configuration and status of a self-managed SSL certificate."
+        },
+        "subjectAlternativeNames": {
+          "description": "[Output Only] Domains associated with the certificate via Subject Alternative Name.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "type": {
+          "description": "(Optional) Specifies the type of SSL certificate, either \"SELF_MANAGED\" or \"MANAGED\". If not specified, the certificate is self-managed and the fields certificate and private_key are used.",
+          "enum": [
+            "MANAGED",
+            "SELF_MANAGED",
+            "TYPE_UNSPECIFIED"
+          ],
+          "enumDescriptions": [
+            "Google-managed SSLCertificate.",
+            "Certificate uploaded by user.",
+            ""
+          ],
           "type": "string"
         }
       },
       "type": "object"
     },
-    "ServiceAttachmentAggregatedList": {
-      "description": "Contains a list of ServiceAttachmentsScopedList.",
-      "id": "ServiceAttachmentAggregatedList",
+    "SslCertificateAggregatedList": {
+      "id": "SslCertificateAggregatedList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
@@ -75233,15 +83778,15 @@
         },
         "items": {
           "additionalProperties": {
-            "$ref": "ServiceAttachmentsScopedList",
-            "description": "Name of the scope containing this set of ServiceAttachments."
+            "$ref": "SslCertificatesScopedList",
+            "description": "Name of the scope containing this set of SslCertificates."
           },
-          "description": "A list of ServiceAttachmentsScopedList resources.",
+          "description": "A list of SslCertificatesScopedList resources.",
           "type": "object"
         },
         "kind": {
-          "default": "compute#serviceAttachmentAggregatedList",
-          "description": "Type of resource.",
+          "default": "compute#sslCertificateAggregatedList",
+          "description": "[Output Only] Type of resource. Always compute#sslCertificateAggregatedList for lists of SSL Certificates.",
           "type": "string"
         },
         "nextPageToken": {
@@ -75275,6 +83820,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -75293,6 +83839,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -75304,6 +83880,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -75351,78 +83928,24 @@
       },
       "type": "object"
     },
-    "ServiceAttachmentConnectedEndpoint": {
-      "description": "[Output Only] A connection connected to this service attachment.",
-      "id": "ServiceAttachmentConnectedEndpoint",
-      "properties": {
-        "endpoint": {
-          "description": "The url of a connected endpoint.",
-          "type": "string"
-        },
-        "pscConnectionId": {
-          "description": "The PSC connection id of the connected endpoint.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "status": {
-          "description": "The status of a connected endpoint to this service attachment.",
-          "enum": [
-            "ACCEPTED",
-            "CLOSED",
-            "NEEDS_ATTENTION",
-            "PENDING",
-            "REJECTED",
-            "STATUS_UNSPECIFIED"
-          ],
-          "enumDescriptions": [
-            "The connection has been accepted by the producer.",
-            "The connection has been closed by the producer.",
-            "The connection has been accepted by the producer, but the producer needs to take further action before the forwarding rule can serve traffic.",
-            "The connection is pending acceptance by the producer.",
-            "The consumer is still connected but not using the connection.",
-            ""
-          ],
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "ServiceAttachmentConsumerProjectLimit": {
-      "id": "ServiceAttachmentConsumerProjectLimit",
-      "properties": {
-        "connectionLimit": {
-          "description": "The value of the limit to set.",
-          "format": "uint32",
-          "type": "integer"
-        },
-        "networkUrl": {
-          "description": "The network URL for the network to set the limit for.",
-          "type": "string"
-        },
-        "projectIdOrNum": {
-          "description": "The project id or number for the project to set the limit for.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "ServiceAttachmentList": {
-      "id": "ServiceAttachmentList",
+    "SslCertificateList": {
+      "description": "Contains a list of SslCertificate resources.",
+      "id": "SslCertificateList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of ServiceAttachment resources.",
+          "description": "A list of SslCertificate resources.",
           "items": {
-            "$ref": "ServiceAttachment"
+            "$ref": "SslCertificate"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#serviceAttachmentList",
-          "description": "[Output Only] Type of the resource. Always compute#serviceAttachment for service attachments.",
+          "default": "compute#sslCertificateList",
+          "description": "Type of resource.",
           "type": "string"
         },
         "nextPageToken": {
@@ -75449,6 +83972,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -75467,6 +83991,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -75478,6 +84032,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -75525,18 +84080,92 @@
       },
       "type": "object"
     },
-    "ServiceAttachmentsScopedList": {
-      "id": "ServiceAttachmentsScopedList",
+    "SslCertificateManagedSslCertificate": {
+      "description": "Configuration and status of a managed SSL certificate.",
+      "id": "SslCertificateManagedSslCertificate",
       "properties": {
-        "serviceAttachments": {
-          "description": "A list of ServiceAttachments contained in this scope.",
+        "domainStatus": {
+          "additionalProperties": {
+            "enum": [
+              "ACTIVE",
+              "DOMAIN_STATUS_UNSPECIFIED",
+              "FAILED_CAA_CHECKING",
+              "FAILED_CAA_FORBIDDEN",
+              "FAILED_NOT_VISIBLE",
+              "FAILED_RATE_LIMITED",
+              "PROVISIONING"
+            ],
+            "enumDescriptions": [
+              "A managed certificate can be provisioned, no issues for this domain.",
+              "",
+              "Failed to check CAA records for the domain.",
+              "Certificate issuance forbidden by an explicit CAA record for the domain.",
+              "There seems to be problem with the user's DNS or load balancer configuration for this domain.",
+              "Reached rate-limit for certificates per top-level private domain.",
+              "Certificate provisioning for this domain is under way. GCP will attempt to provision the first certificate."
+            ],
+            "type": "string"
+          },
+          "description": "[Output only] Detailed statuses of the domains specified for managed certificate resource.",
+          "type": "object"
+        },
+        "domains": {
+          "description": "The domains for which a managed SSL certificate will be generated. Each Google-managed SSL certificate supports up to the [maximum number of domains per Google-managed SSL certificate](/load-balancing/docs/quotas#ssl_certificates).",
           "items": {
-            "$ref": "ServiceAttachment"
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "status": {
+          "description": "[Output only] Status of the managed certificate resource.",
+          "enum": [
+            "ACTIVE",
+            "MANAGED_CERTIFICATE_STATUS_UNSPECIFIED",
+            "PROVISIONING",
+            "PROVISIONING_FAILED",
+            "PROVISIONING_FAILED_PERMANENTLY",
+            "RENEWAL_FAILED"
+          ],
+          "enumDescriptions": [
+            "The certificate management is working, and a certificate has been provisioned.",
+            "",
+            "The certificate management is working. GCP will attempt to provision the first certificate.",
+            "Certificate provisioning failed due to an issue with the DNS or load balancing configuration. For details of which domain failed, consult domain_status field.",
+            "Certificate provisioning failed due to an issue with the DNS or load balancing configuration. It won't be retried. To try again delete and create a new managed SslCertificate resource. For details of which domain failed, consult domain_status field.",
+            "Renewal of the certificate has failed due to an issue with the DNS or load balancing configuration. The existing cert is still serving; however, it will expire shortly. To provision a renewed certificate, delete and create a new managed SslCertificate resource. For details on which domain failed, consult domain_status field."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "SslCertificateSelfManagedSslCertificate": {
+      "description": "Configuration and status of a self-managed SSL certificate.",
+      "id": "SslCertificateSelfManagedSslCertificate",
+      "properties": {
+        "certificate": {
+          "description": "A local certificate file. The certificate must be in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert.",
+          "type": "string"
+        },
+        "privateKey": {
+          "description": "A write-only private key in PEM format. Only insert requests will include this field.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "SslCertificatesScopedList": {
+      "id": "SslCertificatesScopedList",
+      "properties": {
+        "sslCertificates": {
+          "description": "List of SslCertificates contained in this scope.",
+          "items": {
+            "$ref": "SslCertificate"
           },
           "type": "array"
         },
         "warning": {
-          "description": "Informational warning which replaces the list of service attachments when the list is empty.",
+          "description": "Informational warning which replaces the list of backend services when the list is empty.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -75551,6 +84180,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -75569,6 +84199,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -75580,6 +84240,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -75614,504 +84275,198 @@
                   }
                 },
                 "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "ServiceIntegrationSpec": {
-      "description": "Specifies the parameters to configure an integration with instances.",
-      "id": "ServiceIntegrationSpec",
-      "properties": {
-        "backupDr": {
-          "$ref": "ServiceIntegrationSpecBackupDRSpec"
-        }
-      },
-      "type": "object"
-    },
-    "ServiceIntegrationSpecBackupDRSpec": {
-      "description": "Specifies parameters to Backup and DR to attach a BackupPlan to a compute instance for managed VM backup.",
-      "id": "ServiceIntegrationSpecBackupDRSpec",
-      "properties": {
-        "plan": {
-          "description": "The BackupPlan resource to attach to the instance. Specified as a resource reference in instances, and regional instance templates, and as just the plan name in global instance templates",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "ShareSettings": {
-      "description": "The share setting for reservations and sole tenancy node groups.",
-      "id": "ShareSettings",
-      "properties": {
-        "folderMap": {
-          "additionalProperties": {
-            "$ref": "ShareSettingsFolderConfig"
-          },
-          "description": "A map of folder id and folder config to specify consumer projects for this shared-reservation. This is only valid when share_type's value is DIRECT_PROJECTS_UNDER_SPECIFIC_FOLDERS. Folder id should be a string of number, and without \"folders/\" prefix.",
-          "type": "object"
-        },
-        "projectMap": {
-          "additionalProperties": {
-            "$ref": "ShareSettingsProjectConfig"
-          },
-          "description": "A map of project id and project config. This is only valid when share_type's value is SPECIFIC_PROJECTS.",
-          "type": "object"
-        },
-        "projects": {
-          "description": "A List of Project names to specify consumer projects for this shared-reservation. This is only valid when share_type's value is SPECIFIC_PROJECTS.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "shareType": {
-          "description": "Type of sharing for this shared-reservation",
-          "enum": [
-            "DIRECT_PROJECTS_UNDER_SPECIFIC_FOLDERS",
-            "LOCAL",
-            "ORGANIZATION",
-            "SHARE_TYPE_UNSPECIFIED",
-            "SPECIFIC_PROJECTS"
-          ],
-          "enumDescriptions": [
-            "Shared-reservation is open to direct child projects of specific folders.",
-            "Default value.",
-            "Shared-reservation is open to entire Organization",
-            "Default value. This value is unused.",
-            "Shared-reservation is open to specific projects"
-          ],
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "ShareSettingsFolderConfig": {
-      "description": "Config for each folder in the share settings.",
-      "id": "ShareSettingsFolderConfig",
-      "properties": {
-        "folderId": {
-          "description": "The folder ID, should be same as the key of this folder config in the parent map. Folder id should be a string of number, and without \"folders/\" prefix.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "ShareSettingsProjectConfig": {
-      "description": "Config for each project in the share settings.",
-      "id": "ShareSettingsProjectConfig",
-      "properties": {
-        "projectId": {
-          "description": "The project ID, should be same as the key of this project config in the parent map.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "ShieldedInstanceConfig": {
-      "description": "A set of Shielded Instance options.",
-      "id": "ShieldedInstanceConfig",
-      "properties": {
-        "enableIntegrityMonitoring": {
-          "description": "Defines whether the instance has integrity monitoring enabled. Enabled by default.",
-          "type": "boolean"
-        },
-        "enableSecureBoot": {
-          "description": "Defines whether the instance has Secure Boot enabled. Disabled by default.",
-          "type": "boolean"
-        },
-        "enableVtpm": {
-          "description": "Defines whether the instance has the vTPM enabled. Enabled by default.",
-          "type": "boolean"
-        }
-      },
-      "type": "object"
-    },
-    "ShieldedInstanceIdentity": {
-      "description": "A Shielded Instance Identity.",
-      "id": "ShieldedInstanceIdentity",
-      "properties": {
-        "eccP256EncryptionKey": {
-          "$ref": "ShieldedInstanceIdentityEntry",
-          "description": "An Endorsement Key (EK) made by the ECC P256 algorithm issued to the Shielded Instance's vTPM."
-        },
-        "eccP256SigningKey": {
-          "$ref": "ShieldedInstanceIdentityEntry",
-          "description": "An Attestation Key (AK) made by the ECC P256 algorithm issued to the Shielded Instance's vTPM."
-        },
-        "encryptionKey": {
-          "$ref": "ShieldedInstanceIdentityEntry",
-          "description": "An Endorsement Key (EK) made by the RSA 2048 algorithm issued to the Shielded Instance's vTPM."
-        },
-        "kind": {
-          "default": "compute#shieldedInstanceIdentity",
-          "description": "[Output Only] Type of the resource. Always compute#shieldedInstanceIdentity for shielded Instance identity entry.",
-          "type": "string"
-        },
-        "signingKey": {
-          "$ref": "ShieldedInstanceIdentityEntry",
-          "description": "An Attestation Key (AK) made by the RSA 2048 algorithm issued to the Shielded Instance's vTPM."
-        }
-      },
-      "type": "object"
-    },
-    "ShieldedInstanceIdentityEntry": {
-      "description": "A Shielded Instance Identity Entry.",
-      "id": "ShieldedInstanceIdentityEntry",
-      "properties": {
-        "ekCert": {
-          "description": "A PEM-encoded X.509 certificate. This field can be empty.",
-          "type": "string"
-        },
-        "ekPub": {
-          "description": "A PEM-encoded public key.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "ShieldedInstanceIntegrityPolicy": {
-      "description": "The policy describes the baseline against which Instance boot integrity is measured.",
-      "id": "ShieldedInstanceIntegrityPolicy",
-      "properties": {
-        "updateAutoLearnPolicy": {
-          "description": "Updates the integrity policy baseline using the measurements from the VM instance's most recent boot.",
-          "type": "boolean"
-        }
-      },
-      "type": "object"
-    },
-    "ShieldedVmConfig": {
-      "description": "A set of Shielded VM options.",
-      "id": "ShieldedVmConfig",
-      "properties": {
-        "enableIntegrityMonitoring": {
-          "description": "Defines whether the instance has integrity monitoring enabled.",
-          "type": "boolean"
-        },
-        "enableSecureBoot": {
-          "description": "Defines whether the instance has Secure Boot enabled.",
-          "type": "boolean"
-        },
-        "enableVtpm": {
-          "description": "Defines whether the instance has the vTPM enabled.",
-          "type": "boolean"
-        }
-      },
-      "type": "object"
-    },
-    "ShieldedVmIdentity": {
-      "description": "A Shielded VM Identity.",
-      "id": "ShieldedVmIdentity",
-      "properties": {
-        "encryptionKey": {
-          "$ref": "ShieldedVmIdentityEntry",
-          "description": "An Endorsement Key (EK) issued to the Shielded VM's vTPM."
-        },
-        "kind": {
-          "default": "compute#shieldedVmIdentity",
-          "description": "[Output Only] Type of the resource. Always compute#shieldedVmIdentity for shielded VM identity entry.",
-          "type": "string"
-        },
-        "signingKey": {
-          "$ref": "ShieldedVmIdentityEntry",
-          "description": "An Attestation Key (AK) issued to the Shielded VM's vTPM."
-        }
-      },
-      "type": "object"
-    },
-    "ShieldedVmIdentityEntry": {
-      "description": "A Shielded Instance Identity Entry.",
-      "id": "ShieldedVmIdentityEntry",
-      "properties": {
-        "ekCert": {
-          "description": "A PEM-encoded X.509 certificate. This field can be empty.",
-          "type": "string"
-        },
-        "ekPub": {
-          "description": "A PEM-encoded public key.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "ShieldedVmIntegrityPolicy": {
-      "description": "The policy describes the baseline against which VM instance boot integrity is measured.",
-      "id": "ShieldedVmIntegrityPolicy",
-      "properties": {
-        "updateAutoLearnPolicy": {
-          "description": "Updates the integrity policy baseline using the measurements from the VM instance's most recent boot.",
-          "type": "boolean"
-        }
-      },
-      "type": "object"
-    },
-    "SignedUrlKey": {
-      "description": "Represents a customer-supplied Signing Key used by Cloud CDN Signed URLs",
-      "id": "SignedUrlKey",
-      "properties": {
-        "keyName": {
-          "description": "Name of the key. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "keyValue": {
-          "description": "128-bit key value used for signing the URL. The key value must be a valid RFC 4648 Section 5 base64url encoded string.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "Snapshot": {
-      "description": "Represents a Persistent Disk Snapshot resource. You can use snapshots to back up data on a regular interval. For more information, read Creating persistent disk snapshots.",
-      "id": "Snapshot",
-      "properties": {
-        "architecture": {
-          "description": "[Output Only] The architecture of the snapshot. Valid values are ARM64 or X86_64.",
-          "enum": [
-            "ARCHITECTURE_UNSPECIFIED",
-            "ARM64",
-            "X86_64"
-          ],
-          "enumDescriptions": [
-            "Default value indicating Architecture is not set.",
-            "Machines with architecture ARM64",
-            "Machines with architecture X86_64"
-          ],
-          "type": "string"
-        },
-        "autoCreated": {
-          "description": "[Output Only] Set to true if snapshots are automatically created by applying resource policy on the target disk.",
-          "type": "boolean"
-        },
-        "chainName": {
-          "description": "Creates the new snapshot in the snapshot chain labeled with the specified name. The chain name must be 1-63 characters long and comply with RFC1035. This is an uncommon option only for advanced service owners who needs to create separate snapshot chains, for example, for chargeback tracking. When you describe your snapshot resource, this field is visible only if it has a non-empty value.",
-          "type": "string"
-        },
-        "creationSizeBytes": {
-          "description": "[Output Only] Size in bytes of the snapshot at creation time.",
-          "format": "int64",
-          "type": "string"
-        },
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
-          "type": "string"
-        },
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
-          "type": "string"
-        },
-        "diskSizeGb": {
-          "description": "[Output Only] Size of the source disk, specified in GB.",
-          "format": "int64",
-          "type": "string"
-        },
-        "downloadBytes": {
-          "description": "[Output Only] Number of bytes downloaded to restore a snapshot to a disk.",
-          "format": "int64",
-          "type": "string"
-        },
-        "guestFlush": {
-          "description": "[Input Only] Whether to attempt an application consistent snapshot by informing the OS to prepare for the snapshot process.",
-          "type": "boolean"
-        },
-        "guestOsFeatures": {
-          "description": "[Output Only] A list of features to enable on the guest operating system. Applicable only for bootable images. Read Enabling guest operating system features to see a list of available options.",
-          "items": {
-            "$ref": "GuestOsFeature"
-          },
-          "type": "array"
-        },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "kind": {
-          "default": "compute#snapshot",
-          "description": "[Output Only] Type of the resource. Always compute#snapshot for Snapshot resources.",
-          "type": "string"
-        },
-        "labelFingerprint": {
-          "description": "A fingerprint for the labels being applied to this snapshot, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a snapshot.",
-          "format": "byte",
-          "type": "string"
-        },
-        "labels": {
-          "additionalProperties": {
-            "type": "string"
-          },
-          "description": "Labels to apply to this snapshot. These can be later modified by the setLabels method. Label values may be empty.",
-          "type": "object"
-        },
-        "licenseCodes": {
-          "description": "[Output Only] Integer license codes indicating which licenses are attached to this snapshot.",
-          "items": {
-            "format": "int64",
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "licenses": {
-          "description": "[Output Only] A list of public visible licenses that apply to this snapshot. This can be because the original image had licenses attached (such as a Windows image).",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "locationHint": {
-          "description": "An opaque location hint used to place the snapshot close to other resources. This field is for use by internal tools that use the public API.",
-          "type": "string"
-        },
-        "maxRetentionDays": {
-          "description": "Number of days the snapshot should be retained before being deleted automatically.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "name": {
-          "annotations": {
-            "required": [
-              "compute.snapshots.insert"
-            ]
-          },
-          "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "satisfiesPzs": {
-          "description": "[Output Only] Reserved for future use.",
-          "type": "boolean"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
-          "type": "string"
-        },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource's resource id.",
-          "type": "string"
-        },
-        "snapshotEncryptionKey": {
-          "$ref": "CustomerEncryptionKey",
-          "description": "Encrypts the snapshot using a customer-supplied encryption key. After you encrypt a snapshot using a customer-supplied key, you must provide the same key if you use the snapshot later. For example, you must provide the encryption key when you create a disk from the encrypted snapshot in a future request. Customer-supplied encryption keys do not protect access to metadata of the snapshot. If you do not provide an encryption key when creating the snapshot, then the snapshot will be encrypted using an automatically generated key and you do not need to provide a key to use the snapshot later."
-        },
-        "snapshotType": {
-          "description": "Indicates the type of the snapshot.",
-          "enum": [
-            "ARCHIVE",
-            "STANDARD"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "sourceDisk": {
-          "description": "The source disk used to create this snapshot.",
-          "type": "string"
-        },
-        "sourceDiskEncryptionKey": {
-          "$ref": "CustomerEncryptionKey",
-          "description": "The customer-supplied encryption key of the source disk. Required if the source disk is protected by a customer-supplied encryption key."
-        },
-        "sourceDiskId": {
-          "description": "[Output Only] The ID value of the disk used to create this snapshot. This value may be used to determine whether the snapshot was taken from the current or a previous instance of a given disk name.",
-          "type": "string"
-        },
-        "sourceInstantSnapshot": {
-          "description": "The source instant snapshot used to create this snapshot. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /instantSnapshots/instantSnapshot - projects/project/zones/zone/instantSnapshots/instantSnapshot - zones/zone/instantSnapshots/instantSnapshot ",
-          "type": "string"
-        },
-        "sourceInstantSnapshotId": {
-          "description": "[Output Only] The unique ID of the instant snapshot used to create this snapshot. This value identifies the exact instant snapshot that was used to create this persistent disk. For example, if you created the persistent disk from an instant snapshot that was later deleted and recreated under the same name, the source instant snapshot ID would identify the exact instant snapshot that was used.",
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "SslPoliciesAggregatedList": {
+      "id": "SslPoliciesAggregatedList",
+      "properties": {
+        "etag": {
           "type": "string"
         },
-        "sourceSnapshotSchedulePolicy": {
-          "description": "[Output Only] URL of the resource policy which created this scheduled snapshot.",
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
-        "sourceSnapshotSchedulePolicyId": {
-          "description": "[Output Only] ID of the resource policy which created this scheduled snapshot.",
-          "type": "string"
+        "items": {
+          "additionalProperties": {
+            "$ref": "SslPoliciesScopedList",
+            "description": "Name of the scope containing this set of SSL policies."
+          },
+          "description": "A list of SslPoliciesScopedList resources.",
+          "type": "object"
         },
-        "status": {
-          "description": "[Output Only] The status of the snapshot. This can be CREATING, DELETING, FAILED, READY, or UPLOADING.",
-          "enum": [
-            "CREATING",
-            "DELETING",
-            "FAILED",
-            "READY",
-            "UPLOADING"
-          ],
-          "enumDescriptions": [
-            "Snapshot creation is in progress.",
-            "Snapshot is currently being deleted.",
-            "Snapshot creation failed.",
-            "Snapshot has been created successfully.",
-            "Snapshot is being uploaded."
-          ],
+        "kind": {
+          "default": "compute#sslPoliciesAggregatedList",
+          "description": "[Output Only] Type of resource. Always compute#sslPolicyAggregatedList for lists of SSL Policies.",
           "type": "string"
         },
-        "storageBytes": {
-          "description": "[Output Only] A size of the storage used by the snapshot. As snapshots share storage, this number is expected to change with snapshot creation/deletion.",
-          "format": "int64",
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
           "type": "string"
         },
-        "storageBytesStatus": {
-          "description": "[Output Only] An indicator whether storageBytes is in a stable state or it is being adjusted as a result of shared storage reallocation. This status can either be UPDATING, meaning the size of the snapshot is being updated, or UP_TO_DATE, meaning the size of the snapshot is up-to-date.",
-          "enum": [
-            "UPDATING",
-            "UP_TO_DATE"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
-        "storageLocations": {
-          "description": "Cloud Storage bucket storage location of the snapshot (regional or multi-regional).",
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources.",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
-        "userLicenses": {
-          "description": "[Output Only] A list of user provided licenses represented by a list of URLs to the license resource.",
-          "items": {
-            "type": "string"
+        "warning": {
+          "description": "[Output Only] Informational warning message.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
           },
-          "type": "array"
+          "type": "object"
         }
       },
       "type": "object"
     },
-    "SnapshotList": {
-      "description": "Contains a list of Snapshot resources.",
-      "id": "SnapshotList",
+    "SslPoliciesList": {
+      "id": "SslPoliciesList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of Snapshot resources.",
+          "description": "A list of SslPolicy resources.",
           "items": {
-            "$ref": "Snapshot"
+            "$ref": "SslPolicy"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#snapshotList",
-          "description": "Type of resource.",
+          "default": "compute#sslPoliciesList",
+          "description": "[Output Only] Type of the resource. Always compute#sslPoliciesList for lists of sslPolicies.",
           "type": "string"
         },
         "nextPageToken": {
@@ -76138,6 +84493,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -76156,6 +84512,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -76167,6 +84553,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -76214,144 +84601,485 @@
       },
       "type": "object"
     },
-    "SourceDiskEncryptionKey": {
-      "id": "SourceDiskEncryptionKey",
+    "SslPoliciesListAvailableFeaturesResponse": {
+      "id": "SslPoliciesListAvailableFeaturesResponse",
       "properties": {
-        "diskEncryptionKey": {
-          "$ref": "CustomerEncryptionKey",
-          "description": "The customer-supplied encryption key of the source disk. Required if the source disk is protected by a customer-supplied encryption key."
-        },
-        "sourceDisk": {
-          "description": "URL of the disk attached to the source instance. This can be a full or valid partial URL. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - projects/project/zones/zone/disks/disk - zones/zone/disks/disk ",
-          "type": "string"
+        "features": {
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object"
     },
-    "SourceInstanceParams": {
-      "description": "A specification of the parameters to use when creating the instance template from a source instance.",
-      "id": "SourceInstanceParams",
+    "SslPoliciesScopedList": {
+      "id": "SslPoliciesScopedList",
       "properties": {
-        "diskConfigs": {
-          "description": "Attached disks configuration. If not provided, defaults are applied: For boot disk and any other R/W disks, the source images for each disk will be used. For read-only disks, they will be attached in read-only mode. Local SSD disks will be created as blank volumes.",
+        "sslPolicies": {
+          "description": "A list of SslPolicies contained in this scope.",
           "items": {
-            "$ref": "DiskInstantiationConfig"
+            "$ref": "SslPolicy"
           },
           "type": "array"
+        },
+        "warning": {
+          "description": "Informational warning which replaces the list of SSL policies when the list is empty.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
         }
       },
       "type": "object"
     },
-    "SourceInstanceProperties": {
-      "description": "DEPRECATED: Please use compute#instanceProperties instead. New properties will not be added to this field.",
-      "id": "SourceInstanceProperties",
+    "SslPolicy": {
+      "description": "Represents an SSL Policy resource. Use SSL policies to control the SSL features, such as versions and cipher suites, offered by an HTTPS or SSL Proxy load balancer. For more information, read SSL Policy Concepts.",
+      "id": "SslPolicy",
       "properties": {
-        "canIpForward": {
-          "description": "Enables instances created based on this machine image to send packets with source IP addresses other than their own and receive packets with destination IP addresses other than their own. If these instances will be used as an IP gateway or it will be set as the next-hop in a Route resource, specify true. If unsure, leave this set to false. See the Enable IP forwarding documentation for more information.",
-          "type": "boolean"
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
         },
-        "deletionProtection": {
-          "description": "Whether the instance created from this machine image should be protected against deletion.",
-          "type": "boolean"
+        "customFeatures": {
+          "description": "A list of features enabled when the selected profile is CUSTOM. The method returns the set of features that can be specified in this list. This field must be empty if the profile is not CUSTOM.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         },
         "description": {
-          "description": "An optional text description for the instances that are created from this machine image.",
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
           "type": "string"
         },
-        "disks": {
-          "description": "An array of disks that are associated with the instances that are created from this machine image.",
+        "enabledFeatures": {
+          "description": "[Output Only] The list of features enabled in the SSL policy.",
           "items": {
-            "$ref": "SavedAttachedDisk"
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "fingerprint": {
+          "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a SslPolicy. An up-to-date fingerprint must be provided in order to update the SslPolicy, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve an SslPolicy.",
+          "format": "byte",
+          "type": "string"
+        },
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "kind": {
+          "default": "compute#sslPolicy",
+          "description": "[Output only] Type of the resource. Always compute#sslPolicyfor SSL policies.",
+          "type": "string"
+        },
+        "minTlsVersion": {
+          "description": "The minimum version of SSL protocol that can be used by the clients to establish a connection with the load balancer. This can be one of TLS_1_0, TLS_1_1, TLS_1_2.",
+          "enum": [
+            "TLS_1_0",
+            "TLS_1_1",
+            "TLS_1_2"
+          ],
+          "enumDescriptions": [
+            "TLS 1.0",
+            "TLS 1.1",
+            "TLS 1.2"
+          ],
+          "type": "string"
+        },
+        "name": {
+          "description": "Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "profile": {
+          "description": "Profile specifies the set of SSL features that can be used by the load balancer when negotiating SSL with clients. This can be one of COMPATIBLE, MODERN, RESTRICTED, or CUSTOM. If using CUSTOM, the set of SSL features to enable must be specified in the customFeatures field.",
+          "enum": [
+            "COMPATIBLE",
+            "CUSTOM",
+            "MODERN",
+            "RESTRICTED"
+          ],
+          "enumDescriptions": [
+            "Compatible profile. Allows the broadset set of clients, even those which support only out-of-date SSL features to negotiate with the load balancer.",
+            "Custom profile. Allow only the set of allowed SSL features specified in the customFeatures field.",
+            "Modern profile. Supports a wide set of SSL features, allowing modern clients to negotiate SSL with the load balancer.",
+            "Restricted profile. Supports a reduced set of SSL features, intended to meet stricter compliance requirements."
+          ],
+          "type": "string"
+        },
+        "region": {
+          "description": "[Output Only] URL of the region where the regional SSL policy resides. This field is not applicable to global SSL policies.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
+          "type": "string"
+        },
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "type": "string"
+        },
+        "tlsSettings": {
+          "$ref": "ServerTlsSettings",
+          "description": "Security settings for the proxy. This field is only applicable to a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED."
+        },
+        "warnings": {
+          "description": "[Output Only] If potential misconfigurations are detected for this SSL policy, this field will be populated with warning messages.",
+          "items": {
+            "properties": {
+              "code": {
+                "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+                "enum": [
+                  "CLEANUP_FAILED",
+                  "DEPRECATED_RESOURCE_USED",
+                  "DEPRECATED_TYPE_USED",
+                  "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                  "EXPERIMENTAL_TYPE_USED",
+                  "EXTERNAL_API_WARNING",
+                  "FIELD_VALUE_OVERRIDEN",
+                  "INJECTED_KERNELS_DEPRECATED",
+                  "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                  "LARGE_DEPLOYMENT_WARNING",
+                  "LIST_OVERHEAD_QUOTA_EXCEED",
+                  "MISSING_TYPE_DEPENDENCY",
+                  "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                  "NEXT_HOP_CANNOT_IP_FORWARD",
+                  "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                  "NEXT_HOP_INSTANCE_NOT_FOUND",
+                  "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                  "NEXT_HOP_NOT_RUNNING",
+                  "NOT_CRITICAL_ERROR",
+                  "NO_RESULTS_ON_PAGE",
+                  "PARTIAL_SUCCESS",
+                  "REQUIRED_TOS_AGREEMENT",
+                  "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                  "RESOURCE_NOT_DELETED",
+                  "SCHEMA_VALIDATION_IGNORED",
+                  "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                  "UNDECLARED_PROPERTIES",
+                  "UNREACHABLE"
+                ],
+                "enumDeprecated": [
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  true,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false
+                ],
+                "enumDescriptions": [
+                  "Warning about failed cleanup of transient changes made by a failed operation.",
+                  "A link to a deprecated resource was created.",
+                  "When deploying and at least one of the resources has a type marked as deprecated",
+                  "The user created a boot disk that is larger than image size.",
+                  "When deploying and at least one of the resources has a type marked as experimental",
+                  "Warning that is present in an external api call",
+                  "Warning that value of a field has been overridden. Deprecated unused field.",
+                  "The operation involved use of an injected kernel, which is deprecated.",
+                  "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                  "When deploying a deployment with a exceedingly large number of resources",
+                  "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                  "A resource depends on a missing type",
+                  "The route's nextHopIp address is not assigned to an instance on the network.",
+                  "The route's next hop instance cannot ip forward.",
+                  "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                  "The route's nextHopInstance URL refers to an instance that does not exist.",
+                  "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                  "The route's next hop instance does not have a status of RUNNING.",
+                  "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                  "No results are present on a particular list page.",
+                  "Success is reported, but some results may be missing due to errors",
+                  "The user attempted to use a resource that requires a TOS they have not accepted.",
+                  "Warning that a resource is in use.",
+                  "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                  "When a resource schema validation is ignored.",
+                  "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                  "When undeclared properties in the schema are present",
+                  "A given scope cannot be reached."
+                ],
+                "type": "string"
+              },
+              "data": {
+                "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+                "items": {
+                  "properties": {
+                    "key": {
+                      "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                      "type": "string"
+                    },
+                    "value": {
+                      "description": "[Output Only] A warning data value corresponding to the key.",
+                      "type": "string"
+                    }
+                  },
+                  "type": "object"
+                },
+                "type": "array"
+              },
+              "message": {
+                "description": "[Output Only] A human-readable description of the warning code.",
+                "type": "string"
+              }
+            },
+            "type": "object"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "SslPolicyReference": {
+      "id": "SslPolicyReference",
+      "properties": {
+        "sslPolicy": {
+          "description": "URL of the SSL policy resource. Set this to empty string to clear any existing SSL policy associated with the target proxy resource.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "StatefulPolicy": {
+      "id": "StatefulPolicy",
+      "properties": {
+        "preservedState": {
+          "$ref": "StatefulPolicyPreservedState"
+        }
+      },
+      "type": "object"
+    },
+    "StatefulPolicyPreservedState": {
+      "description": "Configuration of preserved resources.",
+      "id": "StatefulPolicyPreservedState",
+      "properties": {
+        "disks": {
+          "additionalProperties": {
+            "$ref": "StatefulPolicyPreservedStateDiskDevice"
           },
-          "type": "array"
+          "description": "Disks created on the instances that will be preserved on instance delete, update, etc. This map is keyed with the device names of the disks.",
+          "type": "object"
         },
-        "guestAccelerators": {
-          "description": "A list of guest accelerator cards' type and count to use for instances created from this machine image.",
-          "items": {
-            "$ref": "AcceleratorConfig"
+        "externalIPs": {
+          "additionalProperties": {
+            "$ref": "StatefulPolicyPreservedStateNetworkIp"
           },
-          "type": "array"
+          "description": "External network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name.",
+          "type": "object"
         },
-        "keyRevocationActionType": {
-          "description": "KeyRevocationActionType of the instance. Supported options are \"STOP\" and \"NONE\". The default value is \"NONE\" if it is not specified.",
+        "internalIPs": {
+          "additionalProperties": {
+            "$ref": "StatefulPolicyPreservedStateNetworkIp"
+          },
+          "description": "Internal network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name.",
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "StatefulPolicyPreservedStateDiskDevice": {
+      "id": "StatefulPolicyPreservedStateDiskDevice",
+      "properties": {
+        "autoDelete": {
+          "description": "These stateful disks will never be deleted during autohealing, update or VM instance recreate operations. This flag is used to configure if the disk should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Note: disks attached in READ_ONLY mode cannot be auto-deleted.",
           "enum": [
-            "KEY_REVOCATION_ACTION_TYPE_UNSPECIFIED",
-            "NONE",
-            "STOP"
+            "NEVER",
+            "ON_PERMANENT_INSTANCE_DELETION"
           ],
           "enumDescriptions": [
-            "Default value. This value is unused.",
-            "Indicates user chose no operation.",
-            "Indicates user chose to opt for VM shutdown on key revocation."
+            "",
+            ""
           ],
           "type": "string"
-        },
-        "labels": {
-          "additionalProperties": {
-            "type": "string"
-          },
-          "description": "Labels to apply to instances that are created from this machine image.",
-          "type": "object"
-        },
-        "machineType": {
-          "description": "The machine type to use for instances that are created from this machine image.",
-          "type": "string"
-        },
-        "metadata": {
-          "$ref": "Metadata",
-          "description": "The metadata key/value pairs to assign to instances that are created from this machine image. These pairs can consist of custom metadata or predefined keys. See Project and instance metadata for more information."
-        },
-        "minCpuPlatform": {
-          "description": "Minimum cpu/platform to be used by instances created from this machine image. The instance may be scheduled on the specified or newer cpu/platform. Applicable values are the friendly names of CPU platforms, such as minCpuPlatform: \"Intel Haswell\" or minCpuPlatform: \"Intel Sandy Bridge\". For more information, read Specifying a Minimum CPU Platform.",
-          "type": "string"
-        },
-        "networkInterfaces": {
-          "description": "An array of network access configurations for this interface.",
-          "items": {
-            "$ref": "NetworkInterface"
-          },
-          "type": "array"
-        },
-        "postKeyRevocationActionType": {
-          "description": "PostKeyRevocationActionType of the instance.",
+        }
+      },
+      "type": "object"
+    },
+    "StatefulPolicyPreservedStateNetworkIp": {
+      "id": "StatefulPolicyPreservedStateNetworkIp",
+      "properties": {
+        "autoDelete": {
+          "description": "These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted.",
           "enum": [
-            "NOOP",
-            "POST_KEY_REVOCATION_ACTION_TYPE_UNSPECIFIED",
-            "SHUTDOWN"
+            "NEVER",
+            "ON_PERMANENT_INSTANCE_DELETION"
           ],
           "enumDescriptions": [
-            "Indicates user chose no operation.",
-            "Default value. This value is unused.",
-            "Indicates user chose to opt for VM shutdown on key revocation."
+            "",
+            ""
           ],
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "Status": {
+      "description": "The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors).",
+      "id": "Status",
+      "properties": {
+        "code": {
+          "description": "The status code, which should be an enum value of google.rpc.Code.",
+          "format": "int32",
+          "type": "integer"
         },
-        "scheduling": {
-          "$ref": "Scheduling",
-          "description": "Specifies the scheduling options for the instances that are created from this machine image."
-        },
-        "serviceAccounts": {
-          "description": "A list of service accounts with specified scopes. Access tokens for these service accounts are available to the instances that are created from this machine image. Use metadata queries to obtain the access tokens for these instances.",
+        "details": {
+          "description": "A list of messages that carry the error details. There is a common set of message types for APIs to use.",
           "items": {
-            "$ref": "ServiceAccount"
+            "additionalProperties": {
+              "description": "Properties of the object. Contains field @type with type URL.",
+              "type": "any"
+            },
+            "type": "object"
           },
           "type": "array"
         },
-        "tags": {
-          "$ref": "Tags",
-          "description": "A list of tags to apply to the instances that are created from this machine image. The tags identify valid sources or targets for network firewalls. The setTags method can modify this list of tags. Each tag within the list must comply with RFC1035."
+        "message": {
+          "description": "A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "SslCertificate": {
-      "description": "Represents an SSL Certificate resource. Google Compute Engine has two SSL Certificate resources: * [Global](/compute/docs/reference/rest/alpha/sslCertificates) * [Regional](/compute/docs/reference/rest/alpha/regionSslCertificates) The sslCertificates are used by: - external HTTPS load balancers - SSL proxy load balancers The regionSslCertificates are used by internal HTTPS load balancers. Optionally, certificate file contents that you upload can contain a set of up to five PEM-encoded certificates. The API call creates an object (sslCertificate) that holds this data. You can use SSL keys and certificates to secure connections to a load balancer. For more information, read Creating and using SSL certificates, SSL certificates quotas and limits, and Troubleshooting SSL certificates.",
-      "id": "SslCertificate",
+    "StoragePool": {
+      "description": "Represents a zonal storage pool resource.",
+      "id": "StoragePool",
       "properties": {
-        "certificate": {
-          "description": "A value read into memory from a certificate file. The certificate file must be in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert.",
-          "type": "string"
-        },
         "creationTimestamp": {
           "description": "[Output Only] Creation timestamp in RFC3339 text format.",
           "type": "string"
@@ -76360,91 +85088,129 @@
           "description": "An optional description of this resource. Provide this property when you create the resource.",
           "type": "string"
         },
-        "expireTime": {
-          "description": "[Output Only] Expire time of the certificate. RFC3339",
-          "type": "string"
-        },
         "id": {
           "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
           "format": "uint64",
           "type": "string"
         },
         "kind": {
-          "default": "compute#sslCertificate",
-          "description": "[Output Only] Type of the resource. Always compute#sslCertificate for SSL certificates.",
+          "default": "compute#storagePool",
+          "description": "[Output Only] Type of the resource. Always compute#storagePool for storage pools.",
           "type": "string"
         },
-        "managed": {
-          "$ref": "SslCertificateManagedSslCertificate",
-          "description": "Configuration and status of a managed SSL certificate."
+        "labelFingerprint": {
+          "description": "A fingerprint for the labels being applied to this storage pool, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a storage pool.",
+          "format": "byte",
+          "type": "string"
+        },
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Labels to apply to this storage pool. These can be later modified by the setLabels method.",
+          "type": "object"
         },
         "name": {
+          "annotations": {
+            "required": [
+              "compute.storagePools.insert"
+            ]
+          },
           "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
           "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
         },
-        "privateKey": {
-          "description": "A value read into memory from a write-only private key file. The private key file must be in PEM format. For security, only insert requests include this field.",
+        "provisionedIops": {
+          "description": "Provsioned IOPS of the storage pool.",
+          "format": "int64",
           "type": "string"
         },
-        "region": {
-          "description": "[Output Only] URL of the region where the regional SSL Certificate resides. This field is not applicable to global SSL Certificate.",
+        "provisionedThroughput": {
+          "description": "Provisioned throughput of the storage pool. Only relevant if the storage pool type is hyperdisk-balanced or hyperdisk-throughput.",
+          "format": "int64",
           "type": "string"
         },
+        "resourceStatus": {
+          "$ref": "StoragePoolResourceStatus",
+          "description": "[Output Only] Status information for the storage pool resource."
+        },
         "selfLink": {
-          "description": "[Output only] Server-defined URL for the resource.",
+          "description": "[Output Only] Server-defined fully-qualified URL for this resource.",
           "type": "string"
         },
         "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "description": "[Output Only] Server-defined URL for this resource's resource id.",
           "type": "string"
         },
-        "selfManaged": {
-          "$ref": "SslCertificateSelfManagedSslCertificate",
-          "description": "Configuration and status of a self-managed SSL certificate."
+        "sizeGb": {
+          "description": "Size, in GiB, of the storage pool.",
+          "format": "int64",
+          "type": "string"
         },
-        "subjectAlternativeNames": {
-          "description": "[Output Only] Domains associated with the certificate via Subject Alternative Name.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "state": {
+          "description": "[Output Only] The status of storage pool creation. - CREATING: Storage pool is provisioning. storagePool. - FAILED: Storage pool creation failed. - READY: Storage pool is ready for use. - DELETING: Storage pool is deleting. ",
+          "enum": [
+            "CREATING",
+            "DELETING",
+            "FAILED",
+            "READY"
+          ],
+          "enumDescriptions": [
+            "StoragePool is provisioning",
+            "StoragePool is deleting.",
+            "StoragePool creation failed.",
+            "StoragePool is ready for use."
+          ],
+          "type": "string"
+        },
+        "status": {
+          "$ref": "StoragePoolResourceStatus",
+          "description": "[Output Only] Status information for the storage pool resource."
+        },
+        "storagePoolType": {
+          "description": "Type of the storage pool.",
+          "type": "string"
         },
         "type": {
-          "description": "(Optional) Specifies the type of SSL certificate, either \"SELF_MANAGED\" or \"MANAGED\". If not specified, the certificate is self-managed and the fields certificate and private_key are used.",
+          "description": "Type of the storage pool",
           "enum": [
-            "MANAGED",
-            "SELF_MANAGED",
-            "TYPE_UNSPECIFIED"
+            "SSD",
+            "UNSPECIFIED"
           ],
           "enumDescriptions": [
-            "Google-managed SSLCertificate.",
-            "Certificate uploaded by user.",
+            "",
             ""
           ],
           "type": "string"
+        },
+        "zone": {
+          "description": "[Output Only] URL of the zone where the storage pool resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "SslCertificateAggregatedList": {
-      "id": "SslCertificateAggregatedList",
+    "StoragePoolAggregatedList": {
+      "id": "StoragePoolAggregatedList",
       "properties": {
+        "etag": {
+          "type": "string"
+        },
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
           "additionalProperties": {
-            "$ref": "SslCertificatesScopedList",
-            "description": "Name of the scope containing this set of SslCertificates."
+            "$ref": "StoragePoolsScopedList",
+            "description": "[Output Only] Name of the scope containing this set of storage pool."
           },
-          "description": "A list of SslCertificatesScopedList resources.",
+          "description": "A list of StoragePoolsScopedList resources.",
           "type": "object"
         },
         "kind": {
-          "default": "compute#sslCertificateAggregatedList",
-          "description": "[Output Only] Type of resource. Always compute#sslCertificateAggregatedList for lists of SSL Certificates.",
+          "default": "compute#storagePoolAggregatedList",
+          "description": "[Output Only] Type of resource. Always compute#storagePoolAggregatedList for aggregated lists of storage pools.",
           "type": "string"
         },
         "nextPageToken": {
@@ -76478,6 +85244,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -76496,6 +85263,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -76507,6 +85304,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -76554,304 +85352,83 @@
       },
       "type": "object"
     },
-    "SslCertificateList": {
-      "description": "Contains a list of SslCertificate resources.",
-      "id": "SslCertificateList",
+    "StoragePoolDisk": {
+      "id": "StoragePoolDisk",
       "properties": {
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
-          "type": "string"
-        },
-        "items": {
-          "description": "A list of SslCertificate resources.",
+        "attachedInstances": {
+          "description": "[Output Only] Instances this disk is attached to.",
           "items": {
-            "$ref": "SslCertificate"
+            "type": "string"
           },
           "type": "array"
         },
-        "kind": {
-          "default": "compute#sslCertificateList",
-          "description": "Type of resource.",
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
           "type": "string"
         },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+        "disk": {
+          "description": "[Output Only] The URL of the disk.",
           "type": "string"
         },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
+        "name": {
+          "description": "[Output Only] The name of the disk.",
           "type": "string"
         },
-        "warning": {
-          "description": "[Output Only] Informational warning message.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
-              ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "SslCertificateManagedSslCertificate": {
-      "description": "Configuration and status of a managed SSL certificate.",
-      "id": "SslCertificateManagedSslCertificate",
-      "properties": {
-        "domainStatus": {
-          "additionalProperties": {
-            "enum": [
-              "ACTIVE",
-              "DOMAIN_STATUS_UNSPECIFIED",
-              "FAILED_CAA_CHECKING",
-              "FAILED_CAA_FORBIDDEN",
-              "FAILED_NOT_VISIBLE",
-              "FAILED_RATE_LIMITED",
-              "PROVISIONING"
-            ],
-            "enumDescriptions": [
-              "A managed certificate can be provisioned, no issues for this domain.",
-              "",
-              "Failed to check CAA records for the domain.",
-              "Certificate issuance forbidden by an explicit CAA record for the domain.",
-              "There seems to be problem with the user's DNS or load balancer configuration for this domain.",
-              "Reached rate-limit for certificates per top-level private domain.",
-              "Certificate provisioning for this domain is under way. GCP will attempt to provision the first certificate."
-            ],
-            "type": "string"
-          },
-          "description": "[Output only] Detailed statuses of the domains specified for managed certificate resource.",
-          "type": "object"
+        "provisionedIops": {
+          "description": "[Output Only] The number of IOPS provisioned for the disk.",
+          "format": "int64",
+          "type": "string"
         },
-        "domains": {
-          "description": "The domains for which a managed SSL certificate will be generated. Each Google-managed SSL certificate supports up to the [maximum number of domains per Google-managed SSL certificate](/load-balancing/docs/quotas#ssl_certificates).",
+        "provisionedThroughput": {
+          "description": "[Output Only] The throughput provisioned for the disk.",
+          "format": "int64",
+          "type": "string"
+        },
+        "resourcePolicies": {
+          "description": "[Output Only] Resource policies applied to disk for automatic snapshot creations.",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
+        "sizeGb": {
+          "description": "[Output Only] The disk size, in GB.",
+          "format": "int64",
+          "type": "string"
+        },
         "status": {
-          "description": "[Output only] Status of the managed certificate resource.",
+          "description": "[Output Only] The disk status.",
           "enum": [
-            "ACTIVE",
-            "MANAGED_CERTIFICATE_STATUS_UNSPECIFIED",
-            "PROVISIONING",
-            "PROVISIONING_FAILED",
-            "PROVISIONING_FAILED_PERMANENTLY",
-            "RENEWAL_FAILED"
+            "CREATING",
+            "DELETING",
+            "FAILED",
+            "READY",
+            "RESTORING"
           ],
           "enumDescriptions": [
-            "The certificate management is working, and a certificate has been provisioned.",
-            "",
-            "The certificate management is working. GCP will attempt to provision the first certificate.",
-            "Certificate provisioning failed due to an issue with the DNS or load balancing configuration. For details of which domain failed, consult domain_status field.",
-            "Certificate provisioning failed due to an issue with the DNS or load balancing configuration. It won't be retried. To try again delete and create a new managed SslCertificate resource. For details of which domain failed, consult domain_status field.",
-            "Renewal of the certificate has failed due to an issue with the DNS or load balancing configuration. The existing cert is still serving; however, it will expire shortly. To provision a renewed certificate, delete and create a new managed SslCertificate resource. For details on which domain failed, consult domain_status field."
+            "Disk is provisioning",
+            "Disk is deleting.",
+            "Disk creation failed.",
+            "Disk is ready for use.",
+            "Source data is being copied into the disk."
           ],
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "SslCertificateSelfManagedSslCertificate": {
-      "description": "Configuration and status of a self-managed SSL certificate.",
-      "id": "SslCertificateSelfManagedSslCertificate",
-      "properties": {
-        "certificate": {
-          "description": "A local certificate file. The certificate must be in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert.",
-          "type": "string"
         },
-        "privateKey": {
-          "description": "A write-only private key in PEM format. Only insert requests will include this field.",
+        "type": {
+          "description": "[Output Only] The disk type.",
           "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "SslCertificatesScopedList": {
-      "id": "SslCertificatesScopedList",
-      "properties": {
-        "sslCertificates": {
-          "description": "List of SslCertificates contained in this scope.",
-          "items": {
-            "$ref": "SslCertificate"
-          },
-          "type": "array"
         },
-        "warning": {
-          "description": "Informational warning which replaces the list of backend services when the list is empty.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
-              ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
+        "usedBytes": {
+          "description": "[Output Only] Amount of disk space used.",
+          "format": "int64",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "SslPoliciesAggregatedList": {
-      "id": "SslPoliciesAggregatedList",
+    "StoragePoolList": {
+      "description": "A list of StoragePool resources.",
+      "id": "StoragePoolList",
       "properties": {
         "etag": {
           "type": "string"
@@ -76861,16 +85438,15 @@
           "type": "string"
         },
         "items": {
-          "additionalProperties": {
-            "$ref": "SslPoliciesScopedList",
-            "description": "Name of the scope containing this set of SSL policies."
+          "description": "A list of StoragePool resources.",
+          "items": {
+            "$ref": "StoragePool"
           },
-          "description": "A list of SslPoliciesScopedList resources.",
-          "type": "object"
+          "type": "array"
         },
         "kind": {
-          "default": "compute#sslPoliciesAggregatedList",
-          "description": "[Output Only] Type of resource. Always compute#sslPolicyAggregatedList for lists of SSL Policies.",
+          "default": "compute#storagePoolList",
+          "description": "[Output Only] Type of resource. Always compute#storagePoolList for lists of storagePools.",
           "type": "string"
         },
         "nextPageToken": {
@@ -76882,7 +85458,7 @@
           "type": "string"
         },
         "unreachables": {
-          "description": "[Output Only] Unreachable resources.",
+          "description": "[Output Only] Unreachable resources. end_interface: MixerListResponseWithEtagBuilder",
           "items": {
             "type": "string"
           },
@@ -76904,6 +85480,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -76922,6 +85499,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -76933,6 +85540,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -76980,23 +85588,26 @@
       },
       "type": "object"
     },
-    "SslPoliciesList": {
-      "id": "SslPoliciesList",
+    "StoragePoolListDisks": {
+      "id": "StoragePoolListDisks",
       "properties": {
+        "etag": {
+          "type": "string"
+        },
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of SslPolicy resources.",
+          "description": "A list of StoragePoolDisk resources.",
           "items": {
-            "$ref": "SslPolicy"
+            "$ref": "StoragePoolDisk"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#sslPoliciesList",
-          "description": "[Output Only] Type of the resource. Always compute#sslPoliciesList for lists of sslPolicies.",
+          "default": "compute#storagePoolListDisks",
+          "description": "[Output Only] Type of resource. Always compute#storagePoolListDisks for lists of disks in a storagePool.",
           "type": "string"
         },
         "nextPageToken": {
@@ -77007,6 +85618,13 @@
           "description": "[Output Only] Server-defined URL for this resource.",
           "type": "string"
         },
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources. end_interface: MixerListResponseWithEtagBuilder",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "warning": {
           "description": "[Output Only] Informational warning message.",
           "properties": {
@@ -77023,6 +85641,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -77041,6 +85660,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -77052,6 +85701,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -77099,30 +85749,64 @@
       },
       "type": "object"
     },
-    "SslPoliciesListAvailableFeaturesResponse": {
-      "id": "SslPoliciesListAvailableFeaturesResponse",
+    "StoragePoolResourceStatus": {
+      "description": "[Output Only] Contains output only fields.",
+      "id": "StoragePoolResourceStatus",
       "properties": {
-        "features": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "aggregateDiskProvisionedIops": {
+          "description": "[Output Only] Sum of all the disks' provisioned IOPS.",
+          "format": "int64",
+          "type": "string"
+        },
+        "aggregateDiskSizeGb": {
+          "description": "[Output Only] Sum of all the capacity provisioned in disks in this storage pool. A disk's provisioned capacity is the same as its total capacity.",
+          "format": "int64",
+          "type": "string"
+        },
+        "lastResizeTimestamp": {
+          "description": "[Output Only] Timestamp of the last successful resize in RFC3339 text format.",
+          "type": "string"
+        },
+        "maxAggregateDiskSizeGb": {
+          "description": "[Output Only] Maximum allowed aggregate disk size in gigabytes.",
+          "format": "int64",
+          "type": "string"
+        },
+        "numberOfDisks": {
+          "description": "[Output Only] Number of disks used.",
+          "format": "int64",
+          "type": "string"
+        },
+        "usedBytes": {
+          "description": "[Output Only] Space used by data stored in disks within the storage pool (in bytes).",
+          "format": "int64",
+          "type": "string"
+        },
+        "usedReducedBytes": {
+          "description": "[Output Only] Space used by compressed and deduped data stored in disks within the storage pool (in bytes).",
+          "format": "int64",
+          "type": "string"
+        },
+        "usedThroughput": {
+          "description": "[Output Only] Sum of all the disks' provisioned throughput in MB/s.",
+          "format": "int64",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "SslPoliciesScopedList": {
-      "id": "SslPoliciesScopedList",
+    "StoragePoolsScopedList": {
+      "id": "StoragePoolsScopedList",
       "properties": {
-        "sslPolicies": {
-          "description": "A list of SslPolicies contained in this scope.",
+        "storagePools": {
+          "description": "[Output Only] A list of storage pool contained in this scope.",
           "items": {
-            "$ref": "SslPolicy"
+            "$ref": "StoragePool"
           },
           "type": "array"
         },
         "warning": {
-          "description": "Informational warning which replaces the list of SSL policies when the list is empty.",
+          "description": "[Output Only] Informational warning which replaces the list of storage pool when the list is empty.",
           "properties": {
             "code": {
               "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
@@ -77137,6 +85821,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -77155,6 +85840,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -77166,6 +85881,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -77213,276 +85929,19 @@
       },
       "type": "object"
     },
-    "SslPolicy": {
-      "description": "Represents an SSL Policy resource. Use SSL policies to control the SSL features, such as versions and cipher suites, offered by an HTTPS or SSL Proxy load balancer. For more information, read SSL Policy Concepts.",
-      "id": "SslPolicy",
-      "properties": {
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
-          "type": "string"
-        },
-        "customFeatures": {
-          "description": "A list of features enabled when the selected profile is CUSTOM. The method returns the set of features that can be specified in this list. This field must be empty if the profile is not CUSTOM.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
-          "type": "string"
-        },
-        "enabledFeatures": {
-          "description": "[Output Only] The list of features enabled in the SSL policy.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "fingerprint": {
-          "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a SslPolicy. An up-to-date fingerprint must be provided in order to update the SslPolicy, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve an SslPolicy.",
-          "format": "byte",
-          "type": "string"
-        },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "kind": {
-          "default": "compute#sslPolicy",
-          "description": "[Output only] Type of the resource. Always compute#sslPolicyfor SSL policies.",
-          "type": "string"
-        },
-        "minTlsVersion": {
-          "description": "The minimum version of SSL protocol that can be used by the clients to establish a connection with the load balancer. This can be one of TLS_1_0, TLS_1_1, TLS_1_2.",
-          "enum": [
-            "TLS_1_0",
-            "TLS_1_1",
-            "TLS_1_2"
-          ],
-          "enumDescriptions": [
-            "TLS 1.0",
-            "TLS 1.1",
-            "TLS 1.2"
-          ],
-          "type": "string"
-        },
-        "name": {
-          "description": "Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "profile": {
-          "description": "Profile specifies the set of SSL features that can be used by the load balancer when negotiating SSL with clients. This can be one of COMPATIBLE, MODERN, RESTRICTED, or CUSTOM. If using CUSTOM, the set of SSL features to enable must be specified in the customFeatures field.",
-          "enum": [
-            "COMPATIBLE",
-            "CUSTOM",
-            "MODERN",
-            "RESTRICTED"
-          ],
-          "enumDescriptions": [
-            "Compatible profile. Allows the broadset set of clients, even those which support only out-of-date SSL features to negotiate with the load balancer.",
-            "Custom profile. Allow only the set of allowed SSL features specified in the customFeatures field.",
-            "Modern profile. Supports a wide set of SSL features, allowing modern clients to negotiate SSL with the load balancer.",
-            "Restricted profile. Supports a reduced set of SSL features, intended to meet stricter compliance requirements."
-          ],
-          "type": "string"
-        },
-        "region": {
-          "description": "[Output Only] URL of the region where the regional SSL policy resides. This field is not applicable to global SSL policies.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
-          "type": "string"
-        },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
-          "type": "string"
-        },
-        "tlsSettings": {
-          "$ref": "ServerTlsSettings",
-          "description": "Security settings for the proxy. This field is only applicable to a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED."
-        },
-        "warnings": {
-          "description": "[Output Only] If potential misconfigurations are detected for this SSL policy, this field will be populated with warning messages.",
-          "items": {
-            "properties": {
-              "code": {
-                "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-                "enum": [
-                  "CLEANUP_FAILED",
-                  "DEPRECATED_RESOURCE_USED",
-                  "DEPRECATED_TYPE_USED",
-                  "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                  "EXPERIMENTAL_TYPE_USED",
-                  "EXTERNAL_API_WARNING",
-                  "FIELD_VALUE_OVERRIDEN",
-                  "INJECTED_KERNELS_DEPRECATED",
-                  "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                  "LARGE_DEPLOYMENT_WARNING",
-                  "MISSING_TYPE_DEPENDENCY",
-                  "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                  "NEXT_HOP_CANNOT_IP_FORWARD",
-                  "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                  "NEXT_HOP_INSTANCE_NOT_FOUND",
-                  "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                  "NEXT_HOP_NOT_RUNNING",
-                  "NOT_CRITICAL_ERROR",
-                  "NO_RESULTS_ON_PAGE",
-                  "PARTIAL_SUCCESS",
-                  "REQUIRED_TOS_AGREEMENT",
-                  "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                  "RESOURCE_NOT_DELETED",
-                  "SCHEMA_VALIDATION_IGNORED",
-                  "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                  "UNDECLARED_PROPERTIES",
-                  "UNREACHABLE"
-                ],
-                "enumDescriptions": [
-                  "Warning about failed cleanup of transient changes made by a failed operation.",
-                  "A link to a deprecated resource was created.",
-                  "When deploying and at least one of the resources has a type marked as deprecated",
-                  "The user created a boot disk that is larger than image size.",
-                  "When deploying and at least one of the resources has a type marked as experimental",
-                  "Warning that is present in an external api call",
-                  "Warning that value of a field has been overridden. Deprecated unused field.",
-                  "The operation involved use of an injected kernel, which is deprecated.",
-                  "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                  "When deploying a deployment with a exceedingly large number of resources",
-                  "A resource depends on a missing type",
-                  "The route's nextHopIp address is not assigned to an instance on the network.",
-                  "The route's next hop instance cannot ip forward.",
-                  "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                  "The route's nextHopInstance URL refers to an instance that does not exist.",
-                  "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                  "The route's next hop instance does not have a status of RUNNING.",
-                  "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                  "No results are present on a particular list page.",
-                  "Success is reported, but some results may be missing due to errors",
-                  "The user attempted to use a resource that requires a TOS they have not accepted.",
-                  "Warning that a resource is in use.",
-                  "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                  "When a resource schema validation is ignored.",
-                  "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                  "When undeclared properties in the schema are present",
-                  "A given scope cannot be reached."
-                ],
-                "type": "string"
-              },
-              "data": {
-                "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-                "items": {
-                  "properties": {
-                    "key": {
-                      "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                      "type": "string"
-                    },
-                    "value": {
-                      "description": "[Output Only] A warning data value corresponding to the key.",
-                      "type": "string"
-                    }
-                  },
-                  "type": "object"
-                },
-                "type": "array"
-              },
-              "message": {
-                "description": "[Output Only] A human-readable description of the warning code.",
-                "type": "string"
-              }
-            },
-            "type": "object"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "SslPolicyReference": {
-      "id": "SslPolicyReference",
-      "properties": {
-        "sslPolicy": {
-          "description": "URL of the SSL policy resource. Set this to empty string to clear any existing SSL policy associated with the target proxy resource.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "StatefulPolicy": {
-      "id": "StatefulPolicy",
-      "properties": {
-        "preservedState": {
-          "$ref": "StatefulPolicyPreservedState"
-        }
-      },
-      "type": "object"
-    },
-    "StatefulPolicyPreservedState": {
-      "description": "Configuration of preserved resources.",
-      "id": "StatefulPolicyPreservedState",
+    "StructuredEntries": {
+      "id": "StructuredEntries",
       "properties": {
-        "disks": {
-          "additionalProperties": {
-            "$ref": "StatefulPolicyPreservedStateDiskDevice"
-          },
-          "description": "Disks created on the instances that will be preserved on instance delete, update, etc. This map is keyed with the device names of the disks.",
-          "type": "object"
-        },
-        "externalIPs": {
-          "additionalProperties": {
-            "$ref": "StatefulPolicyPreservedStateNetworkIp"
-          },
-          "description": "External network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name.",
-          "type": "object"
-        },
-        "internalIPs": {
+        "entries": {
           "additionalProperties": {
-            "$ref": "StatefulPolicyPreservedStateNetworkIp"
+            "type": "any"
           },
-          "description": "Internal network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name.",
+          "description": "Map of a partner metadata that belong to the same subdomain. It accepts any value including google.protobuf.Struct.",
           "type": "object"
         }
       },
       "type": "object"
     },
-    "StatefulPolicyPreservedStateDiskDevice": {
-      "id": "StatefulPolicyPreservedStateDiskDevice",
-      "properties": {
-        "autoDelete": {
-          "description": "These stateful disks will never be deleted during autohealing, update or VM instance recreate operations. This flag is used to configure if the disk should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Note: disks attached in READ_ONLY mode cannot be auto-deleted.",
-          "enum": [
-            "NEVER",
-            "ON_PERMANENT_INSTANCE_DELETION"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "StatefulPolicyPreservedStateNetworkIp": {
-      "id": "StatefulPolicyPreservedStateNetworkIp",
-      "properties": {
-        "autoDelete": {
-          "description": "These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted.",
-          "enum": [
-            "NEVER",
-            "ON_PERMANENT_INSTANCE_DELETION"
-          ],
-          "enumDescriptions": [
-            "",
-            ""
-          ],
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
     "Subnetwork": {
       "description": "Represents a Subnetwork resource. A subnetwork (also known as a subnet) is a logical partition of a Virtual Private Cloud network with one primary IP range and zero or more secondary IP ranges. For more information, read Virtual Private Cloud (VPC) Network.",
       "id": "Subnetwork",
@@ -77520,7 +85979,7 @@
           "type": "string"
         },
         "enableFlowLogs": {
-          "description": "Whether to enable flow logging for this subnetwork. If this field is not explicitly set, it will not appear in get listings. If not set the default behavior is determined by the org policy, if there is no org policy specified, then it will default to disabled. This field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER.",
+          "description": "Whether to enable flow logging for this subnetwork. If this field is not explicitly set, it will not appear in get listings. If not set the default behavior is determined by the org policy, if there is no org policy specified, then it will default to disabled. This field isn't supported if the subnet purpose field is set to REGIONAL_MANAGED_PROXY.",
           "type": "boolean"
         },
         "enableL2": {
@@ -77528,6 +85987,7 @@
           "type": "boolean"
         },
         "enablePrivateV6Access": {
+          "deprecated": true,
           "description": "Deprecated in favor of enable in PrivateIpv6GoogleAccess. Whether the VMs in this subnet can directly access Google services via internal IPv6 addresses. This field can be both set at resource creation time and updated using patch.",
           "type": "boolean"
         },
@@ -77627,7 +86087,7 @@
           "type": "string"
         },
         "purpose": {
-          "description": "The purpose of the resource. This field can be either PRIVATE_RFC_1918 or INTERNAL_HTTPS_LOAD_BALANCER. A subnetwork with purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is reserved for Internal HTTP(S) Load Balancing. If unspecified, the purpose defaults to PRIVATE_RFC_1918. The enableFlowLogs field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER.",
+          "description": "The purpose of the resource. This field can be either PRIVATE, REGIONAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT, or INTERNAL_HTTPS_LOAD_BALANCER. PRIVATE is the default purpose for user-created subnets or subnets that are automatically created in auto mode networks. A subnet with purpose set to REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved for regional Envoy-based load balancers. A subnet with purpose set to PRIVATE_SERVICE_CONNECT is used to publish services using Private Service Connect. A subnet with purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a proxy-only subnet that can be used only by regional internal HTTP(S) load balancers. Note that REGIONAL_MANAGED_PROXY is the preferred setting for all regional Envoy load balancers. If unspecified, the subnet purpose defaults to PRIVATE. The enableFlowLogs field isn't supported if the subnet purpose field is set to REGIONAL_MANAGED_PROXY.",
           "enum": [
             "AGGREGATE",
             "CLOUD_EXTENSION",
@@ -77661,7 +86121,7 @@
           "type": "string"
         },
         "role": {
-          "description": "The role of subnetwork. Currently, this field is only used when purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently being used for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one that is ready to be promoted to ACTIVE or is currently draining. This field can be updated with a patch request.",
+          "description": "The role of subnetwork. Currently, this field is only used when purpose = REGIONAL_MANAGED_PROXY. The value can be set to ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently being used for Envoy-based load balancers in a region. A BACKUP subnetwork is one that is ready to be promoted to ACTIVE or is currently draining. This field can be updated with a patch request.",
           "enum": [
             "ACTIVE",
             "BACKUP"
@@ -77773,6 +86233,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -77791,6 +86252,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -77802,6 +86293,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -77893,6 +86385,231 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "SubnetworkLogConfig": {
+      "description": "The available logging options for this subnetwork.",
+      "id": "SubnetworkLogConfig",
+      "properties": {
+        "aggregationInterval": {
+          "description": "Can only be specified if VPC flow logging for this subnetwork is enabled. Toggles the aggregation interval for collecting flow logs. Increasing the interval time will reduce the amount of generated flow logs for long lasting connections. Default is an interval of 5 seconds per connection.",
+          "enum": [
+            "INTERVAL_10_MIN",
+            "INTERVAL_15_MIN",
+            "INTERVAL_1_MIN",
+            "INTERVAL_30_SEC",
+            "INTERVAL_5_MIN",
+            "INTERVAL_5_SEC"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            "",
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "enable": {
+          "description": "Whether to enable flow logging for this subnetwork. If this field is not explicitly set, it will not appear in get listings. If not set the default behavior is determined by the org policy, if there is no org policy specified, then it will default to disabled. Flow logging isn't supported if the subnet purpose field is set to REGIONAL_MANAGED_PROXY.",
+          "type": "boolean"
+        },
+        "filterExpr": {
+          "description": "Can only be specified if VPC flow logs for this subnetwork is enabled. The filter expression is used to define which VPC flow logs should be exported to Cloud Logging.",
+          "type": "string"
+        },
+        "flowSampling": {
+          "description": "Can only be specified if VPC flow logging for this subnetwork is enabled. The value of the field must be in [0, 1]. Set the sampling rate of VPC flow logs within the subnetwork where 1.0 means all collected logs are reported and 0.0 means no logs are reported. Default is 0.5 unless otherwise specified by the org policy, which means half of all collected logs are reported.",
+          "format": "float",
+          "type": "number"
+        },
+        "metadata": {
+          "description": "Can only be specified if VPC flow logs for this subnetwork is enabled. Configures whether all, none or a subset of metadata fields should be added to the reported VPC flow logs. Default is EXCLUDE_ALL_METADATA.",
+          "enum": [
+            "CUSTOM_METADATA",
+            "EXCLUDE_ALL_METADATA",
+            "INCLUDE_ALL_METADATA"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "metadataFields": {
+          "description": "Can only be specified if VPC flow logs for this subnetwork is enabled and \"metadata\" was set to CUSTOM_METADATA.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "SubnetworkSecondaryRange": {
+      "description": "Represents a secondary IP range of a subnetwork.",
+      "id": "SubnetworkSecondaryRange",
+      "properties": {
+        "ipCidrRange": {
+          "description": "The range of IP addresses belonging to this subnetwork secondary range. Provide this property when you create the subnetwork. Ranges must be unique and non-overlapping with all primary and secondary IP ranges within a network. Only IPv4 is supported. The range can be any range listed in the Valid ranges list.",
+          "type": "string"
+        },
+        "rangeName": {
+          "description": "The name associated with this subnetwork secondary range, used when adding an alias IP range to a VM instance. The name must be 1-63 characters long, and comply with RFC1035. The name must be unique within the subnetwork.",
+          "type": "string"
+        },
+        "reservedInternalRange": {
+          "description": "The URL of the reserved internal range.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "SubnetworksExpandIpCidrRangeRequest": {
+      "id": "SubnetworksExpandIpCidrRangeRequest",
+      "properties": {
+        "ipCidrRange": {
+          "description": "The IP (in CIDR format or netmask) of internal addresses that are legal on this Subnetwork. This range should be disjoint from other subnetworks within this network. This range can only be larger than (i.e. a superset of) the range previously defined before the update.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "SubnetworksScopedList": {
+      "id": "SubnetworksScopedList",
+      "properties": {
+        "subnetworks": {
+          "description": "A list of subnetworks contained in this scope.",
+          "items": {
+            "$ref": "Subnetwork"
+          },
+          "type": "array"
+        },
+        "warning": {
+          "description": "An informational warning that appears when the list of addresses is empty.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -77911,197 +86628,35 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "SubnetworkLogConfig": {
-      "description": "The available logging options for this subnetwork.",
-      "id": "SubnetworkLogConfig",
-      "properties": {
-        "aggregationInterval": {
-          "description": "Can only be specified if VPC flow logging for this subnetwork is enabled. Toggles the aggregation interval for collecting flow logs. Increasing the interval time will reduce the amount of generated flow logs for long lasting connections. Default is an interval of 5 seconds per connection.",
-          "enum": [
-            "INTERVAL_10_MIN",
-            "INTERVAL_15_MIN",
-            "INTERVAL_1_MIN",
-            "INTERVAL_30_SEC",
-            "INTERVAL_5_MIN",
-            "INTERVAL_5_SEC"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            "",
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "enable": {
-          "description": "Whether to enable flow logging for this subnetwork. If this field is not explicitly set, it will not appear in get listings. If not set the default behavior is determined by the org policy, if there is no org policy specified, then it will default to disabled.",
-          "type": "boolean"
-        },
-        "filterExpr": {
-          "description": "Can only be specified if VPC flow logs for this subnetwork is enabled. The filter expression is used to define which VPC flow logs should be exported to Cloud Logging.",
-          "type": "string"
-        },
-        "flowSampling": {
-          "description": "Can only be specified if VPC flow logging for this subnetwork is enabled. The value of the field must be in [0, 1]. Set the sampling rate of VPC flow logs within the subnetwork where 1.0 means all collected logs are reported and 0.0 means no logs are reported. Default is 0.5 unless otherwise specified by the org policy, which means half of all collected logs are reported.",
-          "format": "float",
-          "type": "number"
-        },
-        "metadata": {
-          "description": "Can only be specified if VPC flow logs for this subnetwork is enabled. Configures whether all, none or a subset of metadata fields should be added to the reported VPC flow logs. Default is EXCLUDE_ALL_METADATA.",
-          "enum": [
-            "CUSTOM_METADATA",
-            "EXCLUDE_ALL_METADATA",
-            "INCLUDE_ALL_METADATA"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "metadataFields": {
-          "description": "Can only be specified if VPC flow logs for this subnetwork is enabled and \"metadata\" was set to CUSTOM_METADATA.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "SubnetworkSecondaryRange": {
-      "description": "Represents a secondary IP range of a subnetwork.",
-      "id": "SubnetworkSecondaryRange",
-      "properties": {
-        "ipCidrRange": {
-          "description": "The range of IP addresses belonging to this subnetwork secondary range. Provide this property when you create the subnetwork. Ranges must be unique and non-overlapping with all primary and secondary IP ranges within a network. Only IPv4 is supported. The range can be any range listed in the Valid ranges list.",
-          "type": "string"
-        },
-        "rangeName": {
-          "description": "The name associated with this subnetwork secondary range, used when adding an alias IP range to a VM instance. The name must be 1-63 characters long, and comply with RFC1035. The name must be unique within the subnetwork.",
-          "type": "string"
-        },
-        "reservedInternalRange": {
-          "description": "The URL of the reserved internal range.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "SubnetworksExpandIpCidrRangeRequest": {
-      "id": "SubnetworksExpandIpCidrRangeRequest",
-      "properties": {
-        "ipCidrRange": {
-          "description": "The IP (in CIDR format or netmask) of internal addresses that are legal on this Subnetwork. This range should be disjoint from other subnetworks within this network. This range can only be larger than (i.e. a superset of) the range previously defined before the update.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "SubnetworksScopedList": {
-      "id": "SubnetworksScopedList",
-      "properties": {
-        "subnetworks": {
-          "description": "A list of subnetworks contained in this scope.",
-          "items": {
-            "$ref": "Subnetwork"
-          },
-          "type": "array"
-        },
-        "warning": {
-          "description": "An informational warning that appears when the list of addresses is empty.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
               ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
@@ -78114,6 +86669,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -78361,6 +86917,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -78379,6 +86936,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -78390,6 +86977,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -78463,6 +87051,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -78481,6 +87070,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -78492,6 +87111,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -78563,6 +87183,11 @@
           },
           "type": "array"
         },
+        "httpKeepAliveTimeoutSec": {
+          "description": "Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keep-alive is not specified, a default value (610 seconds) will be used. For Global external HTTP(S) load balancer, the minimum allowed value is 5 seconds and the maximum allowed value is 1200 seconds. For Global external HTTP(S) load balancer (classic), this option is not available publicly.",
+          "format": "int32",
+          "type": "integer"
+        },
         "id": {
           "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
           "format": "uint64",
@@ -78652,6 +87277,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -78670,6 +87296,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -78681,6 +87337,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -78772,6 +87429,141 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "TargetHttpsProxiesScopedList": {
+      "id": "TargetHttpsProxiesScopedList",
+      "properties": {
+        "targetHttpsProxies": {
+          "description": "A list of TargetHttpsProxies contained in this scope.",
+          "items": {
+            "$ref": "TargetHttpsProxy"
+          },
+          "type": "array"
+        },
+        "warning": {
+          "description": "Informational warning which replaces the list of backend services when the list is empty.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -78790,107 +87582,35 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "TargetHttpsProxiesScopedList": {
-      "id": "TargetHttpsProxiesScopedList",
-      "properties": {
-        "targetHttpsProxies": {
-          "description": "A list of TargetHttpsProxies contained in this scope.",
-          "items": {
-            "$ref": "TargetHttpsProxy"
-          },
-          "type": "array"
-        },
-        "warning": {
-          "description": "Informational warning which replaces the list of backend services when the list is empty.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
               ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
@@ -78903,6 +87623,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -78954,7 +87675,7 @@
       "id": "TargetHttpsProxiesSetCertificateMapRequest",
       "properties": {
         "certificateMap": {
-          "description": "URL of the Certificate Map to associate with this TargetHttpsProxy.",
+          "description": "URL of the Certificate Map to associate with this TargetHttpsProxy. Accepted format is //certificatemanager.googleapis.com/projects/{project }/locations/{location}/certificateMaps/{resourceName}.",
           "type": "string"
         }
       },
@@ -78998,10 +87719,12 @@
       "id": "TargetHttpsProxy",
       "properties": {
         "authentication": {
+          "deprecated": true,
           "description": "[Deprecated] Use serverTlsPolicy instead.",
           "type": "string"
         },
         "authorization": {
+          "deprecated": true,
           "description": "[Deprecated] Use authorizationPolicy instead.",
           "type": "string"
         },
@@ -79010,7 +87733,7 @@
           "type": "string"
         },
         "certificateMap": {
-          "description": "URL of a certificate map that identifies a certificate map associated with the given target proxy. This field can only be set for global target proxies. If set, sslCertificates will be ignored.",
+          "description": "URL of a certificate map that identifies a certificate map associated with the given target proxy. This field can only be set for global target proxies. If set, sslCertificates will be ignored. Accepted format is //certificatemanager.googleapis.com/projects/{project }/locations/{location}/certificateMaps/{resourceName}.",
           "type": "string"
         },
         "creationTimestamp": {
@@ -79033,6 +87756,11 @@
           },
           "type": "array"
         },
+        "httpKeepAliveTimeoutSec": {
+          "description": "Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keep-alive is not specified, a default value (610 seconds) will be used. For Global external HTTP(S) load balancer, the minimum allowed value is 5 seconds and the maximum allowed value is 1200 seconds. For Global external HTTP(S) load balancer (classic), this option is not available publicly.",
+          "format": "int32",
+          "type": "integer"
+        },
         "id": {
           "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
           "format": "uint64",
@@ -79079,7 +87807,7 @@
           "type": "string"
         },
         "serverTlsPolicy": {
-          "description": "Optional. A URL referring to a networksecurity.ServerTlsPolicy resource that describes how the proxy should authenticate inbound traffic. serverTlsPolicy only applies to a global TargetHttpsProxy attached to globalForwardingRules with the loadBalancingScheme set to INTERNAL_SELF_MANAGED. If left blank, communications are not encrypted. Note: This field currently has no impact.",
+          "description": "Optional. A URL referring to a networksecurity.ServerTlsPolicy resource that describes how the proxy should authenticate inbound traffic. serverTlsPolicy only applies to a global TargetHttpsProxy attached to globalForwardingRules with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. For details which ServerTlsPolicy resources are accepted with INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted.",
           "type": "string"
         },
         "sslCertificates": {
@@ -79151,6 +87879,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -79169,6 +87898,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -79180,6 +87939,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -79271,6 +88031,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -79289,6 +88050,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -79300,6 +88091,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -79462,6 +88254,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -79480,6 +88273,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -79491,6 +88314,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -79582,6 +88406,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -79600,6 +88425,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -79611,6 +88466,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -79684,6 +88540,259 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "TargetPool": {
+      "description": "Represents a Target Pool resource. Target pools are used for network TCP/UDP load balancing. A target pool references member instances, an associated legacy HttpHealthCheck resource, and, optionally, a backup target pool. For more information, read Using target pools.",
+      "id": "TargetPool",
+      "properties": {
+        "backupPool": {
+          "description": "The server-defined URL for the resource. This field is applicable only when the containing target pool is serving a forwarding rule as the primary pool, and its failoverRatio field is properly set to a value between [0, 1]. backupPool and failoverRatio together define the fallback behavior of the primary target pool: if the ratio of the healthy instances in the primary pool is at or below failoverRatio, traffic arriving at the load-balanced IP will be directed to the backup pool. In case where failoverRatio and backupPool are not set, or all the instances in the backup pool are unhealthy, the traffic will be directed back to the primary pool in the \"force\" mode, where traffic will be spread to the healthy instances with the best effort, or to all instances when no instance is healthy.",
+          "type": "string"
+        },
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
+        },
+        "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
+          "type": "string"
+        },
+        "failoverRatio": {
+          "description": "This field is applicable only when the containing target pool is serving a forwarding rule as the primary pool (i.e., not as a backup pool to some other target pool). The value of the field must be in [0, 1]. If set, backupPool must also be set. They together define the fallback behavior of the primary target pool: if the ratio of the healthy instances in the primary pool is at or below this number, traffic arriving at the load-balanced IP will be directed to the backup pool. In case where failoverRatio is not set or all the instances in the backup pool are unhealthy, the traffic will be directed back to the primary pool in the \"force\" mode, where traffic will be spread to the healthy instances with the best effort, or to all instances when no instance is healthy.",
+          "format": "float",
+          "type": "number"
+        },
+        "healthChecks": {
+          "description": "The URL of the HttpHealthCheck resource. A member instance in this pool is considered healthy if and only if the health checks pass. Only legacy HttpHealthChecks are supported. Only one health check may be specified.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "instances": {
+          "description": "A list of resource URLs to the virtual machine instances serving this pool. They must live in zones contained in the same region as this pool.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "kind": {
+          "default": "compute#targetPool",
+          "description": "[Output Only] Type of the resource. Always compute#targetPool for target pools.",
+          "type": "string"
+        },
+        "name": {
+          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "region": {
+          "description": "[Output Only] URL of the region where the target pool resides.",
+          "type": "string"
+        },
+        "securityPolicy": {
+          "description": "[Output Only] The resource URL for the security policy associated with this target pool.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
+          "type": "string"
+        },
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "type": "string"
+        },
+        "sessionAffinity": {
+          "description": "Session affinity option, must be one of the following values: NONE: Connections from the same client IP may go to any instance in the pool. CLIENT_IP: Connections from the same client IP will go to the same instance in the pool while that instance remains healthy. CLIENT_IP_PROTO: Connections from the same client IP with the same IP protocol will go to the same instance in the pool while that instance remains healthy.",
+          "enum": [
+            "CLIENT_IP",
+            "CLIENT_IP_NO_DESTINATION",
+            "CLIENT_IP_PORT_PROTO",
+            "CLIENT_IP_PROTO",
+            "GENERATED_COOKIE",
+            "HEADER_FIELD",
+            "HTTP_COOKIE",
+            "NONE"
+          ],
+          "enumDescriptions": [
+            "2-tuple hash on packet's source and destination IP addresses. Connections from the same source IP address to the same destination IP address will be served by the same backend VM while that VM remains healthy.",
+            "1-tuple hash only on packet's source IP address. Connections from the same source IP address will be served by the same backend VM while that VM remains healthy. This option can only be used for Internal TCP/UDP Load Balancing.",
+            "5-tuple hash on packet's source and destination IP addresses, IP protocol, and source and destination ports. Connections for the same IP protocol from the same source IP address and port to the same destination IP address and port will be served by the same backend VM while that VM remains healthy. This option cannot be used for HTTP(S) load balancing.",
+            "3-tuple hash on packet's source and destination IP addresses, and IP protocol. Connections for the same IP protocol from the same source IP address to the same destination IP address will be served by the same backend VM while that VM remains healthy. This option cannot be used for HTTP(S) load balancing.",
+            "Hash based on a cookie generated by the L7 loadbalancer. Only valid for HTTP(S) load balancing.",
+            "The hash is based on a user specified header field.",
+            "The hash is based on a user provided cookie.",
+            "No session affinity. Connections from the same client IP may go to any instance in the pool."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "TargetPoolAggregatedList": {
+      "id": "TargetPoolAggregatedList",
+      "properties": {
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "type": "string"
+        },
+        "items": {
+          "additionalProperties": {
+            "$ref": "TargetPoolsScopedList",
+            "description": "Name of the scope containing this set of target pools."
+          },
+          "description": "A list of TargetPool resources.",
+          "type": "object"
+        },
+        "kind": {
+          "default": "compute#targetPoolAggregatedList",
+          "description": "[Output Only] Type of resource. Always compute#targetPoolAggregatedList for aggregated lists of target pools.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "warning": {
+          "description": "[Output Only] Informational warning message.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -79702,225 +88811,35 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "TargetPool": {
-      "description": "Represents a Target Pool resource. Target pools are used for network TCP/UDP load balancing. A target pool references member instances, an associated legacy HttpHealthCheck resource, and, optionally, a backup target pool. For more information, read Using target pools.",
-      "id": "TargetPool",
-      "properties": {
-        "backupPool": {
-          "description": "The server-defined URL for the resource. This field is applicable only when the containing target pool is serving a forwarding rule as the primary pool, and its failoverRatio field is properly set to a value between [0, 1]. backupPool and failoverRatio together define the fallback behavior of the primary target pool: if the ratio of the healthy instances in the primary pool is at or below failoverRatio, traffic arriving at the load-balanced IP will be directed to the backup pool. In case where failoverRatio and backupPool are not set, or all the instances in the backup pool are unhealthy, the traffic will be directed back to the primary pool in the \"force\" mode, where traffic will be spread to the healthy instances with the best effort, or to all instances when no instance is healthy.",
-          "type": "string"
-        },
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
-          "type": "string"
-        },
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
-          "type": "string"
-        },
-        "failoverRatio": {
-          "description": "This field is applicable only when the containing target pool is serving a forwarding rule as the primary pool (i.e., not as a backup pool to some other target pool). The value of the field must be in [0, 1]. If set, backupPool must also be set. They together define the fallback behavior of the primary target pool: if the ratio of the healthy instances in the primary pool is at or below this number, traffic arriving at the load-balanced IP will be directed to the backup pool. In case where failoverRatio is not set or all the instances in the backup pool are unhealthy, the traffic will be directed back to the primary pool in the \"force\" mode, where traffic will be spread to the healthy instances with the best effort, or to all instances when no instance is healthy.",
-          "format": "float",
-          "type": "number"
-        },
-        "healthChecks": {
-          "description": "The URL of the HttpHealthCheck resource. A member instance in this pool is considered healthy if and only if the health checks pass. Only legacy HttpHealthChecks are supported. Only one health check may be specified.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "instances": {
-          "description": "A list of resource URLs to the virtual machine instances serving this pool. They must live in zones contained in the same region as this pool.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "kind": {
-          "default": "compute#targetPool",
-          "description": "[Output Only] Type of the resource. Always compute#targetPool for target pools.",
-          "type": "string"
-        },
-        "name": {
-          "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-          "type": "string"
-        },
-        "region": {
-          "description": "[Output Only] URL of the region where the target pool resides.",
-          "type": "string"
-        },
-        "securityPolicy": {
-          "description": "[Output Only] The resource URL for the security policy associated with this target pool.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
-          "type": "string"
-        },
-        "selfLinkWithId": {
-          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
-          "type": "string"
-        },
-        "sessionAffinity": {
-          "description": "Session affinity option, must be one of the following values: NONE: Connections from the same client IP may go to any instance in the pool. CLIENT_IP: Connections from the same client IP will go to the same instance in the pool while that instance remains healthy. CLIENT_IP_PROTO: Connections from the same client IP with the same IP protocol will go to the same instance in the pool while that instance remains healthy.",
-          "enum": [
-            "CLIENT_IP",
-            "CLIENT_IP_NO_DESTINATION",
-            "CLIENT_IP_PORT_PROTO",
-            "CLIENT_IP_PROTO",
-            "GENERATED_COOKIE",
-            "HEADER_FIELD",
-            "HTTP_COOKIE",
-            "NONE"
-          ],
-          "enumDescriptions": [
-            "2-tuple hash on packet's source and destination IP addresses. Connections from the same source IP address to the same destination IP address will be served by the same backend VM while that VM remains healthy.",
-            "1-tuple hash only on packet's source IP address. Connections from the same source IP address will be served by the same backend VM while that VM remains healthy. This option can only be used for Internal TCP/UDP Load Balancing.",
-            "5-tuple hash on packet's source and destination IP addresses, IP protocol, and source and destination ports. Connections for the same IP protocol from the same source IP address and port to the same destination IP address and port will be served by the same backend VM while that VM remains healthy. This option cannot be used for HTTP(S) load balancing.",
-            "3-tuple hash on packet's source and destination IP addresses, and IP protocol. Connections for the same IP protocol from the same source IP address to the same destination IP address will be served by the same backend VM while that VM remains healthy. This option cannot be used for HTTP(S) load balancing.",
-            "Hash based on a cookie generated by the L7 loadbalancer. Only valid for HTTP(S) load balancing.",
-            "The hash is based on a user specified header field.",
-            "The hash is based on a user provided cookie.",
-            "No session affinity. Connections from the same client IP may go to any instance in the pool."
-          ],
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "TargetPoolAggregatedList": {
-      "id": "TargetPoolAggregatedList",
-      "properties": {
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
-          "type": "string"
-        },
-        "items": {
-          "additionalProperties": {
-            "$ref": "TargetPoolsScopedList",
-            "description": "Name of the scope containing this set of target pools."
-          },
-          "description": "A list of TargetPool resources.",
-          "type": "object"
-        },
-        "kind": {
-          "default": "compute#targetPoolAggregatedList",
-          "description": "[Output Only] Type of resource. Always compute#targetPoolAggregatedList for aggregated lists of target pools.",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
-          "type": "string"
-        },
-        "unreachables": {
-          "description": "[Output Only] Unreachable resources.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "warning": {
-          "description": "[Output Only] Informational warning message.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
               ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
@@ -79933,6 +88852,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -80041,6 +88961,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -80059,6 +88980,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -80070,6 +89021,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -80195,6 +89147,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -80213,6 +89166,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -80224,6 +89207,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -80294,7 +89278,7 @@
       "id": "TargetSslProxiesSetCertificateMapRequest",
       "properties": {
         "certificateMap": {
-          "description": "URL of the Certificate Map to associate with this TargetSslProxy.",
+          "description": "URL of the Certificate Map to associate with this TargetSslProxy. Accepted format is //certificatemanager.googleapis.com/projects/{project }/locations/{location}/certificateMaps/{resourceName}.",
           "type": "string"
         }
       },
@@ -80336,7 +89320,7 @@
       "id": "TargetSslProxy",
       "properties": {
         "certificateMap": {
-          "description": "URL of a certificate map that identifies a certificate map associated with the given target proxy. This field can only be set for global target proxies. If set, sslCertificates will be ignored.",
+          "description": "URL of a certificate map that identifies a certificate map associated with the given target proxy. This field can only be set for global target proxies. If set, sslCertificates will be ignored. Accepted format is //certificatemanager.googleapis.com/projects/{project }/locations/{location}/certificateMaps/{resourceName}.",
           "type": "string"
         },
         "creationTimestamp": {
@@ -80440,6 +89424,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -80458,6 +89443,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -80469,6 +89484,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -80542,6 +89558,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -80560,6 +89577,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -80571,6 +89618,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -80755,6 +89803,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -80773,6 +89822,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -80784,6 +89863,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -80875,6 +89955,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -80893,6 +89974,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -80904,6 +90015,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -81096,6 +90208,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -81114,6 +90227,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -81125,6 +90268,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -81216,6 +90360,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -81234,6 +90379,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -81245,6 +90420,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -81318,6 +90494,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -81336,6 +90513,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -81347,6 +90554,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -81593,23 +90801,40 @@
       "type": "object"
     },
     "UpcomingMaintenance": {
-      "description": "Upcoming Maintenance notification information. TODO(b/242069500) Deprecate this proto once it's fully migrated to be under proto ResourceStatus.UpcomingMaintenance.",
+      "description": "Upcoming Maintenance notification information.",
       "id": "UpcomingMaintenance",
       "properties": {
         "canReschedule": {
-          "description": "Indicates if the maintenance can be customer triggered. From more detail, see go/sf-ctm-design.",
+          "description": "Indicates if the maintenance can be customer triggered.",
           "type": "boolean"
         },
         "date": {
-          "description": "[Output Only] The date when the maintenance will take place. This value is in RFC3339 text format. DEPRECATED: Use start_time_window instead.",
+          "description": "[Output Only] The date when the maintenance will take place. This value is in RFC3339 text format. DEPRECATED: Use window_start_time instead.",
+          "type": "string"
+        },
+        "latestWindowStartTime": {
+          "description": "The latest time for the planned maintenance window to start. This timestamp value is in RFC3339 text format.",
+          "type": "string"
+        },
+        "maintenanceStatus": {
+          "enum": [
+            "ONGOING",
+            "PENDING",
+            "UNKNOWN"
+          ],
+          "enumDescriptions": [
+            "There is ongoing maintenance on this VM.",
+            "There is pending maintenance.",
+            "Unknown maintenance status. Do not use this value."
+          ],
           "type": "string"
         },
         "startTimeWindow": {
           "$ref": "UpcomingMaintenanceTimeWindow",
-          "description": "[Output Only] The start time window of the maintenance disruption."
+          "description": "[Output Only] The start time window of the maintenance disruption. DEPRECATED: Use window_start_time instead."
         },
         "time": {
-          "description": "[Output Only] The time when the maintenance will take place. This value is in RFC3339 text format. DEPRECATED: Use start_time_window instead.",
+          "description": "[Output Only] The time when the maintenance will take place. This value is in RFC3339 text format. DEPRECATED: Use window_start_time instead.",
           "type": "string"
         },
         "type": {
@@ -81625,6 +90850,14 @@
             "Unscheduled maintenance (e.g. emergency maintenance during uptime guarantee)."
           ],
           "type": "string"
+        },
+        "windowEndTime": {
+          "description": "The time by which the maintenance disruption will be completed. This timestamp value is in RFC3339 text format.",
+          "type": "string"
+        },
+        "windowStartTime": {
+          "description": "The current start time of the maintenance window. This timestamp value is in RFC3339 text format.",
+          "type": "string"
         }
       },
       "type": "object"
@@ -81770,6 +91003,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -81788,6 +91022,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -81799,6 +91063,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -81996,6 +91261,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -82014,6 +91280,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -82025,6 +91321,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -82098,6 +91395,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -82116,6 +91414,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -82127,6 +91455,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -82262,7 +91591,7 @@
           "type": "string"
         },
         "purpose": {
-          "description": "The purpose of the resource. This field can be either PRIVATE_RFC_1918 or INTERNAL_HTTPS_LOAD_BALANCER. A subnetwork with purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is reserved for Internal HTTP(S) Load Balancing. If unspecified, the purpose defaults to PRIVATE_RFC_1918. The enableFlowLogs field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER.",
+          "description": "The purpose of the resource. This field can be either PRIVATE, REGIONAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT, or INTERNAL_HTTPS_LOAD_BALANCER. PRIVATE is the default purpose for user-created subnets or subnets that are automatically created in auto mode networks. A subnet with purpose set to REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved for regional Envoy-based load balancers. A subnet with purpose set to PRIVATE_SERVICE_CONNECT is used to publish services using Private Service Connect. A subnet with purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a proxy-only subnet that can be used only by regional internal HTTP(S) load balancers. Note that REGIONAL_MANAGED_PROXY is the preferred setting for all regional Envoy load balancers. If unspecified, the subnet purpose defaults to PRIVATE. The enableFlowLogs field isn't supported if the subnet purpose field is set to REGIONAL_MANAGED_PROXY.",
           "enum": [
             "AGGREGATE",
             "CLOUD_EXTENSION",
@@ -82288,7 +91617,7 @@
           "type": "string"
         },
         "role": {
-          "description": "The role of subnetwork. Currently, this field is only used when purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently being used for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one that is ready to be promoted to ACTIVE or is currently draining. This field can be updated with a patch request.",
+          "description": "The role of subnetwork. Currently, this field is only used when purpose = REGIONAL_MANAGED_PROXY. The value can be set to ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently being used for Envoy-based load balancers in a region. A BACKUP subnetwork is one that is ready to be promoted to ACTIVE or is currently draining. This field can be updated with a patch request.",
           "enum": [
             "ACTIVE",
             "BACKUP"
@@ -82383,6 +91712,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -82401,6 +91731,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -82412,6 +91772,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -82617,6 +91978,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -82635,6 +91997,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -82646,6 +92038,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -82770,11 +92163,13 @@
           "description": "The stack type for this VPN gateway to identify the IP protocols that are enabled. Possible values are: IPV4_ONLY, IPV4_IPV6. If not specified, IPV4_ONLY will be used.",
           "enum": [
             "IPV4_IPV6",
-            "IPV4_ONLY"
+            "IPV4_ONLY",
+            "IPV6_ONLY"
           ],
           "enumDescriptions": [
             "Enable VPN gateway with both IPv4 and IPv6 protocols.",
-            "Enable VPN gateway with only IPv4 protocol."
+            "Enable VPN gateway with only IPv4 protocol.",
+            "Enable VPN gateway with only IPv6 protocol."
           ],
           "type": "string"
         },
@@ -82839,6 +92234,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -82857,6 +92253,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -82868,6 +92294,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -82959,6 +92386,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -82977,6 +92405,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -82988,6 +92446,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -83087,7 +92546,7 @@
           "type": "integer"
         },
         "peerGatewayInterface": {
-          "description": "The peer gateway interface this VPN tunnel is connected to, the peer gateway could either be an external VPN gateway or GCP VPN gateway.",
+          "description": "The peer gateway interface this VPN tunnel is connected to, the peer gateway could either be an external VPN gateway or a Google Cloud VPN gateway.",
           "format": "uint32",
           "type": "integer"
         },
@@ -83099,7 +92558,7 @@
       "type": "object"
     },
     "VpnGatewayStatusVpnConnection": {
-      "description": "A VPN connection contains all VPN tunnels connected from this VpnGateway to the same peer gateway. The peer gateway could either be a external VPN gateway or GCP VPN gateway.",
+      "description": "A VPN connection contains all VPN tunnels connected from this VpnGateway to the same peer gateway. The peer gateway could either be an external VPN gateway or a Google Cloud VPN gateway.",
       "id": "VpnGatewayStatusVpnConnection",
       "properties": {
         "peerExternalGateway": {
@@ -83183,6 +92642,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -83201,6 +92661,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -83212,6 +92702,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -83464,6 +92955,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -83482,6 +92974,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -83493,6 +93015,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -83584,6 +93107,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -83602,6 +93126,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -83613,6 +93167,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -83686,6 +93241,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -83704,6 +93260,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -83715,6 +93301,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -83864,6 +93451,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -83882,6 +93470,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -83893,6 +93511,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -84071,6 +93690,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -84089,6 +93709,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -84100,6 +93750,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
diff --git a/vendor/google.golang.org/api/compute/v0.alpha/compute-gen.go b/vendor/google.golang.org/api/compute/v0.alpha/compute-gen.go
index f5fb49b20..221ffcbd1 100644
--- a/vendor/google.golang.org/api/compute/v0.alpha/compute-gen.go
+++ b/vendor/google.golang.org/api/compute/v0.alpha/compute-gen.go
@@ -75,6 +75,7 @@ var _ = errors.New
 var _ = strings.Replace
 var _ = context.Canceled
 var _ = internaloption.WithDefaultEndpoint
+var _ = internal.Version
 
 const apiId = "compute:alpha"
 const apiName = "compute"
@@ -149,6 +150,7 @@ func New(client *http.Client) (*Service, error) {
 	s.Autoscalers = NewAutoscalersService(s)
 	s.BackendBuckets = NewBackendBucketsService(s)
 	s.BackendServices = NewBackendServicesService(s)
+	s.DiskSettings = NewDiskSettingsService(s)
 	s.DiskTypes = NewDiskTypesService(s)
 	s.Disks = NewDisksService(s)
 	s.ExternalVpnGateways = NewExternalVpnGatewaysService(s)
@@ -170,6 +172,7 @@ func New(client *http.Client) (*Service, error) {
 	s.InstanceGroupManagerResizeRequests = NewInstanceGroupManagerResizeRequestsService(s)
 	s.InstanceGroupManagers = NewInstanceGroupManagersService(s)
 	s.InstanceGroups = NewInstanceGroupsService(s)
+	s.InstanceSettings = NewInstanceSettingsService(s)
 	s.InstanceTemplates = NewInstanceTemplatesService(s)
 	s.Instances = NewInstancesService(s)
 	s.InstantSnapshots = NewInstantSnapshotsService(s)
@@ -197,6 +200,7 @@ func New(client *http.Client) (*Service, error) {
 	s.RegionAutoscalers = NewRegionAutoscalersService(s)
 	s.RegionBackendServices = NewRegionBackendServicesService(s)
 	s.RegionCommitments = NewRegionCommitmentsService(s)
+	s.RegionDiskSettings = NewRegionDiskSettingsService(s)
 	s.RegionDiskTypes = NewRegionDiskTypesService(s)
 	s.RegionDisks = NewRegionDisksService(s)
 	s.RegionHealthCheckServices = NewRegionHealthCheckServicesService(s)
@@ -217,6 +221,7 @@ func New(client *http.Client) (*Service, error) {
 	s.RegionTargetHttpsProxies = NewRegionTargetHttpsProxiesService(s)
 	s.RegionTargetTcpProxies = NewRegionTargetTcpProxiesService(s)
 	s.RegionUrlMaps = NewRegionUrlMapsService(s)
+	s.RegionZones = NewRegionZonesService(s)
 	s.Regions = NewRegionsService(s)
 	s.Reservations = NewReservationsService(s)
 	s.ResourcePolicies = NewResourcePoliciesService(s)
@@ -224,9 +229,11 @@ func New(client *http.Client) (*Service, error) {
 	s.Routes = NewRoutesService(s)
 	s.SecurityPolicies = NewSecurityPoliciesService(s)
 	s.ServiceAttachments = NewServiceAttachmentsService(s)
+	s.SnapshotSettings = NewSnapshotSettingsService(s)
 	s.Snapshots = NewSnapshotsService(s)
 	s.SslCertificates = NewSslCertificatesService(s)
 	s.SslPolicies = NewSslPoliciesService(s)
+	s.StoragePools = NewStoragePoolsService(s)
 	s.Subnetworks = NewSubnetworksService(s)
 	s.TargetGrpcProxies = NewTargetGrpcProxiesService(s)
 	s.TargetHttpProxies = NewTargetHttpProxiesService(s)
@@ -260,6 +267,8 @@ type Service struct {
 
 	BackendServices *BackendServicesService
 
+	DiskSettings *DiskSettingsService
+
 	DiskTypes *DiskTypesService
 
 	Disks *DisksService
@@ -302,6 +311,8 @@ type Service struct {
 
 	InstanceGroups *InstanceGroupsService
 
+	InstanceSettings *InstanceSettingsService
+
 	InstanceTemplates *InstanceTemplatesService
 
 	Instances *InstancesService
@@ -356,6 +367,8 @@ type Service struct {
 
 	RegionCommitments *RegionCommitmentsService
 
+	RegionDiskSettings *RegionDiskSettingsService
+
 	RegionDiskTypes *RegionDiskTypesService
 
 	RegionDisks *RegionDisksService
@@ -396,6 +409,8 @@ type Service struct {
 
 	RegionUrlMaps *RegionUrlMapsService
 
+	RegionZones *RegionZonesService
+
 	Regions *RegionsService
 
 	Reservations *ReservationsService
@@ -410,12 +425,16 @@ type Service struct {
 
 	ServiceAttachments *ServiceAttachmentsService
 
+	SnapshotSettings *SnapshotSettingsService
+
 	Snapshots *SnapshotsService
 
 	SslCertificates *SslCertificatesService
 
 	SslPolicies *SslPoliciesService
 
+	StoragePools *StoragePoolsService
+
 	Subnetworks *SubnetworksService
 
 	TargetGrpcProxies *TargetGrpcProxiesService
@@ -499,6 +518,15 @@ type BackendServicesService struct {
 	s *Service
 }
 
+func NewDiskSettingsService(s *Service) *DiskSettingsService {
+	rs := &DiskSettingsService{s: s}
+	return rs
+}
+
+type DiskSettingsService struct {
+	s *Service
+}
+
 func NewDiskTypesService(s *Service) *DiskTypesService {
 	rs := &DiskTypesService{s: s}
 	return rs
@@ -688,6 +716,15 @@ type InstanceGroupsService struct {
 	s *Service
 }
 
+func NewInstanceSettingsService(s *Service) *InstanceSettingsService {
+	rs := &InstanceSettingsService{s: s}
+	return rs
+}
+
+type InstanceSettingsService struct {
+	s *Service
+}
+
 func NewInstanceTemplatesService(s *Service) *InstanceTemplatesService {
 	rs := &InstanceTemplatesService{s: s}
 	return rs
@@ -931,6 +968,15 @@ type RegionCommitmentsService struct {
 	s *Service
 }
 
+func NewRegionDiskSettingsService(s *Service) *RegionDiskSettingsService {
+	rs := &RegionDiskSettingsService{s: s}
+	return rs
+}
+
+type RegionDiskSettingsService struct {
+	s *Service
+}
+
 func NewRegionDiskTypesService(s *Service) *RegionDiskTypesService {
 	rs := &RegionDiskTypesService{s: s}
 	return rs
@@ -1111,6 +1157,15 @@ type RegionUrlMapsService struct {
 	s *Service
 }
 
+func NewRegionZonesService(s *Service) *RegionZonesService {
+	rs := &RegionZonesService{s: s}
+	return rs
+}
+
+type RegionZonesService struct {
+	s *Service
+}
+
 func NewRegionsService(s *Service) *RegionsService {
 	rs := &RegionsService{s: s}
 	return rs
@@ -1174,6 +1229,15 @@ type ServiceAttachmentsService struct {
 	s *Service
 }
 
+func NewSnapshotSettingsService(s *Service) *SnapshotSettingsService {
+	rs := &SnapshotSettingsService{s: s}
+	return rs
+}
+
+type SnapshotSettingsService struct {
+	s *Service
+}
+
 func NewSnapshotsService(s *Service) *SnapshotsService {
 	rs := &SnapshotsService{s: s}
 	return rs
@@ -1201,6 +1265,15 @@ type SslPoliciesService struct {
 	s *Service
 }
 
+func NewStoragePoolsService(s *Service) *StoragePoolsService {
+	rs := &StoragePoolsService{s: s}
+	return rs
+}
+
+type StoragePoolsService struct {
+	s *Service
+}
+
 func NewSubnetworksService(s *Service) *SubnetworksService {
 	rs := &SubnetworksService{s: s}
 	return rs
@@ -1585,6 +1658,9 @@ type AcceleratorTypeAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -1775,6 +1851,9 @@ type AcceleratorTypeListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -1944,6 +2023,9 @@ type AcceleratorTypesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -2054,32 +2136,35 @@ func (s *AcceleratorTypesScopedListWarningData) MarshalJSON() ([]byte, error) {
 // AccessConfig: An access configuration attached to an instance's
 // network interface. Only one access config per instance is supported.
 type AccessConfig struct {
-	// ExternalIpv6: The first IPv6 address of the external IPv6 range
-	// associated with this instance, prefix length is stored in
-	// externalIpv6PrefixLength in ipv6AccessConfig. To use a static
-	// external IP address, it must be unused and in the same region as the
-	// instance's zone. If not specified, GCP will automatically assign an
-	// external IPv6 address from the instance's subnetwork.
+	// ExternalIpv6: Applies to ipv6AccessConfigs only. The first IPv6
+	// address of the external IPv6 range associated with this instance,
+	// prefix length is stored in externalIpv6PrefixLength in
+	// ipv6AccessConfig. To use a static external IP address, it must be
+	// unused and in the same region as the instance's zone. If not
+	// specified, Google Cloud will automatically assign an external IPv6
+	// address from the instance's subnetwork.
 	ExternalIpv6 string `json:"externalIpv6,omitempty"`
 
-	// ExternalIpv6PrefixLength: The prefix length of the external IPv6
-	// range.
+	// ExternalIpv6PrefixLength: Applies to ipv6AccessConfigs only. The
+	// prefix length of the external IPv6 range.
 	ExternalIpv6PrefixLength int64 `json:"externalIpv6PrefixLength,omitempty"`
 
 	// Kind: [Output Only] Type of the resource. Always compute#accessConfig
 	// for access configs.
 	Kind string `json:"kind,omitempty"`
 
-	// Name: The name of this access configuration. The default and
-	// recommended name is External NAT, but you can use any arbitrary
-	// string, such as My external IP or Network Access.
+	// Name: The name of this access configuration. In accessConfigs (IPv4),
+	// the default and recommended name is External NAT, but you can use any
+	// arbitrary string, such as My external IP or Network Access. In
+	// ipv6AccessConfigs, the recommend name is External IPv6.
 	Name string `json:"name,omitempty"`
 
-	// NatIP: An external IP address associated with this instance. Specify
-	// an unused static external IP address available to the project or
-	// leave this field undefined to use an IP from a shared ephemeral IP
-	// address pool. If you specify a static external IP address, it must
-	// live in the same region as the zone of the instance.
+	// NatIP: Applies to accessConfigs (IPv4) only. An external IP address
+	// associated with this instance. Specify an unused static external IP
+	// address available to the project or leave this field undefined to use
+	// an IP from a shared ephemeral IP address pool. If you specify a
+	// static external IP address, it must live in the same region as the
+	// zone of the instance.
 	NatIP string `json:"natIP,omitempty"`
 
 	// NetworkTier: This signifies the networking tier used for configuring
@@ -2129,12 +2214,13 @@ type AccessConfig struct {
 	// associated.
 	SetPublicPtr bool `json:"setPublicPtr,omitempty"`
 
-	// Type: The type of configuration. The default and only option is
-	// ONE_TO_ONE_NAT.
+	// Type: The type of configuration. In accessConfigs (IPv4), the default
+	// and only option is ONE_TO_ONE_NAT. In ipv6AccessConfigs, the default
+	// and only option is DIRECT_IPV6.
 	//
 	// Possible values:
 	//   "DIRECT_IPV6"
-	//   "ONE_TO_ONE_NAT" (default)
+	//   "ONE_TO_ONE_NAT"
 	Type string `json:"type,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g. "ExternalIpv6") to
@@ -2194,8 +2280,7 @@ type Address struct {
 	Id uint64 `json:"id,omitempty,string"`
 
 	// IpVersion: The IP version that will be used by this address. Valid
-	// options are IPV4 or IPV6. This can only be specified for a global
-	// address.
+	// options are IPV4 or IPV6.
 	//
 	// Possible values:
 	//   "IPV4"
@@ -2458,6 +2543,9 @@ type AddressAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -2647,6 +2735,9 @@ type AddressListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -2814,6 +2905,9 @@ type AddressesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -3042,12 +3136,25 @@ type AllocationAggregateReservation struct {
 	// reservation must belong to.
 	//
 	// Possible values:
+	//   "VM_FAMILY_CLOUD_TPU_LITE_DEVICE_CT5L"
+	//   "VM_FAMILY_CLOUD_TPU_LITE_POD_SLICE_CT5LP"
 	//   "VM_FAMILY_CLOUD_TPU_POD_SLICE_CT4P"
 	//   "VM_FAMILY_COMPUTE_OPTIMIZED_C3"
 	//   "VM_FAMILY_GENERAL_PURPOSE_T2D"
 	//   "VM_FAMILY_MEMORY_OPTIMIZED_M3"
 	VmFamily string `json:"vmFamily,omitempty"`
 
+	// WorkloadType: The workload type of the instances that will target
+	// this reservation.
+	//
+	// Possible values:
+	//   "BATCH" - Reserved resources will be optimized for BATCH workloads,
+	// such as ML training.
+	//   "SERVING" - Reserved resources will be optimized for SERVING
+	// workloads, such as ML inference.
+	//   "UNSPECIFIED"
+	WorkloadType string `json:"workloadType,omitempty"`
+
 	// ForceSendFields is a list of field names (e.g. "InUseResources") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
@@ -3261,6 +3368,10 @@ type AllocationSpecificSKUAllocationReservedInstanceProperties struct {
 	// events. The accepted values are: `PERIODIC`.
 	//
 	// Possible values:
+	//   "AS_NEEDED" - VMs are eligible to receive infrastructure and
+	// hypervisor updates as they become available. This may result in more
+	// maintenance operations (live migrations or terminations) for the VM
+	// than the PERIODIC and RECURRENT options.
 	//   "PERIODIC" - VMs receive infrastructure and hypervisor updates on a
 	// periodic basis, minimizing the number of maintenance operations (live
 	// migrations or terminations) on an individual VM. This may mean a VM
@@ -3578,6 +3689,10 @@ type AttachedDiskInitializeParams struct {
 	// example: pd-standard.
 	DiskType string `json:"diskType,omitempty"`
 
+	// EnableConfidentialCompute: Whether this disk is using confidential
+	// compute mode.
+	EnableConfidentialCompute bool `json:"enableConfidentialCompute,omitempty"`
+
 	// GuestOsFeatures: A list of features to enable on the guest operating
 	// system. Applicable only for bootable images. Read Enabling guest
 	// operating system features to see a list of available options. Guest
@@ -3638,8 +3753,7 @@ type AttachedDiskInitializeParams struct {
 	// ReplicaZones: Required for each regional disk associated with the
 	// instance. Specify the URLs of the zones where the disk should be
 	// replicated to. You must provide exactly two replica zones, and one
-	// zone must be the same as the instance zone. You can't use this option
-	// with boot disks.
+	// zone must be the same as the instance zone.
 	ReplicaZones []string `json:"replicaZones,omitempty"`
 
 	// ResourceManagerTags: Resource manager tags to be bound to the disk.
@@ -3701,6 +3815,15 @@ type AttachedDiskInitializeParams struct {
 	// the source snapshot.
 	SourceSnapshotEncryptionKey *CustomerEncryptionKey `json:"sourceSnapshotEncryptionKey,omitempty"`
 
+	// StoragePool: The storage pool in which the new disk is created. You
+	// can provide this as a partial or full URL to the resource. For
+	// example, the following are valid values: -
+	// https://www.googleapis.com/compute/v1/projects/project/zones/zone
+	// /storagePools/storagePool -
+	// projects/project/zones/zone/storagePools/storagePool -
+	// zones/zone/storagePools/storagePool
+	StoragePool string `json:"storagePool,omitempty"`
+
 	// ForceSendFields is a list of field names (e.g. "Architecture") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
@@ -4168,6 +4291,9 @@ type AutoscalerAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -4357,6 +4483,9 @@ type AutoscalerListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -4640,6 +4769,9 @@ type AutoscalersScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -4749,15 +4881,17 @@ func (s *AutoscalersScopedListWarningData) MarshalJSON() ([]byte, error) {
 
 // AutoscalingPolicy: Cloud Autoscaler policy.
 type AutoscalingPolicy struct {
-	// CoolDownPeriodSec: The number of seconds that the autoscaler waits
-	// before it starts collecting information from a new instance. This
-	// prevents the autoscaler from collecting information when the instance
-	// is initializing, during which the collected usage would not be
-	// reliable. The default time autoscaler waits is 60 seconds. Virtual
-	// machine initialization times might vary because of numerous factors.
-	// We recommend that you test how long an instance may take to
-	// initialize. To do this, create an instance and time the startup
-	// process.
+	// CoolDownPeriodSec: The number of seconds that your application takes
+	// to initialize on a VM instance. This is referred to as the
+	// initialization period (/compute/docs/autoscaler#cool_down_period).
+	// Specifying an accurate initialization period improves autoscaler
+	// decisions. For example, when scaling out, the autoscaler ignores data
+	// from VMs that are still initializing because those VMs might not yet
+	// represent normal usage of your application. The default
+	// initialization period is 60 seconds. Initialization periods might
+	// vary because of numerous factors. We recommend that you test how long
+	// your application takes to initialize. To do this, create a VM and
+	// time your application's startup process.
 	CoolDownPeriodSec int64 `json:"coolDownPeriodSec,omitempty"`
 
 	// CpuUtilization: Defines the CPU utilization policy that allows the
@@ -4785,7 +4919,12 @@ type AutoscalingPolicy struct {
 	// instances allowed.
 	MinNumReplicas int64 `json:"minNumReplicas,omitempty"`
 
-	// Mode: Defines operating mode for this policy.
+	// Mode: Defines the operating mode for this policy. The following modes
+	// are available: - OFF: Disables the autoscaler but maintains its
+	// configuration. - ONLY_SCALE_OUT: Restricts the autoscaler to add VM
+	// instances only. - ON: Enables all autoscaler activities according to
+	// its policy. For more information, see "Turning off or restricting an
+	// autoscaler"
 	//
 	// Possible values:
 	//   "OFF" - Do not automatically scale the MIG in or out. The
@@ -5303,6 +5442,21 @@ type Backend struct {
 	// usage guidelines, see Utilization balancing mode.
 	MaxUtilization float64 `json:"maxUtilization,omitempty"`
 
+	// Preference: This field indicates whether this backend should be fully
+	// utilized before sending traffic to backends with default preference.
+	// The possible values are: - PREFERRED: Backends with this preference
+	// level will be filled up to their capacity limits first, based on RTT.
+	// - DEFAULT: If preferred backends don't have enough capacity, backends
+	// in this layer would be used and traffic would be assigned based on
+	// the load balancing algorithm you use. This is the default
+	//
+	// Possible values:
+	//   "DEFAULT" - No preference.
+	//   "PREFERENCE_UNSPECIFIED" - If preference is unspecified, we set it
+	// to the DEFAULT value
+	//   "PREFERRED" - Traffic will be sent to this backend first.
+	Preference string `json:"preference,omitempty"`
+
 	// ForceSendFields is a list of field names (e.g. "BalancingMode") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
@@ -5370,8 +5524,8 @@ type BackendBucket struct {
 	// format.
 	CreationTimestamp string `json:"creationTimestamp,omitempty"`
 
-	// CustomResponseHeaders: Headers that the HTTP/S load balancer should
-	// add to proxied responses.
+	// CustomResponseHeaders: Headers that the Application Load Balancer
+	// should add to proxied responses.
 	CustomResponseHeaders []string `json:"customResponseHeaders,omitempty"`
 
 	// Description: An optional textual description of the resource;
@@ -5786,6 +5940,9 @@ type BackendBucketListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -6168,6 +6325,10 @@ type BackendService struct {
 	// loadBalancingScheme of the backend service is INTERNAL_SELF_MANAGED.
 	MaxStreamDuration *Duration `json:"maxStreamDuration,omitempty"`
 
+	// Metadatas: Deployment metadata associated with the resource to be set
+	// by a GKE hub controller and read by the backend RCTH
+	Metadatas map[string]string `json:"metadatas,omitempty"`
+
 	// Name: Name of the resource. Provided by the client when the resource
 	// is created. The name must be 1-63 characters long, and comply with
 	// RFC1035. Specifically, the name must be 1-63 characters long and
@@ -6182,13 +6343,32 @@ type BackendService struct {
 	// scheme is set to INTERNAL.
 	Network string `json:"network,omitempty"`
 
-	// OutlierDetection: Settings controlling the eviction of unhealthy
-	// hosts from the load balancing pool for the backend service. If not
-	// set, this feature is considered disabled. This field is applicable to
-	// either: - A regional backend service with the service_protocol set to
-	// HTTP, HTTPS, HTTP2, or GRPC, and load_balancing_scheme set to
-	// INTERNAL_MANAGED. - A global backend service with the
-	// load_balancing_scheme set to INTERNAL_SELF_MANAGED.
+	// OutlierDetection: Settings controlling the ejection of unhealthy
+	// backend endpoints from the load balancing pool of each individual
+	// proxy instance that processes the traffic for the given backend
+	// service. If not set, this feature is considered disabled. Results of
+	// the outlier detection algorithm (ejection of endpoints from the load
+	// balancing pool and returning them back to the pool) are executed
+	// independently by each proxy instance of the load balancer. In most
+	// cases, more than one proxy instance handles the traffic received by a
+	// backend service. Thus, it is possible that an unhealthy endpoint is
+	// detected and ejected by only some of the proxies, and while this
+	// happens, other proxies may continue to send requests to the same
+	// unhealthy endpoint until they detect and eject the unhealthy
+	// endpoint. Applicable backend endpoints can be: - VM instances in an
+	// Instance Group - Endpoints in a Zonal NEG (GCE_VM_IP, GCE_VM_IP_PORT)
+	// - Endpoints in a Hybrid Connectivity NEG (NON_GCP_PRIVATE_IP_PORT) -
+	// Serverless NEGs, that resolve to Cloud Run, App Engine, or Cloud
+	// Functions Services - Private Service Connect NEGs, that resolve to
+	// Google-managed regional API endpoints or managed services published
+	// using Private Service Connect Applicable backend service types can
+	// be: - A global backend service with the loadBalancingScheme set to
+	// INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. - A regional backend
+	// service with the serviceProtocol set to HTTP, HTTPS, or HTTP2, and
+	// loadBalancingScheme set to INTERNAL_MANAGED or EXTERNAL_MANAGED. Not
+	// supported for Serverless NEGs. Not supported when the backend service
+	// is referenced by a URL map that is bound to target gRPC proxy that
+	// has validateForProxyless field set to true.
 	OutlierDetection *OutlierDetection `json:"outlierDetection,omitempty"`
 
 	// Port: Deprecated in favor of portName. The TCP port to connect on the
@@ -6255,10 +6435,8 @@ type BackendService struct {
 	ServiceBindings []string `json:"serviceBindings,omitempty"`
 
 	// ServiceLbPolicy: URL to networkservices.ServiceLbPolicy resource. Can
-	// only be set if load balancing scheme is EXTERNAL, INTERNAL_MANAGED or
-	// INTERNAL_SELF_MANAGED. If used with a backend service, must reference
-	// a global policy. If used with a regional backend service, must
-	// reference a regional policy.
+	// only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED,
+	// INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.
 	ServiceLbPolicy string `json:"serviceLbPolicy,omitempty"`
 
 	// SessionAffinity: Type of session affinity to use. The default is
@@ -6310,6 +6488,8 @@ type BackendService struct {
 	// use maxStreamDuration.
 	TimeoutSec int64 `json:"timeoutSec,omitempty"`
 
+	UsedBys []*BackendServiceUsedBy `json:"usedBys,omitempty"`
+
 	// VpcNetworkScope: The network scope of the backends that can be added
 	// to the backend service. This field can be either GLOBAL_VPC_NETWORK
 	// or REGIONAL_VPC_NETWORK. A backend service with the VPC scope set to
@@ -6441,6 +6621,9 @@ type BackendServiceAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -7151,6 +7334,9 @@ type BackendServiceListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -7258,6 +7444,198 @@ func (s *BackendServiceListWarningData) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+// BackendServiceListUsable: Contains a list of usable BackendService
+// resources.
+type BackendServiceListUsable struct {
+	// Id: [Output Only] Unique identifier for the resource; defined by the
+	// server.
+	Id string `json:"id,omitempty"`
+
+	// Kind: [Output Only] Type of resource. Always
+	// compute#usableBackendServiceList for lists of usable backend
+	// services.
+	Kind string `json:"kind,omitempty"`
+
+	// NextPageToken: [Output Only] This token allows you to get the next
+	// page of results for list requests. If the number of results is larger
+	// than maxResults, use the nextPageToken as a value for the query
+	// parameter pageToken in the next list request. Subsequent list
+	// requests will have their own nextPageToken to continue paging through
+	// the results.
+	NextPageToken string `json:"nextPageToken,omitempty"`
+
+	// SelfLink: [Output Only] Server-defined URL for this resource.
+	SelfLink string `json:"selfLink,omitempty"`
+
+	// Warning: [Output Only] Informational warning message.
+	Warning *BackendServiceListUsableWarning `json:"warning,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "Id") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Id") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *BackendServiceListUsable) MarshalJSON() ([]byte, error) {
+	type NoMethod BackendServiceListUsable
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// BackendServiceListUsableWarning: [Output Only] Informational warning
+// message.
+type BackendServiceListUsableWarning struct {
+	// Code: [Output Only] A warning code, if applicable. For example,
+	// Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in
+	// the response.
+	//
+	// Possible values:
+	//   "CLEANUP_FAILED" - Warning about failed cleanup of transient
+	// changes made by a failed operation.
+	//   "DEPRECATED_RESOURCE_USED" - A link to a deprecated resource was
+	// created.
+	//   "DEPRECATED_TYPE_USED" - When deploying and at least one of the
+	// resources has a type marked as deprecated
+	//   "DISK_SIZE_LARGER_THAN_IMAGE_SIZE" - The user created a boot disk
+	// that is larger than image size.
+	//   "EXPERIMENTAL_TYPE_USED" - When deploying and at least one of the
+	// resources has a type marked as experimental
+	//   "EXTERNAL_API_WARNING" - Warning that is present in an external api
+	// call
+	//   "FIELD_VALUE_OVERRIDEN" - Warning that value of a field has been
+	// overridden. Deprecated unused field.
+	//   "INJECTED_KERNELS_DEPRECATED" - The operation involved use of an
+	// injected kernel, which is deprecated.
+	//   "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB" - A WEIGHTED_MAGLEV
+	// backend service is associated with a health check that is not of type
+	// HTTP/HTTPS/HTTP2.
+	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
+	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
+	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
+	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
+	// not assigned to an instance on the network.
+	//   "NEXT_HOP_CANNOT_IP_FORWARD" - The route's next hop instance cannot
+	// ip forward.
+	//   "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE" - The route's
+	// nextHopInstance URL refers to an instance that does not have an ipv6
+	// interface on the same network as the route.
+	//   "NEXT_HOP_INSTANCE_NOT_FOUND" - The route's nextHopInstance URL
+	// refers to an instance that does not exist.
+	//   "NEXT_HOP_INSTANCE_NOT_ON_NETWORK" - The route's nextHopInstance
+	// URL refers to an instance that is not on the same network as the
+	// route.
+	//   "NEXT_HOP_NOT_RUNNING" - The route's next hop instance does not
+	// have a status of RUNNING.
+	//   "NOT_CRITICAL_ERROR" - Error which is not critical. We decided to
+	// continue the process despite the mentioned error.
+	//   "NO_RESULTS_ON_PAGE" - No results are present on a particular list
+	// page.
+	//   "PARTIAL_SUCCESS" - Success is reported, but some results may be
+	// missing due to errors
+	//   "REQUIRED_TOS_AGREEMENT" - The user attempted to use a resource
+	// that requires a TOS they have not accepted.
+	//   "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING" - Warning that a
+	// resource is in use.
+	//   "RESOURCE_NOT_DELETED" - One or more of the resources set to
+	// auto-delete could not be deleted because they were in use.
+	//   "SCHEMA_VALIDATION_IGNORED" - When a resource schema validation is
+	// ignored.
+	//   "SINGLE_INSTANCE_PROPERTY_TEMPLATE" - Instance template used in
+	// instance group manager is valid as such, but its application does not
+	// make a lot of sense, because it allows only single instance in
+	// instance group.
+	//   "UNDECLARED_PROPERTIES" - When undeclared properties in the schema
+	// are present
+	//   "UNREACHABLE" - A given scope cannot be reached.
+	Code string `json:"code,omitempty"`
+
+	// Data: [Output Only] Metadata about this warning in key: value format.
+	// For example: "data": [ { "key": "scope", "value": "zones/us-east1-d"
+	// }
+	Data []*BackendServiceListUsableWarningData `json:"data,omitempty"`
+
+	// Message: [Output Only] A human-readable description of the warning
+	// code.
+	Message string `json:"message,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Code") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Code") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *BackendServiceListUsableWarning) MarshalJSON() ([]byte, error) {
+	type NoMethod BackendServiceListUsableWarning
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type BackendServiceListUsableWarningData struct {
+	// Key: [Output Only] A key that provides more detail on the warning
+	// being returned. For example, for warnings where there are no results
+	// in a list request for a particular zone, this key might be scope and
+	// the key value might be the zone name. Other examples might be a key
+	// indicating a deprecated resource and a suggested replacement, or a
+	// warning about invalid network settings (for example, if an instance
+	// attempts to perform IP forwarding but is not enabled for IP
+	// forwarding).
+	Key string `json:"key,omitempty"`
+
+	// Value: [Output Only] A warning data value corresponding to the key.
+	Value string `json:"value,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Key") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Key") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *BackendServiceListUsableWarningData) MarshalJSON() ([]byte, error) {
+	type NoMethod BackendServiceListUsableWarningData
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 // BackendServiceLocalityLoadBalancingPolicyConfig: Container for either
 // a built-in LB policy supported by gRPC or Envoy or a custom one
 // implemented by the end user.
@@ -7505,6 +7883,32 @@ func (s *BackendServiceReference) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+type BackendServiceUsedBy struct {
+	Reference string `json:"reference,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Reference") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Reference") to include in
+	// API requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *BackendServiceUsedBy) MarshalJSON() ([]byte, error) {
+	type NoMethod BackendServiceUsedBy
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 type BackendServicesScopedList struct {
 	// BackendServices: A list of BackendServices contained in this scope.
 	BackendServices []*BackendService `json:"backendServices,omitempty"`
@@ -7566,6 +7970,9 @@ type BackendServicesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -8060,9 +8467,6 @@ type BulkInsertInstanceResource struct {
 	// Count: The maximum number of instances to create.
 	Count int64 `json:"count,omitempty,string"`
 
-	// Instance: DEPRECATED: Please use instance_properties instead.
-	Instance *Instance `json:"instance,omitempty"`
-
 	// InstanceProperties: The instance properties defining the VM instances
 	// to be created. Required if sourceInstanceTemplate is not provided.
 	InstanceProperties *InstanceProperties `json:"instanceProperties,omitempty"`
@@ -8135,11 +8539,15 @@ func (s *BulkInsertInstanceResource) MarshalJSON() ([]byte, error) {
 // properties to be set on individual instances. To be extended in the
 // future.
 type BulkInsertInstanceResourcePerInstanceProperties struct {
+	// Hostname: Specifies the hostname of the instance. More details in:
+	// https://cloud.google.com/compute/docs/instances/custom-hostname-vm#naming_convention
+	Hostname string `json:"hostname,omitempty"`
+
 	// Name: This field is only temporary. It will be removed. Do not use
 	// it.
 	Name string `json:"name,omitempty"`
 
-	// ForceSendFields is a list of field names (e.g. "Name") to
+	// ForceSendFields is a list of field names (e.g. "Hostname") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
 	// non-pointer, non-interface field appearing in ForceSendFields will be
@@ -8147,8 +8555,8 @@ type BulkInsertInstanceResourcePerInstanceProperties struct {
 	// This may be used to include empty fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "Name") to include in API
-	// requests with the JSON null value. By default, fields with empty
+	// NullFields is a list of field names (e.g. "Hostname") to include in
+	// API requests with the JSON null value. By default, fields with empty
 	// values are omitted from API requests. However, any field with an
 	// empty value appearing in NullFields will be sent to the server as
 	// null. It is an error if a field in this list has a non-empty value.
@@ -8162,6 +8570,57 @@ func (s *BulkInsertInstanceResourcePerInstanceProperties) MarshalJSON() ([]byte,
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+type BulkInsertOperationStatus struct {
+	// CreatedVmCount: [Output Only] Count of VMs successfully created so
+	// far.
+	CreatedVmCount int64 `json:"createdVmCount,omitempty"`
+
+	// DeletedVmCount: [Output Only] Count of VMs that got deleted during
+	// rollback.
+	DeletedVmCount int64 `json:"deletedVmCount,omitempty"`
+
+	// FailedToCreateVmCount: [Output Only] Count of VMs that started
+	// creating but encountered an error.
+	FailedToCreateVmCount int64 `json:"failedToCreateVmCount,omitempty"`
+
+	// Status: [Output Only] Creation status of BulkInsert operation -
+	// information if the flow is rolling forward or rolling back.
+	//
+	// Possible values:
+	//   "CREATING" - Rolling forward - creating VMs.
+	//   "DONE" - Done
+	//   "ROLLING_BACK" - Rolling back - cleaning up after an error.
+	//   "STATUS_UNSPECIFIED"
+	Status string `json:"status,omitempty"`
+
+	// TargetVmCount: [Output Only] Count of VMs originally planned to be
+	// created.
+	TargetVmCount int64 `json:"targetVmCount,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "CreatedVmCount") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "CreatedVmCount") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *BulkInsertOperationStatus) MarshalJSON() ([]byte, error) {
+	type NoMethod BulkInsertOperationStatus
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 type BundledLocalSsds struct {
 	// DefaultInterface: The default disk interface if the interface is not
 	// specified.
@@ -8572,6 +9031,10 @@ type Commitment struct {
 	// Reservations: List of reservations in this commitment.
 	Reservations []*Reservation `json:"reservations,omitempty"`
 
+	// ResourceStatus: [Output Only] Status information for Commitment
+	// resource.
+	ResourceStatus *CommitmentResourceStatus `json:"resourceStatus,omitempty"`
+
 	// Resources: A list of commitment amounts for particular resources.
 	// Note that VCPU and MEMORY resource commitments must occur together.
 	Resources []*ResourceCommitment `json:"resources,omitempty"`
@@ -8583,7 +9046,7 @@ type Commitment struct {
 	// with the resource id.
 	SelfLinkWithId string `json:"selfLinkWithId,omitempty"`
 
-	// SplitSourceCommitment: Source commitment to be splitted into a new
+	// SplitSourceCommitment: Source commitment to be split into a new
 	// commitment.
 	SplitSourceCommitment string `json:"splitSourceCommitment,omitempty"`
 
@@ -8597,6 +9060,8 @@ type Commitment struct {
 	//
 	// Possible values:
 	//   "ACTIVE"
+	//   "CANCELED_EARLY_TERMINATION"
+	//   "CANCELING"
 	//   "CANCELLED" - Deprecate CANCELED status. Will use separate status
 	// to differentiate cancel by mergeCud or manual cancellation.
 	//   "CREATING"
@@ -8616,9 +9081,12 @@ type Commitment struct {
 	//
 	// Possible values:
 	//   "ACCELERATOR_OPTIMIZED"
+	//   "ACCELERATOR_OPTIMIZED_A3"
 	//   "COMPUTE_OPTIMIZED"
 	//   "COMPUTE_OPTIMIZED_C2D"
 	//   "COMPUTE_OPTIMIZED_C3"
+	//   "COMPUTE_OPTIMIZED_C3D"
+	//   "COMPUTE_OPTIMIZED_H3"
 	//   "GENERAL_PURPOSE"
 	//   "GENERAL_PURPOSE_E2"
 	//   "GENERAL_PURPOSE_N2"
@@ -8742,6 +9210,9 @@ type CommitmentAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -8931,6 +9402,9 @@ type CommitmentListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -9038,6 +9512,82 @@ func (s *CommitmentListWarningData) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+// CommitmentResourceStatus: [Output Only] Contains output only fields.
+type CommitmentResourceStatus struct {
+	// CancellationInformation: [Output Only] An optional, contains all the
+	// needed information of cancellation.
+	CancellationInformation *CommitmentResourceStatusCancellationInformation `json:"cancellationInformation,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g.
+	// "CancellationInformation") to unconditionally include in API
+	// requests. By default, fields with empty or default values are omitted
+	// from API requests. However, any non-pointer, non-interface field
+	// appearing in ForceSendFields will be sent to the server regardless of
+	// whether the field is empty or not. This may be used to include empty
+	// fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "CancellationInformation")
+	// to include in API requests with the JSON null value. By default,
+	// fields with empty values are omitted from API requests. However, any
+	// field with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *CommitmentResourceStatus) MarshalJSON() ([]byte, error) {
+	type NoMethod CommitmentResourceStatus
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type CommitmentResourceStatusCancellationInformation struct {
+	// CanceledCommitment: [Output Only] An optional amount of CUDs canceled
+	// so far in the last 365 days.
+	CanceledCommitment *Money `json:"canceledCommitment,omitempty"`
+
+	// CanceledCommitmentLastUpdatedTimestamp: [Output Only] An optional
+	// last update time of canceled_commitment. RFC3339 text format.
+	CanceledCommitmentLastUpdatedTimestamp string `json:"canceledCommitmentLastUpdatedTimestamp,omitempty"`
+
+	// CancellationCap: [Output Only] An optional,the cancellation cap for
+	// how much commitments can be canceled in a rolling 365 per billing
+	// account.
+	CancellationCap *Money `json:"cancellationCap,omitempty"`
+
+	// CancellationFee: [Output Only] An optional, cancellation fee.
+	CancellationFee *Money `json:"cancellationFee,omitempty"`
+
+	// CancellationFeeExpirationTimestamp: [Output Only] An optional,
+	// cancellation fee expiration time. RFC3339 text format.
+	CancellationFeeExpirationTimestamp string `json:"cancellationFeeExpirationTimestamp,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "CanceledCommitment")
+	// to unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "CanceledCommitment") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *CommitmentResourceStatusCancellationInformation) MarshalJSON() ([]byte, error) {
+	type NoMethod CommitmentResourceStatusCancellationInformation
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 type CommitmentsScopedList struct {
 	// Commitments: [Output Only] A list of commitments contained in this
 	// scope.
@@ -9099,6 +9649,9 @@ type CommitmentsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -9286,6 +9839,7 @@ type ConfidentialInstanceConfig struct {
 	//   "SEV" - AMD Secure Encrypted Virtualization.
 	//   "SEV_SNP" - AMD Secure Encrypted Virtualization - Secure Nested
 	// Paging.
+	//   "TDX" - Intel Trust Domain eXtension.
 	ConfidentialInstanceType string `json:"confidentialInstanceType,omitempty"`
 
 	// EnableConfidentialCompute: Defines whether the instance should have
@@ -9612,7 +10166,10 @@ type CustomerEncryptionKey struct {
 	// KmsKeyName: The name of the encryption key that is stored in Google
 	// Cloud KMS. For example: "kmsKeyName":
 	// "projects/kms_project_id/locations/region/keyRings/
-	// key_region/cryptoKeys/key
+	// key_region/cryptoKeys/key The fully-qualifed key name may be returned
+	// for resource GET requests. For example: "kmsKeyName":
+	// "projects/kms_project_id/locations/region/keyRings/
+	// key_region/cryptoKeys/key /cryptoKeyVersions/1
 	KmsKeyName string `json:"kmsKeyName,omitempty"`
 
 	// KmsKeyServiceAccount: The service account being used for the
@@ -9791,6 +10348,22 @@ func (s *DeprecationStatus) MarshalJSON() ([]byte, error) {
 // persistent disks. The regionDisks resource represents a regional
 // persistent disk. For more information, read Regional resources.
 type Disk struct {
+	// AccessMode: The access mode of the disk. - READ_WRITE_SINGLE: The
+	// default AccessMode, means the disk can be attached to single instance
+	// in RW mode. - READ_WRITE_MANY: The AccessMode means the disk can be
+	// attached to multiple instances in RW mode. - READ_ONLY_MANY: The
+	// AccessMode means the disk can be attached to multiple instances in RO
+	// mode. The AccessMode is only valid for Hyperdisk disk types.
+	//
+	// Possible values:
+	//   "READ_ONLY_MANY" - The AccessMode means the disk can be attached to
+	// multiple instances in RO mode.
+	//   "READ_WRITE_MANY" - The AccessMode means the disk can be attached
+	// to multiple instances in RW mode.
+	//   "READ_WRITE_SINGLE" - The default AccessMode, means the disk can be
+	// attached to single instance in RW mode.
+	AccessMode string `json:"accessMode,omitempty"`
+
 	// Architecture: The architecture of the disk. Valid values are ARM64 or
 	// X86_64.
 	//
@@ -9835,6 +10408,10 @@ type Disk struct {
 	// provide a key to use the disk later.
 	DiskEncryptionKey *CustomerEncryptionKey `json:"diskEncryptionKey,omitempty"`
 
+	// EnableConfidentialCompute: Whether this disk is using confidential
+	// compute mode.
+	EnableConfidentialCompute bool `json:"enableConfidentialCompute,omitempty"`
+
 	// EraseWindowsVssSignature: Specifies whether the disk restored from a
 	// source snapshot should erase Windows specific VSS signature.
 	EraseWindowsVssSignature bool `json:"eraseWindowsVssSignature,omitempty"`
@@ -10104,6 +10681,15 @@ type Disk struct {
 	//   "RESTORING" - Source data is being copied into the disk.
 	Status string `json:"status,omitempty"`
 
+	// StoragePool: The storage pool in which the new disk is created. You
+	// can provide this as a partial or full URL to the resource. For
+	// example, the following are valid values: -
+	// https://www.googleapis.com/compute/v1/projects/project/zones/zone
+	// /storagePools/storagePool -
+	// projects/project/zones/zone/storagePools/storagePool -
+	// zones/zone/storagePools/storagePool
+	StoragePool string `json:"storagePool,omitempty"`
+
 	// StorageType: [Deprecated] Storage type of the persistent disk.
 	//
 	// Possible values:
@@ -10137,7 +10723,7 @@ type Disk struct {
 	// server.
 	googleapi.ServerResponse `json:"-"`
 
-	// ForceSendFields is a list of field names (e.g. "Architecture") to
+	// ForceSendFields is a list of field names (e.g. "AccessMode") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
 	// non-pointer, non-interface field appearing in ForceSendFields will be
@@ -10145,10 +10731,10 @@ type Disk struct {
 	// This may be used to include empty fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "Architecture") to include
-	// in API requests with the JSON null value. By default, fields with
-	// empty values are omitted from API requests. However, any field with
-	// an empty value appearing in NullFields will be sent to the server as
+	// NullFields is a list of field names (e.g. "AccessMode") to include in
+	// API requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
 	// null. It is an error if a field in this list has a non-empty value.
 	// This may be used to include null fields in Patch requests.
 	NullFields []string `json:"-"`
@@ -10245,6 +10831,9 @@ type DiskAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -10353,6 +10942,16 @@ func (s *DiskAggregatedListWarningData) MarshalJSON() ([]byte, error) {
 }
 
 type DiskAsyncReplication struct {
+	// ConsistencyGroupPolicy: [Output Only] URL of the
+	// DiskConsistencyGroupPolicy if replication was started on the disk as
+	// a member of a group.
+	ConsistencyGroupPolicy string `json:"consistencyGroupPolicy,omitempty"`
+
+	// ConsistencyGroupPolicyId: [Output Only] ID of the
+	// DiskConsistencyGroupPolicy if replication was started on the disk as
+	// a member of a group.
+	ConsistencyGroupPolicyId string `json:"consistencyGroupPolicyId,omitempty"`
+
 	// Disk: The other disk asynchronously replicated to or from the current
 	// disk. You can provide this as a partial or full URL to the resource.
 	// For example, the following are valid values: -
@@ -10369,20 +10968,22 @@ type DiskAsyncReplication struct {
 	// identify the exact version of the disk that was used.
 	DiskId string `json:"diskId,omitempty"`
 
-	// ForceSendFields is a list of field names (e.g. "Disk") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
+	// ForceSendFields is a list of field names (e.g.
+	// "ConsistencyGroupPolicy") to unconditionally include in API requests.
+	// By default, fields with empty or default values are omitted from API
+	// requests. However, any non-pointer, non-interface field appearing in
+	// ForceSendFields will be sent to the server regardless of whether the
+	// field is empty or not. This may be used to include empty fields in
+	// Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "Disk") to include in API
-	// requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
+	// NullFields is a list of field names (e.g. "ConsistencyGroupPolicy")
+	// to include in API requests with the JSON null value. By default,
+	// fields with empty values are omitted from API requests. However, any
+	// field with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
 	NullFields []string `json:"-"`
 }
 
@@ -10582,6 +11183,9 @@ type DiskListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -10767,6 +11371,11 @@ type DiskResourceStatus struct {
 	// AsyncSecondaryDisks: Key: disk, value: AsyncReplicationStatus message
 	AsyncSecondaryDisks map[string]DiskResourceStatusAsyncReplicationStatus `json:"asyncSecondaryDisks,omitempty"`
 
+	// UsedBytes: [Output Only] Space used by data stored in the disk (in
+	// bytes). Note that this field is set only when the disk is in a
+	// storage pool.
+	UsedBytes int64 `json:"usedBytes,omitempty,string"`
+
 	// ForceSendFields is a list of field names (e.g. "AsyncPrimaryDisk") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
@@ -10825,6 +11434,87 @@ func (s *DiskResourceStatusAsyncReplicationStatus) MarshalJSON() ([]byte, error)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+type DiskSettings struct {
+	// DefaultResourcePolicies: An optional parameter for storing the
+	// default resource policies that will be used for the Disks created in
+	// the given scope. The Key is a string type, provided by customers to
+	// uniquely identify the default Resource Policy entry. The Value is a
+	// Default ResourcePolicyDetails Object used to represent the detailed
+	// information of the Resource Policy entry.
+	DefaultResourcePolicies map[string]DiskSettingsResourcePolicyDetails `json:"defaultResourcePolicies,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g.
+	// "DefaultResourcePolicies") to unconditionally include in API
+	// requests. By default, fields with empty or default values are omitted
+	// from API requests. However, any non-pointer, non-interface field
+	// appearing in ForceSendFields will be sent to the server regardless of
+	// whether the field is empty or not. This may be used to include empty
+	// fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "DefaultResourcePolicies")
+	// to include in API requests with the JSON null value. By default,
+	// fields with empty values are omitted from API requests. However, any
+	// field with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *DiskSettings) MarshalJSON() ([]byte, error) {
+	type NoMethod DiskSettings
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// DiskSettingsResourcePolicyDetails: This is the object for storing the
+// detail information about the Resource Policy that will be set as
+// default ones for the Disks that is using the DiskSettings. It
+// contains: - one target Resource Policy referenced by its
+// Fully-Qualified URL, - [output only] Disk Types that will be excluded
+// from using this Resource Policy, - Other filtering support (e.g.
+// Label filtering) for Default Resource Policy can be added here as
+// well
+type DiskSettingsResourcePolicyDetails struct {
+	// ExcludedDiskTypes: [Output Only] A list of Disk Types that will be
+	// excluded from applying the Resource Policy referenced here. If
+	// absent, Disks created in any DiskType can use the referenced default
+	// Resource Policy.
+	ExcludedDiskTypes []string `json:"excludedDiskTypes,omitempty"`
+
+	// ResourcePolicy: The target Resource Policies identified by their
+	// Fully-Qualified URL.
+	ResourcePolicy string `json:"resourcePolicy,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "ExcludedDiskTypes")
+	// to unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "ExcludedDiskTypes") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *DiskSettingsResourcePolicyDetails) MarshalJSON() ([]byte, error) {
+	type NoMethod DiskSettingsResourcePolicyDetails
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 // DiskType: Represents a Disk Type resource. Google Compute Engine has
 // two Disk Type resources: * Regional
 // (/compute/docs/reference/rest/alpha/regionDiskTypes) * Zonal
@@ -10997,6 +11687,9 @@ type DiskTypeAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -11186,6 +11879,9 @@ type DiskTypeListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -11354,6 +12050,9 @@ type DiskTypesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -11606,6 +12305,9 @@ type DisksScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -11749,37 +12451,6 @@ func (s *DisksStartAsyncReplicationRequest) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-type DisksStopAsyncReplicationRequest struct {
-	// AsyncSecondaryDisk: [Deprecated] The secondary disk to stop
-	// asynchronous replication to. This field will not be included in the
-	// beta or v1 APIs and will be removed from the alpha API in the near
-	// future.
-	AsyncSecondaryDisk string `json:"asyncSecondaryDisk,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "AsyncSecondaryDisk")
-	// to unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "AsyncSecondaryDisk") to
-	// include in API requests with the JSON null value. By default, fields
-	// with empty values are omitted from API requests. However, any field
-	// with an empty value appearing in NullFields will be sent to the
-	// server as null. It is an error if a field in this list has a
-	// non-empty value. This may be used to include null fields in Patch
-	// requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *DisksStopAsyncReplicationRequest) MarshalJSON() ([]byte, error) {
-	type NoMethod DisksStopAsyncReplicationRequest
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
 // DisksStopGroupAsyncReplicationResource: A transient resource used in
 // compute.disks.stopGroupAsyncReplication and
 // compute.regionDisks.stopGroupAsyncReplication. It is only used to
@@ -12158,6 +12829,9 @@ type ExchangedPeeringRoutesListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -12576,6 +13250,9 @@ type ExternalVpnGatewayListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -13054,6 +13731,9 @@ type FirewallListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -13383,6 +14063,14 @@ type FirewallPolicyAssociation struct {
 	// Name: The name for an association.
 	Name string `json:"name,omitempty"`
 
+	// Priority: An integer indicating the priority of an association. The
+	// priority must be a positive value between 1 and 2147483647. Firewall
+	// Policies are evaluated from highest to lowest priority where 1 is the
+	// highest priority and 2147483647 is the lowest priority. The default
+	// value is `1000`. If two associations have the same priority then
+	// lexicographical order on association names is applied.
+	Priority int64 `json:"priority,omitempty"`
+
 	// ShortName: [Output Only] The short name of the firewall policy of the
 	// association.
 	ShortName string `json:"shortName,omitempty"`
@@ -13494,6 +14182,9 @@ type FirewallPolicyListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -13982,9 +14673,12 @@ type ForwardingRule struct {
 
 	// AllowGlobalAccess: This field is used along with the backend_service
 	// field for internal load balancing or with the target field for
-	// internal TargetInstance. If the field is set to TRUE, clients can
-	// access ILB from all regions. Otherwise only allows access from
-	// clients in the same region as the internal load balancer.
+	// internal TargetInstance. If set to true, clients can access the
+	// Internal TCP/UDP Load Balancer, Internal HTTP(S) and TCP Proxy Load
+	// Balancer from all regions. If false, only allows access from the
+	// local region the load balancer is located at. Note that for
+	// INTERNAL_MANAGED forwarding rules, this field cannot be changed after
+	// the forwarding rule is created.
 	AllowGlobalAccess bool `json:"allowGlobalAccess,omitempty"`
 
 	// AllowPscGlobalAccess: This is used in PSC consumer ForwardingRule to
@@ -14026,6 +14720,17 @@ type ForwardingRule struct {
 	// identifier is defined by the server.
 	Id uint64 `json:"id,omitempty,string"`
 
+	// IpCollection: Resource reference of a PublicDelegatedPrefix. The PDP
+	// must be a sub-PDP in IPV6_FORWARDING_RULE_CREATION mode. Use one of
+	// the following formats to specify a sub-PDP when creating an IPv6
+	// NetLB forwarding rule using BYOIP: Full resource URL, as in
+	// https://www.googleapis.com/compute/v1/projects/
+	// project_id/regions/region/publicDelegatedPrefixes/sub-pdp-name
+	// Partial URL, as in: -
+	// projects/project_id/regions/region/publicDelegatedPrefixes/sub-pdp-nam
+	// e - regions/region/publicDelegatedPrefixes/sub-pdp-name
+	IpCollection string `json:"ipCollection,omitempty"`
+
 	// IpVersion: The IP Version that will be used by this forwarding rule.
 	// Valid options are IPV4 or IPV6.
 	//
@@ -14109,9 +14814,10 @@ type ForwardingRule struct {
 	// Network: This field is not used for external load balancing. For
 	// Internal TCP/UDP Load Balancing, this field identifies the network
 	// that the load balanced IP should belong to for this Forwarding Rule.
-	// If this field is not specified, the default network will be used. For
-	// Private Service Connect forwarding rules that forward traffic to
-	// Google APIs, a network must be provided.
+	// If the subnetwork is specified, the network of the subnetwork will be
+	// used. If neither subnetwork nor this field is specified, the default
+	// network will be used. For Private Service Connect forwarding rules
+	// that forward traffic to Google APIs, a network must be provided.
 	Network string `json:"network,omitempty"`
 
 	// NetworkTier: This signifies the networking tier used for configuring
@@ -14137,7 +14843,8 @@ type ForwardingRule struct {
 
 	// NoAutomateDnsZone: This is used in PSC consumer ForwardingRule to
 	// control whether it should try to auto-generate a DNS zone or not.
-	// Non-PSC forwarding rules do not use this field.
+	// Non-PSC forwarding rules do not use this field. Once set, this field
+	// is not mutable.
 	NoAutomateDnsZone bool `json:"noAutomateDnsZone,omitempty"`
 
 	// PortRange: This field can only be used: - If IPProtocol is one of
@@ -14252,7 +14959,8 @@ type ForwardingRule struct {
 	// vpc-sc - APIs that support VPC Service Controls. - all-apis - All
 	// supported Google APIs. - For Private Service Connect forwarding rules
 	// that forward traffic to managed services, the target must be a
-	// service attachment.
+	// service attachment. The target is not mutable once set as a service
+	// attachment.
 	Target string `json:"target,omitempty"`
 
 	// ServerResponse contains the HTTP response code and headers from the
@@ -14367,6 +15075,9 @@ type ForwardingRuleAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -14556,6 +15267,9 @@ type ForwardingRuleListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -14794,6 +15508,9 @@ type ForwardingRulesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -14902,6 +15619,29 @@ func (s *ForwardingRulesScopedListWarningData) MarshalJSON() ([]byte, error) {
 }
 
 type FutureReservation struct {
+	// AutoCreatedReservationsDeleteTime: Future timestamp when the FR
+	// auto-created reservations will be deleted by GCE. Format of this
+	// field must be a valid
+	// href="https://www.ietf.org/rfc/rfc3339.txt">RFC3339 value.
+	AutoCreatedReservationsDeleteTime string `json:"autoCreatedReservationsDeleteTime,omitempty"`
+
+	// AutoCreatedReservationsDuration: Specifies the duration of
+	// auto-created reservations. It represents relative time to future
+	// reservation start_time when auto-created reservations will be
+	// automatically deleted by GCE. Duration time unit is represented as a
+	// count of seconds and fractions of seconds at nanosecond resolution.
+	AutoCreatedReservationsDuration *Duration `json:"autoCreatedReservationsDuration,omitempty"`
+
+	// AutoDeleteAutoCreatedReservations: Setting for enabling or disabling
+	// automatic deletion for auto-created reservation. If omitted or set to
+	// true, auto-created reservations will be deleted at Future
+	// Reservation's end time (default) or at user's defined timestamp if
+	// any of the [auto_created_reservations_delete_time,
+	// auto_created_reservations_duration] values is specified. For keeping
+	// auto-created reservation indefinitely, this value should be set to
+	// false.
+	AutoDeleteAutoCreatedReservations bool `json:"autoDeleteAutoCreatedReservations,omitempty"`
+
 	// CreationTimestamp: [Output Only] The creation timestamp for this
 	// future reservation in RFC3339 text format.
 	CreationTimestamp string `json:"creationTimestamp,omitempty"`
@@ -14972,21 +15712,22 @@ type FutureReservation struct {
 	// server.
 	googleapi.ServerResponse `json:"-"`
 
-	// ForceSendFields is a list of field names (e.g. "CreationTimestamp")
-	// to unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
+	// ForceSendFields is a list of field names (e.g.
+	// "AutoCreatedReservationsDeleteTime") to unconditionally include in
+	// API requests. By default, fields with empty or default values are
+	// omitted from API requests. However, any non-pointer, non-interface
+	// field appearing in ForceSendFields will be sent to the server
+	// regardless of whether the field is empty or not. This may be used to
+	// include empty fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "CreationTimestamp") to
-	// include in API requests with the JSON null value. By default, fields
-	// with empty values are omitted from API requests. However, any field
-	// with an empty value appearing in NullFields will be sent to the
-	// server as null. It is an error if a field in this list has a
-	// non-empty value. This may be used to include null fields in Patch
-	// requests.
+	// NullFields is a list of field names (e.g.
+	// "AutoCreatedReservationsDeleteTime") to include in API requests with
+	// the JSON null value. By default, fields with empty values are omitted
+	// from API requests. However, any field with an empty value appearing
+	// in NullFields will be sent to the server as null. It is an error if a
+	// field in this list has a non-empty value. This may be used to include
+	// null fields in Patch requests.
 	NullFields []string `json:"-"`
 }
 
@@ -15035,6 +15776,20 @@ func (s *FutureReservationSpecificSKUProperties) MarshalJSON() ([]byte, error) {
 // FutureReservationStatus: [Output only] Represents status related to
 // the future reservation.
 type FutureReservationStatus struct {
+	// AmendmentStatus: [Output Only] The current status of the requested
+	// amendment.
+	//
+	// Possible values:
+	//   "AMENDMENT_APPROVED" - The requested amendment to the Future
+	// Resevation has been approved and applied by GCP.
+	//   "AMENDMENT_DECLINED" - The requested amendment to the Future
+	// Reservation has been declined by GCP and the original state was
+	// restored.
+	//   "AMENDMENT_IN_REVIEW" - The requested amendment to the Future
+	// Reservation is currently being reviewd by GCP.
+	//   "AMENDMENT_STATUS_UNSPECIFIED"
+	AmendmentStatus string `json:"amendmentStatus,omitempty"`
+
 	// AutoCreatedReservations: Fully qualified urls of the automatically
 	// created reservations at start_time.
 	AutoCreatedReservations []string `json:"autoCreatedReservations,omitempty"`
@@ -15044,6 +15799,13 @@ type FutureReservationStatus struct {
 	// capacity delivered as part of existing matching reservations.
 	FulfilledCount int64 `json:"fulfilledCount,omitempty,string"`
 
+	// LastKnownGoodState: [Output Only] This field represents the future
+	// reservation before an amendment was requested. If the amendment is
+	// declined, the Future Reservation will be reverted to the last known
+	// good state. The last known good state is not set when updating a
+	// future reservation whose Procurement Status is DRAFTING.
+	LastKnownGoodState *FutureReservationStatusLastKnownGoodState `json:"lastKnownGoodState,omitempty"`
+
 	// LockTime: Time when Future Reservation would become LOCKED, after
 	// which no modifications to Future Reservation will be allowed.
 	// Applicable only after the Future Reservation is in the APPROVED
@@ -15066,6 +15828,9 @@ type FutureReservationStatus struct {
 	// fulfilled. Additional reservations were provided but did not reach
 	// total_count reserved instance slots.
 	//   "FULFILLED" - Future reservation is fulfilled completely.
+	//   "PENDING_AMENDMENT_APPROVAL" - An Amendment to the Future
+	// Reservation has been requested. If the Amendment is declined, the
+	// Future Reservation will be restored to the last known good state.
 	//   "PENDING_APPROVAL" - Future reservation is pending approval by GCP.
 	//   "PROCUREMENT_STATUS_UNSPECIFIED"
 	//   "PROCURING" - Future reservation is being procured by GCP. Beyond
@@ -15079,19 +15844,18 @@ type FutureReservationStatus struct {
 
 	SpecificSkuProperties *FutureReservationStatusSpecificSKUProperties `json:"specificSkuProperties,omitempty"`
 
-	// ForceSendFields is a list of field names (e.g.
-	// "AutoCreatedReservations") to unconditionally include in API
-	// requests. By default, fields with empty or default values are omitted
-	// from API requests. However, any non-pointer, non-interface field
-	// appearing in ForceSendFields will be sent to the server regardless of
-	// whether the field is empty or not. This may be used to include empty
-	// fields in Patch requests.
+	// ForceSendFields is a list of field names (e.g. "AmendmentStatus") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "AutoCreatedReservations")
-	// to include in API requests with the JSON null value. By default,
-	// fields with empty values are omitted from API requests. However, any
-	// field with an empty value appearing in NullFields will be sent to the
+	// NullFields is a list of field names (e.g. "AmendmentStatus") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
 	// server as null. It is an error if a field in this list has a
 	// non-empty value. This may be used to include null fields in Patch
 	// requests.
@@ -15104,6 +15868,114 @@ func (s *FutureReservationStatus) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+// FutureReservationStatusLastKnownGoodState: The state that the future
+// reservation will be reverted to should the amendment be declined.
+type FutureReservationStatusLastKnownGoodState struct {
+	// Description: [Output Only] The description of the FutureReservation
+	// before an amendment was requested.
+	Description string `json:"description,omitempty"`
+
+	FutureReservationSpecs *FutureReservationStatusLastKnownGoodStateFutureReservationSpecs `json:"futureReservationSpecs,omitempty"`
+
+	// LockTime: [Output Only] The lock time of the FutureReservation before
+	// an amendment was requested.
+	LockTime string `json:"lockTime,omitempty"`
+
+	// NamePrefix: [Output Only] The name prefix of the Future Reservation
+	// before an amendment was requested.
+	NamePrefix string `json:"namePrefix,omitempty"`
+
+	// ProcurementStatus: [Output Only] The status of the last known good
+	// state for the Future Reservation.
+	//
+	// Possible values:
+	//   "APPROVED" - Future reservation is approved by GCP.
+	//   "CANCELLED" - Future reservation is cancelled by the customer.
+	//   "COMMITTED" - Future reservation is committed by the customer.
+	//   "DECLINED" - Future reservation is rejected by GCP.
+	//   "DRAFTING" - Related status for PlanningStatus.Draft. Transitions
+	// to PENDING_APPROVAL upon user submitting FR.
+	//   "FAILED" - Future reservation failed. No additional reservations
+	// were provided.
+	//   "FAILED_PARTIALLY_FULFILLED" - Future reservation is partially
+	// fulfilled. Additional reservations were provided but did not reach
+	// total_count reserved instance slots.
+	//   "FULFILLED" - Future reservation is fulfilled completely.
+	//   "PENDING_AMENDMENT_APPROVAL" - An Amendment to the Future
+	// Reservation has been requested. If the Amendment is declined, the
+	// Future Reservation will be restored to the last known good state.
+	//   "PENDING_APPROVAL" - Future reservation is pending approval by GCP.
+	//   "PROCUREMENT_STATUS_UNSPECIFIED"
+	//   "PROCURING" - Future reservation is being procured by GCP. Beyond
+	// this point, Future reservation is locked and no further modifications
+	// are allowed.
+	//   "PROVISIONING" - Future reservation capacity is being provisioned.
+	// This state will be entered after start_time, while reservations are
+	// being created to provide total_count reserved instance slots. This
+	// state will not persist past start_time + 24h.
+	ProcurementStatus string `json:"procurementStatus,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Description") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Description") to include
+	// in API requests with the JSON null value. By default, fields with
+	// empty values are omitted from API requests. However, any field with
+	// an empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *FutureReservationStatusLastKnownGoodState) MarshalJSON() ([]byte, error) {
+	type NoMethod FutureReservationStatusLastKnownGoodState
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// FutureReservationStatusLastKnownGoodStateFutureReservationSpecs: The
+// properties of the last known good state for the Future Reservation.
+type FutureReservationStatusLastKnownGoodStateFutureReservationSpecs struct {
+	// ShareSettings: [Output Only] The previous share settings of the
+	// Future Reservation.
+	ShareSettings *ShareSettings `json:"shareSettings,omitempty"`
+
+	// SpecificSkuProperties: [Output Only] The previous instance related
+	// properties of the Future Reservation.
+	SpecificSkuProperties *FutureReservationSpecificSKUProperties `json:"specificSkuProperties,omitempty"`
+
+	// TimeWindow: [Output Only] The previous time window of the Future
+	// Reservation.
+	TimeWindow *FutureReservationTimeWindow `json:"timeWindow,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "ShareSettings") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "ShareSettings") to include
+	// in API requests with the JSON null value. By default, fields with
+	// empty values are omitted from API requests. However, any field with
+	// an empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *FutureReservationStatusLastKnownGoodStateFutureReservationSpecs) MarshalJSON() ([]byte, error) {
+	type NoMethod FutureReservationStatusLastKnownGoodStateFutureReservationSpecs
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 // FutureReservationStatusSpecificSKUProperties: Properties to be set
 // for the Future Reservation.
 type FutureReservationStatusSpecificSKUProperties struct {
@@ -15258,6 +16130,9 @@ type FutureReservationsAggregatedListResponseWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -15452,6 +16327,9 @@ type FutureReservationsListResponseWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -15621,6 +16499,9 @@ type FutureReservationsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -16195,18 +17076,20 @@ type GuestOsFeature struct {
 	// commas to separate values. Set to one or more of the following
 	// values: - VIRTIO_SCSI_MULTIQUEUE - WINDOWS - MULTI_IP_SUBNET -
 	// UEFI_COMPATIBLE - GVNIC - SEV_CAPABLE - SUSPEND_RESUME_COMPATIBLE -
-	// SEV_SNP_CAPABLE For more information, see Enabling guest operating
-	// system features.
+	// SEV_LIVE_MIGRATABLE - SEV_SNP_CAPABLE For more information, see
+	// Enabling guest operating system features.
 	//
 	// Possible values:
 	//   "BARE_METAL_LINUX_COMPATIBLE"
 	//   "FEATURE_TYPE_UNSPECIFIED"
 	//   "GVNIC"
+	//   "IDPF"
 	//   "MULTI_IP_SUBNET"
 	//   "SECURE_BOOT"
 	//   "SEV_CAPABLE"
 	//   "SEV_LIVE_MIGRATABLE"
 	//   "SEV_SNP_CAPABLE"
+	//   "TDX_CAPABLE"
 	//   "UEFI_COMPATIBLE"
 	//   "VIRTIO_SCSI_MULTIQUEUE"
 	//   "WINDOWS"
@@ -16571,12 +17454,12 @@ func (s *HTTPSHealthCheck) MarshalJSON() ([]byte, error) {
 // (/compute/docs/reference/rest/alpha/regionHealthChecks) Internal
 // HTTP(S) load balancers must use regional health checks
 // (`compute.v1.regionHealthChecks`). Traffic Director must use global
-// health checks (`compute.v1.HealthChecks`). Internal TCP/UDP load
+// health checks (`compute.v1.healthChecks`). Internal TCP/UDP load
 // balancers can use either regional or global health checks
-// (`compute.v1.regionHealthChecks` or `compute.v1.HealthChecks`).
+// (`compute.v1.regionHealthChecks` or `compute.v1.healthChecks`).
 // External HTTP(S), TCP proxy, and SSL proxy load balancers as well as
 // managed instance group auto-healing must use global health checks
-// (`compute.v1.HealthChecks`). Backend service-based network load
+// (`compute.v1.healthChecks`). Backend service-based network load
 // balancers must use regional health checks
 // (`compute.v1.regionHealthChecks`). Target pool-based network load
 // balancers must use legacy HTTP health checks
@@ -16791,6 +17674,9 @@ type HealthCheckListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -17192,6 +18078,9 @@ type HealthCheckServiceAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -17414,6 +18303,9 @@ type HealthCheckServicesListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -17581,6 +18473,9 @@ type HealthCheckServicesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -17772,6 +18667,9 @@ type HealthChecksAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -17939,6 +18837,9 @@ type HealthChecksScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -18058,7 +18959,7 @@ type HealthStatus struct {
 	// instance.
 	ForwardingRuleIp string `json:"forwardingRuleIp,omitempty"`
 
-	// HealthState: Health state of the instance.
+	// HealthState: Health state of the IPv4 address of the instance.
 	//
 	// Possible values:
 	//   "HEALTHY"
@@ -18143,12 +19044,22 @@ type HealthStatusForNetworkEndpoint struct {
 	// the health checks configured.
 	//
 	// Possible values:
-	//   "DRAINING"
-	//   "HEALTHY"
-	//   "UNHEALTHY"
-	//   "UNKNOWN"
+	//   "DRAINING" - Endpoint is being drained.
+	//   "HEALTHY" - Endpoint is healthy.
+	//   "UNHEALTHY" - Endpoint is unhealthy.
+	//   "UNKNOWN" - Health status of the endpoint is unknown.
 	HealthState string `json:"healthState,omitempty"`
 
+	// Ipv6HealthState: Health state of the ipv6 network endpoint determined
+	// based on the health checks configured.
+	//
+	// Possible values:
+	//   "DRAINING" - Endpoint is being drained.
+	//   "HEALTHY" - Endpoint is healthy.
+	//   "UNHEALTHY" - Endpoint is unhealthy.
+	//   "UNKNOWN" - Health status of the endpoint is unknown.
+	Ipv6HealthState string `json:"ipv6HealthState,omitempty"`
+
 	// ForceSendFields is a list of field names (e.g. "BackendService") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
@@ -18685,6 +19596,7 @@ type HttpHealthCheck struct {
 
 	// RequestPath: The request path of the HTTP health check request. The
 	// default value is /. This field does not support query parameters.
+	// Must comply with RFC3986.
 	RequestPath string `json:"requestPath,omitempty"`
 
 	// SelfLink: [Output Only] Server-defined URL for the resource.
@@ -18814,6 +19726,9 @@ type HttpHealthCheckListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -19498,7 +20413,7 @@ type HttpsHealthCheck struct {
 	Port int64 `json:"port,omitempty"`
 
 	// RequestPath: The request path of the HTTPS health check request. The
-	// default value is "/".
+	// default value is "/". Must comply with RFC3986.
 	RequestPath string `json:"requestPath,omitempty"`
 
 	// SelfLink: [Output Only] Server-defined URL for the resource.
@@ -19628,6 +20543,9 @@ type HttpsHealthCheckListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -19767,6 +20685,11 @@ type Image struct {
 	// (in GB).
 	DiskSizeGb int64 `json:"diskSizeGb,omitempty,string"`
 
+	// EnableConfidentialCompute: Whether this image is created from a
+	// confidential compute mode disk. [Output Only]: This field is not set
+	// by user, but from source disk.
+	EnableConfidentialCompute bool `json:"enableConfidentialCompute,omitempty"`
+
 	// Family: The name of the image family to which this image belongs. The
 	// image family name can be from a publicly managed image family
 	// provided by Compute Engine, or from a custom image family you create.
@@ -20154,6 +21077,9 @@ type ImageListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -20464,6 +21390,10 @@ type Instance struct {
 	// request, but not persisted as part of resource payload.
 	Params *InstanceParams `json:"params,omitempty"`
 
+	// PartnerMetadata: Partner Metadata assigned to the instance. A map
+	// from a subdomain (namespace) to entries map.
+	PartnerMetadata map[string]StructuredEntries `json:"partnerMetadata,omitempty"`
+
 	// PostKeyRevocationActionType: PostKeyRevocationActionType of the
 	// instance.
 	//
@@ -20568,9 +21498,9 @@ type Instance struct {
 	// cycle.
 	//
 	// Possible values:
-	//   "DEPROVISIONING" - The Nanny is halted and we are performing tear
-	// down tasks like network deprogramming, releasing quota, IP, tearing
-	// down disks etc.
+	//   "DEPROVISIONING" - The instance is halted and we are performing
+	// tear down tasks like network deprogramming, releasing quota, IP,
+	// tearing down disks etc.
 	//   "PROVISIONING" - Resources are being allocated for the instance.
 	//   "REPAIRING" - The instance is in repair.
 	//   "RUNNING" - The instance is running.
@@ -20720,6 +21650,9 @@ type InstanceAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -21087,6 +22020,9 @@ type InstanceGroupAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -21277,6 +22213,9 @@ type InstanceGroupListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -21441,6 +22380,11 @@ type InstanceGroupManager struct {
 	// server generates this identifier.
 	Id uint64 `json:"id,omitempty,string"`
 
+	// InstanceFlexibilityPolicy: Instance flexibility allowing MIG to
+	// create VMs from multiple types of machines. Instance flexibility
+	// configuration on MIG overrides instance template configuration.
+	InstanceFlexibilityPolicy *InstanceGroupManagerInstanceFlexibilityPolicy `json:"instanceFlexibilityPolicy,omitempty"`
+
 	// InstanceGroup: [Output Only] The URL of the Instance Group resource.
 	InstanceGroup string `json:"instanceGroup,omitempty"`
 
@@ -21521,6 +22465,16 @@ type InstanceGroupManager struct {
 	// Resizing the group also changes this number.
 	TargetSize int64 `json:"targetSize,omitempty"`
 
+	// TargetSizeUnit: The unit of measure for the target size.
+	//
+	// Possible values:
+	//   "INSTANCE" - [Default] TargetSize is the target number of
+	// instances.
+	//   "VCPU" - TargetSize is the target count of vCPUs of VMs.
+	//   "VM" - TargetSize is the target number of VMs. Deprecated in favor
+	// of 'INSTANCE'.
+	TargetSizeUnit string `json:"targetSizeUnit,omitempty"`
+
 	// TargetStoppedSize: The target number of stopped instances for this
 	// managed instance group. This number changes when you: - Stop instance
 	// using the stopInstances method or start instances using the
@@ -21602,6 +22556,12 @@ type InstanceGroupManagerActionsSummary struct {
 	// value accordingly.
 	CreatingAtomically int64 `json:"creatingAtomically,omitempty"`
 
+	// CreatingInBulk: [Output Only] The number of instances that the
+	// managed instance group will attempt to create in bulk. If the desired
+	// count of instances cannot be created, entire batch will be deleted
+	// and the group will decrease its targetSize value accordingly.
+	CreatingInBulk int64 `json:"creatingInBulk,omitempty"`
+
 	// CreatingWithoutRetries: [Output Only] The number of instances that
 	// the managed instance group will attempt to create. The group attempts
 	// to create each instance only once. If the group fails to create any
@@ -21775,6 +22735,9 @@ type InstanceGroupManagerAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -21922,13 +22885,14 @@ type InstanceGroupManagerAutoHealingPolicy struct {
 	// HealthCheck: The URL for the health check that signals autohealing.
 	HealthCheck string `json:"healthCheck,omitempty"`
 
-	// InitialDelaySec: The number of seconds that the managed instance
-	// group waits before it applies autohealing policies to new instances
-	// or recently recreated instances. This initial delay allows instances
-	// to initialize and run their startup scripts before the instance group
-	// determines that they are UNHEALTHY. This prevents the managed
-	// instance group from recreating its instances prematurely. This value
-	// must be from range [0, 3600].
+	// InitialDelaySec: The initial delay is the number of seconds that a
+	// new VM takes to initialize and run its startup script. During a VM's
+	// initial delay period, the MIG ignores unsuccessful health checks
+	// because the VM might be in the startup process. This prevents the MIG
+	// from prematurely recreating a VM. If the health check receives a
+	// healthy response during the initial delay, it indicates that the
+	// startup process is complete and the VM is ready. The value of initial
+	// delay must be between 0 and 3600 seconds. The default value is 0.
 	InitialDelaySec int64 `json:"initialDelaySec,omitempty"`
 
 	// MaxUnavailable: Maximum number of instances that can be unavailable
@@ -22011,18 +22975,85 @@ func (s *InstanceGroupManagerAutoHealingPolicyAutoHealingTriggers) MarshalJSON()
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+type InstanceGroupManagerInstanceFlexibilityPolicy struct {
+	// InstanceSelectionLists: List of instance selection options that the
+	// group will use when creating new VMs.
+	InstanceSelectionLists map[string]InstanceGroupManagerInstanceFlexibilityPolicyInstanceSelection `json:"instanceSelectionLists,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g.
+	// "InstanceSelectionLists") to unconditionally include in API requests.
+	// By default, fields with empty or default values are omitted from API
+	// requests. However, any non-pointer, non-interface field appearing in
+	// ForceSendFields will be sent to the server regardless of whether the
+	// field is empty or not. This may be used to include empty fields in
+	// Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "InstanceSelectionLists")
+	// to include in API requests with the JSON null value. By default,
+	// fields with empty values are omitted from API requests. However, any
+	// field with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *InstanceGroupManagerInstanceFlexibilityPolicy) MarshalJSON() ([]byte, error) {
+	type NoMethod InstanceGroupManagerInstanceFlexibilityPolicy
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type InstanceGroupManagerInstanceFlexibilityPolicyInstanceSelection struct {
+	// MachineTypes: Full machine-type names, e.g. "n1-standard-16".
+	MachineTypes []string `json:"machineTypes,omitempty"`
+
+	// Rank: Preference of this instance selection. Lower number means
+	// higher preference. MIG will first try to create a VM based on the
+	// machine-type with lowest rank and fallback to next rank based on
+	// availability. Machine types and instance selections with the same
+	// rank have the same preference.
+	Rank int64 `json:"rank,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "MachineTypes") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "MachineTypes") to include
+	// in API requests with the JSON null value. By default, fields with
+	// empty values are omitted from API requests. However, any field with
+	// an empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *InstanceGroupManagerInstanceFlexibilityPolicyInstanceSelection) MarshalJSON() ([]byte, error) {
+	type NoMethod InstanceGroupManagerInstanceFlexibilityPolicyInstanceSelection
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 type InstanceGroupManagerInstanceLifecyclePolicy struct {
-	// DefaultActionOnFailure: Defines behaviour for all instance or
-	// failures
+	// DefaultActionOnFailure: The action that a MIG performs on a failed or
+	// an unhealthy VM. A VM is marked as unhealthy when the application
+	// running on that VM fails a health check. Valid values are - REPAIR
+	// (default): MIG automatically repairs a failed or an unhealthy VM by
+	// recreating it. For more information, see About repairing VMs in a
+	// MIG. - DO_NOTHING: MIG does not repair a failed or an unhealthy VM.
 	//
 	// Possible values:
-	//   "DO_NOTHING" - If any of the MIG's VMs is not running, or is
-	// failing, no repair action will be taken.
-	//   "REPAIR" - *[Default]* If any of the MIG's VMs is not running - for
-	// example, a VM cannot be created during a scale out or a VM fails –
-	// then the group will retry until it creates that VM successfully. For
-	// more information about how a MIG manages its VMs, see What is a
-	// managed instance."
+	//   "DELETE" - MIG deletes a failed or an unhealthy VM. Deleting the VM
+	// decreases the target size of the MIG.
+	//   "DO_NOTHING" - MIG does not repair a failed or an unhealthy VM.
+	//   "REPAIR" - (Default) MIG automatically repairs a failed or an
+	// unhealthy VM by recreating it. For more information, see About
+	// repairing VMs in a MIG.
 	DefaultActionOnFailure string `json:"defaultActionOnFailure,omitempty"`
 
 	// ForceUpdateOnRepair: A bit indicating whether to forcefully apply the
@@ -22189,6 +23220,9 @@ type InstanceGroupManagerListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -22343,6 +23377,7 @@ type InstanceGroupManagerResizeRequest struct {
 	// Possible values:
 	//   "ACCEPTED" - The request was created successfully and was accepted
 	// for provisioning when the capacity becomes available.
+	//   "CANCELLED" - The request is cancelled.
 	//   "CREATING" - resize request is being created and may still fail
 	// creation.
 	//   "DELETING" - The request is being deleted.
@@ -22612,6 +23647,9 @@ type InstanceGroupManagerResizeRequestsListResponseWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -22722,6 +23760,16 @@ func (s *InstanceGroupManagerResizeRequestsListResponseWarningData) MarshalJSON(
 type InstanceGroupManagerStandbyPolicy struct {
 	InitialDelaySec int64 `json:"initialDelaySec,omitempty"`
 
+	// Mode: Defines behaviour of using instances from standby pool to
+	// resize MIG.
+	//
+	// Possible values:
+	//   "MANUAL" - MIG does not automatically stop/start or suspend/resume
+	// VMs.
+	//   "SCALE_OUT_POOL" - MIG automatically resumes and starts VMs when it
+	// scales out, and replenishes the standby pool afterwards.
+	Mode string `json:"mode,omitempty"`
+
 	// ForceSendFields is a list of field names (e.g. "InitialDelaySec") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
@@ -22994,29 +24042,27 @@ type InstanceGroupManagerUpdatePolicy struct {
 	//
 	// Possible values:
 	//   "NONE" - Do not perform any action.
-	//   "REFRESH" - Updates applied in runtime, instances will not be
-	// disrupted.
-	//   "REPLACE" - Old instances will be deleted. New instances will be
-	// created from the target template.
-	//   "RESTART" - Every instance will be restarted.
+	//   "REFRESH" - Do not stop the instance.
+	//   "REPLACE" - (Default.) Replace the instance according to the
+	// replacement method option.
+	//   "RESTART" - Stop the instance and start it again.
 	MinimalAction string `json:"minimalAction,omitempty"`
 
 	// MostDisruptiveAllowedAction: Most disruptive action that is allowed
 	// to be taken on an instance. You can specify either NONE to forbid any
-	// actions, REFRESH to allow actions that do not need instance restart,
-	// RESTART to allow actions that can be applied without instance
-	// replacing or REPLACE to allow all possible actions. If the Updater
-	// determines that the minimal update action needed is more disruptive
-	// than most disruptive allowed action you specify it will not perform
-	// the update at all.
+	// actions, REFRESH to avoid restarting the VM and to limit disruption
+	// as much as possible. RESTART to allow actions that can be applied
+	// without instance replacing or REPLACE to allow all possible actions.
+	// If the Updater determines that the minimal update action needed is
+	// more disruptive than most disruptive allowed action you specify it
+	// will not perform the update at all.
 	//
 	// Possible values:
 	//   "NONE" - Do not perform any action.
-	//   "REFRESH" - Updates applied in runtime, instances will not be
-	// disrupted.
-	//   "REPLACE" - Old instances will be deleted. New instances will be
-	// created from the target template.
-	//   "RESTART" - Every instance will be restarted.
+	//   "REFRESH" - Do not stop the instance.
+	//   "REPLACE" - (Default.) Replace the instance according to the
+	// replacement method option.
+	//   "RESTART" - Stop the instance and start it again.
 	MostDisruptiveAllowedAction string `json:"mostDisruptiveAllowedAction,omitempty"`
 
 	// ReplacementMethod: What action should be used to replace instances.
@@ -23029,20 +24075,16 @@ type InstanceGroupManagerUpdatePolicy struct {
 	ReplacementMethod string `json:"replacementMethod,omitempty"`
 
 	// Type: The type of update process. You can specify either PROACTIVE so
-	// that the instance group manager proactively executes actions in order
-	// to bring instances to their target versions or OPPORTUNISTIC so that
-	// no action is proactively executed but the update will be performed as
-	// part of other actions (for example, resizes or recreateInstances
-	// calls).
-	//
-	// Possible values:
-	//   "OPPORTUNISTIC" - No action is being proactively performed in order
-	// to bring this IGM to its target version distribution (regardless of
-	// whether this distribution is expressed using instanceTemplate or
-	// versions field).
-	//   "PROACTIVE" - This IGM will actively converge to its target version
-	// distribution (regardless of whether this distribution is expressed
-	// using instanceTemplate or versions field).
+	// that the MIG automatically updates VMs to the latest configurations
+	// or OPPORTUNISTIC so that you can select the VMs that you want to
+	// update.
+	//
+	// Possible values:
+	//   "OPPORTUNISTIC" - MIG will apply new configurations to existing VMs
+	// only when you selectively target specific or all VMs to be updated.
+	//   "PROACTIVE" - MIG will automatically apply new configurations to
+	// all or a subset of existing VMs and also to new VMs that are added to
+	// the group.
 	Type string `json:"type,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g.
@@ -23173,45 +24215,44 @@ type InstanceGroupManagersApplyUpdatesRequest struct {
 	//
 	// Possible values:
 	//   "NONE" - Do not perform any action.
-	//   "REFRESH" - Updates applied in runtime, instances will not be
-	// disrupted.
-	//   "REPLACE" - Old instances will be deleted. New instances will be
-	// created from the target template.
-	//   "RESTART" - Every instance will be restarted.
+	//   "REFRESH" - Do not stop the instance.
+	//   "REPLACE" - (Default.) Replace the instance according to the
+	// replacement method option.
+	//   "RESTART" - Stop the instance and start it again.
 	MaximalAction string `json:"maximalAction,omitempty"`
 
 	// MinimalAction: The minimal action that you want to perform on each
 	// instance during the update: - REPLACE: At minimum, delete the
 	// instance and create it again. - RESTART: Stop the instance and start
-	// it again. - REFRESH: Do not stop the instance. - NONE: Do not disrupt
-	// the instance at all. By default, the minimum action is NONE. If your
-	// update requires a more disruptive action than you set with this flag,
-	// the necessary action is performed to execute the update.
+	// it again. - REFRESH: Do not stop the instance and limit disruption as
+	// much as possible. - NONE: Do not disrupt the instance at all. By
+	// default, the minimum action is NONE. If your update requires a more
+	// disruptive action than you set with this flag, the necessary action
+	// is performed to execute the update.
 	//
 	// Possible values:
 	//   "NONE" - Do not perform any action.
-	//   "REFRESH" - Updates applied in runtime, instances will not be
-	// disrupted.
-	//   "REPLACE" - Old instances will be deleted. New instances will be
-	// created from the target template.
-	//   "RESTART" - Every instance will be restarted.
+	//   "REFRESH" - Do not stop the instance.
+	//   "REPLACE" - (Default.) Replace the instance according to the
+	// replacement method option.
+	//   "RESTART" - Stop the instance and start it again.
 	MinimalAction string `json:"minimalAction,omitempty"`
 
 	// MostDisruptiveAllowedAction: The most disruptive action that you want
 	// to perform on each instance during the update: - REPLACE: Delete the
 	// instance and create it again. - RESTART: Stop the instance and start
-	// it again. - REFRESH: Do not stop the instance. - NONE: Do not disrupt
-	// the instance at all. By default, the most disruptive allowed action
-	// is REPLACE. If your update requires a more disruptive action than you
-	// set with this flag, the update request will fail.
+	// it again. - REFRESH: Do not stop the instance and limit disruption as
+	// much as possible. - NONE: Do not disrupt the instance at all. By
+	// default, the most disruptive allowed action is REPLACE. If your
+	// update requires a more disruptive action than you set with this flag,
+	// the update request will fail.
 	//
 	// Possible values:
 	//   "NONE" - Do not perform any action.
-	//   "REFRESH" - Updates applied in runtime, instances will not be
-	// disrupted.
-	//   "REPLACE" - Old instances will be deleted. New instances will be
-	// created from the target template.
-	//   "RESTART" - Every instance will be restarted.
+	//   "REFRESH" - Do not stop the instance.
+	//   "REPLACE" - (Default.) Replace the instance according to the
+	// replacement method option.
+	//   "RESTART" - Stop the instance and start it again.
 	MostDisruptiveAllowedAction string `json:"mostDisruptiveAllowedAction,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g. "AllInstances") to
@@ -23267,9 +24308,16 @@ func (s *InstanceGroupManagersCreateInstancesRequest) MarshalJSON() ([]byte, err
 }
 
 type InstanceGroupManagersDeleteInstancesRequest struct {
+	// InstanceNames: The list of instance names to delete. Queued instances
+	// do not have URL and can be deleted only by name. You cannot specify
+	// both URLs and names in a single request.
+	InstanceNames []string `json:"instanceNames,omitempty"`
+
 	// Instances: The URLs of one or more instances to delete. This can be a
 	// full URL or a partial URL, such as
-	// zones/[ZONE]/instances/[INSTANCE_NAME].
+	// zones/[ZONE]/instances/[INSTANCE_NAME]. Queued instances do not have
+	// URL and can be deleted only by name. One cannot specify both URLs and
+	// names in a single request.
 	Instances []string `json:"instances,omitempty"`
 
 	// SkipInstancesOnValidationError: Specifies whether the request should
@@ -23282,7 +24330,7 @@ type InstanceGroupManagersDeleteInstancesRequest struct {
 	// zone or region.
 	SkipInstancesOnValidationError bool `json:"skipInstancesOnValidationError,omitempty"`
 
-	// ForceSendFields is a list of field names (e.g. "Instances") to
+	// ForceSendFields is a list of field names (e.g. "InstanceNames") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
 	// non-pointer, non-interface field appearing in ForceSendFields will be
@@ -23290,10 +24338,10 @@ type InstanceGroupManagersDeleteInstancesRequest struct {
 	// This may be used to include empty fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "Instances") to include in
-	// API requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
+	// NullFields is a list of field names (e.g. "InstanceNames") to include
+	// in API requests with the JSON null value. By default, fields with
+	// empty values are omitted from API requests. However, any field with
+	// an empty value appearing in NullFields will be sent to the server as
 	// null. It is an error if a field in this list has a non-empty value.
 	// This may be used to include null fields in Patch requests.
 	NullFields []string `json:"-"`
@@ -23487,6 +24535,9 @@ type InstanceGroupManagersListPerInstanceConfigsRespWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -23796,6 +24847,9 @@ type InstanceGroupManagersScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -24239,6 +25293,9 @@ type InstanceGroupsListInstancesWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -24472,6 +25529,9 @@ type InstanceGroupsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -24698,6 +25758,9 @@ type InstanceListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -24888,6 +25951,9 @@ type InstanceListReferrersWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -25044,6 +26110,8 @@ type InstanceManagedByIgmErrorInstanceActionDetails struct {
 	// it is successful.
 	//   "CREATING_ATOMICALLY" - The managed instance group is creating this
 	// instance atomically.
+	//   "CREATING_IN_BULK" - The managed instance group is creating this
+	// instance in bulk.
 	//   "CREATING_WITHOUT_RETRIES" - The managed instance group is
 	// attempting to create this instance only once. If the group fails to
 	// create this instance, it does not try again and the group's
@@ -25289,6 +26357,10 @@ type InstanceProperties struct {
 	// supported yet.
 	NetworkPerformanceConfig *NetworkPerformanceConfig `json:"networkPerformanceConfig,omitempty"`
 
+	// PartnerMetadata: Partner Metadata assigned to the instance
+	// properties. A map from a subdomain (namespace) to entries map.
+	PartnerMetadata map[string]StructuredEntries `json:"partnerMetadata,omitempty"`
+
 	// PostKeyRevocationActionType: PostKeyRevocationActionType of the
 	// instance.
 	//
@@ -25455,6 +26527,96 @@ func (s *InstanceReference) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+// InstanceSettings: Represents a Instance Settings resource. You can
+// use instance settings to configure default settings for Compute
+// Engine VM instances. For example, you can use it to configure default
+// machine type of Compute Engine VM instances.
+type InstanceSettings struct {
+	// Email: Email address of the service account.
+	Email string `json:"email,omitempty"`
+
+	// Fingerprint: Specifies a fingerprint for instance settings, which is
+	// essentially a hash of the instance settings resource's contents and
+	// used for optimistic locking. The fingerprint is initially generated
+	// by Compute Engine and changes after every request to modify or update
+	// the instance settings resource. You must always provide an up-to-date
+	// fingerprint hash in order to update or change the resource, otherwise
+	// the request will fail with error 412 conditionNotMet. To see the
+	// latest fingerprint, make a get() request to retrieve the resource.
+	Fingerprint string `json:"fingerprint,omitempty"`
+
+	// Kind: [Output Only] Type of the resource. Always
+	// compute#instance_settings for instance settings.
+	Kind string `json:"kind,omitempty"`
+
+	// Metadata: The metadata key/value pairs assigned to all the instances
+	// in the corresponding scope.
+	Metadata *InstanceSettingsMetadata `json:"metadata,omitempty"`
+
+	// Zone: [Output Only] URL of the zone where the resource resides You
+	// must specify this field as part of the HTTP request URL. It is not
+	// settable as a field in the request body.
+	Zone string `json:"zone,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "Email") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Email") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *InstanceSettings) MarshalJSON() ([]byte, error) {
+	type NoMethod InstanceSettings
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type InstanceSettingsMetadata struct {
+	// Kind: [Output Only] Type of the resource. Always compute#metadata for
+	// metadata.
+	Kind string `json:"kind,omitempty"`
+
+	// Metadatas: A metadata key/value map. The total size of all keys and
+	// values must be less than 512KB.
+	Metadatas map[string]string `json:"metadatas,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Kind") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Kind") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *InstanceSettingsMetadata) MarshalJSON() ([]byte, error) {
+	type NoMethod InstanceSettingsMetadata
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 // InstanceTemplate: Represents an Instance Template resource. You can
 // use instance templates to create VM instances and managed instance
 // groups. For more information, read Instance Templates.
@@ -25621,6 +26783,9 @@ type InstanceTemplateAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -25811,6 +26976,9 @@ type InstanceTemplateListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -25981,6 +27149,9 @@ type InstanceTemplatesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -26099,9 +27270,9 @@ type InstanceWithNamedPorts struct {
 	// Status: [Output Only] The status of the instance.
 	//
 	// Possible values:
-	//   "DEPROVISIONING" - The Nanny is halted and we are performing tear
-	// down tasks like network deprogramming, releasing quota, IP, tearing
-	// down disks etc.
+	//   "DEPROVISIONING" - The instance is halted and we are performing
+	// tear down tasks like network deprogramming, releasing quota, IP,
+	// tearing down disks etc.
 	//   "PROVISIONING" - Resources are being allocated for the instance.
 	//   "REPAIRING" - The instance is in repair.
 	//   "RUNNING" - The instance is running.
@@ -26167,6 +27338,35 @@ func (s *InstancesAddResourcePoliciesRequest) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+type InstancesBulkInsertOperationMetadata struct {
+	// PerLocationStatus: Status information per location (location name is
+	// key). Example key: zones/us-central1-a
+	PerLocationStatus map[string]BulkInsertOperationStatus `json:"perLocationStatus,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "PerLocationStatus")
+	// to unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "PerLocationStatus") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *InstancesBulkInsertOperationMetadata) MarshalJSON() ([]byte, error) {
+	type NoMethod InstancesBulkInsertOperationMetadata
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 type InstancesGetEffectiveFirewallsResponse struct {
 	// FirewallPolicys: Effective firewalls from firewall policies.
 	FirewallPolicys []*InstancesGetEffectiveFirewallsResponseEffectiveFirewallPolicy `json:"firewallPolicys,omitempty"`
@@ -26413,6 +27613,9 @@ type InstancesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -26672,6 +27875,42 @@ func (s *InstancesSetNameRequest) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+type InstancesSetSecurityPolicyRequest struct {
+	// NetworkInterfaces: The network interfaces that the security policy
+	// will be applied to. Network interfaces use the nicN naming format.
+	// You can only set a security policy for network interfaces with an
+	// access config.
+	NetworkInterfaces []string `json:"networkInterfaces,omitempty"`
+
+	// SecurityPolicy: A full or partial URL to a security policy to add to
+	// this instance. If this field is set to an empty string it will remove
+	// the associated security policy.
+	SecurityPolicy string `json:"securityPolicy,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "NetworkInterfaces")
+	// to unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "NetworkInterfaces") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *InstancesSetSecurityPolicyRequest) MarshalJSON() ([]byte, error) {
+	type NoMethod InstancesSetSecurityPolicyRequest
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 type InstancesSetServiceAccountRequest struct {
 	// Email: Email address of the service account.
 	Email string `json:"email,omitempty"`
@@ -26965,6 +28204,9 @@ type InstantSnapshotAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -27207,6 +28449,9 @@ type InstantSnapshotListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -27433,6 +28678,9 @@ type InstantSnapshotsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -27575,9 +28823,9 @@ func (s *Int64RangeMatch) MarshalJSON() ([]byte, error) {
 }
 
 // Interconnect: Represents an Interconnect resource. An Interconnect
-// resource is a dedicated connection between the GCP network and your
-// on-premises network. For more information, read the Dedicated
-// Interconnect Overview.
+// resource is a dedicated connection between the Google Cloud network
+// and your on-premises network. For more information, read the
+// Dedicated Interconnect Overview.
 type Interconnect struct {
 	// AdminEnabled: Administrative status of the interconnect. When this is
 	// set to true, the Interconnect is functional and can carry traffic.
@@ -27586,6 +28834,17 @@ type Interconnect struct {
 	// set to true.
 	AdminEnabled bool `json:"adminEnabled,omitempty"`
 
+	// AvailableFeatures: [Output only] List of features available for this
+	// Interconnect connection, which can take one of the following values:
+	// - MACSEC If present then the interconnect was created on MACsec
+	// capable hardware ports. If not present then the interconnect is
+	// provisioned on non-MACsec capable ports and MACsec enablement will
+	// fail.
+	//
+	// Possible values:
+	//   "IF_MACSEC" - Media Access Control security (MACsec)
+	AvailableFeatures []string `json:"availableFeatures,omitempty"`
+
 	// CircuitInfos: [Output Only] A list of CircuitInfo objects, that
 	// describe the individual circuits in this LAG.
 	CircuitInfos []*InterconnectCircuitInfo `json:"circuitInfos,omitempty"`
@@ -27674,12 +28933,13 @@ type Interconnect struct {
 	Location string `json:"location,omitempty"`
 
 	// Macsec: Configuration to enable Media Access Control security
-	// (MACsec) on the Interconnect between Google and your on-premises
-	// router.
+	// (MACsec) on the Interconnect connection between Google and your
+	// on-premises router.
 	Macsec *InterconnectMacsec `json:"macsec,omitempty"`
 
-	// MacsecEnabled: Enable or disable MACsec on this Interconnect. MACsec
-	// enablement will fail if the macsec object is not specified.
+	// MacsecEnabled: Enable or disable MACsec on this Interconnect
+	// connection. MACsec enablement fails if the MACsec object is not
+	// specified.
 	MacsecEnabled bool `json:"macsecEnabled,omitempty"`
 
 	// Name: Name of the resource. Provided by the client when the resource
@@ -27731,13 +28991,23 @@ type Interconnect struct {
 	// the interconnect is connected to.
 	RemoteLocation string `json:"remoteLocation,omitempty"`
 
+	// RequestedFeatures: Optional. List of features requested for this
+	// Interconnect connection, which can take one of the following values:
+	// - MACSEC If specified then the interconnect will be created on MACsec
+	// capable hardware ports. If not specified, the default value is false,
+	// which will allocate non-MACsec capable ports first if available. This
+	// parameter can only be provided during interconnect INSERT and cannot
+	// be changed using interconnect PATCH.
+	//
+	// Possible values:
+	//   "IF_MACSEC" - Media Access Control security (MACsec)
+	RequestedFeatures []string `json:"requestedFeatures,omitempty"`
+
 	// RequestedLinkCount: Target number of physical links in the link
 	// bundle, as requested by the customer.
 	RequestedLinkCount int64 `json:"requestedLinkCount,omitempty"`
 
-	// SatisfiesPzs: [Output Only] Set to true if the resource satisfies the
-	// zone separation organization policy constraints and false otherwise.
-	// Defaults to false if the field is not present.
+	// SatisfiesPzs: [Output Only] Reserved for future use.
 	SatisfiesPzs bool `json:"satisfiesPzs,omitempty"`
 
 	// SelfLink: [Output Only] Server-defined URL for the resource.
@@ -27949,8 +29219,7 @@ type InterconnectAttachment struct {
 	// attachment. If this field is not specified when creating the VLAN
 	// attachment, then later on when creating an HA VPN gateway on this
 	// VLAN attachment, the HA VPN gateway's IP address is allocated from
-	// the regional external IP address pool. Not currently available
-	// publicly.
+	// the regional external IP address pool.
 	IpsecInternalAddresses []string `json:"ipsecInternalAddresses,omitempty"`
 
 	// Kind: [Output Only] Type of the resource. Always
@@ -28041,9 +29310,7 @@ type InterconnectAttachment struct {
 	// the network & region within which the Cloud Router is configured.
 	Router string `json:"router,omitempty"`
 
-	// SatisfiesPzs: [Output Only] Set to true if the resource satisfies the
-	// zone separation organization policy constraints and false otherwise.
-	// Defaults to false if the field is not present.
+	// SatisfiesPzs: [Output Only] Reserved for future use.
 	SatisfiesPzs bool `json:"satisfiesPzs,omitempty"`
 
 	// SelfLink: [Output Only] Server-defined URL for the resource.
@@ -28245,6 +29512,9 @@ type InterconnectAttachmentAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -28518,6 +29788,9 @@ type InterconnectAttachmentListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -28765,6 +30038,9 @@ type InterconnectAttachmentsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -28911,9 +30187,9 @@ func (s *InterconnectCircuitInfo) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// InterconnectDiagnostics: Diagnostics information about interconnect,
-// contains detailed and current technical information about Google's
-// side of the connection.
+// InterconnectDiagnostics: Diagnostics information about the
+// Interconnect connection, which contains detailed and current
+// technical information about Google's side of the connection.
 type InterconnectDiagnostics struct {
 	// ArpCaches: A list of InterconnectDiagnostics.ARPEntry objects,
 	// describing individual neighbors currently seen by the Google router
@@ -29293,6 +30569,9 @@ type InterconnectListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -29415,6 +30694,24 @@ type InterconnectLocation struct {
 	// zone. Example: "zone1" or "zone2".
 	AvailabilityZone string `json:"availabilityZone,omitempty"`
 
+	// AvailableFeatures: [Output only] List of features available at this
+	// InterconnectLocation, which can take one of the following values: -
+	// MACSEC
+	//
+	// Possible values:
+	//   "IF_MACSEC" - Media Access Control security (MACsec)
+	AvailableFeatures []string `json:"availableFeatures,omitempty"`
+
+	// AvailableLinkTypes: [Output only] List of link types available at
+	// this InterconnectLocation, which can take one of the following
+	// values: - LINK_TYPE_ETHERNET_10G_LR - LINK_TYPE_ETHERNET_100G_LR
+	//
+	// Possible values:
+	//   "LINK_TYPE_ETHERNET_100G_LR" - 100G Ethernet, LR Optics.
+	//   "LINK_TYPE_ETHERNET_10G_LR" - 10G Ethernet, LR Optics. [(rate_bps)
+	// = 10000000000];
+	AvailableLinkTypes []string `json:"availableLinkTypes,omitempty"`
+
 	// City: [Output Only] Metropolitan area designator that indicates which
 	// city an interconnect is located. For example: "Chicago, IL",
 	// "Amsterdam, Netherlands".
@@ -29492,9 +30789,7 @@ type InterconnectLocation struct {
 	// Interconnects.
 	Status string `json:"status,omitempty"`
 
-	// SupportsPzs: [Output Only] Set to true for locations that support
-	// physical zone separation. Defaults to false if the field is not
-	// present.
+	// SupportsPzs: [Output Only] Reserved for future use.
 	SupportsPzs bool `json:"supportsPzs,omitempty"`
 
 	// ServerResponse contains the HTTP response code and headers from the
@@ -29608,6 +30903,9 @@ type InterconnectLocationListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -29763,15 +31061,15 @@ func (s *InterconnectLocationRegionInfo) MarshalJSON() ([]byte, error) {
 }
 
 // InterconnectMacsec: Configuration information for enabling Media
-// Access Control security (Macsec) on this Interconnect between Google
-// and your on-premises router.
+// Access Control security (MACsec) on this Interconnect connection
+// between Google and your on-premises router.
 type InterconnectMacsec struct {
-	// FailOpen: If set to true, the Interconnect will be configured with a
-	// should-secure MACsec security policy, that allows the Google router
-	// to fallback to cleartext traffic if the MKA session cannot be
-	// established. By default, the Interconnect will be configured with a
-	// must-secure security policy that drops all traffic if the MKA session
-	// cannot be established with your router.
+	// FailOpen: If set to true, the Interconnect connection is configured
+	// with a should-secure MACsec security policy, that allows the Google
+	// router to fallback to cleartext traffic if the MKA session cannot be
+	// established. By default, the Interconnect connection is configured
+	// with a must-secure security policy that drops all traffic if the MKA
+	// session cannot be established with your router.
 	FailOpen bool `json:"failOpen,omitempty"`
 
 	// PreSharedKeys: Required. A keychain placeholder describing a set of
@@ -29805,14 +31103,15 @@ func (s *InterconnectMacsec) MarshalJSON() ([]byte, error) {
 }
 
 // InterconnectMacsecConfig: MACsec configuration information for the
-// Interconnect. Contains the generated Connectivity Association Key
-// Name (CKN) and the key (CAK) for this Interconnect.
+// Interconnect connection. Contains the generated Connectivity
+// Association Key Name (CKN) and the key (CAK) for this Interconnect
+// connection.
 type InterconnectMacsecConfig struct {
 	// PreSharedKeys: A keychain placeholder describing a set of named key
-	// objects along with their start times. A MACsec CKN/CAK will be
-	// generated for each key in the key chain. Google router will
-	// automatically pick the key with the most recent startTime when
-	// establishing or re-establishing a MACsec secure link.
+	// objects along with their start times. A MACsec CKN/CAK is generated
+	// for each key in the key chain. Google router automatically picks the
+	// key with the most recent startTime when establishing or
+	// re-establishing a MACsec secure link.
 	PreSharedKeys []*InterconnectMacsecConfigPreSharedKey `json:"preSharedKeys,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g. "PreSharedKeys") to
@@ -30024,7 +31323,7 @@ func (s *InterconnectOutageNotification) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// InterconnectRemoteLocation: Represents an Cross-Cloud Interconnect
+// InterconnectRemoteLocation: Represents a Cross-Cloud Interconnect
 // Remote Location resource. You can use this resource to find remote
 // location details about an Interconnect attachment (VLAN).
 type InterconnectRemoteLocation struct {
@@ -30088,8 +31387,8 @@ type InterconnectRemoteLocation struct {
 	// Possible values:
 	//   "LACP_SUPPORTED" - LACP_SUPPORTED: LACP is supported, and enabled
 	// by default on the Cross-Cloud Interconnect.
-	//   "LACP_UNSUPPORTED" - LACP_UNSUPPORTED: LACP is not supported and
-	// will not be enabled on this port. GetDiagnostics will show
+	//   "LACP_UNSUPPORTED" - LACP_UNSUPPORTED: LACP is not supported and is
+	// not be enabled on this port. GetDiagnostics shows
 	// bundleAggregationType as "static". GCP does not support LAGs without
 	// LACP, so requestedLinkCount must be 1.
 	Lacp string `json:"lacp,omitempty"`
@@ -30177,7 +31476,7 @@ type InterconnectRemoteLocationConstraints struct {
 	// incompatible with their cloud provider. Specifically, when ordering a
 	// redundant pair of Cross-Cloud Interconnect ports, and one of them
 	// uses a remote location with portPairMatchingRemoteLocation set to
-	// matching, the UI will require that both ports use the same remote
+	// matching, the UI requires that both ports use the same remote
 	// location.
 	//
 	// Possible values:
@@ -30284,12 +31583,11 @@ type InterconnectRemoteLocationList struct {
 	// remote locations.
 	Kind string `json:"kind,omitempty"`
 
-	// NextPageToken: [Output Only] This token allows you to get the next
-	// page of results for list requests. If the number of results is larger
-	// than maxResults, use the nextPageToken as a value for the query
-	// parameter pageToken in the next list request. Subsequent list
-	// requests will have their own nextPageToken to continue paging through
-	// the results.
+	// NextPageToken: [Output Only] This token lets you get the next page of
+	// results for list requests. If the number of results is larger than
+	// maxResults, use the nextPageToken as a value for the query parameter
+	// pageToken in the next list request. Subsequent list requests will
+	// have their own nextPageToken to continue paging through the results.
 	NextPageToken string `json:"nextPageToken,omitempty"`
 
 	// SelfLink: [Output Only] Server-defined URL for this resource.
@@ -30354,6 +31652,9 @@ type InterconnectRemoteLocationListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -30722,6 +32023,9 @@ type IpAddressesListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -30911,6 +32215,9 @@ type IpOwnerListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -31443,6 +32750,9 @@ type LicensesListResponseWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -32133,6 +33443,9 @@ type MachineImageListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -32349,7 +33662,7 @@ type MachineTypeAccelerators struct {
 	GuestAcceleratorCount int64 `json:"guestAcceleratorCount,omitempty"`
 
 	// GuestAcceleratorType: The accelerator type resource name, not a full
-	// URL, e.g. 'nvidia-tesla-k80'.
+	// URL, e.g. nvidia-tesla-t4.
 	GuestAcceleratorType string `json:"guestAcceleratorType,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g.
@@ -32463,6 +33776,9 @@ type MachineTypeAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -32652,6 +33968,9 @@ type MachineTypeListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -32820,6 +34139,9 @@ type MachineTypesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -32964,6 +34286,8 @@ type ManagedInstance struct {
 	// it is successful.
 	//   "CREATING_ATOMICALLY" - The managed instance group is creating this
 	// instance atomically.
+	//   "CREATING_IN_BULK" - The managed instance group is creating this
+	// instance in bulk.
 	//   "CREATING_WITHOUT_RETRIES" - The managed instance group is
 	// attempting to create this instance only once. If the group fails to
 	// create this instance, it does not try again and the group's
@@ -33011,9 +34335,9 @@ type ManagedInstance struct {
 	// is empty when the instance does not exist.
 	//
 	// Possible values:
-	//   "DEPROVISIONING" - The Nanny is halted and we are performing tear
-	// down tasks like network deprogramming, releasing quota, IP, tearing
-	// down disks etc.
+	//   "DEPROVISIONING" - The instance is halted and we are performing
+	// tear down tasks like network deprogramming, releasing quota, IP,
+	// tearing down disks etc.
 	//   "PROVISIONING" - Resources are being allocated for the instance.
 	//   "REPAIRING" - The instance is in repair.
 	//   "RUNNING" - The instance is running.
@@ -33557,6 +34881,46 @@ func (s *MetadataFilterLabelMatch) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+// Money: Represents an amount of money with its currency type.
+type Money struct {
+	// CurrencyCode: The three-letter currency code defined in ISO 4217.
+	CurrencyCode string `json:"currencyCode,omitempty"`
+
+	// Nanos: Number of nano (10^-9) units of the amount. The value must be
+	// between -999,999,999 and +999,999,999 inclusive. If `units` is
+	// positive, `nanos` must be positive or zero. If `units` is zero,
+	// `nanos` can be positive, zero, or negative. If `units` is negative,
+	// `nanos` must be negative or zero. For example $-1.75 is represented
+	// as `units`=-1 and `nanos`=-750,000,000.
+	Nanos int64 `json:"nanos,omitempty"`
+
+	// Units: The whole units of the amount. For example if `currencyCode`
+	// is "USD", then 1 unit is one US dollar.
+	Units int64 `json:"units,omitempty,string"`
+
+	// ForceSendFields is a list of field names (e.g. "CurrencyCode") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "CurrencyCode") to include
+	// in API requests with the JSON null value. By default, fields with
+	// empty values are omitted from API requests. However, any field with
+	// an empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *Money) MarshalJSON() ([]byte, error) {
+	type NoMethod Money
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 // MutualTls: [Deprecated] Configuration for the mutual Tls mode for
 // peer authentication. Configuration for the mutual Tls mode for peer
 // authentication.
@@ -33630,6 +34994,113 @@ func (s *NamedPort) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+// NatIpInfo: Contains NAT IP information of a NAT config (i.e. usage
+// status, mode).
+type NatIpInfo struct {
+	// NatIpInfoMappings: A list of all NAT IPs assigned to this NAT config.
+	NatIpInfoMappings []*NatIpInfoNatIpInfoMapping `json:"natIpInfoMappings,omitempty"`
+
+	// NatName: Name of the NAT config which the NAT IP belongs to.
+	NatName string `json:"natName,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "NatIpInfoMappings")
+	// to unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "NatIpInfoMappings") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *NatIpInfo) MarshalJSON() ([]byte, error) {
+	type NoMethod NatIpInfo
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// NatIpInfoNatIpInfoMapping: Contains information of a NAT IP.
+type NatIpInfoNatIpInfoMapping struct {
+	// Mode: Specifies whether NAT IP is auto or manual.
+	//
+	// Possible values:
+	//   "AUTO"
+	//   "MANUAL"
+	Mode string `json:"mode,omitempty"`
+
+	// NatIp: NAT IP address. For example: 203.0.113.11.
+	NatIp string `json:"natIp,omitempty"`
+
+	// Usage: Specifies whether NAT IP is currently serving at least one
+	// endpoint or not.
+	//
+	// Possible values:
+	//   "IN_USE"
+	//   "UNUSED"
+	Usage string `json:"usage,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Mode") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Mode") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *NatIpInfoNatIpInfoMapping) MarshalJSON() ([]byte, error) {
+	type NoMethod NatIpInfoNatIpInfoMapping
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type NatIpInfoResponse struct {
+	// Result: [Output Only] A list of NAT IP information.
+	Result []*NatIpInfo `json:"result,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "Result") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Result") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *NatIpInfoResponse) MarshalJSON() ([]byte, error) {
+	type NoMethod NatIpInfoResponse
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 // Network: Represents a VPC Network resource. Networks connect
 // resources to each other and to the internet. For more information,
 // read Virtual Private Cloud (VPC) Network.
@@ -33667,7 +35138,7 @@ type Network struct {
 	FirewallPolicy string `json:"firewallPolicy,omitempty"`
 
 	// GatewayIPv4: [Output Only] The gateway address for default routing
-	// out of the network, selected by GCP.
+	// out of the network, selected by Google Cloud.
 	GatewayIPv4 string `json:"gatewayIPv4,omitempty"`
 
 	// Id: [Output Only] The unique identifier for the resource. This
@@ -33785,10 +35256,9 @@ type NetworkAttachment struct {
 	// property when you create the resource.
 	Description string `json:"description,omitempty"`
 
-	// Fingerprint: [Output Only] Fingerprint of this resource. A hash of
-	// the contents stored in this object. This field is used in optimistic
-	// locking. An up-to-date fingerprint must be provided in order to
-	// patch.
+	// Fingerprint: Fingerprint of this resource. A hash of the contents
+	// stored in this object. This field is used in optimistic locking. An
+	// up-to-date fingerprint must be provided in order to patch.
 	Fingerprint string `json:"fingerprint,omitempty"`
 
 	// Id: [Output Only] The unique identifier for the resource type. The
@@ -33808,7 +35278,11 @@ type NetworkAttachment struct {
 	Name string `json:"name,omitempty"`
 
 	// Network: [Output Only] The URL of the network which the Network
-	// Attachment belongs to.
+	// Attachment belongs to. Practically it is inferred by fetching the
+	// network of the first subnetwork associated. Because it is required
+	// that all the subnetworks must be from the same network, it is assured
+	// that the Network Attachment belongs to the same network as all the
+	// subnetworks.
 	Network string `json:"network,omitempty"`
 
 	// ProducerAcceptLists: Projects that are allowed to connect to this
@@ -33949,6 +35423,9 @@ type NetworkAttachmentAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -34059,15 +35536,20 @@ func (s *NetworkAttachmentAggregatedListWarningData) MarshalJSON() ([]byte, erro
 // NetworkAttachmentConnectedEndpoint: [Output Only] A connection
 // connected to this network attachment.
 type NetworkAttachmentConnectedEndpoint struct {
-	// IpAddress: The IP address assigned to the producer instance network
+	// IpAddress: The IPv4 address assigned to the producer instance network
 	// interface. This value will be a range in case of Serverless.
 	IpAddress string `json:"ipAddress,omitempty"`
 
+	// Ipv6Address: The IPv6 address assigned to the producer instance
+	// network interface. This is only assigned when the stack types of both
+	// the instance network interface and the consumer subnet are IPv4_IPv6.
+	Ipv6Address string `json:"ipv6Address,omitempty"`
+
 	// ProjectIdOrNum: The project id or number of the interface to which
 	// the IP was assigned.
 	ProjectIdOrNum string `json:"projectIdOrNum,omitempty"`
 
-	// SecondaryIpCidrRanges: Alias IP ranges from the same subnetwork
+	// SecondaryIpCidrRanges: Alias IP ranges from the same subnetwork.
 	SecondaryIpCidrRanges []string `json:"secondaryIpCidrRanges,omitempty"`
 
 	// Status: The status of a connected endpoint to this network
@@ -34193,6 +35675,9 @@ type NetworkAttachmentListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -34362,6 +35847,9 @@ type NetworkAttachmentsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -34638,6 +36126,9 @@ type NetworkEdgeSecurityServiceAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -34808,6 +36299,9 @@ type NetworkEdgeSecurityServicesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -34939,6 +36433,9 @@ type NetworkEndpoint struct {
 	// the network endpoint group belongs to will be used.
 	IpAddress string `json:"ipAddress,omitempty"`
 
+	// Ipv6Address: Optional IPv6 address of network endpoint.
+	Ipv6Address string `json:"ipv6Address,omitempty"`
+
 	// Port: Optional port number of network endpoint. If not specified, the
 	// defaultPort for the network endpoint group will be used.
 	Port int64 `json:"port,omitempty"`
@@ -35209,6 +36706,9 @@ type NetworkEndpointGroupAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -35585,6 +37085,9 @@ type NetworkEndpointGroupListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -36002,6 +37505,9 @@ type NetworkEndpointGroupsListNetworkEndpointsWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -36173,6 +37679,9 @@ type NetworkEndpointGroupsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -36354,9 +37863,9 @@ type NetworkInterface struct {
 
 	// Ipv6Address: An IPv6 internal network address for this network
 	// interface. To use a static internal IP address, it must be unused and
-	// in the same region as the instance's zone. If not specified, GCP will
-	// automatically assign an internal IPv6 address from the instance's
-	// subnetwork.
+	// in the same region as the instance's zone. If not specified, Google
+	// Cloud will automatically assign an internal IPv6 address from the
+	// instance's subnetwork.
 	Ipv6Address string `json:"ipv6Address,omitempty"`
 
 	// Kind: [Output Only] Type of the resource. Always
@@ -36411,10 +37920,11 @@ type NetworkInterface struct {
 	// number. It'll be empty if not specified by the users.
 	QueueCount int64 `json:"queueCount,omitempty"`
 
-	// StackType: The stack type for this network interface to identify
-	// whether the IPv6 feature is enabled or not. If not specified,
-	// IPV4_ONLY will be used. This field can be both set at instance
-	// creation and update network interface operations.
+	// StackType: The stack type for this network interface. To assign only
+	// IPv4 addresses, use IPV4_ONLY. To assign both IPv4 and IPv6
+	// addresses, use IPV4_IPV6. If not specified, IPV4_ONLY is used. This
+	// field can be both set at instance creation and update network
+	// interface operations.
 	//
 	// Possible values:
 	//   "IPV4_IPV6" - The network interface can have both IPv4 and IPv6
@@ -36600,6 +38110,9 @@ type NetworkListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -37160,6 +38673,28 @@ type NodeGroup struct {
 	// location_hint present in the NodeTemplate.
 	LocationHint string `json:"locationHint,omitempty"`
 
+	// MaintenanceInterval: Specifies the frequency of planned maintenance
+	// events. The accepted values are: `AS_NEEDED` and `RECURRENT`.
+	//
+	// Possible values:
+	//   "AS_NEEDED" - VMs are eligible to receive infrastructure and
+	// hypervisor updates as they become available. This may result in more
+	// maintenance operations (live migrations or terminations) for the VM
+	// than the PERIODIC and RECURRENT options.
+	//   "PERIODIC" - VMs receive infrastructure and hypervisor updates on a
+	// periodic basis, minimizing the number of maintenance operations (live
+	// migrations or terminations) on an individual VM. This may mean a VM
+	// will take longer to receive an update than if it was configured for
+	// AS_NEEDED. Security updates will still be applied as soon as they are
+	// available.
+	//   "RECURRENT" - VMs receive infrastructure and hypervisor updates on
+	// a periodic basis, minimizing the number of maintenance operations
+	// (live migrations or terminations) on an individual VM. This may mean
+	// a VM will take longer to receive an update than if it was configured
+	// for AS_NEEDED. Security updates will still be applied as soon as they
+	// are available. RECURRENT is used for GEN3 and Slice of Hardware VMs.
+	MaintenanceInterval string `json:"maintenanceInterval,omitempty"`
+
 	// MaintenancePolicy: Specifies how to handle instances when a node in
 	// the group undergoes maintenance. Set to one of: DEFAULT,
 	// RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value is
@@ -37333,6 +38868,9 @@ type NodeGroupAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -37564,6 +39102,9 @@ type NodeGroupListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -37764,6 +39305,10 @@ type NodeGroupNode struct {
 	// TotalResources: Total amount of available resources on the node.
 	TotalResources *InstanceConsumptionInfo `json:"totalResources,omitempty"`
 
+	// UpcomingMaintenance: [Output Only] The information about an upcoming
+	// maintenance event.
+	UpcomingMaintenance *UpcomingMaintenance `json:"upcomingMaintenance,omitempty"`
+
 	// ForceSendFields is a list of field names (e.g. "Accelerators") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
@@ -37926,6 +39471,9 @@ type NodeGroupsListNodesWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -38033,6 +39581,37 @@ func (s *NodeGroupsListNodesWarningData) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+type NodeGroupsPerformMaintenanceRequest struct {
+	// Nodes: [Required] List of nodes affected by the call.
+	Nodes []string `json:"nodes,omitempty"`
+
+	// StartTime: The start time of the schedule. The timestamp is an
+	// RFC3339 string.
+	StartTime string `json:"startTime,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Nodes") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Nodes") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *NodeGroupsPerformMaintenanceRequest) MarshalJSON() ([]byte, error) {
+	type NoMethod NodeGroupsPerformMaintenanceRequest
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 type NodeGroupsScopedList struct {
 	// NodeGroups: [Output Only] A list of node groups contained in this
 	// scope.
@@ -38094,6 +39673,9 @@ type NodeGroupsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -38306,11 +39888,7 @@ type NodeTemplate struct {
 	// this template.
 	NodeType string `json:"nodeType,omitempty"`
 
-	// NodeTypeFlexibility: The flexible properties of the desired node
-	// type. Node groups that use this node template will create nodes of a
-	// type that matches these properties. This field is mutually exclusive
-	// with the node_type property; you can only define one or the other,
-	// but not both.
+	// NodeTypeFlexibility: Do not use. Instead, use the node_type property.
 	NodeTypeFlexibility *NodeTemplateNodeTypeFlexibility `json:"nodeTypeFlexibility,omitempty"`
 
 	// Region: [Output Only] The name of the region where the node template
@@ -38459,6 +40037,9 @@ type NodeTemplateAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -38648,6 +40229,9 @@ type NodeTemplateListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -38846,6 +40430,9 @@ type NodeTemplatesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -39121,6 +40708,9 @@ type NodeTypeAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -39310,6 +40900,9 @@ type NodeTypeListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -39478,6 +41071,9 @@ type NodeTypesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -39743,6 +41339,9 @@ type NotificationEndpointAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -39984,6 +41583,9 @@ type NotificationEndpointListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -40151,6 +41753,9 @@ type NotificationEndpointsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -40308,6 +41913,8 @@ type Operation struct {
 	// This value is in RFC3339 text format.
 	InsertTime string `json:"insertTime,omitempty"`
 
+	InstancesBulkInsertOperationMetadata *InstancesBulkInsertOperationMetadata `json:"instancesBulkInsertOperationMetadata,omitempty"`
+
 	// Kind: [Output Only] Type of the resource. Always `compute#operation`
 	// for Operation resources.
 	Kind string `json:"kind,omitempty"`
@@ -40342,6 +41949,11 @@ type Operation struct {
 	// with the resource id.
 	SelfLinkWithId string `json:"selfLinkWithId,omitempty"`
 
+	// SetCommonInstanceMetadataOperationMetadata: [Output Only] If the
+	// operation is for projects.setCommonInstanceMetadata, this field will
+	// contain information on all underlying zonal actions and their state.
+	SetCommonInstanceMetadataOperationMetadata *SetCommonInstanceMetadataOperationMetadata `json:"setCommonInstanceMetadataOperationMetadata,omitempty"`
+
 	// StartTime: [Output Only] The time that this operation was started by
 	// the server. This value is in RFC3339 text format.
 	StartTime string `json:"startTime,omitempty"`
@@ -40369,7 +41981,8 @@ type Operation struct {
 	TargetLink string `json:"targetLink,omitempty"`
 
 	// User: [Output Only] User who requested the operation, for example:
-	// `user@example.com`.
+	// `user@example.com` or `alice_smith_identifier
+	// (global/workforcePools/example-com-us-employees)`.
 	User string `json:"user,omitempty"`
 
 	// Warnings: [Output Only] If warning messages are generated during
@@ -40538,6 +42151,9 @@ type OperationWarnings struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -40730,6 +42346,9 @@ type OperationAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -40919,6 +42538,9 @@ type OperationListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -41087,6 +42709,9 @@ type OperationsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -41262,80 +42887,83 @@ func (s *OriginAuthenticationMethod) MarshalJSON() ([]byte, error) {
 // OutlierDetection: Settings controlling the eviction of unhealthy
 // hosts from the load balancing pool for the backend service.
 type OutlierDetection struct {
-	// BaseEjectionTime: The base time that a host is ejected for. The real
-	// ejection time is equal to the base ejection time multiplied by the
-	// number of times the host has been ejected. Defaults to 30000ms or
-	// 30s.
+	// BaseEjectionTime: The base time that a backend endpoint is ejected
+	// for. Defaults to 30000ms or 30s. After a backend endpoint is returned
+	// back to the load balancing pool, it can be ejected again in another
+	// ejection analysis. Thus, the total ejection time is equal to the base
+	// ejection time multiplied by the number of times the backend endpoint
+	// has been ejected. Defaults to 30000ms or 30s.
 	BaseEjectionTime *Duration `json:"baseEjectionTime,omitempty"`
 
-	// ConsecutiveErrors: Number of errors before a host is ejected from the
-	// connection pool. When the backend host is accessed over HTTP, a 5xx
-	// return code qualifies as an error. Defaults to 5. Not supported when
-	// the backend service is referenced by a URL map that is bound to
-	// target gRPC proxy that has validateForProxyless field set to true.
+	// ConsecutiveErrors: Number of consecutive errors before a backend
+	// endpoint is ejected from the load balancing pool. When the backend
+	// endpoint is accessed over HTTP, a 5xx return code qualifies as an
+	// error. Defaults to 5.
 	ConsecutiveErrors int64 `json:"consecutiveErrors,omitempty"`
 
 	// ConsecutiveGatewayFailure: The number of consecutive gateway failures
 	// (502, 503, 504 status or connection errors that are mapped to one of
 	// those status codes) before a consecutive gateway failure ejection
-	// occurs. Defaults to 3. Not supported when the backend service is
-	// referenced by a URL map that is bound to target gRPC proxy that has
-	// validateForProxyless field set to true.
+	// occurs. Defaults to 3.
 	ConsecutiveGatewayFailure int64 `json:"consecutiveGatewayFailure,omitempty"`
 
-	// EnforcingConsecutiveErrors: The percentage chance that a host will be
-	// actually ejected when an outlier status is detected through
+	// EnforcingConsecutiveErrors: The percentage chance that a backend
+	// endpoint will be ejected when an outlier status is detected through
 	// consecutive 5xx. This setting can be used to disable ejection or to
-	// ramp it up slowly. Defaults to 0. Not supported when the backend
-	// service is referenced by a URL map that is bound to target gRPC proxy
-	// that has validateForProxyless field set to true.
+	// ramp it up slowly. Defaults to 0.
 	EnforcingConsecutiveErrors int64 `json:"enforcingConsecutiveErrors,omitempty"`
 
-	// EnforcingConsecutiveGatewayFailure: The percentage chance that a host
-	// will be actually ejected when an outlier status is detected through
-	// consecutive gateway failures. This setting can be used to disable
-	// ejection or to ramp it up slowly. Defaults to 100. Not supported when
-	// the backend service is referenced by a URL map that is bound to
-	// target gRPC proxy that has validateForProxyless field set to true.
+	// EnforcingConsecutiveGatewayFailure: The percentage chance that a
+	// backend endpoint will be ejected when an outlier status is detected
+	// through consecutive gateway failures. This setting can be used to
+	// disable ejection or to ramp it up slowly. Defaults to 100.
 	EnforcingConsecutiveGatewayFailure int64 `json:"enforcingConsecutiveGatewayFailure,omitempty"`
 
-	// EnforcingSuccessRate: The percentage chance that a host will be
-	// actually ejected when an outlier status is detected through success
+	// EnforcingSuccessRate: The percentage chance that a backend endpoint
+	// will be ejected when an outlier status is detected through success
 	// rate statistics. This setting can be used to disable ejection or to
-	// ramp it up slowly. Defaults to 100.
+	// ramp it up slowly. Defaults to 100. Not supported when the backend
+	// service uses Serverless NEG.
 	EnforcingSuccessRate int64 `json:"enforcingSuccessRate,omitempty"`
 
 	// Interval: Time interval between ejection analysis sweeps. This can
-	// result in both new ejections as well as hosts being returned to
-	// service. Defaults to 1 second.
+	// result in both new ejections and backend endpoints being returned to
+	// service. The interval is equal to the number of seconds as defined in
+	// outlierDetection.interval.seconds plus the number of nanoseconds as
+	// defined in outlierDetection.interval.nanos. Defaults to 1 second.
 	Interval *Duration `json:"interval,omitempty"`
 
-	// MaxEjectionPercent: Maximum percentage of hosts in the load balancing
-	// pool for the backend service that can be ejected. Defaults to 50%.
+	// MaxEjectionPercent: Maximum percentage of backend endpoints in the
+	// load balancing pool for the backend service that can be ejected if
+	// the ejection conditions are met. Defaults to 50%.
 	MaxEjectionPercent int64 `json:"maxEjectionPercent,omitempty"`
 
-	// SuccessRateMinimumHosts: The number of hosts in a cluster that must
-	// have enough request volume to detect success rate outliers. If the
-	// number of hosts is less than this setting, outlier detection via
-	// success rate statistics is not performed for any host in the cluster.
-	// Defaults to 5.
+	// SuccessRateMinimumHosts: The number of backend endpoints in the load
+	// balancing pool that must have enough request volume to detect success
+	// rate outliers. If the number of backend endpoints is fewer than this
+	// setting, outlier detection via success rate statistics is not
+	// performed for any backend endpoint in the load balancing pool.
+	// Defaults to 5. Not supported when the backend service uses Serverless
+	// NEG.
 	SuccessRateMinimumHosts int64 `json:"successRateMinimumHosts,omitempty"`
 
 	// SuccessRateRequestVolume: The minimum number of total requests that
 	// must be collected in one interval (as defined by the interval
-	// duration above) to include this host in success rate based outlier
-	// detection. If the volume is lower than this setting, outlier
-	// detection via success rate statistics is not performed for that host.
-	// Defaults to 100.
+	// duration above) to include this backend endpoint in success rate
+	// based outlier detection. If the volume is lower than this setting,
+	// outlier detection via success rate statistics is not performed for
+	// that backend endpoint. Defaults to 100. Not supported when the
+	// backend service uses Serverless NEG.
 	SuccessRateRequestVolume int64 `json:"successRateRequestVolume,omitempty"`
 
 	// SuccessRateStdevFactor: This factor is used to determine the ejection
 	// threshold for success rate outlier ejection. The ejection threshold
 	// is the difference between the mean success rate, and the product of
 	// this factor and the standard deviation of the mean success rate: mean
-	// - (stdev * success_rate_stdev_factor). This factor is divided by a
+	// - (stdev * successRateStdevFactor). This factor is divided by a
 	// thousand to get a double. That is, if the desired factor is 1.9, the
-	// runtime value should be 1900. Defaults to 1900.
+	// runtime value should be 1900. Defaults to 1900. Not supported when
+	// the backend service uses Serverless NEG.
 	SuccessRateStdevFactor int64 `json:"successRateStdevFactor,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g. "BaseEjectionTime") to
@@ -41614,6 +43242,9 @@ type PacketMirroringAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -41882,6 +43513,9 @@ type PacketMirroringListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -42186,6 +43820,9 @@ type PacketMirroringsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -42293,6 +43930,47 @@ func (s *PacketMirroringsScopedListWarningData) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+// PartnerMetadata: Model definition of partner_metadata field. To be
+// used in dedicated Partner Metadata methods and to be inlined in the
+// Instance and InstanceTemplate resources.
+type PartnerMetadata struct {
+	// Fingerprint: Instance-level hash to be used for optimistic locking.
+	Fingerprint string `json:"fingerprint,omitempty"`
+
+	// PartnerMetadata: Partner Metadata assigned to the instance. A map
+	// from a subdomain to entries map. Subdomain name must be compliant
+	// with RFC1035 definition. The total size of all keys and values must
+	// be less than 2MB. Subdomain 'metadata.compute.googleapis.com' is
+	// reserverd for instance's metadata.
+	PartnerMetadata map[string]StructuredEntries `json:"partnerMetadata,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "Fingerprint") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Fingerprint") to include
+	// in API requests with the JSON null value. By default, fields with
+	// empty values are omitted from API requests. However, any field with
+	// an empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *PartnerMetadata) MarshalJSON() ([]byte, error) {
+	type NoMethod PartnerMetadata
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 // PathMatcher: A matcher for the path portion of the URL. The
 // BackendService from the longest-matched rule will serve the URL. If
 // no rule was matched, the default service is used.
@@ -43107,6 +44785,17 @@ type Project struct {
 	// projects.
 	Kind string `json:"kind,omitempty"`
 
+	// ManagedProtectionTier: [Output Only] The Cloud Armor Managed
+	// Protection (CAMP) tier for this project. It can be one of the
+	// following values: CA_STANDARD, CAMP_PLUS_MONTHLY. If this field is
+	// not specified, it is assumed to be CA_STANDARD.
+	//
+	// Possible values:
+	//   "CAMP_PLUS_ANNUAL" - Plus tier protection annual.
+	//   "CAMP_PLUS_MONTHLY" - Plus tier protection monthly.
+	//   "CA_STANDARD" - Standard protection.
+	ManagedProtectionTier string `json:"managedProtectionTier,omitempty"`
+
 	// Name: The project ID. For example: my-example-project. Use the
 	// project ID to make requests to Compute Engine.
 	Name string `json:"name,omitempty"`
@@ -43371,6 +45060,40 @@ func (s *ProjectsSetDefaultServiceAccountRequest) MarshalJSON() ([]byte, error)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+type ProjectsSetManagedProtectionTierRequest struct {
+	// ManagedProtectionTier: Managed protection tier to be set.
+	//
+	// Possible values:
+	//   "CAMP_PLUS_ANNUAL" - Plus tier protection annual.
+	//   "CAMP_PLUS_MONTHLY" - Plus tier protection monthly.
+	//   "CA_STANDARD" - Standard protection.
+	ManagedProtectionTier string `json:"managedProtectionTier,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g.
+	// "ManagedProtectionTier") to unconditionally include in API requests.
+	// By default, fields with empty or default values are omitted from API
+	// requests. However, any non-pointer, non-interface field appearing in
+	// ForceSendFields will be sent to the server regardless of whether the
+	// field is empty or not. This may be used to include empty fields in
+	// Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "ManagedProtectionTier") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *ProjectsSetManagedProtectionTierRequest) MarshalJSON() ([]byte, error) {
+	type NoMethod ProjectsSetManagedProtectionTierRequest
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 // PublicAdvertisedPrefix: A public advertised prefix represents an
 // aggregated IP prefix or netblock which customers bring to cloud. The
 // IP prefix is a single unit of route advertisement and is announced
@@ -43384,7 +45107,7 @@ type PublicAdvertisedPrefix struct {
 	// property when you create the resource.
 	Description string `json:"description,omitempty"`
 
-	// DnsVerificationIp: The IPv4 address to be used for reverse DNS
+	// DnsVerificationIp: The address to be used for reverse DNS
 	// verification.
 	DnsVerificationIp string `json:"dnsVerificationIp,omitempty"`
 
@@ -43401,8 +45124,8 @@ type PublicAdvertisedPrefix struct {
 	// server generates this identifier.
 	Id uint64 `json:"id,omitempty,string"`
 
-	// IpCidrRange: The IPv4 address range, in CIDR format, represented by
-	// this public advertised prefix.
+	// IpCidrRange: The address range, in CIDR format, represented by this
+	// public advertised prefix.
 	IpCidrRange string `json:"ipCidrRange,omitempty"`
 
 	// Kind: [Output Only] Type of the resource. Always
@@ -43584,6 +45307,9 @@ type PublicAdvertisedPrefixListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -43743,6 +45469,12 @@ func (s *PublicAdvertisedPrefixPublicDelegatedPrefix) MarshalJSON() ([]byte, err
 // may be further broken up into smaller IP blocks in the same scope as
 // the parent block.
 type PublicDelegatedPrefix struct {
+	// AllocatablePrefixLength: The allocatable prefix length supported by
+	// this public delegated prefix. This field is optional and cannot be
+	// set for prefixes in DELEGATION mode. It cannot be set for IPv4
+	// prefixes either, and it always defaults to 32.
+	AllocatablePrefixLength int64 `json:"allocatablePrefixLength,omitempty"`
+
 	// CreationTimestamp: [Output Only] Creation timestamp in RFC3339 text
 	// format.
 	CreationTimestamp string `json:"creationTimestamp,omitempty"`
@@ -43764,7 +45496,7 @@ type PublicDelegatedPrefix struct {
 	// server generates this identifier.
 	Id uint64 `json:"id,omitempty,string"`
 
-	// IpCidrRange: The IPv4 address range, in CIDR format, represented by
+	// IpCidrRange: The IP address range, in CIDR format, represented by
 	// this public delegated prefix.
 	IpCidrRange string `json:"ipCidrRange,omitempty"`
 
@@ -43775,6 +45507,17 @@ type PublicDelegatedPrefix struct {
 	// compute#publicDelegatedPrefix for public delegated prefixes.
 	Kind string `json:"kind,omitempty"`
 
+	// Mode: The public delegated prefix mode for IPv6 only.
+	//
+	// Possible values:
+	//   "DELEGATION" - The public delegated prefix is used for further
+	// sub-delegation only. Such prefixes cannot set
+	// allocatablePrefixLength.
+	//   "IPV6_FORWARDING_RULE_CREATION" - The public delegated prefix is
+	// used for creating forwarding rules only. Such prefixes cannot set
+	// publicDelegatedSubPrefixes.
+	Mode string `json:"mode,omitempty"`
+
 	// Name: Name of the resource. Provided by the client when the resource
 	// is created. The name must be 1-63 characters long, and comply with
 	// RFC1035. Specifically, the name must be 1-63 characters long and
@@ -43830,18 +45573,19 @@ type PublicDelegatedPrefix struct {
 	// server.
 	googleapi.ServerResponse `json:"-"`
 
-	// ForceSendFields is a list of field names (e.g. "CreationTimestamp")
-	// to unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
+	// ForceSendFields is a list of field names (e.g.
+	// "AllocatablePrefixLength") to unconditionally include in API
+	// requests. By default, fields with empty or default values are omitted
+	// from API requests. However, any non-pointer, non-interface field
+	// appearing in ForceSendFields will be sent to the server regardless of
+	// whether the field is empty or not. This may be used to include empty
+	// fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "CreationTimestamp") to
-	// include in API requests with the JSON null value. By default, fields
-	// with empty values are omitted from API requests. However, any field
-	// with an empty value appearing in NullFields will be sent to the
+	// NullFields is a list of field names (e.g. "AllocatablePrefixLength")
+	// to include in API requests with the JSON null value. By default,
+	// fields with empty values are omitted from API requests. However, any
+	// field with an empty value appearing in NullFields will be sent to the
 	// server as null. It is an error if a field in this list has a
 	// non-empty value. This may be used to include null fields in Patch
 	// requests.
@@ -43940,6 +45684,9 @@ type PublicDelegatedPrefixAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -44129,6 +45876,9 @@ type PublicDelegatedPrefixListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -44239,6 +45989,10 @@ func (s *PublicDelegatedPrefixListWarningData) MarshalJSON() ([]byte, error) {
 // PublicDelegatedPrefixPublicDelegatedSubPrefix: Represents a sub
 // PublicDelegatedPrefix.
 type PublicDelegatedPrefixPublicDelegatedSubPrefix struct {
+	// AllocatablePrefixLength: The allocatable prefix length supported by
+	// this PublicDelegatedSubPrefix.
+	AllocatablePrefixLength int64 `json:"allocatablePrefixLength,omitempty"`
+
 	// DelegateeProject: Name of the project scoping this
 	// PublicDelegatedSubPrefix.
 	DelegateeProject string `json:"delegateeProject,omitempty"`
@@ -44247,7 +46001,7 @@ type PublicDelegatedPrefixPublicDelegatedSubPrefix struct {
 	// property when you create the resource.
 	Description string `json:"description,omitempty"`
 
-	// IpCidrRange: The IPv4 address range, in CIDR format, represented by
+	// IpCidrRange: The IP address range, in CIDR format, represented by
 	// this sub public delegated prefix.
 	IpCidrRange string `json:"ipCidrRange,omitempty"`
 
@@ -44255,6 +46009,17 @@ type PublicDelegatedPrefixPublicDelegatedSubPrefix struct {
 	// resources in the delegatee project.
 	IsAddress bool `json:"isAddress,omitempty"`
 
+	// Mode: The PublicDelegatedSubPrefix mode for IPv6 only.
+	//
+	// Possible values:
+	//   "DELEGATION" - The public delegated prefix is used for further
+	// sub-delegation only. Such prefixes cannot set
+	// allocatablePrefixLength.
+	//   "IPV6_FORWARDING_RULE_CREATION" - The public delegated prefix is
+	// used for creating forwarding rules only. Such prefixes cannot set
+	// publicDelegatedSubPrefixes.
+	Mode string `json:"mode,omitempty"`
+
 	// Name: The name of the sub public delegated prefix.
 	Name string `json:"name,omitempty"`
 
@@ -44269,18 +46034,19 @@ type PublicDelegatedPrefixPublicDelegatedSubPrefix struct {
 	//   "INACTIVE"
 	Status string `json:"status,omitempty"`
 
-	// ForceSendFields is a list of field names (e.g. "DelegateeProject") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
+	// ForceSendFields is a list of field names (e.g.
+	// "AllocatablePrefixLength") to unconditionally include in API
+	// requests. By default, fields with empty or default values are omitted
+	// from API requests. However, any non-pointer, non-interface field
+	// appearing in ForceSendFields will be sent to the server regardless of
+	// whether the field is empty or not. This may be used to include empty
+	// fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "DelegateeProject") to
-	// include in API requests with the JSON null value. By default, fields
-	// with empty values are omitted from API requests. However, any field
-	// with an empty value appearing in NullFields will be sent to the
+	// NullFields is a list of field names (e.g. "AllocatablePrefixLength")
+	// to include in API requests with the JSON null value. By default,
+	// fields with empty values are omitted from API requests. However, any
+	// field with an empty value appearing in NullFields will be sent to the
 	// server as null. It is an error if a field in this list has a
 	// non-empty value. This may be used to include null fields in Patch
 	// requests.
@@ -44357,6 +46123,9 @@ type PublicDelegatedPrefixesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -44641,6 +46410,9 @@ type QueuedResourceListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -45005,6 +46777,9 @@ type QueuedResourcesAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -45173,6 +46948,9 @@ type QueuedResourcesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -45401,11 +47179,15 @@ type Quota struct {
 	//   "NETWORK_ATTACHMENTS"
 	//   "NETWORK_ENDPOINT_GROUPS"
 	//   "NETWORK_FIREWALL_POLICIES"
+	//   "NET_LB_SECURITY_POLICIES_PER_REGION"
+	//   "NET_LB_SECURITY_POLICY_RULES_PER_REGION"
+	//   "NET_LB_SECURITY_POLICY_RULE_ATTRIBUTES_PER_REGION"
 	//   "NODE_GROUPS"
 	//   "NODE_TEMPLATES"
 	//   "NVIDIA_A100_80GB_GPUS"
 	//   "NVIDIA_A100_GPUS"
 	//   "NVIDIA_K80_GPUS"
+	//   "NVIDIA_L4_GPUS"
 	//   "NVIDIA_P100_GPUS"
 	//   "NVIDIA_P100_VWS_GPUS"
 	//   "NVIDIA_P4_GPUS"
@@ -45420,6 +47202,7 @@ type Quota struct {
 	//   "PREEMPTIBLE_NVIDIA_A100_80GB_GPUS"
 	//   "PREEMPTIBLE_NVIDIA_A100_GPUS"
 	//   "PREEMPTIBLE_NVIDIA_K80_GPUS"
+	//   "PREEMPTIBLE_NVIDIA_L4_GPUS"
 	//   "PREEMPTIBLE_NVIDIA_P100_GPUS"
 	//   "PREEMPTIBLE_NVIDIA_P100_VWS_GPUS"
 	//   "PREEMPTIBLE_NVIDIA_P4_GPUS"
@@ -45427,6 +47210,10 @@ type Quota struct {
 	//   "PREEMPTIBLE_NVIDIA_T4_GPUS"
 	//   "PREEMPTIBLE_NVIDIA_T4_VWS_GPUS"
 	//   "PREEMPTIBLE_NVIDIA_V100_GPUS"
+	//   "PREEMPTIBLE_TPU_LITE_DEVICE_V4"
+	//   "PREEMPTIBLE_TPU_LITE_DEVICE_V5"
+	//   "PREEMPTIBLE_TPU_LITE_PODSLICE_V5"
+	//   "PREEMPTIBLE_TPU_PODSLICE_V4"
 	//   "PRIVATE_V6_ACCESS_SUBNETWORKS"
 	//   "PSC_ILB_CONSUMER_FORWARDING_RULES_PER_PRODUCER_NETWORK"
 	//   "PSC_INTERNAL_LB_FORWARDING_RULES"
@@ -45445,6 +47232,7 @@ type Quota struct {
 	//   "ROUTES"
 	//   "SECURITY_POLICIES"
 	//   "SECURITY_POLICIES_PER_REGION"
+	//   "SECURITY_POLICY_ADVANCED_RULES_PER_REGION"
 	//   "SECURITY_POLICY_CEVAL_RULES"
 	//   "SECURITY_POLICY_RULES"
 	//   "SECURITY_POLICY_RULES_PER_REGION"
@@ -45466,6 +47254,10 @@ type Quota struct {
 	//   "TARGET_SSL_PROXIES"
 	//   "TARGET_TCP_PROXIES"
 	//   "TARGET_VPN_GATEWAYS"
+	//   "TPU_LITE_DEVICE_V4"
+	//   "TPU_LITE_DEVICE_V5"
+	//   "TPU_LITE_PODSLICE_V5"
+	//   "TPU_PODSLICE_V4"
 	//   "URL_MAPS"
 	//   "VPN_GATEWAYS"
 	//   "VPN_TUNNELS"
@@ -45524,6 +47316,10 @@ type QuotaExceededInfo struct {
 	// Dimensions: The map holding related quota dimensions.
 	Dimensions map[string]string `json:"dimensions,omitempty"`
 
+	// FutureLimit: Future quota limit being rolled out. The limit's unit
+	// depends on the quota type or metric.
+	FutureLimit float64 `json:"futureLimit,omitempty"`
+
 	// Limit: Current effective quota limit. The limit's unit depends on the
 	// quota type or metric.
 	Limit float64 `json:"limit,omitempty"`
@@ -45534,6 +47330,15 @@ type QuotaExceededInfo struct {
 	// MetricName: The Compute Engine quota metric name.
 	MetricName string `json:"metricName,omitempty"`
 
+	// RolloutStatus: Rollout status of the future quota limit.
+	//
+	// Possible values:
+	//   "IN_PROGRESS" - IN_PROGRESS - A rollout is in process which will
+	// change the limit value to future limit.
+	//   "ROLLOUT_STATUS_UNSPECIFIED" - ROLLOUT_STATUS_UNSPECIFIED - Rollout
+	// status is not specified. The default value.
+	RolloutStatus string `json:"rolloutStatus,omitempty"`
+
 	// ForceSendFields is a list of field names (e.g. "Dimensions") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
@@ -45560,13 +47365,15 @@ func (s *QuotaExceededInfo) MarshalJSON() ([]byte, error) {
 func (s *QuotaExceededInfo) UnmarshalJSON(data []byte) error {
 	type NoMethod QuotaExceededInfo
 	var s1 struct {
-		Limit gensupport.JSONFloat64 `json:"limit"`
+		FutureLimit gensupport.JSONFloat64 `json:"futureLimit"`
+		Limit       gensupport.JSONFloat64 `json:"limit"`
 		*NoMethod
 	}
 	s1.NoMethod = (*NoMethod)(s)
 	if err := json.Unmarshal(data, &s1); err != nil {
 		return err
 	}
+	s.FutureLimit = float64(s1.FutureLimit)
 	s.Limit = float64(s1.Limit)
 	return nil
 }
@@ -45841,6 +47648,9 @@ type RegionAutoscalerListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -46058,6 +47868,9 @@ type RegionDiskTypeListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -46285,37 +48098,6 @@ func (s *RegionDisksStartAsyncReplicationRequest) MarshalJSON() ([]byte, error)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-type RegionDisksStopAsyncReplicationRequest struct {
-	// AsyncSecondaryDisk: [Deprecated] The secondary disk to stop
-	// asynchronous replication to. This field will not be included in the
-	// beta or v1 APIs and will be removed from the alpha API in the near
-	// future.
-	AsyncSecondaryDisk string `json:"asyncSecondaryDisk,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "AsyncSecondaryDisk")
-	// to unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "AsyncSecondaryDisk") to
-	// include in API requests with the JSON null value. By default, fields
-	// with empty values are omitted from API requests. However, any field
-	// with an empty value appearing in NullFields will be sent to the
-	// server as null. It is an error if a field in this list has a
-	// non-empty value. This may be used to include null fields in Patch
-	// requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *RegionDisksStopAsyncReplicationRequest) MarshalJSON() ([]byte, error) {
-	type NoMethod RegionDisksStopAsyncReplicationRequest
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
 // RegionInstanceGroupList: Contains a list of InstanceGroup resources.
 type RegionInstanceGroupList struct {
 	// Id: [Output Only] Unique identifier for the resource; defined by the
@@ -46398,6 +48180,9 @@ type RegionInstanceGroupListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -46620,6 +48405,9 @@ type RegionInstanceGroupManagerListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -46837,45 +48625,44 @@ type RegionInstanceGroupManagersApplyUpdatesRequest struct {
 	//
 	// Possible values:
 	//   "NONE" - Do not perform any action.
-	//   "REFRESH" - Updates applied in runtime, instances will not be
-	// disrupted.
-	//   "REPLACE" - Old instances will be deleted. New instances will be
-	// created from the target template.
-	//   "RESTART" - Every instance will be restarted.
+	//   "REFRESH" - Do not stop the instance.
+	//   "REPLACE" - (Default.) Replace the instance according to the
+	// replacement method option.
+	//   "RESTART" - Stop the instance and start it again.
 	MaximalAction string `json:"maximalAction,omitempty"`
 
 	// MinimalAction: The minimal action that you want to perform on each
 	// instance during the update: - REPLACE: At minimum, delete the
 	// instance and create it again. - RESTART: Stop the instance and start
-	// it again. - REFRESH: Do not stop the instance. - NONE: Do not disrupt
-	// the instance at all. By default, the minimum action is NONE. If your
-	// update requires a more disruptive action than you set with this flag,
-	// the necessary action is performed to execute the update.
+	// it again. - REFRESH: Do not stop the instance and limit disruption as
+	// much as possible. - NONE: Do not disrupt the instance at all. By
+	// default, the minimum action is NONE. If your update requires a more
+	// disruptive action than you set with this flag, the necessary action
+	// is performed to execute the update.
 	//
 	// Possible values:
 	//   "NONE" - Do not perform any action.
-	//   "REFRESH" - Updates applied in runtime, instances will not be
-	// disrupted.
-	//   "REPLACE" - Old instances will be deleted. New instances will be
-	// created from the target template.
-	//   "RESTART" - Every instance will be restarted.
+	//   "REFRESH" - Do not stop the instance.
+	//   "REPLACE" - (Default.) Replace the instance according to the
+	// replacement method option.
+	//   "RESTART" - Stop the instance and start it again.
 	MinimalAction string `json:"minimalAction,omitempty"`
 
 	// MostDisruptiveAllowedAction: The most disruptive action that you want
 	// to perform on each instance during the update: - REPLACE: Delete the
 	// instance and create it again. - RESTART: Stop the instance and start
-	// it again. - REFRESH: Do not stop the instance. - NONE: Do not disrupt
-	// the instance at all. By default, the most disruptive allowed action
-	// is REPLACE. If your update requires a more disruptive action than you
-	// set with this flag, the update request will fail.
+	// it again. - REFRESH: Do not stop the instance and limit disruption as
+	// much as possible. - NONE: Do not disrupt the instance at all. By
+	// default, the most disruptive allowed action is REPLACE. If your
+	// update requires a more disruptive action than you set with this flag,
+	// the update request will fail.
 	//
 	// Possible values:
 	//   "NONE" - Do not perform any action.
-	//   "REFRESH" - Updates applied in runtime, instances will not be
-	// disrupted.
-	//   "REPLACE" - Old instances will be deleted. New instances will be
-	// created from the target template.
-	//   "RESTART" - Every instance will be restarted.
+	//   "REFRESH" - Do not stop the instance.
+	//   "REPLACE" - (Default.) Replace the instance according to the
+	// replacement method option.
+	//   "RESTART" - Stop the instance and start it again.
 	MostDisruptiveAllowedAction string `json:"mostDisruptiveAllowedAction,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g. "AllInstances") to
@@ -47086,6 +48873,9 @@ type RegionInstanceGroupManagersListInstanceConfigsRespWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -47607,6 +49397,9 @@ type RegionInstanceGroupsListInstancesWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -47897,6 +49690,9 @@ type RegionListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -48321,6 +50117,14 @@ type Reservation struct {
 	// format.
 	CreationTimestamp string `json:"creationTimestamp,omitempty"`
 
+	// DeleteAfterDuration: Duration time relative to reservation creation
+	// when GCE will automatically delete this resource.
+	DeleteAfterDuration *Duration `json:"deleteAfterDuration,omitempty"`
+
+	// DeleteAtTime: Absolute time in future when the reservation will be
+	// auto-deleted by GCE. Timestamp is represented in RFC3339 text format.
+	DeleteAtTime string `json:"deleteAtTime,omitempty"`
+
 	// Description: An optional description of this resource. Provide this
 	// property when you create the resource.
 	Description string `json:"description,omitempty"`
@@ -48439,6 +50243,10 @@ type ReservationAffinity struct {
 	// reservation, but still consume any reservation available if the
 	// specified reservation is not available or exhausted. Must specify key
 	// value fields for specifying the reservations.
+	//   "SPECIFIC_THEN_NO_RESERVATION" - Prefer to consume from a specific
+	// reservation, but still consume from the on-demand pool if the
+	// specified reservation is exhausted. Must specify key value fields for
+	// specifying the reservations.
 	//   "UNSPECIFIED"
 	ConsumeReservationType string `json:"consumeReservationType,omitempty"`
 
@@ -48565,6 +50373,9 @@ type ReservationAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -48753,6 +50564,9 @@ type ReservationListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -48949,6 +50763,9 @@ type ReservationsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -49193,6 +51010,9 @@ type ResourcePoliciesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -49488,6 +51308,9 @@ type ResourcePolicyAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -49772,7 +51595,7 @@ type ResourcePolicyInstanceSchedulePolicy struct {
 
 	// TimeZone: Specifies the time zone to be used in interpreting
 	// Schedule.schedule. The value of this field must be a time zone name
-	// from the tz database: http://en.wikipedia.org/wiki/Tz_database.
+	// from the tz database: https://wikipedia.org/wiki/Tz_database.
 	TimeZone string `json:"timeZone,omitempty"`
 
 	// VmStartSchedule: Specifies the schedule for starting instances.
@@ -49919,6 +51742,9 @@ type ResourcePolicyListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -50442,8 +52268,6 @@ type ResourceStatus struct {
 	// instance.serviceIntegrationSpecs.
 	ServiceIntegrationStatuses map[string]ResourceStatusServiceIntegrationStatus `json:"serviceIntegrationStatuses,omitempty"`
 
-	UpcomingMaintenance *ResourceStatusUpcomingMaintenance `json:"upcomingMaintenance,omitempty"`
-
 	// ForceSendFields is a list of field names (e.g. "PhysicalHost") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
@@ -50585,34 +52409,6 @@ func (s *ResourceStatusServiceIntegrationStatusBackupDRStatus) MarshalJSON() ([]
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-type ResourceStatusUpcomingMaintenance struct {
-	// CanReschedule: Indicates if the maintenance can be customer
-	// triggered. See go/sf-ctm-design for more details
-	CanReschedule bool `json:"canReschedule,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "CanReschedule") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "CanReschedule") to include
-	// in API requests with the JSON null value. By default, fields with
-	// empty values are omitted from API requests. However, any field with
-	// an empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *ResourceStatusUpcomingMaintenance) MarshalJSON() ([]byte, error) {
-	type NoMethod ResourceStatusUpcomingMaintenance
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
 // RolloutPolicy: A rollout policy configuration.
 type RolloutPolicy struct {
 	// DefaultRolloutTime: An optional RFC3339 timestamp on or after which
@@ -50722,6 +52518,10 @@ type Route struct {
 	// project/global/gateways/default-internet-gateway
 	NextHopGateway string `json:"nextHopGateway,omitempty"`
 
+	// NextHopHub: [Output Only] The full resource name of the Network
+	// Connectivity Center hub that will handle matching packets.
+	NextHopHub string `json:"nextHopHub,omitempty"`
+
 	// NextHopIlb: The URL to a forwarding rule of type
 	// loadBalancingScheme=INTERNAL that should handle matching packets or
 	// the IP address of the forwarding Rule. For example, the following are
@@ -50863,6 +52663,9 @@ type RouteWarnings struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -51094,6 +52897,9 @@ type RouteListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -51413,6 +53219,9 @@ type RouterAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -51557,6 +53366,13 @@ type RouterBgp struct {
 	// have the same local ASN.
 	Asn int64 `json:"asn,omitempty"`
 
+	// IdentifierRange: Explicitly specifies a range of valid BGP
+	// Identifiers for this Router. It is provided as a link-local IPv4
+	// range (from 169.254.0.0/16), of size at least /30, even if the BGP
+	// sessions are over IPv6. It must not overlap with any IPv4 BGP session
+	// ranges. Other vendors commonly call this "router ID".
+	IdentifierRange string `json:"identifierRange,omitempty"`
+
 	// KeepaliveInterval: The interval in seconds between BGP keepalive
 	// messages that are sent to the peer. Hold time is three times the
 	// interval at which keepalive messages are sent, and the hold time is
@@ -51600,9 +53416,9 @@ type RouterBgpPeer struct {
 	AdvertiseMode string `json:"advertiseMode,omitempty"`
 
 	// AdvertisedGroups: User-specified list of prefix groups to advertise
-	// in custom mode, which can take one of the following options: -
-	// ALL_SUBNETS: Advertises all available subnets, including peer VPC
-	// subnets. - ALL_VPC_SUBNETS: Advertises the router's own VPC subnets.
+	// in custom mode, which currently supports the following option: -
+	// ALL_SUBNETS: Advertises all of the router's own VPC subnets. This
+	// excludes any routes learned for subnets that use VPC Network Peering.
 	// Note that this field can only be populated if advertise_mode is
 	// CUSTOM and overrides the list defined for the router (in the "bgp"
 	// message). These groups are advertised in addition to any specified
@@ -51632,14 +53448,15 @@ type RouterBgpPeer struct {
 	// Bfd: BFD configuration for the BGP peering.
 	Bfd *RouterBgpPeerBfd `json:"bfd,omitempty"`
 
-	// CustomLearnedIpRanges: User-defined Custom Learned Route IP range
-	// list for a BGP session.
+	// CustomLearnedIpRanges: A list of user-defined custom learned route IP
+	// address ranges for a BGP session.
 	CustomLearnedIpRanges []*RouterBgpPeerCustomLearnedIpRange `json:"customLearnedIpRanges,omitempty"`
 
-	// CustomLearnedRoutePriority: User-defined Custom Learned Route
-	// Priority for a BGP session. This will be applied to all Custom
-	// Learned Route ranges of the BGP session, if not given, google-managed
-	// priority of 100 is used.
+	// CustomLearnedRoutePriority: The user-defined custom learned route
+	// priority for a BGP session. This value is applied to all custom
+	// learned route ranges for the session. You can choose a value from `0`
+	// to `65335`. If you don't provide a value, Google Cloud assigns a
+	// priority of `100` to the ranges.
 	CustomLearnedRoutePriority int64 `json:"customLearnedRoutePriority,omitempty"`
 
 	// Enable: The status of the BGP peer connection. If set to FALSE, any
@@ -51652,6 +53469,10 @@ type RouterBgpPeer struct {
 	//   "TRUE"
 	Enable string `json:"enable,omitempty"`
 
+	// EnableIpv4: Enable IPv4 traffic over BGP Peer. It is enabled by
+	// default if the peerIpAddress is version 4.
+	EnableIpv4 bool `json:"enableIpv4,omitempty"`
+
 	// EnableIpv6: Enable IPv6 traffic over BGP Peer. If not specified, it
 	// is disabled by default.
 	EnableIpv6 bool `json:"enableIpv6,omitempty"`
@@ -51663,6 +53484,10 @@ type RouterBgpPeer struct {
 	// Only IPv4 is supported.
 	IpAddress string `json:"ipAddress,omitempty"`
 
+	// Ipv4NexthopAddress: IPv4 address of the interface inside Google Cloud
+	// Platform.
+	Ipv4NexthopAddress string `json:"ipv4NexthopAddress,omitempty"`
+
 	// Ipv6NexthopAddress: IPv6 address of the interface inside Google Cloud
 	// Platform.
 	Ipv6NexthopAddress string `json:"ipv6NexthopAddress,omitempty"`
@@ -51710,6 +53535,10 @@ type RouterBgpPeer struct {
 	// Platform. Only IPv4 is supported.
 	PeerIpAddress string `json:"peerIpAddress,omitempty"`
 
+	// PeerIpv4NexthopAddress: IPv4 address of the BGP interface outside
+	// Google Cloud Platform.
+	PeerIpv4NexthopAddress string `json:"peerIpv4NexthopAddress,omitempty"`
+
 	// PeerIpv6NexthopAddress: IPv6 address of the BGP interface outside
 	// Google Cloud Platform.
 	PeerIpv6NexthopAddress string `json:"peerIpv6NexthopAddress,omitempty"`
@@ -51839,10 +53668,10 @@ func (s *RouterBgpPeerBfd) MarshalJSON() ([]byte, error) {
 }
 
 type RouterBgpPeerCustomLearnedIpRange struct {
-	// Range: The Custom Learned Route IP range. Must be a valid
-	// CIDR-formatted prefix. If an IP is provided without a subnet mask, it
-	// is interpreted as a /32 singular IP range for IPv4, and /128 for
-	// IPv6.
+	// Range: The custom learned route IP address range. Must be a valid
+	// CIDR-formatted prefix. If an IP address is provided without a subnet
+	// mask, it is interpreted as, for IPv4, a `/32` singular IP address
+	// range, and, for IPv6, `/128`.
 	Range string `json:"range,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g. "Range") to
@@ -51876,6 +53705,13 @@ type RouterInterface struct {
 	// interface.
 	IpRange string `json:"ipRange,omitempty"`
 
+	// IpVersion: IP version of this interface.
+	//
+	// Possible values:
+	//   "IPV4"
+	//   "IPV6"
+	IpVersion string `json:"ipVersion,omitempty"`
+
 	// LinkedInterconnectAttachment: URI of the linked Interconnect
 	// attachment. It must be in the same region as the router. Each
 	// interface can have one linked resource, which can be a VPN tunnel, an
@@ -52048,6 +53884,9 @@ type RouterListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -52299,10 +54138,9 @@ type RouterNat struct {
 	// in every Subnetwork are allowed to Nat. - LIST_OF_SUBNETWORKS: A list
 	// of Subnetworks are allowed to Nat (specified in the field subnetwork
 	// below) The default is SUBNETWORK_IP_RANGE_TO_NAT_OPTION_UNSPECIFIED.
-	// Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES or
-	// ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any
-	// other Router.Nat section in any Router for this network in this
-	// region.
+	// Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES then
+	// there should not be any other Router.Nat section in any Router for
+	// this network in this region.
 	//
 	// Possible values:
 	//   "ALL_SUBNETWORKS_ALL_IP_RANGES" - All the IP ranges in every
@@ -52914,6 +54752,9 @@ type RoutersScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -53427,6 +55268,12 @@ type Scheduling struct {
 	// preemptible option is also set.
 	LatencyTolerant bool `json:"latencyTolerant,omitempty"`
 
+	// LocalSsdRecoveryTimeout: Specifies the maximum amount of time a Local
+	// Ssd Vm should wait while recovery of the Local Ssd state is
+	// attempted. Its value should be in between 0 and 168 hours with hour
+	// granularity and the default value being 1 hour.
+	LocalSsdRecoveryTimeout *Duration `json:"localSsdRecoveryTimeout,omitempty"`
+
 	// LocationHint: An opaque location hint used to place the instance
 	// close to other resources. This field is for use by internal tools
 	// that use the public API.
@@ -53440,6 +55287,10 @@ type Scheduling struct {
 	// events. The accepted values are: `PERIODIC`.
 	//
 	// Possible values:
+	//   "AS_NEEDED" - VMs are eligible to receive infrastructure and
+	// hypervisor updates as they become available. This may result in more
+	// maintenance operations (live migrations or terminations) for the VM
+	// than the PERIODIC and RECURRENT options.
 	//   "PERIODIC" - VMs receive infrastructure and hypervisor updates on a
 	// periodic basis, minimizing the number of maintenance operations (live
 	// migrations or terminations) on an individual VM. This may mean a VM
@@ -53721,6 +55572,9 @@ type SecurityPoliciesAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -53921,6 +55775,9 @@ type SecurityPoliciesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -54312,19 +56169,27 @@ func (s *SecurityPolicyAdaptiveProtectionConfigAutoDeployConfig) UnmarshalJSON(d
 }
 
 // SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfig:
-// Configuration options for L7 DDoS detection.
+// Configuration options for L7 DDoS detection. This field is only
+// supported in Global Security Policies of type CLOUD_ARMOR.
 type SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfig struct {
-	// Enable: If set to true, enables CAAP for L7 DDoS detection.
+	// Enable: If set to true, enables CAAP for L7 DDoS detection. This
+	// field is only supported in Global Security Policies of type
+	// CLOUD_ARMOR.
 	Enable bool `json:"enable,omitempty"`
 
 	// RuleVisibility: Rule visibility can be one of the following: STANDARD
-	// - opaque rules. (default) PREMIUM - transparent rules.
+	// - opaque rules. (default) PREMIUM - transparent rules. This field is
+	// only supported in Global Security Policies of type CLOUD_ARMOR.
 	//
 	// Possible values:
 	//   "PREMIUM"
 	//   "STANDARD"
 	RuleVisibility string `json:"ruleVisibility,omitempty"`
 
+	// ThresholdConfigs: Configuration options for layer7 adaptive
+	// protection for various customizable thresholds.
+	ThresholdConfigs []*SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfig `json:"thresholdConfigs,omitempty"`
+
 	// ForceSendFields is a list of field names (e.g. "Enable") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
@@ -54348,6 +56213,62 @@ func (s *SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfig) MarshalJ
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+type SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfig struct {
+	AutoDeployConfidenceThreshold float64 `json:"autoDeployConfidenceThreshold,omitempty"`
+
+	AutoDeployExpirationSec int64 `json:"autoDeployExpirationSec,omitempty"`
+
+	AutoDeployImpactedBaselineThreshold float64 `json:"autoDeployImpactedBaselineThreshold,omitempty"`
+
+	AutoDeployLoadThreshold float64 `json:"autoDeployLoadThreshold,omitempty"`
+
+	// Name: The name must be 1-63 characters long, and comply with RFC1035.
+	// The name must be unique within the security policy.
+	Name string `json:"name,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g.
+	// "AutoDeployConfidenceThreshold") to unconditionally include in API
+	// requests. By default, fields with empty or default values are omitted
+	// from API requests. However, any non-pointer, non-interface field
+	// appearing in ForceSendFields will be sent to the server regardless of
+	// whether the field is empty or not. This may be used to include empty
+	// fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g.
+	// "AutoDeployConfidenceThreshold") to include in API requests with the
+	// JSON null value. By default, fields with empty values are omitted
+	// from API requests. However, any field with an empty value appearing
+	// in NullFields will be sent to the server as null. It is an error if a
+	// field in this list has a non-empty value. This may be used to include
+	// null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfig) MarshalJSON() ([]byte, error) {
+	type NoMethod SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfig
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+func (s *SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfig) UnmarshalJSON(data []byte) error {
+	type NoMethod SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfig
+	var s1 struct {
+		AutoDeployConfidenceThreshold       gensupport.JSONFloat64 `json:"autoDeployConfidenceThreshold"`
+		AutoDeployImpactedBaselineThreshold gensupport.JSONFloat64 `json:"autoDeployImpactedBaselineThreshold"`
+		AutoDeployLoadThreshold             gensupport.JSONFloat64 `json:"autoDeployLoadThreshold"`
+		*NoMethod
+	}
+	s1.NoMethod = (*NoMethod)(s)
+	if err := json.Unmarshal(data, &s1); err != nil {
+		return err
+	}
+	s.AutoDeployConfidenceThreshold = float64(s1.AutoDeployConfidenceThreshold)
+	s.AutoDeployImpactedBaselineThreshold = float64(s1.AutoDeployImpactedBaselineThreshold)
+	s.AutoDeployLoadThreshold = float64(s1.AutoDeployLoadThreshold)
+	return nil
+}
+
 type SecurityPolicyAdvancedOptionsConfig struct {
 	// JsonCustomConfig: Custom configuration to apply the JSON parsing.
 	// Only applicable when json_parsing is set to STANDARD.
@@ -54356,6 +56277,7 @@ type SecurityPolicyAdvancedOptionsConfig struct {
 	// Possible values:
 	//   "DISABLED"
 	//   "STANDARD"
+	//   "STANDARD_WITH_GRAPHQL"
 	JsonParsing string `json:"jsonParsing,omitempty"`
 
 	// Possible values:
@@ -54363,6 +56285,10 @@ type SecurityPolicyAdvancedOptionsConfig struct {
 	//   "VERBOSE"
 	LogLevel string `json:"logLevel,omitempty"`
 
+	// UserIpRequestHeaders: An optional list of case-insensitive request
+	// header names to use for resolving the callers client IP address.
+	UserIpRequestHeaders []string `json:"userIpRequestHeaders,omitempty"`
+
 	// ForceSendFields is a list of field names (e.g. "JsonCustomConfig") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
@@ -54493,6 +56419,7 @@ func (s *SecurityPolicyCloudArmorConfig) MarshalJSON() ([]byte, error) {
 type SecurityPolicyDdosProtectionConfig struct {
 	// Possible values:
 	//   "ADVANCED"
+	//   "ADVANCED_PREVIEW"
 	//   "STANDARD"
 	DdosProtection string `json:"ddosProtection,omitempty"`
 
@@ -54604,6 +56531,9 @@ type SecurityPolicyListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -54717,7 +56647,8 @@ type SecurityPolicyRecaptchaOptionsConfig struct {
 	// GOOGLE_RECAPTCHA under the security policy. The specified site key
 	// needs to be created from the reCAPTCHA API. The user is responsible
 	// for the validity of the specified site key. If not specified, a
-	// Google-managed site key is used.
+	// Google-managed site key is used. This field is only supported in
+	// Global Security Policies of type CLOUD_ARMOR.
 	RedirectSiteKey string `json:"redirectSiteKey,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g. "RedirectSiteKey") to
@@ -54785,10 +56716,11 @@ type SecurityPolicyRule struct {
 	// rate_limit_options to be set. - redirect: redirect to a different
 	// target. This can either be an internal reCAPTCHA redirect, or an
 	// external URL-based redirect via a 302 response. Parameters for this
-	// action can be configured via redirectOptions. - throttle: limit
-	// client traffic to the configured threshold. Configure parameters for
-	// this action in rateLimitOptions. Requires rate_limit_options to be
-	// set for this.
+	// action can be configured via redirectOptions. This action is only
+	// supported in Global Security Policies of type CLOUD_ARMOR. -
+	// throttle: limit client traffic to the configured threshold. Configure
+	// parameters for this action in rateLimitOptions. Requires
+	// rate_limit_options to be set for this.
 	Action string `json:"action,omitempty"`
 
 	// Description: An optional description of this resource. Provide this
@@ -54812,7 +56744,8 @@ type SecurityPolicyRule struct {
 	EnableLogging bool `json:"enableLogging,omitempty"`
 
 	// HeaderAction: Optional, additional actions that are performed on
-	// headers.
+	// headers. This field is only supported in Global Security Policies of
+	// type CLOUD_ARMOR.
 	HeaderAction *SecurityPolicyRuleHttpHeaderAction `json:"headerAction,omitempty"`
 
 	// Kind: [Output only] Type of the resource. Always
@@ -54868,7 +56801,8 @@ type SecurityPolicyRule struct {
 	RateLimitOptions *SecurityPolicyRuleRateLimitOptions `json:"rateLimitOptions,omitempty"`
 
 	// RedirectOptions: Parameters defining the redirect action. Cannot be
-	// specified for any other actions.
+	// specified for any other actions. This field is only supported in
+	// Global Security Policies of type CLOUD_ARMOR.
 	RedirectOptions *SecurityPolicyRuleRedirectOptions `json:"redirectOptions,omitempty"`
 
 	// RedirectTarget: This must be specified for redirect actions. Cannot
@@ -54880,8 +56814,9 @@ type SecurityPolicyRule struct {
 	// requiredManagedProtectionTiers instead.
 	//
 	// Possible values:
-	//   "NONE" - Standard protection.
-	//   "PLUS" - Plus tier protection.
+	//   "CAMP_PLUS_ANNUAL" - Plus tier protection annual.
+	//   "CAMP_PLUS_MONTHLY" - Plus tier protection monthly.
+	//   "CA_STANDARD" - Standard protection.
 	RuleManagedProtectionTier string `json:"ruleManagedProtectionTier,omitempty"`
 
 	// RuleNumber: Identifier for the rule. This is only unique within the
@@ -55001,9 +56936,19 @@ type SecurityPolicyRuleMatcher struct {
 
 	// Expr: User defined CEVAL expression. A CEVAL expression is used to
 	// specify match criteria such as origin.ip, source.region_code and
-	// contents in the request header.
+	// contents in the request header. Expressions containing
+	// `evaluateThreatIntelligence` require Cloud Armor Managed Protection
+	// Plus tier and are not supported in Edge Policies nor in Regional
+	// Policies. Expressions containing
+	// `evaluatePreconfiguredExpr('sourceiplist-*')` require Cloud Armor
+	// Managed Protection Plus tier and are only supported in Global
+	// Security Policies.
 	Expr *Expr `json:"expr,omitempty"`
 
+	// ExprOptions: The configuration options available when specifying a
+	// user defined CEVAL expression (i.e., 'expr').
+	ExprOptions *SecurityPolicyRuleMatcherExprOptions `json:"exprOptions,omitempty"`
+
 	// VersionedExpr: Preconfigured versioned expression. If this field is
 	// specified, config must also be specified. Available preconfigured
 	// expressions along with their requirements are: SRC_IPS_V1 - must
@@ -55156,6 +57101,73 @@ func (s *SecurityPolicyRuleMatcherConfigLayer4Config) MarshalJSON() ([]byte, err
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+type SecurityPolicyRuleMatcherExprOptions struct {
+	// RecaptchaOptions: reCAPTCHA configuration options to be applied for
+	// the rule. If the rule does not evaluate reCAPTCHA tokens, this field
+	// will have no effect.
+	RecaptchaOptions *SecurityPolicyRuleMatcherExprOptionsRecaptchaOptions `json:"recaptchaOptions,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "RecaptchaOptions") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "RecaptchaOptions") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *SecurityPolicyRuleMatcherExprOptions) MarshalJSON() ([]byte, error) {
+	type NoMethod SecurityPolicyRuleMatcherExprOptions
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type SecurityPolicyRuleMatcherExprOptionsRecaptchaOptions struct {
+	// ActionTokenSiteKeys: A list of site keys to be used during the
+	// validation of reCAPTCHA action-tokens. The provided site keys need to
+	// be created from reCAPTCHA API under the same project where the
+	// security policy is created.
+	ActionTokenSiteKeys []string `json:"actionTokenSiteKeys,omitempty"`
+
+	// SessionTokenSiteKeys: A list of site keys to be used during the
+	// validation of reCAPTCHA session-tokens. The provided site keys need
+	// to be created from reCAPTCHA API under the same project where the
+	// security policy is created.
+	SessionTokenSiteKeys []string `json:"sessionTokenSiteKeys,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "ActionTokenSiteKeys")
+	// to unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "ActionTokenSiteKeys") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *SecurityPolicyRuleMatcherExprOptionsRecaptchaOptions) MarshalJSON() ([]byte, error) {
+	type NoMethod SecurityPolicyRuleMatcherExprOptionsRecaptchaOptions
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 // SecurityPolicyRuleNetworkMatcher: Represents a match condition that
 // incoming network traffic is evaluated against.
 type SecurityPolicyRuleNetworkMatcher struct {
@@ -55443,7 +57455,8 @@ type SecurityPolicyRuleRateLimitOptions struct {
 	// response code, or redirect to a different endpoint. Valid options are
 	// `deny(STATUS)`, where valid values for `STATUS` are 403, 404, 429,
 	// and 502, and `redirect`, where the redirect parameters come from
-	// `exceedRedirectOptions` below.
+	// `exceedRedirectOptions` below. The `redirect` action is only
+	// supported in Global Security Policies of type CLOUD_ARMOR.
 	ExceedAction string `json:"exceedAction,omitempty"`
 
 	// ExceedActionRpcStatus: Specified gRPC response status for proxyless
@@ -55452,7 +57465,8 @@ type SecurityPolicyRuleRateLimitOptions struct {
 
 	// ExceedRedirectOptions: Parameters defining the redirect action that
 	// is used as the exceed action. Cannot be specified if the exceed
-	// action is not redirect.
+	// action is not redirect. This field is only supported in Global
+	// Security Policies of type CLOUD_ARMOR.
 	ExceedRedirectOptions *SecurityPolicyRuleRedirectOptions `json:"exceedRedirectOptions,omitempty"`
 
 	// RateLimitThreshold: Threshold at which to begin ratelimiting.
@@ -55731,7 +57745,7 @@ type SecuritySettings struct {
 	// should authenticate with this service's backends. clientTlsPolicy
 	// only applies to a global BackendService with the loadBalancingScheme
 	// set to INTERNAL_SELF_MANAGED. If left blank, communications are not
-	// encrypted. Note: This field currently has no impact.
+	// encrypted.
 	ClientTlsPolicy string `json:"clientTlsPolicy,omitempty"`
 
 	// ClientTlsSettings: [Deprecated] TLS Settings for the backend service.
@@ -55749,8 +57763,7 @@ type SecuritySettings struct {
 	// Public Key Infrastructure which provisions server identities. Only
 	// applies to a global BackendService with loadBalancingScheme set to
 	// INTERNAL_SELF_MANAGED. Only applies when BackendService has an
-	// attached clientTlsPolicy with clientCertificate (mTLS mode). Note:
-	// This field currently has no impact.
+	// attached clientTlsPolicy with clientCertificate (mTLS mode).
 	SubjectAltNames []string `json:"subjectAltNames,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g. "Authentication") to
@@ -55947,7 +57960,7 @@ func (s *ServiceAccount) MarshalJSON() ([]byte, error) {
 // attachment represents a service that a producer has exposed. It
 // encapsulates the load balancer which fronts the service runs and a
 // list of NAT IP ranges that the producers uses to represent the
-// consumers connecting to the service. next tag = 20
+// consumers connecting to the service.
 type ServiceAttachment struct {
 	// ConnectedEndpoints: [Output Only] An array of connections for all the
 	// consumers connected to this service attachment.
@@ -56032,6 +58045,18 @@ type ServiceAttachment struct {
 	// the PSC service attachment.
 	PscServiceAttachmentId *Uint128 `json:"pscServiceAttachmentId,omitempty"`
 
+	// ReconcileConnections: This flag determines whether a consumer
+	// accept/reject list change can reconcile the statuses of existing
+	// ACCEPTED or REJECTED PSC endpoints. - If false, connection policy
+	// update will only affect existing PENDING PSC endpoints. Existing
+	// ACCEPTED/REJECTED endpoints will remain untouched regardless how the
+	// connection policy is modified . - If true, update will affect both
+	// PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED
+	// PSC endpoint will be moved to REJECTED if its project is added to the
+	// reject list. For newly created service attachment, this boolean
+	// defaults to true.
+	ReconcileConnections bool `json:"reconcileConnections,omitempty"`
+
 	// Region: [Output Only] URL of the region where the service attachment
 	// resides. This field applies only to the region resource. You must
 	// specify this field as part of the HTTP request URL. It is not
@@ -56159,6 +58184,9 @@ type ServiceAttachmentAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -56269,6 +58297,9 @@ func (s *ServiceAttachmentAggregatedListWarningData) MarshalJSON() ([]byte, erro
 // ServiceAttachmentConnectedEndpoint: [Output Only] A connection
 // connected to this service attachment.
 type ServiceAttachmentConnectedEndpoint struct {
+	// ConsumerNetwork: The url of the consumer network.
+	ConsumerNetwork string `json:"consumerNetwork,omitempty"`
+
 	// Endpoint: The url of a connected endpoint.
 	Endpoint string `json:"endpoint,omitempty"`
 
@@ -56290,7 +58321,7 @@ type ServiceAttachmentConnectedEndpoint struct {
 	//   "STATUS_UNSPECIFIED"
 	Status string `json:"status,omitempty"`
 
-	// ForceSendFields is a list of field names (e.g. "Endpoint") to
+	// ForceSendFields is a list of field names (e.g. "ConsumerNetwork") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
 	// non-pointer, non-interface field appearing in ForceSendFields will be
@@ -56298,12 +58329,13 @@ type ServiceAttachmentConnectedEndpoint struct {
 	// This may be used to include empty fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "Endpoint") to include in
-	// API requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
+	// NullFields is a list of field names (e.g. "ConsumerNetwork") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
 	NullFields []string `json:"-"`
 }
 
@@ -56430,6 +58462,9 @@ type ServiceAttachmentListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -56599,6 +58634,9 @@ type ServiceAttachmentsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -56766,6 +58804,81 @@ func (s *ServiceIntegrationSpecBackupDRSpec) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+type SetCommonInstanceMetadataOperationMetadata struct {
+	// ClientOperationId: [Output Only] The client operation id.
+	ClientOperationId string `json:"clientOperationId,omitempty"`
+
+	// PerLocationOperations: [Output Only] Status information per location
+	// (location name is key). Example key: zones/us-central1-a
+	PerLocationOperations map[string]SetCommonInstanceMetadataOperationMetadataPerLocationOperationInfo `json:"perLocationOperations,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "ClientOperationId")
+	// to unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "ClientOperationId") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *SetCommonInstanceMetadataOperationMetadata) MarshalJSON() ([]byte, error) {
+	type NoMethod SetCommonInstanceMetadataOperationMetadata
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type SetCommonInstanceMetadataOperationMetadataPerLocationOperationInfo struct {
+	// Error: [Output Only] If state is `ABANDONED` or `FAILED`, this field
+	// is populated.
+	Error *Status `json:"error,omitempty"`
+
+	// State: [Output Only] Status of the action, which can be one of the
+	// following: `PROPAGATING`, `PROPAGATED`, `ABANDONED`, `FAILED`, or
+	// `DONE`.
+	//
+	// Possible values:
+	//   "ABANDONED" - Operation not tracked in this location e.g. zone is
+	// marked as DOWN.
+	//   "DONE" - Operation has completed successfully.
+	//   "FAILED" - Operation is in an error state.
+	//   "PROPAGATED" - Operation is confirmed to be in the location.
+	//   "PROPAGATING" - Operation is not yet confirmed to have been created
+	// in the location.
+	//   "UNSPECIFIED"
+	State string `json:"state,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Error") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Error") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *SetCommonInstanceMetadataOperationMetadataPerLocationOperationInfo) MarshalJSON() ([]byte, error) {
+	type NoMethod SetCommonInstanceMetadataOperationMetadataPerLocationOperationInfo
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 // ShareSettings: The share setting for reservations and sole tenancy
 // node groups.
 type ShareSettings struct {
@@ -57258,6 +59371,11 @@ type Snapshot struct {
 	// snapshot to a disk.
 	DownloadBytes int64 `json:"downloadBytes,omitempty,string"`
 
+	// EnableConfidentialCompute: Whether this snapshot is created from a
+	// confidential compute mode disk. [Output Only]: This field is not set
+	// by user, but from source disk.
+	EnableConfidentialCompute bool `json:"enableConfidentialCompute,omitempty"`
+
 	// GuestFlush: [Input Only] Whether to attempt an application consistent
 	// snapshot by informing the OS to prepare for the snapshot process.
 	GuestFlush bool `json:"guestFlush,omitempty"`
@@ -57354,6 +59472,10 @@ type Snapshot struct {
 	// customer-supplied encryption key.
 	SourceDiskEncryptionKey *CustomerEncryptionKey `json:"sourceDiskEncryptionKey,omitempty"`
 
+	// SourceDiskForRecoveryCheckpoint: The source disk whose recovery
+	// checkpoint will be used to create this snapshot.
+	SourceDiskForRecoveryCheckpoint string `json:"sourceDiskForRecoveryCheckpoint,omitempty"`
+
 	// SourceDiskId: [Output Only] The ID value of the disk used to create
 	// this snapshot. This value may be used to determine whether the
 	// snapshot was taken from the current or a previous instance of a given
@@ -57369,6 +59491,10 @@ type Snapshot struct {
 	// zones/zone/instantSnapshots/instantSnapshot
 	SourceInstantSnapshot string `json:"sourceInstantSnapshot,omitempty"`
 
+	// SourceInstantSnapshotEncryptionKey: Customer provided encryption key
+	// when creating Snapshot from Instant Snapshot.
+	SourceInstantSnapshotEncryptionKey *CustomerEncryptionKey `json:"sourceInstantSnapshotEncryptionKey,omitempty"`
+
 	// SourceInstantSnapshotId: [Output Only] The unique ID of the instant
 	// snapshot used to create this snapshot. This value identifies the
 	// exact instant snapshot that was used to create this persistent disk.
@@ -57529,6 +59655,9 @@ type SnapshotListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -57636,6 +59765,112 @@ func (s *SnapshotListWarningData) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+type SnapshotSettings struct {
+	// StorageLocation: Policy of which storage location is going to be
+	// resolved, and additional data that particularizes how the policy is
+	// going to be carried out.
+	StorageLocation *SnapshotSettingsStorageLocationSettings `json:"storageLocation,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "StorageLocation") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "StorageLocation") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *SnapshotSettings) MarshalJSON() ([]byte, error) {
+	type NoMethod SnapshotSettings
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type SnapshotSettingsStorageLocationSettings struct {
+	// Locations: When the policy is SPECIFIC_LOCATIONS, snapshots will be
+	// stored in the locations listed in this field. Keys are GCS bucket
+	// locations.
+	Locations map[string]SnapshotSettingsStorageLocationSettingsStorageLocationPreference `json:"locations,omitempty"`
+
+	// Policy: The chosen location policy.
+	//
+	// Possible values:
+	//   "LOCAL_REGION" - Store snapshot in the same region as with the
+	// originating disk. No additional parameters are needed.
+	//   "NEAREST_MULTI_REGION" - Store snapshot to the nearest multi region
+	// GCS bucket, relative to the originating disk. No additional
+	// parameters are needed.
+	//   "SPECIFIC_LOCATIONS" - Store snapshot in the specific locations, as
+	// specified by the user. The list of regions to store must be defined
+	// under the `locations` field.
+	//   "STORAGE_LOCATION_POLICY_UNSPECIFIED"
+	Policy string `json:"policy,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Locations") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Locations") to include in
+	// API requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *SnapshotSettingsStorageLocationSettings) MarshalJSON() ([]byte, error) {
+	type NoMethod SnapshotSettingsStorageLocationSettings
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// SnapshotSettingsStorageLocationSettingsStorageLocationPreference: A
+// structure for specifying storage locations.
+type SnapshotSettingsStorageLocationSettingsStorageLocationPreference struct {
+	// Name: Name of the location. It should be one of the GCS buckets.
+	Name string `json:"name,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Name") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Name") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *SnapshotSettingsStorageLocationSettingsStorageLocationPreference) MarshalJSON() ([]byte, error) {
+	type NoMethod SnapshotSettingsStorageLocationSettingsStorageLocationPreference
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 type SourceDiskEncryptionKey struct {
 	// DiskEncryptionKey: The customer-supplied encryption key of the source
 	// disk. Required if the source disk is protected by a customer-supplied
@@ -58022,6 +60257,9 @@ type SslCertificateAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -58211,6 +60449,9 @@ type SslCertificateListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -58474,6 +60715,9 @@ type SslCertificatesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -58668,6 +60912,9 @@ type SslPoliciesAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -58856,6 +61103,9 @@ type SslPoliciesListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -59053,6 +61303,9 @@ type SslPoliciesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -59313,6 +61566,9 @@ type SslPolicyWarnings struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -59587,278 +61843,150 @@ func (s *StatefulPolicyPreservedStateNetworkIp) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// Subnetwork: Represents a Subnetwork resource. A subnetwork (also
-// known as a subnet) is a logical partition of a Virtual Private Cloud
-// network with one primary IP range and zero or more secondary IP
-// ranges. For more information, read Virtual Private Cloud (VPC)
-// Network.
-type Subnetwork struct {
-	// AggregationInterval: Can only be specified if VPC flow logging for
-	// this subnetwork is enabled. Sets the aggregation interval for
-	// collecting flow logs. Increasing the interval time reduces the amount
-	// of generated flow logs for long-lasting connections. Default is an
-	// interval of 5 seconds per connection. Valid values: INTERVAL_5_SEC,
-	// INTERVAL_30_SEC, INTERVAL_1_MIN, INTERVAL_5_MIN, INTERVAL_10_MIN,
-	// INTERVAL_15_MIN.
-	//
-	// Possible values:
-	//   "INTERVAL_10_MIN"
-	//   "INTERVAL_15_MIN"
-	//   "INTERVAL_1_MIN"
-	//   "INTERVAL_30_SEC"
-	//   "INTERVAL_5_MIN"
-	//   "INTERVAL_5_SEC"
-	AggregationInterval string `json:"aggregationInterval,omitempty"`
+// Status: The `Status` type defines a logical error model that is
+// suitable for different programming environments, including REST APIs
+// and RPC APIs. It is used by gRPC (https://github.com/grpc). Each
+// `Status` message contains three pieces of data: error code, error
+// message, and error details. You can find out more about this error
+// model and how to work with it in the API Design Guide
+// (https://cloud.google.com/apis/design/errors).
+type Status struct {
+	// Code: The status code, which should be an enum value of
+	// google.rpc.Code.
+	Code int64 `json:"code,omitempty"`
 
-	// AllowSubnetCidrRoutesOverlap: Whether this subnetwork's ranges can
-	// conflict with existing static routes. Setting this to true allows
-	// this subnetwork's primary and secondary ranges to overlap with (and
-	// contain) static routes that have already been configured on the
-	// corresponding network. For example if a static route has range
-	// 10.1.0.0/16, a subnet range 10.0.0.0/8 could only be created if
-	// allow_conflicting_routes=true. Overlapping is only allowed on
-	// subnetwork operations; routes whose ranges conflict with this
-	// subnetwork's ranges won't be allowed unless
-	// route.allow_conflicting_subnetworks is set to true. Typically packets
-	// destined to IPs within the subnetwork (which may contain
-	// private/sensitive data) are prevented from leaving the virtual
-	// network. Setting this field to true will disable this feature. The
-	// default value is false and applies to all existing subnetworks and
-	// automatically created subnetworks. This field cannot be set to true
-	// at resource creation time.
-	AllowSubnetCidrRoutesOverlap bool `json:"allowSubnetCidrRoutesOverlap,omitempty"`
+	// Details: A list of messages that carry the error details. There is a
+	// common set of message types for APIs to use.
+	Details []googleapi.RawMessage `json:"details,omitempty"`
+
+	// Message: A developer-facing error message, which should be in
+	// English. Any user-facing error message should be localized and sent
+	// in the google.rpc.Status.details field, or localized by the client.
+	Message string `json:"message,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Code") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Code") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *Status) MarshalJSON() ([]byte, error) {
+	type NoMethod Status
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
 
+// StoragePool: Represents a zonal storage pool resource.
+type StoragePool struct {
 	// CreationTimestamp: [Output Only] Creation timestamp in RFC3339 text
 	// format.
 	CreationTimestamp string `json:"creationTimestamp,omitempty"`
 
 	// Description: An optional description of this resource. Provide this
-	// property when you create the resource. This field can be set only at
-	// resource creation time.
+	// property when you create the resource.
 	Description string `json:"description,omitempty"`
 
-	// EnableFlowLogs: Whether to enable flow logging for this subnetwork.
-	// If this field is not explicitly set, it will not appear in get
-	// listings. If not set the default behavior is determined by the org
-	// policy, if there is no org policy specified, then it will default to
-	// disabled. This field isn't supported with the purpose field set to
-	// INTERNAL_HTTPS_LOAD_BALANCER.
-	EnableFlowLogs bool `json:"enableFlowLogs,omitempty"`
-
-	// EnableL2: Enables Layer2 communication on the subnetwork.
-	EnableL2 bool `json:"enableL2,omitempty"`
-
-	// EnablePrivateV6Access: Deprecated in favor of enable in
-	// PrivateIpv6GoogleAccess. Whether the VMs in this subnet can directly
-	// access Google services via internal IPv6 addresses. This field can be
-	// both set at resource creation time and updated using patch.
-	EnablePrivateV6Access bool `json:"enablePrivateV6Access,omitempty"`
-
-	// ExternalIpv6Prefix: The external IPv6 address range that is owned by
-	// this subnetwork.
-	ExternalIpv6Prefix string `json:"externalIpv6Prefix,omitempty"`
-
-	// Fingerprint: Fingerprint of this resource. A hash of the contents
-	// stored in this object. This field is used in optimistic locking. This
-	// field will be ignored when inserting a Subnetwork. An up-to-date
-	// fingerprint must be provided in order to update the Subnetwork,
-	// otherwise the request will fail with error 412 conditionNotMet. To
-	// see the latest fingerprint, make a get() request to retrieve a
-	// Subnetwork.
-	Fingerprint string `json:"fingerprint,omitempty"`
-
-	// FlowSampling: Can only be specified if VPC flow logging for this
-	// subnetwork is enabled. The value of the field must be in [0, 1]. Set
-	// the sampling rate of VPC flow logs within the subnetwork where 1.0
-	// means all collected logs are reported and 0.0 means no logs are
-	// reported. Default is 0.5 unless otherwise specified by the org
-	// policy, which means half of all collected logs are reported.
-	FlowSampling float64 `json:"flowSampling,omitempty"`
-
-	// GatewayAddress: [Output Only] The gateway address for default routes
-	// to reach destination addresses outside this subnetwork.
-	GatewayAddress string `json:"gatewayAddress,omitempty"`
-
 	// Id: [Output Only] The unique identifier for the resource. This
 	// identifier is defined by the server.
 	Id uint64 `json:"id,omitempty,string"`
 
-	// InternalIpv6Prefix: [Output Only] The internal IPv6 address range
-	// that is assigned to this subnetwork.
-	InternalIpv6Prefix string `json:"internalIpv6Prefix,omitempty"`
-
-	// IpCidrRange: The range of internal addresses that are owned by this
-	// subnetwork. Provide this property when you create the subnetwork. For
-	// example, 10.0.0.0/8 or 100.64.0.0/10. Ranges must be unique and
-	// non-overlapping within a network. Only IPv4 is supported. This field
-	// is set at resource creation time. The range can be any range listed
-	// in the Valid ranges list. The range can be expanded after creation
-	// using expandIpCidrRange.
-	IpCidrRange string `json:"ipCidrRange,omitempty"`
-
-	// Ipv6AccessType: The access type of IPv6 address this subnet holds.
-	// It's immutable and can only be specified during creation or the first
-	// time the subnet is updated into IPV4_IPV6 dual stack.
-	//
-	// Possible values:
-	//   "EXTERNAL" - VMs on this subnet will be assigned IPv6 addresses
-	// that are accessible via the Internet, as well as the VPC network.
-	//   "INTERNAL" - VMs on this subnet will be assigned IPv6 addresses
-	// that are only accessible over the VPC network.
-	Ipv6AccessType string `json:"ipv6AccessType,omitempty"`
-
-	// Ipv6CidrRange: [Output Only] This field is for internal use.
-	Ipv6CidrRange string `json:"ipv6CidrRange,omitempty"`
-
-	// Kind: [Output Only] Type of the resource. Always compute#subnetwork
-	// for Subnetwork resources.
+	// Kind: [Output Only] Type of the resource. Always compute#storagePool
+	// for storage pools.
 	Kind string `json:"kind,omitempty"`
 
-	// LogConfig: This field denotes the VPC flow logging options for this
-	// subnetwork. If logging is enabled, logs are exported to Cloud
-	// Logging.
-	LogConfig *SubnetworkLogConfig `json:"logConfig,omitempty"`
+	// LabelFingerprint: A fingerprint for the labels being applied to this
+	// storage pool, which is essentially a hash of the labels set used for
+	// optimistic locking. The fingerprint is initially generated by Compute
+	// Engine and changes after every request to modify or update labels.
+	// You must always provide an up-to-date fingerprint hash in order to
+	// update or change labels, otherwise the request will fail with error
+	// 412 conditionNotMet. To see the latest fingerprint, make a get()
+	// request to retrieve a storage pool.
+	LabelFingerprint string `json:"labelFingerprint,omitempty"`
 
-	// Metadata: Can only be specified if VPC flow logging for this
-	// subnetwork is enabled. Configures whether metadata fields should be
-	// added to the reported VPC flow logs. Options are
-	// INCLUDE_ALL_METADATA, EXCLUDE_ALL_METADATA, and CUSTOM_METADATA.
-	// Default is EXCLUDE_ALL_METADATA.
-	//
-	// Possible values:
-	//   "EXCLUDE_ALL_METADATA"
-	//   "INCLUDE_ALL_METADATA"
-	Metadata string `json:"metadata,omitempty"`
+	// Labels: Labels to apply to this storage pool. These can be later
+	// modified by the setLabels method.
+	Labels map[string]string `json:"labels,omitempty"`
 
-	// Name: The name of the resource, provided by the client when initially
-	// creating the resource. The name must be 1-63 characters long, and
-	// comply with RFC1035. Specifically, the name must be 1-63 characters
-	// long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`
-	// which means the first character must be a lowercase letter, and all
-	// following characters must be a dash, lowercase letter, or digit,
-	// except the last character, which cannot be a dash.
+	// Name: Name of the resource. Provided by the client when the resource
+	// is created. The name must be 1-63 characters long, and comply with
+	// RFC1035. Specifically, the name must be 1-63 characters long and
+	// match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means
+	// the first character must be a lowercase letter, and all following
+	// characters must be a dash, lowercase letter, or digit, except the
+	// last character, which cannot be a dash.
 	Name string `json:"name,omitempty"`
 
-	// Network: The URL of the network to which this subnetwork belongs,
-	// provided by the client when initially creating the subnetwork. This
-	// field can be set only at resource creation time.
-	Network string `json:"network,omitempty"`
+	// ProvisionedIops: Provsioned IOPS of the storage pool.
+	ProvisionedIops int64 `json:"provisionedIops,omitempty,string"`
 
-	// PrivateIpGoogleAccess: Whether the VMs in this subnet can access
-	// Google services without assigned external IP addresses. This field
-	// can be both set at resource creation time and updated using
-	// setPrivateIpGoogleAccess.
-	PrivateIpGoogleAccess bool `json:"privateIpGoogleAccess,omitempty"`
+	// ProvisionedThroughput: Provisioned throughput of the storage pool.
+	// Only relevant if the storage pool type is hyperdisk-balanced or
+	// hyperdisk-throughput.
+	ProvisionedThroughput int64 `json:"provisionedThroughput,omitempty,string"`
 
-	// PrivateIpv6GoogleAccess: This field is for internal use. This field
-	// can be both set at resource creation time and updated using patch.
-	//
-	// Possible values:
-	//   "DISABLE_GOOGLE_ACCESS" - Disable private IPv6 access to/from
-	// Google services.
-	//   "ENABLE_BIDIRECTIONAL_ACCESS_TO_GOOGLE" - Bidirectional private
-	// IPv6 access to/from Google services.
-	//   "ENABLE_OUTBOUND_VM_ACCESS_TO_GOOGLE" - Outbound private IPv6
-	// access from VMs in this subnet to Google services.
-	PrivateIpv6GoogleAccess string `json:"privateIpv6GoogleAccess,omitempty"`
+	// ResourceStatus: [Output Only] Status information for the storage pool
+	// resource.
+	ResourceStatus *StoragePoolResourceStatus `json:"resourceStatus,omitempty"`
 
-	// Purpose: The purpose of the resource. This field can be either
-	// PRIVATE_RFC_1918 or INTERNAL_HTTPS_LOAD_BALANCER. A subnetwork with
-	// purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a user-created
-	// subnetwork that is reserved for Internal HTTP(S) Load Balancing. If
-	// unspecified, the purpose defaults to PRIVATE_RFC_1918. The
-	// enableFlowLogs field isn't supported with the purpose field set to
-	// INTERNAL_HTTPS_LOAD_BALANCER.
-	//
-	// Possible values:
-	//   "AGGREGATE" - Subnetwork used to aggregate multiple private
-	// subnetworks.
-	//   "CLOUD_EXTENSION" - Subnetworks created for Cloud Extension
-	// Machines.
-	//   "GLOBAL_MANAGED_PROXY" - Subnet reserved for Global Internal
-	// HTTP(S) Load Balancing.
-	//   "INTERNAL_HTTPS_LOAD_BALANCER" - Subnet reserved for Internal
-	// HTTP(S) Load Balancing.
-	//   "PRIVATE" - Regular user created or automatically created subnet.
-	//   "PRIVATE_NAT" - Subnetwork used as source range for Private NAT
-	// Gateways.
-	//   "PRIVATE_RFC_1918" - Regular user created or automatically created
-	// subnet.
-	//   "PRIVATE_SERVICE_CONNECT" - Subnetworks created for Private Service
-	// Connect in the producer network.
-	//   "REGIONAL_MANAGED_PROXY" - Subnetwork used for Regional
-	// Internal/External HTTP(S) Load Balancing.
-	Purpose string `json:"purpose,omitempty"`
+	// SelfLink: [Output Only] Server-defined fully-qualified URL for this
+	// resource.
+	SelfLink string `json:"selfLink,omitempty"`
 
-	// Region: URL of the region where the Subnetwork resides. This field
-	// can be set only at resource creation time.
-	Region string `json:"region,omitempty"`
+	// SelfLinkWithId: [Output Only] Server-defined URL for this resource's
+	// resource id.
+	SelfLinkWithId string `json:"selfLinkWithId,omitempty"`
 
-	// ReservedInternalRange: The URL of the reserved internal range.
-	ReservedInternalRange string `json:"reservedInternalRange,omitempty"`
+	// SizeGb: Size, in GiB, of the storage pool.
+	SizeGb int64 `json:"sizeGb,omitempty,string"`
 
-	// Role: The role of subnetwork. Currently, this field is only used when
-	// purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to
-	// ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently being
-	// used for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one
-	// that is ready to be promoted to ACTIVE or is currently draining. This
-	// field can be updated with a patch request.
+	// State: [Output Only] The status of storage pool creation. - CREATING:
+	// Storage pool is provisioning. storagePool. - FAILED: Storage pool
+	// creation failed. - READY: Storage pool is ready for use. - DELETING:
+	// Storage pool is deleting.
 	//
 	// Possible values:
-	//   "ACTIVE" - The ACTIVE subnet that is currently used.
-	//   "BACKUP" - The BACKUP subnet that could be promoted to ACTIVE.
-	Role string `json:"role,omitempty"`
-
-	// SecondaryIpRanges: An array of configurations for secondary IP ranges
-	// for VM instances contained in this subnetwork. The primary IP of such
-	// VM must belong to the primary ipCidrRange of the subnetwork. The
-	// alias IPs may belong to either primary or secondary ranges. This
-	// field can be updated with a patch request.
-	SecondaryIpRanges []*SubnetworkSecondaryRange `json:"secondaryIpRanges,omitempty"`
-
-	// SelfLink: [Output Only] Server-defined URL for the resource.
-	SelfLink string `json:"selfLink,omitempty"`
+	//   "CREATING" - StoragePool is provisioning
+	//   "DELETING" - StoragePool is deleting.
+	//   "FAILED" - StoragePool creation failed.
+	//   "READY" - StoragePool is ready for use.
+	State string `json:"state,omitempty"`
 
-	// SelfLinkWithId: [Output Only] Server-defined URL for this resource
-	// with the resource id.
-	SelfLinkWithId string `json:"selfLinkWithId,omitempty"`
+	// Status: [Output Only] Status information for the storage pool
+	// resource.
+	Status *StoragePoolResourceStatus `json:"status,omitempty"`
 
-	// StackType: The stack type for the subnet. If set to IPV4_ONLY, new
-	// VMs in the subnet are assigned IPv4 addresses only. If set to
-	// IPV4_IPV6, new VMs in the subnet can be assigned both IPv4 and IPv6
-	// addresses. If not specified, IPV4_ONLY is used. This field can be
-	// both set at resource creation time and updated using patch.
-	//
-	// Possible values:
-	//   "IPV4_IPV6" - New VMs in this subnet can have both IPv4 and IPv6
-	// addresses.
-	//   "IPV4_ONLY" - New VMs in this subnet will only be assigned IPv4
-	// addresses.
-	StackType string `json:"stackType,omitempty"`
+	// StoragePoolType: Type of the storage pool.
+	StoragePoolType string `json:"storagePoolType,omitempty"`
 
-	// State: [Output Only] The state of the subnetwork, which can be one of
-	// the following values: READY: Subnetwork is created and ready to use
-	// DRAINING: only applicable to subnetworks that have the purpose set to
-	// INTERNAL_HTTPS_LOAD_BALANCER and indicates that connections to the
-	// load balancer are being drained. A subnetwork that is draining cannot
-	// be used or modified until it reaches a status of READY
+	// Type: Type of the storage pool
 	//
 	// Possible values:
-	//   "DRAINING" - Subnetwork is being drained.
-	//   "READY" - Subnetwork is ready for use.
-	State string `json:"state,omitempty"`
+	//   "SSD"
+	//   "UNSPECIFIED"
+	Type string `json:"type,omitempty"`
 
-	// Vlans: A repeated field indicating the VLAN IDs supported on this
-	// subnetwork. During Subnet creation, specifying vlan is valid only if
-	// enable_l2 is true. During Subnet Update, specifying vlan is allowed
-	// only for l2 enabled subnets. Restricted to only one VLAN.
-	Vlans []int64 `json:"vlans,omitempty"`
+	// Zone: [Output Only] URL of the zone where the storage pool resides.
+	// You must specify this field as part of the HTTP request URL. It is
+	// not settable as a field in the request body.
+	Zone string `json:"zone,omitempty"`
 
 	// ServerResponse contains the HTTP response code and headers from the
 	// server.
 	googleapi.ServerResponse `json:"-"`
 
-	// ForceSendFields is a list of field names (e.g. "AggregationInterval")
+	// ForceSendFields is a list of field names (e.g. "CreationTimestamp")
 	// to unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
 	// non-pointer, non-interface field appearing in ForceSendFields will be
@@ -59866,7 +61994,7 @@ type Subnetwork struct {
 	// This may be used to include empty fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "AggregationInterval") to
+	// NullFields is a list of field names (e.g. "CreationTimestamp") to
 	// include in API requests with the JSON null value. By default, fields
 	// with empty values are omitted from API requests. However, any field
 	// with an empty value appearing in NullFields will be sent to the
@@ -59876,36 +62004,25 @@ type Subnetwork struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *Subnetwork) MarshalJSON() ([]byte, error) {
-	type NoMethod Subnetwork
+func (s *StoragePool) MarshalJSON() ([]byte, error) {
+	type NoMethod StoragePool
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-func (s *Subnetwork) UnmarshalJSON(data []byte) error {
-	type NoMethod Subnetwork
-	var s1 struct {
-		FlowSampling gensupport.JSONFloat64 `json:"flowSampling"`
-		*NoMethod
-	}
-	s1.NoMethod = (*NoMethod)(s)
-	if err := json.Unmarshal(data, &s1); err != nil {
-		return err
-	}
-	s.FlowSampling = float64(s1.FlowSampling)
-	return nil
-}
+type StoragePoolAggregatedList struct {
+	Etag string `json:"etag,omitempty"`
 
-type SubnetworkAggregatedList struct {
 	// Id: [Output Only] Unique identifier for the resource; defined by the
 	// server.
 	Id string `json:"id,omitempty"`
 
-	// Items: A list of SubnetworksScopedList resources.
-	Items map[string]SubnetworksScopedList `json:"items,omitempty"`
+	// Items: A list of StoragePoolsScopedList resources.
+	Items map[string]StoragePoolsScopedList `json:"items,omitempty"`
 
 	// Kind: [Output Only] Type of resource. Always
-	// compute#subnetworkAggregatedList for aggregated lists of subnetworks.
+	// compute#storagePoolAggregatedList for aggregated lists of storage
+	// pools.
 	Kind string `json:"kind,omitempty"`
 
 	// NextPageToken: [Output Only] This token allows you to get the next
@@ -59923,13 +62040,13 @@ type SubnetworkAggregatedList struct {
 	Unreachables []string `json:"unreachables,omitempty"`
 
 	// Warning: [Output Only] Informational warning message.
-	Warning *SubnetworkAggregatedListWarning `json:"warning,omitempty"`
+	Warning *StoragePoolAggregatedListWarning `json:"warning,omitempty"`
 
 	// ServerResponse contains the HTTP response code and headers from the
 	// server.
 	googleapi.ServerResponse `json:"-"`
 
-	// ForceSendFields is a list of field names (e.g. "Id") to
+	// ForceSendFields is a list of field names (e.g. "Etag") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
 	// non-pointer, non-interface field appearing in ForceSendFields will be
@@ -59937,7 +62054,7 @@ type SubnetworkAggregatedList struct {
 	// This may be used to include empty fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "Id") to include in API
+	// NullFields is a list of field names (e.g. "Etag") to include in API
 	// requests with the JSON null value. By default, fields with empty
 	// values are omitted from API requests. However, any field with an
 	// empty value appearing in NullFields will be sent to the server as
@@ -59946,15 +62063,15 @@ type SubnetworkAggregatedList struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *SubnetworkAggregatedList) MarshalJSON() ([]byte, error) {
-	type NoMethod SubnetworkAggregatedList
+func (s *StoragePoolAggregatedList) MarshalJSON() ([]byte, error) {
+	type NoMethod StoragePoolAggregatedList
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// SubnetworkAggregatedListWarning: [Output Only] Informational warning
+// StoragePoolAggregatedListWarning: [Output Only] Informational warning
 // message.
-type SubnetworkAggregatedListWarning struct {
+type StoragePoolAggregatedListWarning struct {
 	// Code: [Output Only] A warning code, if applicable. For example,
 	// Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in
 	// the response.
@@ -59981,6 +62098,9 @@ type SubnetworkAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -60022,7 +62142,7 @@ type SubnetworkAggregatedListWarning struct {
 	// Data: [Output Only] Metadata about this warning in key: value format.
 	// For example: "data": [ { "key": "scope", "value": "zones/us-east1-d"
 	// }
-	Data []*SubnetworkAggregatedListWarningData `json:"data,omitempty"`
+	Data []*StoragePoolAggregatedListWarningData `json:"data,omitempty"`
 
 	// Message: [Output Only] A human-readable description of the warning
 	// code.
@@ -60045,13 +62165,13 @@ type SubnetworkAggregatedListWarning struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *SubnetworkAggregatedListWarning) MarshalJSON() ([]byte, error) {
-	type NoMethod SubnetworkAggregatedListWarning
+func (s *StoragePoolAggregatedListWarning) MarshalJSON() ([]byte, error) {
+	type NoMethod StoragePoolAggregatedListWarning
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-type SubnetworkAggregatedListWarningData struct {
+type StoragePoolAggregatedListWarningData struct {
 	// Key: [Output Only] A key that provides more detail on the warning
 	// being returned. For example, for warnings where there are no results
 	// in a list request for a particular zone, this key might be scope and
@@ -60082,23 +62202,94 @@ type SubnetworkAggregatedListWarningData struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *SubnetworkAggregatedListWarningData) MarshalJSON() ([]byte, error) {
-	type NoMethod SubnetworkAggregatedListWarningData
+func (s *StoragePoolAggregatedListWarningData) MarshalJSON() ([]byte, error) {
+	type NoMethod StoragePoolAggregatedListWarningData
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// SubnetworkList: Contains a list of Subnetwork resources.
-type SubnetworkList struct {
+type StoragePoolDisk struct {
+	// AttachedInstances: [Output Only] Instances this disk is attached to.
+	AttachedInstances []string `json:"attachedInstances,omitempty"`
+
+	// CreationTimestamp: [Output Only] Creation timestamp in RFC3339 text
+	// format.
+	CreationTimestamp string `json:"creationTimestamp,omitempty"`
+
+	// Disk: [Output Only] The URL of the disk.
+	Disk string `json:"disk,omitempty"`
+
+	// Name: [Output Only] The name of the disk.
+	Name string `json:"name,omitempty"`
+
+	// ProvisionedIops: [Output Only] The number of IOPS provisioned for the
+	// disk.
+	ProvisionedIops int64 `json:"provisionedIops,omitempty,string"`
+
+	// ProvisionedThroughput: [Output Only] The throughput provisioned for
+	// the disk.
+	ProvisionedThroughput int64 `json:"provisionedThroughput,omitempty,string"`
+
+	// ResourcePolicies: [Output Only] Resource policies applied to disk for
+	// automatic snapshot creations.
+	ResourcePolicies []string `json:"resourcePolicies,omitempty"`
+
+	// SizeGb: [Output Only] The disk size, in GB.
+	SizeGb int64 `json:"sizeGb,omitempty,string"`
+
+	// Status: [Output Only] The disk status.
+	//
+	// Possible values:
+	//   "CREATING" - Disk is provisioning
+	//   "DELETING" - Disk is deleting.
+	//   "FAILED" - Disk creation failed.
+	//   "READY" - Disk is ready for use.
+	//   "RESTORING" - Source data is being copied into the disk.
+	Status string `json:"status,omitempty"`
+
+	// Type: [Output Only] The disk type.
+	Type string `json:"type,omitempty"`
+
+	// UsedBytes: [Output Only] Amount of disk space used.
+	UsedBytes int64 `json:"usedBytes,omitempty,string"`
+
+	// ForceSendFields is a list of field names (e.g. "AttachedInstances")
+	// to unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "AttachedInstances") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *StoragePoolDisk) MarshalJSON() ([]byte, error) {
+	type NoMethod StoragePoolDisk
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// StoragePoolList: A list of StoragePool resources.
+type StoragePoolList struct {
+	Etag string `json:"etag,omitempty"`
+
 	// Id: [Output Only] Unique identifier for the resource; defined by the
 	// server.
 	Id string `json:"id,omitempty"`
 
-	// Items: A list of Subnetwork resources.
-	Items []*Subnetwork `json:"items,omitempty"`
+	// Items: A list of StoragePool resources.
+	Items []*StoragePool `json:"items,omitempty"`
 
-	// Kind: [Output Only] Type of resource. Always compute#subnetworkList
-	// for lists of subnetworks.
+	// Kind: [Output Only] Type of resource. Always compute#storagePoolList
+	// for lists of storagePools.
 	Kind string `json:"kind,omitempty"`
 
 	// NextPageToken: [Output Only] This token allows you to get the next
@@ -60112,14 +62303,18 @@ type SubnetworkList struct {
 	// SelfLink: [Output Only] Server-defined URL for this resource.
 	SelfLink string `json:"selfLink,omitempty"`
 
+	// Unreachables: [Output Only] Unreachable resources. end_interface:
+	// MixerListResponseWithEtagBuilder
+	Unreachables []string `json:"unreachables,omitempty"`
+
 	// Warning: [Output Only] Informational warning message.
-	Warning *SubnetworkListWarning `json:"warning,omitempty"`
+	Warning *StoragePoolListWarning `json:"warning,omitempty"`
 
 	// ServerResponse contains the HTTP response code and headers from the
 	// server.
 	googleapi.ServerResponse `json:"-"`
 
-	// ForceSendFields is a list of field names (e.g. "Id") to
+	// ForceSendFields is a list of field names (e.g. "Etag") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
 	// non-pointer, non-interface field appearing in ForceSendFields will be
@@ -60127,7 +62322,7 @@ type SubnetworkList struct {
 	// This may be used to include empty fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "Id") to include in API
+	// NullFields is a list of field names (e.g. "Etag") to include in API
 	// requests with the JSON null value. By default, fields with empty
 	// values are omitted from API requests. However, any field with an
 	// empty value appearing in NullFields will be sent to the server as
@@ -60136,14 +62331,14 @@ type SubnetworkList struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *SubnetworkList) MarshalJSON() ([]byte, error) {
-	type NoMethod SubnetworkList
+func (s *StoragePoolList) MarshalJSON() ([]byte, error) {
+	type NoMethod StoragePoolList
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// SubnetworkListWarning: [Output Only] Informational warning message.
-type SubnetworkListWarning struct {
+// StoragePoolListWarning: [Output Only] Informational warning message.
+type StoragePoolListWarning struct {
 	// Code: [Output Only] A warning code, if applicable. For example,
 	// Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in
 	// the response.
@@ -60170,6 +62365,9 @@ type SubnetworkListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -60211,7 +62409,7 @@ type SubnetworkListWarning struct {
 	// Data: [Output Only] Metadata about this warning in key: value format.
 	// For example: "data": [ { "key": "scope", "value": "zones/us-east1-d"
 	// }
-	Data []*SubnetworkListWarningData `json:"data,omitempty"`
+	Data []*StoragePoolListWarningData `json:"data,omitempty"`
 
 	// Message: [Output Only] A human-readable description of the warning
 	// code.
@@ -60234,13 +62432,13 @@ type SubnetworkListWarning struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *SubnetworkListWarning) MarshalJSON() ([]byte, error) {
-	type NoMethod SubnetworkListWarning
+func (s *StoragePoolListWarning) MarshalJSON() ([]byte, error) {
+	type NoMethod StoragePoolListWarning
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-type SubnetworkListWarningData struct {
+type StoragePoolListWarningData struct {
 	// Key: [Output Only] A key that provides more detail on the warning
 	// being returned. For example, for warnings where there are no results
 	// in a list request for a particular zone, this key might be scope and
@@ -60271,123 +62469,151 @@ type SubnetworkListWarningData struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *SubnetworkListWarningData) MarshalJSON() ([]byte, error) {
-	type NoMethod SubnetworkListWarningData
+func (s *StoragePoolListWarningData) MarshalJSON() ([]byte, error) {
+	type NoMethod StoragePoolListWarningData
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// SubnetworkLogConfig: The available logging options for this
-// subnetwork.
-type SubnetworkLogConfig struct {
-	// AggregationInterval: Can only be specified if VPC flow logging for
-	// this subnetwork is enabled. Toggles the aggregation interval for
-	// collecting flow logs. Increasing the interval time will reduce the
-	// amount of generated flow logs for long lasting connections. Default
-	// is an interval of 5 seconds per connection.
-	//
-	// Possible values:
-	//   "INTERVAL_10_MIN"
-	//   "INTERVAL_15_MIN"
-	//   "INTERVAL_1_MIN"
-	//   "INTERVAL_30_SEC"
-	//   "INTERVAL_5_MIN"
-	//   "INTERVAL_5_SEC"
-	AggregationInterval string `json:"aggregationInterval,omitempty"`
+type StoragePoolListDisks struct {
+	Etag string `json:"etag,omitempty"`
 
-	// Enable: Whether to enable flow logging for this subnetwork. If this
-	// field is not explicitly set, it will not appear in get listings. If
-	// not set the default behavior is determined by the org policy, if
-	// there is no org policy specified, then it will default to disabled.
-	Enable bool `json:"enable,omitempty"`
+	// Id: [Output Only] Unique identifier for the resource; defined by the
+	// server.
+	Id string `json:"id,omitempty"`
 
-	// FilterExpr: Can only be specified if VPC flow logs for this
-	// subnetwork is enabled. The filter expression is used to define which
-	// VPC flow logs should be exported to Cloud Logging.
-	FilterExpr string `json:"filterExpr,omitempty"`
+	// Items: A list of StoragePoolDisk resources.
+	Items []*StoragePoolDisk `json:"items,omitempty"`
 
-	// FlowSampling: Can only be specified if VPC flow logging for this
-	// subnetwork is enabled. The value of the field must be in [0, 1]. Set
-	// the sampling rate of VPC flow logs within the subnetwork where 1.0
-	// means all collected logs are reported and 0.0 means no logs are
-	// reported. Default is 0.5 unless otherwise specified by the org
-	// policy, which means half of all collected logs are reported.
-	FlowSampling float64 `json:"flowSampling,omitempty"`
+	// Kind: [Output Only] Type of resource. Always
+	// compute#storagePoolListDisks for lists of disks in a storagePool.
+	Kind string `json:"kind,omitempty"`
 
-	// Metadata: Can only be specified if VPC flow logs for this subnetwork
-	// is enabled. Configures whether all, none or a subset of metadata
-	// fields should be added to the reported VPC flow logs. Default is
-	// EXCLUDE_ALL_METADATA.
-	//
-	// Possible values:
-	//   "CUSTOM_METADATA"
-	//   "EXCLUDE_ALL_METADATA"
-	//   "INCLUDE_ALL_METADATA"
-	Metadata string `json:"metadata,omitempty"`
+	// NextPageToken: [Output Only] This token allows you to get the next
+	// page of results for list requests. If the number of results is larger
+	// than maxResults, use the nextPageToken as a value for the query
+	// parameter pageToken in the next list request. Subsequent list
+	// requests will have their own nextPageToken to continue paging through
+	// the results.
+	NextPageToken string `json:"nextPageToken,omitempty"`
 
-	// MetadataFields: Can only be specified if VPC flow logs for this
-	// subnetwork is enabled and "metadata" was set to CUSTOM_METADATA.
-	MetadataFields []string `json:"metadataFields,omitempty"`
+	// SelfLink: [Output Only] Server-defined URL for this resource.
+	SelfLink string `json:"selfLink,omitempty"`
 
-	// ForceSendFields is a list of field names (e.g. "AggregationInterval")
-	// to unconditionally include in API requests. By default, fields with
+	// Unreachables: [Output Only] Unreachable resources. end_interface:
+	// MixerListResponseWithEtagBuilder
+	Unreachables []string `json:"unreachables,omitempty"`
+
+	// Warning: [Output Only] Informational warning message.
+	Warning *StoragePoolListDisksWarning `json:"warning,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "Etag") to
+	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
 	// non-pointer, non-interface field appearing in ForceSendFields will be
 	// sent to the server regardless of whether the field is empty or not.
 	// This may be used to include empty fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "AggregationInterval") to
-	// include in API requests with the JSON null value. By default, fields
-	// with empty values are omitted from API requests. However, any field
-	// with an empty value appearing in NullFields will be sent to the
-	// server as null. It is an error if a field in this list has a
-	// non-empty value. This may be used to include null fields in Patch
-	// requests.
+	// NullFields is a list of field names (e.g. "Etag") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
 	NullFields []string `json:"-"`
 }
 
-func (s *SubnetworkLogConfig) MarshalJSON() ([]byte, error) {
-	type NoMethod SubnetworkLogConfig
+func (s *StoragePoolListDisks) MarshalJSON() ([]byte, error) {
+	type NoMethod StoragePoolListDisks
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-func (s *SubnetworkLogConfig) UnmarshalJSON(data []byte) error {
-	type NoMethod SubnetworkLogConfig
-	var s1 struct {
-		FlowSampling gensupport.JSONFloat64 `json:"flowSampling"`
-		*NoMethod
-	}
-	s1.NoMethod = (*NoMethod)(s)
-	if err := json.Unmarshal(data, &s1); err != nil {
-		return err
-	}
-	s.FlowSampling = float64(s1.FlowSampling)
-	return nil
-}
-
-// SubnetworkSecondaryRange: Represents a secondary IP range of a
-// subnetwork.
-type SubnetworkSecondaryRange struct {
-	// IpCidrRange: The range of IP addresses belonging to this subnetwork
-	// secondary range. Provide this property when you create the
-	// subnetwork. Ranges must be unique and non-overlapping with all
-	// primary and secondary IP ranges within a network. Only IPv4 is
-	// supported. The range can be any range listed in the Valid ranges
-	// list.
-	IpCidrRange string `json:"ipCidrRange,omitempty"`
+// StoragePoolListDisksWarning: [Output Only] Informational warning
+// message.
+type StoragePoolListDisksWarning struct {
+	// Code: [Output Only] A warning code, if applicable. For example,
+	// Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in
+	// the response.
+	//
+	// Possible values:
+	//   "CLEANUP_FAILED" - Warning about failed cleanup of transient
+	// changes made by a failed operation.
+	//   "DEPRECATED_RESOURCE_USED" - A link to a deprecated resource was
+	// created.
+	//   "DEPRECATED_TYPE_USED" - When deploying and at least one of the
+	// resources has a type marked as deprecated
+	//   "DISK_SIZE_LARGER_THAN_IMAGE_SIZE" - The user created a boot disk
+	// that is larger than image size.
+	//   "EXPERIMENTAL_TYPE_USED" - When deploying and at least one of the
+	// resources has a type marked as experimental
+	//   "EXTERNAL_API_WARNING" - Warning that is present in an external api
+	// call
+	//   "FIELD_VALUE_OVERRIDEN" - Warning that value of a field has been
+	// overridden. Deprecated unused field.
+	//   "INJECTED_KERNELS_DEPRECATED" - The operation involved use of an
+	// injected kernel, which is deprecated.
+	//   "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB" - A WEIGHTED_MAGLEV
+	// backend service is associated with a health check that is not of type
+	// HTTP/HTTPS/HTTP2.
+	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
+	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
+	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
+	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
+	// not assigned to an instance on the network.
+	//   "NEXT_HOP_CANNOT_IP_FORWARD" - The route's next hop instance cannot
+	// ip forward.
+	//   "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE" - The route's
+	// nextHopInstance URL refers to an instance that does not have an ipv6
+	// interface on the same network as the route.
+	//   "NEXT_HOP_INSTANCE_NOT_FOUND" - The route's nextHopInstance URL
+	// refers to an instance that does not exist.
+	//   "NEXT_HOP_INSTANCE_NOT_ON_NETWORK" - The route's nextHopInstance
+	// URL refers to an instance that is not on the same network as the
+	// route.
+	//   "NEXT_HOP_NOT_RUNNING" - The route's next hop instance does not
+	// have a status of RUNNING.
+	//   "NOT_CRITICAL_ERROR" - Error which is not critical. We decided to
+	// continue the process despite the mentioned error.
+	//   "NO_RESULTS_ON_PAGE" - No results are present on a particular list
+	// page.
+	//   "PARTIAL_SUCCESS" - Success is reported, but some results may be
+	// missing due to errors
+	//   "REQUIRED_TOS_AGREEMENT" - The user attempted to use a resource
+	// that requires a TOS they have not accepted.
+	//   "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING" - Warning that a
+	// resource is in use.
+	//   "RESOURCE_NOT_DELETED" - One or more of the resources set to
+	// auto-delete could not be deleted because they were in use.
+	//   "SCHEMA_VALIDATION_IGNORED" - When a resource schema validation is
+	// ignored.
+	//   "SINGLE_INSTANCE_PROPERTY_TEMPLATE" - Instance template used in
+	// instance group manager is valid as such, but its application does not
+	// make a lot of sense, because it allows only single instance in
+	// instance group.
+	//   "UNDECLARED_PROPERTIES" - When undeclared properties in the schema
+	// are present
+	//   "UNREACHABLE" - A given scope cannot be reached.
+	Code string `json:"code,omitempty"`
 
-	// RangeName: The name associated with this subnetwork secondary range,
-	// used when adding an alias IP range to a VM instance. The name must be
-	// 1-63 characters long, and comply with RFC1035. The name must be
-	// unique within the subnetwork.
-	RangeName string `json:"rangeName,omitempty"`
+	// Data: [Output Only] Metadata about this warning in key: value format.
+	// For example: "data": [ { "key": "scope", "value": "zones/us-east1-d"
+	// }
+	Data []*StoragePoolListDisksWarningData `json:"data,omitempty"`
 
-	// ReservedInternalRange: The URL of the reserved internal range.
-	ReservedInternalRange string `json:"reservedInternalRange,omitempty"`
+	// Message: [Output Only] A human-readable description of the warning
+	// code.
+	Message string `json:"message,omitempty"`
 
-	// ForceSendFields is a list of field names (e.g. "IpCidrRange") to
+	// ForceSendFields is a list of field names (e.g. "Code") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
 	// non-pointer, non-interface field appearing in ForceSendFields will be
@@ -60395,30 +62621,36 @@ type SubnetworkSecondaryRange struct {
 	// This may be used to include empty fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "IpCidrRange") to include
-	// in API requests with the JSON null value. By default, fields with
-	// empty values are omitted from API requests. However, any field with
-	// an empty value appearing in NullFields will be sent to the server as
+	// NullFields is a list of field names (e.g. "Code") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
 	// null. It is an error if a field in this list has a non-empty value.
 	// This may be used to include null fields in Patch requests.
 	NullFields []string `json:"-"`
 }
 
-func (s *SubnetworkSecondaryRange) MarshalJSON() ([]byte, error) {
-	type NoMethod SubnetworkSecondaryRange
+func (s *StoragePoolListDisksWarning) MarshalJSON() ([]byte, error) {
+	type NoMethod StoragePoolListDisksWarning
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-type SubnetworksExpandIpCidrRangeRequest struct {
-	// IpCidrRange: The IP (in CIDR format or netmask) of internal addresses
-	// that are legal on this Subnetwork. This range should be disjoint from
-	// other subnetworks within this network. This range can only be larger
-	// than (i.e. a superset of) the range previously defined before the
-	// update.
-	IpCidrRange string `json:"ipCidrRange,omitempty"`
+type StoragePoolListDisksWarningData struct {
+	// Key: [Output Only] A key that provides more detail on the warning
+	// being returned. For example, for warnings where there are no results
+	// in a list request for a particular zone, this key might be scope and
+	// the key value might be the zone name. Other examples might be a key
+	// indicating a deprecated resource and a suggested replacement, or a
+	// warning about invalid network settings (for example, if an instance
+	// attempts to perform IP forwarding but is not enabled for IP
+	// forwarding).
+	Key string `json:"key,omitempty"`
 
-	// ForceSendFields is a list of field names (e.g. "IpCidrRange") to
+	// Value: [Output Only] A warning data value corresponding to the key.
+	Value string `json:"value,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Key") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
 	// non-pointer, non-interface field appearing in ForceSendFields will be
@@ -60426,30 +62658,90 @@ type SubnetworksExpandIpCidrRangeRequest struct {
 	// This may be used to include empty fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "IpCidrRange") to include
-	// in API requests with the JSON null value. By default, fields with
-	// empty values are omitted from API requests. However, any field with
-	// an empty value appearing in NullFields will be sent to the server as
+	// NullFields is a list of field names (e.g. "Key") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
 	// null. It is an error if a field in this list has a non-empty value.
 	// This may be used to include null fields in Patch requests.
 	NullFields []string `json:"-"`
 }
 
-func (s *SubnetworksExpandIpCidrRangeRequest) MarshalJSON() ([]byte, error) {
-	type NoMethod SubnetworksExpandIpCidrRangeRequest
+func (s *StoragePoolListDisksWarningData) MarshalJSON() ([]byte, error) {
+	type NoMethod StoragePoolListDisksWarningData
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-type SubnetworksScopedList struct {
-	// Subnetworks: A list of subnetworks contained in this scope.
-	Subnetworks []*Subnetwork `json:"subnetworks,omitempty"`
+// StoragePoolResourceStatus: [Output Only] Contains output only fields.
+type StoragePoolResourceStatus struct {
+	// AggregateDiskProvisionedIops: [Output Only] Sum of all the disks'
+	// provisioned IOPS.
+	AggregateDiskProvisionedIops int64 `json:"aggregateDiskProvisionedIops,omitempty,string"`
 
-	// Warning: An informational warning that appears when the list of
-	// addresses is empty.
-	Warning *SubnetworksScopedListWarning `json:"warning,omitempty"`
+	// AggregateDiskSizeGb: [Output Only] Sum of all the capacity
+	// provisioned in disks in this storage pool. A disk's provisioned
+	// capacity is the same as its total capacity.
+	AggregateDiskSizeGb int64 `json:"aggregateDiskSizeGb,omitempty,string"`
 
-	// ForceSendFields is a list of field names (e.g. "Subnetworks") to
+	// LastResizeTimestamp: [Output Only] Timestamp of the last successful
+	// resize in RFC3339 text format.
+	LastResizeTimestamp string `json:"lastResizeTimestamp,omitempty"`
+
+	// MaxAggregateDiskSizeGb: [Output Only] Maximum allowed aggregate disk
+	// size in gigabytes.
+	MaxAggregateDiskSizeGb int64 `json:"maxAggregateDiskSizeGb,omitempty,string"`
+
+	// NumberOfDisks: [Output Only] Number of disks used.
+	NumberOfDisks int64 `json:"numberOfDisks,omitempty,string"`
+
+	// UsedBytes: [Output Only] Space used by data stored in disks within
+	// the storage pool (in bytes).
+	UsedBytes int64 `json:"usedBytes,omitempty,string"`
+
+	// UsedReducedBytes: [Output Only] Space used by compressed and deduped
+	// data stored in disks within the storage pool (in bytes).
+	UsedReducedBytes int64 `json:"usedReducedBytes,omitempty,string"`
+
+	// UsedThroughput: [Output Only] Sum of all the disks' provisioned
+	// throughput in MB/s.
+	UsedThroughput int64 `json:"usedThroughput,omitempty,string"`
+
+	// ForceSendFields is a list of field names (e.g.
+	// "AggregateDiskProvisionedIops") to unconditionally include in API
+	// requests. By default, fields with empty or default values are omitted
+	// from API requests. However, any non-pointer, non-interface field
+	// appearing in ForceSendFields will be sent to the server regardless of
+	// whether the field is empty or not. This may be used to include empty
+	// fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g.
+	// "AggregateDiskProvisionedIops") to include in API requests with the
+	// JSON null value. By default, fields with empty values are omitted
+	// from API requests. However, any field with an empty value appearing
+	// in NullFields will be sent to the server as null. It is an error if a
+	// field in this list has a non-empty value. This may be used to include
+	// null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *StoragePoolResourceStatus) MarshalJSON() ([]byte, error) {
+	type NoMethod StoragePoolResourceStatus
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type StoragePoolsScopedList struct {
+	// StoragePools: [Output Only] A list of storage pool contained in this
+	// scope.
+	StoragePools []*StoragePool `json:"storagePools,omitempty"`
+
+	// Warning: [Output Only] Informational warning which replaces the list
+	// of storage pool when the list is empty.
+	Warning *StoragePoolsScopedListWarning `json:"warning,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "StoragePools") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
 	// non-pointer, non-interface field appearing in ForceSendFields will be
@@ -60457,7 +62749,7 @@ type SubnetworksScopedList struct {
 	// This may be used to include empty fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "Subnetworks") to include
+	// NullFields is a list of field names (e.g. "StoragePools") to include
 	// in API requests with the JSON null value. By default, fields with
 	// empty values are omitted from API requests. However, any field with
 	// an empty value appearing in NullFields will be sent to the server as
@@ -60466,15 +62758,15 @@ type SubnetworksScopedList struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *SubnetworksScopedList) MarshalJSON() ([]byte, error) {
-	type NoMethod SubnetworksScopedList
+func (s *StoragePoolsScopedList) MarshalJSON() ([]byte, error) {
+	type NoMethod StoragePoolsScopedList
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// SubnetworksScopedListWarning: An informational warning that appears
-// when the list of addresses is empty.
-type SubnetworksScopedListWarning struct {
+// StoragePoolsScopedListWarning: [Output Only] Informational warning
+// which replaces the list of storage pool when the list is empty.
+type StoragePoolsScopedListWarning struct {
 	// Code: [Output Only] A warning code, if applicable. For example,
 	// Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in
 	// the response.
@@ -60501,6 +62793,9 @@ type SubnetworksScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -60542,7 +62837,7 @@ type SubnetworksScopedListWarning struct {
 	// Data: [Output Only] Metadata about this warning in key: value format.
 	// For example: "data": [ { "key": "scope", "value": "zones/us-east1-d"
 	// }
-	Data []*SubnetworksScopedListWarningData `json:"data,omitempty"`
+	Data []*StoragePoolsScopedListWarningData `json:"data,omitempty"`
 
 	// Message: [Output Only] A human-readable description of the warning
 	// code.
@@ -60565,13 +62860,13 @@ type SubnetworksScopedListWarning struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *SubnetworksScopedListWarning) MarshalJSON() ([]byte, error) {
-	type NoMethod SubnetworksScopedListWarning
+func (s *StoragePoolsScopedListWarning) MarshalJSON() ([]byte, error) {
+	type NoMethod StoragePoolsScopedListWarning
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-type SubnetworksScopedListWarningData struct {
+type StoragePoolsScopedListWarningData struct {
 	// Key: [Output Only] A key that provides more detail on the warning
 	// being returned. For example, for warnings where there are no results
 	// in a list request for a particular zone, this key might be scope and
@@ -60602,75 +62897,18 @@ type SubnetworksScopedListWarningData struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *SubnetworksScopedListWarningData) MarshalJSON() ([]byte, error) {
-	type NoMethod SubnetworksScopedListWarningData
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-type SubnetworksSetPrivateIpGoogleAccessRequest struct {
-	PrivateIpGoogleAccess bool `json:"privateIpGoogleAccess,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g.
-	// "PrivateIpGoogleAccess") to unconditionally include in API requests.
-	// By default, fields with empty or default values are omitted from API
-	// requests. However, any non-pointer, non-interface field appearing in
-	// ForceSendFields will be sent to the server regardless of whether the
-	// field is empty or not. This may be used to include empty fields in
-	// Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "PrivateIpGoogleAccess") to
-	// include in API requests with the JSON null value. By default, fields
-	// with empty values are omitted from API requests. However, any field
-	// with an empty value appearing in NullFields will be sent to the
-	// server as null. It is an error if a field in this list has a
-	// non-empty value. This may be used to include null fields in Patch
-	// requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *SubnetworksSetPrivateIpGoogleAccessRequest) MarshalJSON() ([]byte, error) {
-	type NoMethod SubnetworksSetPrivateIpGoogleAccessRequest
+func (s *StoragePoolsScopedListWarningData) MarshalJSON() ([]byte, error) {
+	type NoMethod StoragePoolsScopedListWarningData
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// Subsetting: Subsetting configuration for this BackendService.
-// Currently this is applicable only for Internal TCP/UDP load
-// balancing, Internal HTTP(S) load balancing and Traffic Director.
-type Subsetting struct {
-	// Possible values:
-	//   "CONSISTENT_HASH_SUBSETTING" - Subsetting based on consistent
-	// hashing. For Traffic Director, the number of backends per backend
-	// group (the subset size) is based on the `subset_size` parameter. For
-	// Internal HTTP(S) load balancing, the number of backends per backend
-	// group (the subset size) is dynamically adjusted in two cases: - As
-	// the number of proxy instances participating in Internal HTTP(S) load
-	// balancing increases, the subset size decreases. - When the total
-	// number of backends in a network exceeds the capacity of a single
-	// proxy instance, subset sizes are reduced automatically for each
-	// service that has backend subsetting enabled.
-	//   "NONE" - No Subsetting. Clients may open connections and send
-	// traffic to all backends of this backend service. This can lead to
-	// performance issues if there is substantial imbalance in the count of
-	// clients and backends.
-	Policy string `json:"policy,omitempty"`
-
-	// SubsetSize: The number of backends per backend group assigned to each
-	// proxy instance or each service mesh client. An input parameter to the
-	// `CONSISTENT_HASH_SUBSETTING` algorithm. Can only be set if `policy`
-	// is set to `CONSISTENT_HASH_SUBSETTING`. Can only be set if load
-	// balancing scheme is `INTERNAL_MANAGED` or `INTERNAL_SELF_MANAGED`.
-	// `subset_size` is optional for Internal HTTP(S) load balancing and
-	// required for Traffic Director. If you do not provide this value,
-	// Cloud Load Balancing will calculate it dynamically to optimize the
-	// number of proxies/clients visible to each backend and vice versa.
-	// Must be greater than 0. If `subset_size` is larger than the number of
-	// backends/endpoints, then subsetting is disabled.
-	SubsetSize int64 `json:"subsetSize,omitempty"`
+type StructuredEntries struct {
+	// Entries: Map of a partner metadata that belong to the same subdomain.
+	// It accepts any value including google.protobuf.Struct.
+	Entries googleapi.RawMessage `json:"entries,omitempty"`
 
-	// ForceSendFields is a list of field names (e.g. "Policy") to
+	// ForceSendFields is a list of field names (e.g. "Entries") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
 	// non-pointer, non-interface field appearing in ForceSendFields will be
@@ -60678,8 +62916,8 @@ type Subsetting struct {
 	// This may be used to include empty fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "Policy") to include in API
-	// requests with the JSON null value. By default, fields with empty
+	// NullFields is a list of field names (e.g. "Entries") to include in
+	// API requests with the JSON null value. By default, fields with empty
 	// values are omitted from API requests. However, any field with an
 	// empty value appearing in NullFields will be sent to the server as
 	// null. It is an error if a field in this list has a non-empty value.
@@ -60687,206 +62925,292 @@ type Subsetting struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *Subsetting) MarshalJSON() ([]byte, error) {
-	type NoMethod Subsetting
+func (s *StructuredEntries) MarshalJSON() ([]byte, error) {
+	type NoMethod StructuredEntries
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-type TCPHealthCheck struct {
-	// Port: The TCP port number to which the health check prober sends
-	// packets. The default value is 80. Valid values are 1 through 65535.
-	Port int64 `json:"port,omitempty"`
-
-	// PortName: Not supported.
-	PortName string `json:"portName,omitempty"`
-
-	// PortSpecification: Specifies how a port is selected for health
-	// checking. Can be one of the following values: USE_FIXED_PORT:
-	// Specifies a port number explicitly using the port field in the health
-	// check. Supported by backend services for pass-through load balancers
-	// and backend services for proxy load balancers. Not supported by
-	// target pools. The health check supports all backends supported by the
-	// backend service provided the backend can be health checked. For
-	// example, GCE_VM_IP network endpoint groups, GCE_VM_IP_PORT network
-	// endpoint groups, and instance group backends. USE_NAMED_PORT: Not
-	// supported. USE_SERVING_PORT: Provides an indirect method of
-	// specifying the health check port by referring to the backend service.
-	// Only supported by backend services for proxy load balancers. Not
-	// supported by target pools. Not supported by backend services for
-	// pass-through load balancers. Supports all backends that can be health
-	// checked; for example, GCE_VM_IP_PORT network endpoint groups and
-	// instance group backends. For GCE_VM_IP_PORT network endpoint group
-	// backends, the health check uses the port number specified for each
-	// endpoint in the network endpoint group. For instance group backends,
-	// the health check uses the port number determined by looking up the
-	// backend service's named port in the instance group's list of named
-	// ports.
+// Subnetwork: Represents a Subnetwork resource. A subnetwork (also
+// known as a subnet) is a logical partition of a Virtual Private Cloud
+// network with one primary IP range and zero or more secondary IP
+// ranges. For more information, read Virtual Private Cloud (VPC)
+// Network.
+type Subnetwork struct {
+	// AggregationInterval: Can only be specified if VPC flow logging for
+	// this subnetwork is enabled. Sets the aggregation interval for
+	// collecting flow logs. Increasing the interval time reduces the amount
+	// of generated flow logs for long-lasting connections. Default is an
+	// interval of 5 seconds per connection. Valid values: INTERVAL_5_SEC,
+	// INTERVAL_30_SEC, INTERVAL_1_MIN, INTERVAL_5_MIN, INTERVAL_10_MIN,
+	// INTERVAL_15_MIN.
 	//
 	// Possible values:
-	//   "USE_FIXED_PORT" - The port number in the health check's port is
-	// used for health checking. Applies to network endpoint group and
-	// instance group backends.
-	//   "USE_NAMED_PORT" - Not supported.
-	//   "USE_SERVING_PORT" - For network endpoint group backends, the
-	// health check uses the port number specified on each endpoint in the
-	// network endpoint group. For instance group backends, the health check
-	// uses the port number specified for the backend service's named port
-	// defined in the instance group's named ports.
-	PortSpecification string `json:"portSpecification,omitempty"`
+	//   "INTERVAL_10_MIN"
+	//   "INTERVAL_15_MIN"
+	//   "INTERVAL_1_MIN"
+	//   "INTERVAL_30_SEC"
+	//   "INTERVAL_5_MIN"
+	//   "INTERVAL_5_SEC"
+	AggregationInterval string `json:"aggregationInterval,omitempty"`
 
-	// ProxyHeader: Specifies the type of proxy header to append before
-	// sending data to the backend, either NONE or PROXY_V1. The default is
-	// NONE.
-	//
-	// Possible values:
-	//   "NONE"
-	//   "PROXY_V1"
-	ProxyHeader string `json:"proxyHeader,omitempty"`
+	// AllowSubnetCidrRoutesOverlap: Whether this subnetwork's ranges can
+	// conflict with existing static routes. Setting this to true allows
+	// this subnetwork's primary and secondary ranges to overlap with (and
+	// contain) static routes that have already been configured on the
+	// corresponding network. For example if a static route has range
+	// 10.1.0.0/16, a subnet range 10.0.0.0/8 could only be created if
+	// allow_conflicting_routes=true. Overlapping is only allowed on
+	// subnetwork operations; routes whose ranges conflict with this
+	// subnetwork's ranges won't be allowed unless
+	// route.allow_conflicting_subnetworks is set to true. Typically packets
+	// destined to IPs within the subnetwork (which may contain
+	// private/sensitive data) are prevented from leaving the virtual
+	// network. Setting this field to true will disable this feature. The
+	// default value is false and applies to all existing subnetworks and
+	// automatically created subnetworks. This field cannot be set to true
+	// at resource creation time.
+	AllowSubnetCidrRoutesOverlap bool `json:"allowSubnetCidrRoutesOverlap,omitempty"`
 
-	// Request: Instructs the health check prober to send this exact ASCII
-	// string, up to 1024 bytes in length, after establishing the TCP
-	// connection.
-	Request string `json:"request,omitempty"`
+	// CreationTimestamp: [Output Only] Creation timestamp in RFC3339 text
+	// format.
+	CreationTimestamp string `json:"creationTimestamp,omitempty"`
 
-	// Response: Creates a content-based TCP health check. In addition to
-	// establishing a TCP connection, you can configure the health check to
-	// pass only when the backend sends this exact response ASCII string, up
-	// to 1024 bytes in length. For details, see:
-	// https://cloud.google.com/load-balancing/docs/health-check-concepts#criteria-protocol-ssl-tcp
-	Response string `json:"response,omitempty"`
+	// Description: An optional description of this resource. Provide this
+	// property when you create the resource. This field can be set only at
+	// resource creation time.
+	Description string `json:"description,omitempty"`
 
-	// ForceSendFields is a list of field names (e.g. "Port") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
+	// EnableFlowLogs: Whether to enable flow logging for this subnetwork.
+	// If this field is not explicitly set, it will not appear in get
+	// listings. If not set the default behavior is determined by the org
+	// policy, if there is no org policy specified, then it will default to
+	// disabled. This field isn't supported if the subnet purpose field is
+	// set to REGIONAL_MANAGED_PROXY.
+	EnableFlowLogs bool `json:"enableFlowLogs,omitempty"`
 
-	// NullFields is a list of field names (e.g. "Port") to include in API
-	// requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
+	// EnableL2: Enables Layer2 communication on the subnetwork.
+	EnableL2 bool `json:"enableL2,omitempty"`
 
-func (s *TCPHealthCheck) MarshalJSON() ([]byte, error) {
-	type NoMethod TCPHealthCheck
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
+	// EnablePrivateV6Access: Deprecated in favor of enable in
+	// PrivateIpv6GoogleAccess. Whether the VMs in this subnet can directly
+	// access Google services via internal IPv6 addresses. This field can be
+	// both set at resource creation time and updated using patch.
+	EnablePrivateV6Access bool `json:"enablePrivateV6Access,omitempty"`
 
-// Tags: A set of instance tags.
-type Tags struct {
-	// Fingerprint: Specifies a fingerprint for this request, which is
-	// essentially a hash of the tags' contents and used for optimistic
-	// locking. The fingerprint is initially generated by Compute Engine and
-	// changes after every request to modify or update tags. You must always
-	// provide an up-to-date fingerprint hash in order to update or change
-	// tags. To see the latest fingerprint, make get() request to the
-	// instance.
-	Fingerprint string `json:"fingerprint,omitempty"`
+	// ExternalIpv6Prefix: The external IPv6 address range that is owned by
+	// this subnetwork.
+	ExternalIpv6Prefix string `json:"externalIpv6Prefix,omitempty"`
 
-	// Items: An array of tags. Each tag must be 1-63 characters long, and
-	// comply with RFC1035.
-	Items []string `json:"items,omitempty"`
+	// Fingerprint: Fingerprint of this resource. A hash of the contents
+	// stored in this object. This field is used in optimistic locking. This
+	// field will be ignored when inserting a Subnetwork. An up-to-date
+	// fingerprint must be provided in order to update the Subnetwork,
+	// otherwise the request will fail with error 412 conditionNotMet. To
+	// see the latest fingerprint, make a get() request to retrieve a
+	// Subnetwork.
+	Fingerprint string `json:"fingerprint,omitempty"`
 
-	// ForceSendFields is a list of field names (e.g. "Fingerprint") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
+	// FlowSampling: Can only be specified if VPC flow logging for this
+	// subnetwork is enabled. The value of the field must be in [0, 1]. Set
+	// the sampling rate of VPC flow logs within the subnetwork where 1.0
+	// means all collected logs are reported and 0.0 means no logs are
+	// reported. Default is 0.5 unless otherwise specified by the org
+	// policy, which means half of all collected logs are reported.
+	FlowSampling float64 `json:"flowSampling,omitempty"`
 
-	// NullFields is a list of field names (e.g. "Fingerprint") to include
-	// in API requests with the JSON null value. By default, fields with
-	// empty values are omitted from API requests. However, any field with
-	// an empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
+	// GatewayAddress: [Output Only] The gateway address for default routes
+	// to reach destination addresses outside this subnetwork.
+	GatewayAddress string `json:"gatewayAddress,omitempty"`
 
-func (s *Tags) MarshalJSON() ([]byte, error) {
-	type NoMethod Tags
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
+	// Id: [Output Only] The unique identifier for the resource. This
+	// identifier is defined by the server.
+	Id uint64 `json:"id,omitempty,string"`
 
-// TargetGrpcProxy: Represents a Target gRPC Proxy resource. A target
-// gRPC proxy is a component of load balancers intended for load
-// balancing gRPC traffic. Only global forwarding rules with load
-// balancing scheme INTERNAL_SELF_MANAGED can reference a target gRPC
-// proxy. The target gRPC Proxy references a URL map that specifies how
-// traffic is routed to gRPC backend services.
-type TargetGrpcProxy struct {
-	// CreationTimestamp: [Output Only] Creation timestamp in RFC3339 text
-	// format.
-	CreationTimestamp string `json:"creationTimestamp,omitempty"`
+	// InternalIpv6Prefix: [Output Only] The internal IPv6 address range
+	// that is assigned to this subnetwork.
+	InternalIpv6Prefix string `json:"internalIpv6Prefix,omitempty"`
 
-	// Description: An optional description of this resource. Provide this
-	// property when you create the resource.
-	Description string `json:"description,omitempty"`
+	// IpCidrRange: The range of internal addresses that are owned by this
+	// subnetwork. Provide this property when you create the subnetwork. For
+	// example, 10.0.0.0/8 or 100.64.0.0/10. Ranges must be unique and
+	// non-overlapping within a network. Only IPv4 is supported. This field
+	// is set at resource creation time. The range can be any range listed
+	// in the Valid ranges list. The range can be expanded after creation
+	// using expandIpCidrRange.
+	IpCidrRange string `json:"ipCidrRange,omitempty"`
 
-	// Fingerprint: Fingerprint of this resource. A hash of the contents
-	// stored in this object. This field is used in optimistic locking. This
-	// field will be ignored when inserting a TargetGrpcProxy. An up-to-date
-	// fingerprint must be provided in order to patch/update the
-	// TargetGrpcProxy; otherwise, the request will fail with error 412
-	// conditionNotMet. To see the latest fingerprint, make a get() request
-	// to retrieve the TargetGrpcProxy.
-	Fingerprint string `json:"fingerprint,omitempty"`
+	// Ipv6AccessType: The access type of IPv6 address this subnet holds.
+	// It's immutable and can only be specified during creation or the first
+	// time the subnet is updated into IPV4_IPV6 dual stack.
+	//
+	// Possible values:
+	//   "EXTERNAL" - VMs on this subnet will be assigned IPv6 addresses
+	// that are accessible via the Internet, as well as the VPC network.
+	//   "INTERNAL" - VMs on this subnet will be assigned IPv6 addresses
+	// that are only accessible over the VPC network.
+	Ipv6AccessType string `json:"ipv6AccessType,omitempty"`
 
-	// Id: [Output Only] The unique identifier for the resource type. The
-	// server generates this identifier.
-	Id uint64 `json:"id,omitempty,string"`
+	// Ipv6CidrRange: [Output Only] This field is for internal use.
+	Ipv6CidrRange string `json:"ipv6CidrRange,omitempty"`
 
-	// Kind: [Output Only] Type of the resource. Always
-	// compute#targetGrpcProxy for target grpc proxies.
+	// Kind: [Output Only] Type of the resource. Always compute#subnetwork
+	// for Subnetwork resources.
 	Kind string `json:"kind,omitempty"`
 
-	// Name: Name of the resource. Provided by the client when the resource
-	// is created. The name must be 1-63 characters long, and comply with
-	// RFC1035. Specifically, the name must be 1-63 characters long and
-	// match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means
-	// the first character must be a lowercase letter, and all following
-	// characters must be a dash, lowercase letter, or digit, except the
-	// last character, which cannot be a dash.
+	// LogConfig: This field denotes the VPC flow logging options for this
+	// subnetwork. If logging is enabled, logs are exported to Cloud
+	// Logging.
+	LogConfig *SubnetworkLogConfig `json:"logConfig,omitempty"`
+
+	// Metadata: Can only be specified if VPC flow logging for this
+	// subnetwork is enabled. Configures whether metadata fields should be
+	// added to the reported VPC flow logs. Options are
+	// INCLUDE_ALL_METADATA, EXCLUDE_ALL_METADATA, and CUSTOM_METADATA.
+	// Default is EXCLUDE_ALL_METADATA.
+	//
+	// Possible values:
+	//   "EXCLUDE_ALL_METADATA"
+	//   "INCLUDE_ALL_METADATA"
+	Metadata string `json:"metadata,omitempty"`
+
+	// Name: The name of the resource, provided by the client when initially
+	// creating the resource. The name must be 1-63 characters long, and
+	// comply with RFC1035. Specifically, the name must be 1-63 characters
+	// long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`
+	// which means the first character must be a lowercase letter, and all
+	// following characters must be a dash, lowercase letter, or digit,
+	// except the last character, which cannot be a dash.
 	Name string `json:"name,omitempty"`
 
+	// Network: The URL of the network to which this subnetwork belongs,
+	// provided by the client when initially creating the subnetwork. This
+	// field can be set only at resource creation time.
+	Network string `json:"network,omitempty"`
+
+	// PrivateIpGoogleAccess: Whether the VMs in this subnet can access
+	// Google services without assigned external IP addresses. This field
+	// can be both set at resource creation time and updated using
+	// setPrivateIpGoogleAccess.
+	PrivateIpGoogleAccess bool `json:"privateIpGoogleAccess,omitempty"`
+
+	// PrivateIpv6GoogleAccess: This field is for internal use. This field
+	// can be both set at resource creation time and updated using patch.
+	//
+	// Possible values:
+	//   "DISABLE_GOOGLE_ACCESS" - Disable private IPv6 access to/from
+	// Google services.
+	//   "ENABLE_BIDIRECTIONAL_ACCESS_TO_GOOGLE" - Bidirectional private
+	// IPv6 access to/from Google services.
+	//   "ENABLE_OUTBOUND_VM_ACCESS_TO_GOOGLE" - Outbound private IPv6
+	// access from VMs in this subnet to Google services.
+	PrivateIpv6GoogleAccess string `json:"privateIpv6GoogleAccess,omitempty"`
+
+	// Purpose: The purpose of the resource. This field can be either
+	// PRIVATE, REGIONAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT, or
+	// INTERNAL_HTTPS_LOAD_BALANCER. PRIVATE is the default purpose for
+	// user-created subnets or subnets that are automatically created in
+	// auto mode networks. A subnet with purpose set to
+	// REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved
+	// for regional Envoy-based load balancers. A subnet with purpose set to
+	// PRIVATE_SERVICE_CONNECT is used to publish services using Private
+	// Service Connect. A subnet with purpose set to
+	// INTERNAL_HTTPS_LOAD_BALANCER is a proxy-only subnet that can be used
+	// only by regional internal HTTP(S) load balancers. Note that
+	// REGIONAL_MANAGED_PROXY is the preferred setting for all regional
+	// Envoy load balancers. If unspecified, the subnet purpose defaults to
+	// PRIVATE. The enableFlowLogs field isn't supported if the subnet
+	// purpose field is set to REGIONAL_MANAGED_PROXY.
+	//
+	// Possible values:
+	//   "AGGREGATE" - Subnetwork used to aggregate multiple private
+	// subnetworks.
+	//   "CLOUD_EXTENSION" - Subnetworks created for Cloud Extension
+	// Machines.
+	//   "GLOBAL_MANAGED_PROXY" - Subnet reserved for Global Internal
+	// HTTP(S) Load Balancing.
+	//   "INTERNAL_HTTPS_LOAD_BALANCER" - Subnet reserved for Internal
+	// HTTP(S) Load Balancing.
+	//   "PRIVATE" - Regular user created or automatically created subnet.
+	//   "PRIVATE_NAT" - Subnetwork used as source range for Private NAT
+	// Gateways.
+	//   "PRIVATE_RFC_1918" - Regular user created or automatically created
+	// subnet.
+	//   "PRIVATE_SERVICE_CONNECT" - Subnetworks created for Private Service
+	// Connect in the producer network.
+	//   "REGIONAL_MANAGED_PROXY" - Subnetwork used for Regional
+	// Internal/External HTTP(S) Load Balancing.
+	Purpose string `json:"purpose,omitempty"`
+
+	// Region: URL of the region where the Subnetwork resides. This field
+	// can be set only at resource creation time.
+	Region string `json:"region,omitempty"`
+
+	// ReservedInternalRange: The URL of the reserved internal range.
+	ReservedInternalRange string `json:"reservedInternalRange,omitempty"`
+
+	// Role: The role of subnetwork. Currently, this field is only used when
+	// purpose = REGIONAL_MANAGED_PROXY. The value can be set to ACTIVE or
+	// BACKUP. An ACTIVE subnetwork is one that is currently being used for
+	// Envoy-based load balancers in a region. A BACKUP subnetwork is one
+	// that is ready to be promoted to ACTIVE or is currently draining. This
+	// field can be updated with a patch request.
+	//
+	// Possible values:
+	//   "ACTIVE" - The ACTIVE subnet that is currently used.
+	//   "BACKUP" - The BACKUP subnet that could be promoted to ACTIVE.
+	Role string `json:"role,omitempty"`
+
+	// SecondaryIpRanges: An array of configurations for secondary IP ranges
+	// for VM instances contained in this subnetwork. The primary IP of such
+	// VM must belong to the primary ipCidrRange of the subnetwork. The
+	// alias IPs may belong to either primary or secondary ranges. This
+	// field can be updated with a patch request.
+	SecondaryIpRanges []*SubnetworkSecondaryRange `json:"secondaryIpRanges,omitempty"`
+
 	// SelfLink: [Output Only] Server-defined URL for the resource.
 	SelfLink string `json:"selfLink,omitempty"`
 
-	// SelfLinkWithId: [Output Only] Server-defined URL with id for the
-	// resource.
+	// SelfLinkWithId: [Output Only] Server-defined URL for this resource
+	// with the resource id.
 	SelfLinkWithId string `json:"selfLinkWithId,omitempty"`
 
-	// UrlMap: URL to the UrlMap resource that defines the mapping from URL
-	// to the BackendService. The protocol field in the BackendService must
-	// be set to GRPC.
-	UrlMap string `json:"urlMap,omitempty"`
+	// StackType: The stack type for the subnet. If set to IPV4_ONLY, new
+	// VMs in the subnet are assigned IPv4 addresses only. If set to
+	// IPV4_IPV6, new VMs in the subnet can be assigned both IPv4 and IPv6
+	// addresses. If not specified, IPV4_ONLY is used. This field can be
+	// both set at resource creation time and updated using patch.
+	//
+	// Possible values:
+	//   "IPV4_IPV6" - New VMs in this subnet can have both IPv4 and IPv6
+	// addresses.
+	//   "IPV4_ONLY" - New VMs in this subnet will only be assigned IPv4
+	// addresses.
+	StackType string `json:"stackType,omitempty"`
 
-	// ValidateForProxyless: If true, indicates that the BackendServices
-	// referenced by the urlMap may be accessed by gRPC applications without
-	// using a sidecar proxy. This will enable configuration checks on
-	// urlMap and its referenced BackendServices to not allow unsupported
-	// features. A gRPC application must use "xds:///" scheme in the target
-	// URI of the service it is connecting to. If false, indicates that the
-	// BackendServices referenced by the urlMap will be accessed by gRPC
-	// applications via a sidecar proxy. In this case, a gRPC application
-	// must not use "xds:///" scheme in the target URI of the service it is
-	// connecting to
-	ValidateForProxyless bool `json:"validateForProxyless,omitempty"`
+	// State: [Output Only] The state of the subnetwork, which can be one of
+	// the following values: READY: Subnetwork is created and ready to use
+	// DRAINING: only applicable to subnetworks that have the purpose set to
+	// INTERNAL_HTTPS_LOAD_BALANCER and indicates that connections to the
+	// load balancer are being drained. A subnetwork that is draining cannot
+	// be used or modified until it reaches a status of READY
+	//
+	// Possible values:
+	//   "DRAINING" - Subnetwork is being drained.
+	//   "READY" - Subnetwork is ready for use.
+	State string `json:"state,omitempty"`
+
+	// Vlans: A repeated field indicating the VLAN IDs supported on this
+	// subnetwork. During Subnet creation, specifying vlan is valid only if
+	// enable_l2 is true. During Subnet Update, specifying vlan is allowed
+	// only for l2 enabled subnets. Restricted to only one VLAN.
+	Vlans []int64 `json:"vlans,omitempty"`
 
 	// ServerResponse contains the HTTP response code and headers from the
 	// server.
 	googleapi.ServerResponse `json:"-"`
 
-	// ForceSendFields is a list of field names (e.g. "CreationTimestamp")
+	// ForceSendFields is a list of field names (e.g. "AggregationInterval")
 	// to unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
 	// non-pointer, non-interface field appearing in ForceSendFields will be
@@ -60894,7 +63218,7 @@ type TargetGrpcProxy struct {
 	// This may be used to include empty fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "CreationTimestamp") to
+	// NullFields is a list of field names (e.g. "AggregationInterval") to
 	// include in API requests with the JSON null value. By default, fields
 	// with empty values are omitted from API requests. However, any field
 	// with an empty value appearing in NullFields will be sent to the
@@ -60904,22 +63228,36 @@ type TargetGrpcProxy struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *TargetGrpcProxy) MarshalJSON() ([]byte, error) {
-	type NoMethod TargetGrpcProxy
+func (s *Subnetwork) MarshalJSON() ([]byte, error) {
+	type NoMethod Subnetwork
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-type TargetGrpcProxyList struct {
+func (s *Subnetwork) UnmarshalJSON(data []byte) error {
+	type NoMethod Subnetwork
+	var s1 struct {
+		FlowSampling gensupport.JSONFloat64 `json:"flowSampling"`
+		*NoMethod
+	}
+	s1.NoMethod = (*NoMethod)(s)
+	if err := json.Unmarshal(data, &s1); err != nil {
+		return err
+	}
+	s.FlowSampling = float64(s1.FlowSampling)
+	return nil
+}
+
+type SubnetworkAggregatedList struct {
 	// Id: [Output Only] Unique identifier for the resource; defined by the
 	// server.
 	Id string `json:"id,omitempty"`
 
-	// Items: A list of TargetGrpcProxy resources.
-	Items []*TargetGrpcProxy `json:"items,omitempty"`
+	// Items: A list of SubnetworksScopedList resources.
+	Items map[string]SubnetworksScopedList `json:"items,omitempty"`
 
-	// Kind: [Output Only] Type of the resource. Always
-	// compute#targetGrpcProxy for target grpc proxies.
+	// Kind: [Output Only] Type of resource. Always
+	// compute#subnetworkAggregatedList for aggregated lists of subnetworks.
 	Kind string `json:"kind,omitempty"`
 
 	// NextPageToken: [Output Only] This token allows you to get the next
@@ -60933,8 +63271,11 @@ type TargetGrpcProxyList struct {
 	// SelfLink: [Output Only] Server-defined URL for this resource.
 	SelfLink string `json:"selfLink,omitempty"`
 
+	// Unreachables: [Output Only] Unreachable resources.
+	Unreachables []string `json:"unreachables,omitempty"`
+
 	// Warning: [Output Only] Informational warning message.
-	Warning *TargetGrpcProxyListWarning `json:"warning,omitempty"`
+	Warning *SubnetworkAggregatedListWarning `json:"warning,omitempty"`
 
 	// ServerResponse contains the HTTP response code and headers from the
 	// server.
@@ -60957,15 +63298,15 @@ type TargetGrpcProxyList struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *TargetGrpcProxyList) MarshalJSON() ([]byte, error) {
-	type NoMethod TargetGrpcProxyList
+func (s *SubnetworkAggregatedList) MarshalJSON() ([]byte, error) {
+	type NoMethod SubnetworkAggregatedList
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// TargetGrpcProxyListWarning: [Output Only] Informational warning
+// SubnetworkAggregatedListWarning: [Output Only] Informational warning
 // message.
-type TargetGrpcProxyListWarning struct {
+type SubnetworkAggregatedListWarning struct {
 	// Code: [Output Only] A warning code, if applicable. For example,
 	// Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in
 	// the response.
@@ -60992,6 +63333,9 @@ type TargetGrpcProxyListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -61033,7 +63377,7 @@ type TargetGrpcProxyListWarning struct {
 	// Data: [Output Only] Metadata about this warning in key: value format.
 	// For example: "data": [ { "key": "scope", "value": "zones/us-east1-d"
 	// }
-	Data []*TargetGrpcProxyListWarningData `json:"data,omitempty"`
+	Data []*SubnetworkAggregatedListWarningData `json:"data,omitempty"`
 
 	// Message: [Output Only] A human-readable description of the warning
 	// code.
@@ -61056,13 +63400,13 @@ type TargetGrpcProxyListWarning struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *TargetGrpcProxyListWarning) MarshalJSON() ([]byte, error) {
-	type NoMethod TargetGrpcProxyListWarning
+func (s *SubnetworkAggregatedListWarning) MarshalJSON() ([]byte, error) {
+	type NoMethod SubnetworkAggregatedListWarning
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-type TargetGrpcProxyListWarningData struct {
+type SubnetworkAggregatedListWarningData struct {
 	// Key: [Output Only] A key that provides more detail on the warning
 	// being returned. For example, for warnings where there are no results
 	// in a list request for a particular zone, this key might be scope and
@@ -61093,48 +63437,68 @@ type TargetGrpcProxyListWarningData struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *TargetGrpcProxyListWarningData) MarshalJSON() ([]byte, error) {
-	type NoMethod TargetGrpcProxyListWarningData
+func (s *SubnetworkAggregatedListWarningData) MarshalJSON() ([]byte, error) {
+	type NoMethod SubnetworkAggregatedListWarningData
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-type TargetHttpProxiesScopedList struct {
-	// TargetHttpProxies: A list of TargetHttpProxies contained in this
-	// scope.
-	TargetHttpProxies []*TargetHttpProxy `json:"targetHttpProxies,omitempty"`
+// SubnetworkList: Contains a list of Subnetwork resources.
+type SubnetworkList struct {
+	// Id: [Output Only] Unique identifier for the resource; defined by the
+	// server.
+	Id string `json:"id,omitempty"`
 
-	// Warning: Informational warning which replaces the list of backend
-	// services when the list is empty.
-	Warning *TargetHttpProxiesScopedListWarning `json:"warning,omitempty"`
+	// Items: A list of Subnetwork resources.
+	Items []*Subnetwork `json:"items,omitempty"`
 
-	// ForceSendFields is a list of field names (e.g. "TargetHttpProxies")
-	// to unconditionally include in API requests. By default, fields with
+	// Kind: [Output Only] Type of resource. Always compute#subnetworkList
+	// for lists of subnetworks.
+	Kind string `json:"kind,omitempty"`
+
+	// NextPageToken: [Output Only] This token allows you to get the next
+	// page of results for list requests. If the number of results is larger
+	// than maxResults, use the nextPageToken as a value for the query
+	// parameter pageToken in the next list request. Subsequent list
+	// requests will have their own nextPageToken to continue paging through
+	// the results.
+	NextPageToken string `json:"nextPageToken,omitempty"`
+
+	// SelfLink: [Output Only] Server-defined URL for this resource.
+	SelfLink string `json:"selfLink,omitempty"`
+
+	// Warning: [Output Only] Informational warning message.
+	Warning *SubnetworkListWarning `json:"warning,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "Id") to
+	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
 	// non-pointer, non-interface field appearing in ForceSendFields will be
 	// sent to the server regardless of whether the field is empty or not.
 	// This may be used to include empty fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "TargetHttpProxies") to
-	// include in API requests with the JSON null value. By default, fields
-	// with empty values are omitted from API requests. However, any field
-	// with an empty value appearing in NullFields will be sent to the
-	// server as null. It is an error if a field in this list has a
-	// non-empty value. This may be used to include null fields in Patch
-	// requests.
+	// NullFields is a list of field names (e.g. "Id") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
 	NullFields []string `json:"-"`
 }
 
-func (s *TargetHttpProxiesScopedList) MarshalJSON() ([]byte, error) {
-	type NoMethod TargetHttpProxiesScopedList
+func (s *SubnetworkList) MarshalJSON() ([]byte, error) {
+	type NoMethod SubnetworkList
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// TargetHttpProxiesScopedListWarning: Informational warning which
-// replaces the list of backend services when the list is empty.
-type TargetHttpProxiesScopedListWarning struct {
+// SubnetworkListWarning: [Output Only] Informational warning message.
+type SubnetworkListWarning struct {
 	// Code: [Output Only] A warning code, if applicable. For example,
 	// Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in
 	// the response.
@@ -61161,6 +63525,9 @@ type TargetHttpProxiesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -61202,7 +63569,7 @@ type TargetHttpProxiesScopedListWarning struct {
 	// Data: [Output Only] Metadata about this warning in key: value format.
 	// For example: "data": [ { "key": "scope", "value": "zones/us-east1-d"
 	// }
-	Data []*TargetHttpProxiesScopedListWarningData `json:"data,omitempty"`
+	Data []*SubnetworkListWarningData `json:"data,omitempty"`
 
 	// Message: [Output Only] A human-readable description of the warning
 	// code.
@@ -61225,13 +63592,13 @@ type TargetHttpProxiesScopedListWarning struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *TargetHttpProxiesScopedListWarning) MarshalJSON() ([]byte, error) {
-	type NoMethod TargetHttpProxiesScopedListWarning
+func (s *SubnetworkListWarning) MarshalJSON() ([]byte, error) {
+	type NoMethod SubnetworkListWarning
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-type TargetHttpProxiesScopedListWarningData struct {
+type SubnetworkListWarningData struct {
 	// Key: [Output Only] A key that provides more detail on the warning
 	// being returned. For example, for warnings where there are no results
 	// in a list request for a particular zone, this key might be scope and
@@ -61262,60 +63629,1071 @@ type TargetHttpProxiesScopedListWarningData struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *TargetHttpProxiesScopedListWarningData) MarshalJSON() ([]byte, error) {
-	type NoMethod TargetHttpProxiesScopedListWarningData
+func (s *SubnetworkListWarningData) MarshalJSON() ([]byte, error) {
+	type NoMethod SubnetworkListWarningData
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// TargetHttpProxy: Represents a Target HTTP Proxy resource. Google
-// Compute Engine has two Target HTTP Proxy resources: * Global
-// (/compute/docs/reference/rest/alpha/targetHttpProxies) * Regional
-// (/compute/docs/reference/rest/alpha/regionTargetHttpProxies) A target
-// HTTP proxy is a component of GCP HTTP load balancers. *
-// targetHttpProxies are used by external HTTP load balancers and
-// Traffic Director. * regionTargetHttpProxies are used by internal HTTP
-// load balancers. Forwarding rules reference a target HTTP proxy, and
-// the target proxy then references a URL map. For more information,
-// read Using Target Proxies and Forwarding rule concepts.
-type TargetHttpProxy struct {
-	// CreationTimestamp: [Output Only] Creation timestamp in RFC3339 text
-	// format.
-	CreationTimestamp string `json:"creationTimestamp,omitempty"`
-
-	// Description: An optional description of this resource. Provide this
-	// property when you create the resource.
-	Description string `json:"description,omitempty"`
-
-	// Fingerprint: Fingerprint of this resource. A hash of the contents
-	// stored in this object. This field is used in optimistic locking. This
-	// field will be ignored when inserting a TargetHttpProxy. An up-to-date
-	// fingerprint must be provided in order to patch/update the
-	// TargetHttpProxy; otherwise, the request will fail with error 412
-	// conditionNotMet. To see the latest fingerprint, make a get() request
-	// to retrieve the TargetHttpProxy.
-	Fingerprint string `json:"fingerprint,omitempty"`
+// SubnetworkLogConfig: The available logging options for this
+// subnetwork.
+type SubnetworkLogConfig struct {
+	// AggregationInterval: Can only be specified if VPC flow logging for
+	// this subnetwork is enabled. Toggles the aggregation interval for
+	// collecting flow logs. Increasing the interval time will reduce the
+	// amount of generated flow logs for long lasting connections. Default
+	// is an interval of 5 seconds per connection.
+	//
+	// Possible values:
+	//   "INTERVAL_10_MIN"
+	//   "INTERVAL_15_MIN"
+	//   "INTERVAL_1_MIN"
+	//   "INTERVAL_30_SEC"
+	//   "INTERVAL_5_MIN"
+	//   "INTERVAL_5_SEC"
+	AggregationInterval string `json:"aggregationInterval,omitempty"`
 
-	// HttpFilters: URLs to networkservices.HttpFilter resources enabled for
-	// xDS clients using this configuration. For example,
-	// https://networkservices.googleapis.com/v1alpha1/projects/project/locations/
-	// locationhttpFilters/httpFilter Only filters that handle outbound
-	// connection and stream events may be specified. These filters work in
-	// conjunction with a default set of HTTP filters that may already be
-	// configured by Traffic Director. Traffic Director will determine the
-	// final location of these filters within xDS configuration based on the
-	// name of the HTTP filter. If Traffic Director positions multiple
-	// filters at the same location, those filters will be in the same order
-	// as specified in this list. httpFilters only applies for loadbalancers
-	// with loadBalancingScheme set to INTERNAL_SELF_MANAGED. See
-	// ForwardingRule for more details.
-	HttpFilters []string `json:"httpFilters,omitempty"`
+	// Enable: Whether to enable flow logging for this subnetwork. If this
+	// field is not explicitly set, it will not appear in get listings. If
+	// not set the default behavior is determined by the org policy, if
+	// there is no org policy specified, then it will default to disabled.
+	// Flow logging isn't supported if the subnet purpose field is set to
+	// REGIONAL_MANAGED_PROXY.
+	Enable bool `json:"enable,omitempty"`
 
-	// Id: [Output Only] The unique identifier for the resource. This
-	// identifier is defined by the server.
-	Id uint64 `json:"id,omitempty,string"`
+	// FilterExpr: Can only be specified if VPC flow logs for this
+	// subnetwork is enabled. The filter expression is used to define which
+	// VPC flow logs should be exported to Cloud Logging.
+	FilterExpr string `json:"filterExpr,omitempty"`
 
-	// Kind: [Output Only] Type of resource. Always compute#targetHttpProxy
+	// FlowSampling: Can only be specified if VPC flow logging for this
+	// subnetwork is enabled. The value of the field must be in [0, 1]. Set
+	// the sampling rate of VPC flow logs within the subnetwork where 1.0
+	// means all collected logs are reported and 0.0 means no logs are
+	// reported. Default is 0.5 unless otherwise specified by the org
+	// policy, which means half of all collected logs are reported.
+	FlowSampling float64 `json:"flowSampling,omitempty"`
+
+	// Metadata: Can only be specified if VPC flow logs for this subnetwork
+	// is enabled. Configures whether all, none or a subset of metadata
+	// fields should be added to the reported VPC flow logs. Default is
+	// EXCLUDE_ALL_METADATA.
+	//
+	// Possible values:
+	//   "CUSTOM_METADATA"
+	//   "EXCLUDE_ALL_METADATA"
+	//   "INCLUDE_ALL_METADATA"
+	Metadata string `json:"metadata,omitempty"`
+
+	// MetadataFields: Can only be specified if VPC flow logs for this
+	// subnetwork is enabled and "metadata" was set to CUSTOM_METADATA.
+	MetadataFields []string `json:"metadataFields,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "AggregationInterval")
+	// to unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "AggregationInterval") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *SubnetworkLogConfig) MarshalJSON() ([]byte, error) {
+	type NoMethod SubnetworkLogConfig
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+func (s *SubnetworkLogConfig) UnmarshalJSON(data []byte) error {
+	type NoMethod SubnetworkLogConfig
+	var s1 struct {
+		FlowSampling gensupport.JSONFloat64 `json:"flowSampling"`
+		*NoMethod
+	}
+	s1.NoMethod = (*NoMethod)(s)
+	if err := json.Unmarshal(data, &s1); err != nil {
+		return err
+	}
+	s.FlowSampling = float64(s1.FlowSampling)
+	return nil
+}
+
+// SubnetworkSecondaryRange: Represents a secondary IP range of a
+// subnetwork.
+type SubnetworkSecondaryRange struct {
+	// IpCidrRange: The range of IP addresses belonging to this subnetwork
+	// secondary range. Provide this property when you create the
+	// subnetwork. Ranges must be unique and non-overlapping with all
+	// primary and secondary IP ranges within a network. Only IPv4 is
+	// supported. The range can be any range listed in the Valid ranges
+	// list.
+	IpCidrRange string `json:"ipCidrRange,omitempty"`
+
+	// RangeName: The name associated with this subnetwork secondary range,
+	// used when adding an alias IP range to a VM instance. The name must be
+	// 1-63 characters long, and comply with RFC1035. The name must be
+	// unique within the subnetwork.
+	RangeName string `json:"rangeName,omitempty"`
+
+	// ReservedInternalRange: The URL of the reserved internal range.
+	ReservedInternalRange string `json:"reservedInternalRange,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "IpCidrRange") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "IpCidrRange") to include
+	// in API requests with the JSON null value. By default, fields with
+	// empty values are omitted from API requests. However, any field with
+	// an empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *SubnetworkSecondaryRange) MarshalJSON() ([]byte, error) {
+	type NoMethod SubnetworkSecondaryRange
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type SubnetworksExpandIpCidrRangeRequest struct {
+	// IpCidrRange: The IP (in CIDR format or netmask) of internal addresses
+	// that are legal on this Subnetwork. This range should be disjoint from
+	// other subnetworks within this network. This range can only be larger
+	// than (i.e. a superset of) the range previously defined before the
+	// update.
+	IpCidrRange string `json:"ipCidrRange,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "IpCidrRange") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "IpCidrRange") to include
+	// in API requests with the JSON null value. By default, fields with
+	// empty values are omitted from API requests. However, any field with
+	// an empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *SubnetworksExpandIpCidrRangeRequest) MarshalJSON() ([]byte, error) {
+	type NoMethod SubnetworksExpandIpCidrRangeRequest
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type SubnetworksScopedList struct {
+	// Subnetworks: A list of subnetworks contained in this scope.
+	Subnetworks []*Subnetwork `json:"subnetworks,omitempty"`
+
+	// Warning: An informational warning that appears when the list of
+	// addresses is empty.
+	Warning *SubnetworksScopedListWarning `json:"warning,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Subnetworks") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Subnetworks") to include
+	// in API requests with the JSON null value. By default, fields with
+	// empty values are omitted from API requests. However, any field with
+	// an empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *SubnetworksScopedList) MarshalJSON() ([]byte, error) {
+	type NoMethod SubnetworksScopedList
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// SubnetworksScopedListWarning: An informational warning that appears
+// when the list of addresses is empty.
+type SubnetworksScopedListWarning struct {
+	// Code: [Output Only] A warning code, if applicable. For example,
+	// Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in
+	// the response.
+	//
+	// Possible values:
+	//   "CLEANUP_FAILED" - Warning about failed cleanup of transient
+	// changes made by a failed operation.
+	//   "DEPRECATED_RESOURCE_USED" - A link to a deprecated resource was
+	// created.
+	//   "DEPRECATED_TYPE_USED" - When deploying and at least one of the
+	// resources has a type marked as deprecated
+	//   "DISK_SIZE_LARGER_THAN_IMAGE_SIZE" - The user created a boot disk
+	// that is larger than image size.
+	//   "EXPERIMENTAL_TYPE_USED" - When deploying and at least one of the
+	// resources has a type marked as experimental
+	//   "EXTERNAL_API_WARNING" - Warning that is present in an external api
+	// call
+	//   "FIELD_VALUE_OVERRIDEN" - Warning that value of a field has been
+	// overridden. Deprecated unused field.
+	//   "INJECTED_KERNELS_DEPRECATED" - The operation involved use of an
+	// injected kernel, which is deprecated.
+	//   "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB" - A WEIGHTED_MAGLEV
+	// backend service is associated with a health check that is not of type
+	// HTTP/HTTPS/HTTP2.
+	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
+	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
+	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
+	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
+	// not assigned to an instance on the network.
+	//   "NEXT_HOP_CANNOT_IP_FORWARD" - The route's next hop instance cannot
+	// ip forward.
+	//   "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE" - The route's
+	// nextHopInstance URL refers to an instance that does not have an ipv6
+	// interface on the same network as the route.
+	//   "NEXT_HOP_INSTANCE_NOT_FOUND" - The route's nextHopInstance URL
+	// refers to an instance that does not exist.
+	//   "NEXT_HOP_INSTANCE_NOT_ON_NETWORK" - The route's nextHopInstance
+	// URL refers to an instance that is not on the same network as the
+	// route.
+	//   "NEXT_HOP_NOT_RUNNING" - The route's next hop instance does not
+	// have a status of RUNNING.
+	//   "NOT_CRITICAL_ERROR" - Error which is not critical. We decided to
+	// continue the process despite the mentioned error.
+	//   "NO_RESULTS_ON_PAGE" - No results are present on a particular list
+	// page.
+	//   "PARTIAL_SUCCESS" - Success is reported, but some results may be
+	// missing due to errors
+	//   "REQUIRED_TOS_AGREEMENT" - The user attempted to use a resource
+	// that requires a TOS they have not accepted.
+	//   "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING" - Warning that a
+	// resource is in use.
+	//   "RESOURCE_NOT_DELETED" - One or more of the resources set to
+	// auto-delete could not be deleted because they were in use.
+	//   "SCHEMA_VALIDATION_IGNORED" - When a resource schema validation is
+	// ignored.
+	//   "SINGLE_INSTANCE_PROPERTY_TEMPLATE" - Instance template used in
+	// instance group manager is valid as such, but its application does not
+	// make a lot of sense, because it allows only single instance in
+	// instance group.
+	//   "UNDECLARED_PROPERTIES" - When undeclared properties in the schema
+	// are present
+	//   "UNREACHABLE" - A given scope cannot be reached.
+	Code string `json:"code,omitempty"`
+
+	// Data: [Output Only] Metadata about this warning in key: value format.
+	// For example: "data": [ { "key": "scope", "value": "zones/us-east1-d"
+	// }
+	Data []*SubnetworksScopedListWarningData `json:"data,omitempty"`
+
+	// Message: [Output Only] A human-readable description of the warning
+	// code.
+	Message string `json:"message,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Code") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Code") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *SubnetworksScopedListWarning) MarshalJSON() ([]byte, error) {
+	type NoMethod SubnetworksScopedListWarning
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type SubnetworksScopedListWarningData struct {
+	// Key: [Output Only] A key that provides more detail on the warning
+	// being returned. For example, for warnings where there are no results
+	// in a list request for a particular zone, this key might be scope and
+	// the key value might be the zone name. Other examples might be a key
+	// indicating a deprecated resource and a suggested replacement, or a
+	// warning about invalid network settings (for example, if an instance
+	// attempts to perform IP forwarding but is not enabled for IP
+	// forwarding).
+	Key string `json:"key,omitempty"`
+
+	// Value: [Output Only] A warning data value corresponding to the key.
+	Value string `json:"value,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Key") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Key") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *SubnetworksScopedListWarningData) MarshalJSON() ([]byte, error) {
+	type NoMethod SubnetworksScopedListWarningData
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type SubnetworksSetPrivateIpGoogleAccessRequest struct {
+	PrivateIpGoogleAccess bool `json:"privateIpGoogleAccess,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g.
+	// "PrivateIpGoogleAccess") to unconditionally include in API requests.
+	// By default, fields with empty or default values are omitted from API
+	// requests. However, any non-pointer, non-interface field appearing in
+	// ForceSendFields will be sent to the server regardless of whether the
+	// field is empty or not. This may be used to include empty fields in
+	// Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "PrivateIpGoogleAccess") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *SubnetworksSetPrivateIpGoogleAccessRequest) MarshalJSON() ([]byte, error) {
+	type NoMethod SubnetworksSetPrivateIpGoogleAccessRequest
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// Subsetting: Subsetting configuration for this BackendService.
+// Currently this is applicable only for Internal TCP/UDP load
+// balancing, Internal HTTP(S) load balancing and Traffic Director.
+type Subsetting struct {
+	// Possible values:
+	//   "CONSISTENT_HASH_SUBSETTING" - Subsetting based on consistent
+	// hashing. For Traffic Director, the number of backends per backend
+	// group (the subset size) is based on the `subset_size` parameter. For
+	// Internal HTTP(S) load balancing, the number of backends per backend
+	// group (the subset size) is dynamically adjusted in two cases: - As
+	// the number of proxy instances participating in Internal HTTP(S) load
+	// balancing increases, the subset size decreases. - When the total
+	// number of backends in a network exceeds the capacity of a single
+	// proxy instance, subset sizes are reduced automatically for each
+	// service that has backend subsetting enabled.
+	//   "NONE" - No Subsetting. Clients may open connections and send
+	// traffic to all backends of this backend service. This can lead to
+	// performance issues if there is substantial imbalance in the count of
+	// clients and backends.
+	Policy string `json:"policy,omitempty"`
+
+	// SubsetSize: The number of backends per backend group assigned to each
+	// proxy instance or each service mesh client. An input parameter to the
+	// `CONSISTENT_HASH_SUBSETTING` algorithm. Can only be set if `policy`
+	// is set to `CONSISTENT_HASH_SUBSETTING`. Can only be set if load
+	// balancing scheme is `INTERNAL_MANAGED` or `INTERNAL_SELF_MANAGED`.
+	// `subset_size` is optional for Internal HTTP(S) load balancing and
+	// required for Traffic Director. If you do not provide this value,
+	// Cloud Load Balancing will calculate it dynamically to optimize the
+	// number of proxies/clients visible to each backend and vice versa.
+	// Must be greater than 0. If `subset_size` is larger than the number of
+	// backends/endpoints, then subsetting is disabled.
+	SubsetSize int64 `json:"subsetSize,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Policy") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Policy") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *Subsetting) MarshalJSON() ([]byte, error) {
+	type NoMethod Subsetting
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type TCPHealthCheck struct {
+	// Port: The TCP port number to which the health check prober sends
+	// packets. The default value is 80. Valid values are 1 through 65535.
+	Port int64 `json:"port,omitempty"`
+
+	// PortName: Not supported.
+	PortName string `json:"portName,omitempty"`
+
+	// PortSpecification: Specifies how a port is selected for health
+	// checking. Can be one of the following values: USE_FIXED_PORT:
+	// Specifies a port number explicitly using the port field in the health
+	// check. Supported by backend services for pass-through load balancers
+	// and backend services for proxy load balancers. Not supported by
+	// target pools. The health check supports all backends supported by the
+	// backend service provided the backend can be health checked. For
+	// example, GCE_VM_IP network endpoint groups, GCE_VM_IP_PORT network
+	// endpoint groups, and instance group backends. USE_NAMED_PORT: Not
+	// supported. USE_SERVING_PORT: Provides an indirect method of
+	// specifying the health check port by referring to the backend service.
+	// Only supported by backend services for proxy load balancers. Not
+	// supported by target pools. Not supported by backend services for
+	// pass-through load balancers. Supports all backends that can be health
+	// checked; for example, GCE_VM_IP_PORT network endpoint groups and
+	// instance group backends. For GCE_VM_IP_PORT network endpoint group
+	// backends, the health check uses the port number specified for each
+	// endpoint in the network endpoint group. For instance group backends,
+	// the health check uses the port number determined by looking up the
+	// backend service's named port in the instance group's list of named
+	// ports.
+	//
+	// Possible values:
+	//   "USE_FIXED_PORT" - The port number in the health check's port is
+	// used for health checking. Applies to network endpoint group and
+	// instance group backends.
+	//   "USE_NAMED_PORT" - Not supported.
+	//   "USE_SERVING_PORT" - For network endpoint group backends, the
+	// health check uses the port number specified on each endpoint in the
+	// network endpoint group. For instance group backends, the health check
+	// uses the port number specified for the backend service's named port
+	// defined in the instance group's named ports.
+	PortSpecification string `json:"portSpecification,omitempty"`
+
+	// ProxyHeader: Specifies the type of proxy header to append before
+	// sending data to the backend, either NONE or PROXY_V1. The default is
+	// NONE.
+	//
+	// Possible values:
+	//   "NONE"
+	//   "PROXY_V1"
+	ProxyHeader string `json:"proxyHeader,omitempty"`
+
+	// Request: Instructs the health check prober to send this exact ASCII
+	// string, up to 1024 bytes in length, after establishing the TCP
+	// connection.
+	Request string `json:"request,omitempty"`
+
+	// Response: Creates a content-based TCP health check. In addition to
+	// establishing a TCP connection, you can configure the health check to
+	// pass only when the backend sends this exact response ASCII string, up
+	// to 1024 bytes in length. For details, see:
+	// https://cloud.google.com/load-balancing/docs/health-check-concepts#criteria-protocol-ssl-tcp
+	Response string `json:"response,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Port") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Port") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *TCPHealthCheck) MarshalJSON() ([]byte, error) {
+	type NoMethod TCPHealthCheck
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// Tags: A set of instance tags.
+type Tags struct {
+	// Fingerprint: Specifies a fingerprint for this request, which is
+	// essentially a hash of the tags' contents and used for optimistic
+	// locking. The fingerprint is initially generated by Compute Engine and
+	// changes after every request to modify or update tags. You must always
+	// provide an up-to-date fingerprint hash in order to update or change
+	// tags. To see the latest fingerprint, make get() request to the
+	// instance.
+	Fingerprint string `json:"fingerprint,omitempty"`
+
+	// Items: An array of tags. Each tag must be 1-63 characters long, and
+	// comply with RFC1035.
+	Items []string `json:"items,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Fingerprint") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Fingerprint") to include
+	// in API requests with the JSON null value. By default, fields with
+	// empty values are omitted from API requests. However, any field with
+	// an empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *Tags) MarshalJSON() ([]byte, error) {
+	type NoMethod Tags
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// TargetGrpcProxy: Represents a Target gRPC Proxy resource. A target
+// gRPC proxy is a component of load balancers intended for load
+// balancing gRPC traffic. Only global forwarding rules with load
+// balancing scheme INTERNAL_SELF_MANAGED can reference a target gRPC
+// proxy. The target gRPC Proxy references a URL map that specifies how
+// traffic is routed to gRPC backend services.
+type TargetGrpcProxy struct {
+	// CreationTimestamp: [Output Only] Creation timestamp in RFC3339 text
+	// format.
+	CreationTimestamp string `json:"creationTimestamp,omitempty"`
+
+	// Description: An optional description of this resource. Provide this
+	// property when you create the resource.
+	Description string `json:"description,omitempty"`
+
+	// Fingerprint: Fingerprint of this resource. A hash of the contents
+	// stored in this object. This field is used in optimistic locking. This
+	// field will be ignored when inserting a TargetGrpcProxy. An up-to-date
+	// fingerprint must be provided in order to patch/update the
+	// TargetGrpcProxy; otherwise, the request will fail with error 412
+	// conditionNotMet. To see the latest fingerprint, make a get() request
+	// to retrieve the TargetGrpcProxy.
+	Fingerprint string `json:"fingerprint,omitempty"`
+
+	// Id: [Output Only] The unique identifier for the resource type. The
+	// server generates this identifier.
+	Id uint64 `json:"id,omitempty,string"`
+
+	// Kind: [Output Only] Type of the resource. Always
+	// compute#targetGrpcProxy for target grpc proxies.
+	Kind string `json:"kind,omitempty"`
+
+	// Name: Name of the resource. Provided by the client when the resource
+	// is created. The name must be 1-63 characters long, and comply with
+	// RFC1035. Specifically, the name must be 1-63 characters long and
+	// match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means
+	// the first character must be a lowercase letter, and all following
+	// characters must be a dash, lowercase letter, or digit, except the
+	// last character, which cannot be a dash.
+	Name string `json:"name,omitempty"`
+
+	// SelfLink: [Output Only] Server-defined URL for the resource.
+	SelfLink string `json:"selfLink,omitempty"`
+
+	// SelfLinkWithId: [Output Only] Server-defined URL with id for the
+	// resource.
+	SelfLinkWithId string `json:"selfLinkWithId,omitempty"`
+
+	// UrlMap: URL to the UrlMap resource that defines the mapping from URL
+	// to the BackendService. The protocol field in the BackendService must
+	// be set to GRPC.
+	UrlMap string `json:"urlMap,omitempty"`
+
+	// ValidateForProxyless: If true, indicates that the BackendServices
+	// referenced by the urlMap may be accessed by gRPC applications without
+	// using a sidecar proxy. This will enable configuration checks on
+	// urlMap and its referenced BackendServices to not allow unsupported
+	// features. A gRPC application must use "xds:///" scheme in the target
+	// URI of the service it is connecting to. If false, indicates that the
+	// BackendServices referenced by the urlMap will be accessed by gRPC
+	// applications via a sidecar proxy. In this case, a gRPC application
+	// must not use "xds:///" scheme in the target URI of the service it is
+	// connecting to
+	ValidateForProxyless bool `json:"validateForProxyless,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "CreationTimestamp")
+	// to unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "CreationTimestamp") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *TargetGrpcProxy) MarshalJSON() ([]byte, error) {
+	type NoMethod TargetGrpcProxy
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type TargetGrpcProxyList struct {
+	// Id: [Output Only] Unique identifier for the resource; defined by the
+	// server.
+	Id string `json:"id,omitempty"`
+
+	// Items: A list of TargetGrpcProxy resources.
+	Items []*TargetGrpcProxy `json:"items,omitempty"`
+
+	// Kind: [Output Only] Type of the resource. Always
+	// compute#targetGrpcProxy for target grpc proxies.
+	Kind string `json:"kind,omitempty"`
+
+	// NextPageToken: [Output Only] This token allows you to get the next
+	// page of results for list requests. If the number of results is larger
+	// than maxResults, use the nextPageToken as a value for the query
+	// parameter pageToken in the next list request. Subsequent list
+	// requests will have their own nextPageToken to continue paging through
+	// the results.
+	NextPageToken string `json:"nextPageToken,omitempty"`
+
+	// SelfLink: [Output Only] Server-defined URL for this resource.
+	SelfLink string `json:"selfLink,omitempty"`
+
+	// Warning: [Output Only] Informational warning message.
+	Warning *TargetGrpcProxyListWarning `json:"warning,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "Id") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Id") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *TargetGrpcProxyList) MarshalJSON() ([]byte, error) {
+	type NoMethod TargetGrpcProxyList
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// TargetGrpcProxyListWarning: [Output Only] Informational warning
+// message.
+type TargetGrpcProxyListWarning struct {
+	// Code: [Output Only] A warning code, if applicable. For example,
+	// Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in
+	// the response.
+	//
+	// Possible values:
+	//   "CLEANUP_FAILED" - Warning about failed cleanup of transient
+	// changes made by a failed operation.
+	//   "DEPRECATED_RESOURCE_USED" - A link to a deprecated resource was
+	// created.
+	//   "DEPRECATED_TYPE_USED" - When deploying and at least one of the
+	// resources has a type marked as deprecated
+	//   "DISK_SIZE_LARGER_THAN_IMAGE_SIZE" - The user created a boot disk
+	// that is larger than image size.
+	//   "EXPERIMENTAL_TYPE_USED" - When deploying and at least one of the
+	// resources has a type marked as experimental
+	//   "EXTERNAL_API_WARNING" - Warning that is present in an external api
+	// call
+	//   "FIELD_VALUE_OVERRIDEN" - Warning that value of a field has been
+	// overridden. Deprecated unused field.
+	//   "INJECTED_KERNELS_DEPRECATED" - The operation involved use of an
+	// injected kernel, which is deprecated.
+	//   "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB" - A WEIGHTED_MAGLEV
+	// backend service is associated with a health check that is not of type
+	// HTTP/HTTPS/HTTP2.
+	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
+	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
+	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
+	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
+	// not assigned to an instance on the network.
+	//   "NEXT_HOP_CANNOT_IP_FORWARD" - The route's next hop instance cannot
+	// ip forward.
+	//   "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE" - The route's
+	// nextHopInstance URL refers to an instance that does not have an ipv6
+	// interface on the same network as the route.
+	//   "NEXT_HOP_INSTANCE_NOT_FOUND" - The route's nextHopInstance URL
+	// refers to an instance that does not exist.
+	//   "NEXT_HOP_INSTANCE_NOT_ON_NETWORK" - The route's nextHopInstance
+	// URL refers to an instance that is not on the same network as the
+	// route.
+	//   "NEXT_HOP_NOT_RUNNING" - The route's next hop instance does not
+	// have a status of RUNNING.
+	//   "NOT_CRITICAL_ERROR" - Error which is not critical. We decided to
+	// continue the process despite the mentioned error.
+	//   "NO_RESULTS_ON_PAGE" - No results are present on a particular list
+	// page.
+	//   "PARTIAL_SUCCESS" - Success is reported, but some results may be
+	// missing due to errors
+	//   "REQUIRED_TOS_AGREEMENT" - The user attempted to use a resource
+	// that requires a TOS they have not accepted.
+	//   "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING" - Warning that a
+	// resource is in use.
+	//   "RESOURCE_NOT_DELETED" - One or more of the resources set to
+	// auto-delete could not be deleted because they were in use.
+	//   "SCHEMA_VALIDATION_IGNORED" - When a resource schema validation is
+	// ignored.
+	//   "SINGLE_INSTANCE_PROPERTY_TEMPLATE" - Instance template used in
+	// instance group manager is valid as such, but its application does not
+	// make a lot of sense, because it allows only single instance in
+	// instance group.
+	//   "UNDECLARED_PROPERTIES" - When undeclared properties in the schema
+	// are present
+	//   "UNREACHABLE" - A given scope cannot be reached.
+	Code string `json:"code,omitempty"`
+
+	// Data: [Output Only] Metadata about this warning in key: value format.
+	// For example: "data": [ { "key": "scope", "value": "zones/us-east1-d"
+	// }
+	Data []*TargetGrpcProxyListWarningData `json:"data,omitempty"`
+
+	// Message: [Output Only] A human-readable description of the warning
+	// code.
+	Message string `json:"message,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Code") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Code") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *TargetGrpcProxyListWarning) MarshalJSON() ([]byte, error) {
+	type NoMethod TargetGrpcProxyListWarning
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type TargetGrpcProxyListWarningData struct {
+	// Key: [Output Only] A key that provides more detail on the warning
+	// being returned. For example, for warnings where there are no results
+	// in a list request for a particular zone, this key might be scope and
+	// the key value might be the zone name. Other examples might be a key
+	// indicating a deprecated resource and a suggested replacement, or a
+	// warning about invalid network settings (for example, if an instance
+	// attempts to perform IP forwarding but is not enabled for IP
+	// forwarding).
+	Key string `json:"key,omitempty"`
+
+	// Value: [Output Only] A warning data value corresponding to the key.
+	Value string `json:"value,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Key") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Key") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *TargetGrpcProxyListWarningData) MarshalJSON() ([]byte, error) {
+	type NoMethod TargetGrpcProxyListWarningData
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type TargetHttpProxiesScopedList struct {
+	// TargetHttpProxies: A list of TargetHttpProxies contained in this
+	// scope.
+	TargetHttpProxies []*TargetHttpProxy `json:"targetHttpProxies,omitempty"`
+
+	// Warning: Informational warning which replaces the list of backend
+	// services when the list is empty.
+	Warning *TargetHttpProxiesScopedListWarning `json:"warning,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "TargetHttpProxies")
+	// to unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "TargetHttpProxies") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *TargetHttpProxiesScopedList) MarshalJSON() ([]byte, error) {
+	type NoMethod TargetHttpProxiesScopedList
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// TargetHttpProxiesScopedListWarning: Informational warning which
+// replaces the list of backend services when the list is empty.
+type TargetHttpProxiesScopedListWarning struct {
+	// Code: [Output Only] A warning code, if applicable. For example,
+	// Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in
+	// the response.
+	//
+	// Possible values:
+	//   "CLEANUP_FAILED" - Warning about failed cleanup of transient
+	// changes made by a failed operation.
+	//   "DEPRECATED_RESOURCE_USED" - A link to a deprecated resource was
+	// created.
+	//   "DEPRECATED_TYPE_USED" - When deploying and at least one of the
+	// resources has a type marked as deprecated
+	//   "DISK_SIZE_LARGER_THAN_IMAGE_SIZE" - The user created a boot disk
+	// that is larger than image size.
+	//   "EXPERIMENTAL_TYPE_USED" - When deploying and at least one of the
+	// resources has a type marked as experimental
+	//   "EXTERNAL_API_WARNING" - Warning that is present in an external api
+	// call
+	//   "FIELD_VALUE_OVERRIDEN" - Warning that value of a field has been
+	// overridden. Deprecated unused field.
+	//   "INJECTED_KERNELS_DEPRECATED" - The operation involved use of an
+	// injected kernel, which is deprecated.
+	//   "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB" - A WEIGHTED_MAGLEV
+	// backend service is associated with a health check that is not of type
+	// HTTP/HTTPS/HTTP2.
+	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
+	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
+	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
+	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
+	// not assigned to an instance on the network.
+	//   "NEXT_HOP_CANNOT_IP_FORWARD" - The route's next hop instance cannot
+	// ip forward.
+	//   "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE" - The route's
+	// nextHopInstance URL refers to an instance that does not have an ipv6
+	// interface on the same network as the route.
+	//   "NEXT_HOP_INSTANCE_NOT_FOUND" - The route's nextHopInstance URL
+	// refers to an instance that does not exist.
+	//   "NEXT_HOP_INSTANCE_NOT_ON_NETWORK" - The route's nextHopInstance
+	// URL refers to an instance that is not on the same network as the
+	// route.
+	//   "NEXT_HOP_NOT_RUNNING" - The route's next hop instance does not
+	// have a status of RUNNING.
+	//   "NOT_CRITICAL_ERROR" - Error which is not critical. We decided to
+	// continue the process despite the mentioned error.
+	//   "NO_RESULTS_ON_PAGE" - No results are present on a particular list
+	// page.
+	//   "PARTIAL_SUCCESS" - Success is reported, but some results may be
+	// missing due to errors
+	//   "REQUIRED_TOS_AGREEMENT" - The user attempted to use a resource
+	// that requires a TOS they have not accepted.
+	//   "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING" - Warning that a
+	// resource is in use.
+	//   "RESOURCE_NOT_DELETED" - One or more of the resources set to
+	// auto-delete could not be deleted because they were in use.
+	//   "SCHEMA_VALIDATION_IGNORED" - When a resource schema validation is
+	// ignored.
+	//   "SINGLE_INSTANCE_PROPERTY_TEMPLATE" - Instance template used in
+	// instance group manager is valid as such, but its application does not
+	// make a lot of sense, because it allows only single instance in
+	// instance group.
+	//   "UNDECLARED_PROPERTIES" - When undeclared properties in the schema
+	// are present
+	//   "UNREACHABLE" - A given scope cannot be reached.
+	Code string `json:"code,omitempty"`
+
+	// Data: [Output Only] Metadata about this warning in key: value format.
+	// For example: "data": [ { "key": "scope", "value": "zones/us-east1-d"
+	// }
+	Data []*TargetHttpProxiesScopedListWarningData `json:"data,omitempty"`
+
+	// Message: [Output Only] A human-readable description of the warning
+	// code.
+	Message string `json:"message,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Code") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Code") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *TargetHttpProxiesScopedListWarning) MarshalJSON() ([]byte, error) {
+	type NoMethod TargetHttpProxiesScopedListWarning
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type TargetHttpProxiesScopedListWarningData struct {
+	// Key: [Output Only] A key that provides more detail on the warning
+	// being returned. For example, for warnings where there are no results
+	// in a list request for a particular zone, this key might be scope and
+	// the key value might be the zone name. Other examples might be a key
+	// indicating a deprecated resource and a suggested replacement, or a
+	// warning about invalid network settings (for example, if an instance
+	// attempts to perform IP forwarding but is not enabled for IP
+	// forwarding).
+	Key string `json:"key,omitempty"`
+
+	// Value: [Output Only] A warning data value corresponding to the key.
+	Value string `json:"value,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Key") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Key") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *TargetHttpProxiesScopedListWarningData) MarshalJSON() ([]byte, error) {
+	type NoMethod TargetHttpProxiesScopedListWarningData
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// TargetHttpProxy: Represents a Target HTTP Proxy resource. Google
+// Compute Engine has two Target HTTP Proxy resources: * Global
+// (/compute/docs/reference/rest/alpha/targetHttpProxies) * Regional
+// (/compute/docs/reference/rest/alpha/regionTargetHttpProxies) A target
+// HTTP proxy is a component of GCP HTTP load balancers. *
+// targetHttpProxies are used by external HTTP load balancers and
+// Traffic Director. * regionTargetHttpProxies are used by internal HTTP
+// load balancers. Forwarding rules reference a target HTTP proxy, and
+// the target proxy then references a URL map. For more information,
+// read Using Target Proxies and Forwarding rule concepts.
+type TargetHttpProxy struct {
+	// CreationTimestamp: [Output Only] Creation timestamp in RFC3339 text
+	// format.
+	CreationTimestamp string `json:"creationTimestamp,omitempty"`
+
+	// Description: An optional description of this resource. Provide this
+	// property when you create the resource.
+	Description string `json:"description,omitempty"`
+
+	// Fingerprint: Fingerprint of this resource. A hash of the contents
+	// stored in this object. This field is used in optimistic locking. This
+	// field will be ignored when inserting a TargetHttpProxy. An up-to-date
+	// fingerprint must be provided in order to patch/update the
+	// TargetHttpProxy; otherwise, the request will fail with error 412
+	// conditionNotMet. To see the latest fingerprint, make a get() request
+	// to retrieve the TargetHttpProxy.
+	Fingerprint string `json:"fingerprint,omitempty"`
+
+	// HttpFilters: URLs to networkservices.HttpFilter resources enabled for
+	// xDS clients using this configuration. For example,
+	// https://networkservices.googleapis.com/v1alpha1/projects/project/locations/
+	// locationhttpFilters/httpFilter Only filters that handle outbound
+	// connection and stream events may be specified. These filters work in
+	// conjunction with a default set of HTTP filters that may already be
+	// configured by Traffic Director. Traffic Director will determine the
+	// final location of these filters within xDS configuration based on the
+	// name of the HTTP filter. If Traffic Director positions multiple
+	// filters at the same location, those filters will be in the same order
+	// as specified in this list. httpFilters only applies for loadbalancers
+	// with loadBalancingScheme set to INTERNAL_SELF_MANAGED. See
+	// ForwardingRule for more details.
+	HttpFilters []string `json:"httpFilters,omitempty"`
+
+	// HttpKeepAliveTimeoutSec: Specifies how long to keep a connection
+	// open, after completing a response, while there is no matching traffic
+	// (in seconds). If an HTTP keep-alive is not specified, a default value
+	// (610 seconds) will be used. For Global external HTTP(S) load
+	// balancer, the minimum allowed value is 5 seconds and the maximum
+	// allowed value is 1200 seconds. For Global external HTTP(S) load
+	// balancer (classic), this option is not available publicly.
+	HttpKeepAliveTimeoutSec int64 `json:"httpKeepAliveTimeoutSec,omitempty"`
+
+	// Id: [Output Only] The unique identifier for the resource. This
+	// identifier is defined by the server.
+	Id uint64 `json:"id,omitempty,string"`
+
+	// Kind: [Output Only] Type of resource. Always compute#targetHttpProxy
 	// for target HTTP proxies.
 	Kind string `json:"kind,omitempty"`
 
@@ -61469,6 +64847,9 @@ type TargetHttpProxyAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -61659,6 +65040,9 @@ type TargetHttpProxyListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -61828,6 +65212,9 @@ type TargetHttpsProxiesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -61937,7 +65324,9 @@ func (s *TargetHttpsProxiesScopedListWarningData) MarshalJSON() ([]byte, error)
 
 type TargetHttpsProxiesSetCertificateMapRequest struct {
 	// CertificateMap: URL of the Certificate Map to associate with this
-	// TargetHttpsProxy.
+	// TargetHttpsProxy. Accepted format is
+	// //certificatemanager.googleapis.com/projects/{project
+	// }/locations/{location}/certificateMaps/{resourceName}.
 	CertificateMap string `json:"certificateMap,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g. "CertificateMap") to
@@ -62060,7 +65449,9 @@ type TargetHttpsProxy struct {
 	// CertificateMap: URL of a certificate map that identifies a
 	// certificate map associated with the given target proxy. This field
 	// can only be set for global target proxies. If set, sslCertificates
-	// will be ignored.
+	// will be ignored. Accepted format is
+	// //certificatemanager.googleapis.com/projects/{project
+	// }/locations/{location}/certificateMaps/{resourceName}.
 	CertificateMap string `json:"certificateMap,omitempty"`
 
 	// CreationTimestamp: [Output Only] Creation timestamp in RFC3339 text
@@ -62095,6 +65486,15 @@ type TargetHttpsProxy struct {
 	// ForwardingRule for more details.
 	HttpFilters []string `json:"httpFilters,omitempty"`
 
+	// HttpKeepAliveTimeoutSec: Specifies how long to keep a connection
+	// open, after completing a response, while there is no matching traffic
+	// (in seconds). If an HTTP keep-alive is not specified, a default value
+	// (610 seconds) will be used. For Global external HTTP(S) load
+	// balancer, the minimum allowed value is 5 seconds and the maximum
+	// allowed value is 1200 seconds. For Global external HTTP(S) load
+	// balancer (classic), this option is not available publicly.
+	HttpKeepAliveTimeoutSec int64 `json:"httpKeepAliveTimeoutSec,omitempty"`
+
 	// Id: [Output Only] The unique identifier for the resource. This
 	// identifier is defined by the server.
 	Id uint64 `json:"id,omitempty,string"`
@@ -62157,9 +65557,11 @@ type TargetHttpsProxy struct {
 	// networksecurity.ServerTlsPolicy resource that describes how the proxy
 	// should authenticate inbound traffic. serverTlsPolicy only applies to
 	// a global TargetHttpsProxy attached to globalForwardingRules with the
-	// loadBalancingScheme set to INTERNAL_SELF_MANAGED. If left blank,
-	// communications are not encrypted. Note: This field currently has no
-	// impact.
+	// loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL or
+	// EXTERNAL_MANAGED. For details which ServerTlsPolicy resources are
+	// accepted with INTERNAL_SELF_MANAGED and which with EXTERNAL,
+	// EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy
+	// documentation. If left blank, communications are not encrypted.
 	ServerTlsPolicy string `json:"serverTlsPolicy,omitempty"`
 
 	// SslCertificates: URLs to SslCertificate resources that are used to
@@ -62296,6 +65698,9 @@ type TargetHttpsProxyAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -62486,6 +65891,9 @@ type TargetHttpsProxyListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -62774,6 +66182,9 @@ type TargetInstanceAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -62963,6 +66374,9 @@ type TargetInstanceListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -63131,6 +66545,9 @@ type TargetInstancesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -63488,6 +66905,9 @@ type TargetPoolAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -63712,6 +67132,9 @@ type TargetPoolListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -63998,6 +67421,9 @@ type TargetPoolsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -64161,7 +67587,9 @@ func (s *TargetSslProxiesSetBackendServiceRequest) MarshalJSON() ([]byte, error)
 
 type TargetSslProxiesSetCertificateMapRequest struct {
 	// CertificateMap: URL of the Certificate Map to associate with this
-	// TargetSslProxy.
+	// TargetSslProxy. Accepted format is
+	// //certificatemanager.googleapis.com/projects/{project
+	// }/locations/{location}/certificateMaps/{resourceName}.
 	CertificateMap string `json:"certificateMap,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g. "CertificateMap") to
@@ -64259,7 +67687,9 @@ type TargetSslProxy struct {
 	// CertificateMap: URL of a certificate map that identifies a
 	// certificate map associated with the given target proxy. This field
 	// can only be set for global target proxies. If set, sslCertificates
-	// will be ignored.
+	// will be ignored. Accepted format is
+	// //certificatemanager.googleapis.com/projects/{project
+	// }/locations/{location}/certificateMaps/{resourceName}.
 	CertificateMap string `json:"certificateMap,omitempty"`
 
 	// CreationTimestamp: [Output Only] Creation timestamp in RFC3339 text
@@ -64424,6 +67854,9 @@ type TargetSslProxyListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -64592,6 +68025,9 @@ type TargetTcpProxiesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -64933,6 +68369,9 @@ type TargetTcpProxyAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -65122,6 +68561,9 @@ type TargetTcpProxyListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -65418,6 +68860,9 @@ type TargetVpnGatewayAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -65608,6 +69053,9 @@ type TargetVpnGatewayListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -65777,6 +69225,9 @@ type TargetVpnGatewaysScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -66240,25 +69691,33 @@ func (s *Uint128) MarshalJSON() ([]byte, error) {
 }
 
 // UpcomingMaintenance: Upcoming Maintenance notification information.
-// TODO(b/242069500) Deprecate this proto once it's fully migrated to be
-// under proto ResourceStatus.UpcomingMaintenance.
 type UpcomingMaintenance struct {
 	// CanReschedule: Indicates if the maintenance can be customer
-	// triggered. From more detail, see go/sf-ctm-design.
+	// triggered.
 	CanReschedule bool `json:"canReschedule,omitempty"`
 
 	// Date: [Output Only] The date when the maintenance will take place.
 	// This value is in RFC3339 text format. DEPRECATED: Use
-	// start_time_window instead.
+	// window_start_time instead.
 	Date string `json:"date,omitempty"`
 
+	// LatestWindowStartTime: The latest time for the planned maintenance
+	// window to start. This timestamp value is in RFC3339 text format.
+	LatestWindowStartTime string `json:"latestWindowStartTime,omitempty"`
+
+	// Possible values:
+	//   "ONGOING" - There is ongoing maintenance on this VM.
+	//   "PENDING" - There is pending maintenance.
+	//   "UNKNOWN" - Unknown maintenance status. Do not use this value.
+	MaintenanceStatus string `json:"maintenanceStatus,omitempty"`
+
 	// StartTimeWindow: [Output Only] The start time window of the
-	// maintenance disruption.
+	// maintenance disruption. DEPRECATED: Use window_start_time instead.
 	StartTimeWindow *UpcomingMaintenanceTimeWindow `json:"startTimeWindow,omitempty"`
 
 	// Time: [Output Only] The time when the maintenance will take place.
 	// This value is in RFC3339 text format. DEPRECATED: Use
-	// start_time_window instead.
+	// window_start_time instead.
 	Time string `json:"time,omitempty"`
 
 	// Type: Defines the type of maintenance.
@@ -66271,6 +69730,14 @@ type UpcomingMaintenance struct {
 	// during uptime guarantee).
 	Type string `json:"type,omitempty"`
 
+	// WindowEndTime: The time by which the maintenance disruption will be
+	// completed. This timestamp value is in RFC3339 text format.
+	WindowEndTime string `json:"windowEndTime,omitempty"`
+
+	// WindowStartTime: The current start time of the maintenance window.
+	// This timestamp value is in RFC3339 text format.
+	WindowStartTime string `json:"windowStartTime,omitempty"`
+
 	// ForceSendFields is a list of field names (e.g. "CanReschedule") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
@@ -66576,6 +70043,9 @@ type UrlMapListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -66941,6 +70411,9 @@ type UrlMapsAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -67108,6 +70581,9 @@ type UrlMapsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -67382,12 +70858,20 @@ type UsableSubnetwork struct {
 	Network string `json:"network,omitempty"`
 
 	// Purpose: The purpose of the resource. This field can be either
-	// PRIVATE_RFC_1918 or INTERNAL_HTTPS_LOAD_BALANCER. A subnetwork with
-	// purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a user-created
-	// subnetwork that is reserved for Internal HTTP(S) Load Balancing. If
-	// unspecified, the purpose defaults to PRIVATE_RFC_1918. The
-	// enableFlowLogs field isn't supported with the purpose field set to
-	// INTERNAL_HTTPS_LOAD_BALANCER.
+	// PRIVATE, REGIONAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT, or
+	// INTERNAL_HTTPS_LOAD_BALANCER. PRIVATE is the default purpose for
+	// user-created subnets or subnets that are automatically created in
+	// auto mode networks. A subnet with purpose set to
+	// REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved
+	// for regional Envoy-based load balancers. A subnet with purpose set to
+	// PRIVATE_SERVICE_CONNECT is used to publish services using Private
+	// Service Connect. A subnet with purpose set to
+	// INTERNAL_HTTPS_LOAD_BALANCER is a proxy-only subnet that can be used
+	// only by regional internal HTTP(S) load balancers. Note that
+	// REGIONAL_MANAGED_PROXY is the preferred setting for all regional
+	// Envoy load balancers. If unspecified, the subnet purpose defaults to
+	// PRIVATE. The enableFlowLogs field isn't supported if the subnet
+	// purpose field is set to REGIONAL_MANAGED_PROXY.
 	//
 	// Possible values:
 	//   "AGGREGATE" - Subnetwork used to aggregate multiple private
@@ -67410,9 +70894,9 @@ type UsableSubnetwork struct {
 	Purpose string `json:"purpose,omitempty"`
 
 	// Role: The role of subnetwork. Currently, this field is only used when
-	// purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to
-	// ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently being
-	// used for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one
+	// purpose = REGIONAL_MANAGED_PROXY. The value can be set to ACTIVE or
+	// BACKUP. An ACTIVE subnetwork is one that is currently being used for
+	// Envoy-based load balancers in a region. A BACKUP subnetwork is one
 	// that is ready to be promoted to ACTIVE or is currently draining. This
 	// field can be updated with a patch request.
 	//
@@ -67585,6 +71069,9 @@ type UsableSubnetworksAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -67966,6 +71453,9 @@ type VmEndpointNatMappingsListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -68148,6 +71638,7 @@ type VpnGateway struct {
 	// Possible values:
 	//   "IPV4_IPV6" - Enable VPN gateway with both IPv4 and IPv6 protocols.
 	//   "IPV4_ONLY" - Enable VPN gateway with only IPv4 protocol.
+	//   "IPV6_ONLY" - Enable VPN gateway with only IPv6 protocol.
 	StackType string `json:"stackType,omitempty"`
 
 	// VpnInterfaces: The list of VPN interfaces associated with this VPN
@@ -68267,6 +71758,9 @@ type VpnGatewayAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -68456,6 +71950,9 @@ type VpnGatewayListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -68651,7 +72148,7 @@ type VpnGatewayStatusTunnel struct {
 
 	// PeerGatewayInterface: The peer gateway interface this VPN tunnel is
 	// connected to, the peer gateway could either be an external VPN
-	// gateway or GCP VPN gateway.
+	// gateway or a Google Cloud VPN gateway.
 	PeerGatewayInterface int64 `json:"peerGatewayInterface,omitempty"`
 
 	// TunnelUrl: URL reference to the VPN tunnel.
@@ -68684,8 +72181,8 @@ func (s *VpnGatewayStatusTunnel) MarshalJSON() ([]byte, error) {
 
 // VpnGatewayStatusVpnConnection: A VPN connection contains all VPN
 // tunnels connected from this VpnGateway to the same peer gateway. The
-// peer gateway could either be a external VPN gateway or GCP VPN
-// gateway.
+// peer gateway could either be an external VPN gateway or a Google
+// Cloud VPN gateway.
 type VpnGatewayStatusVpnConnection struct {
 	// PeerExternalGateway: URL reference to the peer external VPN gateways
 	// to which the VPN tunnels in this VPN connection are connected. This
@@ -68873,6 +72370,9 @@ type VpnGatewaysScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -69261,6 +72761,9 @@ type VpnTunnelAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -69450,6 +72953,9 @@ type VpnTunnelListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -69617,6 +73123,9 @@ type VpnTunnelsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -69934,6 +73443,9 @@ type XpnHostListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -70236,6 +73748,9 @@ type ZoneListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -73328,8 +76843,7 @@ type AutoscalersGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified autoscaler resource. Gets a list of
-// available autoscalers by making a list() request.
+// Get: Returns the specified autoscaler resource.
 //
 // - autoscaler: Name of the autoscaler to return.
 // - project: Project ID for this request.
@@ -73443,7 +76957,7 @@ func (c *AutoscalersGetCall) Do(opts ...googleapi.CallOption) (*Autoscaler, erro
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified autoscaler resource. Gets a list of available autoscalers by making a list() request.",
+	//   "description": "Returns the specified autoscaler resource.",
 	//   "flatPath": "projects/{project}/zones/{zone}/autoscalers/{autoscaler}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.autoscalers.get",
@@ -75038,8 +78552,7 @@ type BackendBucketsGetCall struct {
 	header_       http.Header
 }
 
-// Get: Returns the specified BackendBucket resource. Gets a list of
-// available backend buckets by making a list() request.
+// Get: Returns the specified BackendBucket resource.
 //
 // - backendBucket: Name of the BackendBucket resource to return.
 // - project: Project ID for this request.
@@ -75150,7 +78663,7 @@ func (c *BackendBucketsGetCall) Do(opts ...googleapi.CallOption) (*BackendBucket
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified BackendBucket resource. Gets a list of available backend buckets by making a list() request.",
+	//   "description": "Returns the specified BackendBucket resource.",
 	//   "flatPath": "projects/{project}/global/backendBuckets/{backendBucket}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.backendBuckets.get",
@@ -77480,8 +80993,7 @@ type BackendServicesGetCall struct {
 	header_        http.Header
 }
 
-// Get: Returns the specified BackendService resource. Gets a list of
-// available backend services.
+// Get: Returns the specified BackendService resource.
 //
 // - backendService: Name of the BackendService resource to return.
 // - project: Project ID for this request.
@@ -77592,7 +81104,7 @@ func (c *BackendServicesGetCall) Do(opts ...googleapi.CallOption) (*BackendServi
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified BackendService resource. Gets a list of available backend services.",
+	//   "description": "Returns the specified BackendService resource.",
 	//   "flatPath": "projects/{project}/global/backendServices/{backendService}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.backendServices.get",
@@ -79433,125 +82945,33 @@ func (c *BackendServicesUpdateCall) Do(opts ...googleapi.CallOption) (*Operation
 
 }
 
-// method id "compute.diskTypes.aggregatedList":
+// method id "compute.diskSettings.get":
 
-type DiskTypesAggregatedListCall struct {
+type DiskSettingsGetCall struct {
 	s            *Service
 	project      string
+	zone         string
 	urlParams_   gensupport.URLParams
 	ifNoneMatch_ string
 	ctx_         context.Context
 	header_      http.Header
 }
 
-// AggregatedList: Retrieves an aggregated list of disk types.
+// Get: Get Zonal Disk Settings.
 //
 // - project: Project ID for this request.
-func (r *DiskTypesService) AggregatedList(project string) *DiskTypesAggregatedListCall {
-	c := &DiskTypesAggregatedListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - zone: Name of the zone for this request.
+func (r *DiskSettingsService) Get(project string, zone string) *DiskSettingsGetCall {
+	c := &DiskSettingsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	return c
-}
-
-// Filter sets the optional parameter "filter": A filter expression that
-// filters resources listed in the response. Most Compute resources
-// support two types of filter expressions: expressions that support
-// regular expressions and expressions that follow API improvement
-// proposal AIP-160. If you want to use AIP-160, your expression must
-// specify the field name, an operator, and the value that you want to
-// use for filtering. The value must be a string, a number, or a
-// boolean. The operator must be either `=`, `!=`, `>`, `<`, `<=`, `>=`
-// or `:`. For example, if you are filtering Compute Engine instances,
-// you can exclude instances named `example-instance` by specifying
-// `name != example-instance`. The `:` operator can be used with string
-// fields to match substrings. For non-string fields it is equivalent to
-// the `=` operator. The `:*` comparison can be used to test whether a
-// key has been defined. For example, to find all objects with `owner`
-// label use: ``` labels.owner:* ``` You can also filter nested fields.
-// For example, you could specify `scheduling.automaticRestart = false`
-// to include instances only if they are not scheduled for automatic
-// restarts. You can use filtering on nested fields to filter based on
-// resource labels. To filter on multiple expressions, provide each
-// separate expression within parentheses. For example: ```
-// (scheduling.automaticRestart = true) (cpuPlatform = "Intel Skylake")
-// ``` By default, each expression is an `AND` expression. However, you
-// can include `AND` and `OR` expressions explicitly. For example: ```
-// (cpuPlatform = "Intel Skylake") OR (cpuPlatform = "Intel Broadwell")
-// AND (scheduling.automaticRestart = true) ``` If you want to use a
-// regular expression, use the `eq` (equal) or `ne` (not equal) operator
-// against a single un-parenthesized expression with or without quotes
-// or against multiple parenthesized expressions. Examples: `fieldname
-// eq unquoted literal` `fieldname eq 'single quoted literal'`
-// `fieldname eq "double quoted literal" `(fieldname1 eq literal)
-// (fieldname2 ne "literal")` The literal value is interpreted as a
-// regular expression using Google RE2 library syntax. The literal value
-// must match the entire field. For example, to filter for instances
-// that do not end with name "instance", you would use `name ne
-// .*instance`.
-func (c *DiskTypesAggregatedListCall) Filter(filter string) *DiskTypesAggregatedListCall {
-	c.urlParams_.Set("filter", filter)
-	return c
-}
-
-// IncludeAllScopes sets the optional parameter "includeAllScopes":
-// Indicates whether every visible scope for each scope type (zone,
-// region, global) should be included in the response. For new resource
-// types added after this field, the flag has no effect as new resource
-// types will always include every visible scope for each scope type in
-// response. For resource types which predate this field, if this flag
-// is omitted or false, only scopes of the scope types where the
-// resource type is expected to be found will be included.
-func (c *DiskTypesAggregatedListCall) IncludeAllScopes(includeAllScopes bool) *DiskTypesAggregatedListCall {
-	c.urlParams_.Set("includeAllScopes", fmt.Sprint(includeAllScopes))
-	return c
-}
-
-// MaxResults sets the optional parameter "maxResults": The maximum
-// number of results per page that should be returned. If the number of
-// available results is larger than `maxResults`, Compute Engine returns
-// a `nextPageToken` that can be used to get the next page of results in
-// subsequent list requests. Acceptable values are `0` to `500`,
-// inclusive. (Default: `500`)
-func (c *DiskTypesAggregatedListCall) MaxResults(maxResults int64) *DiskTypesAggregatedListCall {
-	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
-	return c
-}
-
-// OrderBy sets the optional parameter "orderBy": Sorts list results by
-// a certain order. By default, results are returned in alphanumerical
-// order based on the resource name. You can also sort results in
-// descending order based on the creation timestamp using
-// `orderBy="creationTimestamp desc". This sorts results based on the
-// `creationTimestamp` field in reverse chronological order (newest
-// result first). Use this to sort resources like operations so that the
-// newest operation is returned first. Currently, only sorting by `name`
-// or `creationTimestamp desc` is supported.
-func (c *DiskTypesAggregatedListCall) OrderBy(orderBy string) *DiskTypesAggregatedListCall {
-	c.urlParams_.Set("orderBy", orderBy)
-	return c
-}
-
-// PageToken sets the optional parameter "pageToken": Specifies a page
-// token to use. Set `pageToken` to the `nextPageToken` returned by a
-// previous list request to get the next page of results.
-func (c *DiskTypesAggregatedListCall) PageToken(pageToken string) *DiskTypesAggregatedListCall {
-	c.urlParams_.Set("pageToken", pageToken)
-	return c
-}
-
-// ReturnPartialSuccess sets the optional parameter
-// "returnPartialSuccess": Opt-in for partial success behavior which
-// provides partial results in case of failure. The default value is
-// false.
-func (c *DiskTypesAggregatedListCall) ReturnPartialSuccess(returnPartialSuccess bool) *DiskTypesAggregatedListCall {
-	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
+	c.zone = zone
 	return c
 }
 
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *DiskTypesAggregatedListCall) Fields(s ...googleapi.Field) *DiskTypesAggregatedListCall {
+func (c *DiskSettingsGetCall) Fields(s ...googleapi.Field) *DiskSettingsGetCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -79561,7 +82981,7 @@ func (c *DiskTypesAggregatedListCall) Fields(s ...googleapi.Field) *DiskTypesAgg
 // getting updates only after the object has changed since the last
 // request. Use googleapi.IsNotModified to check whether the response
 // error from Do is the result of In-None-Match.
-func (c *DiskTypesAggregatedListCall) IfNoneMatch(entityTag string) *DiskTypesAggregatedListCall {
+func (c *DiskSettingsGetCall) IfNoneMatch(entityTag string) *DiskSettingsGetCall {
 	c.ifNoneMatch_ = entityTag
 	return c
 }
@@ -79569,21 +82989,21 @@ func (c *DiskTypesAggregatedListCall) IfNoneMatch(entityTag string) *DiskTypesAg
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *DiskTypesAggregatedListCall) Context(ctx context.Context) *DiskTypesAggregatedListCall {
+func (c *DiskSettingsGetCall) Context(ctx context.Context) *DiskSettingsGetCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *DiskTypesAggregatedListCall) Header() http.Header {
+func (c *DiskSettingsGetCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *DiskTypesAggregatedListCall) doRequest(alt string) (*http.Response, error) {
+func (c *DiskSettingsGetCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -79596,7 +83016,7 @@ func (c *DiskTypesAggregatedListCall) doRequest(alt string) (*http.Response, err
 	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/aggregated/diskTypes")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/diskSettings")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("GET", urls, body)
 	if err != nil {
@@ -79605,18 +83025,19 @@ func (c *DiskTypesAggregatedListCall) doRequest(alt string) (*http.Response, err
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
 		"project": c.project,
+		"zone":    c.zone,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.diskTypes.aggregatedList" call.
-// Exactly one of *DiskTypeAggregatedList or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *DiskTypeAggregatedList.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *DiskTypesAggregatedListCall) Do(opts ...googleapi.CallOption) (*DiskTypeAggregatedList, error) {
+// Do executes the "compute.diskSettings.get" call.
+// Exactly one of *DiskSettings or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *DiskSettings.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *DiskSettingsGetCall) Do(opts ...googleapi.CallOption) (*DiskSettings, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -79635,7 +83056,7 @@ func (c *DiskTypesAggregatedListCall) Do(opts ...googleapi.CallOption) (*DiskTyp
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &DiskTypeAggregatedList{
+	ret := &DiskSettings{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -79647,42 +83068,15 @@ func (c *DiskTypesAggregatedListCall) Do(opts ...googleapi.CallOption) (*DiskTyp
 	}
 	return ret, nil
 	// {
-	//   "description": "Retrieves an aggregated list of disk types.",
-	//   "flatPath": "projects/{project}/aggregated/diskTypes",
+	//   "description": "Get Zonal Disk Settings.",
+	//   "flatPath": "projects/{project}/zones/{zone}/diskSettings",
 	//   "httpMethod": "GET",
-	//   "id": "compute.diskTypes.aggregatedList",
+	//   "id": "compute.diskSettings.get",
 	//   "parameterOrder": [
-	//     "project"
+	//     "project",
+	//     "zone"
 	//   ],
 	//   "parameters": {
-	//     "filter": {
-	//       "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "includeAllScopes": {
-	//       "description": "Indicates whether every visible scope for each scope type (zone, region, global) should be included in the response. For new resource types added after this field, the flag has no effect as new resource types will always include every visible scope for each scope type in response. For resource types which predate this field, if this flag is omitted or false, only scopes of the scope types where the resource type is expected to be found will be included.",
-	//       "location": "query",
-	//       "type": "boolean"
-	//     },
-	//     "maxResults": {
-	//       "default": "500",
-	//       "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
-	//       "format": "uint32",
-	//       "location": "query",
-	//       "minimum": "0",
-	//       "type": "integer"
-	//     },
-	//     "orderBy": {
-	//       "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "pageToken": {
-	//       "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
 	//     "project": {
 	//       "description": "Project ID for this request.",
 	//       "location": "path",
@@ -79690,15 +83084,17 @@ func (c *DiskTypesAggregatedListCall) Do(opts ...googleapi.CallOption) (*DiskTyp
 	//       "required": true,
 	//       "type": "string"
 	//     },
-	//     "returnPartialSuccess": {
-	//       "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
-	//       "location": "query",
-	//       "type": "boolean"
+	//     "zone": {
+	//       "description": "Name of the zone for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/aggregated/diskTypes",
+	//   "path": "projects/{project}/zones/{zone}/diskSettings",
 	//   "response": {
-	//     "$ref": "DiskTypeAggregatedList"
+	//     "$ref": "DiskSettings"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
@@ -79709,125 +83105,115 @@ func (c *DiskTypesAggregatedListCall) Do(opts ...googleapi.CallOption) (*DiskTyp
 
 }
 
-// Pages invokes f for each page of results.
-// A non-nil error returned from f will halt the iteration.
-// The provided context supersedes any context provided to the Context method.
-func (c *DiskTypesAggregatedListCall) Pages(ctx context.Context, f func(*DiskTypeAggregatedList) error) error {
-	c.ctx_ = ctx
-	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
-	for {
-		x, err := c.Do()
-		if err != nil {
-			return err
-		}
-		if err := f(x); err != nil {
-			return err
-		}
-		if x.NextPageToken == "" {
-			return nil
-		}
-		c.PageToken(x.NextPageToken)
-	}
-}
-
-// method id "compute.diskTypes.get":
+// method id "compute.diskSettings.patch":
 
-type DiskTypesGetCall struct {
+type DiskSettingsPatchCall struct {
 	s            *Service
 	project      string
 	zone         string
-	diskType     string
+	disksettings *DiskSettings
 	urlParams_   gensupport.URLParams
-	ifNoneMatch_ string
 	ctx_         context.Context
 	header_      http.Header
 }
 
-// Get: Returns the specified disk type. Gets a list of available disk
-// types by making a list() request.
+// Patch: Patch Zonal Disk Settings
 //
-// - diskType: Name of the disk type to return.
 // - project: Project ID for this request.
 // - zone: The name of the zone for this request.
-func (r *DiskTypesService) Get(project string, zone string, diskType string) *DiskTypesGetCall {
-	c := &DiskTypesGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *DiskSettingsService) Patch(project string, zone string, disksettings *DiskSettings) *DiskSettingsPatchCall {
+	c := &DiskSettingsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.zone = zone
-	c.diskType = diskType
+	c.disksettings = disksettings
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *DiskSettingsPatchCall) RequestId(requestId string) *DiskSettingsPatchCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// UpdateMask sets the optional parameter "updateMask": update_mask
+// indicates fields to be updated as part of this request.
+func (c *DiskSettingsPatchCall) UpdateMask(updateMask string) *DiskSettingsPatchCall {
+	c.urlParams_.Set("updateMask", updateMask)
 	return c
 }
 
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *DiskTypesGetCall) Fields(s ...googleapi.Field) *DiskTypesGetCall {
+func (c *DiskSettingsPatchCall) Fields(s ...googleapi.Field) *DiskSettingsPatchCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
 
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *DiskTypesGetCall) IfNoneMatch(entityTag string) *DiskTypesGetCall {
-	c.ifNoneMatch_ = entityTag
-	return c
-}
-
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *DiskTypesGetCall) Context(ctx context.Context) *DiskTypesGetCall {
+func (c *DiskSettingsPatchCall) Context(ctx context.Context) *DiskSettingsPatchCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *DiskTypesGetCall) Header() http.Header {
+func (c *DiskSettingsPatchCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *DiskTypesGetCall) doRequest(alt string) (*http.Response, error) {
+func (c *DiskSettingsPatchCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
 		reqHeaders[k] = v
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
 	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.disksettings)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/diskTypes/{diskType}")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/diskSettings")
 	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
+	req, err := http.NewRequest("PATCH", urls, body)
 	if err != nil {
 		return nil, err
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project":  c.project,
-		"zone":     c.zone,
-		"diskType": c.diskType,
+		"project": c.project,
+		"zone":    c.zone,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.diskTypes.get" call.
-// Exactly one of *DiskType or error will be non-nil. Any non-2xx status
-// code is an error. Response headers are in either
-// *DiskType.ServerResponse.Header or (if a response was returned at
+// Do executes the "compute.diskSettings.patch" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *DiskTypesGetCall) Do(opts ...googleapi.CallOption) (*DiskType, error) {
+func (c *DiskSettingsPatchCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -79846,7 +83232,7 @@ func (c *DiskTypesGetCall) Do(opts ...googleapi.CallOption) (*DiskType, error) {
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &DiskType{
+	ret := &Operation{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -79858,23 +83244,15 @@ func (c *DiskTypesGetCall) Do(opts ...googleapi.CallOption) (*DiskType, error) {
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified disk type. Gets a list of available disk types by making a list() request.",
-	//   "flatPath": "projects/{project}/zones/{zone}/diskTypes/{diskType}",
-	//   "httpMethod": "GET",
-	//   "id": "compute.diskTypes.get",
+	//   "description": "Patch Zonal Disk Settings",
+	//   "flatPath": "projects/{project}/zones/{zone}/diskSettings",
+	//   "httpMethod": "PATCH",
+	//   "id": "compute.diskSettings.patch",
 	//   "parameterOrder": [
 	//     "project",
-	//     "zone",
-	//     "diskType"
+	//     "zone"
 	//   ],
 	//   "parameters": {
-	//     "diskType": {
-	//       "description": "Name of the disk type to return.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-	//       "required": true,
-	//       "type": "string"
-	//     },
 	//     "project": {
 	//       "description": "Project ID for this request.",
 	//       "location": "path",
@@ -79882,6 +83260,17 @@ func (c *DiskTypesGetCall) Do(opts ...googleapi.CallOption) (*DiskType, error) {
 	//       "required": true,
 	//       "type": "string"
 	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "updateMask": {
+	//       "description": "update_mask indicates fields to be updated as part of this request.",
+	//       "format": "google-fieldmask",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
 	//     "zone": {
 	//       "description": "The name of the zone for this request.",
 	//       "location": "path",
@@ -79890,40 +83279,38 @@ func (c *DiskTypesGetCall) Do(opts ...googleapi.CallOption) (*DiskType, error) {
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/zones/{zone}/diskTypes/{diskType}",
+	//   "path": "projects/{project}/zones/{zone}/diskSettings",
+	//   "request": {
+	//     "$ref": "DiskSettings"
+	//   },
 	//   "response": {
-	//     "$ref": "DiskType"
+	//     "$ref": "Operation"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/compute",
-	//     "https://www.googleapis.com/auth/compute.readonly"
+	//     "https://www.googleapis.com/auth/compute"
 	//   ]
 	// }
 
 }
 
-// method id "compute.diskTypes.list":
+// method id "compute.diskTypes.aggregatedList":
 
-type DiskTypesListCall struct {
+type DiskTypesAggregatedListCall struct {
 	s            *Service
 	project      string
-	zone         string
 	urlParams_   gensupport.URLParams
 	ifNoneMatch_ string
 	ctx_         context.Context
 	header_      http.Header
 }
 
-// List: Retrieves a list of disk types available to the specified
-// project.
+// AggregatedList: Retrieves an aggregated list of disk types.
 //
 // - project: Project ID for this request.
-// - zone: The name of the zone for this request.
-func (r *DiskTypesService) List(project string, zone string) *DiskTypesListCall {
-	c := &DiskTypesListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *DiskTypesService) AggregatedList(project string) *DiskTypesAggregatedListCall {
+	c := &DiskTypesAggregatedListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.zone = zone
 	return c
 }
 
@@ -79962,18 +83349,31 @@ func (r *DiskTypesService) List(project string, zone string) *DiskTypesListCall
 // must match the entire field. For example, to filter for instances
 // that do not end with name "instance", you would use `name ne
 // .*instance`.
-func (c *DiskTypesListCall) Filter(filter string) *DiskTypesListCall {
+func (c *DiskTypesAggregatedListCall) Filter(filter string) *DiskTypesAggregatedListCall {
 	c.urlParams_.Set("filter", filter)
 	return c
 }
 
+// IncludeAllScopes sets the optional parameter "includeAllScopes":
+// Indicates whether every visible scope for each scope type (zone,
+// region, global) should be included in the response. For new resource
+// types added after this field, the flag has no effect as new resource
+// types will always include every visible scope for each scope type in
+// response. For resource types which predate this field, if this flag
+// is omitted or false, only scopes of the scope types where the
+// resource type is expected to be found will be included.
+func (c *DiskTypesAggregatedListCall) IncludeAllScopes(includeAllScopes bool) *DiskTypesAggregatedListCall {
+	c.urlParams_.Set("includeAllScopes", fmt.Sprint(includeAllScopes))
+	return c
+}
+
 // MaxResults sets the optional parameter "maxResults": The maximum
 // number of results per page that should be returned. If the number of
 // available results is larger than `maxResults`, Compute Engine returns
 // a `nextPageToken` that can be used to get the next page of results in
 // subsequent list requests. Acceptable values are `0` to `500`,
 // inclusive. (Default: `500`)
-func (c *DiskTypesListCall) MaxResults(maxResults int64) *DiskTypesListCall {
+func (c *DiskTypesAggregatedListCall) MaxResults(maxResults int64) *DiskTypesAggregatedListCall {
 	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
 	return c
 }
@@ -79987,7 +83387,7 @@ func (c *DiskTypesListCall) MaxResults(maxResults int64) *DiskTypesListCall {
 // result first). Use this to sort resources like operations so that the
 // newest operation is returned first. Currently, only sorting by `name`
 // or `creationTimestamp desc` is supported.
-func (c *DiskTypesListCall) OrderBy(orderBy string) *DiskTypesListCall {
+func (c *DiskTypesAggregatedListCall) OrderBy(orderBy string) *DiskTypesAggregatedListCall {
 	c.urlParams_.Set("orderBy", orderBy)
 	return c
 }
@@ -79995,7 +83395,7 @@ func (c *DiskTypesListCall) OrderBy(orderBy string) *DiskTypesListCall {
 // PageToken sets the optional parameter "pageToken": Specifies a page
 // token to use. Set `pageToken` to the `nextPageToken` returned by a
 // previous list request to get the next page of results.
-func (c *DiskTypesListCall) PageToken(pageToken string) *DiskTypesListCall {
+func (c *DiskTypesAggregatedListCall) PageToken(pageToken string) *DiskTypesAggregatedListCall {
 	c.urlParams_.Set("pageToken", pageToken)
 	return c
 }
@@ -80004,7 +83404,7 @@ func (c *DiskTypesListCall) PageToken(pageToken string) *DiskTypesListCall {
 // "returnPartialSuccess": Opt-in for partial success behavior which
 // provides partial results in case of failure. The default value is
 // false.
-func (c *DiskTypesListCall) ReturnPartialSuccess(returnPartialSuccess bool) *DiskTypesListCall {
+func (c *DiskTypesAggregatedListCall) ReturnPartialSuccess(returnPartialSuccess bool) *DiskTypesAggregatedListCall {
 	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
 	return c
 }
@@ -80012,7 +83412,7 @@ func (c *DiskTypesListCall) ReturnPartialSuccess(returnPartialSuccess bool) *Dis
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *DiskTypesListCall) Fields(s ...googleapi.Field) *DiskTypesListCall {
+func (c *DiskTypesAggregatedListCall) Fields(s ...googleapi.Field) *DiskTypesAggregatedListCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -80022,7 +83422,7 @@ func (c *DiskTypesListCall) Fields(s ...googleapi.Field) *DiskTypesListCall {
 // getting updates only after the object has changed since the last
 // request. Use googleapi.IsNotModified to check whether the response
 // error from Do is the result of In-None-Match.
-func (c *DiskTypesListCall) IfNoneMatch(entityTag string) *DiskTypesListCall {
+func (c *DiskTypesAggregatedListCall) IfNoneMatch(entityTag string) *DiskTypesAggregatedListCall {
 	c.ifNoneMatch_ = entityTag
 	return c
 }
@@ -80030,21 +83430,21 @@ func (c *DiskTypesListCall) IfNoneMatch(entityTag string) *DiskTypesListCall {
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *DiskTypesListCall) Context(ctx context.Context) *DiskTypesListCall {
+func (c *DiskTypesAggregatedListCall) Context(ctx context.Context) *DiskTypesAggregatedListCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *DiskTypesListCall) Header() http.Header {
+func (c *DiskTypesAggregatedListCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *DiskTypesListCall) doRequest(alt string) (*http.Response, error) {
+func (c *DiskTypesAggregatedListCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -80057,7 +83457,7 @@ func (c *DiskTypesListCall) doRequest(alt string) (*http.Response, error) {
 	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/diskTypes")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/aggregated/diskTypes")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("GET", urls, body)
 	if err != nil {
@@ -80066,19 +83466,18 @@ func (c *DiskTypesListCall) doRequest(alt string) (*http.Response, error) {
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
 		"project": c.project,
-		"zone":    c.zone,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.diskTypes.list" call.
-// Exactly one of *DiskTypeList or error will be non-nil. Any non-2xx
-// status code is an error. Response headers are in either
-// *DiskTypeList.ServerResponse.Header or (if a response was returned at
-// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
-// to check whether the returned error was because
-// http.StatusNotModified was returned.
-func (c *DiskTypesListCall) Do(opts ...googleapi.CallOption) (*DiskTypeList, error) {
+// Do executes the "compute.diskTypes.aggregatedList" call.
+// Exactly one of *DiskTypeAggregatedList or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *DiskTypeAggregatedList.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *DiskTypesAggregatedListCall) Do(opts ...googleapi.CallOption) (*DiskTypeAggregatedList, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -80097,7 +83496,7 @@ func (c *DiskTypesListCall) Do(opts ...googleapi.CallOption) (*DiskTypeList, err
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &DiskTypeList{
+	ret := &DiskTypeAggregatedList{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -80109,13 +83508,12 @@ func (c *DiskTypesListCall) Do(opts ...googleapi.CallOption) (*DiskTypeList, err
 	}
 	return ret, nil
 	// {
-	//   "description": "Retrieves a list of disk types available to the specified project.",
-	//   "flatPath": "projects/{project}/zones/{zone}/diskTypes",
+	//   "description": "Retrieves an aggregated list of disk types.",
+	//   "flatPath": "projects/{project}/aggregated/diskTypes",
 	//   "httpMethod": "GET",
-	//   "id": "compute.diskTypes.list",
+	//   "id": "compute.diskTypes.aggregatedList",
 	//   "parameterOrder": [
-	//     "project",
-	//     "zone"
+	//     "project"
 	//   ],
 	//   "parameters": {
 	//     "filter": {
@@ -80123,6 +83521,11 @@ func (c *DiskTypesListCall) Do(opts ...googleapi.CallOption) (*DiskTypeList, err
 	//       "location": "query",
 	//       "type": "string"
 	//     },
+	//     "includeAllScopes": {
+	//       "description": "Indicates whether every visible scope for each scope type (zone, region, global) should be included in the response. For new resource types added after this field, the flag has no effect as new resource types will always include every visible scope for each scope type in response. For resource types which predate this field, if this flag is omitted or false, only scopes of the scope types where the resource type is expected to be found will be included.",
+	//       "location": "query",
+	//       "type": "boolean"
+	//     },
 	//     "maxResults": {
 	//       "default": "500",
 	//       "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
@@ -80152,18 +83555,11 @@ func (c *DiskTypesListCall) Do(opts ...googleapi.CallOption) (*DiskTypeList, err
 	//       "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
 	//       "location": "query",
 	//       "type": "boolean"
-	//     },
-	//     "zone": {
-	//       "description": "The name of the zone for this request.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-	//       "required": true,
-	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/zones/{zone}/diskTypes",
+	//   "path": "projects/{project}/aggregated/diskTypes",
 	//   "response": {
-	//     "$ref": "DiskTypeList"
+	//     "$ref": "DiskTypeAggregatedList"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
@@ -80177,7 +83573,7 @@ func (c *DiskTypesListCall) Do(opts ...googleapi.CallOption) (*DiskTypeList, err
 // Pages invokes f for each page of results.
 // A non-nil error returned from f will halt the iteration.
 // The provided context supersedes any context provided to the Context method.
-func (c *DiskTypesListCall) Pages(ctx context.Context, f func(*DiskTypeList) error) error {
+func (c *DiskTypesAggregatedListCall) Pages(ctx context.Context, f func(*DiskTypeAggregatedList) error) error {
 	c.ctx_ = ctx
 	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
 	for {
@@ -80195,114 +83591,103 @@ func (c *DiskTypesListCall) Pages(ctx context.Context, f func(*DiskTypeList) err
 	}
 }
 
-// method id "compute.disks.addResourcePolicies":
+// method id "compute.diskTypes.get":
 
-type DisksAddResourcePoliciesCall struct {
-	s                               *Service
-	project                         string
-	zone                            string
-	disk                            string
-	disksaddresourcepoliciesrequest *DisksAddResourcePoliciesRequest
-	urlParams_                      gensupport.URLParams
-	ctx_                            context.Context
-	header_                         http.Header
+type DiskTypesGetCall struct {
+	s            *Service
+	project      string
+	zone         string
+	diskType     string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
 }
 
-// AddResourcePolicies: Adds existing resource policies to a disk. You
-// can only add one policy which will be applied to this disk for
-// scheduling snapshot creation.
+// Get: Returns the specified disk type.
 //
-// - disk: The disk name for this request.
+// - diskType: Name of the disk type to return.
 // - project: Project ID for this request.
 // - zone: The name of the zone for this request.
-func (r *DisksService) AddResourcePolicies(project string, zone string, disk string, disksaddresourcepoliciesrequest *DisksAddResourcePoliciesRequest) *DisksAddResourcePoliciesCall {
-	c := &DisksAddResourcePoliciesCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *DiskTypesService) Get(project string, zone string, diskType string) *DiskTypesGetCall {
+	c := &DiskTypesGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.zone = zone
-	c.disk = disk
-	c.disksaddresourcepoliciesrequest = disksaddresourcepoliciesrequest
-	return c
-}
-
-// RequestId sets the optional parameter "requestId": An optional
-// request ID to identify requests. Specify a unique request ID so that
-// if you must retry your request, the server will know to ignore the
-// request if it has already been completed. For example, consider a
-// situation where you make an initial request and the request times
-// out. If you make the request again with the same request ID, the
-// server can check if original operation with the same request ID was
-// received, and if so, will ignore the second request. This prevents
-// clients from accidentally creating duplicate commitments. The request
-// ID must be a valid UUID with the exception that zero UUID is not
-// supported ( 00000000-0000-0000-0000-000000000000).
-func (c *DisksAddResourcePoliciesCall) RequestId(requestId string) *DisksAddResourcePoliciesCall {
-	c.urlParams_.Set("requestId", requestId)
+	c.diskType = diskType
 	return c
 }
 
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *DisksAddResourcePoliciesCall) Fields(s ...googleapi.Field) *DisksAddResourcePoliciesCall {
+func (c *DiskTypesGetCall) Fields(s ...googleapi.Field) *DiskTypesGetCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
 
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *DiskTypesGetCall) IfNoneMatch(entityTag string) *DiskTypesGetCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *DisksAddResourcePoliciesCall) Context(ctx context.Context) *DisksAddResourcePoliciesCall {
+func (c *DiskTypesGetCall) Context(ctx context.Context) *DiskTypesGetCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *DisksAddResourcePoliciesCall) Header() http.Header {
+func (c *DiskTypesGetCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *DisksAddResourcePoliciesCall) doRequest(alt string) (*http.Response, error) {
+func (c *DiskTypesGetCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
 		reqHeaders[k] = v
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.disksaddresourcepoliciesrequest)
-	if err != nil {
-		return nil, err
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
 	}
-	reqHeaders.Set("Content-Type", "application/json")
+	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/disks/{disk}/addResourcePolicies")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/diskTypes/{diskType}")
 	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("POST", urls, body)
+	req, err := http.NewRequest("GET", urls, body)
 	if err != nil {
 		return nil, err
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project": c.project,
-		"zone":    c.zone,
-		"disk":    c.disk,
+		"project":  c.project,
+		"zone":     c.zone,
+		"diskType": c.diskType,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.disks.addResourcePolicies" call.
-// Exactly one of *Operation or error will be non-nil. Any non-2xx
-// status code is an error. Response headers are in either
-// *Operation.ServerResponse.Header or (if a response was returned at
+// Do executes the "compute.diskTypes.get" call.
+// Exactly one of *DiskType or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *DiskType.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *DisksAddResourcePoliciesCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *DiskTypesGetCall) Do(opts ...googleapi.CallOption) (*DiskType, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -80321,7 +83706,7 @@ func (c *DisksAddResourcePoliciesCall) Do(opts ...googleapi.CallOption) (*Operat
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &Operation{
+	ret := &DiskType{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -80333,18 +83718,18 @@ func (c *DisksAddResourcePoliciesCall) Do(opts ...googleapi.CallOption) (*Operat
 	}
 	return ret, nil
 	// {
-	//   "description": "Adds existing resource policies to a disk. You can only add one policy which will be applied to this disk for scheduling snapshot creation.",
-	//   "flatPath": "projects/{project}/zones/{zone}/disks/{disk}/addResourcePolicies",
-	//   "httpMethod": "POST",
-	//   "id": "compute.disks.addResourcePolicies",
+	//   "description": "Returns the specified disk type.",
+	//   "flatPath": "projects/{project}/zones/{zone}/diskTypes/{diskType}",
+	//   "httpMethod": "GET",
+	//   "id": "compute.diskTypes.get",
 	//   "parameterOrder": [
 	//     "project",
 	//     "zone",
-	//     "disk"
+	//     "diskType"
 	//   ],
 	//   "parameters": {
-	//     "disk": {
-	//       "description": "The disk name for this request.",
+	//     "diskType": {
+	//       "description": "Name of the disk type to return.",
 	//       "location": "path",
 	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 	//       "required": true,
@@ -80357,11 +83742,6 @@ func (c *DisksAddResourcePoliciesCall) Do(opts ...googleapi.CallOption) (*Operat
 	//       "required": true,
 	//       "type": "string"
 	//     },
-	//     "requestId": {
-	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
 	//     "zone": {
 	//       "description": "The name of the zone for this request.",
 	//       "location": "path",
@@ -80370,38 +83750,40 @@ func (c *DisksAddResourcePoliciesCall) Do(opts ...googleapi.CallOption) (*Operat
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/zones/{zone}/disks/{disk}/addResourcePolicies",
-	//   "request": {
-	//     "$ref": "DisksAddResourcePoliciesRequest"
-	//   },
+	//   "path": "projects/{project}/zones/{zone}/diskTypes/{diskType}",
 	//   "response": {
-	//     "$ref": "Operation"
+	//     "$ref": "DiskType"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/compute"
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
 	//   ]
 	// }
 
 }
 
-// method id "compute.disks.aggregatedList":
+// method id "compute.diskTypes.list":
 
-type DisksAggregatedListCall struct {
+type DiskTypesListCall struct {
 	s            *Service
 	project      string
+	zone         string
 	urlParams_   gensupport.URLParams
 	ifNoneMatch_ string
 	ctx_         context.Context
 	header_      http.Header
 }
 
-// AggregatedList: Retrieves an aggregated list of persistent disks.
+// List: Retrieves a list of disk types available to the specified
+// project.
 //
 // - project: Project ID for this request.
-func (r *DisksService) AggregatedList(project string) *DisksAggregatedListCall {
-	c := &DisksAggregatedListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - zone: The name of the zone for this request.
+func (r *DiskTypesService) List(project string, zone string) *DiskTypesListCall {
+	c := &DiskTypesListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
+	c.zone = zone
 	return c
 }
 
@@ -80440,31 +83822,18 @@ func (r *DisksService) AggregatedList(project string) *DisksAggregatedListCall {
 // must match the entire field. For example, to filter for instances
 // that do not end with name "instance", you would use `name ne
 // .*instance`.
-func (c *DisksAggregatedListCall) Filter(filter string) *DisksAggregatedListCall {
+func (c *DiskTypesListCall) Filter(filter string) *DiskTypesListCall {
 	c.urlParams_.Set("filter", filter)
 	return c
 }
 
-// IncludeAllScopes sets the optional parameter "includeAllScopes":
-// Indicates whether every visible scope for each scope type (zone,
-// region, global) should be included in the response. For new resource
-// types added after this field, the flag has no effect as new resource
-// types will always include every visible scope for each scope type in
-// response. For resource types which predate this field, if this flag
-// is omitted or false, only scopes of the scope types where the
-// resource type is expected to be found will be included.
-func (c *DisksAggregatedListCall) IncludeAllScopes(includeAllScopes bool) *DisksAggregatedListCall {
-	c.urlParams_.Set("includeAllScopes", fmt.Sprint(includeAllScopes))
-	return c
-}
-
 // MaxResults sets the optional parameter "maxResults": The maximum
 // number of results per page that should be returned. If the number of
 // available results is larger than `maxResults`, Compute Engine returns
 // a `nextPageToken` that can be used to get the next page of results in
 // subsequent list requests. Acceptable values are `0` to `500`,
 // inclusive. (Default: `500`)
-func (c *DisksAggregatedListCall) MaxResults(maxResults int64) *DisksAggregatedListCall {
+func (c *DiskTypesListCall) MaxResults(maxResults int64) *DiskTypesListCall {
 	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
 	return c
 }
@@ -80478,7 +83847,7 @@ func (c *DisksAggregatedListCall) MaxResults(maxResults int64) *DisksAggregatedL
 // result first). Use this to sort resources like operations so that the
 // newest operation is returned first. Currently, only sorting by `name`
 // or `creationTimestamp desc` is supported.
-func (c *DisksAggregatedListCall) OrderBy(orderBy string) *DisksAggregatedListCall {
+func (c *DiskTypesListCall) OrderBy(orderBy string) *DiskTypesListCall {
 	c.urlParams_.Set("orderBy", orderBy)
 	return c
 }
@@ -80486,7 +83855,7 @@ func (c *DisksAggregatedListCall) OrderBy(orderBy string) *DisksAggregatedListCa
 // PageToken sets the optional parameter "pageToken": Specifies a page
 // token to use. Set `pageToken` to the `nextPageToken` returned by a
 // previous list request to get the next page of results.
-func (c *DisksAggregatedListCall) PageToken(pageToken string) *DisksAggregatedListCall {
+func (c *DiskTypesListCall) PageToken(pageToken string) *DiskTypesListCall {
 	c.urlParams_.Set("pageToken", pageToken)
 	return c
 }
@@ -80495,7 +83864,7 @@ func (c *DisksAggregatedListCall) PageToken(pageToken string) *DisksAggregatedLi
 // "returnPartialSuccess": Opt-in for partial success behavior which
 // provides partial results in case of failure. The default value is
 // false.
-func (c *DisksAggregatedListCall) ReturnPartialSuccess(returnPartialSuccess bool) *DisksAggregatedListCall {
+func (c *DiskTypesListCall) ReturnPartialSuccess(returnPartialSuccess bool) *DiskTypesListCall {
 	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
 	return c
 }
@@ -80503,7 +83872,7 @@ func (c *DisksAggregatedListCall) ReturnPartialSuccess(returnPartialSuccess bool
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *DisksAggregatedListCall) Fields(s ...googleapi.Field) *DisksAggregatedListCall {
+func (c *DiskTypesListCall) Fields(s ...googleapi.Field) *DiskTypesListCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -80513,7 +83882,7 @@ func (c *DisksAggregatedListCall) Fields(s ...googleapi.Field) *DisksAggregatedL
 // getting updates only after the object has changed since the last
 // request. Use googleapi.IsNotModified to check whether the response
 // error from Do is the result of In-None-Match.
-func (c *DisksAggregatedListCall) IfNoneMatch(entityTag string) *DisksAggregatedListCall {
+func (c *DiskTypesListCall) IfNoneMatch(entityTag string) *DiskTypesListCall {
 	c.ifNoneMatch_ = entityTag
 	return c
 }
@@ -80521,21 +83890,21 @@ func (c *DisksAggregatedListCall) IfNoneMatch(entityTag string) *DisksAggregated
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *DisksAggregatedListCall) Context(ctx context.Context) *DisksAggregatedListCall {
+func (c *DiskTypesListCall) Context(ctx context.Context) *DiskTypesListCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *DisksAggregatedListCall) Header() http.Header {
+func (c *DiskTypesListCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *DisksAggregatedListCall) doRequest(alt string) (*http.Response, error) {
+func (c *DiskTypesListCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -80548,7 +83917,7 @@ func (c *DisksAggregatedListCall) doRequest(alt string) (*http.Response, error)
 	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/aggregated/disks")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/diskTypes")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("GET", urls, body)
 	if err != nil {
@@ -80557,18 +83926,19 @@ func (c *DisksAggregatedListCall) doRequest(alt string) (*http.Response, error)
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
 		"project": c.project,
+		"zone":    c.zone,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.disks.aggregatedList" call.
-// Exactly one of *DiskAggregatedList or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *DiskAggregatedList.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *DisksAggregatedListCall) Do(opts ...googleapi.CallOption) (*DiskAggregatedList, error) {
+// Do executes the "compute.diskTypes.list" call.
+// Exactly one of *DiskTypeList or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *DiskTypeList.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *DiskTypesListCall) Do(opts ...googleapi.CallOption) (*DiskTypeList, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -80587,7 +83957,7 @@ func (c *DisksAggregatedListCall) Do(opts ...googleapi.CallOption) (*DiskAggrega
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &DiskAggregatedList{
+	ret := &DiskTypeList{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -80599,12 +83969,13 @@ func (c *DisksAggregatedListCall) Do(opts ...googleapi.CallOption) (*DiskAggrega
 	}
 	return ret, nil
 	// {
-	//   "description": "Retrieves an aggregated list of persistent disks.",
-	//   "flatPath": "projects/{project}/aggregated/disks",
+	//   "description": "Retrieves a list of disk types available to the specified project.",
+	//   "flatPath": "projects/{project}/zones/{zone}/diskTypes",
 	//   "httpMethod": "GET",
-	//   "id": "compute.disks.aggregatedList",
+	//   "id": "compute.diskTypes.list",
 	//   "parameterOrder": [
-	//     "project"
+	//     "project",
+	//     "zone"
 	//   ],
 	//   "parameters": {
 	//     "filter": {
@@ -80612,11 +83983,500 @@ func (c *DisksAggregatedListCall) Do(opts ...googleapi.CallOption) (*DiskAggrega
 	//       "location": "query",
 	//       "type": "string"
 	//     },
-	//     "includeAllScopes": {
-	//       "description": "Indicates whether every visible scope for each scope type (zone, region, global) should be included in the response. For new resource types added after this field, the flag has no effect as new resource types will always include every visible scope for each scope type in response. For resource types which predate this field, if this flag is omitted or false, only scopes of the scope types where the resource type is expected to be found will be included.",
-	//       "location": "query",
-	//       "type": "boolean"
-	//     },
+	//     "maxResults": {
+	//       "default": "500",
+	//       "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+	//       "format": "uint32",
+	//       "location": "query",
+	//       "minimum": "0",
+	//       "type": "integer"
+	//     },
+	//     "orderBy": {
+	//       "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "pageToken": {
+	//       "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "returnPartialSuccess": {
+	//       "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+	//       "location": "query",
+	//       "type": "boolean"
+	//     },
+	//     "zone": {
+	//       "description": "The name of the zone for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/zones/{zone}/diskTypes",
+	//   "response": {
+	//     "$ref": "DiskTypeList"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
+	//   ]
+	// }
+
+}
+
+// Pages invokes f for each page of results.
+// A non-nil error returned from f will halt the iteration.
+// The provided context supersedes any context provided to the Context method.
+func (c *DiskTypesListCall) Pages(ctx context.Context, f func(*DiskTypeList) error) error {
+	c.ctx_ = ctx
+	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
+	for {
+		x, err := c.Do()
+		if err != nil {
+			return err
+		}
+		if err := f(x); err != nil {
+			return err
+		}
+		if x.NextPageToken == "" {
+			return nil
+		}
+		c.PageToken(x.NextPageToken)
+	}
+}
+
+// method id "compute.disks.addResourcePolicies":
+
+type DisksAddResourcePoliciesCall struct {
+	s                               *Service
+	project                         string
+	zone                            string
+	disk                            string
+	disksaddresourcepoliciesrequest *DisksAddResourcePoliciesRequest
+	urlParams_                      gensupport.URLParams
+	ctx_                            context.Context
+	header_                         http.Header
+}
+
+// AddResourcePolicies: Adds existing resource policies to a disk. You
+// can only add one policy which will be applied to this disk for
+// scheduling snapshot creation.
+//
+// - disk: The disk name for this request.
+// - project: Project ID for this request.
+// - zone: The name of the zone for this request.
+func (r *DisksService) AddResourcePolicies(project string, zone string, disk string, disksaddresourcepoliciesrequest *DisksAddResourcePoliciesRequest) *DisksAddResourcePoliciesCall {
+	c := &DisksAddResourcePoliciesCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.zone = zone
+	c.disk = disk
+	c.disksaddresourcepoliciesrequest = disksaddresourcepoliciesrequest
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *DisksAddResourcePoliciesCall) RequestId(requestId string) *DisksAddResourcePoliciesCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *DisksAddResourcePoliciesCall) Fields(s ...googleapi.Field) *DisksAddResourcePoliciesCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *DisksAddResourcePoliciesCall) Context(ctx context.Context) *DisksAddResourcePoliciesCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *DisksAddResourcePoliciesCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *DisksAddResourcePoliciesCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.disksaddresourcepoliciesrequest)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/disks/{disk}/addResourcePolicies")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+		"zone":    c.zone,
+		"disk":    c.disk,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.disks.addResourcePolicies" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *DisksAddResourcePoliciesCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Adds existing resource policies to a disk. You can only add one policy which will be applied to this disk for scheduling snapshot creation.",
+	//   "flatPath": "projects/{project}/zones/{zone}/disks/{disk}/addResourcePolicies",
+	//   "httpMethod": "POST",
+	//   "id": "compute.disks.addResourcePolicies",
+	//   "parameterOrder": [
+	//     "project",
+	//     "zone",
+	//     "disk"
+	//   ],
+	//   "parameters": {
+	//     "disk": {
+	//       "description": "The disk name for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "zone": {
+	//       "description": "The name of the zone for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/zones/{zone}/disks/{disk}/addResourcePolicies",
+	//   "request": {
+	//     "$ref": "DisksAddResourcePoliciesRequest"
+	//   },
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.disks.aggregatedList":
+
+type DisksAggregatedListCall struct {
+	s            *Service
+	project      string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// AggregatedList: Retrieves an aggregated list of persistent disks.
+//
+// - project: Project ID for this request.
+func (r *DisksService) AggregatedList(project string) *DisksAggregatedListCall {
+	c := &DisksAggregatedListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	return c
+}
+
+// Filter sets the optional parameter "filter": A filter expression that
+// filters resources listed in the response. Most Compute resources
+// support two types of filter expressions: expressions that support
+// regular expressions and expressions that follow API improvement
+// proposal AIP-160. If you want to use AIP-160, your expression must
+// specify the field name, an operator, and the value that you want to
+// use for filtering. The value must be a string, a number, or a
+// boolean. The operator must be either `=`, `!=`, `>`, `<`, `<=`, `>=`
+// or `:`. For example, if you are filtering Compute Engine instances,
+// you can exclude instances named `example-instance` by specifying
+// `name != example-instance`. The `:` operator can be used with string
+// fields to match substrings. For non-string fields it is equivalent to
+// the `=` operator. The `:*` comparison can be used to test whether a
+// key has been defined. For example, to find all objects with `owner`
+// label use: ``` labels.owner:* ``` You can also filter nested fields.
+// For example, you could specify `scheduling.automaticRestart = false`
+// to include instances only if they are not scheduled for automatic
+// restarts. You can use filtering on nested fields to filter based on
+// resource labels. To filter on multiple expressions, provide each
+// separate expression within parentheses. For example: ```
+// (scheduling.automaticRestart = true) (cpuPlatform = "Intel Skylake")
+// ``` By default, each expression is an `AND` expression. However, you
+// can include `AND` and `OR` expressions explicitly. For example: ```
+// (cpuPlatform = "Intel Skylake") OR (cpuPlatform = "Intel Broadwell")
+// AND (scheduling.automaticRestart = true) ``` If you want to use a
+// regular expression, use the `eq` (equal) or `ne` (not equal) operator
+// against a single un-parenthesized expression with or without quotes
+// or against multiple parenthesized expressions. Examples: `fieldname
+// eq unquoted literal` `fieldname eq 'single quoted literal'`
+// `fieldname eq "double quoted literal" `(fieldname1 eq literal)
+// (fieldname2 ne "literal")` The literal value is interpreted as a
+// regular expression using Google RE2 library syntax. The literal value
+// must match the entire field. For example, to filter for instances
+// that do not end with name "instance", you would use `name ne
+// .*instance`.
+func (c *DisksAggregatedListCall) Filter(filter string) *DisksAggregatedListCall {
+	c.urlParams_.Set("filter", filter)
+	return c
+}
+
+// IncludeAllScopes sets the optional parameter "includeAllScopes":
+// Indicates whether every visible scope for each scope type (zone,
+// region, global) should be included in the response. For new resource
+// types added after this field, the flag has no effect as new resource
+// types will always include every visible scope for each scope type in
+// response. For resource types which predate this field, if this flag
+// is omitted or false, only scopes of the scope types where the
+// resource type is expected to be found will be included.
+func (c *DisksAggregatedListCall) IncludeAllScopes(includeAllScopes bool) *DisksAggregatedListCall {
+	c.urlParams_.Set("includeAllScopes", fmt.Sprint(includeAllScopes))
+	return c
+}
+
+// MaxResults sets the optional parameter "maxResults": The maximum
+// number of results per page that should be returned. If the number of
+// available results is larger than `maxResults`, Compute Engine returns
+// a `nextPageToken` that can be used to get the next page of results in
+// subsequent list requests. Acceptable values are `0` to `500`,
+// inclusive. (Default: `500`)
+func (c *DisksAggregatedListCall) MaxResults(maxResults int64) *DisksAggregatedListCall {
+	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
+	return c
+}
+
+// OrderBy sets the optional parameter "orderBy": Sorts list results by
+// a certain order. By default, results are returned in alphanumerical
+// order based on the resource name. You can also sort results in
+// descending order based on the creation timestamp using
+// `orderBy="creationTimestamp desc". This sorts results based on the
+// `creationTimestamp` field in reverse chronological order (newest
+// result first). Use this to sort resources like operations so that the
+// newest operation is returned first. Currently, only sorting by `name`
+// or `creationTimestamp desc` is supported.
+func (c *DisksAggregatedListCall) OrderBy(orderBy string) *DisksAggregatedListCall {
+	c.urlParams_.Set("orderBy", orderBy)
+	return c
+}
+
+// PageToken sets the optional parameter "pageToken": Specifies a page
+// token to use. Set `pageToken` to the `nextPageToken` returned by a
+// previous list request to get the next page of results.
+func (c *DisksAggregatedListCall) PageToken(pageToken string) *DisksAggregatedListCall {
+	c.urlParams_.Set("pageToken", pageToken)
+	return c
+}
+
+// ReturnPartialSuccess sets the optional parameter
+// "returnPartialSuccess": Opt-in for partial success behavior which
+// provides partial results in case of failure. The default value is
+// false.
+func (c *DisksAggregatedListCall) ReturnPartialSuccess(returnPartialSuccess bool) *DisksAggregatedListCall {
+	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *DisksAggregatedListCall) Fields(s ...googleapi.Field) *DisksAggregatedListCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *DisksAggregatedListCall) IfNoneMatch(entityTag string) *DisksAggregatedListCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *DisksAggregatedListCall) Context(ctx context.Context) *DisksAggregatedListCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *DisksAggregatedListCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *DisksAggregatedListCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/aggregated/disks")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.disks.aggregatedList" call.
+// Exactly one of *DiskAggregatedList or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *DiskAggregatedList.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *DisksAggregatedListCall) Do(opts ...googleapi.CallOption) (*DiskAggregatedList, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &DiskAggregatedList{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Retrieves an aggregated list of persistent disks.",
+	//   "flatPath": "projects/{project}/aggregated/disks",
+	//   "httpMethod": "GET",
+	//   "id": "compute.disks.aggregatedList",
+	//   "parameterOrder": [
+	//     "project"
+	//   ],
+	//   "parameters": {
+	//     "filter": {
+	//       "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "includeAllScopes": {
+	//       "description": "Indicates whether every visible scope for each scope type (zone, region, global) should be included in the response. For new resource types added after this field, the flag has no effect as new resource types will always include every visible scope for each scope type in response. For resource types which predate this field, if this flag is omitted or false, only scopes of the scope types where the resource type is expected to be found will be included.",
+	//       "location": "query",
+	//       "type": "boolean"
+	//     },
 	//     "maxResults": {
 	//       "default": "500",
 	//       "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
@@ -81255,8 +85115,7 @@ type DisksGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns a specified persistent disk. Gets a list of available
-// persistent disks by making a list() request.
+// Get: Returns the specified persistent disk.
 //
 // - disk: Name of the persistent disk to return.
 // - project: Project ID for this request.
@@ -81370,7 +85229,7 @@ func (c *DisksGetCall) Do(opts ...googleapi.CallOption) (*Disk, error) {
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns a specified persistent disk. Gets a list of available persistent disks by making a list() request.",
+	//   "description": "Returns the specified persistent disk.",
 	//   "flatPath": "projects/{project}/zones/{zone}/disks/{disk}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.disks.get",
@@ -83012,14 +86871,13 @@ func (c *DisksStartAsyncReplicationCall) Do(opts ...googleapi.CallOption) (*Oper
 // method id "compute.disks.stopAsyncReplication":
 
 type DisksStopAsyncReplicationCall struct {
-	s                                *Service
-	project                          string
-	zone                             string
-	disk                             string
-	disksstopasyncreplicationrequest *DisksStopAsyncReplicationRequest
-	urlParams_                       gensupport.URLParams
-	ctx_                             context.Context
-	header_                          http.Header
+	s          *Service
+	project    string
+	zone       string
+	disk       string
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
 }
 
 // StopAsyncReplication: Stops asynchronous replication. Can be invoked
@@ -83028,12 +86886,11 @@ type DisksStopAsyncReplicationCall struct {
 // - disk: The name of the persistent disk.
 // - project: Project ID for this request.
 // - zone: The name of the zone for this request.
-func (r *DisksService) StopAsyncReplication(project string, zone string, disk string, disksstopasyncreplicationrequest *DisksStopAsyncReplicationRequest) *DisksStopAsyncReplicationCall {
+func (r *DisksService) StopAsyncReplication(project string, zone string, disk string) *DisksStopAsyncReplicationCall {
 	c := &DisksStopAsyncReplicationCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.zone = zone
 	c.disk = disk
-	c.disksstopasyncreplicationrequest = disksstopasyncreplicationrequest
 	return c
 }
 
@@ -83086,11 +86943,6 @@ func (c *DisksStopAsyncReplicationCall) doRequest(alt string) (*http.Response, e
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.disksstopasyncreplicationrequest)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
 	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/disks/{disk}/stopAsyncReplication")
@@ -83184,9 +87036,6 @@ func (c *DisksStopAsyncReplicationCall) Do(opts ...googleapi.CallOption) (*Opera
 	//     }
 	//   },
 	//   "path": "projects/{project}/zones/{zone}/disks/{disk}/stopAsyncReplication",
-	//   "request": {
-	//     "$ref": "DisksStopAsyncReplicationRequest"
-	//   },
 	//   "response": {
 	//     "$ref": "Operation"
 	//   },
@@ -86396,7 +90245,9 @@ func (c *FirewallPoliciesListCall) PageToken(pageToken string) *FirewallPolicies
 }
 
 // ParentId sets the optional parameter "parentId": Parent ID for this
-// request.
+// request. The ID can be either be "folders/[FOLDER_ID]" if the parent
+// is a folder or "organizations/[ORGANIZATION_ID]" if the parent is an
+// organization.
 func (c *FirewallPoliciesListCall) ParentId(parentId string) *FirewallPoliciesListCall {
 	c.urlParams_.Set("parentId", parentId)
 	return c
@@ -86536,7 +90387,7 @@ func (c *FirewallPoliciesListCall) Do(opts ...googleapi.CallOption) (*FirewallPo
 	//       "type": "string"
 	//     },
 	//     "parentId": {
-	//       "description": "Parent ID for this request.",
+	//       "description": "Parent ID for this request. The ID can be either be \"folders/[FOLDER_ID]\" if the parent is a folder or \"organizations/[ORGANIZATION_ID]\" if the parent is an organization.",
 	//       "location": "query",
 	//       "type": "string"
 	//     },
@@ -86747,7 +90598,9 @@ func (r *FirewallPoliciesService) Move(firewallPolicy string) *FirewallPoliciesM
 }
 
 // ParentId sets the optional parameter "parentId": The new parent of
-// the firewall policy.
+// the firewall policy. The ID can be either be "folders/[FOLDER_ID]" if
+// the parent is a folder or "organizations/[ORGANIZATION_ID]" if the
+// parent is an organization.
 func (c *FirewallPoliciesMoveCall) ParentId(parentId string) *FirewallPoliciesMoveCall {
 	c.urlParams_.Set("parentId", parentId)
 	return c
@@ -86871,7 +90724,7 @@ func (c *FirewallPoliciesMoveCall) Do(opts ...googleapi.CallOption) (*Operation,
 	//       "type": "string"
 	//     },
 	//     "parentId": {
-	//       "description": "The new parent of the firewall policy.",
+	//       "description": "The new parent of the firewall policy. The ID can be either be \"folders/[FOLDER_ID]\" if the parent is a folder or \"organizations/[ORGANIZATION_ID]\" if the parent is an organization.",
 	//       "location": "query",
 	//       "type": "string"
 	//     },
@@ -92683,8 +96536,7 @@ type GlobalAddressesGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified address resource. Gets a list of available
-// addresses by making a list() request.
+// Get: Returns the specified address resource.
 //
 // - address: Name of the address resource to return.
 // - project: Project ID for this request.
@@ -92795,7 +96647,7 @@ func (c *GlobalAddressesGetCall) Do(opts ...googleapi.CallOption) (*Address, err
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified address resource. Gets a list of available addresses by making a list() request.",
+	//   "description": "Returns the specified address resource.",
 	//   "flatPath": "projects/{project}/global/addresses/{address}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.globalAddresses.get",
@@ -92852,9 +96704,7 @@ func (r *GlobalAddressesService) GetOwnerInstance(project string) *GlobalAddress
 	return c
 }
 
-// IpAddress sets the optional parameter "ipAddress": The ip_address
-// could be external IPv4, or internal IPv4 within IPv6 form of
-// virtual_network_id with internal IPv4. IPv6 is not supported yet.
+// IpAddress sets the optional parameter "ipAddress": The VM IP address.
 func (c *GlobalAddressesGetOwnerInstanceCall) IpAddress(ipAddress string) *GlobalAddressesGetOwnerInstanceCall {
 	c.urlParams_.Set("ipAddress", ipAddress)
 	return c
@@ -92968,7 +96818,7 @@ func (c *GlobalAddressesGetOwnerInstanceCall) Do(opts ...googleapi.CallOption) (
 	//   ],
 	//   "parameters": {
 	//     "ipAddress": {
-	//       "description": "The ip_address could be external IPv4, or internal IPv4 within IPv6 form of virtual_network_id with internal IPv4. IPv6 is not supported yet.",
+	//       "description": "The VM IP address.",
 	//       "location": "query",
 	//       "type": "string"
 	//     },
@@ -95903,8 +99753,7 @@ type GlobalNetworkEndpointGroupsGetCall struct {
 	header_              http.Header
 }
 
-// Get: Returns the specified network endpoint group. Gets a list of
-// available network endpoint groups by making a list() request.
+// Get: Returns the specified network endpoint group.
 //
 //   - networkEndpointGroup: The name of the network endpoint group. It
 //     should comply with RFC1035.
@@ -96016,7 +99865,7 @@ func (c *GlobalNetworkEndpointGroupsGetCall) Do(opts ...googleapi.CallOption) (*
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified network endpoint group. Gets a list of available network endpoint groups by making a list() request.",
+	//   "description": "Returns the specified network endpoint group.",
 	//   "flatPath": "projects/{project}/global/networkEndpointGroups/{networkEndpointGroup}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.globalNetworkEndpointGroups.get",
@@ -99769,8 +103618,7 @@ type HealthChecksGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified HealthCheck resource. Gets a list of
-// available health checks by making a list() request.
+// Get: Returns the specified HealthCheck resource.
 //
 // - healthCheck: Name of the HealthCheck resource to return.
 // - project: Project ID for this request.
@@ -99881,7 +103729,7 @@ func (c *HealthChecksGetCall) Do(opts ...googleapi.CallOption) (*HealthCheck, er
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified HealthCheck resource. Gets a list of available health checks by making a list() request.",
+	//   "description": "Returns the specified HealthCheck resource.",
 	//   "flatPath": "projects/{project}/global/healthChecks/{healthCheck}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.healthChecks.get",
@@ -101053,8 +104901,7 @@ type HttpHealthChecksGetCall struct {
 	header_         http.Header
 }
 
-// Get: Returns the specified HttpHealthCheck resource. Gets a list of
-// available HTTP health checks by making a list() request.
+// Get: Returns the specified HttpHealthCheck resource.
 //
 // - httpHealthCheck: Name of the HttpHealthCheck resource to return.
 // - project: Project ID for this request.
@@ -101165,7 +105012,7 @@ func (c *HttpHealthChecksGetCall) Do(opts ...googleapi.CallOption) (*HttpHealthC
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified HttpHealthCheck resource. Gets a list of available HTTP health checks by making a list() request.",
+	//   "description": "Returns the specified HttpHealthCheck resource.",
 	//   "flatPath": "projects/{project}/global/httpHealthChecks/{httpHealthCheck}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.httpHealthChecks.get",
@@ -102337,8 +106184,7 @@ type HttpsHealthChecksGetCall struct {
 	header_          http.Header
 }
 
-// Get: Returns the specified HttpsHealthCheck resource. Gets a list of
-// available HTTPS health checks by making a list() request.
+// Get: Returns the specified HttpsHealthCheck resource.
 //
 // - httpsHealthCheck: Name of the HttpsHealthCheck resource to return.
 // - project: Project ID for this request.
@@ -102449,7 +106295,7 @@ func (c *HttpsHealthChecksGetCall) Do(opts ...googleapi.CallOption) (*HttpsHealt
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified HttpsHealthCheck resource. Gets a list of available HTTPS health checks by making a list() request.",
+	//   "description": "Returns the specified HttpsHealthCheck resource.",
 	//   "flatPath": "projects/{project}/global/httpsHealthChecks/{httpsHealthCheck}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.httpsHealthChecks.get",
@@ -103971,8 +107817,7 @@ type ImagesGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified image. Gets a list of available images by
-// making a list() request.
+// Get: Returns the specified image.
 //
 // - image: Name of the image resource to return.
 // - project: Project ID for this request.
@@ -104083,7 +107928,7 @@ func (c *ImagesGetCall) Do(opts ...googleapi.CallOption) (*Image, error) {
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified image. Gets a list of available images by making a list() request.",
+	//   "description": "Returns the specified image.",
 	//   "flatPath": "projects/{project}/global/images/{image}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.images.get",
@@ -105581,9 +109426,9 @@ func (c *ImagesTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestPe
 
 }
 
-// method id "compute.instanceGroupManagerResizeRequests.delete":
+// method id "compute.instanceGroupManagerResizeRequests.cancel":
 
-type InstanceGroupManagerResizeRequestsDeleteCall struct {
+type InstanceGroupManagerResizeRequestsCancelCall struct {
 	s                    *Service
 	project              string
 	zone                 string
@@ -105594,17 +109439,20 @@ type InstanceGroupManagerResizeRequestsDeleteCall struct {
 	header_              http.Header
 }
 
-// Delete: Deletes the specified resize request.
+// Cancel: Cancels the specified resize request and removes it from the
+// queue. Cancelled resize request does no longer wait for the resources
+// to be provisioned. Cancel is only possible for requests that are
+// accepted in the queue.
 //
 //   - instanceGroupManager: The name of the managed instance group. The
 //     name should conform to RFC1035 or be a resource ID.
 //   - project: Project ID for this request.
-//   - resizeRequest: The name of the resize request to delete. The name
+//   - resizeRequest: The name of the resize request to cancel. The name
 //     should conform to RFC1035 or be a resource ID.
 //   - zone: The name of the zone where the managed instance group is
 //     located. The name should conform to RFC1035.
-func (r *InstanceGroupManagerResizeRequestsService) Delete(project string, zone string, instanceGroupManager string, resizeRequest string) *InstanceGroupManagerResizeRequestsDeleteCall {
-	c := &InstanceGroupManagerResizeRequestsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *InstanceGroupManagerResizeRequestsService) Cancel(project string, zone string, instanceGroupManager string, resizeRequest string) *InstanceGroupManagerResizeRequestsCancelCall {
+	c := &InstanceGroupManagerResizeRequestsCancelCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.zone = zone
 	c.instanceGroupManager = instanceGroupManager
@@ -105623,7 +109471,7 @@ func (r *InstanceGroupManagerResizeRequestsService) Delete(project string, zone
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *InstanceGroupManagerResizeRequestsDeleteCall) RequestId(requestId string) *InstanceGroupManagerResizeRequestsDeleteCall {
+func (c *InstanceGroupManagerResizeRequestsCancelCall) RequestId(requestId string) *InstanceGroupManagerResizeRequestsCancelCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -105631,7 +109479,7 @@ func (c *InstanceGroupManagerResizeRequestsDeleteCall) RequestId(requestId strin
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *InstanceGroupManagerResizeRequestsDeleteCall) Fields(s ...googleapi.Field) *InstanceGroupManagerResizeRequestsDeleteCall {
+func (c *InstanceGroupManagerResizeRequestsCancelCall) Fields(s ...googleapi.Field) *InstanceGroupManagerResizeRequestsCancelCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -105639,21 +109487,21 @@ func (c *InstanceGroupManagerResizeRequestsDeleteCall) Fields(s ...googleapi.Fie
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *InstanceGroupManagerResizeRequestsDeleteCall) Context(ctx context.Context) *InstanceGroupManagerResizeRequestsDeleteCall {
+func (c *InstanceGroupManagerResizeRequestsCancelCall) Context(ctx context.Context) *InstanceGroupManagerResizeRequestsCancelCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *InstanceGroupManagerResizeRequestsDeleteCall) Header() http.Header {
+func (c *InstanceGroupManagerResizeRequestsCancelCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *InstanceGroupManagerResizeRequestsDeleteCall) doRequest(alt string) (*http.Response, error) {
+func (c *InstanceGroupManagerResizeRequestsCancelCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -105663,9 +109511,9 @@ func (c *InstanceGroupManagerResizeRequestsDeleteCall) doRequest(alt string) (*h
 	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests/{resizeRequest}")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests/{resizeRequest}/cancel")
 	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("DELETE", urls, body)
+	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
 		return nil, err
 	}
@@ -105679,14 +109527,14 @@ func (c *InstanceGroupManagerResizeRequestsDeleteCall) doRequest(alt string) (*h
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.instanceGroupManagerResizeRequests.delete" call.
+// Do executes the "compute.instanceGroupManagerResizeRequests.cancel" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *InstanceGroupManagerResizeRequestsDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *InstanceGroupManagerResizeRequestsCancelCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -105717,10 +109565,10 @@ func (c *InstanceGroupManagerResizeRequestsDeleteCall) Do(opts ...googleapi.Call
 	}
 	return ret, nil
 	// {
-	//   "description": "Deletes the specified resize request.",
-	//   "flatPath": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests/{resizeRequest}",
-	//   "httpMethod": "DELETE",
-	//   "id": "compute.instanceGroupManagerResizeRequests.delete",
+	//   "description": "Cancels the specified resize request and removes it from the queue. Cancelled resize request does no longer wait for the resources to be provisioned. Cancel is only possible for requests that are accepted in the queue.",
+	//   "flatPath": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests/{resizeRequest}/cancel",
+	//   "httpMethod": "POST",
+	//   "id": "compute.instanceGroupManagerResizeRequests.cancel",
 	//   "parameterOrder": [
 	//     "project",
 	//     "zone",
@@ -105747,7 +109595,7 @@ func (c *InstanceGroupManagerResizeRequestsDeleteCall) Do(opts ...googleapi.Call
 	//       "type": "string"
 	//     },
 	//     "resizeRequest": {
-	//       "description": "The name of the resize request to delete. The name should conform to RFC1035 or be a resource ID.",
+	//       "description": "The name of the resize request to cancel. The name should conform to RFC1035 or be a resource ID.",
 	//       "location": "path",
 	//       "required": true,
 	//       "type": "string"
@@ -105759,7 +109607,7 @@ func (c *InstanceGroupManagerResizeRequestsDeleteCall) Do(opts ...googleapi.Call
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests/{resizeRequest}",
+	//   "path": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests/{resizeRequest}/cancel",
 	//   "response": {
 	//     "$ref": "Operation"
 	//   },
@@ -105771,221 +109619,36 @@ func (c *InstanceGroupManagerResizeRequestsDeleteCall) Do(opts ...googleapi.Call
 
 }
 
-// method id "compute.instanceGroupManagerResizeRequests.get":
+// method id "compute.instanceGroupManagerResizeRequests.delete":
 
-type InstanceGroupManagerResizeRequestsGetCall struct {
+type InstanceGroupManagerResizeRequestsDeleteCall struct {
 	s                    *Service
 	project              string
 	zone                 string
 	instanceGroupManager string
 	resizeRequest        string
 	urlParams_           gensupport.URLParams
-	ifNoneMatch_         string
 	ctx_                 context.Context
 	header_              http.Header
 }
 
-// Get: Returns all of the details about the specified resize request.
+// Delete: Deletes the specified, inactive resize request. Requests that
+// are still active cannot be deleted. Deleting request does not delete
+// instances that were provisioned previously.
 //
-//   - instanceGroupManager: The name of the managed instance group. Name
-//     should conform to RFC1035 or be a resource ID.
-//   - project: Project ID for this request.
-//   - resizeRequest: The name of the resize request. Name should conform
-//     to RFC1035 or be a resource ID.
-//   - zone: Name of the
-//     href="/compute/docs/regions-zones/#available">zone scoping this
-//     request. Name should conform to RFC1035.
-func (r *InstanceGroupManagerResizeRequestsService) Get(project string, zone string, instanceGroupManager string, resizeRequest string) *InstanceGroupManagerResizeRequestsGetCall {
-	c := &InstanceGroupManagerResizeRequestsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.project = project
-	c.zone = zone
-	c.instanceGroupManager = instanceGroupManager
-	c.resizeRequest = resizeRequest
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *InstanceGroupManagerResizeRequestsGetCall) Fields(s ...googleapi.Field) *InstanceGroupManagerResizeRequestsGetCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *InstanceGroupManagerResizeRequestsGetCall) IfNoneMatch(entityTag string) *InstanceGroupManagerResizeRequestsGetCall {
-	c.ifNoneMatch_ = entityTag
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *InstanceGroupManagerResizeRequestsGetCall) Context(ctx context.Context) *InstanceGroupManagerResizeRequestsGetCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *InstanceGroupManagerResizeRequestsGetCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *InstanceGroupManagerResizeRequestsGetCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests/{resizeRequest}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"project":              c.project,
-		"zone":                 c.zone,
-		"instanceGroupManager": c.instanceGroupManager,
-		"resizeRequest":        c.resizeRequest,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "compute.instanceGroupManagerResizeRequests.get" call.
-// Exactly one of *InstanceGroupManagerResizeRequest or error will be
-// non-nil. Any non-2xx status code is an error. Response headers are in
-// either *InstanceGroupManagerResizeRequest.ServerResponse.Header or
-// (if a response was returned at all) in
-// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
-// whether the returned error was because http.StatusNotModified was
-// returned.
-func (c *InstanceGroupManagerResizeRequestsGetCall) Do(opts ...googleapi.CallOption) (*InstanceGroupManagerResizeRequest, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &InstanceGroupManagerResizeRequest{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Returns all of the details about the specified resize request.",
-	//   "flatPath": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests/{resizeRequest}",
-	//   "httpMethod": "GET",
-	//   "id": "compute.instanceGroupManagerResizeRequests.get",
-	//   "parameterOrder": [
-	//     "project",
-	//     "zone",
-	//     "instanceGroupManager",
-	//     "resizeRequest"
-	//   ],
-	//   "parameters": {
-	//     "instanceGroupManager": {
-	//       "description": "The name of the managed instance group. Name should conform to RFC1035 or be a resource ID.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "project": {
-	//       "description": "Project ID for this request.",
-	//       "location": "path",
-	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "resizeRequest": {
-	//       "description": "The name of the resize request. Name should conform to RFC1035 or be a resource ID.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "zone": {
-	//       "description": "Name of the href=\"/compute/docs/regions-zones/#available\"\u003ezone scoping this request. Name should conform to RFC1035.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests/{resizeRequest}",
-	//   "response": {
-	//     "$ref": "InstanceGroupManagerResizeRequest"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/compute",
-	//     "https://www.googleapis.com/auth/compute.readonly"
-	//   ]
-	// }
-
-}
-
-// method id "compute.instanceGroupManagerResizeRequests.insert":
-
-type InstanceGroupManagerResizeRequestsInsertCall struct {
-	s                                 *Service
-	project                           string
-	zone                              string
-	instanceGroupManager              string
-	instancegroupmanagerresizerequest *InstanceGroupManagerResizeRequest
-	urlParams_                        gensupport.URLParams
-	ctx_                              context.Context
-	header_                           http.Header
-}
-
-// Insert: Creates a new resize request that starts provisioning VMs
-// immediately or queues VM creation.
-//
-//   - instanceGroupManager: The name of the managed instance group to
-//     which the resize request will be added. Name should conform to
-//     RFC1035 or be a resource ID.
+//   - instanceGroupManager: The name of the managed instance group. The
+//     name should conform to RFC1035 or be a resource ID.
 //   - project: Project ID for this request.
+//   - resizeRequest: The name of the resize request to delete. The name
+//     should conform to RFC1035 or be a resource ID.
 //   - zone: The name of the zone where the managed instance group is
-//     located and where the resize request will be created. Name should
-//     conform to RFC1035.
-func (r *InstanceGroupManagerResizeRequestsService) Insert(project string, zone string, instanceGroupManager string, instancegroupmanagerresizerequest *InstanceGroupManagerResizeRequest) *InstanceGroupManagerResizeRequestsInsertCall {
-	c := &InstanceGroupManagerResizeRequestsInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+//     located. The name should conform to RFC1035.
+func (r *InstanceGroupManagerResizeRequestsService) Delete(project string, zone string, instanceGroupManager string, resizeRequest string) *InstanceGroupManagerResizeRequestsDeleteCall {
+	c := &InstanceGroupManagerResizeRequestsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.zone = zone
 	c.instanceGroupManager = instanceGroupManager
-	c.instancegroupmanagerresizerequest = instancegroupmanagerresizerequest
+	c.resizeRequest = resizeRequest
 	return c
 }
 
@@ -106000,7 +109663,7 @@ func (r *InstanceGroupManagerResizeRequestsService) Insert(project string, zone
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *InstanceGroupManagerResizeRequestsInsertCall) RequestId(requestId string) *InstanceGroupManagerResizeRequestsInsertCall {
+func (c *InstanceGroupManagerResizeRequestsDeleteCall) RequestId(requestId string) *InstanceGroupManagerResizeRequestsDeleteCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -106008,7 +109671,7 @@ func (c *InstanceGroupManagerResizeRequestsInsertCall) RequestId(requestId strin
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *InstanceGroupManagerResizeRequestsInsertCall) Fields(s ...googleapi.Field) *InstanceGroupManagerResizeRequestsInsertCall {
+func (c *InstanceGroupManagerResizeRequestsDeleteCall) Fields(s ...googleapi.Field) *InstanceGroupManagerResizeRequestsDeleteCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -106016,21 +109679,21 @@ func (c *InstanceGroupManagerResizeRequestsInsertCall) Fields(s ...googleapi.Fie
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *InstanceGroupManagerResizeRequestsInsertCall) Context(ctx context.Context) *InstanceGroupManagerResizeRequestsInsertCall {
+func (c *InstanceGroupManagerResizeRequestsDeleteCall) Context(ctx context.Context) *InstanceGroupManagerResizeRequestsDeleteCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *InstanceGroupManagerResizeRequestsInsertCall) Header() http.Header {
+func (c *InstanceGroupManagerResizeRequestsDeleteCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *InstanceGroupManagerResizeRequestsInsertCall) doRequest(alt string) (*http.Response, error) {
+func (c *InstanceGroupManagerResizeRequestsDeleteCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -106038,16 +109701,11 @@ func (c *InstanceGroupManagerResizeRequestsInsertCall) doRequest(alt string) (*h
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.instancegroupmanagerresizerequest)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests/{resizeRequest}")
 	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("POST", urls, body)
+	req, err := http.NewRequest("DELETE", urls, body)
 	if err != nil {
 		return nil, err
 	}
@@ -106056,18 +109714,400 @@ func (c *InstanceGroupManagerResizeRequestsInsertCall) doRequest(alt string) (*h
 		"project":              c.project,
 		"zone":                 c.zone,
 		"instanceGroupManager": c.instanceGroupManager,
+		"resizeRequest":        c.resizeRequest,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.instanceGroupManagerResizeRequests.insert" call.
+// Do executes the "compute.instanceGroupManagerResizeRequests.delete" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *InstanceGroupManagerResizeRequestsInsertCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *InstanceGroupManagerResizeRequestsDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Deletes the specified, inactive resize request. Requests that are still active cannot be deleted. Deleting request does not delete instances that were provisioned previously.",
+	//   "flatPath": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests/{resizeRequest}",
+	//   "httpMethod": "DELETE",
+	//   "id": "compute.instanceGroupManagerResizeRequests.delete",
+	//   "parameterOrder": [
+	//     "project",
+	//     "zone",
+	//     "instanceGroupManager",
+	//     "resizeRequest"
+	//   ],
+	//   "parameters": {
+	//     "instanceGroupManager": {
+	//       "description": "The name of the managed instance group. The name should conform to RFC1035 or be a resource ID.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "resizeRequest": {
+	//       "description": "The name of the resize request to delete. The name should conform to RFC1035 or be a resource ID.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "zone": {
+	//       "description": "The name of the zone where the managed instance group is located. The name should conform to RFC1035.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests/{resizeRequest}",
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.instanceGroupManagerResizeRequests.get":
+
+type InstanceGroupManagerResizeRequestsGetCall struct {
+	s                    *Service
+	project              string
+	zone                 string
+	instanceGroupManager string
+	resizeRequest        string
+	urlParams_           gensupport.URLParams
+	ifNoneMatch_         string
+	ctx_                 context.Context
+	header_              http.Header
+}
+
+// Get: Returns all of the details about the specified resize request.
+//
+//   - instanceGroupManager: The name of the managed instance group. Name
+//     should conform to RFC1035 or be a resource ID.
+//   - project: Project ID for this request.
+//   - resizeRequest: The name of the resize request. Name should conform
+//     to RFC1035 or be a resource ID.
+//   - zone: Name of the
+//     href="/compute/docs/regions-zones/#available">zone scoping this
+//     request. Name should conform to RFC1035.
+func (r *InstanceGroupManagerResizeRequestsService) Get(project string, zone string, instanceGroupManager string, resizeRequest string) *InstanceGroupManagerResizeRequestsGetCall {
+	c := &InstanceGroupManagerResizeRequestsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.zone = zone
+	c.instanceGroupManager = instanceGroupManager
+	c.resizeRequest = resizeRequest
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *InstanceGroupManagerResizeRequestsGetCall) Fields(s ...googleapi.Field) *InstanceGroupManagerResizeRequestsGetCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *InstanceGroupManagerResizeRequestsGetCall) IfNoneMatch(entityTag string) *InstanceGroupManagerResizeRequestsGetCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *InstanceGroupManagerResizeRequestsGetCall) Context(ctx context.Context) *InstanceGroupManagerResizeRequestsGetCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *InstanceGroupManagerResizeRequestsGetCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *InstanceGroupManagerResizeRequestsGetCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests/{resizeRequest}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":              c.project,
+		"zone":                 c.zone,
+		"instanceGroupManager": c.instanceGroupManager,
+		"resizeRequest":        c.resizeRequest,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.instanceGroupManagerResizeRequests.get" call.
+// Exactly one of *InstanceGroupManagerResizeRequest or error will be
+// non-nil. Any non-2xx status code is an error. Response headers are in
+// either *InstanceGroupManagerResizeRequest.ServerResponse.Header or
+// (if a response was returned at all) in
+// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
+// whether the returned error was because http.StatusNotModified was
+// returned.
+func (c *InstanceGroupManagerResizeRequestsGetCall) Do(opts ...googleapi.CallOption) (*InstanceGroupManagerResizeRequest, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &InstanceGroupManagerResizeRequest{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Returns all of the details about the specified resize request.",
+	//   "flatPath": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests/{resizeRequest}",
+	//   "httpMethod": "GET",
+	//   "id": "compute.instanceGroupManagerResizeRequests.get",
+	//   "parameterOrder": [
+	//     "project",
+	//     "zone",
+	//     "instanceGroupManager",
+	//     "resizeRequest"
+	//   ],
+	//   "parameters": {
+	//     "instanceGroupManager": {
+	//       "description": "The name of the managed instance group. Name should conform to RFC1035 or be a resource ID.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "resizeRequest": {
+	//       "description": "The name of the resize request. Name should conform to RFC1035 or be a resource ID.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "zone": {
+	//       "description": "Name of the href=\"/compute/docs/regions-zones/#available\"\u003ezone scoping this request. Name should conform to RFC1035.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests/{resizeRequest}",
+	//   "response": {
+	//     "$ref": "InstanceGroupManagerResizeRequest"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
+	//   ]
+	// }
+
+}
+
+// method id "compute.instanceGroupManagerResizeRequests.insert":
+
+type InstanceGroupManagerResizeRequestsInsertCall struct {
+	s                                 *Service
+	project                           string
+	zone                              string
+	instanceGroupManager              string
+	instancegroupmanagerresizerequest *InstanceGroupManagerResizeRequest
+	urlParams_                        gensupport.URLParams
+	ctx_                              context.Context
+	header_                           http.Header
+}
+
+// Insert: Creates a new resize request that starts provisioning VMs
+// immediately or queues VM creation.
+//
+//   - instanceGroupManager: The name of the managed instance group to
+//     which the resize request will be added. Name should conform to
+//     RFC1035 or be a resource ID.
+//   - project: Project ID for this request.
+//   - zone: The name of the zone where the managed instance group is
+//     located and where the resize request will be created. Name should
+//     conform to RFC1035.
+func (r *InstanceGroupManagerResizeRequestsService) Insert(project string, zone string, instanceGroupManager string, instancegroupmanagerresizerequest *InstanceGroupManagerResizeRequest) *InstanceGroupManagerResizeRequestsInsertCall {
+	c := &InstanceGroupManagerResizeRequestsInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.zone = zone
+	c.instanceGroupManager = instanceGroupManager
+	c.instancegroupmanagerresizerequest = instancegroupmanagerresizerequest
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *InstanceGroupManagerResizeRequestsInsertCall) RequestId(requestId string) *InstanceGroupManagerResizeRequestsInsertCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *InstanceGroupManagerResizeRequestsInsertCall) Fields(s ...googleapi.Field) *InstanceGroupManagerResizeRequestsInsertCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *InstanceGroupManagerResizeRequestsInsertCall) Context(ctx context.Context) *InstanceGroupManagerResizeRequestsInsertCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *InstanceGroupManagerResizeRequestsInsertCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *InstanceGroupManagerResizeRequestsInsertCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.instancegroupmanagerresizerequest)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":              c.project,
+		"zone":                 c.zone,
+		"instanceGroupManager": c.instanceGroupManager,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.instanceGroupManagerResizeRequests.insert" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *InstanceGroupManagerResizeRequestsInsertCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -107874,8 +111914,7 @@ type InstanceGroupManagersGetCall struct {
 }
 
 // Get: Returns all of the details about the specified managed instance
-// group. Gets a list of available managed instance groups by making a
-// list() request.
+// group.
 //
 //   - instanceGroupManager: The name of the managed instance group.
 //   - project: Project ID for this request.
@@ -107990,7 +112029,7 @@ func (c *InstanceGroupManagersGetCall) Do(opts ...googleapi.CallOption) (*Instan
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns all of the details about the specified managed instance group. Gets a list of available managed instance groups by making a list() request.",
+	//   "description": "Returns all of the details about the specified managed instance group.",
 	//   "flatPath": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.instanceGroupManagers.get",
@@ -110738,6 +114777,7 @@ func (c *InstanceGroupManagersSetAutoHealingPoliciesCall) Do(opts ...googleapi.C
 	}
 	return ret, nil
 	// {
+	//   "deprecated": true,
 	//   "description": "Motifies the autohealing policy for the instances in this managed instance group. [Deprecated] This method is deprecated. Use instanceGroupManagers.patch instead.",
 	//   "flatPath": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/setAutoHealingPolicies",
 	//   "httpMethod": "POST",
@@ -114496,6 +118536,354 @@ func (c *InstanceGroupsTestIamPermissionsCall) Do(opts ...googleapi.CallOption)
 
 }
 
+// method id "compute.instanceSettings.get":
+
+type InstanceSettingsGetCall struct {
+	s            *Service
+	project      string
+	zone         string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// Get: Get Instance settings.
+//
+// - project: Project ID for this request.
+// - zone: Name of the zone for this request.
+func (r *InstanceSettingsService) Get(project string, zone string) *InstanceSettingsGetCall {
+	c := &InstanceSettingsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.zone = zone
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *InstanceSettingsGetCall) Fields(s ...googleapi.Field) *InstanceSettingsGetCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *InstanceSettingsGetCall) IfNoneMatch(entityTag string) *InstanceSettingsGetCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *InstanceSettingsGetCall) Context(ctx context.Context) *InstanceSettingsGetCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *InstanceSettingsGetCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *InstanceSettingsGetCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instanceSettings")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+		"zone":    c.zone,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.instanceSettings.get" call.
+// Exactly one of *InstanceSettings or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *InstanceSettings.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *InstanceSettingsGetCall) Do(opts ...googleapi.CallOption) (*InstanceSettings, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &InstanceSettings{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Get Instance settings.",
+	//   "flatPath": "projects/{project}/zones/{zone}/instanceSettings",
+	//   "httpMethod": "GET",
+	//   "id": "compute.instanceSettings.get",
+	//   "parameterOrder": [
+	//     "project",
+	//     "zone"
+	//   ],
+	//   "parameters": {
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "zone": {
+	//       "description": "Name of the zone for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/zones/{zone}/instanceSettings",
+	//   "response": {
+	//     "$ref": "InstanceSettings"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
+	//   ]
+	// }
+
+}
+
+// method id "compute.instanceSettings.patch":
+
+type InstanceSettingsPatchCall struct {
+	s                *Service
+	project          string
+	zone             string
+	instancesettings *InstanceSettings
+	urlParams_       gensupport.URLParams
+	ctx_             context.Context
+	header_          http.Header
+}
+
+// Patch: Patch Instance settings
+//
+// - project: Project ID for this request.
+// - zone: The zone scoping this request. It should conform to RFC1035.
+func (r *InstanceSettingsService) Patch(project string, zone string, instancesettings *InstanceSettings) *InstanceSettingsPatchCall {
+	c := &InstanceSettingsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.zone = zone
+	c.instancesettings = instancesettings
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *InstanceSettingsPatchCall) RequestId(requestId string) *InstanceSettingsPatchCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// UpdateMask sets the optional parameter "updateMask": update_mask
+// indicates fields to be updated as part of this request.
+func (c *InstanceSettingsPatchCall) UpdateMask(updateMask string) *InstanceSettingsPatchCall {
+	c.urlParams_.Set("updateMask", updateMask)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *InstanceSettingsPatchCall) Fields(s ...googleapi.Field) *InstanceSettingsPatchCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *InstanceSettingsPatchCall) Context(ctx context.Context) *InstanceSettingsPatchCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *InstanceSettingsPatchCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *InstanceSettingsPatchCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.instancesettings)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instanceSettings")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("PATCH", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+		"zone":    c.zone,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.instanceSettings.patch" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *InstanceSettingsPatchCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Patch Instance settings",
+	//   "flatPath": "projects/{project}/zones/{zone}/instanceSettings",
+	//   "httpMethod": "PATCH",
+	//   "id": "compute.instanceSettings.patch",
+	//   "parameterOrder": [
+	//     "project",
+	//     "zone"
+	//   ],
+	//   "parameters": {
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "updateMask": {
+	//       "description": "update_mask indicates fields to be updated as part of this request.",
+	//       "format": "google-fieldmask",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "zone": {
+	//       "description": "The zone scoping this request. It should conform to RFC1035.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/zones/{zone}/instanceSettings",
+	//   "request": {
+	//     "$ref": "InstanceSettings"
+	//   },
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
 // method id "compute.instanceTemplates.aggregatedList":
 
 type InstanceTemplatesAggregatedListCall struct {
@@ -114974,8 +119362,7 @@ type InstanceTemplatesGetCall struct {
 	header_          http.Header
 }
 
-// Get: Returns the specified instance template. Gets a list of
-// available instance templates by making a list() request.
+// Get: Returns the specified instance template.
 //
 // - instanceTemplate: The name of the instance template.
 // - project: Project ID for this request.
@@ -114986,6 +119373,21 @@ func (r *InstanceTemplatesService) Get(project string, instanceTemplate string)
 	return c
 }
 
+// View sets the optional parameter "view": View of the instance
+// template.
+//
+// Possible values:
+//
+//	"BASIC" - Include everything except Partner Metadata.
+//	"FULL" - Include everything.
+//	"INSTANCE_VIEW_UNSPECIFIED" - The default / unset value. The API
+//
+// will default to the BASIC view.
+func (c *InstanceTemplatesGetCall) View(view string) *InstanceTemplatesGetCall {
+	c.urlParams_.Set("view", view)
+	return c
+}
+
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
@@ -115086,7 +119488,7 @@ func (c *InstanceTemplatesGetCall) Do(opts ...googleapi.CallOption) (*InstanceTe
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified instance template. Gets a list of available instance templates by making a list() request.",
+	//   "description": "Returns the specified instance template.",
 	//   "flatPath": "projects/{project}/global/instanceTemplates/{instanceTemplate}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.instanceTemplates.get",
@@ -115108,6 +119510,21 @@ func (c *InstanceTemplatesGetCall) Do(opts ...googleapi.CallOption) (*InstanceTe
 	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
 	//       "required": true,
 	//       "type": "string"
+	//     },
+	//     "view": {
+	//       "description": "View of the instance template.",
+	//       "enum": [
+	//         "BASIC",
+	//         "FULL",
+	//         "INSTANCE_VIEW_UNSPECIFIED"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Include everything except Partner Metadata.",
+	//         "Include everything.",
+	//         "The default / unset value. The API will default to the BASIC view."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
 	//     }
 	//   },
 	//   "path": "projects/{project}/global/instanceTemplates/{instanceTemplate}",
@@ -115568,6 +119985,21 @@ func (c *InstanceTemplatesListCall) ReturnPartialSuccess(returnPartialSuccess bo
 	return c
 }
 
+// View sets the optional parameter "view": View of the instance
+// template.
+//
+// Possible values:
+//
+//	"BASIC" - Include everything except Partner Metadata.
+//	"FULL" - Include everything.
+//	"INSTANCE_VIEW_UNSPECIFIED" - The default / unset value. The API
+//
+// will default to the BASIC view.
+func (c *InstanceTemplatesListCall) View(view string) *InstanceTemplatesListCall {
+	c.urlParams_.Set("view", view)
+	return c
+}
+
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
@@ -115709,6 +120141,21 @@ func (c *InstanceTemplatesListCall) Do(opts ...googleapi.CallOption) (*InstanceT
 	//       "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
 	//       "location": "query",
 	//       "type": "boolean"
+	//     },
+	//     "view": {
+	//       "description": "View of the instance template.",
+	//       "enum": [
+	//         "BASIC",
+	//         "FULL",
+	//         "INSTANCE_VIEW_UNSPECIFIED"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Include everything except Partner Metadata.",
+	//         "Include everything.",
+	//         "The default / unset value. The API will default to the BASIC view."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
 	//     }
 	//   },
 	//   "path": "projects/{project}/global/instanceTemplates",
@@ -117708,8 +122155,7 @@ type InstancesGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified Instance resource. Gets a list of
-// available instances by making a list() request.
+// Get: Returns the specified Instance resource.
 //
 // - instance: Name of the instance resource to return.
 // - project: Project ID for this request.
@@ -117722,6 +122168,20 @@ func (r *InstancesService) Get(project string, zone string, instance string) *In
 	return c
 }
 
+// View sets the optional parameter "view": View of the instance.
+//
+// Possible values:
+//
+//	"BASIC" - Include everything except Partner Metadata.
+//	"FULL" - Include everything.
+//	"INSTANCE_VIEW_UNSPECIFIED" - The default / unset value. The API
+//
+// will default to the BASIC view.
+func (c *InstancesGetCall) View(view string) *InstancesGetCall {
+	c.urlParams_.Set("view", view)
+	return c
+}
+
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
@@ -117823,7 +122283,7 @@ func (c *InstancesGetCall) Do(opts ...googleapi.CallOption) (*Instance, error) {
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified Instance resource. Gets a list of available instances by making a list() request.",
+	//   "description": "Returns the specified Instance resource.",
 	//   "flatPath": "projects/{project}/zones/{zone}/instances/{instance}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.instances.get",
@@ -117847,6 +122307,21 @@ func (c *InstancesGetCall) Do(opts ...googleapi.CallOption) (*Instance, error) {
 	//       "required": true,
 	//       "type": "string"
 	//     },
+	//     "view": {
+	//       "description": "View of the instance.",
+	//       "enum": [
+	//         "BASIC",
+	//         "FULL",
+	//         "INSTANCE_VIEW_UNSPECIFIED"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Include everything except Partner Metadata.",
+	//         "Include everything.",
+	//         "The default / unset value. The API will default to the BASIC view."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
+	//     },
 	//     "zone": {
 	//       "description": "The name of the zone for this request.",
 	//       "location": "path",
@@ -118434,6 +122909,191 @@ func (c *InstancesGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, e
 
 }
 
+// method id "compute.instances.getPartnerMetadata":
+
+type InstancesGetPartnerMetadataCall struct {
+	s            *Service
+	project      string
+	zone         string
+	instance     string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// GetPartnerMetadata: Gets partner metadata of the specified instance
+// and namespaces.
+//
+// - instance: Name of the instance scoping this request.
+// - project: Project ID for this request.
+// - zone: The name of the zone for this request.
+func (r *InstancesService) GetPartnerMetadata(project string, zone string, instance string) *InstancesGetPartnerMetadataCall {
+	c := &InstancesGetPartnerMetadataCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.zone = zone
+	c.instance = instance
+	return c
+}
+
+// Namespaces sets the optional parameter "namespaces": Comma separated
+// partner metadata namespaces.
+func (c *InstancesGetPartnerMetadataCall) Namespaces(namespaces string) *InstancesGetPartnerMetadataCall {
+	c.urlParams_.Set("namespaces", namespaces)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *InstancesGetPartnerMetadataCall) Fields(s ...googleapi.Field) *InstancesGetPartnerMetadataCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *InstancesGetPartnerMetadataCall) IfNoneMatch(entityTag string) *InstancesGetPartnerMetadataCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *InstancesGetPartnerMetadataCall) Context(ctx context.Context) *InstancesGetPartnerMetadataCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *InstancesGetPartnerMetadataCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *InstancesGetPartnerMetadataCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instances/{instance}/getPartnerMetadata")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":  c.project,
+		"zone":     c.zone,
+		"instance": c.instance,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.instances.getPartnerMetadata" call.
+// Exactly one of *PartnerMetadata or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *PartnerMetadata.ServerResponse.Header or (if a response was returned
+// at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *InstancesGetPartnerMetadataCall) Do(opts ...googleapi.CallOption) (*PartnerMetadata, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &PartnerMetadata{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Gets partner metadata of the specified instance and namespaces.",
+	//   "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/getPartnerMetadata",
+	//   "httpMethod": "GET",
+	//   "id": "compute.instances.getPartnerMetadata",
+	//   "parameterOrder": [
+	//     "project",
+	//     "zone",
+	//     "instance"
+	//   ],
+	//   "parameters": {
+	//     "instance": {
+	//       "description": "Name of the instance scoping this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "namespaces": {
+	//       "description": "Comma separated partner metadata namespaces.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "zone": {
+	//       "description": "The name of the zone for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/zones/{zone}/instances/{instance}/getPartnerMetadata",
+	//   "response": {
+	//     "$ref": "PartnerMetadata"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
+	//   ]
+	// }
+
+}
+
 // method id "compute.instances.getScreenshot":
 
 type InstancesGetScreenshotCall struct {
@@ -119484,6 +124144,20 @@ func (c *InstancesListCall) ReturnPartialSuccess(returnPartialSuccess bool) *Ins
 	return c
 }
 
+// View sets the optional parameter "view": View of the instance.
+//
+// Possible values:
+//
+//	"BASIC" - Include everything except Partner Metadata.
+//	"FULL" - Include everything.
+//	"INSTANCE_VIEW_UNSPECIFIED" - The default / unset value. The API
+//
+// will default to the BASIC view.
+func (c *InstancesListCall) View(view string) *InstancesListCall {
+	c.urlParams_.Set("view", view)
+	return c
+}
+
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
@@ -119628,6 +124302,21 @@ func (c *InstancesListCall) Do(opts ...googleapi.CallOption) (*InstanceList, err
 	//       "location": "query",
 	//       "type": "boolean"
 	//     },
+	//     "view": {
+	//       "description": "View of the instance.",
+	//       "enum": [
+	//         "BASIC",
+	//         "FULL",
+	//         "INSTANCE_VIEW_UNSPECIFIED"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Include everything except Partner Metadata.",
+	//         "Include everything.",
+	//         "The default / unset value. The API will default to the BASIC view."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
+	//     },
 	//     "zone": {
 	//       "description": "The name of the zone for this request.",
 	//       "location": "path",
@@ -119978,28 +124667,31 @@ func (c *InstancesListReferrersCall) Pages(ctx context.Context, f func(*Instance
 	}
 }
 
-// method id "compute.instances.performMaintenance":
+// method id "compute.instances.patchPartnerMetadata":
 
-type InstancesPerformMaintenanceCall struct {
-	s          *Service
-	project    string
-	zone       string
-	instance   string
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
+type InstancesPatchPartnerMetadataCall struct {
+	s               *Service
+	project         string
+	zone            string
+	instance        string
+	partnermetadata *PartnerMetadata
+	urlParams_      gensupport.URLParams
+	ctx_            context.Context
+	header_         http.Header
 }
 
-// PerformMaintenance: Perform a manual maintenance on the instance.
+// PatchPartnerMetadata: Patches partner metadata of the specified
+// instance.
 //
 // - instance: Name of the instance scoping this request.
 // - project: Project ID for this request.
 // - zone: The name of the zone for this request.
-func (r *InstancesService) PerformMaintenance(project string, zone string, instance string) *InstancesPerformMaintenanceCall {
-	c := &InstancesPerformMaintenanceCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *InstancesService) PatchPartnerMetadata(project string, zone string, instance string, partnermetadata *PartnerMetadata) *InstancesPatchPartnerMetadataCall {
+	c := &InstancesPatchPartnerMetadataCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.zone = zone
 	c.instance = instance
+	c.partnermetadata = partnermetadata
 	return c
 }
 
@@ -120014,7 +124706,7 @@ func (r *InstancesService) PerformMaintenance(project string, zone string, insta
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *InstancesPerformMaintenanceCall) RequestId(requestId string) *InstancesPerformMaintenanceCall {
+func (c *InstancesPatchPartnerMetadataCall) RequestId(requestId string) *InstancesPatchPartnerMetadataCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -120022,7 +124714,7 @@ func (c *InstancesPerformMaintenanceCall) RequestId(requestId string) *Instances
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *InstancesPerformMaintenanceCall) Fields(s ...googleapi.Field) *InstancesPerformMaintenanceCall {
+func (c *InstancesPatchPartnerMetadataCall) Fields(s ...googleapi.Field) *InstancesPatchPartnerMetadataCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -120030,21 +124722,21 @@ func (c *InstancesPerformMaintenanceCall) Fields(s ...googleapi.Field) *Instance
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *InstancesPerformMaintenanceCall) Context(ctx context.Context) *InstancesPerformMaintenanceCall {
+func (c *InstancesPatchPartnerMetadataCall) Context(ctx context.Context) *InstancesPatchPartnerMetadataCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *InstancesPerformMaintenanceCall) Header() http.Header {
+func (c *InstancesPatchPartnerMetadataCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *InstancesPerformMaintenanceCall) doRequest(alt string) (*http.Response, error) {
+func (c *InstancesPatchPartnerMetadataCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -120052,9 +124744,14 @@ func (c *InstancesPerformMaintenanceCall) doRequest(alt string) (*http.Response,
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.partnermetadata)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instances/{instance}/performMaintenance")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instances/{instance}/patchPartnerMetadata")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -120069,14 +124766,14 @@ func (c *InstancesPerformMaintenanceCall) doRequest(alt string) (*http.Response,
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.instances.performMaintenance" call.
+// Do executes the "compute.instances.patchPartnerMetadata" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *InstancesPerformMaintenanceCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *InstancesPatchPartnerMetadataCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -120107,10 +124804,10 @@ func (c *InstancesPerformMaintenanceCall) Do(opts ...googleapi.CallOption) (*Ope
 	}
 	return ret, nil
 	// {
-	//   "description": "Perform a manual maintenance on the instance.",
-	//   "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/performMaintenance",
+	//   "description": "Patches partner metadata of the specified instance.",
+	//   "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/patchPartnerMetadata",
 	//   "httpMethod": "POST",
-	//   "id": "compute.instances.performMaintenance",
+	//   "id": "compute.instances.patchPartnerMetadata",
 	//   "parameterOrder": [
 	//     "project",
 	//     "zone",
@@ -120144,7 +124841,10 @@ func (c *InstancesPerformMaintenanceCall) Do(opts ...googleapi.CallOption) (*Ope
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/zones/{zone}/instances/{instance}/performMaintenance",
+	//   "path": "projects/{project}/zones/{zone}/instances/{instance}/patchPartnerMetadata",
+	//   "request": {
+	//     "$ref": "PartnerMetadata"
+	//   },
 	//   "response": {
 	//     "$ref": "Operation"
 	//   },
@@ -120156,30 +124856,28 @@ func (c *InstancesPerformMaintenanceCall) Do(opts ...googleapi.CallOption) (*Ope
 
 }
 
-// method id "compute.instances.removeResourcePolicies":
+// method id "compute.instances.performMaintenance":
 
-type InstancesRemoveResourcePoliciesCall struct {
-	s                                      *Service
-	project                                string
-	zone                                   string
-	instance                               string
-	instancesremoveresourcepoliciesrequest *InstancesRemoveResourcePoliciesRequest
-	urlParams_                             gensupport.URLParams
-	ctx_                                   context.Context
-	header_                                http.Header
+type InstancesPerformMaintenanceCall struct {
+	s          *Service
+	project    string
+	zone       string
+	instance   string
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
 }
 
-// RemoveResourcePolicies: Removes resource policies from an instance.
+// PerformMaintenance: Perform a manual maintenance on the instance.
 //
-// - instance: The instance name for this request.
+// - instance: Name of the instance scoping this request.
 // - project: Project ID for this request.
 // - zone: The name of the zone for this request.
-func (r *InstancesService) RemoveResourcePolicies(project string, zone string, instance string, instancesremoveresourcepoliciesrequest *InstancesRemoveResourcePoliciesRequest) *InstancesRemoveResourcePoliciesCall {
-	c := &InstancesRemoveResourcePoliciesCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *InstancesService) PerformMaintenance(project string, zone string, instance string) *InstancesPerformMaintenanceCall {
+	c := &InstancesPerformMaintenanceCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.zone = zone
 	c.instance = instance
-	c.instancesremoveresourcepoliciesrequest = instancesremoveresourcepoliciesrequest
 	return c
 }
 
@@ -120194,7 +124892,7 @@ func (r *InstancesService) RemoveResourcePolicies(project string, zone string, i
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *InstancesRemoveResourcePoliciesCall) RequestId(requestId string) *InstancesRemoveResourcePoliciesCall {
+func (c *InstancesPerformMaintenanceCall) RequestId(requestId string) *InstancesPerformMaintenanceCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -120202,7 +124900,7 @@ func (c *InstancesRemoveResourcePoliciesCall) RequestId(requestId string) *Insta
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *InstancesRemoveResourcePoliciesCall) Fields(s ...googleapi.Field) *InstancesRemoveResourcePoliciesCall {
+func (c *InstancesPerformMaintenanceCall) Fields(s ...googleapi.Field) *InstancesPerformMaintenanceCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -120210,21 +124908,21 @@ func (c *InstancesRemoveResourcePoliciesCall) Fields(s ...googleapi.Field) *Inst
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *InstancesRemoveResourcePoliciesCall) Context(ctx context.Context) *InstancesRemoveResourcePoliciesCall {
+func (c *InstancesPerformMaintenanceCall) Context(ctx context.Context) *InstancesPerformMaintenanceCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *InstancesRemoveResourcePoliciesCall) Header() http.Header {
+func (c *InstancesPerformMaintenanceCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *InstancesRemoveResourcePoliciesCall) doRequest(alt string) (*http.Response, error) {
+func (c *InstancesPerformMaintenanceCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -120232,14 +124930,9 @@ func (c *InstancesRemoveResourcePoliciesCall) doRequest(alt string) (*http.Respo
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.instancesremoveresourcepoliciesrequest)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instances/{instance}/removeResourcePolicies")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instances/{instance}/performMaintenance")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -120254,14 +124947,199 @@ func (c *InstancesRemoveResourcePoliciesCall) doRequest(alt string) (*http.Respo
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.instances.removeResourcePolicies" call.
+// Do executes the "compute.instances.performMaintenance" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *InstancesRemoveResourcePoliciesCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *InstancesPerformMaintenanceCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Perform a manual maintenance on the instance.",
+	//   "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/performMaintenance",
+	//   "httpMethod": "POST",
+	//   "id": "compute.instances.performMaintenance",
+	//   "parameterOrder": [
+	//     "project",
+	//     "zone",
+	//     "instance"
+	//   ],
+	//   "parameters": {
+	//     "instance": {
+	//       "description": "Name of the instance scoping this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "zone": {
+	//       "description": "The name of the zone for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/zones/{zone}/instances/{instance}/performMaintenance",
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.instances.removeResourcePolicies":
+
+type InstancesRemoveResourcePoliciesCall struct {
+	s                                      *Service
+	project                                string
+	zone                                   string
+	instance                               string
+	instancesremoveresourcepoliciesrequest *InstancesRemoveResourcePoliciesRequest
+	urlParams_                             gensupport.URLParams
+	ctx_                                   context.Context
+	header_                                http.Header
+}
+
+// RemoveResourcePolicies: Removes resource policies from an instance.
+//
+// - instance: The instance name for this request.
+// - project: Project ID for this request.
+// - zone: The name of the zone for this request.
+func (r *InstancesService) RemoveResourcePolicies(project string, zone string, instance string, instancesremoveresourcepoliciesrequest *InstancesRemoveResourcePoliciesRequest) *InstancesRemoveResourcePoliciesCall {
+	c := &InstancesRemoveResourcePoliciesCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.zone = zone
+	c.instance = instance
+	c.instancesremoveresourcepoliciesrequest = instancesremoveresourcepoliciesrequest
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *InstancesRemoveResourcePoliciesCall) RequestId(requestId string) *InstancesRemoveResourcePoliciesCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *InstancesRemoveResourcePoliciesCall) Fields(s ...googleapi.Field) *InstancesRemoveResourcePoliciesCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *InstancesRemoveResourcePoliciesCall) Context(ctx context.Context) *InstancesRemoveResourcePoliciesCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *InstancesRemoveResourcePoliciesCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *InstancesRemoveResourcePoliciesCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.instancesremoveresourcepoliciesrequest)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instances/{instance}/removeResourcePolicies")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":  c.project,
+		"zone":     c.zone,
+		"instance": c.instance,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.instances.removeResourcePolicies" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *InstancesRemoveResourcePoliciesCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -122730,32 +127608,33 @@ func (c *InstancesSetSchedulingCall) Do(opts ...googleapi.CallOption) (*Operatio
 
 }
 
-// method id "compute.instances.setServiceAccount":
+// method id "compute.instances.setSecurityPolicy":
 
-type InstancesSetServiceAccountCall struct {
+type InstancesSetSecurityPolicyCall struct {
 	s                                 *Service
 	project                           string
 	zone                              string
 	instance                          string
-	instancessetserviceaccountrequest *InstancesSetServiceAccountRequest
+	instancessetsecuritypolicyrequest *InstancesSetSecurityPolicyRequest
 	urlParams_                        gensupport.URLParams
 	ctx_                              context.Context
 	header_                           http.Header
 }
 
-// SetServiceAccount: Sets the service account on the instance. For more
-// information, read Changing the service account and access scopes for
-// an instance.
+// SetSecurityPolicy: Sets the Google Cloud Armor security policy for
+// the specified instance. For more information, see Google Cloud Armor
+// Overview
 //
-// - instance: Name of the instance resource to start.
-// - project: Project ID for this request.
-// - zone: The name of the zone for this request.
-func (r *InstancesService) SetServiceAccount(project string, zone string, instance string, instancessetserviceaccountrequest *InstancesSetServiceAccountRequest) *InstancesSetServiceAccountCall {
-	c := &InstancesSetServiceAccountCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+//   - instance: Name of the Instance resource to which the security
+//     policy should be set. The name should conform to RFC1035.
+//   - project: Project ID for this request.
+//   - zone: Name of the zone scoping this request.
+func (r *InstancesService) SetSecurityPolicy(project string, zone string, instance string, instancessetsecuritypolicyrequest *InstancesSetSecurityPolicyRequest) *InstancesSetSecurityPolicyCall {
+	c := &InstancesSetSecurityPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.zone = zone
 	c.instance = instance
-	c.instancessetserviceaccountrequest = instancessetserviceaccountrequest
+	c.instancessetsecuritypolicyrequest = instancessetsecuritypolicyrequest
 	return c
 }
 
@@ -122770,7 +127649,7 @@ func (r *InstancesService) SetServiceAccount(project string, zone string, instan
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *InstancesSetServiceAccountCall) RequestId(requestId string) *InstancesSetServiceAccountCall {
+func (c *InstancesSetSecurityPolicyCall) RequestId(requestId string) *InstancesSetSecurityPolicyCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -122778,7 +127657,7 @@ func (c *InstancesSetServiceAccountCall) RequestId(requestId string) *InstancesS
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *InstancesSetServiceAccountCall) Fields(s ...googleapi.Field) *InstancesSetServiceAccountCall {
+func (c *InstancesSetSecurityPolicyCall) Fields(s ...googleapi.Field) *InstancesSetSecurityPolicyCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -122786,21 +127665,21 @@ func (c *InstancesSetServiceAccountCall) Fields(s ...googleapi.Field) *Instances
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *InstancesSetServiceAccountCall) Context(ctx context.Context) *InstancesSetServiceAccountCall {
+func (c *InstancesSetSecurityPolicyCall) Context(ctx context.Context) *InstancesSetSecurityPolicyCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *InstancesSetServiceAccountCall) Header() http.Header {
+func (c *InstancesSetSecurityPolicyCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *InstancesSetServiceAccountCall) doRequest(alt string) (*http.Response, error) {
+func (c *InstancesSetSecurityPolicyCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -122808,14 +127687,14 @@ func (c *InstancesSetServiceAccountCall) doRequest(alt string) (*http.Response,
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.instancessetserviceaccountrequest)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.instancessetsecuritypolicyrequest)
 	if err != nil {
 		return nil, err
 	}
 	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instances/{instance}/setServiceAccount")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instances/{instance}/setSecurityPolicy")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -122830,14 +127709,14 @@ func (c *InstancesSetServiceAccountCall) doRequest(alt string) (*http.Response,
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.instances.setServiceAccount" call.
+// Do executes the "compute.instances.setSecurityPolicy" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *InstancesSetServiceAccountCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *InstancesSetSecurityPolicyCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -122868,10 +127747,10 @@ func (c *InstancesSetServiceAccountCall) Do(opts ...googleapi.CallOption) (*Oper
 	}
 	return ret, nil
 	// {
-	//   "description": "Sets the service account on the instance. For more information, read Changing the service account and access scopes for an instance.",
-	//   "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/setServiceAccount",
+	//   "description": "Sets the Google Cloud Armor security policy for the specified instance. For more information, see Google Cloud Armor Overview",
+	//   "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/setSecurityPolicy",
 	//   "httpMethod": "POST",
-	//   "id": "compute.instances.setServiceAccount",
+	//   "id": "compute.instances.setSecurityPolicy",
 	//   "parameterOrder": [
 	//     "project",
 	//     "zone",
@@ -122879,9 +127758,8 @@ func (c *InstancesSetServiceAccountCall) Do(opts ...googleapi.CallOption) (*Oper
 	//   ],
 	//   "parameters": {
 	//     "instance": {
-	//       "description": "Name of the instance resource to start.",
+	//       "description": "Name of the Instance resource to which the security policy should be set. The name should conform to RFC1035.",
 	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 	//       "required": true,
 	//       "type": "string"
 	//     },
@@ -122898,16 +127776,16 @@ func (c *InstancesSetServiceAccountCall) Do(opts ...googleapi.CallOption) (*Oper
 	//       "type": "string"
 	//     },
 	//     "zone": {
-	//       "description": "The name of the zone for this request.",
+	//       "description": "Name of the zone scoping this request.",
 	//       "location": "path",
 	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
 	//       "required": true,
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/zones/{zone}/instances/{instance}/setServiceAccount",
+	//   "path": "projects/{project}/zones/{zone}/instances/{instance}/setSecurityPolicy",
 	//   "request": {
-	//     "$ref": "InstancesSetServiceAccountRequest"
+	//     "$ref": "InstancesSetSecurityPolicyRequest"
 	//   },
 	//   "response": {
 	//     "$ref": "Operation"
@@ -122920,33 +127798,32 @@ func (c *InstancesSetServiceAccountCall) Do(opts ...googleapi.CallOption) (*Oper
 
 }
 
-// method id "compute.instances.setShieldedInstanceIntegrityPolicy":
+// method id "compute.instances.setServiceAccount":
 
-type InstancesSetShieldedInstanceIntegrityPolicyCall struct {
-	s                               *Service
-	project                         string
-	zone                            string
-	instance                        string
-	shieldedinstanceintegritypolicy *ShieldedInstanceIntegrityPolicy
-	urlParams_                      gensupport.URLParams
-	ctx_                            context.Context
-	header_                         http.Header
+type InstancesSetServiceAccountCall struct {
+	s                                 *Service
+	project                           string
+	zone                              string
+	instance                          string
+	instancessetserviceaccountrequest *InstancesSetServiceAccountRequest
+	urlParams_                        gensupport.URLParams
+	ctx_                              context.Context
+	header_                           http.Header
 }
 
-// SetShieldedInstanceIntegrityPolicy: Sets the Shielded Instance
-// integrity policy for an instance. You can only use this method on a
-// running instance. This method supports PATCH semantics and uses the
-// JSON merge patch format and processing rules.
+// SetServiceAccount: Sets the service account on the instance. For more
+// information, read Changing the service account and access scopes for
+// an instance.
 //
-// - instance: Name or id of the instance scoping this request.
+// - instance: Name of the instance resource to start.
 // - project: Project ID for this request.
 // - zone: The name of the zone for this request.
-func (r *InstancesService) SetShieldedInstanceIntegrityPolicy(project string, zone string, instance string, shieldedinstanceintegritypolicy *ShieldedInstanceIntegrityPolicy) *InstancesSetShieldedInstanceIntegrityPolicyCall {
-	c := &InstancesSetShieldedInstanceIntegrityPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *InstancesService) SetServiceAccount(project string, zone string, instance string, instancessetserviceaccountrequest *InstancesSetServiceAccountRequest) *InstancesSetServiceAccountCall {
+	c := &InstancesSetServiceAccountCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.zone = zone
 	c.instance = instance
-	c.shieldedinstanceintegritypolicy = shieldedinstanceintegritypolicy
+	c.instancessetserviceaccountrequest = instancessetserviceaccountrequest
 	return c
 }
 
@@ -122961,7 +127838,7 @@ func (r *InstancesService) SetShieldedInstanceIntegrityPolicy(project string, zo
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *InstancesSetShieldedInstanceIntegrityPolicyCall) RequestId(requestId string) *InstancesSetShieldedInstanceIntegrityPolicyCall {
+func (c *InstancesSetServiceAccountCall) RequestId(requestId string) *InstancesSetServiceAccountCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -122969,7 +127846,7 @@ func (c *InstancesSetShieldedInstanceIntegrityPolicyCall) RequestId(requestId st
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *InstancesSetShieldedInstanceIntegrityPolicyCall) Fields(s ...googleapi.Field) *InstancesSetShieldedInstanceIntegrityPolicyCall {
+func (c *InstancesSetServiceAccountCall) Fields(s ...googleapi.Field) *InstancesSetServiceAccountCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -122977,21 +127854,21 @@ func (c *InstancesSetShieldedInstanceIntegrityPolicyCall) Fields(s ...googleapi.
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *InstancesSetShieldedInstanceIntegrityPolicyCall) Context(ctx context.Context) *InstancesSetShieldedInstanceIntegrityPolicyCall {
+func (c *InstancesSetServiceAccountCall) Context(ctx context.Context) *InstancesSetServiceAccountCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *InstancesSetShieldedInstanceIntegrityPolicyCall) Header() http.Header {
+func (c *InstancesSetServiceAccountCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *InstancesSetShieldedInstanceIntegrityPolicyCall) doRequest(alt string) (*http.Response, error) {
+func (c *InstancesSetServiceAccountCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -122999,16 +127876,16 @@ func (c *InstancesSetShieldedInstanceIntegrityPolicyCall) doRequest(alt string)
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.shieldedinstanceintegritypolicy)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.instancessetserviceaccountrequest)
 	if err != nil {
 		return nil, err
 	}
 	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instances/{instance}/setShieldedInstanceIntegrityPolicy")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instances/{instance}/setServiceAccount")
 	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("PATCH", urls, body)
+	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
 		return nil, err
 	}
@@ -123021,14 +127898,14 @@ func (c *InstancesSetShieldedInstanceIntegrityPolicyCall) doRequest(alt string)
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.instances.setShieldedInstanceIntegrityPolicy" call.
+// Do executes the "compute.instances.setServiceAccount" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *InstancesSetShieldedInstanceIntegrityPolicyCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *InstancesSetServiceAccountCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -123059,10 +127936,10 @@ func (c *InstancesSetShieldedInstanceIntegrityPolicyCall) Do(opts ...googleapi.C
 	}
 	return ret, nil
 	// {
-	//   "description": "Sets the Shielded Instance integrity policy for an instance. You can only use this method on a running instance. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.",
-	//   "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/setShieldedInstanceIntegrityPolicy",
-	//   "httpMethod": "PATCH",
-	//   "id": "compute.instances.setShieldedInstanceIntegrityPolicy",
+	//   "description": "Sets the service account on the instance. For more information, read Changing the service account and access scopes for an instance.",
+	//   "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/setServiceAccount",
+	//   "httpMethod": "POST",
+	//   "id": "compute.instances.setServiceAccount",
 	//   "parameterOrder": [
 	//     "project",
 	//     "zone",
@@ -123070,7 +127947,7 @@ func (c *InstancesSetShieldedInstanceIntegrityPolicyCall) Do(opts ...googleapi.C
 	//   ],
 	//   "parameters": {
 	//     "instance": {
-	//       "description": "Name or id of the instance scoping this request.",
+	//       "description": "Name of the instance resource to start.",
 	//       "location": "path",
 	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 	//       "required": true,
@@ -123096,9 +127973,9 @@ func (c *InstancesSetShieldedInstanceIntegrityPolicyCall) Do(opts ...googleapi.C
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/zones/{zone}/instances/{instance}/setShieldedInstanceIntegrityPolicy",
+	//   "path": "projects/{project}/zones/{zone}/instances/{instance}/setServiceAccount",
 	//   "request": {
-	//     "$ref": "ShieldedInstanceIntegrityPolicy"
+	//     "$ref": "InstancesSetServiceAccountRequest"
 	//   },
 	//   "response": {
 	//     "$ref": "Operation"
@@ -123111,33 +127988,33 @@ func (c *InstancesSetShieldedInstanceIntegrityPolicyCall) Do(opts ...googleapi.C
 
 }
 
-// method id "compute.instances.setShieldedVmIntegrityPolicy":
+// method id "compute.instances.setShieldedInstanceIntegrityPolicy":
 
-type InstancesSetShieldedVmIntegrityPolicyCall struct {
-	s                         *Service
-	project                   string
-	zone                      string
-	instance                  string
-	shieldedvmintegritypolicy *ShieldedVmIntegrityPolicy
-	urlParams_                gensupport.URLParams
-	ctx_                      context.Context
-	header_                   http.Header
+type InstancesSetShieldedInstanceIntegrityPolicyCall struct {
+	s                               *Service
+	project                         string
+	zone                            string
+	instance                        string
+	shieldedinstanceintegritypolicy *ShieldedInstanceIntegrityPolicy
+	urlParams_                      gensupport.URLParams
+	ctx_                            context.Context
+	header_                         http.Header
 }
 
-// SetShieldedVmIntegrityPolicy: Sets the Shielded VM integrity policy
-// for a VM instance. You can only use this method on a running VM
-// instance. This method supports PATCH semantics and uses the JSON
-// merge patch format and processing rules.
+// SetShieldedInstanceIntegrityPolicy: Sets the Shielded Instance
+// integrity policy for an instance. You can only use this method on a
+// running instance. This method supports PATCH semantics and uses the
+// JSON merge patch format and processing rules.
 //
-// - instance: Name of the instance scoping this request.
+// - instance: Name or id of the instance scoping this request.
 // - project: Project ID for this request.
 // - zone: The name of the zone for this request.
-func (r *InstancesService) SetShieldedVmIntegrityPolicy(project string, zone string, instance string, shieldedvmintegritypolicy *ShieldedVmIntegrityPolicy) *InstancesSetShieldedVmIntegrityPolicyCall {
-	c := &InstancesSetShieldedVmIntegrityPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *InstancesService) SetShieldedInstanceIntegrityPolicy(project string, zone string, instance string, shieldedinstanceintegritypolicy *ShieldedInstanceIntegrityPolicy) *InstancesSetShieldedInstanceIntegrityPolicyCall {
+	c := &InstancesSetShieldedInstanceIntegrityPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.zone = zone
 	c.instance = instance
-	c.shieldedvmintegritypolicy = shieldedvmintegritypolicy
+	c.shieldedinstanceintegritypolicy = shieldedinstanceintegritypolicy
 	return c
 }
 
@@ -123152,7 +128029,7 @@ func (r *InstancesService) SetShieldedVmIntegrityPolicy(project string, zone str
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *InstancesSetShieldedVmIntegrityPolicyCall) RequestId(requestId string) *InstancesSetShieldedVmIntegrityPolicyCall {
+func (c *InstancesSetShieldedInstanceIntegrityPolicyCall) RequestId(requestId string) *InstancesSetShieldedInstanceIntegrityPolicyCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -123160,7 +128037,7 @@ func (c *InstancesSetShieldedVmIntegrityPolicyCall) RequestId(requestId string)
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *InstancesSetShieldedVmIntegrityPolicyCall) Fields(s ...googleapi.Field) *InstancesSetShieldedVmIntegrityPolicyCall {
+func (c *InstancesSetShieldedInstanceIntegrityPolicyCall) Fields(s ...googleapi.Field) *InstancesSetShieldedInstanceIntegrityPolicyCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -123168,21 +128045,21 @@ func (c *InstancesSetShieldedVmIntegrityPolicyCall) Fields(s ...googleapi.Field)
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *InstancesSetShieldedVmIntegrityPolicyCall) Context(ctx context.Context) *InstancesSetShieldedVmIntegrityPolicyCall {
+func (c *InstancesSetShieldedInstanceIntegrityPolicyCall) Context(ctx context.Context) *InstancesSetShieldedInstanceIntegrityPolicyCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *InstancesSetShieldedVmIntegrityPolicyCall) Header() http.Header {
+func (c *InstancesSetShieldedInstanceIntegrityPolicyCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *InstancesSetShieldedVmIntegrityPolicyCall) doRequest(alt string) (*http.Response, error) {
+func (c *InstancesSetShieldedInstanceIntegrityPolicyCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -123190,14 +128067,14 @@ func (c *InstancesSetShieldedVmIntegrityPolicyCall) doRequest(alt string) (*http
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.shieldedvmintegritypolicy)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.shieldedinstanceintegritypolicy)
 	if err != nil {
 		return nil, err
 	}
 	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instances/{instance}/setShieldedVmIntegrityPolicy")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instances/{instance}/setShieldedInstanceIntegrityPolicy")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("PATCH", urls, body)
 	if err != nil {
@@ -123212,14 +128089,14 @@ func (c *InstancesSetShieldedVmIntegrityPolicyCall) doRequest(alt string) (*http
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.instances.setShieldedVmIntegrityPolicy" call.
+// Do executes the "compute.instances.setShieldedInstanceIntegrityPolicy" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *InstancesSetShieldedVmIntegrityPolicyCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *InstancesSetShieldedInstanceIntegrityPolicyCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -123250,10 +128127,10 @@ func (c *InstancesSetShieldedVmIntegrityPolicyCall) Do(opts ...googleapi.CallOpt
 	}
 	return ret, nil
 	// {
-	//   "description": "Sets the Shielded VM integrity policy for a VM instance. You can only use this method on a running VM instance. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.",
-	//   "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/setShieldedVmIntegrityPolicy",
+	//   "description": "Sets the Shielded Instance integrity policy for an instance. You can only use this method on a running instance. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.",
+	//   "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/setShieldedInstanceIntegrityPolicy",
 	//   "httpMethod": "PATCH",
-	//   "id": "compute.instances.setShieldedVmIntegrityPolicy",
+	//   "id": "compute.instances.setShieldedInstanceIntegrityPolicy",
 	//   "parameterOrder": [
 	//     "project",
 	//     "zone",
@@ -123261,7 +128138,7 @@ func (c *InstancesSetShieldedVmIntegrityPolicyCall) Do(opts ...googleapi.CallOpt
 	//   ],
 	//   "parameters": {
 	//     "instance": {
-	//       "description": "Name of the instance scoping this request.",
+	//       "description": "Name or id of the instance scoping this request.",
 	//       "location": "path",
 	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 	//       "required": true,
@@ -123287,9 +128164,9 @@ func (c *InstancesSetShieldedVmIntegrityPolicyCall) Do(opts ...googleapi.CallOpt
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/zones/{zone}/instances/{instance}/setShieldedVmIntegrityPolicy",
+	//   "path": "projects/{project}/zones/{zone}/instances/{instance}/setShieldedInstanceIntegrityPolicy",
 	//   "request": {
-	//     "$ref": "ShieldedVmIntegrityPolicy"
+	//     "$ref": "ShieldedInstanceIntegrityPolicy"
 	//   },
 	//   "response": {
 	//     "$ref": "Operation"
@@ -123302,31 +128179,33 @@ func (c *InstancesSetShieldedVmIntegrityPolicyCall) Do(opts ...googleapi.CallOpt
 
 }
 
-// method id "compute.instances.setTags":
+// method id "compute.instances.setShieldedVmIntegrityPolicy":
 
-type InstancesSetTagsCall struct {
-	s          *Service
-	project    string
-	zone       string
-	instance   string
-	tags       *Tags
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
+type InstancesSetShieldedVmIntegrityPolicyCall struct {
+	s                         *Service
+	project                   string
+	zone                      string
+	instance                  string
+	shieldedvmintegritypolicy *ShieldedVmIntegrityPolicy
+	urlParams_                gensupport.URLParams
+	ctx_                      context.Context
+	header_                   http.Header
 }
 
-// SetTags: Sets network tags for the specified instance to the data
-// included in the request.
+// SetShieldedVmIntegrityPolicy: Sets the Shielded VM integrity policy
+// for a VM instance. You can only use this method on a running VM
+// instance. This method supports PATCH semantics and uses the JSON
+// merge patch format and processing rules.
 //
 // - instance: Name of the instance scoping this request.
 // - project: Project ID for this request.
 // - zone: The name of the zone for this request.
-func (r *InstancesService) SetTags(project string, zone string, instance string, tags *Tags) *InstancesSetTagsCall {
-	c := &InstancesSetTagsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *InstancesService) SetShieldedVmIntegrityPolicy(project string, zone string, instance string, shieldedvmintegritypolicy *ShieldedVmIntegrityPolicy) *InstancesSetShieldedVmIntegrityPolicyCall {
+	c := &InstancesSetShieldedVmIntegrityPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.zone = zone
 	c.instance = instance
-	c.tags = tags
+	c.shieldedvmintegritypolicy = shieldedvmintegritypolicy
 	return c
 }
 
@@ -123341,7 +128220,7 @@ func (r *InstancesService) SetTags(project string, zone string, instance string,
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *InstancesSetTagsCall) RequestId(requestId string) *InstancesSetTagsCall {
+func (c *InstancesSetShieldedVmIntegrityPolicyCall) RequestId(requestId string) *InstancesSetShieldedVmIntegrityPolicyCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -123349,7 +128228,7 @@ func (c *InstancesSetTagsCall) RequestId(requestId string) *InstancesSetTagsCall
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *InstancesSetTagsCall) Fields(s ...googleapi.Field) *InstancesSetTagsCall {
+func (c *InstancesSetShieldedVmIntegrityPolicyCall) Fields(s ...googleapi.Field) *InstancesSetShieldedVmIntegrityPolicyCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -123357,21 +128236,21 @@ func (c *InstancesSetTagsCall) Fields(s ...googleapi.Field) *InstancesSetTagsCal
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *InstancesSetTagsCall) Context(ctx context.Context) *InstancesSetTagsCall {
+func (c *InstancesSetShieldedVmIntegrityPolicyCall) Context(ctx context.Context) *InstancesSetShieldedVmIntegrityPolicyCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *InstancesSetTagsCall) Header() http.Header {
+func (c *InstancesSetShieldedVmIntegrityPolicyCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *InstancesSetTagsCall) doRequest(alt string) (*http.Response, error) {
+func (c *InstancesSetShieldedVmIntegrityPolicyCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -123379,16 +128258,16 @@ func (c *InstancesSetTagsCall) doRequest(alt string) (*http.Response, error) {
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.tags)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.shieldedvmintegritypolicy)
 	if err != nil {
 		return nil, err
 	}
 	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instances/{instance}/setTags")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instances/{instance}/setShieldedVmIntegrityPolicy")
 	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("POST", urls, body)
+	req, err := http.NewRequest("PATCH", urls, body)
 	if err != nil {
 		return nil, err
 	}
@@ -123401,14 +128280,14 @@ func (c *InstancesSetTagsCall) doRequest(alt string) (*http.Response, error) {
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.instances.setTags" call.
+// Do executes the "compute.instances.setShieldedVmIntegrityPolicy" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *InstancesSetTagsCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *InstancesSetShieldedVmIntegrityPolicyCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -123439,10 +128318,10 @@ func (c *InstancesSetTagsCall) Do(opts ...googleapi.CallOption) (*Operation, err
 	}
 	return ret, nil
 	// {
-	//   "description": "Sets network tags for the specified instance to the data included in the request.",
-	//   "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/setTags",
-	//   "httpMethod": "POST",
-	//   "id": "compute.instances.setTags",
+	//   "description": "Sets the Shielded VM integrity policy for a VM instance. You can only use this method on a running VM instance. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.",
+	//   "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/setShieldedVmIntegrityPolicy",
+	//   "httpMethod": "PATCH",
+	//   "id": "compute.instances.setShieldedVmIntegrityPolicy",
 	//   "parameterOrder": [
 	//     "project",
 	//     "zone",
@@ -123476,9 +128355,9 @@ func (c *InstancesSetTagsCall) Do(opts ...googleapi.CallOption) (*Operation, err
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/zones/{zone}/instances/{instance}/setTags",
+	//   "path": "projects/{project}/zones/{zone}/instances/{instance}/setShieldedVmIntegrityPolicy",
 	//   "request": {
-	//     "$ref": "Tags"
+	//     "$ref": "ShieldedVmIntegrityPolicy"
 	//   },
 	//   "response": {
 	//     "$ref": "Operation"
@@ -123491,29 +128370,31 @@ func (c *InstancesSetTagsCall) Do(opts ...googleapi.CallOption) (*Operation, err
 
 }
 
-// method id "compute.instances.simulateMaintenanceEvent":
+// method id "compute.instances.setTags":
 
-type InstancesSimulateMaintenanceEventCall struct {
+type InstancesSetTagsCall struct {
 	s          *Service
 	project    string
 	zone       string
 	instance   string
+	tags       *Tags
 	urlParams_ gensupport.URLParams
 	ctx_       context.Context
 	header_    http.Header
 }
 
-// SimulateMaintenanceEvent: Simulates a host maintenance event on a VM.
-// For more information, see Simulate a host maintenance event.
+// SetTags: Sets network tags for the specified instance to the data
+// included in the request.
 //
 // - instance: Name of the instance scoping this request.
 // - project: Project ID for this request.
 // - zone: The name of the zone for this request.
-func (r *InstancesService) SimulateMaintenanceEvent(project string, zone string, instance string) *InstancesSimulateMaintenanceEventCall {
-	c := &InstancesSimulateMaintenanceEventCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *InstancesService) SetTags(project string, zone string, instance string, tags *Tags) *InstancesSetTagsCall {
+	c := &InstancesSetTagsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.zone = zone
 	c.instance = instance
+	c.tags = tags
 	return c
 }
 
@@ -123528,23 +128409,15 @@ func (r *InstancesService) SimulateMaintenanceEvent(project string, zone string,
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *InstancesSimulateMaintenanceEventCall) RequestId(requestId string) *InstancesSimulateMaintenanceEventCall {
+func (c *InstancesSetTagsCall) RequestId(requestId string) *InstancesSetTagsCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
 
-// WithExtendedNotifications sets the optional parameter
-// "withExtendedNotifications": Determines whether the customers receive
-// notifications before migration. Only applicable to SF vms.
-func (c *InstancesSimulateMaintenanceEventCall) WithExtendedNotifications(withExtendedNotifications bool) *InstancesSimulateMaintenanceEventCall {
-	c.urlParams_.Set("withExtendedNotifications", fmt.Sprint(withExtendedNotifications))
-	return c
-}
-
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *InstancesSimulateMaintenanceEventCall) Fields(s ...googleapi.Field) *InstancesSimulateMaintenanceEventCall {
+func (c *InstancesSetTagsCall) Fields(s ...googleapi.Field) *InstancesSetTagsCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -123552,21 +128425,21 @@ func (c *InstancesSimulateMaintenanceEventCall) Fields(s ...googleapi.Field) *In
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *InstancesSimulateMaintenanceEventCall) Context(ctx context.Context) *InstancesSimulateMaintenanceEventCall {
+func (c *InstancesSetTagsCall) Context(ctx context.Context) *InstancesSetTagsCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *InstancesSimulateMaintenanceEventCall) Header() http.Header {
+func (c *InstancesSetTagsCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *InstancesSimulateMaintenanceEventCall) doRequest(alt string) (*http.Response, error) {
+func (c *InstancesSetTagsCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -123574,9 +128447,14 @@ func (c *InstancesSimulateMaintenanceEventCall) doRequest(alt string) (*http.Res
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.tags)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instances/{instance}/simulateMaintenanceEvent")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instances/{instance}/setTags")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -123591,14 +128469,14 @@ func (c *InstancesSimulateMaintenanceEventCall) doRequest(alt string) (*http.Res
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.instances.simulateMaintenanceEvent" call.
+// Do executes the "compute.instances.setTags" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *InstancesSimulateMaintenanceEventCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *InstancesSetTagsCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -123629,10 +128507,10 @@ func (c *InstancesSimulateMaintenanceEventCall) Do(opts ...googleapi.CallOption)
 	}
 	return ret, nil
 	// {
-	//   "description": "Simulates a host maintenance event on a VM. For more information, see Simulate a host maintenance event.",
-	//   "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/simulateMaintenanceEvent",
+	//   "description": "Sets network tags for the specified instance to the data included in the request.",
+	//   "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/setTags",
 	//   "httpMethod": "POST",
-	//   "id": "compute.instances.simulateMaintenanceEvent",
+	//   "id": "compute.instances.setTags",
 	//   "parameterOrder": [
 	//     "project",
 	//     "zone",
@@ -123658,11 +128536,6 @@ func (c *InstancesSimulateMaintenanceEventCall) Do(opts ...googleapi.CallOption)
 	//       "location": "query",
 	//       "type": "string"
 	//     },
-	//     "withExtendedNotifications": {
-	//       "description": "Determines whether the customers receive notifications before migration. Only applicable to SF vms.",
-	//       "location": "query",
-	//       "type": "boolean"
-	//     },
 	//     "zone": {
 	//       "description": "The name of the zone for this request.",
 	//       "location": "path",
@@ -123671,7 +128544,10 @@ func (c *InstancesSimulateMaintenanceEventCall) Do(opts ...googleapi.CallOption)
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/zones/{zone}/instances/{instance}/simulateMaintenanceEvent",
+	//   "path": "projects/{project}/zones/{zone}/instances/{instance}/setTags",
+	//   "request": {
+	//     "$ref": "Tags"
+	//   },
 	//   "response": {
 	//     "$ref": "Operation"
 	//   },
@@ -123683,9 +128559,9 @@ func (c *InstancesSimulateMaintenanceEventCall) Do(opts ...googleapi.CallOption)
 
 }
 
-// method id "compute.instances.start":
+// method id "compute.instances.simulateMaintenanceEvent":
 
-type InstancesStartCall struct {
+type InstancesSimulateMaintenanceEventCall struct {
 	s          *Service
 	project    string
 	zone       string
@@ -123695,14 +128571,14 @@ type InstancesStartCall struct {
 	header_    http.Header
 }
 
-// Start: Starts an instance that was stopped using the instances().stop
-// method. For more information, see Restart an instance.
+// SimulateMaintenanceEvent: Simulates a host maintenance event on a VM.
+// For more information, see Simulate a host maintenance event.
 //
-// - instance: Name of the instance resource to start.
+// - instance: Name of the instance scoping this request.
 // - project: Project ID for this request.
 // - zone: The name of the zone for this request.
-func (r *InstancesService) Start(project string, zone string, instance string) *InstancesStartCall {
-	c := &InstancesStartCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *InstancesService) SimulateMaintenanceEvent(project string, zone string, instance string) *InstancesSimulateMaintenanceEventCall {
+	c := &InstancesSimulateMaintenanceEventCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.zone = zone
 	c.instance = instance
@@ -123720,15 +128596,23 @@ func (r *InstancesService) Start(project string, zone string, instance string) *
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *InstancesStartCall) RequestId(requestId string) *InstancesStartCall {
+func (c *InstancesSimulateMaintenanceEventCall) RequestId(requestId string) *InstancesSimulateMaintenanceEventCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
 
+// WithExtendedNotifications sets the optional parameter
+// "withExtendedNotifications": Determines whether the customers receive
+// notifications before migration. Only applicable to SF vms.
+func (c *InstancesSimulateMaintenanceEventCall) WithExtendedNotifications(withExtendedNotifications bool) *InstancesSimulateMaintenanceEventCall {
+	c.urlParams_.Set("withExtendedNotifications", fmt.Sprint(withExtendedNotifications))
+	return c
+}
+
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *InstancesStartCall) Fields(s ...googleapi.Field) *InstancesStartCall {
+func (c *InstancesSimulateMaintenanceEventCall) Fields(s ...googleapi.Field) *InstancesSimulateMaintenanceEventCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -123736,21 +128620,21 @@ func (c *InstancesStartCall) Fields(s ...googleapi.Field) *InstancesStartCall {
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *InstancesStartCall) Context(ctx context.Context) *InstancesStartCall {
+func (c *InstancesSimulateMaintenanceEventCall) Context(ctx context.Context) *InstancesSimulateMaintenanceEventCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *InstancesStartCall) Header() http.Header {
+func (c *InstancesSimulateMaintenanceEventCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *InstancesStartCall) doRequest(alt string) (*http.Response, error) {
+func (c *InstancesSimulateMaintenanceEventCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -123760,7 +128644,7 @@ func (c *InstancesStartCall) doRequest(alt string) (*http.Response, error) {
 	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instances/{instance}/start")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instances/{instance}/simulateMaintenanceEvent")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -123775,14 +128659,14 @@ func (c *InstancesStartCall) doRequest(alt string) (*http.Response, error) {
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.instances.start" call.
+// Do executes the "compute.instances.simulateMaintenanceEvent" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *InstancesStartCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *InstancesSimulateMaintenanceEventCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -123813,10 +128697,10 @@ func (c *InstancesStartCall) Do(opts ...googleapi.CallOption) (*Operation, error
 	}
 	return ret, nil
 	// {
-	//   "description": "Starts an instance that was stopped using the instances().stop method. For more information, see Restart an instance.",
-	//   "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/start",
+	//   "description": "Simulates a host maintenance event on a VM. For more information, see Simulate a host maintenance event.",
+	//   "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/simulateMaintenanceEvent",
 	//   "httpMethod": "POST",
-	//   "id": "compute.instances.start",
+	//   "id": "compute.instances.simulateMaintenanceEvent",
 	//   "parameterOrder": [
 	//     "project",
 	//     "zone",
@@ -123824,7 +128708,7 @@ func (c *InstancesStartCall) Do(opts ...googleapi.CallOption) (*Operation, error
 	//   ],
 	//   "parameters": {
 	//     "instance": {
-	//       "description": "Name of the instance resource to start.",
+	//       "description": "Name of the instance scoping this request.",
 	//       "location": "path",
 	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 	//       "required": true,
@@ -123842,6 +128726,11 @@ func (c *InstancesStartCall) Do(opts ...googleapi.CallOption) (*Operation, error
 	//       "location": "query",
 	//       "type": "string"
 	//     },
+	//     "withExtendedNotifications": {
+	//       "description": "Determines whether the customers receive notifications before migration. Only applicable to SF vms.",
+	//       "location": "query",
+	//       "type": "boolean"
+	//     },
 	//     "zone": {
 	//       "description": "The name of the zone for this request.",
 	//       "location": "path",
@@ -123850,7 +128739,7 @@ func (c *InstancesStartCall) Do(opts ...googleapi.CallOption) (*Operation, error
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/zones/{zone}/instances/{instance}/start",
+	//   "path": "projects/{project}/zones/{zone}/instances/{instance}/simulateMaintenanceEvent",
 	//   "response": {
 	//     "$ref": "Operation"
 	//   },
@@ -123862,32 +128751,29 @@ func (c *InstancesStartCall) Do(opts ...googleapi.CallOption) (*Operation, error
 
 }
 
-// method id "compute.instances.startWithEncryptionKey":
+// method id "compute.instances.start":
 
-type InstancesStartWithEncryptionKeyCall struct {
-	s                                      *Service
-	project                                string
-	zone                                   string
-	instance                               string
-	instancesstartwithencryptionkeyrequest *InstancesStartWithEncryptionKeyRequest
-	urlParams_                             gensupport.URLParams
-	ctx_                                   context.Context
-	header_                                http.Header
+type InstancesStartCall struct {
+	s          *Service
+	project    string
+	zone       string
+	instance   string
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
 }
 
-// StartWithEncryptionKey: Starts an instance that was stopped using the
-// instances().stop method. For more information, see Restart an
-// instance.
+// Start: Starts an instance that was stopped using the instances().stop
+// method. For more information, see Restart an instance.
 //
 // - instance: Name of the instance resource to start.
 // - project: Project ID for this request.
 // - zone: The name of the zone for this request.
-func (r *InstancesService) StartWithEncryptionKey(project string, zone string, instance string, instancesstartwithencryptionkeyrequest *InstancesStartWithEncryptionKeyRequest) *InstancesStartWithEncryptionKeyCall {
-	c := &InstancesStartWithEncryptionKeyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *InstancesService) Start(project string, zone string, instance string) *InstancesStartCall {
+	c := &InstancesStartCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.zone = zone
 	c.instance = instance
-	c.instancesstartwithencryptionkeyrequest = instancesstartwithencryptionkeyrequest
 	return c
 }
 
@@ -123902,7 +128788,7 @@ func (r *InstancesService) StartWithEncryptionKey(project string, zone string, i
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *InstancesStartWithEncryptionKeyCall) RequestId(requestId string) *InstancesStartWithEncryptionKeyCall {
+func (c *InstancesStartCall) RequestId(requestId string) *InstancesStartCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -123910,7 +128796,7 @@ func (c *InstancesStartWithEncryptionKeyCall) RequestId(requestId string) *Insta
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *InstancesStartWithEncryptionKeyCall) Fields(s ...googleapi.Field) *InstancesStartWithEncryptionKeyCall {
+func (c *InstancesStartCall) Fields(s ...googleapi.Field) *InstancesStartCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -123918,21 +128804,21 @@ func (c *InstancesStartWithEncryptionKeyCall) Fields(s ...googleapi.Field) *Inst
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *InstancesStartWithEncryptionKeyCall) Context(ctx context.Context) *InstancesStartWithEncryptionKeyCall {
+func (c *InstancesStartCall) Context(ctx context.Context) *InstancesStartCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *InstancesStartWithEncryptionKeyCall) Header() http.Header {
+func (c *InstancesStartCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *InstancesStartWithEncryptionKeyCall) doRequest(alt string) (*http.Response, error) {
+func (c *InstancesStartCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -123940,14 +128826,9 @@ func (c *InstancesStartWithEncryptionKeyCall) doRequest(alt string) (*http.Respo
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.instancesstartwithencryptionkeyrequest)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instances/{instance}/startWithEncryptionKey")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instances/{instance}/start")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -123962,14 +128843,201 @@ func (c *InstancesStartWithEncryptionKeyCall) doRequest(alt string) (*http.Respo
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.instances.startWithEncryptionKey" call.
+// Do executes the "compute.instances.start" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *InstancesStartWithEncryptionKeyCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *InstancesStartCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Starts an instance that was stopped using the instances().stop method. For more information, see Restart an instance.",
+	//   "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/start",
+	//   "httpMethod": "POST",
+	//   "id": "compute.instances.start",
+	//   "parameterOrder": [
+	//     "project",
+	//     "zone",
+	//     "instance"
+	//   ],
+	//   "parameters": {
+	//     "instance": {
+	//       "description": "Name of the instance resource to start.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "zone": {
+	//       "description": "The name of the zone for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/zones/{zone}/instances/{instance}/start",
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.instances.startWithEncryptionKey":
+
+type InstancesStartWithEncryptionKeyCall struct {
+	s                                      *Service
+	project                                string
+	zone                                   string
+	instance                               string
+	instancesstartwithencryptionkeyrequest *InstancesStartWithEncryptionKeyRequest
+	urlParams_                             gensupport.URLParams
+	ctx_                                   context.Context
+	header_                                http.Header
+}
+
+// StartWithEncryptionKey: Starts an instance that was stopped using the
+// instances().stop method. For more information, see Restart an
+// instance.
+//
+// - instance: Name of the instance resource to start.
+// - project: Project ID for this request.
+// - zone: The name of the zone for this request.
+func (r *InstancesService) StartWithEncryptionKey(project string, zone string, instance string, instancesstartwithencryptionkeyrequest *InstancesStartWithEncryptionKeyRequest) *InstancesStartWithEncryptionKeyCall {
+	c := &InstancesStartWithEncryptionKeyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.zone = zone
+	c.instance = instance
+	c.instancesstartwithencryptionkeyrequest = instancesstartwithencryptionkeyrequest
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *InstancesStartWithEncryptionKeyCall) RequestId(requestId string) *InstancesStartWithEncryptionKeyCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *InstancesStartWithEncryptionKeyCall) Fields(s ...googleapi.Field) *InstancesStartWithEncryptionKeyCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *InstancesStartWithEncryptionKeyCall) Context(ctx context.Context) *InstancesStartWithEncryptionKeyCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *InstancesStartWithEncryptionKeyCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *InstancesStartWithEncryptionKeyCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.instancesstartwithencryptionkeyrequest)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instances/{instance}/startWithEncryptionKey")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":  c.project,
+		"zone":     c.zone,
+		"instance": c.instance,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.instances.startWithEncryptionKey" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *InstancesStartWithEncryptionKeyCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -135148,8 +140216,7 @@ type MachineImagesGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified machine image. Gets a list of available
-// machine images by making a list() request.
+// Get: Returns the specified machine image.
 //
 // - machineImage: The name of the machine image.
 // - project: Project ID for this request.
@@ -135260,7 +140327,7 @@ func (c *MachineImagesGetCall) Do(opts ...googleapi.CallOption) (*MachineImage,
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified machine image. Gets a list of available machine images by making a list() request.",
+	//   "description": "Returns the specified machine image.",
 	//   "flatPath": "projects/{project}/global/machineImages/{machineImage}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.machineImages.get",
@@ -136555,8 +141622,7 @@ type MachineTypesGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified machine type. Gets a list of available
-// machine types by making a list() request.
+// Get: Returns the specified machine type.
 //
 // - machineType: Name of the machine type to return.
 // - project: Project ID for this request.
@@ -136670,7 +141736,7 @@ func (c *MachineTypesGetCall) Do(opts ...googleapi.CallOption) (*MachineType, er
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified machine type. Gets a list of available machine types by making a list() request.",
+	//   "description": "Returns the specified machine type.",
 	//   "flatPath": "projects/{project}/zones/{zone}/machineTypes/{machineType}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.machineTypes.get",
@@ -138314,38 +143380,56 @@ func (c *NetworkAttachmentsListCall) Pages(ctx context.Context, f func(*NetworkA
 	}
 }
 
-// method id "compute.networkAttachments.setIamPolicy":
+// method id "compute.networkAttachments.patch":
 
-type NetworkAttachmentsSetIamPolicyCall struct {
-	s                      *Service
-	project                string
-	region                 string
-	resource               string
-	regionsetpolicyrequest *RegionSetPolicyRequest
-	urlParams_             gensupport.URLParams
-	ctx_                   context.Context
-	header_                http.Header
+type NetworkAttachmentsPatchCall struct {
+	s                 *Service
+	project           string
+	region            string
+	networkAttachment string
+	networkattachment *NetworkAttachment
+	urlParams_        gensupport.URLParams
+	ctx_              context.Context
+	header_           http.Header
 }
 
-// SetIamPolicy: Sets the access control policy on the specified
-// resource. Replaces any existing policy.
+// Patch: Patches the specified NetworkAttachment resource with the data
+// included in the request. This method supports PATCH semantics and
+// uses JSON merge patch format and processing rules.
 //
+// - networkAttachment: Name of the NetworkAttachment resource to patch.
 // - project: Project ID for this request.
-// - region: The name of the region for this request.
-// - resource: Name or id of the resource for this request.
-func (r *NetworkAttachmentsService) SetIamPolicy(project string, region string, resource string, regionsetpolicyrequest *RegionSetPolicyRequest) *NetworkAttachmentsSetIamPolicyCall {
-	c := &NetworkAttachmentsSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - region: Name of the region for this request.
+func (r *NetworkAttachmentsService) Patch(project string, region string, networkAttachment string, networkattachment *NetworkAttachment) *NetworkAttachmentsPatchCall {
+	c := &NetworkAttachmentsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.region = region
-	c.resource = resource
-	c.regionsetpolicyrequest = regionsetpolicyrequest
+	c.networkAttachment = networkAttachment
+	c.networkattachment = networkattachment
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000). end_interface:
+// MixerMutationRequestBuilder
+func (c *NetworkAttachmentsPatchCall) RequestId(requestId string) *NetworkAttachmentsPatchCall {
+	c.urlParams_.Set("requestId", requestId)
 	return c
 }
 
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *NetworkAttachmentsSetIamPolicyCall) Fields(s ...googleapi.Field) *NetworkAttachmentsSetIamPolicyCall {
+func (c *NetworkAttachmentsPatchCall) Fields(s ...googleapi.Field) *NetworkAttachmentsPatchCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -138353,21 +143437,21 @@ func (c *NetworkAttachmentsSetIamPolicyCall) Fields(s ...googleapi.Field) *Netwo
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *NetworkAttachmentsSetIamPolicyCall) Context(ctx context.Context) *NetworkAttachmentsSetIamPolicyCall {
+func (c *NetworkAttachmentsPatchCall) Context(ctx context.Context) *NetworkAttachmentsPatchCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *NetworkAttachmentsSetIamPolicyCall) Header() http.Header {
+func (c *NetworkAttachmentsPatchCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *NetworkAttachmentsSetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
+func (c *NetworkAttachmentsPatchCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -138375,36 +143459,36 @@ func (c *NetworkAttachmentsSetIamPolicyCall) doRequest(alt string) (*http.Respon
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.regionsetpolicyrequest)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.networkattachment)
 	if err != nil {
 		return nil, err
 	}
 	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/networkAttachments/{resource}/setIamPolicy")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/networkAttachments/{networkAttachment}")
 	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("POST", urls, body)
+	req, err := http.NewRequest("PATCH", urls, body)
 	if err != nil {
 		return nil, err
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project":  c.project,
-		"region":   c.region,
-		"resource": c.resource,
+		"project":           c.project,
+		"region":            c.region,
+		"networkAttachment": c.networkAttachment,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.networkAttachments.setIamPolicy" call.
-// Exactly one of *Policy or error will be non-nil. Any non-2xx status
-// code is an error. Response headers are in either
-// *Policy.ServerResponse.Header or (if a response was returned at all)
-// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
-// check whether the returned error was because http.StatusNotModified
-// was returned.
-func (c *NetworkAttachmentsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
+// Do executes the "compute.networkAttachments.patch" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *NetworkAttachmentsPatchCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -138423,7 +143507,7 @@ func (c *NetworkAttachmentsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &Policy{
+	ret := &Operation{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -138435,16 +143519,23 @@ func (c *NetworkAttachmentsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*
 	}
 	return ret, nil
 	// {
-	//   "description": "Sets the access control policy on the specified resource. Replaces any existing policy.",
-	//   "flatPath": "projects/{project}/regions/{region}/networkAttachments/{resource}/setIamPolicy",
-	//   "httpMethod": "POST",
-	//   "id": "compute.networkAttachments.setIamPolicy",
+	//   "description": "Patches the specified NetworkAttachment resource with the data included in the request. This method supports PATCH semantics and uses JSON merge patch format and processing rules.",
+	//   "flatPath": "projects/{project}/regions/{region}/networkAttachments/{networkAttachment}",
+	//   "httpMethod": "PATCH",
+	//   "id": "compute.networkAttachments.patch",
 	//   "parameterOrder": [
 	//     "project",
 	//     "region",
-	//     "resource"
+	//     "networkAttachment"
 	//   ],
 	//   "parameters": {
+	//     "networkAttachment": {
+	//       "description": "Name of the NetworkAttachment resource to patch.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
 	//     "project": {
 	//       "description": "Project ID for this request.",
 	//       "location": "path",
@@ -138453,26 +143544,24 @@ func (c *NetworkAttachmentsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*
 	//       "type": "string"
 	//     },
 	//     "region": {
-	//       "description": "The name of the region for this request.",
+	//       "description": "Name of the region for this request.",
 	//       "location": "path",
 	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
 	//       "required": true,
 	//       "type": "string"
 	//     },
-	//     "resource": {
-	//       "description": "Name or id of the resource for this request.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-	//       "required": true,
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000). end_interface: MixerMutationRequestBuilder",
+	//       "location": "query",
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/regions/{region}/networkAttachments/{resource}/setIamPolicy",
+	//   "path": "projects/{project}/regions/{region}/networkAttachments/{networkAttachment}",
 	//   "request": {
-	//     "$ref": "RegionSetPolicyRequest"
+	//     "$ref": "NetworkAttachment"
 	//   },
 	//   "response": {
-	//     "$ref": "Policy"
+	//     "$ref": "Operation"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
@@ -138482,38 +143571,38 @@ func (c *NetworkAttachmentsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*
 
 }
 
-// method id "compute.networkAttachments.testIamPermissions":
+// method id "compute.networkAttachments.setIamPolicy":
 
-type NetworkAttachmentsTestIamPermissionsCall struct {
+type NetworkAttachmentsSetIamPolicyCall struct {
 	s                      *Service
 	project                string
 	region                 string
 	resource               string
-	testpermissionsrequest *TestPermissionsRequest
+	regionsetpolicyrequest *RegionSetPolicyRequest
 	urlParams_             gensupport.URLParams
 	ctx_                   context.Context
 	header_                http.Header
 }
 
-// TestIamPermissions: Returns permissions that a caller has on the
-// specified resource.
+// SetIamPolicy: Sets the access control policy on the specified
+// resource. Replaces any existing policy.
 //
 // - project: Project ID for this request.
 // - region: The name of the region for this request.
 // - resource: Name or id of the resource for this request.
-func (r *NetworkAttachmentsService) TestIamPermissions(project string, region string, resource string, testpermissionsrequest *TestPermissionsRequest) *NetworkAttachmentsTestIamPermissionsCall {
-	c := &NetworkAttachmentsTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *NetworkAttachmentsService) SetIamPolicy(project string, region string, resource string, regionsetpolicyrequest *RegionSetPolicyRequest) *NetworkAttachmentsSetIamPolicyCall {
+	c := &NetworkAttachmentsSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.region = region
 	c.resource = resource
-	c.testpermissionsrequest = testpermissionsrequest
+	c.regionsetpolicyrequest = regionsetpolicyrequest
 	return c
 }
 
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *NetworkAttachmentsTestIamPermissionsCall) Fields(s ...googleapi.Field) *NetworkAttachmentsTestIamPermissionsCall {
+func (c *NetworkAttachmentsSetIamPolicyCall) Fields(s ...googleapi.Field) *NetworkAttachmentsSetIamPolicyCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -138521,21 +143610,21 @@ func (c *NetworkAttachmentsTestIamPermissionsCall) Fields(s ...googleapi.Field)
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *NetworkAttachmentsTestIamPermissionsCall) Context(ctx context.Context) *NetworkAttachmentsTestIamPermissionsCall {
+func (c *NetworkAttachmentsSetIamPolicyCall) Context(ctx context.Context) *NetworkAttachmentsSetIamPolicyCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *NetworkAttachmentsTestIamPermissionsCall) Header() http.Header {
+func (c *NetworkAttachmentsSetIamPolicyCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *NetworkAttachmentsTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
+func (c *NetworkAttachmentsSetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -138543,14 +143632,14 @@ func (c *NetworkAttachmentsTestIamPermissionsCall) doRequest(alt string) (*http.
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.testpermissionsrequest)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.regionsetpolicyrequest)
 	if err != nil {
 		return nil, err
 	}
 	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/networkAttachments/{resource}/testIamPermissions")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/networkAttachments/{resource}/setIamPolicy")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -138565,14 +143654,14 @@ func (c *NetworkAttachmentsTestIamPermissionsCall) doRequest(alt string) (*http.
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.networkAttachments.testIamPermissions" call.
-// Exactly one of *TestPermissionsResponse or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *TestPermissionsResponse.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *NetworkAttachmentsTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestPermissionsResponse, error) {
+// Do executes the "compute.networkAttachments.setIamPolicy" call.
+// Exactly one of *Policy or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Policy.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *NetworkAttachmentsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -138591,7 +143680,7 @@ func (c *NetworkAttachmentsTestIamPermissionsCall) Do(opts ...googleapi.CallOpti
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &TestPermissionsResponse{
+	ret := &Policy{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -138603,10 +143692,178 @@ func (c *NetworkAttachmentsTestIamPermissionsCall) Do(opts ...googleapi.CallOpti
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns permissions that a caller has on the specified resource.",
-	//   "flatPath": "projects/{project}/regions/{region}/networkAttachments/{resource}/testIamPermissions",
+	//   "description": "Sets the access control policy on the specified resource. Replaces any existing policy.",
+	//   "flatPath": "projects/{project}/regions/{region}/networkAttachments/{resource}/setIamPolicy",
 	//   "httpMethod": "POST",
-	//   "id": "compute.networkAttachments.testIamPermissions",
+	//   "id": "compute.networkAttachments.setIamPolicy",
+	//   "parameterOrder": [
+	//     "project",
+	//     "region",
+	//     "resource"
+	//   ],
+	//   "parameters": {
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "region": {
+	//       "description": "The name of the region for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "resource": {
+	//       "description": "Name or id of the resource for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/regions/{region}/networkAttachments/{resource}/setIamPolicy",
+	//   "request": {
+	//     "$ref": "RegionSetPolicyRequest"
+	//   },
+	//   "response": {
+	//     "$ref": "Policy"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.networkAttachments.testIamPermissions":
+
+type NetworkAttachmentsTestIamPermissionsCall struct {
+	s                      *Service
+	project                string
+	region                 string
+	resource               string
+	testpermissionsrequest *TestPermissionsRequest
+	urlParams_             gensupport.URLParams
+	ctx_                   context.Context
+	header_                http.Header
+}
+
+// TestIamPermissions: Returns permissions that a caller has on the
+// specified resource.
+//
+// - project: Project ID for this request.
+// - region: The name of the region for this request.
+// - resource: Name or id of the resource for this request.
+func (r *NetworkAttachmentsService) TestIamPermissions(project string, region string, resource string, testpermissionsrequest *TestPermissionsRequest) *NetworkAttachmentsTestIamPermissionsCall {
+	c := &NetworkAttachmentsTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.region = region
+	c.resource = resource
+	c.testpermissionsrequest = testpermissionsrequest
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *NetworkAttachmentsTestIamPermissionsCall) Fields(s ...googleapi.Field) *NetworkAttachmentsTestIamPermissionsCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *NetworkAttachmentsTestIamPermissionsCall) Context(ctx context.Context) *NetworkAttachmentsTestIamPermissionsCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *NetworkAttachmentsTestIamPermissionsCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *NetworkAttachmentsTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.testpermissionsrequest)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/networkAttachments/{resource}/testIamPermissions")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":  c.project,
+		"region":   c.region,
+		"resource": c.resource,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.networkAttachments.testIamPermissions" call.
+// Exactly one of *TestPermissionsResponse or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *TestPermissionsResponse.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *NetworkAttachmentsTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestPermissionsResponse, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &TestPermissionsResponse{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Returns permissions that a caller has on the specified resource.",
+	//   "flatPath": "projects/{project}/regions/{region}/networkAttachments/{resource}/testIamPermissions",
+	//   "httpMethod": "POST",
+	//   "id": "compute.networkAttachments.testIamPermissions",
 	//   "parameterOrder": [
 	//     "project",
 	//     "region",
@@ -140578,8 +145835,7 @@ type NetworkEndpointGroupsGetCall struct {
 	header_              http.Header
 }
 
-// Get: Returns the specified network endpoint group. Gets a list of
-// available network endpoint groups by making a list() request.
+// Get: Returns the specified network endpoint group.
 //
 //   - networkEndpointGroup: The name of the network endpoint group. It
 //     should comply with RFC1035.
@@ -140695,7 +145951,7 @@ func (c *NetworkEndpointGroupsGetCall) Do(opts ...googleapi.CallOption) (*Networ
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified network endpoint group. Gets a list of available network endpoint groups by making a list() request.",
+	//   "description": "Returns the specified network endpoint group.",
 	//   "flatPath": "projects/{project}/zones/{zone}/networkEndpointGroups/{networkEndpointGroup}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.networkEndpointGroups.get",
@@ -144938,8 +150194,7 @@ type NetworksGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified network. Gets a list of available networks
-// by making a list() request.
+// Get: Returns the specified network.
 //
 // - network: Name of the network to return.
 // - project: Project ID for this request.
@@ -145050,7 +150305,7 @@ func (c *NetworksGetCall) Do(opts ...googleapi.CallOption) (*Network, error) {
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified network. Gets a list of available networks by making a list() request.",
+	//   "description": "Returns the specified network.",
 	//   "flatPath": "projects/{project}/global/networks/{network}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.networks.get",
@@ -149723,6 +154978,195 @@ func (c *NodeGroupsPatchCall) Do(opts ...googleapi.CallOption) (*Operation, erro
 
 }
 
+// method id "compute.nodeGroups.performMaintenance":
+
+type NodeGroupsPerformMaintenanceCall struct {
+	s                                   *Service
+	project                             string
+	zone                                string
+	nodeGroup                           string
+	nodegroupsperformmaintenancerequest *NodeGroupsPerformMaintenanceRequest
+	urlParams_                          gensupport.URLParams
+	ctx_                                context.Context
+	header_                             http.Header
+}
+
+// PerformMaintenance: Perform maintenance on a subset of nodes in the
+// node group.
+//
+// - nodeGroup: Name of the node group scoping this request.
+// - project: Project ID for this request.
+// - zone: The name of the zone for this request.
+func (r *NodeGroupsService) PerformMaintenance(project string, zone string, nodeGroup string, nodegroupsperformmaintenancerequest *NodeGroupsPerformMaintenanceRequest) *NodeGroupsPerformMaintenanceCall {
+	c := &NodeGroupsPerformMaintenanceCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.zone = zone
+	c.nodeGroup = nodeGroup
+	c.nodegroupsperformmaintenancerequest = nodegroupsperformmaintenancerequest
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *NodeGroupsPerformMaintenanceCall) RequestId(requestId string) *NodeGroupsPerformMaintenanceCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *NodeGroupsPerformMaintenanceCall) Fields(s ...googleapi.Field) *NodeGroupsPerformMaintenanceCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *NodeGroupsPerformMaintenanceCall) Context(ctx context.Context) *NodeGroupsPerformMaintenanceCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *NodeGroupsPerformMaintenanceCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *NodeGroupsPerformMaintenanceCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.nodegroupsperformmaintenancerequest)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/nodeGroups/{nodeGroup}/performMaintenance")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":   c.project,
+		"zone":      c.zone,
+		"nodeGroup": c.nodeGroup,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.nodeGroups.performMaintenance" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *NodeGroupsPerformMaintenanceCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Perform maintenance on a subset of nodes in the node group.",
+	//   "flatPath": "projects/{project}/zones/{zone}/nodeGroups/{nodeGroup}/performMaintenance",
+	//   "httpMethod": "POST",
+	//   "id": "compute.nodeGroups.performMaintenance",
+	//   "parameterOrder": [
+	//     "project",
+	//     "zone",
+	//     "nodeGroup"
+	//   ],
+	//   "parameters": {
+	//     "nodeGroup": {
+	//       "description": "Name of the node group scoping this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "zone": {
+	//       "description": "The name of the zone for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/zones/{zone}/nodeGroups/{nodeGroup}/performMaintenance",
+	//   "request": {
+	//     "$ref": "NodeGroupsPerformMaintenanceRequest"
+	//   },
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
 // method id "compute.nodeGroups.setIamPolicy":
 
 type NodeGroupsSetIamPolicyCall struct {
@@ -150926,8 +156370,7 @@ type NodeTemplatesGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified node template. Gets a list of available
-// node templates by making a list() request.
+// Get: Returns the specified node template.
 //
 // - nodeTemplate: Name of the node template to return.
 // - project: Project ID for this request.
@@ -151041,7 +156484,7 @@ func (c *NodeTemplatesGetCall) Do(opts ...googleapi.CallOption) (*NodeTemplate,
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified node template. Gets a list of available node templates by making a list() request.",
+	//   "description": "Returns the specified node template.",
 	//   "flatPath": "projects/{project}/regions/{region}/nodeTemplates/{nodeTemplate}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.nodeTemplates.get",
@@ -152388,8 +157831,7 @@ type NodeTypesGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified node type. Gets a list of available node
-// types by making a list() request.
+// Get: Returns the specified node type.
 //
 // - nodeType: Name of the node type to return.
 // - project: Project ID for this request.
@@ -152503,7 +157945,7 @@ func (c *NodeTypesGetCall) Do(opts ...googleapi.CallOption) (*NodeType, error) {
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified node type. Gets a list of available node types by making a list() request.",
+	//   "description": "Returns the specified node type.",
 	//   "flatPath": "projects/{project}/zones/{zone}/nodeTypes/{nodeType}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.nodeTypes.get",
@@ -158553,7 +163995,9 @@ type ProjectsMoveInstanceCall struct {
 // method might cause unexpected behavior. For more information, see the
 // known issue
 // (/compute/docs/troubleshooting/known-issues#moving_vms_or_disks_using_
-// the_moveinstance_api_or_the_causes_unexpected_behavior).
+// the_moveinstance_api_or_the_causes_unexpected_behavior). [Deprecated]
+// This method is deprecated. See moving instance across zones
+// (/compute/docs/instances/moving-instance-across-zones) instead.
 //
 // - project: Project ID for this request.
 func (r *ProjectsService) MoveInstance(project string, instancemoverequest *InstanceMoveRequest) *ProjectsMoveInstanceCall {
@@ -158670,7 +164114,8 @@ func (c *ProjectsMoveInstanceCall) Do(opts ...googleapi.CallOption) (*Operation,
 	}
 	return ret, nil
 	// {
-	//   "description": "Moves an instance and its attached persistent disks from one zone to another. *Note*: Moving VMs or disks by using this method might cause unexpected behavior. For more information, see the [known issue](/compute/docs/troubleshooting/known-issues#moving_vms_or_disks_using_the_moveinstance_api_or_the_causes_unexpected_behavior).",
+	//   "deprecated": true,
+	//   "description": "Moves an instance and its attached persistent disks from one zone to another. *Note*: Moving VMs or disks by using this method might cause unexpected behavior. For more information, see the [known issue](/compute/docs/troubleshooting/known-issues#moving_vms_or_disks_using_the_moveinstance_api_or_the_causes_unexpected_behavior). [Deprecated] This method is deprecated. See [moving instance across zones](/compute/docs/instances/moving-instance-across-zones) instead.",
 	//   "flatPath": "projects/{project}/moveInstance",
 	//   "httpMethod": "POST",
 	//   "id": "compute.projects.moveInstance",
@@ -159204,6 +164649,173 @@ func (c *ProjectsSetDefaultServiceAccountCall) Do(opts ...googleapi.CallOption)
 
 }
 
+// method id "compute.projects.setManagedProtectionTier":
+
+type ProjectsSetManagedProtectionTierCall struct {
+	s                                       *Service
+	project                                 string
+	projectssetmanagedprotectiontierrequest *ProjectsSetManagedProtectionTierRequest
+	urlParams_                              gensupport.URLParams
+	ctx_                                    context.Context
+	header_                                 http.Header
+}
+
+// SetManagedProtectionTier: Sets the Cloud Armor Managed Protection
+// (CAMP) tier of the project. To set PLUS or above the billing account
+// of the project must be subscribed to Managed Protection Plus. See
+// Subscribing to Managed Protection Plus for more information.
+//
+// - project: Project ID for this request.
+func (r *ProjectsService) SetManagedProtectionTier(project string, projectssetmanagedprotectiontierrequest *ProjectsSetManagedProtectionTierRequest) *ProjectsSetManagedProtectionTierCall {
+	c := &ProjectsSetManagedProtectionTierCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.projectssetmanagedprotectiontierrequest = projectssetmanagedprotectiontierrequest
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *ProjectsSetManagedProtectionTierCall) RequestId(requestId string) *ProjectsSetManagedProtectionTierCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ProjectsSetManagedProtectionTierCall) Fields(s ...googleapi.Field) *ProjectsSetManagedProtectionTierCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *ProjectsSetManagedProtectionTierCall) Context(ctx context.Context) *ProjectsSetManagedProtectionTierCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ProjectsSetManagedProtectionTierCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ProjectsSetManagedProtectionTierCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.projectssetmanagedprotectiontierrequest)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/setManagedProtectionTier")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.projects.setManagedProtectionTier" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *ProjectsSetManagedProtectionTierCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Sets the Cloud Armor Managed Protection (CAMP) tier of the project. To set PLUS or above the billing account of the project must be subscribed to Managed Protection Plus. See Subscribing to Managed Protection Plus for more information.",
+	//   "flatPath": "projects/{project}/setManagedProtectionTier",
+	//   "httpMethod": "POST",
+	//   "id": "compute.projects.setManagedProtectionTier",
+	//   "parameterOrder": [
+	//     "project"
+	//   ],
+	//   "parameters": {
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/setManagedProtectionTier",
+	//   "request": {
+	//     "$ref": "ProjectsSetManagedProtectionTierRequest"
+	//   },
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
 // method id "compute.projects.setUsageExportBucket":
 
 type ProjectsSetUsageExportBucketCall struct {
@@ -164873,6 +170485,298 @@ func (c *RegionBackendServicesListCall) Pages(ctx context.Context, f func(*Backe
 	}
 }
 
+// method id "compute.regionBackendServices.listUsable":
+
+type RegionBackendServicesListUsableCall struct {
+	s            *Service
+	project      string
+	region       string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// ListUsable: Retrieves an aggregated list of all usable backend
+// services in the specified project in the given region.
+//
+//   - project: Project ID for this request.
+//   - region: Name of the region scoping this request. It must be a
+//     string that meets the requirements in RFC1035.
+func (r *RegionBackendServicesService) ListUsable(project string, region string) *RegionBackendServicesListUsableCall {
+	c := &RegionBackendServicesListUsableCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.region = region
+	return c
+}
+
+// Filter sets the optional parameter "filter": A filter expression that
+// filters resources listed in the response. Most Compute resources
+// support two types of filter expressions: expressions that support
+// regular expressions and expressions that follow API improvement
+// proposal AIP-160. If you want to use AIP-160, your expression must
+// specify the field name, an operator, and the value that you want to
+// use for filtering. The value must be a string, a number, or a
+// boolean. The operator must be either `=`, `!=`, `>`, `<`, `<=`, `>=`
+// or `:`. For example, if you are filtering Compute Engine instances,
+// you can exclude instances named `example-instance` by specifying
+// `name != example-instance`. The `:` operator can be used with string
+// fields to match substrings. For non-string fields it is equivalent to
+// the `=` operator. The `:*` comparison can be used to test whether a
+// key has been defined. For example, to find all objects with `owner`
+// label use: ``` labels.owner:* ``` You can also filter nested fields.
+// For example, you could specify `scheduling.automaticRestart = false`
+// to include instances only if they are not scheduled for automatic
+// restarts. You can use filtering on nested fields to filter based on
+// resource labels. To filter on multiple expressions, provide each
+// separate expression within parentheses. For example: ```
+// (scheduling.automaticRestart = true) (cpuPlatform = "Intel Skylake")
+// ``` By default, each expression is an `AND` expression. However, you
+// can include `AND` and `OR` expressions explicitly. For example: ```
+// (cpuPlatform = "Intel Skylake") OR (cpuPlatform = "Intel Broadwell")
+// AND (scheduling.automaticRestart = true) ``` If you want to use a
+// regular expression, use the `eq` (equal) or `ne` (not equal) operator
+// against a single un-parenthesized expression with or without quotes
+// or against multiple parenthesized expressions. Examples: `fieldname
+// eq unquoted literal` `fieldname eq 'single quoted literal'`
+// `fieldname eq "double quoted literal" `(fieldname1 eq literal)
+// (fieldname2 ne "literal")` The literal value is interpreted as a
+// regular expression using Google RE2 library syntax. The literal value
+// must match the entire field. For example, to filter for instances
+// that do not end with name "instance", you would use `name ne
+// .*instance`.
+func (c *RegionBackendServicesListUsableCall) Filter(filter string) *RegionBackendServicesListUsableCall {
+	c.urlParams_.Set("filter", filter)
+	return c
+}
+
+// MaxResults sets the optional parameter "maxResults": The maximum
+// number of results per page that should be returned. If the number of
+// available results is larger than `maxResults`, Compute Engine returns
+// a `nextPageToken` that can be used to get the next page of results in
+// subsequent list requests. Acceptable values are `0` to `500`,
+// inclusive. (Default: `500`)
+func (c *RegionBackendServicesListUsableCall) MaxResults(maxResults int64) *RegionBackendServicesListUsableCall {
+	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
+	return c
+}
+
+// OrderBy sets the optional parameter "orderBy": Sorts list results by
+// a certain order. By default, results are returned in alphanumerical
+// order based on the resource name. You can also sort results in
+// descending order based on the creation timestamp using
+// `orderBy="creationTimestamp desc". This sorts results based on the
+// `creationTimestamp` field in reverse chronological order (newest
+// result first). Use this to sort resources like operations so that the
+// newest operation is returned first. Currently, only sorting by `name`
+// or `creationTimestamp desc` is supported.
+func (c *RegionBackendServicesListUsableCall) OrderBy(orderBy string) *RegionBackendServicesListUsableCall {
+	c.urlParams_.Set("orderBy", orderBy)
+	return c
+}
+
+// PageToken sets the optional parameter "pageToken": Specifies a page
+// token to use. Set `pageToken` to the `nextPageToken` returned by a
+// previous list request to get the next page of results.
+func (c *RegionBackendServicesListUsableCall) PageToken(pageToken string) *RegionBackendServicesListUsableCall {
+	c.urlParams_.Set("pageToken", pageToken)
+	return c
+}
+
+// ReturnPartialSuccess sets the optional parameter
+// "returnPartialSuccess": Opt-in for partial success behavior which
+// provides partial results in case of failure. The default value is
+// false.
+func (c *RegionBackendServicesListUsableCall) ReturnPartialSuccess(returnPartialSuccess bool) *RegionBackendServicesListUsableCall {
+	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *RegionBackendServicesListUsableCall) Fields(s ...googleapi.Field) *RegionBackendServicesListUsableCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *RegionBackendServicesListUsableCall) IfNoneMatch(entityTag string) *RegionBackendServicesListUsableCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *RegionBackendServicesListUsableCall) Context(ctx context.Context) *RegionBackendServicesListUsableCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *RegionBackendServicesListUsableCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *RegionBackendServicesListUsableCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/backendServices/listUsable")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+		"region":  c.region,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.regionBackendServices.listUsable" call.
+// Exactly one of *BackendServiceListUsable or error will be non-nil.
+// Any non-2xx status code is an error. Response headers are in either
+// *BackendServiceListUsable.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *RegionBackendServicesListUsableCall) Do(opts ...googleapi.CallOption) (*BackendServiceListUsable, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &BackendServiceListUsable{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Retrieves an aggregated list of all usable backend services in the specified project in the given region.",
+	//   "flatPath": "projects/{project}/regions/{region}/backendServices/listUsable",
+	//   "httpMethod": "GET",
+	//   "id": "compute.regionBackendServices.listUsable",
+	//   "parameterOrder": [
+	//     "project",
+	//     "region"
+	//   ],
+	//   "parameters": {
+	//     "filter": {
+	//       "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "maxResults": {
+	//       "default": "500",
+	//       "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+	//       "format": "uint32",
+	//       "location": "query",
+	//       "minimum": "0",
+	//       "type": "integer"
+	//     },
+	//     "orderBy": {
+	//       "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "pageToken": {
+	//       "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "region": {
+	//       "description": "Name of the region scoping this request. It must be a string that meets the requirements in RFC1035.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "returnPartialSuccess": {
+	//       "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+	//       "location": "query",
+	//       "type": "boolean"
+	//     }
+	//   },
+	//   "path": "projects/{project}/regions/{region}/backendServices/listUsable",
+	//   "response": {
+	//     "$ref": "BackendServiceListUsable"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
+	//   ]
+	// }
+
+}
+
+// Pages invokes f for each page of results.
+// A non-nil error returned from f will halt the iteration.
+// The provided context supersedes any context provided to the Context method.
+func (c *RegionBackendServicesListUsableCall) Pages(ctx context.Context, f func(*BackendServiceListUsable) error) error {
+	c.ctx_ = ctx
+	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
+	for {
+		x, err := c.Do()
+		if err != nil {
+			return err
+		}
+		if err := f(x); err != nil {
+			return err
+		}
+		if x.NextPageToken == "" {
+			return nil
+		}
+		c.PageToken(x.NextPageToken)
+	}
+}
+
 // method id "compute.regionBackendServices.patch":
 
 type RegionBackendServicesPatchCall struct {
@@ -166079,6 +171983,363 @@ func (c *RegionCommitmentsAggregatedListCall) Pages(ctx context.Context, f func(
 	}
 }
 
+// method id "compute.regionCommitments.calculateCancellationFee":
+
+type RegionCommitmentsCalculateCancellationFeeCall struct {
+	s          *Service
+	project    string
+	region     string
+	commitment string
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// CalculateCancellationFee: Calculate cancellation fee for the
+// specified commitment.
+//
+// - commitment: Name of the commitment to delete.
+// - project: Project ID for this request.
+// - region: Name of the region for this request.
+func (r *RegionCommitmentsService) CalculateCancellationFee(project string, region string, commitment string) *RegionCommitmentsCalculateCancellationFeeCall {
+	c := &RegionCommitmentsCalculateCancellationFeeCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.region = region
+	c.commitment = commitment
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *RegionCommitmentsCalculateCancellationFeeCall) RequestId(requestId string) *RegionCommitmentsCalculateCancellationFeeCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *RegionCommitmentsCalculateCancellationFeeCall) Fields(s ...googleapi.Field) *RegionCommitmentsCalculateCancellationFeeCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *RegionCommitmentsCalculateCancellationFeeCall) Context(ctx context.Context) *RegionCommitmentsCalculateCancellationFeeCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *RegionCommitmentsCalculateCancellationFeeCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *RegionCommitmentsCalculateCancellationFeeCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/commitments/{commitment}/calculateCancellationFee")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":    c.project,
+		"region":     c.region,
+		"commitment": c.commitment,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.regionCommitments.calculateCancellationFee" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *RegionCommitmentsCalculateCancellationFeeCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Calculate cancellation fee for the specified commitment.",
+	//   "flatPath": "projects/{project}/regions/{region}/commitments/{commitment}/calculateCancellationFee",
+	//   "httpMethod": "POST",
+	//   "id": "compute.regionCommitments.calculateCancellationFee",
+	//   "parameterOrder": [
+	//     "project",
+	//     "region",
+	//     "commitment"
+	//   ],
+	//   "parameters": {
+	//     "commitment": {
+	//       "description": "Name of the commitment to delete.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "region": {
+	//       "description": "Name of the region for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/regions/{region}/commitments/{commitment}/calculateCancellationFee",
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.regionCommitments.cancel":
+
+type RegionCommitmentsCancelCall struct {
+	s          *Service
+	project    string
+	region     string
+	commitment string
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// Cancel: Cancel the specified commitment.
+//
+// - commitment: Name of the commitment to delete.
+// - project: Project ID for this request.
+// - region: Name of the region for this request.
+func (r *RegionCommitmentsService) Cancel(project string, region string, commitment string) *RegionCommitmentsCancelCall {
+	c := &RegionCommitmentsCancelCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.region = region
+	c.commitment = commitment
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *RegionCommitmentsCancelCall) RequestId(requestId string) *RegionCommitmentsCancelCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *RegionCommitmentsCancelCall) Fields(s ...googleapi.Field) *RegionCommitmentsCancelCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *RegionCommitmentsCancelCall) Context(ctx context.Context) *RegionCommitmentsCancelCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *RegionCommitmentsCancelCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *RegionCommitmentsCancelCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/commitments/{commitment}/cancel")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":    c.project,
+		"region":     c.region,
+		"commitment": c.commitment,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.regionCommitments.cancel" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *RegionCommitmentsCancelCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Cancel the specified commitment.",
+	//   "flatPath": "projects/{project}/regions/{region}/commitments/{commitment}/cancel",
+	//   "httpMethod": "POST",
+	//   "id": "compute.regionCommitments.cancel",
+	//   "parameterOrder": [
+	//     "project",
+	//     "region",
+	//     "commitment"
+	//   ],
+	//   "parameters": {
+	//     "commitment": {
+	//       "description": "Name of the commitment to delete.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "region": {
+	//       "description": "Name of the region for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/regions/{region}/commitments/{commitment}/cancel",
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
 // method id "compute.regionCommitments.get":
 
 type RegionCommitmentsGetCall struct {
@@ -166092,8 +172353,7 @@ type RegionCommitmentsGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified commitment resource. Gets a list of
-// available commitments by making a list() request.
+// Get: Returns the specified commitment resource.
 //
 // - commitment: Name of the commitment to return.
 // - project: Project ID for this request.
@@ -166207,7 +172467,7 @@ func (c *RegionCommitmentsGetCall) Do(opts ...googleapi.CallOption) (*Commitment
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified commitment resource. Gets a list of available commitments by making a list() request.",
+	//   "description": "Returns the specified commitment resource.",
 	//   "flatPath": "projects/{project}/regions/{region}/commitments/{commitment}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.regionCommitments.get",
@@ -167296,6 +173556,355 @@ func (c *RegionCommitmentsUpdateReservationsCall) Do(opts ...googleapi.CallOptio
 
 }
 
+// method id "compute.regionDiskSettings.get":
+
+type RegionDiskSettingsGetCall struct {
+	s            *Service
+	project      string
+	region       string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// Get: Get Regional Disk Settings.
+//
+// - project: Project ID for this request.
+// - region: Name of the region for this request.
+func (r *RegionDiskSettingsService) Get(project string, region string) *RegionDiskSettingsGetCall {
+	c := &RegionDiskSettingsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.region = region
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *RegionDiskSettingsGetCall) Fields(s ...googleapi.Field) *RegionDiskSettingsGetCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *RegionDiskSettingsGetCall) IfNoneMatch(entityTag string) *RegionDiskSettingsGetCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *RegionDiskSettingsGetCall) Context(ctx context.Context) *RegionDiskSettingsGetCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *RegionDiskSettingsGetCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *RegionDiskSettingsGetCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/diskSettings")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+		"region":  c.region,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.regionDiskSettings.get" call.
+// Exactly one of *DiskSettings or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *DiskSettings.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *RegionDiskSettingsGetCall) Do(opts ...googleapi.CallOption) (*DiskSettings, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &DiskSettings{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Get Regional Disk Settings.",
+	//   "flatPath": "projects/{project}/regions/{region}/diskSettings",
+	//   "httpMethod": "GET",
+	//   "id": "compute.regionDiskSettings.get",
+	//   "parameterOrder": [
+	//     "project",
+	//     "region"
+	//   ],
+	//   "parameters": {
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "region": {
+	//       "description": "Name of the region for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/regions/{region}/diskSettings",
+	//   "response": {
+	//     "$ref": "DiskSettings"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
+	//   ]
+	// }
+
+}
+
+// method id "compute.regionDiskSettings.patch":
+
+type RegionDiskSettingsPatchCall struct {
+	s            *Service
+	project      string
+	region       string
+	disksettings *DiskSettings
+	urlParams_   gensupport.URLParams
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// Patch: Patch Regional Disk Settings
+//
+// - project: Project ID for this request.
+// - region: Name of the region for this request.
+func (r *RegionDiskSettingsService) Patch(project string, region string, disksettings *DiskSettings) *RegionDiskSettingsPatchCall {
+	c := &RegionDiskSettingsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.region = region
+	c.disksettings = disksettings
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *RegionDiskSettingsPatchCall) RequestId(requestId string) *RegionDiskSettingsPatchCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// UpdateMask sets the optional parameter "updateMask": update_mask
+// indicates fields to be updated as part of this request.
+func (c *RegionDiskSettingsPatchCall) UpdateMask(updateMask string) *RegionDiskSettingsPatchCall {
+	c.urlParams_.Set("updateMask", updateMask)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *RegionDiskSettingsPatchCall) Fields(s ...googleapi.Field) *RegionDiskSettingsPatchCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *RegionDiskSettingsPatchCall) Context(ctx context.Context) *RegionDiskSettingsPatchCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *RegionDiskSettingsPatchCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *RegionDiskSettingsPatchCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.disksettings)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/diskSettings")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("PATCH", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+		"region":  c.region,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.regionDiskSettings.patch" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *RegionDiskSettingsPatchCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Patch Regional Disk Settings",
+	//   "flatPath": "projects/{project}/regions/{region}/diskSettings",
+	//   "httpMethod": "PATCH",
+	//   "id": "compute.regionDiskSettings.patch",
+	//   "parameterOrder": [
+	//     "project",
+	//     "region"
+	//   ],
+	//   "parameters": {
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "region": {
+	//       "description": "Name of the region for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "updateMask": {
+	//       "description": "update_mask indicates fields to be updated as part of this request.",
+	//       "format": "google-fieldmask",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/regions/{region}/diskSettings",
+	//   "request": {
+	//     "$ref": "DiskSettings"
+	//   },
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
 // method id "compute.regionDiskTypes.get":
 
 type RegionDiskTypesGetCall struct {
@@ -167309,8 +173918,7 @@ type RegionDiskTypesGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified regional disk type. Gets a list of
-// available disk types by making a list() request.
+// Get: Returns the specified regional disk type.
 //
 // - diskType: Name of the disk type to return.
 // - project: Project ID for this request.
@@ -167424,7 +174032,7 @@ func (c *RegionDiskTypesGetCall) Do(opts ...googleapi.CallOption) (*DiskType, er
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified regional disk type. Gets a list of available disk types by making a list() request.",
+	//   "description": "Returns the specified regional disk type.",
 	//   "flatPath": "projects/{project}/regions/{region}/diskTypes/{diskType}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.regionDiskTypes.get",
@@ -170275,14 +176883,13 @@ func (c *RegionDisksStartAsyncReplicationCall) Do(opts ...googleapi.CallOption)
 // method id "compute.regionDisks.stopAsyncReplication":
 
 type RegionDisksStopAsyncReplicationCall struct {
-	s                                      *Service
-	project                                string
-	region                                 string
-	disk                                   string
-	regiondisksstopasyncreplicationrequest *RegionDisksStopAsyncReplicationRequest
-	urlParams_                             gensupport.URLParams
-	ctx_                                   context.Context
-	header_                                http.Header
+	s          *Service
+	project    string
+	region     string
+	disk       string
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
 }
 
 // StopAsyncReplication: Stops asynchronous replication. Can be invoked
@@ -170291,12 +176898,11 @@ type RegionDisksStopAsyncReplicationCall struct {
 // - disk: The name of the persistent disk.
 // - project: Project ID for this request.
 // - region: The name of the region for this request.
-func (r *RegionDisksService) StopAsyncReplication(project string, region string, disk string, regiondisksstopasyncreplicationrequest *RegionDisksStopAsyncReplicationRequest) *RegionDisksStopAsyncReplicationCall {
+func (r *RegionDisksService) StopAsyncReplication(project string, region string, disk string) *RegionDisksStopAsyncReplicationCall {
 	c := &RegionDisksStopAsyncReplicationCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.region = region
 	c.disk = disk
-	c.regiondisksstopasyncreplicationrequest = regiondisksstopasyncreplicationrequest
 	return c
 }
 
@@ -170349,11 +176955,6 @@ func (c *RegionDisksStopAsyncReplicationCall) doRequest(alt string) (*http.Respo
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.regiondisksstopasyncreplicationrequest)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
 	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/disks/{disk}/stopAsyncReplication")
@@ -170447,9 +177048,6 @@ func (c *RegionDisksStopAsyncReplicationCall) Do(opts ...googleapi.CallOption) (
 	//     }
 	//   },
 	//   "path": "projects/{project}/regions/{region}/disks/{disk}/stopAsyncReplication",
-	//   "request": {
-	//     "$ref": "RegionDisksStopAsyncReplicationRequest"
-	//   },
 	//   "response": {
 	//     "$ref": "Operation"
 	//   },
@@ -172691,8 +179289,7 @@ type RegionHealthChecksGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified HealthCheck resource. Gets a list of
-// available health checks by making a list() request.
+// Get: Returns the specified HealthCheck resource.
 //
 // - healthCheck: Name of the HealthCheck resource to return.
 // - project: Project ID for this request.
@@ -172806,7 +179403,7 @@ func (c *RegionHealthChecksGetCall) Do(opts ...googleapi.CallOption) (*HealthChe
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified HealthCheck resource. Gets a list of available health checks by making a list() request.",
+	//   "description": "Returns the specified HealthCheck resource.",
 	//   "flatPath": "projects/{project}/regions/{region}/healthChecks/{healthCheck}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.regionHealthChecks.get",
@@ -177828,6 +184425,7 @@ func (c *RegionInstanceGroupManagersSetAutoHealingPoliciesCall) Do(opts ...googl
 	}
 	return ret, nil
 	// {
+	//   "deprecated": true,
 	//   "description": "Modifies the autohealing policy for the instances in this managed instance group. [Deprecated] This method is deprecated. Use regionInstanceGroupManagers.patch instead.",
 	//   "flatPath": "projects/{project}/regions/{region}/instanceGroupManagers/{instanceGroupManager}/setAutoHealingPolicies",
 	//   "httpMethod": "POST",
@@ -180731,8 +187329,7 @@ type RegionInstanceTemplatesGetCall struct {
 	header_          http.Header
 }
 
-// Get: Returns the specified instance template. Gets a list of
-// available instance templates by making a list() request.
+// Get: Returns the specified instance template.
 //
 // - instanceTemplate: The name of the instance template.
 // - project: Project ID for this request.
@@ -180745,6 +187342,21 @@ func (r *RegionInstanceTemplatesService) Get(project string, region string, inst
 	return c
 }
 
+// View sets the optional parameter "view": View of the instance
+// template.
+//
+// Possible values:
+//
+//	"BASIC" - Include everything except Partner Metadata.
+//	"FULL" - Include everything.
+//	"INSTANCE_VIEW_UNSPECIFIED" - The default / unset value. The API
+//
+// will default to the BASIC view.
+func (c *RegionInstanceTemplatesGetCall) View(view string) *RegionInstanceTemplatesGetCall {
+	c.urlParams_.Set("view", view)
+	return c
+}
+
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
@@ -180846,7 +187458,7 @@ func (c *RegionInstanceTemplatesGetCall) Do(opts ...googleapi.CallOption) (*Inst
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified instance template. Gets a list of available instance templates by making a list() request.",
+	//   "description": "Returns the specified instance template.",
 	//   "flatPath": "projects/{project}/regions/{region}/instanceTemplates/{instanceTemplate}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.regionInstanceTemplates.get",
@@ -180876,6 +187488,21 @@ func (c *RegionInstanceTemplatesGetCall) Do(opts ...googleapi.CallOption) (*Inst
 	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
 	//       "required": true,
 	//       "type": "string"
+	//     },
+	//     "view": {
+	//       "description": "View of the instance template.",
+	//       "enum": [
+	//         "BASIC",
+	//         "FULL",
+	//         "INSTANCE_VIEW_UNSPECIFIED"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Include everything except Partner Metadata.",
+	//         "Include everything.",
+	//         "The default / unset value. The API will default to the BASIC view."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
 	//     }
 	//   },
 	//   "path": "projects/{project}/regions/{region}/instanceTemplates/{instanceTemplate}",
@@ -181175,6 +187802,21 @@ func (c *RegionInstanceTemplatesListCall) ReturnPartialSuccess(returnPartialSucc
 	return c
 }
 
+// View sets the optional parameter "view": View of the instance
+// template.
+//
+// Possible values:
+//
+//	"BASIC" - Include everything except Partner Metadata.
+//	"FULL" - Include everything.
+//	"INSTANCE_VIEW_UNSPECIFIED" - The default / unset value. The API
+//
+// will default to the BASIC view.
+func (c *RegionInstanceTemplatesListCall) View(view string) *RegionInstanceTemplatesListCall {
+	c.urlParams_.Set("view", view)
+	return c
+}
+
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
@@ -181325,6 +187967,21 @@ func (c *RegionInstanceTemplatesListCall) Do(opts ...googleapi.CallOption) (*Ins
 	//       "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
 	//       "location": "query",
 	//       "type": "boolean"
+	//     },
+	//     "view": {
+	//       "description": "View of the instance template.",
+	//       "enum": [
+	//         "BASIC",
+	//         "FULL",
+	//         "INSTANCE_VIEW_UNSPECIFIED"
+	//       ],
+	//       "enumDescriptions": [
+	//         "Include everything except Partner Metadata.",
+	//         "Include everything.",
+	//         "The default / unset value. The API will default to the BASIC view."
+	//       ],
+	//       "location": "query",
+	//       "type": "string"
 	//     }
 	//   },
 	//   "path": "projects/{project}/regions/{region}/instanceTemplates",
@@ -183838,8 +190495,7 @@ type RegionNetworkEndpointGroupsGetCall struct {
 	header_              http.Header
 }
 
-// Get: Returns the specified network endpoint group. Gets a list of
-// available network endpoint groups by making a list() request.
+// Get: Returns the specified network endpoint group.
 //
 //   - networkEndpointGroup: The name of the network endpoint group. It
 //     should comply with RFC1035.
@@ -183955,7 +190611,7 @@ func (c *RegionNetworkEndpointGroupsGetCall) Do(opts ...googleapi.CallOption) (*
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified network endpoint group. Gets a list of available network endpoint groups by making a list() request.",
+	//   "description": "Returns the specified network endpoint group.",
 	//   "flatPath": "projects/{project}/regions/{region}/networkEndpointGroups/{networkEndpointGroup}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.regionNetworkEndpointGroups.get",
@@ -187108,37 +193764,31 @@ func (c *RegionNetworkFirewallPoliciesPatchCall) Do(opts ...googleapi.CallOption
 
 }
 
-// method id "compute.regionNetworkFirewallPolicies.patchRule":
+// method id "compute.regionNetworkFirewallPolicies.patchAssociation":
 
-type RegionNetworkFirewallPoliciesPatchRuleCall struct {
-	s                  *Service
-	project            string
-	region             string
-	firewallPolicy     string
-	firewallpolicyrule *FirewallPolicyRule
-	urlParams_         gensupport.URLParams
-	ctx_               context.Context
-	header_            http.Header
+type RegionNetworkFirewallPoliciesPatchAssociationCall struct {
+	s                         *Service
+	project                   string
+	region                    string
+	firewallPolicy            string
+	firewallpolicyassociation *FirewallPolicyAssociation
+	urlParams_                gensupport.URLParams
+	ctx_                      context.Context
+	header_                   http.Header
 }
 
-// PatchRule: Patches a rule of the specified priority.
+// PatchAssociation: Updates an association for the specified network
+// firewall policy.
 //
 // - firewallPolicy: Name of the firewall policy to update.
 // - project: Project ID for this request.
 // - region: Name of the region scoping this request.
-func (r *RegionNetworkFirewallPoliciesService) PatchRule(project string, region string, firewallPolicy string, firewallpolicyrule *FirewallPolicyRule) *RegionNetworkFirewallPoliciesPatchRuleCall {
-	c := &RegionNetworkFirewallPoliciesPatchRuleCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *RegionNetworkFirewallPoliciesService) PatchAssociation(project string, region string, firewallPolicy string, firewallpolicyassociation *FirewallPolicyAssociation) *RegionNetworkFirewallPoliciesPatchAssociationCall {
+	c := &RegionNetworkFirewallPoliciesPatchAssociationCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.region = region
 	c.firewallPolicy = firewallPolicy
-	c.firewallpolicyrule = firewallpolicyrule
-	return c
-}
-
-// Priority sets the optional parameter "priority": The priority of the
-// rule to patch.
-func (c *RegionNetworkFirewallPoliciesPatchRuleCall) Priority(priority int64) *RegionNetworkFirewallPoliciesPatchRuleCall {
-	c.urlParams_.Set("priority", fmt.Sprint(priority))
+	c.firewallpolicyassociation = firewallpolicyassociation
 	return c
 }
 
@@ -187153,7 +193803,7 @@ func (c *RegionNetworkFirewallPoliciesPatchRuleCall) Priority(priority int64) *R
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *RegionNetworkFirewallPoliciesPatchRuleCall) RequestId(requestId string) *RegionNetworkFirewallPoliciesPatchRuleCall {
+func (c *RegionNetworkFirewallPoliciesPatchAssociationCall) RequestId(requestId string) *RegionNetworkFirewallPoliciesPatchAssociationCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -187161,7 +193811,7 @@ func (c *RegionNetworkFirewallPoliciesPatchRuleCall) RequestId(requestId string)
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *RegionNetworkFirewallPoliciesPatchRuleCall) Fields(s ...googleapi.Field) *RegionNetworkFirewallPoliciesPatchRuleCall {
+func (c *RegionNetworkFirewallPoliciesPatchAssociationCall) Fields(s ...googleapi.Field) *RegionNetworkFirewallPoliciesPatchAssociationCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -187169,21 +193819,21 @@ func (c *RegionNetworkFirewallPoliciesPatchRuleCall) Fields(s ...googleapi.Field
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *RegionNetworkFirewallPoliciesPatchRuleCall) Context(ctx context.Context) *RegionNetworkFirewallPoliciesPatchRuleCall {
+func (c *RegionNetworkFirewallPoliciesPatchAssociationCall) Context(ctx context.Context) *RegionNetworkFirewallPoliciesPatchAssociationCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *RegionNetworkFirewallPoliciesPatchRuleCall) Header() http.Header {
+func (c *RegionNetworkFirewallPoliciesPatchAssociationCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *RegionNetworkFirewallPoliciesPatchRuleCall) doRequest(alt string) (*http.Response, error) {
+func (c *RegionNetworkFirewallPoliciesPatchAssociationCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -187191,14 +193841,14 @@ func (c *RegionNetworkFirewallPoliciesPatchRuleCall) doRequest(alt string) (*htt
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.firewallpolicyrule)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.firewallpolicyassociation)
 	if err != nil {
 		return nil, err
 	}
 	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/firewallPolicies/{firewallPolicy}/patchRule")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/firewallPolicies/{firewallPolicy}/patchAssociation")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -187213,14 +193863,14 @@ func (c *RegionNetworkFirewallPoliciesPatchRuleCall) doRequest(alt string) (*htt
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.regionNetworkFirewallPolicies.patchRule" call.
+// Do executes the "compute.regionNetworkFirewallPolicies.patchAssociation" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *RegionNetworkFirewallPoliciesPatchRuleCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *RegionNetworkFirewallPoliciesPatchAssociationCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -187251,10 +193901,10 @@ func (c *RegionNetworkFirewallPoliciesPatchRuleCall) Do(opts ...googleapi.CallOp
 	}
 	return ret, nil
 	// {
-	//   "description": "Patches a rule of the specified priority.",
-	//   "flatPath": "projects/{project}/regions/{region}/firewallPolicies/{firewallPolicy}/patchRule",
+	//   "description": "Updates an association for the specified network firewall policy.",
+	//   "flatPath": "projects/{project}/regions/{region}/firewallPolicies/{firewallPolicy}/patchAssociation",
 	//   "httpMethod": "POST",
-	//   "id": "compute.regionNetworkFirewallPolicies.patchRule",
+	//   "id": "compute.regionNetworkFirewallPolicies.patchAssociation",
 	//   "parameterOrder": [
 	//     "project",
 	//     "region",
@@ -187268,12 +193918,6 @@ func (c *RegionNetworkFirewallPoliciesPatchRuleCall) Do(opts ...googleapi.CallOp
 	//       "required": true,
 	//       "type": "string"
 	//     },
-	//     "priority": {
-	//       "description": "The priority of the rule to patch.",
-	//       "format": "int32",
-	//       "location": "query",
-	//       "type": "integer"
-	//     },
 	//     "project": {
 	//       "description": "Project ID for this request.",
 	//       "location": "path",
@@ -187294,9 +193938,9 @@ func (c *RegionNetworkFirewallPoliciesPatchRuleCall) Do(opts ...googleapi.CallOp
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/regions/{region}/firewallPolicies/{firewallPolicy}/patchRule",
+	//   "path": "projects/{project}/regions/{region}/firewallPolicies/{firewallPolicy}/patchAssociation",
 	//   "request": {
-	//     "$ref": "FirewallPolicyRule"
+	//     "$ref": "FirewallPolicyAssociation"
 	//   },
 	//   "response": {
 	//     "$ref": "Operation"
@@ -187309,36 +193953,37 @@ func (c *RegionNetworkFirewallPoliciesPatchRuleCall) Do(opts ...googleapi.CallOp
 
 }
 
-// method id "compute.regionNetworkFirewallPolicies.removeAssociation":
+// method id "compute.regionNetworkFirewallPolicies.patchRule":
 
-type RegionNetworkFirewallPoliciesRemoveAssociationCall struct {
-	s              *Service
-	project        string
-	region         string
-	firewallPolicy string
-	urlParams_     gensupport.URLParams
-	ctx_           context.Context
-	header_        http.Header
+type RegionNetworkFirewallPoliciesPatchRuleCall struct {
+	s                  *Service
+	project            string
+	region             string
+	firewallPolicy     string
+	firewallpolicyrule *FirewallPolicyRule
+	urlParams_         gensupport.URLParams
+	ctx_               context.Context
+	header_            http.Header
 }
 
-// RemoveAssociation: Removes an association for the specified network
-// firewall policy.
+// PatchRule: Patches a rule of the specified priority.
 //
 // - firewallPolicy: Name of the firewall policy to update.
 // - project: Project ID for this request.
 // - region: Name of the region scoping this request.
-func (r *RegionNetworkFirewallPoliciesService) RemoveAssociation(project string, region string, firewallPolicy string) *RegionNetworkFirewallPoliciesRemoveAssociationCall {
-	c := &RegionNetworkFirewallPoliciesRemoveAssociationCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *RegionNetworkFirewallPoliciesService) PatchRule(project string, region string, firewallPolicy string, firewallpolicyrule *FirewallPolicyRule) *RegionNetworkFirewallPoliciesPatchRuleCall {
+	c := &RegionNetworkFirewallPoliciesPatchRuleCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.region = region
 	c.firewallPolicy = firewallPolicy
+	c.firewallpolicyrule = firewallpolicyrule
 	return c
 }
 
-// Name sets the optional parameter "name": Name for the association
-// that will be removed.
-func (c *RegionNetworkFirewallPoliciesRemoveAssociationCall) Name(name string) *RegionNetworkFirewallPoliciesRemoveAssociationCall {
-	c.urlParams_.Set("name", name)
+// Priority sets the optional parameter "priority": The priority of the
+// rule to patch.
+func (c *RegionNetworkFirewallPoliciesPatchRuleCall) Priority(priority int64) *RegionNetworkFirewallPoliciesPatchRuleCall {
+	c.urlParams_.Set("priority", fmt.Sprint(priority))
 	return c
 }
 
@@ -187353,7 +193998,7 @@ func (c *RegionNetworkFirewallPoliciesRemoveAssociationCall) Name(name string) *
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *RegionNetworkFirewallPoliciesRemoveAssociationCall) RequestId(requestId string) *RegionNetworkFirewallPoliciesRemoveAssociationCall {
+func (c *RegionNetworkFirewallPoliciesPatchRuleCall) RequestId(requestId string) *RegionNetworkFirewallPoliciesPatchRuleCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -187361,7 +194006,7 @@ func (c *RegionNetworkFirewallPoliciesRemoveAssociationCall) RequestId(requestId
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *RegionNetworkFirewallPoliciesRemoveAssociationCall) Fields(s ...googleapi.Field) *RegionNetworkFirewallPoliciesRemoveAssociationCall {
+func (c *RegionNetworkFirewallPoliciesPatchRuleCall) Fields(s ...googleapi.Field) *RegionNetworkFirewallPoliciesPatchRuleCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -187369,21 +194014,21 @@ func (c *RegionNetworkFirewallPoliciesRemoveAssociationCall) Fields(s ...googlea
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *RegionNetworkFirewallPoliciesRemoveAssociationCall) Context(ctx context.Context) *RegionNetworkFirewallPoliciesRemoveAssociationCall {
+func (c *RegionNetworkFirewallPoliciesPatchRuleCall) Context(ctx context.Context) *RegionNetworkFirewallPoliciesPatchRuleCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *RegionNetworkFirewallPoliciesRemoveAssociationCall) Header() http.Header {
+func (c *RegionNetworkFirewallPoliciesPatchRuleCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *RegionNetworkFirewallPoliciesRemoveAssociationCall) doRequest(alt string) (*http.Response, error) {
+func (c *RegionNetworkFirewallPoliciesPatchRuleCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -187391,199 +194036,14 @@ func (c *RegionNetworkFirewallPoliciesRemoveAssociationCall) doRequest(alt strin
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/firewallPolicies/{firewallPolicy}/removeAssociation")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("POST", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"project":        c.project,
-		"region":         c.region,
-		"firewallPolicy": c.firewallPolicy,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "compute.regionNetworkFirewallPolicies.removeAssociation" call.
-// Exactly one of *Operation or error will be non-nil. Any non-2xx
-// status code is an error. Response headers are in either
-// *Operation.ServerResponse.Header or (if a response was returned at
-// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
-// to check whether the returned error was because
-// http.StatusNotModified was returned.
-func (c *RegionNetworkFirewallPoliciesRemoveAssociationCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.firewallpolicyrule)
 	if err != nil {
 		return nil, err
 	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &Operation{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Removes an association for the specified network firewall policy.",
-	//   "flatPath": "projects/{project}/regions/{region}/firewallPolicies/{firewallPolicy}/removeAssociation",
-	//   "httpMethod": "POST",
-	//   "id": "compute.regionNetworkFirewallPolicies.removeAssociation",
-	//   "parameterOrder": [
-	//     "project",
-	//     "region",
-	//     "firewallPolicy"
-	//   ],
-	//   "parameters": {
-	//     "firewallPolicy": {
-	//       "description": "Name of the firewall policy to update.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "name": {
-	//       "description": "Name for the association that will be removed.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "project": {
-	//       "description": "Project ID for this request.",
-	//       "location": "path",
-	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "region": {
-	//       "description": "Name of the region scoping this request.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "requestId": {
-	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
-	//       "location": "query",
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "projects/{project}/regions/{region}/firewallPolicies/{firewallPolicy}/removeAssociation",
-	//   "response": {
-	//     "$ref": "Operation"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/compute"
-	//   ]
-	// }
-
-}
-
-// method id "compute.regionNetworkFirewallPolicies.removeRule":
-
-type RegionNetworkFirewallPoliciesRemoveRuleCall struct {
-	s              *Service
-	project        string
-	region         string
-	firewallPolicy string
-	urlParams_     gensupport.URLParams
-	ctx_           context.Context
-	header_        http.Header
-}
-
-// RemoveRule: Deletes a rule of the specified priority.
-//
-// - firewallPolicy: Name of the firewall policy to update.
-// - project: Project ID for this request.
-// - region: Name of the region scoping this request.
-func (r *RegionNetworkFirewallPoliciesService) RemoveRule(project string, region string, firewallPolicy string) *RegionNetworkFirewallPoliciesRemoveRuleCall {
-	c := &RegionNetworkFirewallPoliciesRemoveRuleCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.project = project
-	c.region = region
-	c.firewallPolicy = firewallPolicy
-	return c
-}
-
-// Priority sets the optional parameter "priority": The priority of the
-// rule to remove from the firewall policy.
-func (c *RegionNetworkFirewallPoliciesRemoveRuleCall) Priority(priority int64) *RegionNetworkFirewallPoliciesRemoveRuleCall {
-	c.urlParams_.Set("priority", fmt.Sprint(priority))
-	return c
-}
-
-// RequestId sets the optional parameter "requestId": An optional
-// request ID to identify requests. Specify a unique request ID so that
-// if you must retry your request, the server will know to ignore the
-// request if it has already been completed. For example, consider a
-// situation where you make an initial request and the request times
-// out. If you make the request again with the same request ID, the
-// server can check if original operation with the same request ID was
-// received, and if so, will ignore the second request. This prevents
-// clients from accidentally creating duplicate commitments. The request
-// ID must be a valid UUID with the exception that zero UUID is not
-// supported ( 00000000-0000-0000-0000-000000000000).
-func (c *RegionNetworkFirewallPoliciesRemoveRuleCall) RequestId(requestId string) *RegionNetworkFirewallPoliciesRemoveRuleCall {
-	c.urlParams_.Set("requestId", requestId)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *RegionNetworkFirewallPoliciesRemoveRuleCall) Fields(s ...googleapi.Field) *RegionNetworkFirewallPoliciesRemoveRuleCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *RegionNetworkFirewallPoliciesRemoveRuleCall) Context(ctx context.Context) *RegionNetworkFirewallPoliciesRemoveRuleCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *RegionNetworkFirewallPoliciesRemoveRuleCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *RegionNetworkFirewallPoliciesRemoveRuleCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
+	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/firewallPolicies/{firewallPolicy}/removeRule")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/firewallPolicies/{firewallPolicy}/patchRule")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -187598,14 +194058,399 @@ func (c *RegionNetworkFirewallPoliciesRemoveRuleCall) doRequest(alt string) (*ht
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.regionNetworkFirewallPolicies.removeRule" call.
+// Do executes the "compute.regionNetworkFirewallPolicies.patchRule" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *RegionNetworkFirewallPoliciesRemoveRuleCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *RegionNetworkFirewallPoliciesPatchRuleCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Patches a rule of the specified priority.",
+	//   "flatPath": "projects/{project}/regions/{region}/firewallPolicies/{firewallPolicy}/patchRule",
+	//   "httpMethod": "POST",
+	//   "id": "compute.regionNetworkFirewallPolicies.patchRule",
+	//   "parameterOrder": [
+	//     "project",
+	//     "region",
+	//     "firewallPolicy"
+	//   ],
+	//   "parameters": {
+	//     "firewallPolicy": {
+	//       "description": "Name of the firewall policy to update.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "priority": {
+	//       "description": "The priority of the rule to patch.",
+	//       "format": "int32",
+	//       "location": "query",
+	//       "type": "integer"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "region": {
+	//       "description": "Name of the region scoping this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/regions/{region}/firewallPolicies/{firewallPolicy}/patchRule",
+	//   "request": {
+	//     "$ref": "FirewallPolicyRule"
+	//   },
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.regionNetworkFirewallPolicies.removeAssociation":
+
+type RegionNetworkFirewallPoliciesRemoveAssociationCall struct {
+	s              *Service
+	project        string
+	region         string
+	firewallPolicy string
+	urlParams_     gensupport.URLParams
+	ctx_           context.Context
+	header_        http.Header
+}
+
+// RemoveAssociation: Removes an association for the specified network
+// firewall policy.
+//
+// - firewallPolicy: Name of the firewall policy to update.
+// - project: Project ID for this request.
+// - region: Name of the region scoping this request.
+func (r *RegionNetworkFirewallPoliciesService) RemoveAssociation(project string, region string, firewallPolicy string) *RegionNetworkFirewallPoliciesRemoveAssociationCall {
+	c := &RegionNetworkFirewallPoliciesRemoveAssociationCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.region = region
+	c.firewallPolicy = firewallPolicy
+	return c
+}
+
+// Name sets the optional parameter "name": Name for the association
+// that will be removed.
+func (c *RegionNetworkFirewallPoliciesRemoveAssociationCall) Name(name string) *RegionNetworkFirewallPoliciesRemoveAssociationCall {
+	c.urlParams_.Set("name", name)
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *RegionNetworkFirewallPoliciesRemoveAssociationCall) RequestId(requestId string) *RegionNetworkFirewallPoliciesRemoveAssociationCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *RegionNetworkFirewallPoliciesRemoveAssociationCall) Fields(s ...googleapi.Field) *RegionNetworkFirewallPoliciesRemoveAssociationCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *RegionNetworkFirewallPoliciesRemoveAssociationCall) Context(ctx context.Context) *RegionNetworkFirewallPoliciesRemoveAssociationCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *RegionNetworkFirewallPoliciesRemoveAssociationCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *RegionNetworkFirewallPoliciesRemoveAssociationCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/firewallPolicies/{firewallPolicy}/removeAssociation")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":        c.project,
+		"region":         c.region,
+		"firewallPolicy": c.firewallPolicy,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.regionNetworkFirewallPolicies.removeAssociation" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *RegionNetworkFirewallPoliciesRemoveAssociationCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Removes an association for the specified network firewall policy.",
+	//   "flatPath": "projects/{project}/regions/{region}/firewallPolicies/{firewallPolicy}/removeAssociation",
+	//   "httpMethod": "POST",
+	//   "id": "compute.regionNetworkFirewallPolicies.removeAssociation",
+	//   "parameterOrder": [
+	//     "project",
+	//     "region",
+	//     "firewallPolicy"
+	//   ],
+	//   "parameters": {
+	//     "firewallPolicy": {
+	//       "description": "Name of the firewall policy to update.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "name": {
+	//       "description": "Name for the association that will be removed.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "region": {
+	//       "description": "Name of the region scoping this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/regions/{region}/firewallPolicies/{firewallPolicy}/removeAssociation",
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.regionNetworkFirewallPolicies.removeRule":
+
+type RegionNetworkFirewallPoliciesRemoveRuleCall struct {
+	s              *Service
+	project        string
+	region         string
+	firewallPolicy string
+	urlParams_     gensupport.URLParams
+	ctx_           context.Context
+	header_        http.Header
+}
+
+// RemoveRule: Deletes a rule of the specified priority.
+//
+// - firewallPolicy: Name of the firewall policy to update.
+// - project: Project ID for this request.
+// - region: Name of the region scoping this request.
+func (r *RegionNetworkFirewallPoliciesService) RemoveRule(project string, region string, firewallPolicy string) *RegionNetworkFirewallPoliciesRemoveRuleCall {
+	c := &RegionNetworkFirewallPoliciesRemoveRuleCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.region = region
+	c.firewallPolicy = firewallPolicy
+	return c
+}
+
+// Priority sets the optional parameter "priority": The priority of the
+// rule to remove from the firewall policy.
+func (c *RegionNetworkFirewallPoliciesRemoveRuleCall) Priority(priority int64) *RegionNetworkFirewallPoliciesRemoveRuleCall {
+	c.urlParams_.Set("priority", fmt.Sprint(priority))
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *RegionNetworkFirewallPoliciesRemoveRuleCall) RequestId(requestId string) *RegionNetworkFirewallPoliciesRemoveRuleCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *RegionNetworkFirewallPoliciesRemoveRuleCall) Fields(s ...googleapi.Field) *RegionNetworkFirewallPoliciesRemoveRuleCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *RegionNetworkFirewallPoliciesRemoveRuleCall) Context(ctx context.Context) *RegionNetworkFirewallPoliciesRemoveRuleCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *RegionNetworkFirewallPoliciesRemoveRuleCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *RegionNetworkFirewallPoliciesRemoveRuleCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/firewallPolicies/{firewallPolicy}/removeRule")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":        c.project,
+		"region":         c.region,
+		"firewallPolicy": c.firewallPolicy,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.regionNetworkFirewallPolicies.removeRule" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *RegionNetworkFirewallPoliciesRemoveRuleCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -191292,7 +198137,7 @@ type RegionSecurityPoliciesPatchCall struct {
 }
 
 // Patch: Patches the specified policy with the data included in the
-// request. To clear fields in the rule, leave the fields empty and
+// request. To clear fields in the policy, leave the fields empty and
 // specify them in the updateMask. This cannot be used to be update the
 // rules in the policy. Please use the per rule methods like addRule,
 // patchRule, and removeRule instead.
@@ -191431,7 +198276,7 @@ func (c *RegionSecurityPoliciesPatchCall) Do(opts ...googleapi.CallOption) (*Ope
 	}
 	return ret, nil
 	// {
-	//   "description": "Patches the specified policy with the data included in the request. To clear fields in the rule, leave the fields empty and specify them in the updateMask. This cannot be used to be update the rules in the policy. Please use the per rule methods like addRule, patchRule, and removeRule instead.",
+	//   "description": "Patches the specified policy with the data included in the request. To clear fields in the policy, leave the fields empty and specify them in the updateMask. This cannot be used to be update the rules in the policy. Please use the per rule methods like addRule, patchRule, and removeRule instead.",
 	//   "flatPath": "projects/{project}/regions/{region}/securityPolicies/{securityPolicy}",
 	//   "httpMethod": "PATCH",
 	//   "id": "compute.regionSecurityPolicies.patch",
@@ -194506,8 +201351,7 @@ type RegionTargetHttpProxiesGetCall struct {
 }
 
 // Get: Returns the specified TargetHttpProxy resource in the specified
-// region. Gets a list of available target HTTP proxies by making a
-// list() request.
+// region.
 //
 // - project: Project ID for this request.
 // - region: Name of the region scoping this request.
@@ -194621,7 +201465,7 @@ func (c *RegionTargetHttpProxiesGetCall) Do(opts ...googleapi.CallOption) (*Targ
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified TargetHttpProxy resource in the specified region. Gets a list of available target HTTP proxies by making a list() request.",
+	//   "description": "Returns the specified TargetHttpProxy resource in the specified region.",
 	//   "flatPath": "projects/{project}/regions/{region}/targetHttpProxies/{targetHttpProxy}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.regionTargetHttpProxies.get",
@@ -195684,8 +202528,7 @@ type RegionTargetHttpsProxiesGetCall struct {
 }
 
 // Get: Returns the specified TargetHttpsProxy resource in the specified
-// region. Gets a list of available target HTTP proxies by making a
-// list() request.
+// region.
 //
 // - project: Project ID for this request.
 // - region: Name of the region scoping this request.
@@ -195799,7 +202642,7 @@ func (c *RegionTargetHttpsProxiesGetCall) Do(opts ...googleapi.CallOption) (*Tar
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified TargetHttpsProxy resource in the specified region. Gets a list of available target HTTP proxies by making a list() request.",
+	//   "description": "Returns the specified TargetHttpsProxy resource in the specified region.",
 	//   "flatPath": "projects/{project}/regions/{region}/targetHttpsProxies/{targetHttpsProxy}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.regionTargetHttpsProxies.get",
@@ -198220,8 +205063,7 @@ type RegionUrlMapsGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified UrlMap resource. Gets a list of available
-// URL maps by making a list() request.
+// Get: Returns the specified UrlMap resource.
 //
 // - project: Project ID for this request.
 // - region: Name of the region scoping this request.
@@ -198335,7 +205177,7 @@ func (c *RegionUrlMapsGetCall) Do(opts ...googleapi.CallOption) (*UrlMap, error)
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified UrlMap resource. Gets a list of available URL maps by making a list() request.",
+	//   "description": "Returns the specified UrlMap resource.",
 	//   "flatPath": "projects/{project}/regions/{region}/urlMaps/{urlMap}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.regionUrlMaps.get",
@@ -199721,6 +206563,298 @@ func (c *RegionUrlMapsValidateCall) Do(opts ...googleapi.CallOption) (*UrlMapsVa
 
 }
 
+// method id "compute.regionZones.list":
+
+type RegionZonesListCall struct {
+	s            *Service
+	project      string
+	region       string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// List: Retrieves the list of Zone resources under the specific region
+// available to the specified project.
+//
+// - project: Project ID for this request.
+// - region: Region for this request.
+func (r *RegionZonesService) List(project string, region string) *RegionZonesListCall {
+	c := &RegionZonesListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.region = region
+	return c
+}
+
+// Filter sets the optional parameter "filter": A filter expression that
+// filters resources listed in the response. Most Compute resources
+// support two types of filter expressions: expressions that support
+// regular expressions and expressions that follow API improvement
+// proposal AIP-160. If you want to use AIP-160, your expression must
+// specify the field name, an operator, and the value that you want to
+// use for filtering. The value must be a string, a number, or a
+// boolean. The operator must be either `=`, `!=`, `>`, `<`, `<=`, `>=`
+// or `:`. For example, if you are filtering Compute Engine instances,
+// you can exclude instances named `example-instance` by specifying
+// `name != example-instance`. The `:` operator can be used with string
+// fields to match substrings. For non-string fields it is equivalent to
+// the `=` operator. The `:*` comparison can be used to test whether a
+// key has been defined. For example, to find all objects with `owner`
+// label use: ``` labels.owner:* ``` You can also filter nested fields.
+// For example, you could specify `scheduling.automaticRestart = false`
+// to include instances only if they are not scheduled for automatic
+// restarts. You can use filtering on nested fields to filter based on
+// resource labels. To filter on multiple expressions, provide each
+// separate expression within parentheses. For example: ```
+// (scheduling.automaticRestart = true) (cpuPlatform = "Intel Skylake")
+// ``` By default, each expression is an `AND` expression. However, you
+// can include `AND` and `OR` expressions explicitly. For example: ```
+// (cpuPlatform = "Intel Skylake") OR (cpuPlatform = "Intel Broadwell")
+// AND (scheduling.automaticRestart = true) ``` If you want to use a
+// regular expression, use the `eq` (equal) or `ne` (not equal) operator
+// against a single un-parenthesized expression with or without quotes
+// or against multiple parenthesized expressions. Examples: `fieldname
+// eq unquoted literal` `fieldname eq 'single quoted literal'`
+// `fieldname eq "double quoted literal" `(fieldname1 eq literal)
+// (fieldname2 ne "literal")` The literal value is interpreted as a
+// regular expression using Google RE2 library syntax. The literal value
+// must match the entire field. For example, to filter for instances
+// that do not end with name "instance", you would use `name ne
+// .*instance`.
+func (c *RegionZonesListCall) Filter(filter string) *RegionZonesListCall {
+	c.urlParams_.Set("filter", filter)
+	return c
+}
+
+// MaxResults sets the optional parameter "maxResults": The maximum
+// number of results per page that should be returned. If the number of
+// available results is larger than `maxResults`, Compute Engine returns
+// a `nextPageToken` that can be used to get the next page of results in
+// subsequent list requests. Acceptable values are `0` to `500`,
+// inclusive. (Default: `500`)
+func (c *RegionZonesListCall) MaxResults(maxResults int64) *RegionZonesListCall {
+	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
+	return c
+}
+
+// OrderBy sets the optional parameter "orderBy": Sorts list results by
+// a certain order. By default, results are returned in alphanumerical
+// order based on the resource name. You can also sort results in
+// descending order based on the creation timestamp using
+// `orderBy="creationTimestamp desc". This sorts results based on the
+// `creationTimestamp` field in reverse chronological order (newest
+// result first). Use this to sort resources like operations so that the
+// newest operation is returned first. Currently, only sorting by `name`
+// or `creationTimestamp desc` is supported.
+func (c *RegionZonesListCall) OrderBy(orderBy string) *RegionZonesListCall {
+	c.urlParams_.Set("orderBy", orderBy)
+	return c
+}
+
+// PageToken sets the optional parameter "pageToken": Specifies a page
+// token to use. Set `pageToken` to the `nextPageToken` returned by a
+// previous list request to get the next page of results.
+func (c *RegionZonesListCall) PageToken(pageToken string) *RegionZonesListCall {
+	c.urlParams_.Set("pageToken", pageToken)
+	return c
+}
+
+// ReturnPartialSuccess sets the optional parameter
+// "returnPartialSuccess": Opt-in for partial success behavior which
+// provides partial results in case of failure. The default value is
+// false.
+func (c *RegionZonesListCall) ReturnPartialSuccess(returnPartialSuccess bool) *RegionZonesListCall {
+	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *RegionZonesListCall) Fields(s ...googleapi.Field) *RegionZonesListCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *RegionZonesListCall) IfNoneMatch(entityTag string) *RegionZonesListCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *RegionZonesListCall) Context(ctx context.Context) *RegionZonesListCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *RegionZonesListCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *RegionZonesListCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/zones")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+		"region":  c.region,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.regionZones.list" call.
+// Exactly one of *ZoneList or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *ZoneList.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *RegionZonesListCall) Do(opts ...googleapi.CallOption) (*ZoneList, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &ZoneList{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Retrieves the list of Zone resources under the specific region available to the specified project.",
+	//   "flatPath": "projects/{project}/regions/{region}/zones",
+	//   "httpMethod": "GET",
+	//   "id": "compute.regionZones.list",
+	//   "parameterOrder": [
+	//     "project",
+	//     "region"
+	//   ],
+	//   "parameters": {
+	//     "filter": {
+	//       "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "maxResults": {
+	//       "default": "500",
+	//       "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+	//       "format": "uint32",
+	//       "location": "query",
+	//       "minimum": "0",
+	//       "type": "integer"
+	//     },
+	//     "orderBy": {
+	//       "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "pageToken": {
+	//       "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "region": {
+	//       "description": "Region for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "returnPartialSuccess": {
+	//       "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+	//       "location": "query",
+	//       "type": "boolean"
+	//     }
+	//   },
+	//   "path": "projects/{project}/regions/{region}/zones",
+	//   "response": {
+	//     "$ref": "ZoneList"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
+	//   ]
+	// }
+
+}
+
+// Pages invokes f for each page of results.
+// A non-nil error returned from f will halt the iteration.
+// The provided context supersedes any context provided to the Context method.
+func (c *RegionZonesListCall) Pages(ctx context.Context, f func(*ZoneList) error) error {
+	c.ctx_ = ctx
+	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
+	for {
+		x, err := c.Do()
+		if err != nil {
+			return err
+		}
+		if err := f(x); err != nil {
+			return err
+		}
+		if x.NextPageToken == "" {
+			return nil
+		}
+		c.PageToken(x.NextPageToken)
+	}
+}
+
 // method id "compute.regions.get":
 
 type RegionsGetCall struct {
@@ -199733,10 +206867,9 @@ type RegionsGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified Region resource. Gets a list of available
-// regions by making a list() request. To decrease latency for this
-// method, you can optionally omit any unneeded information from the
-// response by using a field mask. This practice is especially
+// Get: Returns the specified Region resource. To decrease latency for
+// this method, you can optionally omit any unneeded information from
+// the response by using a field mask. This practice is especially
 // recommended for unused quota information (the `quotas` field). To
 // exclude one or more fields, set your request's `fields` query
 // parameter to only include the fields you need. For example, to only
@@ -199852,7 +206985,7 @@ func (c *RegionsGetCall) Do(opts ...googleapi.CallOption) (*Region, error) {
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified Region resource. Gets a list of available regions by making a list() request. To decrease latency for this method, you can optionally omit any unneeded information from the response by using a field mask. This practice is especially recommended for unused quota information (the `quotas` field). To exclude one or more fields, set your request's `fields` query parameter to only include the fields you need. For example, to only include the `id` and `selfLink` fields, add the query parameter `?fields=id,selfLink` to your request.",
+	//   "description": "Returns the specified Region resource. To decrease latency for this method, you can optionally omit any unneeded information from the response by using a field mask. This practice is especially recommended for unused quota information (the `quotas` field). To exclude one or more fields, set your request's `fields` query parameter to only include the fields you need. For example, to only include the `id` and `selfLink` fields, add the query parameter `?fields=id,selfLink` to your request.",
 	//   "flatPath": "projects/{project}/regions/{region}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.regions.get",
@@ -204555,8 +211688,7 @@ type RoutersGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified Router resource. Gets a list of available
-// routers by making a list() request.
+// Get: Returns the specified Router resource.
 //
 // - project: Project ID for this request.
 // - region: Name of the region for this request.
@@ -204670,7 +211802,7 @@ func (c *RoutersGetCall) Do(opts ...googleapi.CallOption) (*Router, error) {
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified Router resource. Gets a list of available routers by making a list() request.",
+	//   "description": "Returns the specified Router resource.",
 	//   "flatPath": "projects/{project}/regions/{region}/routers/{router}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.routers.get",
@@ -204715,6 +211847,191 @@ func (c *RoutersGetCall) Do(opts ...googleapi.CallOption) (*Router, error) {
 
 }
 
+// method id "compute.routers.getNatIpInfo":
+
+type RoutersGetNatIpInfoCall struct {
+	s            *Service
+	project      string
+	region       string
+	router       string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// GetNatIpInfo: Retrieves runtime NAT IP information.
+//
+//   - project: Project ID for this request.
+//   - region: Name of the region for this request.
+//   - router: Name of the Router resource to query for Nat IP
+//     information. The name should conform to RFC1035.
+func (r *RoutersService) GetNatIpInfo(project string, region string, router string) *RoutersGetNatIpInfoCall {
+	c := &RoutersGetNatIpInfoCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.region = region
+	c.router = router
+	return c
+}
+
+// NatName sets the optional parameter "natName": Name of the nat
+// service to filter the NAT IP information. If it is omitted, all nats
+// for this router will be returned. Name should conform to RFC1035.
+func (c *RoutersGetNatIpInfoCall) NatName(natName string) *RoutersGetNatIpInfoCall {
+	c.urlParams_.Set("natName", natName)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *RoutersGetNatIpInfoCall) Fields(s ...googleapi.Field) *RoutersGetNatIpInfoCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *RoutersGetNatIpInfoCall) IfNoneMatch(entityTag string) *RoutersGetNatIpInfoCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *RoutersGetNatIpInfoCall) Context(ctx context.Context) *RoutersGetNatIpInfoCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *RoutersGetNatIpInfoCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *RoutersGetNatIpInfoCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/routers/{router}/getNatIpInfo")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+		"region":  c.region,
+		"router":  c.router,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.routers.getNatIpInfo" call.
+// Exactly one of *NatIpInfoResponse or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *NatIpInfoResponse.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *RoutersGetNatIpInfoCall) Do(opts ...googleapi.CallOption) (*NatIpInfoResponse, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &NatIpInfoResponse{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Retrieves runtime NAT IP information.",
+	//   "flatPath": "projects/{project}/regions/{region}/routers/{router}/getNatIpInfo",
+	//   "httpMethod": "GET",
+	//   "id": "compute.routers.getNatIpInfo",
+	//   "parameterOrder": [
+	//     "project",
+	//     "region",
+	//     "router"
+	//   ],
+	//   "parameters": {
+	//     "natName": {
+	//       "description": "Name of the nat service to filter the NAT IP information. If it is omitted, all nats for this router will be returned. Name should conform to RFC1035.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "region": {
+	//       "description": "Name of the region for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "router": {
+	//       "description": "Name of the Router resource to query for Nat IP information. The name should conform to RFC1035.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/regions/{region}/routers/{router}/getNatIpInfo",
+	//   "response": {
+	//     "$ref": "NatIpInfoResponse"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
+	//   ]
+	// }
+
+}
+
 // method id "compute.routers.getNatMappingInfo":
 
 type RoutersGetNatMappingInfoCall struct {
@@ -206270,51 +213587,2659 @@ func (c *RoutersUpdateCall) Context(ctx context.Context) *RoutersUpdateCall {
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *RoutersUpdateCall) Header() http.Header {
+func (c *RoutersUpdateCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *RoutersUpdateCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.router2)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/routers/{router}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("PUT", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+		"region":  c.region,
+		"router":  c.router,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.routers.update" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *RoutersUpdateCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Updates the specified Router resource with the data included in the request. This method conforms to PUT semantics, which requests that the state of the target resource be created or replaced with the state defined by the representation enclosed in the request message payload.",
+	//   "flatPath": "projects/{project}/regions/{region}/routers/{router}",
+	//   "httpMethod": "PUT",
+	//   "id": "compute.routers.update",
+	//   "parameterOrder": [
+	//     "project",
+	//     "region",
+	//     "router"
+	//   ],
+	//   "parameters": {
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "region": {
+	//       "description": "Name of the region for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "router": {
+	//       "description": "Name of the Router resource to update.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/regions/{region}/routers/{router}",
+	//   "request": {
+	//     "$ref": "Router"
+	//   },
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.routes.delete":
+
+type RoutesDeleteCall struct {
+	s          *Service
+	project    string
+	route      string
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// Delete: Deletes the specified Route resource.
+//
+// - project: Project ID for this request.
+// - route: Name of the Route resource to delete.
+func (r *RoutesService) Delete(project string, route string) *RoutesDeleteCall {
+	c := &RoutesDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.route = route
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *RoutesDeleteCall) RequestId(requestId string) *RoutesDeleteCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *RoutesDeleteCall) Fields(s ...googleapi.Field) *RoutesDeleteCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *RoutesDeleteCall) Context(ctx context.Context) *RoutesDeleteCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *RoutesDeleteCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *RoutesDeleteCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/routes/{route}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("DELETE", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+		"route":   c.route,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.routes.delete" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *RoutesDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Deletes the specified Route resource.",
+	//   "flatPath": "projects/{project}/global/routes/{route}",
+	//   "httpMethod": "DELETE",
+	//   "id": "compute.routes.delete",
+	//   "parameterOrder": [
+	//     "project",
+	//     "route"
+	//   ],
+	//   "parameters": {
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "route": {
+	//       "description": "Name of the Route resource to delete.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/global/routes/{route}",
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.routes.get":
+
+type RoutesGetCall struct {
+	s            *Service
+	project      string
+	route        string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// Get: Returns the specified Route resource.
+//
+// - project: Project ID for this request.
+// - route: Name of the Route resource to return.
+func (r *RoutesService) Get(project string, route string) *RoutesGetCall {
+	c := &RoutesGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.route = route
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *RoutesGetCall) Fields(s ...googleapi.Field) *RoutesGetCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *RoutesGetCall) IfNoneMatch(entityTag string) *RoutesGetCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *RoutesGetCall) Context(ctx context.Context) *RoutesGetCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *RoutesGetCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *RoutesGetCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/routes/{route}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+		"route":   c.route,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.routes.get" call.
+// Exactly one of *Route or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Route.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *RoutesGetCall) Do(opts ...googleapi.CallOption) (*Route, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Route{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Returns the specified Route resource.",
+	//   "flatPath": "projects/{project}/global/routes/{route}",
+	//   "httpMethod": "GET",
+	//   "id": "compute.routes.get",
+	//   "parameterOrder": [
+	//     "project",
+	//     "route"
+	//   ],
+	//   "parameters": {
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "route": {
+	//       "description": "Name of the Route resource to return.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/global/routes/{route}",
+	//   "response": {
+	//     "$ref": "Route"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
+	//   ]
+	// }
+
+}
+
+// method id "compute.routes.insert":
+
+type RoutesInsertCall struct {
+	s          *Service
+	project    string
+	route      *Route
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// Insert: Creates a Route resource in the specified project using the
+// data included in the request.
+//
+// - project: Project ID for this request.
+func (r *RoutesService) Insert(project string, route *Route) *RoutesInsertCall {
+	c := &RoutesInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.route = route
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *RoutesInsertCall) RequestId(requestId string) *RoutesInsertCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *RoutesInsertCall) Fields(s ...googleapi.Field) *RoutesInsertCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *RoutesInsertCall) Context(ctx context.Context) *RoutesInsertCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *RoutesInsertCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *RoutesInsertCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.route)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/routes")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.routes.insert" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *RoutesInsertCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Creates a Route resource in the specified project using the data included in the request.",
+	//   "flatPath": "projects/{project}/global/routes",
+	//   "httpMethod": "POST",
+	//   "id": "compute.routes.insert",
+	//   "parameterOrder": [
+	//     "project"
+	//   ],
+	//   "parameters": {
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/global/routes",
+	//   "request": {
+	//     "$ref": "Route"
+	//   },
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.routes.list":
+
+type RoutesListCall struct {
+	s            *Service
+	project      string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// List: Retrieves the list of Route resources available to the
+// specified project.
+//
+// - project: Project ID for this request.
+func (r *RoutesService) List(project string) *RoutesListCall {
+	c := &RoutesListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	return c
+}
+
+// Filter sets the optional parameter "filter": A filter expression that
+// filters resources listed in the response. Most Compute resources
+// support two types of filter expressions: expressions that support
+// regular expressions and expressions that follow API improvement
+// proposal AIP-160. If you want to use AIP-160, your expression must
+// specify the field name, an operator, and the value that you want to
+// use for filtering. The value must be a string, a number, or a
+// boolean. The operator must be either `=`, `!=`, `>`, `<`, `<=`, `>=`
+// or `:`. For example, if you are filtering Compute Engine instances,
+// you can exclude instances named `example-instance` by specifying
+// `name != example-instance`. The `:` operator can be used with string
+// fields to match substrings. For non-string fields it is equivalent to
+// the `=` operator. The `:*` comparison can be used to test whether a
+// key has been defined. For example, to find all objects with `owner`
+// label use: ``` labels.owner:* ``` You can also filter nested fields.
+// For example, you could specify `scheduling.automaticRestart = false`
+// to include instances only if they are not scheduled for automatic
+// restarts. You can use filtering on nested fields to filter based on
+// resource labels. To filter on multiple expressions, provide each
+// separate expression within parentheses. For example: ```
+// (scheduling.automaticRestart = true) (cpuPlatform = "Intel Skylake")
+// ``` By default, each expression is an `AND` expression. However, you
+// can include `AND` and `OR` expressions explicitly. For example: ```
+// (cpuPlatform = "Intel Skylake") OR (cpuPlatform = "Intel Broadwell")
+// AND (scheduling.automaticRestart = true) ``` If you want to use a
+// regular expression, use the `eq` (equal) or `ne` (not equal) operator
+// against a single un-parenthesized expression with or without quotes
+// or against multiple parenthesized expressions. Examples: `fieldname
+// eq unquoted literal` `fieldname eq 'single quoted literal'`
+// `fieldname eq "double quoted literal" `(fieldname1 eq literal)
+// (fieldname2 ne "literal")` The literal value is interpreted as a
+// regular expression using Google RE2 library syntax. The literal value
+// must match the entire field. For example, to filter for instances
+// that do not end with name "instance", you would use `name ne
+// .*instance`.
+func (c *RoutesListCall) Filter(filter string) *RoutesListCall {
+	c.urlParams_.Set("filter", filter)
+	return c
+}
+
+// MaxResults sets the optional parameter "maxResults": The maximum
+// number of results per page that should be returned. If the number of
+// available results is larger than `maxResults`, Compute Engine returns
+// a `nextPageToken` that can be used to get the next page of results in
+// subsequent list requests. Acceptable values are `0` to `500`,
+// inclusive. (Default: `500`)
+func (c *RoutesListCall) MaxResults(maxResults int64) *RoutesListCall {
+	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
+	return c
+}
+
+// OrderBy sets the optional parameter "orderBy": Sorts list results by
+// a certain order. By default, results are returned in alphanumerical
+// order based on the resource name. You can also sort results in
+// descending order based on the creation timestamp using
+// `orderBy="creationTimestamp desc". This sorts results based on the
+// `creationTimestamp` field in reverse chronological order (newest
+// result first). Use this to sort resources like operations so that the
+// newest operation is returned first. Currently, only sorting by `name`
+// or `creationTimestamp desc` is supported.
+func (c *RoutesListCall) OrderBy(orderBy string) *RoutesListCall {
+	c.urlParams_.Set("orderBy", orderBy)
+	return c
+}
+
+// PageToken sets the optional parameter "pageToken": Specifies a page
+// token to use. Set `pageToken` to the `nextPageToken` returned by a
+// previous list request to get the next page of results.
+func (c *RoutesListCall) PageToken(pageToken string) *RoutesListCall {
+	c.urlParams_.Set("pageToken", pageToken)
+	return c
+}
+
+// ReturnPartialSuccess sets the optional parameter
+// "returnPartialSuccess": Opt-in for partial success behavior which
+// provides partial results in case of failure. The default value is
+// false.
+func (c *RoutesListCall) ReturnPartialSuccess(returnPartialSuccess bool) *RoutesListCall {
+	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *RoutesListCall) Fields(s ...googleapi.Field) *RoutesListCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *RoutesListCall) IfNoneMatch(entityTag string) *RoutesListCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *RoutesListCall) Context(ctx context.Context) *RoutesListCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *RoutesListCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *RoutesListCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/routes")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.routes.list" call.
+// Exactly one of *RouteList or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *RouteList.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *RoutesListCall) Do(opts ...googleapi.CallOption) (*RouteList, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &RouteList{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Retrieves the list of Route resources available to the specified project.",
+	//   "flatPath": "projects/{project}/global/routes",
+	//   "httpMethod": "GET",
+	//   "id": "compute.routes.list",
+	//   "parameterOrder": [
+	//     "project"
+	//   ],
+	//   "parameters": {
+	//     "filter": {
+	//       "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "maxResults": {
+	//       "default": "500",
+	//       "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+	//       "format": "uint32",
+	//       "location": "query",
+	//       "minimum": "0",
+	//       "type": "integer"
+	//     },
+	//     "orderBy": {
+	//       "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "pageToken": {
+	//       "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "returnPartialSuccess": {
+	//       "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+	//       "location": "query",
+	//       "type": "boolean"
+	//     }
+	//   },
+	//   "path": "projects/{project}/global/routes",
+	//   "response": {
+	//     "$ref": "RouteList"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
+	//   ]
+	// }
+
+}
+
+// Pages invokes f for each page of results.
+// A non-nil error returned from f will halt the iteration.
+// The provided context supersedes any context provided to the Context method.
+func (c *RoutesListCall) Pages(ctx context.Context, f func(*RouteList) error) error {
+	c.ctx_ = ctx
+	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
+	for {
+		x, err := c.Do()
+		if err != nil {
+			return err
+		}
+		if err := f(x); err != nil {
+			return err
+		}
+		if x.NextPageToken == "" {
+			return nil
+		}
+		c.PageToken(x.NextPageToken)
+	}
+}
+
+// method id "compute.routes.testIamPermissions":
+
+type RoutesTestIamPermissionsCall struct {
+	s                      *Service
+	project                string
+	resource               string
+	testpermissionsrequest *TestPermissionsRequest
+	urlParams_             gensupport.URLParams
+	ctx_                   context.Context
+	header_                http.Header
+}
+
+// TestIamPermissions: Returns permissions that a caller has on the
+// specified resource.
+//
+// - project: Project ID for this request.
+// - resource: Name or id of the resource for this request.
+func (r *RoutesService) TestIamPermissions(project string, resource string, testpermissionsrequest *TestPermissionsRequest) *RoutesTestIamPermissionsCall {
+	c := &RoutesTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.resource = resource
+	c.testpermissionsrequest = testpermissionsrequest
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *RoutesTestIamPermissionsCall) Fields(s ...googleapi.Field) *RoutesTestIamPermissionsCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *RoutesTestIamPermissionsCall) Context(ctx context.Context) *RoutesTestIamPermissionsCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *RoutesTestIamPermissionsCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *RoutesTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.testpermissionsrequest)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/routes/{resource}/testIamPermissions")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":  c.project,
+		"resource": c.resource,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.routes.testIamPermissions" call.
+// Exactly one of *TestPermissionsResponse or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *TestPermissionsResponse.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *RoutesTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestPermissionsResponse, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &TestPermissionsResponse{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Returns permissions that a caller has on the specified resource.",
+	//   "flatPath": "projects/{project}/global/routes/{resource}/testIamPermissions",
+	//   "httpMethod": "POST",
+	//   "id": "compute.routes.testIamPermissions",
+	//   "parameterOrder": [
+	//     "project",
+	//     "resource"
+	//   ],
+	//   "parameters": {
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "resource": {
+	//       "description": "Name or id of the resource for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9_]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/global/routes/{resource}/testIamPermissions",
+	//   "request": {
+	//     "$ref": "TestPermissionsRequest"
+	//   },
+	//   "response": {
+	//     "$ref": "TestPermissionsResponse"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
+	//   ]
+	// }
+
+}
+
+// method id "compute.securityPolicies.addRule":
+
+type SecurityPoliciesAddRuleCall struct {
+	s                  *Service
+	project            string
+	securityPolicy     string
+	securitypolicyrule *SecurityPolicyRule
+	urlParams_         gensupport.URLParams
+	ctx_               context.Context
+	header_            http.Header
+}
+
+// AddRule: Inserts a rule into a security policy.
+//
+// - project: Project ID for this request.
+// - securityPolicy: Name of the security policy to update.
+func (r *SecurityPoliciesService) AddRule(project string, securityPolicy string, securitypolicyrule *SecurityPolicyRule) *SecurityPoliciesAddRuleCall {
+	c := &SecurityPoliciesAddRuleCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.securityPolicy = securityPolicy
+	c.securitypolicyrule = securitypolicyrule
+	return c
+}
+
+// ValidateOnly sets the optional parameter "validateOnly": If true, the
+// request will not be committed.
+func (c *SecurityPoliciesAddRuleCall) ValidateOnly(validateOnly bool) *SecurityPoliciesAddRuleCall {
+	c.urlParams_.Set("validateOnly", fmt.Sprint(validateOnly))
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *SecurityPoliciesAddRuleCall) Fields(s ...googleapi.Field) *SecurityPoliciesAddRuleCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *SecurityPoliciesAddRuleCall) Context(ctx context.Context) *SecurityPoliciesAddRuleCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *SecurityPoliciesAddRuleCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *SecurityPoliciesAddRuleCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.securitypolicyrule)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/securityPolicies/{securityPolicy}/addRule")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":        c.project,
+		"securityPolicy": c.securityPolicy,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.securityPolicies.addRule" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *SecurityPoliciesAddRuleCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Inserts a rule into a security policy.",
+	//   "flatPath": "projects/{project}/global/securityPolicies/{securityPolicy}/addRule",
+	//   "httpMethod": "POST",
+	//   "id": "compute.securityPolicies.addRule",
+	//   "parameterOrder": [
+	//     "project",
+	//     "securityPolicy"
+	//   ],
+	//   "parameters": {
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "securityPolicy": {
+	//       "description": "Name of the security policy to update.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "validateOnly": {
+	//       "description": "If true, the request will not be committed.",
+	//       "location": "query",
+	//       "type": "boolean"
+	//     }
+	//   },
+	//   "path": "projects/{project}/global/securityPolicies/{securityPolicy}/addRule",
+	//   "request": {
+	//     "$ref": "SecurityPolicyRule"
+	//   },
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.securityPolicies.aggregatedList":
+
+type SecurityPoliciesAggregatedListCall struct {
+	s            *Service
+	project      string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// AggregatedList: Retrieves the list of all SecurityPolicy resources,
+// regional and global, available to the specified project.
+//
+// - project: Name of the project scoping this request.
+func (r *SecurityPoliciesService) AggregatedList(project string) *SecurityPoliciesAggregatedListCall {
+	c := &SecurityPoliciesAggregatedListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	return c
+}
+
+// Filter sets the optional parameter "filter": A filter expression that
+// filters resources listed in the response. Most Compute resources
+// support two types of filter expressions: expressions that support
+// regular expressions and expressions that follow API improvement
+// proposal AIP-160. If you want to use AIP-160, your expression must
+// specify the field name, an operator, and the value that you want to
+// use for filtering. The value must be a string, a number, or a
+// boolean. The operator must be either `=`, `!=`, `>`, `<`, `<=`, `>=`
+// or `:`. For example, if you are filtering Compute Engine instances,
+// you can exclude instances named `example-instance` by specifying
+// `name != example-instance`. The `:` operator can be used with string
+// fields to match substrings. For non-string fields it is equivalent to
+// the `=` operator. The `:*` comparison can be used to test whether a
+// key has been defined. For example, to find all objects with `owner`
+// label use: ``` labels.owner:* ``` You can also filter nested fields.
+// For example, you could specify `scheduling.automaticRestart = false`
+// to include instances only if they are not scheduled for automatic
+// restarts. You can use filtering on nested fields to filter based on
+// resource labels. To filter on multiple expressions, provide each
+// separate expression within parentheses. For example: ```
+// (scheduling.automaticRestart = true) (cpuPlatform = "Intel Skylake")
+// ``` By default, each expression is an `AND` expression. However, you
+// can include `AND` and `OR` expressions explicitly. For example: ```
+// (cpuPlatform = "Intel Skylake") OR (cpuPlatform = "Intel Broadwell")
+// AND (scheduling.automaticRestart = true) ``` If you want to use a
+// regular expression, use the `eq` (equal) or `ne` (not equal) operator
+// against a single un-parenthesized expression with or without quotes
+// or against multiple parenthesized expressions. Examples: `fieldname
+// eq unquoted literal` `fieldname eq 'single quoted literal'`
+// `fieldname eq "double quoted literal" `(fieldname1 eq literal)
+// (fieldname2 ne "literal")` The literal value is interpreted as a
+// regular expression using Google RE2 library syntax. The literal value
+// must match the entire field. For example, to filter for instances
+// that do not end with name "instance", you would use `name ne
+// .*instance`.
+func (c *SecurityPoliciesAggregatedListCall) Filter(filter string) *SecurityPoliciesAggregatedListCall {
+	c.urlParams_.Set("filter", filter)
+	return c
+}
+
+// IncludeAllScopes sets the optional parameter "includeAllScopes":
+// Indicates whether every visible scope for each scope type (zone,
+// region, global) should be included in the response. For new resource
+// types added after this field, the flag has no effect as new resource
+// types will always include every visible scope for each scope type in
+// response. For resource types which predate this field, if this flag
+// is omitted or false, only scopes of the scope types where the
+// resource type is expected to be found will be included.
+func (c *SecurityPoliciesAggregatedListCall) IncludeAllScopes(includeAllScopes bool) *SecurityPoliciesAggregatedListCall {
+	c.urlParams_.Set("includeAllScopes", fmt.Sprint(includeAllScopes))
+	return c
+}
+
+// MaxResults sets the optional parameter "maxResults": The maximum
+// number of results per page that should be returned. If the number of
+// available results is larger than `maxResults`, Compute Engine returns
+// a `nextPageToken` that can be used to get the next page of results in
+// subsequent list requests. Acceptable values are `0` to `500`,
+// inclusive. (Default: `500`)
+func (c *SecurityPoliciesAggregatedListCall) MaxResults(maxResults int64) *SecurityPoliciesAggregatedListCall {
+	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
+	return c
+}
+
+// OrderBy sets the optional parameter "orderBy": Sorts list results by
+// a certain order. By default, results are returned in alphanumerical
+// order based on the resource name. You can also sort results in
+// descending order based on the creation timestamp using
+// `orderBy="creationTimestamp desc". This sorts results based on the
+// `creationTimestamp` field in reverse chronological order (newest
+// result first). Use this to sort resources like operations so that the
+// newest operation is returned first. Currently, only sorting by `name`
+// or `creationTimestamp desc` is supported.
+func (c *SecurityPoliciesAggregatedListCall) OrderBy(orderBy string) *SecurityPoliciesAggregatedListCall {
+	c.urlParams_.Set("orderBy", orderBy)
+	return c
+}
+
+// PageToken sets the optional parameter "pageToken": Specifies a page
+// token to use. Set `pageToken` to the `nextPageToken` returned by a
+// previous list request to get the next page of results.
+func (c *SecurityPoliciesAggregatedListCall) PageToken(pageToken string) *SecurityPoliciesAggregatedListCall {
+	c.urlParams_.Set("pageToken", pageToken)
+	return c
+}
+
+// ReturnPartialSuccess sets the optional parameter
+// "returnPartialSuccess": Opt-in for partial success behavior which
+// provides partial results in case of failure. The default value is
+// false.
+func (c *SecurityPoliciesAggregatedListCall) ReturnPartialSuccess(returnPartialSuccess bool) *SecurityPoliciesAggregatedListCall {
+	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *SecurityPoliciesAggregatedListCall) Fields(s ...googleapi.Field) *SecurityPoliciesAggregatedListCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *SecurityPoliciesAggregatedListCall) IfNoneMatch(entityTag string) *SecurityPoliciesAggregatedListCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *SecurityPoliciesAggregatedListCall) Context(ctx context.Context) *SecurityPoliciesAggregatedListCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *SecurityPoliciesAggregatedListCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *SecurityPoliciesAggregatedListCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/aggregated/securityPolicies")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.securityPolicies.aggregatedList" call.
+// Exactly one of *SecurityPoliciesAggregatedList or error will be
+// non-nil. Any non-2xx status code is an error. Response headers are in
+// either *SecurityPoliciesAggregatedList.ServerResponse.Header or (if a
+// response was returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *SecurityPoliciesAggregatedListCall) Do(opts ...googleapi.CallOption) (*SecurityPoliciesAggregatedList, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &SecurityPoliciesAggregatedList{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Retrieves the list of all SecurityPolicy resources, regional and global, available to the specified project.",
+	//   "flatPath": "projects/{project}/aggregated/securityPolicies",
+	//   "httpMethod": "GET",
+	//   "id": "compute.securityPolicies.aggregatedList",
+	//   "parameterOrder": [
+	//     "project"
+	//   ],
+	//   "parameters": {
+	//     "filter": {
+	//       "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "includeAllScopes": {
+	//       "description": "Indicates whether every visible scope for each scope type (zone, region, global) should be included in the response. For new resource types added after this field, the flag has no effect as new resource types will always include every visible scope for each scope type in response. For resource types which predate this field, if this flag is omitted or false, only scopes of the scope types where the resource type is expected to be found will be included.",
+	//       "location": "query",
+	//       "type": "boolean"
+	//     },
+	//     "maxResults": {
+	//       "default": "500",
+	//       "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+	//       "format": "uint32",
+	//       "location": "query",
+	//       "minimum": "0",
+	//       "type": "integer"
+	//     },
+	//     "orderBy": {
+	//       "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "pageToken": {
+	//       "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Name of the project scoping this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "returnPartialSuccess": {
+	//       "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+	//       "location": "query",
+	//       "type": "boolean"
+	//     }
+	//   },
+	//   "path": "projects/{project}/aggregated/securityPolicies",
+	//   "response": {
+	//     "$ref": "SecurityPoliciesAggregatedList"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
+	//   ]
+	// }
+
+}
+
+// Pages invokes f for each page of results.
+// A non-nil error returned from f will halt the iteration.
+// The provided context supersedes any context provided to the Context method.
+func (c *SecurityPoliciesAggregatedListCall) Pages(ctx context.Context, f func(*SecurityPoliciesAggregatedList) error) error {
+	c.ctx_ = ctx
+	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
+	for {
+		x, err := c.Do()
+		if err != nil {
+			return err
+		}
+		if err := f(x); err != nil {
+			return err
+		}
+		if x.NextPageToken == "" {
+			return nil
+		}
+		c.PageToken(x.NextPageToken)
+	}
+}
+
+// method id "compute.securityPolicies.delete":
+
+type SecurityPoliciesDeleteCall struct {
+	s              *Service
+	project        string
+	securityPolicy string
+	urlParams_     gensupport.URLParams
+	ctx_           context.Context
+	header_        http.Header
+}
+
+// Delete: Deletes the specified policy.
+//
+// - project: Project ID for this request.
+// - securityPolicy: Name of the security policy to delete.
+func (r *SecurityPoliciesService) Delete(project string, securityPolicy string) *SecurityPoliciesDeleteCall {
+	c := &SecurityPoliciesDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.securityPolicy = securityPolicy
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *SecurityPoliciesDeleteCall) RequestId(requestId string) *SecurityPoliciesDeleteCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *SecurityPoliciesDeleteCall) Fields(s ...googleapi.Field) *SecurityPoliciesDeleteCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *SecurityPoliciesDeleteCall) Context(ctx context.Context) *SecurityPoliciesDeleteCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *SecurityPoliciesDeleteCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *SecurityPoliciesDeleteCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/securityPolicies/{securityPolicy}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("DELETE", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":        c.project,
+		"securityPolicy": c.securityPolicy,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.securityPolicies.delete" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *SecurityPoliciesDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Deletes the specified policy.",
+	//   "flatPath": "projects/{project}/global/securityPolicies/{securityPolicy}",
+	//   "httpMethod": "DELETE",
+	//   "id": "compute.securityPolicies.delete",
+	//   "parameterOrder": [
+	//     "project",
+	//     "securityPolicy"
+	//   ],
+	//   "parameters": {
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "securityPolicy": {
+	//       "description": "Name of the security policy to delete.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/global/securityPolicies/{securityPolicy}",
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.securityPolicies.get":
+
+type SecurityPoliciesGetCall struct {
+	s              *Service
+	project        string
+	securityPolicy string
+	urlParams_     gensupport.URLParams
+	ifNoneMatch_   string
+	ctx_           context.Context
+	header_        http.Header
+}
+
+// Get: List all of the ordered rules present in a single specified
+// policy.
+//
+// - project: Project ID for this request.
+// - securityPolicy: Name of the security policy to get.
+func (r *SecurityPoliciesService) Get(project string, securityPolicy string) *SecurityPoliciesGetCall {
+	c := &SecurityPoliciesGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.securityPolicy = securityPolicy
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *SecurityPoliciesGetCall) Fields(s ...googleapi.Field) *SecurityPoliciesGetCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *SecurityPoliciesGetCall) IfNoneMatch(entityTag string) *SecurityPoliciesGetCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *SecurityPoliciesGetCall) Context(ctx context.Context) *SecurityPoliciesGetCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *SecurityPoliciesGetCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *SecurityPoliciesGetCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/securityPolicies/{securityPolicy}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":        c.project,
+		"securityPolicy": c.securityPolicy,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.securityPolicies.get" call.
+// Exactly one of *SecurityPolicy or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *SecurityPolicy.ServerResponse.Header or (if a response was returned
+// at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *SecurityPoliciesGetCall) Do(opts ...googleapi.CallOption) (*SecurityPolicy, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &SecurityPolicy{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "List all of the ordered rules present in a single specified policy.",
+	//   "flatPath": "projects/{project}/global/securityPolicies/{securityPolicy}",
+	//   "httpMethod": "GET",
+	//   "id": "compute.securityPolicies.get",
+	//   "parameterOrder": [
+	//     "project",
+	//     "securityPolicy"
+	//   ],
+	//   "parameters": {
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "securityPolicy": {
+	//       "description": "Name of the security policy to get.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/global/securityPolicies/{securityPolicy}",
+	//   "response": {
+	//     "$ref": "SecurityPolicy"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
+	//   ]
+	// }
+
+}
+
+// method id "compute.securityPolicies.getRule":
+
+type SecurityPoliciesGetRuleCall struct {
+	s              *Service
+	project        string
+	securityPolicy string
+	urlParams_     gensupport.URLParams
+	ifNoneMatch_   string
+	ctx_           context.Context
+	header_        http.Header
+}
+
+// GetRule: Gets a rule at the specified priority.
+//
+//   - project: Project ID for this request.
+//   - securityPolicy: Name of the security policy to which the queried
+//     rule belongs.
+func (r *SecurityPoliciesService) GetRule(project string, securityPolicy string) *SecurityPoliciesGetRuleCall {
+	c := &SecurityPoliciesGetRuleCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.securityPolicy = securityPolicy
+	return c
+}
+
+// Priority sets the optional parameter "priority": The priority of the
+// rule to get from the security policy.
+func (c *SecurityPoliciesGetRuleCall) Priority(priority int64) *SecurityPoliciesGetRuleCall {
+	c.urlParams_.Set("priority", fmt.Sprint(priority))
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *SecurityPoliciesGetRuleCall) Fields(s ...googleapi.Field) *SecurityPoliciesGetRuleCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *SecurityPoliciesGetRuleCall) IfNoneMatch(entityTag string) *SecurityPoliciesGetRuleCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *SecurityPoliciesGetRuleCall) Context(ctx context.Context) *SecurityPoliciesGetRuleCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *SecurityPoliciesGetRuleCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *SecurityPoliciesGetRuleCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/securityPolicies/{securityPolicy}/getRule")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":        c.project,
+		"securityPolicy": c.securityPolicy,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.securityPolicies.getRule" call.
+// Exactly one of *SecurityPolicyRule or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *SecurityPolicyRule.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *SecurityPoliciesGetRuleCall) Do(opts ...googleapi.CallOption) (*SecurityPolicyRule, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &SecurityPolicyRule{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Gets a rule at the specified priority.",
+	//   "flatPath": "projects/{project}/global/securityPolicies/{securityPolicy}/getRule",
+	//   "httpMethod": "GET",
+	//   "id": "compute.securityPolicies.getRule",
+	//   "parameterOrder": [
+	//     "project",
+	//     "securityPolicy"
+	//   ],
+	//   "parameters": {
+	//     "priority": {
+	//       "description": "The priority of the rule to get from the security policy.",
+	//       "format": "int32",
+	//       "location": "query",
+	//       "type": "integer"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "securityPolicy": {
+	//       "description": "Name of the security policy to which the queried rule belongs.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/global/securityPolicies/{securityPolicy}/getRule",
+	//   "response": {
+	//     "$ref": "SecurityPolicyRule"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
+	//   ]
+	// }
+
+}
+
+// method id "compute.securityPolicies.insert":
+
+type SecurityPoliciesInsertCall struct {
+	s              *Service
+	project        string
+	securitypolicy *SecurityPolicy
+	urlParams_     gensupport.URLParams
+	ctx_           context.Context
+	header_        http.Header
+}
+
+// Insert: Creates a new policy in the specified project using the data
+// included in the request.
+//
+// - project: Project ID for this request.
+func (r *SecurityPoliciesService) Insert(project string, securitypolicy *SecurityPolicy) *SecurityPoliciesInsertCall {
+	c := &SecurityPoliciesInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.securitypolicy = securitypolicy
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *SecurityPoliciesInsertCall) RequestId(requestId string) *SecurityPoliciesInsertCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// ValidateOnly sets the optional parameter "validateOnly": If true, the
+// request will not be committed.
+func (c *SecurityPoliciesInsertCall) ValidateOnly(validateOnly bool) *SecurityPoliciesInsertCall {
+	c.urlParams_.Set("validateOnly", fmt.Sprint(validateOnly))
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *SecurityPoliciesInsertCall) Fields(s ...googleapi.Field) *SecurityPoliciesInsertCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *SecurityPoliciesInsertCall) Context(ctx context.Context) *SecurityPoliciesInsertCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *SecurityPoliciesInsertCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *SecurityPoliciesInsertCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.securitypolicy)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/securityPolicies")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.securityPolicies.insert" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *SecurityPoliciesInsertCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Creates a new policy in the specified project using the data included in the request.",
+	//   "flatPath": "projects/{project}/global/securityPolicies",
+	//   "httpMethod": "POST",
+	//   "id": "compute.securityPolicies.insert",
+	//   "parameterOrder": [
+	//     "project"
+	//   ],
+	//   "parameters": {
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "validateOnly": {
+	//       "description": "If true, the request will not be committed.",
+	//       "location": "query",
+	//       "type": "boolean"
+	//     }
+	//   },
+	//   "path": "projects/{project}/global/securityPolicies",
+	//   "request": {
+	//     "$ref": "SecurityPolicy"
+	//   },
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.securityPolicies.list":
+
+type SecurityPoliciesListCall struct {
+	s            *Service
+	project      string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// List: List all the policies that have been configured for the
+// specified project.
+//
+// - project: Project ID for this request.
+func (r *SecurityPoliciesService) List(project string) *SecurityPoliciesListCall {
+	c := &SecurityPoliciesListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	return c
+}
+
+// Filter sets the optional parameter "filter": A filter expression that
+// filters resources listed in the response. Most Compute resources
+// support two types of filter expressions: expressions that support
+// regular expressions and expressions that follow API improvement
+// proposal AIP-160. If you want to use AIP-160, your expression must
+// specify the field name, an operator, and the value that you want to
+// use for filtering. The value must be a string, a number, or a
+// boolean. The operator must be either `=`, `!=`, `>`, `<`, `<=`, `>=`
+// or `:`. For example, if you are filtering Compute Engine instances,
+// you can exclude instances named `example-instance` by specifying
+// `name != example-instance`. The `:` operator can be used with string
+// fields to match substrings. For non-string fields it is equivalent to
+// the `=` operator. The `:*` comparison can be used to test whether a
+// key has been defined. For example, to find all objects with `owner`
+// label use: ``` labels.owner:* ``` You can also filter nested fields.
+// For example, you could specify `scheduling.automaticRestart = false`
+// to include instances only if they are not scheduled for automatic
+// restarts. You can use filtering on nested fields to filter based on
+// resource labels. To filter on multiple expressions, provide each
+// separate expression within parentheses. For example: ```
+// (scheduling.automaticRestart = true) (cpuPlatform = "Intel Skylake")
+// ``` By default, each expression is an `AND` expression. However, you
+// can include `AND` and `OR` expressions explicitly. For example: ```
+// (cpuPlatform = "Intel Skylake") OR (cpuPlatform = "Intel Broadwell")
+// AND (scheduling.automaticRestart = true) ``` If you want to use a
+// regular expression, use the `eq` (equal) or `ne` (not equal) operator
+// against a single un-parenthesized expression with or without quotes
+// or against multiple parenthesized expressions. Examples: `fieldname
+// eq unquoted literal` `fieldname eq 'single quoted literal'`
+// `fieldname eq "double quoted literal" `(fieldname1 eq literal)
+// (fieldname2 ne "literal")` The literal value is interpreted as a
+// regular expression using Google RE2 library syntax. The literal value
+// must match the entire field. For example, to filter for instances
+// that do not end with name "instance", you would use `name ne
+// .*instance`.
+func (c *SecurityPoliciesListCall) Filter(filter string) *SecurityPoliciesListCall {
+	c.urlParams_.Set("filter", filter)
+	return c
+}
+
+// MaxResults sets the optional parameter "maxResults": The maximum
+// number of results per page that should be returned. If the number of
+// available results is larger than `maxResults`, Compute Engine returns
+// a `nextPageToken` that can be used to get the next page of results in
+// subsequent list requests. Acceptable values are `0` to `500`,
+// inclusive. (Default: `500`)
+func (c *SecurityPoliciesListCall) MaxResults(maxResults int64) *SecurityPoliciesListCall {
+	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
+	return c
+}
+
+// OrderBy sets the optional parameter "orderBy": Sorts list results by
+// a certain order. By default, results are returned in alphanumerical
+// order based on the resource name. You can also sort results in
+// descending order based on the creation timestamp using
+// `orderBy="creationTimestamp desc". This sorts results based on the
+// `creationTimestamp` field in reverse chronological order (newest
+// result first). Use this to sort resources like operations so that the
+// newest operation is returned first. Currently, only sorting by `name`
+// or `creationTimestamp desc` is supported.
+func (c *SecurityPoliciesListCall) OrderBy(orderBy string) *SecurityPoliciesListCall {
+	c.urlParams_.Set("orderBy", orderBy)
+	return c
+}
+
+// PageToken sets the optional parameter "pageToken": Specifies a page
+// token to use. Set `pageToken` to the `nextPageToken` returned by a
+// previous list request to get the next page of results.
+func (c *SecurityPoliciesListCall) PageToken(pageToken string) *SecurityPoliciesListCall {
+	c.urlParams_.Set("pageToken", pageToken)
+	return c
+}
+
+// ReturnPartialSuccess sets the optional parameter
+// "returnPartialSuccess": Opt-in for partial success behavior which
+// provides partial results in case of failure. The default value is
+// false.
+func (c *SecurityPoliciesListCall) ReturnPartialSuccess(returnPartialSuccess bool) *SecurityPoliciesListCall {
+	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *SecurityPoliciesListCall) Fields(s ...googleapi.Field) *SecurityPoliciesListCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *SecurityPoliciesListCall) IfNoneMatch(entityTag string) *SecurityPoliciesListCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *SecurityPoliciesListCall) Context(ctx context.Context) *SecurityPoliciesListCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *SecurityPoliciesListCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *SecurityPoliciesListCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/securityPolicies")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.securityPolicies.list" call.
+// Exactly one of *SecurityPolicyList or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *SecurityPolicyList.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *SecurityPoliciesListCall) Do(opts ...googleapi.CallOption) (*SecurityPolicyList, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &SecurityPolicyList{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "List all the policies that have been configured for the specified project.",
+	//   "flatPath": "projects/{project}/global/securityPolicies",
+	//   "httpMethod": "GET",
+	//   "id": "compute.securityPolicies.list",
+	//   "parameterOrder": [
+	//     "project"
+	//   ],
+	//   "parameters": {
+	//     "filter": {
+	//       "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "maxResults": {
+	//       "default": "500",
+	//       "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+	//       "format": "uint32",
+	//       "location": "query",
+	//       "minimum": "0",
+	//       "type": "integer"
+	//     },
+	//     "orderBy": {
+	//       "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "pageToken": {
+	//       "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "returnPartialSuccess": {
+	//       "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+	//       "location": "query",
+	//       "type": "boolean"
+	//     }
+	//   },
+	//   "path": "projects/{project}/global/securityPolicies",
+	//   "response": {
+	//     "$ref": "SecurityPolicyList"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
+	//   ]
+	// }
+
+}
+
+// Pages invokes f for each page of results.
+// A non-nil error returned from f will halt the iteration.
+// The provided context supersedes any context provided to the Context method.
+func (c *SecurityPoliciesListCall) Pages(ctx context.Context, f func(*SecurityPolicyList) error) error {
+	c.ctx_ = ctx
+	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
+	for {
+		x, err := c.Do()
+		if err != nil {
+			return err
+		}
+		if err := f(x); err != nil {
+			return err
+		}
+		if x.NextPageToken == "" {
+			return nil
+		}
+		c.PageToken(x.NextPageToken)
+	}
+}
+
+// method id "compute.securityPolicies.listPreconfiguredExpressionSets":
+
+type SecurityPoliciesListPreconfiguredExpressionSetsCall struct {
+	s            *Service
+	project      string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// ListPreconfiguredExpressionSets: Gets the current list of
+// preconfigured Web Application Firewall (WAF) expressions.
+//
+// - project: Project ID for this request.
+func (r *SecurityPoliciesService) ListPreconfiguredExpressionSets(project string) *SecurityPoliciesListPreconfiguredExpressionSetsCall {
+	c := &SecurityPoliciesListPreconfiguredExpressionSetsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	return c
+}
+
+// Filter sets the optional parameter "filter": A filter expression that
+// filters resources listed in the response. Most Compute resources
+// support two types of filter expressions: expressions that support
+// regular expressions and expressions that follow API improvement
+// proposal AIP-160. If you want to use AIP-160, your expression must
+// specify the field name, an operator, and the value that you want to
+// use for filtering. The value must be a string, a number, or a
+// boolean. The operator must be either `=`, `!=`, `>`, `<`, `<=`, `>=`
+// or `:`. For example, if you are filtering Compute Engine instances,
+// you can exclude instances named `example-instance` by specifying
+// `name != example-instance`. The `:` operator can be used with string
+// fields to match substrings. For non-string fields it is equivalent to
+// the `=` operator. The `:*` comparison can be used to test whether a
+// key has been defined. For example, to find all objects with `owner`
+// label use: ``` labels.owner:* ``` You can also filter nested fields.
+// For example, you could specify `scheduling.automaticRestart = false`
+// to include instances only if they are not scheduled for automatic
+// restarts. You can use filtering on nested fields to filter based on
+// resource labels. To filter on multiple expressions, provide each
+// separate expression within parentheses. For example: ```
+// (scheduling.automaticRestart = true) (cpuPlatform = "Intel Skylake")
+// ``` By default, each expression is an `AND` expression. However, you
+// can include `AND` and `OR` expressions explicitly. For example: ```
+// (cpuPlatform = "Intel Skylake") OR (cpuPlatform = "Intel Broadwell")
+// AND (scheduling.automaticRestart = true) ``` If you want to use a
+// regular expression, use the `eq` (equal) or `ne` (not equal) operator
+// against a single un-parenthesized expression with or without quotes
+// or against multiple parenthesized expressions. Examples: `fieldname
+// eq unquoted literal` `fieldname eq 'single quoted literal'`
+// `fieldname eq "double quoted literal" `(fieldname1 eq literal)
+// (fieldname2 ne "literal")` The literal value is interpreted as a
+// regular expression using Google RE2 library syntax. The literal value
+// must match the entire field. For example, to filter for instances
+// that do not end with name "instance", you would use `name ne
+// .*instance`.
+func (c *SecurityPoliciesListPreconfiguredExpressionSetsCall) Filter(filter string) *SecurityPoliciesListPreconfiguredExpressionSetsCall {
+	c.urlParams_.Set("filter", filter)
+	return c
+}
+
+// MaxResults sets the optional parameter "maxResults": The maximum
+// number of results per page that should be returned. If the number of
+// available results is larger than `maxResults`, Compute Engine returns
+// a `nextPageToken` that can be used to get the next page of results in
+// subsequent list requests. Acceptable values are `0` to `500`,
+// inclusive. (Default: `500`)
+func (c *SecurityPoliciesListPreconfiguredExpressionSetsCall) MaxResults(maxResults int64) *SecurityPoliciesListPreconfiguredExpressionSetsCall {
+	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
+	return c
+}
+
+// OrderBy sets the optional parameter "orderBy": Sorts list results by
+// a certain order. By default, results are returned in alphanumerical
+// order based on the resource name. You can also sort results in
+// descending order based on the creation timestamp using
+// `orderBy="creationTimestamp desc". This sorts results based on the
+// `creationTimestamp` field in reverse chronological order (newest
+// result first). Use this to sort resources like operations so that the
+// newest operation is returned first. Currently, only sorting by `name`
+// or `creationTimestamp desc` is supported.
+func (c *SecurityPoliciesListPreconfiguredExpressionSetsCall) OrderBy(orderBy string) *SecurityPoliciesListPreconfiguredExpressionSetsCall {
+	c.urlParams_.Set("orderBy", orderBy)
+	return c
+}
+
+// PageToken sets the optional parameter "pageToken": Specifies a page
+// token to use. Set `pageToken` to the `nextPageToken` returned by a
+// previous list request to get the next page of results.
+func (c *SecurityPoliciesListPreconfiguredExpressionSetsCall) PageToken(pageToken string) *SecurityPoliciesListPreconfiguredExpressionSetsCall {
+	c.urlParams_.Set("pageToken", pageToken)
+	return c
+}
+
+// ReturnPartialSuccess sets the optional parameter
+// "returnPartialSuccess": Opt-in for partial success behavior which
+// provides partial results in case of failure. The default value is
+// false.
+func (c *SecurityPoliciesListPreconfiguredExpressionSetsCall) ReturnPartialSuccess(returnPartialSuccess bool) *SecurityPoliciesListPreconfiguredExpressionSetsCall {
+	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *SecurityPoliciesListPreconfiguredExpressionSetsCall) Fields(s ...googleapi.Field) *SecurityPoliciesListPreconfiguredExpressionSetsCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *SecurityPoliciesListPreconfiguredExpressionSetsCall) IfNoneMatch(entityTag string) *SecurityPoliciesListPreconfiguredExpressionSetsCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *SecurityPoliciesListPreconfiguredExpressionSetsCall) Context(ctx context.Context) *SecurityPoliciesListPreconfiguredExpressionSetsCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *SecurityPoliciesListPreconfiguredExpressionSetsCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *RoutersUpdateCall) doRequest(alt string) (*http.Response, error) {
+func (c *SecurityPoliciesListPreconfiguredExpressionSetsCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
 		reqHeaders[k] = v
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.router2)
-	if err != nil {
-		return nil, err
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
 	}
-	reqHeaders.Set("Content-Type", "application/json")
+	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/routers/{router}")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/securityPolicies/listPreconfiguredExpressionSets")
 	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("PUT", urls, body)
+	req, err := http.NewRequest("GET", urls, body)
 	if err != nil {
 		return nil, err
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
 		"project": c.project,
-		"region":  c.region,
-		"router":  c.router,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.routers.update" call.
-// Exactly one of *Operation or error will be non-nil. Any non-2xx
-// status code is an error. Response headers are in either
-// *Operation.ServerResponse.Header or (if a response was returned at
-// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
-// to check whether the returned error was because
-// http.StatusNotModified was returned.
-func (c *RoutersUpdateCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+// Do executes the "compute.securityPolicies.listPreconfiguredExpressionSets" call.
+// Exactly one of
+// *SecurityPoliciesListPreconfiguredExpressionSetsResponse or error
+// will be non-nil. Any non-2xx status code is an error. Response
+// headers are in either
+// *SecurityPoliciesListPreconfiguredExpressionSetsResponse.ServerRespons
+// e.Header or (if a response was returned at all) in
+// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
+// whether the returned error was because http.StatusNotModified was
+// returned.
+func (c *SecurityPoliciesListPreconfiguredExpressionSetsCall) Do(opts ...googleapi.CallOption) (*SecurityPoliciesListPreconfiguredExpressionSetsResponse, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -206333,7 +216258,7 @@ func (c *RoutersUpdateCall) Do(opts ...googleapi.CallOption) (*Operation, error)
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &Operation{
+	ret := &SecurityPoliciesListPreconfiguredExpressionSetsResponse{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -206345,77 +216270,94 @@ func (c *RoutersUpdateCall) Do(opts ...googleapi.CallOption) (*Operation, error)
 	}
 	return ret, nil
 	// {
-	//   "description": "Updates the specified Router resource with the data included in the request. This method conforms to PUT semantics, which requests that the state of the target resource be created or replaced with the state defined by the representation enclosed in the request message payload.",
-	//   "flatPath": "projects/{project}/regions/{region}/routers/{router}",
-	//   "httpMethod": "PUT",
-	//   "id": "compute.routers.update",
+	//   "description": "Gets the current list of preconfigured Web Application Firewall (WAF) expressions.",
+	//   "flatPath": "projects/{project}/global/securityPolicies/listPreconfiguredExpressionSets",
+	//   "httpMethod": "GET",
+	//   "id": "compute.securityPolicies.listPreconfiguredExpressionSets",
 	//   "parameterOrder": [
-	//     "project",
-	//     "region",
-	//     "router"
+	//     "project"
 	//   ],
 	//   "parameters": {
-	//     "project": {
-	//       "description": "Project ID for this request.",
-	//       "location": "path",
-	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-	//       "required": true,
+	//     "filter": {
+	//       "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+	//       "location": "query",
 	//       "type": "string"
 	//     },
-	//     "region": {
-	//       "description": "Name of the region for this request.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-	//       "required": true,
+	//     "maxResults": {
+	//       "default": "500",
+	//       "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+	//       "format": "uint32",
+	//       "location": "query",
+	//       "minimum": "0",
+	//       "type": "integer"
+	//     },
+	//     "orderBy": {
+	//       "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+	//       "location": "query",
 	//       "type": "string"
 	//     },
-	//     "requestId": {
-	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//     "pageToken": {
+	//       "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
 	//       "location": "query",
 	//       "type": "string"
 	//     },
-	//     "router": {
-	//       "description": "Name of the Router resource to update.",
+	//     "project": {
+	//       "description": "Project ID for this request.",
 	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
 	//       "required": true,
 	//       "type": "string"
+	//     },
+	//     "returnPartialSuccess": {
+	//       "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+	//       "location": "query",
+	//       "type": "boolean"
 	//     }
 	//   },
-	//   "path": "projects/{project}/regions/{region}/routers/{router}",
-	//   "request": {
-	//     "$ref": "Router"
-	//   },
+	//   "path": "projects/{project}/global/securityPolicies/listPreconfiguredExpressionSets",
 	//   "response": {
-	//     "$ref": "Operation"
+	//     "$ref": "SecurityPoliciesListPreconfiguredExpressionSetsResponse"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/compute"
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
 	//   ]
 	// }
 
 }
 
-// method id "compute.routes.delete":
+// method id "compute.securityPolicies.patch":
 
-type RoutesDeleteCall struct {
-	s          *Service
-	project    string
-	route      string
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
+type SecurityPoliciesPatchCall struct {
+	s              *Service
+	project        string
+	securityPolicy string
+	securitypolicy *SecurityPolicy
+	urlParams_     gensupport.URLParams
+	ctx_           context.Context
+	header_        http.Header
 }
 
-// Delete: Deletes the specified Route resource.
+// Patch: Patches the specified policy with the data included in the
+// request. To clear fields in the policy, leave the fields empty and
+// specify them in the updateMask. This cannot be used to be update the
+// rules in the policy. Please use the per rule methods like addRule,
+// patchRule, and removeRule instead.
 //
 // - project: Project ID for this request.
-// - route: Name of the Route resource to delete.
-func (r *RoutesService) Delete(project string, route string) *RoutesDeleteCall {
-	c := &RoutesDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - securityPolicy: Name of the security policy to update.
+func (r *SecurityPoliciesService) Patch(project string, securityPolicy string, securitypolicy *SecurityPolicy) *SecurityPoliciesPatchCall {
+	c := &SecurityPoliciesPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.route = route
+	c.securityPolicy = securityPolicy
+	c.securitypolicy = securitypolicy
+	return c
+}
+
+// Paths sets the optional parameter "paths":
+func (c *SecurityPoliciesPatchCall) Paths(paths ...string) *SecurityPoliciesPatchCall {
+	c.urlParams_.SetMulti("paths", append([]string{}, paths...))
 	return c
 }
 
@@ -206430,15 +216372,22 @@ func (r *RoutesService) Delete(project string, route string) *RoutesDeleteCall {
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *RoutesDeleteCall) RequestId(requestId string) *RoutesDeleteCall {
+func (c *SecurityPoliciesPatchCall) RequestId(requestId string) *SecurityPoliciesPatchCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
 
+// UpdateMask sets the optional parameter "updateMask": Indicates fields
+// to be cleared as part of this request.
+func (c *SecurityPoliciesPatchCall) UpdateMask(updateMask string) *SecurityPoliciesPatchCall {
+	c.urlParams_.Set("updateMask", updateMask)
+	return c
+}
+
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *RoutesDeleteCall) Fields(s ...googleapi.Field) *RoutesDeleteCall {
+func (c *SecurityPoliciesPatchCall) Fields(s ...googleapi.Field) *SecurityPoliciesPatchCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -206446,21 +216395,21 @@ func (c *RoutesDeleteCall) Fields(s ...googleapi.Field) *RoutesDeleteCall {
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *RoutesDeleteCall) Context(ctx context.Context) *RoutesDeleteCall {
+func (c *SecurityPoliciesPatchCall) Context(ctx context.Context) *SecurityPoliciesPatchCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *RoutesDeleteCall) Header() http.Header {
+func (c *SecurityPoliciesPatchCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *RoutesDeleteCall) doRequest(alt string) (*http.Response, error) {
+func (c *SecurityPoliciesPatchCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -206468,30 +216417,35 @@ func (c *RoutesDeleteCall) doRequest(alt string) (*http.Response, error) {
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.securitypolicy)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/routes/{route}")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/securityPolicies/{securityPolicy}")
 	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("DELETE", urls, body)
+	req, err := http.NewRequest("PATCH", urls, body)
 	if err != nil {
 		return nil, err
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project": c.project,
-		"route":   c.route,
+		"project":        c.project,
+		"securityPolicy": c.securityPolicy,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.routes.delete" call.
+// Do executes the "compute.securityPolicies.patch" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *RoutesDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *SecurityPoliciesPatchCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -206522,15 +216476,20 @@ func (c *RoutesDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error)
 	}
 	return ret, nil
 	// {
-	//   "description": "Deletes the specified Route resource.",
-	//   "flatPath": "projects/{project}/global/routes/{route}",
-	//   "httpMethod": "DELETE",
-	//   "id": "compute.routes.delete",
+	//   "description": "Patches the specified policy with the data included in the request. To clear fields in the policy, leave the fields empty and specify them in the updateMask. This cannot be used to be update the rules in the policy. Please use the per rule methods like addRule, patchRule, and removeRule instead.",
+	//   "flatPath": "projects/{project}/global/securityPolicies/{securityPolicy}",
+	//   "httpMethod": "PATCH",
+	//   "id": "compute.securityPolicies.patch",
 	//   "parameterOrder": [
 	//     "project",
-	//     "route"
+	//     "securityPolicy"
 	//   ],
 	//   "parameters": {
+	//     "paths": {
+	//       "location": "query",
+	//       "repeated": true,
+	//       "type": "string"
+	//     },
 	//     "project": {
 	//       "description": "Project ID for this request.",
 	//       "location": "path",
@@ -206543,15 +216502,24 @@ func (c *RoutesDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error)
 	//       "location": "query",
 	//       "type": "string"
 	//     },
-	//     "route": {
-	//       "description": "Name of the Route resource to delete.",
+	//     "securityPolicy": {
+	//       "description": "Name of the security policy to update.",
 	//       "location": "path",
 	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 	//       "required": true,
 	//       "type": "string"
+	//     },
+	//     "updateMask": {
+	//       "description": "Indicates fields to be cleared as part of this request.",
+	//       "format": "google-fieldmask",
+	//       "location": "query",
+	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/routes/{route}",
+	//   "path": "projects/{project}/global/securityPolicies/{securityPolicy}",
+	//   "request": {
+	//     "$ref": "SecurityPolicy"
+	//   },
 	//   "response": {
 	//     "$ref": "Operation"
 	//   },
@@ -206563,209 +216531,57 @@ func (c *RoutesDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error)
 
 }
 
-// method id "compute.routes.get":
+// method id "compute.securityPolicies.patchRule":
 
-type RoutesGetCall struct {
-	s            *Service
-	project      string
-	route        string
-	urlParams_   gensupport.URLParams
-	ifNoneMatch_ string
-	ctx_         context.Context
-	header_      http.Header
+type SecurityPoliciesPatchRuleCall struct {
+	s                  *Service
+	project            string
+	securityPolicy     string
+	securitypolicyrule *SecurityPolicyRule
+	urlParams_         gensupport.URLParams
+	ctx_               context.Context
+	header_            http.Header
 }
 
-// Get: Returns the specified Route resource. Gets a list of available
-// routes by making a list() request.
+// PatchRule: Patches a rule at the specified priority. To clear fields
+// in the rule, leave the fields empty and specify them in the
+// updateMask.
 //
 // - project: Project ID for this request.
-// - route: Name of the Route resource to return.
-func (r *RoutesService) Get(project string, route string) *RoutesGetCall {
-	c := &RoutesGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - securityPolicy: Name of the security policy to update.
+func (r *SecurityPoliciesService) PatchRule(project string, securityPolicy string, securitypolicyrule *SecurityPolicyRule) *SecurityPoliciesPatchRuleCall {
+	c := &SecurityPoliciesPatchRuleCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.route = route
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *RoutesGetCall) Fields(s ...googleapi.Field) *RoutesGetCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *RoutesGetCall) IfNoneMatch(entityTag string) *RoutesGetCall {
-	c.ifNoneMatch_ = entityTag
+	c.securityPolicy = securityPolicy
+	c.securitypolicyrule = securitypolicyrule
 	return c
 }
 
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *RoutesGetCall) Context(ctx context.Context) *RoutesGetCall {
-	c.ctx_ = ctx
+// Priority sets the optional parameter "priority": The priority of the
+// rule to patch.
+func (c *SecurityPoliciesPatchRuleCall) Priority(priority int64) *SecurityPoliciesPatchRuleCall {
+	c.urlParams_.Set("priority", fmt.Sprint(priority))
 	return c
 }
 
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *RoutesGetCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *RoutesGetCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/routes/{route}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"project": c.project,
-		"route":   c.route,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "compute.routes.get" call.
-// Exactly one of *Route or error will be non-nil. Any non-2xx status
-// code is an error. Response headers are in either
-// *Route.ServerResponse.Header or (if a response was returned at all)
-// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
-// check whether the returned error was because http.StatusNotModified
-// was returned.
-func (c *RoutesGetCall) Do(opts ...googleapi.CallOption) (*Route, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &Route{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Returns the specified Route resource. Gets a list of available routes by making a list() request.",
-	//   "flatPath": "projects/{project}/global/routes/{route}",
-	//   "httpMethod": "GET",
-	//   "id": "compute.routes.get",
-	//   "parameterOrder": [
-	//     "project",
-	//     "route"
-	//   ],
-	//   "parameters": {
-	//     "project": {
-	//       "description": "Project ID for this request.",
-	//       "location": "path",
-	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "route": {
-	//       "description": "Name of the Route resource to return.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-	//       "required": true,
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "projects/{project}/global/routes/{route}",
-	//   "response": {
-	//     "$ref": "Route"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/compute",
-	//     "https://www.googleapis.com/auth/compute.readonly"
-	//   ]
-	// }
-
-}
-
-// method id "compute.routes.insert":
-
-type RoutesInsertCall struct {
-	s          *Service
-	project    string
-	route      *Route
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
-}
-
-// Insert: Creates a Route resource in the specified project using the
-// data included in the request.
-//
-// - project: Project ID for this request.
-func (r *RoutesService) Insert(project string, route *Route) *RoutesInsertCall {
-	c := &RoutesInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.project = project
-	c.route = route
+// UpdateMask sets the optional parameter "updateMask": Indicates fields
+// to be cleared as part of this request.
+func (c *SecurityPoliciesPatchRuleCall) UpdateMask(updateMask string) *SecurityPoliciesPatchRuleCall {
+	c.urlParams_.Set("updateMask", updateMask)
 	return c
 }
 
-// RequestId sets the optional parameter "requestId": An optional
-// request ID to identify requests. Specify a unique request ID so that
-// if you must retry your request, the server will know to ignore the
-// request if it has already been completed. For example, consider a
-// situation where you make an initial request and the request times
-// out. If you make the request again with the same request ID, the
-// server can check if original operation with the same request ID was
-// received, and if so, will ignore the second request. This prevents
-// clients from accidentally creating duplicate commitments. The request
-// ID must be a valid UUID with the exception that zero UUID is not
-// supported ( 00000000-0000-0000-0000-000000000000).
-func (c *RoutesInsertCall) RequestId(requestId string) *RoutesInsertCall {
-	c.urlParams_.Set("requestId", requestId)
+// ValidateOnly sets the optional parameter "validateOnly": If true, the
+// request will not be committed.
+func (c *SecurityPoliciesPatchRuleCall) ValidateOnly(validateOnly bool) *SecurityPoliciesPatchRuleCall {
+	c.urlParams_.Set("validateOnly", fmt.Sprint(validateOnly))
 	return c
 }
 
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *RoutesInsertCall) Fields(s ...googleapi.Field) *RoutesInsertCall {
+func (c *SecurityPoliciesPatchRuleCall) Fields(s ...googleapi.Field) *SecurityPoliciesPatchRuleCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -206773,21 +216589,21 @@ func (c *RoutesInsertCall) Fields(s ...googleapi.Field) *RoutesInsertCall {
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *RoutesInsertCall) Context(ctx context.Context) *RoutesInsertCall {
+func (c *SecurityPoliciesPatchRuleCall) Context(ctx context.Context) *SecurityPoliciesPatchRuleCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *RoutesInsertCall) Header() http.Header {
+func (c *SecurityPoliciesPatchRuleCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *RoutesInsertCall) doRequest(alt string) (*http.Response, error) {
+func (c *SecurityPoliciesPatchRuleCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -206795,14 +216611,14 @@ func (c *RoutesInsertCall) doRequest(alt string) (*http.Response, error) {
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.route)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.securitypolicyrule)
 	if err != nil {
 		return nil, err
 	}
 	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/routes")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/securityPolicies/{securityPolicy}/patchRule")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -206810,19 +216626,20 @@ func (c *RoutesInsertCall) doRequest(alt string) (*http.Response, error) {
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project": c.project,
+		"project":        c.project,
+		"securityPolicy": c.securityPolicy,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.routes.insert" call.
+// Do executes the "compute.securityPolicies.patchRule" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *RoutesInsertCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *SecurityPoliciesPatchRuleCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -206853,14 +216670,21 @@ func (c *RoutesInsertCall) Do(opts ...googleapi.CallOption) (*Operation, error)
 	}
 	return ret, nil
 	// {
-	//   "description": "Creates a Route resource in the specified project using the data included in the request.",
-	//   "flatPath": "projects/{project}/global/routes",
+	//   "description": "Patches a rule at the specified priority. To clear fields in the rule, leave the fields empty and specify them in the updateMask.",
+	//   "flatPath": "projects/{project}/global/securityPolicies/{securityPolicy}/patchRule",
 	//   "httpMethod": "POST",
-	//   "id": "compute.routes.insert",
+	//   "id": "compute.securityPolicies.patchRule",
 	//   "parameterOrder": [
-	//     "project"
+	//     "project",
+	//     "securityPolicy"
 	//   ],
 	//   "parameters": {
+	//     "priority": {
+	//       "description": "The priority of the rule to patch.",
+	//       "format": "int32",
+	//       "location": "query",
+	//       "type": "integer"
+	//     },
 	//     "project": {
 	//       "description": "Project ID for this request.",
 	//       "location": "path",
@@ -206868,15 +216692,28 @@ func (c *RoutesInsertCall) Do(opts ...googleapi.CallOption) (*Operation, error)
 	//       "required": true,
 	//       "type": "string"
 	//     },
-	//     "requestId": {
-	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//     "securityPolicy": {
+	//       "description": "Name of the security policy to update.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "updateMask": {
+	//       "description": "Indicates fields to be cleared as part of this request.",
+	//       "format": "google-fieldmask",
 	//       "location": "query",
 	//       "type": "string"
+	//     },
+	//     "validateOnly": {
+	//       "description": "If true, the request will not be committed.",
+	//       "location": "query",
+	//       "type": "boolean"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/routes",
+	//   "path": "projects/{project}/global/securityPolicies/{securityPolicy}/patchRule",
 	//   "request": {
-	//     "$ref": "Route"
+	//     "$ref": "SecurityPolicyRule"
 	//   },
 	//   "response": {
 	//     "$ref": "Operation"
@@ -206889,178 +216726,92 @@ func (c *RoutesInsertCall) Do(opts ...googleapi.CallOption) (*Operation, error)
 
 }
 
-// method id "compute.routes.list":
+// method id "compute.securityPolicies.removeRule":
 
-type RoutesListCall struct {
-	s            *Service
-	project      string
-	urlParams_   gensupport.URLParams
-	ifNoneMatch_ string
-	ctx_         context.Context
-	header_      http.Header
+type SecurityPoliciesRemoveRuleCall struct {
+	s              *Service
+	project        string
+	securityPolicy string
+	urlParams_     gensupport.URLParams
+	ctx_           context.Context
+	header_        http.Header
 }
 
-// List: Retrieves the list of Route resources available to the
-// specified project.
+// RemoveRule: Deletes a rule at the specified priority.
 //
 // - project: Project ID for this request.
-func (r *RoutesService) List(project string) *RoutesListCall {
-	c := &RoutesListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - securityPolicy: Name of the security policy to update.
+func (r *SecurityPoliciesService) RemoveRule(project string, securityPolicy string) *SecurityPoliciesRemoveRuleCall {
+	c := &SecurityPoliciesRemoveRuleCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
+	c.securityPolicy = securityPolicy
 	return c
 }
 
-// Filter sets the optional parameter "filter": A filter expression that
-// filters resources listed in the response. Most Compute resources
-// support two types of filter expressions: expressions that support
-// regular expressions and expressions that follow API improvement
-// proposal AIP-160. If you want to use AIP-160, your expression must
-// specify the field name, an operator, and the value that you want to
-// use for filtering. The value must be a string, a number, or a
-// boolean. The operator must be either `=`, `!=`, `>`, `<`, `<=`, `>=`
-// or `:`. For example, if you are filtering Compute Engine instances,
-// you can exclude instances named `example-instance` by specifying
-// `name != example-instance`. The `:` operator can be used with string
-// fields to match substrings. For non-string fields it is equivalent to
-// the `=` operator. The `:*` comparison can be used to test whether a
-// key has been defined. For example, to find all objects with `owner`
-// label use: ``` labels.owner:* ``` You can also filter nested fields.
-// For example, you could specify `scheduling.automaticRestart = false`
-// to include instances only if they are not scheduled for automatic
-// restarts. You can use filtering on nested fields to filter based on
-// resource labels. To filter on multiple expressions, provide each
-// separate expression within parentheses. For example: ```
-// (scheduling.automaticRestart = true) (cpuPlatform = "Intel Skylake")
-// ``` By default, each expression is an `AND` expression. However, you
-// can include `AND` and `OR` expressions explicitly. For example: ```
-// (cpuPlatform = "Intel Skylake") OR (cpuPlatform = "Intel Broadwell")
-// AND (scheduling.automaticRestart = true) ``` If you want to use a
-// regular expression, use the `eq` (equal) or `ne` (not equal) operator
-// against a single un-parenthesized expression with or without quotes
-// or against multiple parenthesized expressions. Examples: `fieldname
-// eq unquoted literal` `fieldname eq 'single quoted literal'`
-// `fieldname eq "double quoted literal" `(fieldname1 eq literal)
-// (fieldname2 ne "literal")` The literal value is interpreted as a
-// regular expression using Google RE2 library syntax. The literal value
-// must match the entire field. For example, to filter for instances
-// that do not end with name "instance", you would use `name ne
-// .*instance`.
-func (c *RoutesListCall) Filter(filter string) *RoutesListCall {
-	c.urlParams_.Set("filter", filter)
-	return c
-}
-
-// MaxResults sets the optional parameter "maxResults": The maximum
-// number of results per page that should be returned. If the number of
-// available results is larger than `maxResults`, Compute Engine returns
-// a `nextPageToken` that can be used to get the next page of results in
-// subsequent list requests. Acceptable values are `0` to `500`,
-// inclusive. (Default: `500`)
-func (c *RoutesListCall) MaxResults(maxResults int64) *RoutesListCall {
-	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
-	return c
-}
-
-// OrderBy sets the optional parameter "orderBy": Sorts list results by
-// a certain order. By default, results are returned in alphanumerical
-// order based on the resource name. You can also sort results in
-// descending order based on the creation timestamp using
-// `orderBy="creationTimestamp desc". This sorts results based on the
-// `creationTimestamp` field in reverse chronological order (newest
-// result first). Use this to sort resources like operations so that the
-// newest operation is returned first. Currently, only sorting by `name`
-// or `creationTimestamp desc` is supported.
-func (c *RoutesListCall) OrderBy(orderBy string) *RoutesListCall {
-	c.urlParams_.Set("orderBy", orderBy)
-	return c
-}
-
-// PageToken sets the optional parameter "pageToken": Specifies a page
-// token to use. Set `pageToken` to the `nextPageToken` returned by a
-// previous list request to get the next page of results.
-func (c *RoutesListCall) PageToken(pageToken string) *RoutesListCall {
-	c.urlParams_.Set("pageToken", pageToken)
-	return c
-}
-
-// ReturnPartialSuccess sets the optional parameter
-// "returnPartialSuccess": Opt-in for partial success behavior which
-// provides partial results in case of failure. The default value is
-// false.
-func (c *RoutesListCall) ReturnPartialSuccess(returnPartialSuccess bool) *RoutesListCall {
-	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
+// Priority sets the optional parameter "priority": The priority of the
+// rule to remove from the security policy.
+func (c *SecurityPoliciesRemoveRuleCall) Priority(priority int64) *SecurityPoliciesRemoveRuleCall {
+	c.urlParams_.Set("priority", fmt.Sprint(priority))
 	return c
 }
 
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *RoutesListCall) Fields(s ...googleapi.Field) *RoutesListCall {
+func (c *SecurityPoliciesRemoveRuleCall) Fields(s ...googleapi.Field) *SecurityPoliciesRemoveRuleCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
 
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *RoutesListCall) IfNoneMatch(entityTag string) *RoutesListCall {
-	c.ifNoneMatch_ = entityTag
-	return c
-}
-
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *RoutesListCall) Context(ctx context.Context) *RoutesListCall {
+func (c *SecurityPoliciesRemoveRuleCall) Context(ctx context.Context) *SecurityPoliciesRemoveRuleCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *RoutesListCall) Header() http.Header {
+func (c *SecurityPoliciesRemoveRuleCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *RoutesListCall) doRequest(alt string) (*http.Response, error) {
+func (c *SecurityPoliciesRemoveRuleCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
 		reqHeaders[k] = v
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
 	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/routes")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/securityPolicies/{securityPolicy}/removeRule")
 	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
+	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
 		return nil, err
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project": c.project,
+		"project":        c.project,
+		"securityPolicy": c.securityPolicy,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.routes.list" call.
-// Exactly one of *RouteList or error will be non-nil. Any non-2xx
+// Do executes the "compute.securityPolicies.removeRule" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
-// *RouteList.ServerResponse.Header or (if a response was returned at
+// *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *RoutesListCall) Do(opts ...googleapi.CallOption) (*RouteList, error) {
+func (c *SecurityPoliciesRemoveRuleCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -207079,7 +216830,7 @@ func (c *RoutesListCall) Do(opts ...googleapi.CallOption) (*RouteList, error) {
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &RouteList{
+	ret := &Operation{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -207091,37 +216842,21 @@ func (c *RoutesListCall) Do(opts ...googleapi.CallOption) (*RouteList, error) {
 	}
 	return ret, nil
 	// {
-	//   "description": "Retrieves the list of Route resources available to the specified project.",
-	//   "flatPath": "projects/{project}/global/routes",
-	//   "httpMethod": "GET",
-	//   "id": "compute.routes.list",
+	//   "description": "Deletes a rule at the specified priority.",
+	//   "flatPath": "projects/{project}/global/securityPolicies/{securityPolicy}/removeRule",
+	//   "httpMethod": "POST",
+	//   "id": "compute.securityPolicies.removeRule",
 	//   "parameterOrder": [
-	//     "project"
+	//     "project",
+	//     "securityPolicy"
 	//   ],
 	//   "parameters": {
-	//     "filter": {
-	//       "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "maxResults": {
-	//       "default": "500",
-	//       "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
-	//       "format": "uint32",
+	//     "priority": {
+	//       "description": "The priority of the rule to remove from the security policy.",
+	//       "format": "int32",
 	//       "location": "query",
-	//       "minimum": "0",
 	//       "type": "integer"
 	//     },
-	//     "orderBy": {
-	//       "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "pageToken": {
-	//       "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
 	//     "project": {
 	//       "description": "Project ID for this request.",
 	//       "location": "path",
@@ -207129,75 +216864,55 @@ func (c *RoutesListCall) Do(opts ...googleapi.CallOption) (*RouteList, error) {
 	//       "required": true,
 	//       "type": "string"
 	//     },
-	//     "returnPartialSuccess": {
-	//       "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
-	//       "location": "query",
-	//       "type": "boolean"
+	//     "securityPolicy": {
+	//       "description": "Name of the security policy to update.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/routes",
+	//   "path": "projects/{project}/global/securityPolicies/{securityPolicy}/removeRule",
 	//   "response": {
-	//     "$ref": "RouteList"
+	//     "$ref": "Operation"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/compute",
-	//     "https://www.googleapis.com/auth/compute.readonly"
+	//     "https://www.googleapis.com/auth/compute"
 	//   ]
 	// }
 
 }
 
-// Pages invokes f for each page of results.
-// A non-nil error returned from f will halt the iteration.
-// The provided context supersedes any context provided to the Context method.
-func (c *RoutesListCall) Pages(ctx context.Context, f func(*RouteList) error) error {
-	c.ctx_ = ctx
-	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
-	for {
-		x, err := c.Do()
-		if err != nil {
-			return err
-		}
-		if err := f(x); err != nil {
-			return err
-		}
-		if x.NextPageToken == "" {
-			return nil
-		}
-		c.PageToken(x.NextPageToken)
-	}
-}
-
-// method id "compute.routes.testIamPermissions":
+// method id "compute.securityPolicies.setLabels":
 
-type RoutesTestIamPermissionsCall struct {
+type SecurityPoliciesSetLabelsCall struct {
 	s                      *Service
 	project                string
 	resource               string
-	testpermissionsrequest *TestPermissionsRequest
+	globalsetlabelsrequest *GlobalSetLabelsRequest
 	urlParams_             gensupport.URLParams
 	ctx_                   context.Context
 	header_                http.Header
 }
 
-// TestIamPermissions: Returns permissions that a caller has on the
-// specified resource.
+// SetLabels: Sets the labels on a security policy. To learn more about
+// labels, read the Labeling Resources documentation.
 //
 // - project: Project ID for this request.
 // - resource: Name or id of the resource for this request.
-func (r *RoutesService) TestIamPermissions(project string, resource string, testpermissionsrequest *TestPermissionsRequest) *RoutesTestIamPermissionsCall {
-	c := &RoutesTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *SecurityPoliciesService) SetLabels(project string, resource string, globalsetlabelsrequest *GlobalSetLabelsRequest) *SecurityPoliciesSetLabelsCall {
+	c := &SecurityPoliciesSetLabelsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.resource = resource
-	c.testpermissionsrequest = testpermissionsrequest
+	c.globalsetlabelsrequest = globalsetlabelsrequest
 	return c
 }
 
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *RoutesTestIamPermissionsCall) Fields(s ...googleapi.Field) *RoutesTestIamPermissionsCall {
+func (c *SecurityPoliciesSetLabelsCall) Fields(s ...googleapi.Field) *SecurityPoliciesSetLabelsCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -207205,21 +216920,21 @@ func (c *RoutesTestIamPermissionsCall) Fields(s ...googleapi.Field) *RoutesTestI
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *RoutesTestIamPermissionsCall) Context(ctx context.Context) *RoutesTestIamPermissionsCall {
+func (c *SecurityPoliciesSetLabelsCall) Context(ctx context.Context) *SecurityPoliciesSetLabelsCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *RoutesTestIamPermissionsCall) Header() http.Header {
+func (c *SecurityPoliciesSetLabelsCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *RoutesTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
+func (c *SecurityPoliciesSetLabelsCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -207227,14 +216942,14 @@ func (c *RoutesTestIamPermissionsCall) doRequest(alt string) (*http.Response, er
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.testpermissionsrequest)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.globalsetlabelsrequest)
 	if err != nil {
 		return nil, err
 	}
 	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/routes/{resource}/testIamPermissions")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/securityPolicies/{resource}/setLabels")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -207248,14 +216963,14 @@ func (c *RoutesTestIamPermissionsCall) doRequest(alt string) (*http.Response, er
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.routes.testIamPermissions" call.
-// Exactly one of *TestPermissionsResponse or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *TestPermissionsResponse.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *RoutesTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestPermissionsResponse, error) {
+// Do executes the "compute.securityPolicies.setLabels" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *SecurityPoliciesSetLabelsCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -207274,7 +216989,7 @@ func (c *RoutesTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestPe
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &TestPermissionsResponse{
+	ret := &Operation{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -207286,10 +217001,10 @@ func (c *RoutesTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestPe
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns permissions that a caller has on the specified resource.",
-	//   "flatPath": "projects/{project}/global/routes/{resource}/testIamPermissions",
+	//   "description": "Sets the labels on a security policy. To learn more about labels, read the Labeling Resources documentation.",
+	//   "flatPath": "projects/{project}/global/securityPolicies/{resource}/setLabels",
 	//   "httpMethod": "POST",
-	//   "id": "compute.routes.testIamPermissions",
+	//   "id": "compute.securityPolicies.setLabels",
 	//   "parameterOrder": [
 	//     "project",
 	//     "resource"
@@ -207310,57 +217025,50 @@ func (c *RoutesTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestPe
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/routes/{resource}/testIamPermissions",
+	//   "path": "projects/{project}/global/securityPolicies/{resource}/setLabels",
 	//   "request": {
-	//     "$ref": "TestPermissionsRequest"
+	//     "$ref": "GlobalSetLabelsRequest"
 	//   },
 	//   "response": {
-	//     "$ref": "TestPermissionsResponse"
+	//     "$ref": "Operation"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/compute",
-	//     "https://www.googleapis.com/auth/compute.readonly"
+	//     "https://www.googleapis.com/auth/compute"
 	//   ]
 	// }
 
 }
 
-// method id "compute.securityPolicies.addRule":
+// method id "compute.securityPolicies.testIamPermissions":
 
-type SecurityPoliciesAddRuleCall struct {
-	s                  *Service
-	project            string
-	securityPolicy     string
-	securitypolicyrule *SecurityPolicyRule
-	urlParams_         gensupport.URLParams
-	ctx_               context.Context
-	header_            http.Header
+type SecurityPoliciesTestIamPermissionsCall struct {
+	s                      *Service
+	project                string
+	resource               string
+	testpermissionsrequest *TestPermissionsRequest
+	urlParams_             gensupport.URLParams
+	ctx_                   context.Context
+	header_                http.Header
 }
 
-// AddRule: Inserts a rule into a security policy.
+// TestIamPermissions: Returns permissions that a caller has on the
+// specified resource.
 //
 // - project: Project ID for this request.
-// - securityPolicy: Name of the security policy to update.
-func (r *SecurityPoliciesService) AddRule(project string, securityPolicy string, securitypolicyrule *SecurityPolicyRule) *SecurityPoliciesAddRuleCall {
-	c := &SecurityPoliciesAddRuleCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - resource: Name or id of the resource for this request.
+func (r *SecurityPoliciesService) TestIamPermissions(project string, resource string, testpermissionsrequest *TestPermissionsRequest) *SecurityPoliciesTestIamPermissionsCall {
+	c := &SecurityPoliciesTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.securityPolicy = securityPolicy
-	c.securitypolicyrule = securitypolicyrule
-	return c
-}
-
-// ValidateOnly sets the optional parameter "validateOnly": If true, the
-// request will not be committed.
-func (c *SecurityPoliciesAddRuleCall) ValidateOnly(validateOnly bool) *SecurityPoliciesAddRuleCall {
-	c.urlParams_.Set("validateOnly", fmt.Sprint(validateOnly))
+	c.resource = resource
+	c.testpermissionsrequest = testpermissionsrequest
 	return c
 }
 
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SecurityPoliciesAddRuleCall) Fields(s ...googleapi.Field) *SecurityPoliciesAddRuleCall {
+func (c *SecurityPoliciesTestIamPermissionsCall) Fields(s ...googleapi.Field) *SecurityPoliciesTestIamPermissionsCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -207368,21 +217076,21 @@ func (c *SecurityPoliciesAddRuleCall) Fields(s ...googleapi.Field) *SecurityPoli
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SecurityPoliciesAddRuleCall) Context(ctx context.Context) *SecurityPoliciesAddRuleCall {
+func (c *SecurityPoliciesTestIamPermissionsCall) Context(ctx context.Context) *SecurityPoliciesTestIamPermissionsCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SecurityPoliciesAddRuleCall) Header() http.Header {
+func (c *SecurityPoliciesTestIamPermissionsCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SecurityPoliciesAddRuleCall) doRequest(alt string) (*http.Response, error) {
+func (c *SecurityPoliciesTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -207390,14 +217098,14 @@ func (c *SecurityPoliciesAddRuleCall) doRequest(alt string) (*http.Response, err
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.securitypolicyrule)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.testpermissionsrequest)
 	if err != nil {
 		return nil, err
 	}
 	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/securityPolicies/{securityPolicy}/addRule")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/securityPolicies/{resource}/testIamPermissions")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -207405,20 +217113,20 @@ func (c *SecurityPoliciesAddRuleCall) doRequest(alt string) (*http.Response, err
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project":        c.project,
-		"securityPolicy": c.securityPolicy,
+		"project":  c.project,
+		"resource": c.resource,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.securityPolicies.addRule" call.
-// Exactly one of *Operation or error will be non-nil. Any non-2xx
-// status code is an error. Response headers are in either
-// *Operation.ServerResponse.Header or (if a response was returned at
-// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
-// to check whether the returned error was because
-// http.StatusNotModified was returned.
-func (c *SecurityPoliciesAddRuleCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+// Do executes the "compute.securityPolicies.testIamPermissions" call.
+// Exactly one of *TestPermissionsResponse or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *TestPermissionsResponse.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *SecurityPoliciesTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestPermissionsResponse, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -207437,7 +217145,7 @@ func (c *SecurityPoliciesAddRuleCall) Do(opts ...googleapi.CallOption) (*Operati
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &Operation{
+	ret := &TestPermissionsResponse{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -207449,13 +217157,13 @@ func (c *SecurityPoliciesAddRuleCall) Do(opts ...googleapi.CallOption) (*Operati
 	}
 	return ret, nil
 	// {
-	//   "description": "Inserts a rule into a security policy.",
-	//   "flatPath": "projects/{project}/global/securityPolicies/{securityPolicy}/addRule",
+	//   "description": "Returns permissions that a caller has on the specified resource.",
+	//   "flatPath": "projects/{project}/global/securityPolicies/{resource}/testIamPermissions",
 	//   "httpMethod": "POST",
-	//   "id": "compute.securityPolicies.addRule",
+	//   "id": "compute.securityPolicies.testIamPermissions",
 	//   "parameterOrder": [
 	//     "project",
-	//     "securityPolicy"
+	//     "resource"
 	//   ],
 	//   "parameters": {
 	//     "project": {
@@ -207465,37 +217173,33 @@ func (c *SecurityPoliciesAddRuleCall) Do(opts ...googleapi.CallOption) (*Operati
 	//       "required": true,
 	//       "type": "string"
 	//     },
-	//     "securityPolicy": {
-	//       "description": "Name of the security policy to update.",
+	//     "resource": {
+	//       "description": "Name or id of the resource for this request.",
 	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "pattern": "[a-z](?:[-a-z0-9_]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 	//       "required": true,
 	//       "type": "string"
-	//     },
-	//     "validateOnly": {
-	//       "description": "If true, the request will not be committed.",
-	//       "location": "query",
-	//       "type": "boolean"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/securityPolicies/{securityPolicy}/addRule",
+	//   "path": "projects/{project}/global/securityPolicies/{resource}/testIamPermissions",
 	//   "request": {
-	//     "$ref": "SecurityPolicyRule"
+	//     "$ref": "TestPermissionsRequest"
 	//   },
 	//   "response": {
-	//     "$ref": "Operation"
+	//     "$ref": "TestPermissionsResponse"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/compute"
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
 	//   ]
 	// }
 
 }
 
-// method id "compute.securityPolicies.aggregatedList":
+// method id "compute.serviceAttachments.aggregatedList":
 
-type SecurityPoliciesAggregatedListCall struct {
+type ServiceAttachmentsAggregatedListCall struct {
 	s            *Service
 	project      string
 	urlParams_   gensupport.URLParams
@@ -207504,12 +217208,12 @@ type SecurityPoliciesAggregatedListCall struct {
 	header_      http.Header
 }
 
-// AggregatedList: Retrieves the list of all SecurityPolicy resources,
-// regional and global, available to the specified project.
+// AggregatedList: Retrieves the list of all ServiceAttachment
+// resources, regional and global, available to the specified project.
 //
 // - project: Name of the project scoping this request.
-func (r *SecurityPoliciesService) AggregatedList(project string) *SecurityPoliciesAggregatedListCall {
-	c := &SecurityPoliciesAggregatedListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *ServiceAttachmentsService) AggregatedList(project string) *ServiceAttachmentsAggregatedListCall {
+	c := &ServiceAttachmentsAggregatedListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	return c
 }
@@ -207549,7 +217253,7 @@ func (r *SecurityPoliciesService) AggregatedList(project string) *SecurityPolici
 // must match the entire field. For example, to filter for instances
 // that do not end with name "instance", you would use `name ne
 // .*instance`.
-func (c *SecurityPoliciesAggregatedListCall) Filter(filter string) *SecurityPoliciesAggregatedListCall {
+func (c *ServiceAttachmentsAggregatedListCall) Filter(filter string) *ServiceAttachmentsAggregatedListCall {
 	c.urlParams_.Set("filter", filter)
 	return c
 }
@@ -207562,7 +217266,7 @@ func (c *SecurityPoliciesAggregatedListCall) Filter(filter string) *SecurityPoli
 // response. For resource types which predate this field, if this flag
 // is omitted or false, only scopes of the scope types where the
 // resource type is expected to be found will be included.
-func (c *SecurityPoliciesAggregatedListCall) IncludeAllScopes(includeAllScopes bool) *SecurityPoliciesAggregatedListCall {
+func (c *ServiceAttachmentsAggregatedListCall) IncludeAllScopes(includeAllScopes bool) *ServiceAttachmentsAggregatedListCall {
 	c.urlParams_.Set("includeAllScopes", fmt.Sprint(includeAllScopes))
 	return c
 }
@@ -207573,7 +217277,7 @@ func (c *SecurityPoliciesAggregatedListCall) IncludeAllScopes(includeAllScopes b
 // a `nextPageToken` that can be used to get the next page of results in
 // subsequent list requests. Acceptable values are `0` to `500`,
 // inclusive. (Default: `500`)
-func (c *SecurityPoliciesAggregatedListCall) MaxResults(maxResults int64) *SecurityPoliciesAggregatedListCall {
+func (c *ServiceAttachmentsAggregatedListCall) MaxResults(maxResults int64) *ServiceAttachmentsAggregatedListCall {
 	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
 	return c
 }
@@ -207587,7 +217291,7 @@ func (c *SecurityPoliciesAggregatedListCall) MaxResults(maxResults int64) *Secur
 // result first). Use this to sort resources like operations so that the
 // newest operation is returned first. Currently, only sorting by `name`
 // or `creationTimestamp desc` is supported.
-func (c *SecurityPoliciesAggregatedListCall) OrderBy(orderBy string) *SecurityPoliciesAggregatedListCall {
+func (c *ServiceAttachmentsAggregatedListCall) OrderBy(orderBy string) *ServiceAttachmentsAggregatedListCall {
 	c.urlParams_.Set("orderBy", orderBy)
 	return c
 }
@@ -207595,7 +217299,7 @@ func (c *SecurityPoliciesAggregatedListCall) OrderBy(orderBy string) *SecurityPo
 // PageToken sets the optional parameter "pageToken": Specifies a page
 // token to use. Set `pageToken` to the `nextPageToken` returned by a
 // previous list request to get the next page of results.
-func (c *SecurityPoliciesAggregatedListCall) PageToken(pageToken string) *SecurityPoliciesAggregatedListCall {
+func (c *ServiceAttachmentsAggregatedListCall) PageToken(pageToken string) *ServiceAttachmentsAggregatedListCall {
 	c.urlParams_.Set("pageToken", pageToken)
 	return c
 }
@@ -207604,7 +217308,7 @@ func (c *SecurityPoliciesAggregatedListCall) PageToken(pageToken string) *Securi
 // "returnPartialSuccess": Opt-in for partial success behavior which
 // provides partial results in case of failure. The default value is
 // false.
-func (c *SecurityPoliciesAggregatedListCall) ReturnPartialSuccess(returnPartialSuccess bool) *SecurityPoliciesAggregatedListCall {
+func (c *ServiceAttachmentsAggregatedListCall) ReturnPartialSuccess(returnPartialSuccess bool) *ServiceAttachmentsAggregatedListCall {
 	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
 	return c
 }
@@ -207612,7 +217316,7 @@ func (c *SecurityPoliciesAggregatedListCall) ReturnPartialSuccess(returnPartialS
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SecurityPoliciesAggregatedListCall) Fields(s ...googleapi.Field) *SecurityPoliciesAggregatedListCall {
+func (c *ServiceAttachmentsAggregatedListCall) Fields(s ...googleapi.Field) *ServiceAttachmentsAggregatedListCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -207622,7 +217326,7 @@ func (c *SecurityPoliciesAggregatedListCall) Fields(s ...googleapi.Field) *Secur
 // getting updates only after the object has changed since the last
 // request. Use googleapi.IsNotModified to check whether the response
 // error from Do is the result of In-None-Match.
-func (c *SecurityPoliciesAggregatedListCall) IfNoneMatch(entityTag string) *SecurityPoliciesAggregatedListCall {
+func (c *ServiceAttachmentsAggregatedListCall) IfNoneMatch(entityTag string) *ServiceAttachmentsAggregatedListCall {
 	c.ifNoneMatch_ = entityTag
 	return c
 }
@@ -207630,21 +217334,21 @@ func (c *SecurityPoliciesAggregatedListCall) IfNoneMatch(entityTag string) *Secu
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SecurityPoliciesAggregatedListCall) Context(ctx context.Context) *SecurityPoliciesAggregatedListCall {
+func (c *ServiceAttachmentsAggregatedListCall) Context(ctx context.Context) *ServiceAttachmentsAggregatedListCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SecurityPoliciesAggregatedListCall) Header() http.Header {
+func (c *ServiceAttachmentsAggregatedListCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SecurityPoliciesAggregatedListCall) doRequest(alt string) (*http.Response, error) {
+func (c *ServiceAttachmentsAggregatedListCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -207657,7 +217361,7 @@ func (c *SecurityPoliciesAggregatedListCall) doRequest(alt string) (*http.Respon
 	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/aggregated/securityPolicies")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/aggregated/serviceAttachments")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("GET", urls, body)
 	if err != nil {
@@ -207670,14 +217374,14 @@ func (c *SecurityPoliciesAggregatedListCall) doRequest(alt string) (*http.Respon
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.securityPolicies.aggregatedList" call.
-// Exactly one of *SecurityPoliciesAggregatedList or error will be
+// Do executes the "compute.serviceAttachments.aggregatedList" call.
+// Exactly one of *ServiceAttachmentAggregatedList or error will be
 // non-nil. Any non-2xx status code is an error. Response headers are in
-// either *SecurityPoliciesAggregatedList.ServerResponse.Header or (if a
-// response was returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
+// either *ServiceAttachmentAggregatedList.ServerResponse.Header or (if
+// a response was returned at all) in error.(*googleapi.Error).Header.
+// Use googleapi.IsNotModified to check whether the returned error was
 // because http.StatusNotModified was returned.
-func (c *SecurityPoliciesAggregatedListCall) Do(opts ...googleapi.CallOption) (*SecurityPoliciesAggregatedList, error) {
+func (c *ServiceAttachmentsAggregatedListCall) Do(opts ...googleapi.CallOption) (*ServiceAttachmentAggregatedList, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -207696,7 +217400,7 @@ func (c *SecurityPoliciesAggregatedListCall) Do(opts ...googleapi.CallOption) (*
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &SecurityPoliciesAggregatedList{
+	ret := &ServiceAttachmentAggregatedList{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -207708,10 +217412,10 @@ func (c *SecurityPoliciesAggregatedListCall) Do(opts ...googleapi.CallOption) (*
 	}
 	return ret, nil
 	// {
-	//   "description": "Retrieves the list of all SecurityPolicy resources, regional and global, available to the specified project.",
-	//   "flatPath": "projects/{project}/aggregated/securityPolicies",
+	//   "description": "Retrieves the list of all ServiceAttachment resources, regional and global, available to the specified project.",
+	//   "flatPath": "projects/{project}/aggregated/serviceAttachments",
 	//   "httpMethod": "GET",
-	//   "id": "compute.securityPolicies.aggregatedList",
+	//   "id": "compute.serviceAttachments.aggregatedList",
 	//   "parameterOrder": [
 	//     "project"
 	//   ],
@@ -207757,9 +217461,9 @@ func (c *SecurityPoliciesAggregatedListCall) Do(opts ...googleapi.CallOption) (*
 	//       "type": "boolean"
 	//     }
 	//   },
-	//   "path": "projects/{project}/aggregated/securityPolicies",
+	//   "path": "projects/{project}/aggregated/serviceAttachments",
 	//   "response": {
-	//     "$ref": "SecurityPoliciesAggregatedList"
+	//     "$ref": "ServiceAttachmentAggregatedList"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
@@ -207773,7 +217477,7 @@ func (c *SecurityPoliciesAggregatedListCall) Do(opts ...googleapi.CallOption) (*
 // Pages invokes f for each page of results.
 // A non-nil error returned from f will halt the iteration.
 // The provided context supersedes any context provided to the Context method.
-func (c *SecurityPoliciesAggregatedListCall) Pages(ctx context.Context, f func(*SecurityPoliciesAggregatedList) error) error {
+func (c *ServiceAttachmentsAggregatedListCall) Pages(ctx context.Context, f func(*ServiceAttachmentAggregatedList) error) error {
 	c.ctx_ = ctx
 	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
 	for {
@@ -207791,25 +217495,29 @@ func (c *SecurityPoliciesAggregatedListCall) Pages(ctx context.Context, f func(*
 	}
 }
 
-// method id "compute.securityPolicies.delete":
+// method id "compute.serviceAttachments.delete":
 
-type SecurityPoliciesDeleteCall struct {
-	s              *Service
-	project        string
-	securityPolicy string
-	urlParams_     gensupport.URLParams
-	ctx_           context.Context
-	header_        http.Header
+type ServiceAttachmentsDeleteCall struct {
+	s                 *Service
+	project           string
+	region            string
+	serviceAttachment string
+	urlParams_        gensupport.URLParams
+	ctx_              context.Context
+	header_           http.Header
 }
 
-// Delete: Deletes the specified policy.
+// Delete: Deletes the specified ServiceAttachment in the given scope
 //
-// - project: Project ID for this request.
-// - securityPolicy: Name of the security policy to delete.
-func (r *SecurityPoliciesService) Delete(project string, securityPolicy string) *SecurityPoliciesDeleteCall {
-	c := &SecurityPoliciesDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+//   - project: Project ID for this request.
+//   - region: Name of the region of this request.
+//   - serviceAttachment: Name of the ServiceAttachment resource to
+//     delete.
+func (r *ServiceAttachmentsService) Delete(project string, region string, serviceAttachment string) *ServiceAttachmentsDeleteCall {
+	c := &ServiceAttachmentsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.securityPolicy = securityPolicy
+	c.region = region
+	c.serviceAttachment = serviceAttachment
 	return c
 }
 
@@ -207824,7 +217532,7 @@ func (r *SecurityPoliciesService) Delete(project string, securityPolicy string)
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *SecurityPoliciesDeleteCall) RequestId(requestId string) *SecurityPoliciesDeleteCall {
+func (c *ServiceAttachmentsDeleteCall) RequestId(requestId string) *ServiceAttachmentsDeleteCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -207832,7 +217540,7 @@ func (c *SecurityPoliciesDeleteCall) RequestId(requestId string) *SecurityPolici
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SecurityPoliciesDeleteCall) Fields(s ...googleapi.Field) *SecurityPoliciesDeleteCall {
+func (c *ServiceAttachmentsDeleteCall) Fields(s ...googleapi.Field) *ServiceAttachmentsDeleteCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -207840,21 +217548,21 @@ func (c *SecurityPoliciesDeleteCall) Fields(s ...googleapi.Field) *SecurityPolic
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SecurityPoliciesDeleteCall) Context(ctx context.Context) *SecurityPoliciesDeleteCall {
+func (c *ServiceAttachmentsDeleteCall) Context(ctx context.Context) *ServiceAttachmentsDeleteCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SecurityPoliciesDeleteCall) Header() http.Header {
+func (c *ServiceAttachmentsDeleteCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SecurityPoliciesDeleteCall) doRequest(alt string) (*http.Response, error) {
+func (c *ServiceAttachmentsDeleteCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -207864,7 +217572,7 @@ func (c *SecurityPoliciesDeleteCall) doRequest(alt string) (*http.Response, erro
 	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/securityPolicies/{securityPolicy}")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/serviceAttachments/{serviceAttachment}")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("DELETE", urls, body)
 	if err != nil {
@@ -207872,20 +217580,21 @@ func (c *SecurityPoliciesDeleteCall) doRequest(alt string) (*http.Response, erro
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project":        c.project,
-		"securityPolicy": c.securityPolicy,
+		"project":           c.project,
+		"region":            c.region,
+		"serviceAttachment": c.serviceAttachment,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.securityPolicies.delete" call.
+// Do executes the "compute.serviceAttachments.delete" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *SecurityPoliciesDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *ServiceAttachmentsDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -207916,13 +217625,14 @@ func (c *SecurityPoliciesDeleteCall) Do(opts ...googleapi.CallOption) (*Operatio
 	}
 	return ret, nil
 	// {
-	//   "description": "Deletes the specified policy.",
-	//   "flatPath": "projects/{project}/global/securityPolicies/{securityPolicy}",
+	//   "description": "Deletes the specified ServiceAttachment in the given scope",
+	//   "flatPath": "projects/{project}/regions/{region}/serviceAttachments/{serviceAttachment}",
 	//   "httpMethod": "DELETE",
-	//   "id": "compute.securityPolicies.delete",
+	//   "id": "compute.serviceAttachments.delete",
 	//   "parameterOrder": [
 	//     "project",
-	//     "securityPolicy"
+	//     "region",
+	//     "serviceAttachment"
 	//   ],
 	//   "parameters": {
 	//     "project": {
@@ -207932,20 +217642,27 @@ func (c *SecurityPoliciesDeleteCall) Do(opts ...googleapi.CallOption) (*Operatio
 	//       "required": true,
 	//       "type": "string"
 	//     },
+	//     "region": {
+	//       "description": "Name of the region of this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     },
 	//     "requestId": {
 	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
 	//       "location": "query",
 	//       "type": "string"
 	//     },
-	//     "securityPolicy": {
-	//       "description": "Name of the security policy to delete.",
+	//     "serviceAttachment": {
+	//       "description": "Name of the ServiceAttachment resource to delete.",
 	//       "location": "path",
 	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 	//       "required": true,
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/securityPolicies/{securityPolicy}",
+	//   "path": "projects/{project}/regions/{region}/serviceAttachments/{serviceAttachment}",
 	//   "response": {
 	//     "$ref": "Operation"
 	//   },
@@ -207957,34 +217674,38 @@ func (c *SecurityPoliciesDeleteCall) Do(opts ...googleapi.CallOption) (*Operatio
 
 }
 
-// method id "compute.securityPolicies.get":
+// method id "compute.serviceAttachments.get":
 
-type SecurityPoliciesGetCall struct {
-	s              *Service
-	project        string
-	securityPolicy string
-	urlParams_     gensupport.URLParams
-	ifNoneMatch_   string
-	ctx_           context.Context
-	header_        http.Header
+type ServiceAttachmentsGetCall struct {
+	s                 *Service
+	project           string
+	region            string
+	serviceAttachment string
+	urlParams_        gensupport.URLParams
+	ifNoneMatch_      string
+	ctx_              context.Context
+	header_           http.Header
 }
 
-// Get: List all of the ordered rules present in a single specified
-// policy.
+// Get: Returns the specified ServiceAttachment resource in the given
+// scope.
 //
-// - project: Project ID for this request.
-// - securityPolicy: Name of the security policy to get.
-func (r *SecurityPoliciesService) Get(project string, securityPolicy string) *SecurityPoliciesGetCall {
-	c := &SecurityPoliciesGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+//   - project: Project ID for this request.
+//   - region: Name of the region of this request.
+//   - serviceAttachment: Name of the ServiceAttachment resource to
+//     return.
+func (r *ServiceAttachmentsService) Get(project string, region string, serviceAttachment string) *ServiceAttachmentsGetCall {
+	c := &ServiceAttachmentsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.securityPolicy = securityPolicy
+	c.region = region
+	c.serviceAttachment = serviceAttachment
 	return c
 }
 
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SecurityPoliciesGetCall) Fields(s ...googleapi.Field) *SecurityPoliciesGetCall {
+func (c *ServiceAttachmentsGetCall) Fields(s ...googleapi.Field) *ServiceAttachmentsGetCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -207994,7 +217715,7 @@ func (c *SecurityPoliciesGetCall) Fields(s ...googleapi.Field) *SecurityPolicies
 // getting updates only after the object has changed since the last
 // request. Use googleapi.IsNotModified to check whether the response
 // error from Do is the result of In-None-Match.
-func (c *SecurityPoliciesGetCall) IfNoneMatch(entityTag string) *SecurityPoliciesGetCall {
+func (c *ServiceAttachmentsGetCall) IfNoneMatch(entityTag string) *ServiceAttachmentsGetCall {
 	c.ifNoneMatch_ = entityTag
 	return c
 }
@@ -208002,21 +217723,21 @@ func (c *SecurityPoliciesGetCall) IfNoneMatch(entityTag string) *SecurityPolicie
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SecurityPoliciesGetCall) Context(ctx context.Context) *SecurityPoliciesGetCall {
+func (c *ServiceAttachmentsGetCall) Context(ctx context.Context) *ServiceAttachmentsGetCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SecurityPoliciesGetCall) Header() http.Header {
+func (c *ServiceAttachmentsGetCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SecurityPoliciesGetCall) doRequest(alt string) (*http.Response, error) {
+func (c *ServiceAttachmentsGetCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -208029,7 +217750,7 @@ func (c *SecurityPoliciesGetCall) doRequest(alt string) (*http.Response, error)
 	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/securityPolicies/{securityPolicy}")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/serviceAttachments/{serviceAttachment}")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("GET", urls, body)
 	if err != nil {
@@ -208037,20 +217758,21 @@ func (c *SecurityPoliciesGetCall) doRequest(alt string) (*http.Response, error)
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project":        c.project,
-		"securityPolicy": c.securityPolicy,
+		"project":           c.project,
+		"region":            c.region,
+		"serviceAttachment": c.serviceAttachment,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.securityPolicies.get" call.
-// Exactly one of *SecurityPolicy or error will be non-nil. Any non-2xx
-// status code is an error. Response headers are in either
-// *SecurityPolicy.ServerResponse.Header or (if a response was returned
-// at all) in error.(*googleapi.Error).Header. Use
+// Do executes the "compute.serviceAttachments.get" call.
+// Exactly one of *ServiceAttachment or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *ServiceAttachment.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
 // googleapi.IsNotModified to check whether the returned error was
 // because http.StatusNotModified was returned.
-func (c *SecurityPoliciesGetCall) Do(opts ...googleapi.CallOption) (*SecurityPolicy, error) {
+func (c *ServiceAttachmentsGetCall) Do(opts ...googleapi.CallOption) (*ServiceAttachment, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -208069,7 +217791,7 @@ func (c *SecurityPoliciesGetCall) Do(opts ...googleapi.CallOption) (*SecurityPol
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &SecurityPolicy{
+	ret := &ServiceAttachment{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -208081,13 +217803,14 @@ func (c *SecurityPoliciesGetCall) Do(opts ...googleapi.CallOption) (*SecurityPol
 	}
 	return ret, nil
 	// {
-	//   "description": "List all of the ordered rules present in a single specified policy.",
-	//   "flatPath": "projects/{project}/global/securityPolicies/{securityPolicy}",
+	//   "description": "Returns the specified ServiceAttachment resource in the given scope.",
+	//   "flatPath": "projects/{project}/regions/{region}/serviceAttachments/{serviceAttachment}",
 	//   "httpMethod": "GET",
-	//   "id": "compute.securityPolicies.get",
+	//   "id": "compute.serviceAttachments.get",
 	//   "parameterOrder": [
 	//     "project",
-	//     "securityPolicy"
+	//     "region",
+	//     "serviceAttachment"
 	//   ],
 	//   "parameters": {
 	//     "project": {
@@ -208097,17 +217820,24 @@ func (c *SecurityPoliciesGetCall) Do(opts ...googleapi.CallOption) (*SecurityPol
 	//       "required": true,
 	//       "type": "string"
 	//     },
-	//     "securityPolicy": {
-	//       "description": "Name of the security policy to get.",
+	//     "region": {
+	//       "description": "Name of the region of this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "serviceAttachment": {
+	//       "description": "Name of the ServiceAttachment resource to return.",
 	//       "location": "path",
 	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 	//       "required": true,
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/securityPolicies/{securityPolicy}",
+	//   "path": "projects/{project}/regions/{region}/serviceAttachments/{serviceAttachment}",
 	//   "response": {
-	//     "$ref": "SecurityPolicy"
+	//     "$ref": "ServiceAttachment"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
@@ -208118,41 +217848,44 @@ func (c *SecurityPoliciesGetCall) Do(opts ...googleapi.CallOption) (*SecurityPol
 
 }
 
-// method id "compute.securityPolicies.getRule":
+// method id "compute.serviceAttachments.getIamPolicy":
 
-type SecurityPoliciesGetRuleCall struct {
-	s              *Service
-	project        string
-	securityPolicy string
-	urlParams_     gensupport.URLParams
-	ifNoneMatch_   string
-	ctx_           context.Context
-	header_        http.Header
+type ServiceAttachmentsGetIamPolicyCall struct {
+	s            *Service
+	project      string
+	region       string
+	resource     string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
 }
 
-// GetRule: Gets a rule at the specified priority.
+// GetIamPolicy: Gets the access control policy for a resource. May be
+// empty if no such policy or resource exists.
 //
-//   - project: Project ID for this request.
-//   - securityPolicy: Name of the security policy to which the queried
-//     rule belongs.
-func (r *SecurityPoliciesService) GetRule(project string, securityPolicy string) *SecurityPoliciesGetRuleCall {
-	c := &SecurityPoliciesGetRuleCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - project: Project ID for this request.
+// - region: The name of the region for this request.
+// - resource: Name or id of the resource for this request.
+func (r *ServiceAttachmentsService) GetIamPolicy(project string, region string, resource string) *ServiceAttachmentsGetIamPolicyCall {
+	c := &ServiceAttachmentsGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.securityPolicy = securityPolicy
+	c.region = region
+	c.resource = resource
 	return c
 }
 
-// Priority sets the optional parameter "priority": The priority of the
-// rule to get from the security policy.
-func (c *SecurityPoliciesGetRuleCall) Priority(priority int64) *SecurityPoliciesGetRuleCall {
-	c.urlParams_.Set("priority", fmt.Sprint(priority))
+// OptionsRequestedPolicyVersion sets the optional parameter
+// "optionsRequestedPolicyVersion": Requested IAM Policy version.
+func (c *ServiceAttachmentsGetIamPolicyCall) OptionsRequestedPolicyVersion(optionsRequestedPolicyVersion int64) *ServiceAttachmentsGetIamPolicyCall {
+	c.urlParams_.Set("optionsRequestedPolicyVersion", fmt.Sprint(optionsRequestedPolicyVersion))
 	return c
 }
 
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SecurityPoliciesGetRuleCall) Fields(s ...googleapi.Field) *SecurityPoliciesGetRuleCall {
+func (c *ServiceAttachmentsGetIamPolicyCall) Fields(s ...googleapi.Field) *ServiceAttachmentsGetIamPolicyCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -208162,7 +217895,7 @@ func (c *SecurityPoliciesGetRuleCall) Fields(s ...googleapi.Field) *SecurityPoli
 // getting updates only after the object has changed since the last
 // request. Use googleapi.IsNotModified to check whether the response
 // error from Do is the result of In-None-Match.
-func (c *SecurityPoliciesGetRuleCall) IfNoneMatch(entityTag string) *SecurityPoliciesGetRuleCall {
+func (c *ServiceAttachmentsGetIamPolicyCall) IfNoneMatch(entityTag string) *ServiceAttachmentsGetIamPolicyCall {
 	c.ifNoneMatch_ = entityTag
 	return c
 }
@@ -208170,21 +217903,21 @@ func (c *SecurityPoliciesGetRuleCall) IfNoneMatch(entityTag string) *SecurityPol
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SecurityPoliciesGetRuleCall) Context(ctx context.Context) *SecurityPoliciesGetRuleCall {
+func (c *ServiceAttachmentsGetIamPolicyCall) Context(ctx context.Context) *ServiceAttachmentsGetIamPolicyCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SecurityPoliciesGetRuleCall) Header() http.Header {
+func (c *ServiceAttachmentsGetIamPolicyCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SecurityPoliciesGetRuleCall) doRequest(alt string) (*http.Response, error) {
+func (c *ServiceAttachmentsGetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -208197,7 +217930,7 @@ func (c *SecurityPoliciesGetRuleCall) doRequest(alt string) (*http.Response, err
 	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/securityPolicies/{securityPolicy}/getRule")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/serviceAttachments/{resource}/getIamPolicy")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("GET", urls, body)
 	if err != nil {
@@ -208205,20 +217938,21 @@ func (c *SecurityPoliciesGetRuleCall) doRequest(alt string) (*http.Response, err
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project":        c.project,
-		"securityPolicy": c.securityPolicy,
+		"project":  c.project,
+		"region":   c.region,
+		"resource": c.resource,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.securityPolicies.getRule" call.
-// Exactly one of *SecurityPolicyRule or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *SecurityPolicyRule.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *SecurityPoliciesGetRuleCall) Do(opts ...googleapi.CallOption) (*SecurityPolicyRule, error) {
+// Do executes the "compute.serviceAttachments.getIamPolicy" call.
+// Exactly one of *Policy or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Policy.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *ServiceAttachmentsGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -208237,7 +217971,7 @@ func (c *SecurityPoliciesGetRuleCall) Do(opts ...googleapi.CallOption) (*Securit
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &SecurityPolicyRule{
+	ret := &Policy{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -208249,17 +217983,18 @@ func (c *SecurityPoliciesGetRuleCall) Do(opts ...googleapi.CallOption) (*Securit
 	}
 	return ret, nil
 	// {
-	//   "description": "Gets a rule at the specified priority.",
-	//   "flatPath": "projects/{project}/global/securityPolicies/{securityPolicy}/getRule",
+	//   "description": "Gets the access control policy for a resource. May be empty if no such policy or resource exists.",
+	//   "flatPath": "projects/{project}/regions/{region}/serviceAttachments/{resource}/getIamPolicy",
 	//   "httpMethod": "GET",
-	//   "id": "compute.securityPolicies.getRule",
+	//   "id": "compute.serviceAttachments.getIamPolicy",
 	//   "parameterOrder": [
 	//     "project",
-	//     "securityPolicy"
+	//     "region",
+	//     "resource"
 	//   ],
 	//   "parameters": {
-	//     "priority": {
-	//       "description": "The priority of the rule to get from the security policy.",
+	//     "optionsRequestedPolicyVersion": {
+	//       "description": "Requested IAM Policy version.",
 	//       "format": "int32",
 	//       "location": "query",
 	//       "type": "integer"
@@ -208271,17 +218006,24 @@ func (c *SecurityPoliciesGetRuleCall) Do(opts ...googleapi.CallOption) (*Securit
 	//       "required": true,
 	//       "type": "string"
 	//     },
-	//     "securityPolicy": {
-	//       "description": "Name of the security policy to which the queried rule belongs.",
+	//     "region": {
+	//       "description": "The name of the region for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "resource": {
+	//       "description": "Name or id of the resource for this request.",
 	//       "location": "path",
 	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 	//       "required": true,
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/securityPolicies/{securityPolicy}/getRule",
+	//   "path": "projects/{project}/regions/{region}/serviceAttachments/{resource}/getIamPolicy",
 	//   "response": {
-	//     "$ref": "SecurityPolicyRule"
+	//     "$ref": "Policy"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
@@ -208292,25 +218034,28 @@ func (c *SecurityPoliciesGetRuleCall) Do(opts ...googleapi.CallOption) (*Securit
 
 }
 
-// method id "compute.securityPolicies.insert":
+// method id "compute.serviceAttachments.insert":
 
-type SecurityPoliciesInsertCall struct {
-	s              *Service
-	project        string
-	securitypolicy *SecurityPolicy
-	urlParams_     gensupport.URLParams
-	ctx_           context.Context
-	header_        http.Header
+type ServiceAttachmentsInsertCall struct {
+	s                 *Service
+	project           string
+	region            string
+	serviceattachment *ServiceAttachment
+	urlParams_        gensupport.URLParams
+	ctx_              context.Context
+	header_           http.Header
 }
 
-// Insert: Creates a new policy in the specified project using the data
-// included in the request.
+// Insert: Creates a ServiceAttachment in the specified project in the
+// given scope using the parameters that are included in the request.
 //
 // - project: Project ID for this request.
-func (r *SecurityPoliciesService) Insert(project string, securitypolicy *SecurityPolicy) *SecurityPoliciesInsertCall {
-	c := &SecurityPoliciesInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - region: Name of the region of this request.
+func (r *ServiceAttachmentsService) Insert(project string, region string, serviceattachment *ServiceAttachment) *ServiceAttachmentsInsertCall {
+	c := &ServiceAttachmentsInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.securitypolicy = securitypolicy
+	c.region = region
+	c.serviceattachment = serviceattachment
 	return c
 }
 
@@ -208325,22 +218070,15 @@ func (r *SecurityPoliciesService) Insert(project string, securitypolicy *Securit
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *SecurityPoliciesInsertCall) RequestId(requestId string) *SecurityPoliciesInsertCall {
+func (c *ServiceAttachmentsInsertCall) RequestId(requestId string) *ServiceAttachmentsInsertCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
 
-// ValidateOnly sets the optional parameter "validateOnly": If true, the
-// request will not be committed.
-func (c *SecurityPoliciesInsertCall) ValidateOnly(validateOnly bool) *SecurityPoliciesInsertCall {
-	c.urlParams_.Set("validateOnly", fmt.Sprint(validateOnly))
-	return c
-}
-
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SecurityPoliciesInsertCall) Fields(s ...googleapi.Field) *SecurityPoliciesInsertCall {
+func (c *ServiceAttachmentsInsertCall) Fields(s ...googleapi.Field) *ServiceAttachmentsInsertCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -208348,21 +218086,21 @@ func (c *SecurityPoliciesInsertCall) Fields(s ...googleapi.Field) *SecurityPolic
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SecurityPoliciesInsertCall) Context(ctx context.Context) *SecurityPoliciesInsertCall {
+func (c *ServiceAttachmentsInsertCall) Context(ctx context.Context) *ServiceAttachmentsInsertCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SecurityPoliciesInsertCall) Header() http.Header {
+func (c *ServiceAttachmentsInsertCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SecurityPoliciesInsertCall) doRequest(alt string) (*http.Response, error) {
+func (c *ServiceAttachmentsInsertCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -208370,14 +218108,14 @@ func (c *SecurityPoliciesInsertCall) doRequest(alt string) (*http.Response, erro
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.securitypolicy)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.serviceattachment)
 	if err != nil {
 		return nil, err
 	}
 	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/securityPolicies")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/serviceAttachments")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -208386,18 +218124,19 @@ func (c *SecurityPoliciesInsertCall) doRequest(alt string) (*http.Response, erro
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
 		"project": c.project,
+		"region":  c.region,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.securityPolicies.insert" call.
+// Do executes the "compute.serviceAttachments.insert" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *SecurityPoliciesInsertCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *ServiceAttachmentsInsertCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -208428,12 +218167,13 @@ func (c *SecurityPoliciesInsertCall) Do(opts ...googleapi.CallOption) (*Operatio
 	}
 	return ret, nil
 	// {
-	//   "description": "Creates a new policy in the specified project using the data included in the request.",
-	//   "flatPath": "projects/{project}/global/securityPolicies",
+	//   "description": "Creates a ServiceAttachment in the specified project in the given scope using the parameters that are included in the request.",
+	//   "flatPath": "projects/{project}/regions/{region}/serviceAttachments",
 	//   "httpMethod": "POST",
-	//   "id": "compute.securityPolicies.insert",
+	//   "id": "compute.serviceAttachments.insert",
 	//   "parameterOrder": [
-	//     "project"
+	//     "project",
+	//     "region"
 	//   ],
 	//   "parameters": {
 	//     "project": {
@@ -208443,20 +218183,22 @@ func (c *SecurityPoliciesInsertCall) Do(opts ...googleapi.CallOption) (*Operatio
 	//       "required": true,
 	//       "type": "string"
 	//     },
+	//     "region": {
+	//       "description": "Name of the region of this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     },
 	//     "requestId": {
 	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
 	//       "location": "query",
 	//       "type": "string"
-	//     },
-	//     "validateOnly": {
-	//       "description": "If true, the request will not be committed.",
-	//       "location": "query",
-	//       "type": "boolean"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/securityPolicies",
+	//   "path": "projects/{project}/regions/{region}/serviceAttachments",
 	//   "request": {
-	//     "$ref": "SecurityPolicy"
+	//     "$ref": "ServiceAttachment"
 	//   },
 	//   "response": {
 	//     "$ref": "Operation"
@@ -208469,24 +218211,26 @@ func (c *SecurityPoliciesInsertCall) Do(opts ...googleapi.CallOption) (*Operatio
 
 }
 
-// method id "compute.securityPolicies.list":
+// method id "compute.serviceAttachments.list":
 
-type SecurityPoliciesListCall struct {
+type ServiceAttachmentsListCall struct {
 	s            *Service
 	project      string
+	region       string
 	urlParams_   gensupport.URLParams
 	ifNoneMatch_ string
 	ctx_         context.Context
 	header_      http.Header
 }
 
-// List: List all the policies that have been configured for the
-// specified project.
+// List: Lists the ServiceAttachments for a project in the given scope.
 //
 // - project: Project ID for this request.
-func (r *SecurityPoliciesService) List(project string) *SecurityPoliciesListCall {
-	c := &SecurityPoliciesListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - region: Name of the region of this request.
+func (r *ServiceAttachmentsService) List(project string, region string) *ServiceAttachmentsListCall {
+	c := &ServiceAttachmentsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
+	c.region = region
 	return c
 }
 
@@ -208525,7 +218269,7 @@ func (r *SecurityPoliciesService) List(project string) *SecurityPoliciesListCall
 // must match the entire field. For example, to filter for instances
 // that do not end with name "instance", you would use `name ne
 // .*instance`.
-func (c *SecurityPoliciesListCall) Filter(filter string) *SecurityPoliciesListCall {
+func (c *ServiceAttachmentsListCall) Filter(filter string) *ServiceAttachmentsListCall {
 	c.urlParams_.Set("filter", filter)
 	return c
 }
@@ -208536,7 +218280,7 @@ func (c *SecurityPoliciesListCall) Filter(filter string) *SecurityPoliciesListCa
 // a `nextPageToken` that can be used to get the next page of results in
 // subsequent list requests. Acceptable values are `0` to `500`,
 // inclusive. (Default: `500`)
-func (c *SecurityPoliciesListCall) MaxResults(maxResults int64) *SecurityPoliciesListCall {
+func (c *ServiceAttachmentsListCall) MaxResults(maxResults int64) *ServiceAttachmentsListCall {
 	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
 	return c
 }
@@ -208550,7 +218294,7 @@ func (c *SecurityPoliciesListCall) MaxResults(maxResults int64) *SecurityPolicie
 // result first). Use this to sort resources like operations so that the
 // newest operation is returned first. Currently, only sorting by `name`
 // or `creationTimestamp desc` is supported.
-func (c *SecurityPoliciesListCall) OrderBy(orderBy string) *SecurityPoliciesListCall {
+func (c *ServiceAttachmentsListCall) OrderBy(orderBy string) *ServiceAttachmentsListCall {
 	c.urlParams_.Set("orderBy", orderBy)
 	return c
 }
@@ -208558,7 +218302,7 @@ func (c *SecurityPoliciesListCall) OrderBy(orderBy string) *SecurityPoliciesList
 // PageToken sets the optional parameter "pageToken": Specifies a page
 // token to use. Set `pageToken` to the `nextPageToken` returned by a
 // previous list request to get the next page of results.
-func (c *SecurityPoliciesListCall) PageToken(pageToken string) *SecurityPoliciesListCall {
+func (c *ServiceAttachmentsListCall) PageToken(pageToken string) *ServiceAttachmentsListCall {
 	c.urlParams_.Set("pageToken", pageToken)
 	return c
 }
@@ -208567,7 +218311,7 @@ func (c *SecurityPoliciesListCall) PageToken(pageToken string) *SecurityPolicies
 // "returnPartialSuccess": Opt-in for partial success behavior which
 // provides partial results in case of failure. The default value is
 // false.
-func (c *SecurityPoliciesListCall) ReturnPartialSuccess(returnPartialSuccess bool) *SecurityPoliciesListCall {
+func (c *ServiceAttachmentsListCall) ReturnPartialSuccess(returnPartialSuccess bool) *ServiceAttachmentsListCall {
 	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
 	return c
 }
@@ -208575,7 +218319,7 @@ func (c *SecurityPoliciesListCall) ReturnPartialSuccess(returnPartialSuccess boo
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SecurityPoliciesListCall) Fields(s ...googleapi.Field) *SecurityPoliciesListCall {
+func (c *ServiceAttachmentsListCall) Fields(s ...googleapi.Field) *ServiceAttachmentsListCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -208585,7 +218329,7 @@ func (c *SecurityPoliciesListCall) Fields(s ...googleapi.Field) *SecurityPolicie
 // getting updates only after the object has changed since the last
 // request. Use googleapi.IsNotModified to check whether the response
 // error from Do is the result of In-None-Match.
-func (c *SecurityPoliciesListCall) IfNoneMatch(entityTag string) *SecurityPoliciesListCall {
+func (c *ServiceAttachmentsListCall) IfNoneMatch(entityTag string) *ServiceAttachmentsListCall {
 	c.ifNoneMatch_ = entityTag
 	return c
 }
@@ -208593,21 +218337,21 @@ func (c *SecurityPoliciesListCall) IfNoneMatch(entityTag string) *SecurityPolici
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SecurityPoliciesListCall) Context(ctx context.Context) *SecurityPoliciesListCall {
+func (c *ServiceAttachmentsListCall) Context(ctx context.Context) *ServiceAttachmentsListCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SecurityPoliciesListCall) Header() http.Header {
+func (c *ServiceAttachmentsListCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SecurityPoliciesListCall) doRequest(alt string) (*http.Response, error) {
+func (c *ServiceAttachmentsListCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -208620,7 +218364,7 @@ func (c *SecurityPoliciesListCall) doRequest(alt string) (*http.Response, error)
 	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/securityPolicies")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/serviceAttachments")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("GET", urls, body)
 	if err != nil {
@@ -208629,18 +218373,19 @@ func (c *SecurityPoliciesListCall) doRequest(alt string) (*http.Response, error)
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
 		"project": c.project,
+		"region":  c.region,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.securityPolicies.list" call.
-// Exactly one of *SecurityPolicyList or error will be non-nil. Any
+// Do executes the "compute.serviceAttachments.list" call.
+// Exactly one of *ServiceAttachmentList or error will be non-nil. Any
 // non-2xx status code is an error. Response headers are in either
-// *SecurityPolicyList.ServerResponse.Header or (if a response was
+// *ServiceAttachmentList.ServerResponse.Header or (if a response was
 // returned at all) in error.(*googleapi.Error).Header. Use
 // googleapi.IsNotModified to check whether the returned error was
 // because http.StatusNotModified was returned.
-func (c *SecurityPoliciesListCall) Do(opts ...googleapi.CallOption) (*SecurityPolicyList, error) {
+func (c *ServiceAttachmentsListCall) Do(opts ...googleapi.CallOption) (*ServiceAttachmentList, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -208659,7 +218404,7 @@ func (c *SecurityPoliciesListCall) Do(opts ...googleapi.CallOption) (*SecurityPo
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &SecurityPolicyList{
+	ret := &ServiceAttachmentList{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -208671,12 +218416,13 @@ func (c *SecurityPoliciesListCall) Do(opts ...googleapi.CallOption) (*SecurityPo
 	}
 	return ret, nil
 	// {
-	//   "description": "List all the policies that have been configured for the specified project.",
-	//   "flatPath": "projects/{project}/global/securityPolicies",
+	//   "description": "Lists the ServiceAttachments for a project in the given scope.",
+	//   "flatPath": "projects/{project}/regions/{region}/serviceAttachments",
 	//   "httpMethod": "GET",
-	//   "id": "compute.securityPolicies.list",
+	//   "id": "compute.serviceAttachments.list",
 	//   "parameterOrder": [
-	//     "project"
+	//     "project",
+	//     "region"
 	//   ],
 	//   "parameters": {
 	//     "filter": {
@@ -208709,15 +218455,22 @@ func (c *SecurityPoliciesListCall) Do(opts ...googleapi.CallOption) (*SecurityPo
 	//       "required": true,
 	//       "type": "string"
 	//     },
+	//     "region": {
+	//       "description": "Name of the region of this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     },
 	//     "returnPartialSuccess": {
 	//       "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
 	//       "location": "query",
 	//       "type": "boolean"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/securityPolicies",
+	//   "path": "projects/{project}/regions/{region}/serviceAttachments",
 	//   "response": {
-	//     "$ref": "SecurityPolicyList"
+	//     "$ref": "ServiceAttachmentList"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
@@ -208731,7 +218484,7 @@ func (c *SecurityPoliciesListCall) Do(opts ...googleapi.CallOption) (*SecurityPo
 // Pages invokes f for each page of results.
 // A non-nil error returned from f will halt the iteration.
 // The provided context supersedes any context provided to the Context method.
-func (c *SecurityPoliciesListCall) Pages(ctx context.Context, f func(*SecurityPolicyList) error) error {
+func (c *ServiceAttachmentsListCall) Pages(ctx context.Context, f func(*ServiceAttachmentList) error) error {
 	c.ctx_ = ctx
 	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
 	for {
@@ -208749,299 +218502,35 @@ func (c *SecurityPoliciesListCall) Pages(ctx context.Context, f func(*SecurityPo
 	}
 }
 
-// method id "compute.securityPolicies.listPreconfiguredExpressionSets":
-
-type SecurityPoliciesListPreconfiguredExpressionSetsCall struct {
-	s            *Service
-	project      string
-	urlParams_   gensupport.URLParams
-	ifNoneMatch_ string
-	ctx_         context.Context
-	header_      http.Header
-}
-
-// ListPreconfiguredExpressionSets: Gets the current list of
-// preconfigured Web Application Firewall (WAF) expressions.
-//
-// - project: Project ID for this request.
-func (r *SecurityPoliciesService) ListPreconfiguredExpressionSets(project string) *SecurityPoliciesListPreconfiguredExpressionSetsCall {
-	c := &SecurityPoliciesListPreconfiguredExpressionSetsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.project = project
-	return c
-}
-
-// Filter sets the optional parameter "filter": A filter expression that
-// filters resources listed in the response. Most Compute resources
-// support two types of filter expressions: expressions that support
-// regular expressions and expressions that follow API improvement
-// proposal AIP-160. If you want to use AIP-160, your expression must
-// specify the field name, an operator, and the value that you want to
-// use for filtering. The value must be a string, a number, or a
-// boolean. The operator must be either `=`, `!=`, `>`, `<`, `<=`, `>=`
-// or `:`. For example, if you are filtering Compute Engine instances,
-// you can exclude instances named `example-instance` by specifying
-// `name != example-instance`. The `:` operator can be used with string
-// fields to match substrings. For non-string fields it is equivalent to
-// the `=` operator. The `:*` comparison can be used to test whether a
-// key has been defined. For example, to find all objects with `owner`
-// label use: ``` labels.owner:* ``` You can also filter nested fields.
-// For example, you could specify `scheduling.automaticRestart = false`
-// to include instances only if they are not scheduled for automatic
-// restarts. You can use filtering on nested fields to filter based on
-// resource labels. To filter on multiple expressions, provide each
-// separate expression within parentheses. For example: ```
-// (scheduling.automaticRestart = true) (cpuPlatform = "Intel Skylake")
-// ``` By default, each expression is an `AND` expression. However, you
-// can include `AND` and `OR` expressions explicitly. For example: ```
-// (cpuPlatform = "Intel Skylake") OR (cpuPlatform = "Intel Broadwell")
-// AND (scheduling.automaticRestart = true) ``` If you want to use a
-// regular expression, use the `eq` (equal) or `ne` (not equal) operator
-// against a single un-parenthesized expression with or without quotes
-// or against multiple parenthesized expressions. Examples: `fieldname
-// eq unquoted literal` `fieldname eq 'single quoted literal'`
-// `fieldname eq "double quoted literal" `(fieldname1 eq literal)
-// (fieldname2 ne "literal")` The literal value is interpreted as a
-// regular expression using Google RE2 library syntax. The literal value
-// must match the entire field. For example, to filter for instances
-// that do not end with name "instance", you would use `name ne
-// .*instance`.
-func (c *SecurityPoliciesListPreconfiguredExpressionSetsCall) Filter(filter string) *SecurityPoliciesListPreconfiguredExpressionSetsCall {
-	c.urlParams_.Set("filter", filter)
-	return c
-}
-
-// MaxResults sets the optional parameter "maxResults": The maximum
-// number of results per page that should be returned. If the number of
-// available results is larger than `maxResults`, Compute Engine returns
-// a `nextPageToken` that can be used to get the next page of results in
-// subsequent list requests. Acceptable values are `0` to `500`,
-// inclusive. (Default: `500`)
-func (c *SecurityPoliciesListPreconfiguredExpressionSetsCall) MaxResults(maxResults int64) *SecurityPoliciesListPreconfiguredExpressionSetsCall {
-	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
-	return c
-}
-
-// OrderBy sets the optional parameter "orderBy": Sorts list results by
-// a certain order. By default, results are returned in alphanumerical
-// order based on the resource name. You can also sort results in
-// descending order based on the creation timestamp using
-// `orderBy="creationTimestamp desc". This sorts results based on the
-// `creationTimestamp` field in reverse chronological order (newest
-// result first). Use this to sort resources like operations so that the
-// newest operation is returned first. Currently, only sorting by `name`
-// or `creationTimestamp desc` is supported.
-func (c *SecurityPoliciesListPreconfiguredExpressionSetsCall) OrderBy(orderBy string) *SecurityPoliciesListPreconfiguredExpressionSetsCall {
-	c.urlParams_.Set("orderBy", orderBy)
-	return c
-}
-
-// PageToken sets the optional parameter "pageToken": Specifies a page
-// token to use. Set `pageToken` to the `nextPageToken` returned by a
-// previous list request to get the next page of results.
-func (c *SecurityPoliciesListPreconfiguredExpressionSetsCall) PageToken(pageToken string) *SecurityPoliciesListPreconfiguredExpressionSetsCall {
-	c.urlParams_.Set("pageToken", pageToken)
-	return c
-}
-
-// ReturnPartialSuccess sets the optional parameter
-// "returnPartialSuccess": Opt-in for partial success behavior which
-// provides partial results in case of failure. The default value is
-// false.
-func (c *SecurityPoliciesListPreconfiguredExpressionSetsCall) ReturnPartialSuccess(returnPartialSuccess bool) *SecurityPoliciesListPreconfiguredExpressionSetsCall {
-	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *SecurityPoliciesListPreconfiguredExpressionSetsCall) Fields(s ...googleapi.Field) *SecurityPoliciesListPreconfiguredExpressionSetsCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *SecurityPoliciesListPreconfiguredExpressionSetsCall) IfNoneMatch(entityTag string) *SecurityPoliciesListPreconfiguredExpressionSetsCall {
-	c.ifNoneMatch_ = entityTag
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *SecurityPoliciesListPreconfiguredExpressionSetsCall) Context(ctx context.Context) *SecurityPoliciesListPreconfiguredExpressionSetsCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *SecurityPoliciesListPreconfiguredExpressionSetsCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *SecurityPoliciesListPreconfiguredExpressionSetsCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/securityPolicies/listPreconfiguredExpressionSets")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"project": c.project,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "compute.securityPolicies.listPreconfiguredExpressionSets" call.
-// Exactly one of
-// *SecurityPoliciesListPreconfiguredExpressionSetsResponse or error
-// will be non-nil. Any non-2xx status code is an error. Response
-// headers are in either
-// *SecurityPoliciesListPreconfiguredExpressionSetsResponse.ServerRespons
-// e.Header or (if a response was returned at all) in
-// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
-// whether the returned error was because http.StatusNotModified was
-// returned.
-func (c *SecurityPoliciesListPreconfiguredExpressionSetsCall) Do(opts ...googleapi.CallOption) (*SecurityPoliciesListPreconfiguredExpressionSetsResponse, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &SecurityPoliciesListPreconfiguredExpressionSetsResponse{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Gets the current list of preconfigured Web Application Firewall (WAF) expressions.",
-	//   "flatPath": "projects/{project}/global/securityPolicies/listPreconfiguredExpressionSets",
-	//   "httpMethod": "GET",
-	//   "id": "compute.securityPolicies.listPreconfiguredExpressionSets",
-	//   "parameterOrder": [
-	//     "project"
-	//   ],
-	//   "parameters": {
-	//     "filter": {
-	//       "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "maxResults": {
-	//       "default": "500",
-	//       "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
-	//       "format": "uint32",
-	//       "location": "query",
-	//       "minimum": "0",
-	//       "type": "integer"
-	//     },
-	//     "orderBy": {
-	//       "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "pageToken": {
-	//       "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "project": {
-	//       "description": "Project ID for this request.",
-	//       "location": "path",
-	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "returnPartialSuccess": {
-	//       "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
-	//       "location": "query",
-	//       "type": "boolean"
-	//     }
-	//   },
-	//   "path": "projects/{project}/global/securityPolicies/listPreconfiguredExpressionSets",
-	//   "response": {
-	//     "$ref": "SecurityPoliciesListPreconfiguredExpressionSetsResponse"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/compute",
-	//     "https://www.googleapis.com/auth/compute.readonly"
-	//   ]
-	// }
-
-}
-
-// method id "compute.securityPolicies.patch":
+// method id "compute.serviceAttachments.patch":
 
-type SecurityPoliciesPatchCall struct {
-	s              *Service
-	project        string
-	securityPolicy string
-	securitypolicy *SecurityPolicy
-	urlParams_     gensupport.URLParams
-	ctx_           context.Context
-	header_        http.Header
+type ServiceAttachmentsPatchCall struct {
+	s                 *Service
+	project           string
+	region            string
+	serviceAttachment string
+	serviceattachment *ServiceAttachment
+	urlParams_        gensupport.URLParams
+	ctx_              context.Context
+	header_           http.Header
 }
 
-// Patch: Patches the specified policy with the data included in the
-// request. To clear fields in the rule, leave the fields empty and
-// specify them in the updateMask. This cannot be used to be update the
-// rules in the policy. Please use the per rule methods like addRule,
-// patchRule, and removeRule instead.
+// Patch: Patches the specified ServiceAttachment resource with the data
+// included in the request. This method supports PATCH semantics and
+// uses JSON merge patch format and processing rules.
 //
-// - project: Project ID for this request.
-// - securityPolicy: Name of the security policy to update.
-func (r *SecurityPoliciesService) Patch(project string, securityPolicy string, securitypolicy *SecurityPolicy) *SecurityPoliciesPatchCall {
-	c := &SecurityPoliciesPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+//   - project: Project ID for this request.
+//   - region: The region scoping this request and should conform to
+//     RFC1035.
+//   - serviceAttachment: The resource id of the ServiceAttachment to
+//     patch. It should conform to RFC1035 resource name or be a string
+//     form on an unsigned long number.
+func (r *ServiceAttachmentsService) Patch(project string, region string, serviceAttachment string, serviceattachment *ServiceAttachment) *ServiceAttachmentsPatchCall {
+	c := &ServiceAttachmentsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.securityPolicy = securityPolicy
-	c.securitypolicy = securitypolicy
-	return c
-}
-
-// Paths sets the optional parameter "paths":
-func (c *SecurityPoliciesPatchCall) Paths(paths ...string) *SecurityPoliciesPatchCall {
-	c.urlParams_.SetMulti("paths", append([]string{}, paths...))
+	c.region = region
+	c.serviceAttachment = serviceAttachment
+	c.serviceattachment = serviceattachment
 	return c
 }
 
@@ -209056,22 +218545,15 @@ func (c *SecurityPoliciesPatchCall) Paths(paths ...string) *SecurityPoliciesPatc
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *SecurityPoliciesPatchCall) RequestId(requestId string) *SecurityPoliciesPatchCall {
+func (c *ServiceAttachmentsPatchCall) RequestId(requestId string) *ServiceAttachmentsPatchCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
 
-// UpdateMask sets the optional parameter "updateMask": Indicates fields
-// to be cleared as part of this request.
-func (c *SecurityPoliciesPatchCall) UpdateMask(updateMask string) *SecurityPoliciesPatchCall {
-	c.urlParams_.Set("updateMask", updateMask)
-	return c
-}
-
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SecurityPoliciesPatchCall) Fields(s ...googleapi.Field) *SecurityPoliciesPatchCall {
+func (c *ServiceAttachmentsPatchCall) Fields(s ...googleapi.Field) *ServiceAttachmentsPatchCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -209079,21 +218561,21 @@ func (c *SecurityPoliciesPatchCall) Fields(s ...googleapi.Field) *SecurityPolici
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SecurityPoliciesPatchCall) Context(ctx context.Context) *SecurityPoliciesPatchCall {
+func (c *ServiceAttachmentsPatchCall) Context(ctx context.Context) *ServiceAttachmentsPatchCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SecurityPoliciesPatchCall) Header() http.Header {
+func (c *ServiceAttachmentsPatchCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SecurityPoliciesPatchCall) doRequest(alt string) (*http.Response, error) {
+func (c *ServiceAttachmentsPatchCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -209101,14 +218583,14 @@ func (c *SecurityPoliciesPatchCall) doRequest(alt string) (*http.Response, error
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.securitypolicy)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.serviceattachment)
 	if err != nil {
 		return nil, err
 	}
 	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/securityPolicies/{securityPolicy}")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/serviceAttachments/{serviceAttachment}")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("PATCH", urls, body)
 	if err != nil {
@@ -209116,20 +218598,21 @@ func (c *SecurityPoliciesPatchCall) doRequest(alt string) (*http.Response, error
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project":        c.project,
-		"securityPolicy": c.securityPolicy,
+		"project":           c.project,
+		"region":            c.region,
+		"serviceAttachment": c.serviceAttachment,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.securityPolicies.patch" call.
+// Do executes the "compute.serviceAttachments.patch" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *SecurityPoliciesPatchCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *ServiceAttachmentsPatchCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -209160,20 +218643,16 @@ func (c *SecurityPoliciesPatchCall) Do(opts ...googleapi.CallOption) (*Operation
 	}
 	return ret, nil
 	// {
-	//   "description": "Patches the specified policy with the data included in the request. To clear fields in the rule, leave the fields empty and specify them in the updateMask. This cannot be used to be update the rules in the policy. Please use the per rule methods like addRule, patchRule, and removeRule instead.",
-	//   "flatPath": "projects/{project}/global/securityPolicies/{securityPolicy}",
+	//   "description": "Patches the specified ServiceAttachment resource with the data included in the request. This method supports PATCH semantics and uses JSON merge patch format and processing rules.",
+	//   "flatPath": "projects/{project}/regions/{region}/serviceAttachments/{serviceAttachment}",
 	//   "httpMethod": "PATCH",
-	//   "id": "compute.securityPolicies.patch",
+	//   "id": "compute.serviceAttachments.patch",
 	//   "parameterOrder": [
 	//     "project",
-	//     "securityPolicy"
+	//     "region",
+	//     "serviceAttachment"
 	//   ],
 	//   "parameters": {
-	//     "paths": {
-	//       "location": "query",
-	//       "repeated": true,
-	//       "type": "string"
-	//     },
 	//     "project": {
 	//       "description": "Project ID for this request.",
 	//       "location": "path",
@@ -209181,28 +218660,27 @@ func (c *SecurityPoliciesPatchCall) Do(opts ...googleapi.CallOption) (*Operation
 	//       "required": true,
 	//       "type": "string"
 	//     },
+	//     "region": {
+	//       "description": "The region scoping this request and should conform to RFC1035.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
 	//     "requestId": {
 	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
 	//       "location": "query",
 	//       "type": "string"
 	//     },
-	//     "securityPolicy": {
-	//       "description": "Name of the security policy to update.",
+	//     "serviceAttachment": {
+	//       "description": "The resource id of the ServiceAttachment to patch. It should conform to RFC1035 resource name or be a string form on an unsigned long number.",
 	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 	//       "required": true,
 	//       "type": "string"
-	//     },
-	//     "updateMask": {
-	//       "description": "Indicates fields to be cleared as part of this request.",
-	//       "format": "google-fieldmask",
-	//       "location": "query",
-	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/securityPolicies/{securityPolicy}",
+	//   "path": "projects/{project}/regions/{region}/serviceAttachments/{serviceAttachment}",
 	//   "request": {
-	//     "$ref": "SecurityPolicy"
+	//     "$ref": "ServiceAttachment"
 	//   },
 	//   "response": {
 	//     "$ref": "Operation"
@@ -209215,48 +218693,38 @@ func (c *SecurityPoliciesPatchCall) Do(opts ...googleapi.CallOption) (*Operation
 
 }
 
-// method id "compute.securityPolicies.patchRule":
+// method id "compute.serviceAttachments.setIamPolicy":
 
-type SecurityPoliciesPatchRuleCall struct {
-	s                  *Service
-	project            string
-	securityPolicy     string
-	securitypolicyrule *SecurityPolicyRule
-	urlParams_         gensupport.URLParams
-	ctx_               context.Context
-	header_            http.Header
+type ServiceAttachmentsSetIamPolicyCall struct {
+	s                      *Service
+	project                string
+	region                 string
+	resource               string
+	regionsetpolicyrequest *RegionSetPolicyRequest
+	urlParams_             gensupport.URLParams
+	ctx_                   context.Context
+	header_                http.Header
 }
 
-// PatchRule: Patches a rule at the specified priority.
+// SetIamPolicy: Sets the access control policy on the specified
+// resource. Replaces any existing policy.
 //
 // - project: Project ID for this request.
-// - securityPolicy: Name of the security policy to update.
-func (r *SecurityPoliciesService) PatchRule(project string, securityPolicy string, securitypolicyrule *SecurityPolicyRule) *SecurityPoliciesPatchRuleCall {
-	c := &SecurityPoliciesPatchRuleCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - region: The name of the region for this request.
+// - resource: Name or id of the resource for this request.
+func (r *ServiceAttachmentsService) SetIamPolicy(project string, region string, resource string, regionsetpolicyrequest *RegionSetPolicyRequest) *ServiceAttachmentsSetIamPolicyCall {
+	c := &ServiceAttachmentsSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.securityPolicy = securityPolicy
-	c.securitypolicyrule = securitypolicyrule
-	return c
-}
-
-// Priority sets the optional parameter "priority": The priority of the
-// rule to patch.
-func (c *SecurityPoliciesPatchRuleCall) Priority(priority int64) *SecurityPoliciesPatchRuleCall {
-	c.urlParams_.Set("priority", fmt.Sprint(priority))
-	return c
-}
-
-// ValidateOnly sets the optional parameter "validateOnly": If true, the
-// request will not be committed.
-func (c *SecurityPoliciesPatchRuleCall) ValidateOnly(validateOnly bool) *SecurityPoliciesPatchRuleCall {
-	c.urlParams_.Set("validateOnly", fmt.Sprint(validateOnly))
+	c.region = region
+	c.resource = resource
+	c.regionsetpolicyrequest = regionsetpolicyrequest
 	return c
 }
 
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SecurityPoliciesPatchRuleCall) Fields(s ...googleapi.Field) *SecurityPoliciesPatchRuleCall {
+func (c *ServiceAttachmentsSetIamPolicyCall) Fields(s ...googleapi.Field) *ServiceAttachmentsSetIamPolicyCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -209264,21 +218732,21 @@ func (c *SecurityPoliciesPatchRuleCall) Fields(s ...googleapi.Field) *SecurityPo
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SecurityPoliciesPatchRuleCall) Context(ctx context.Context) *SecurityPoliciesPatchRuleCall {
+func (c *ServiceAttachmentsSetIamPolicyCall) Context(ctx context.Context) *ServiceAttachmentsSetIamPolicyCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SecurityPoliciesPatchRuleCall) Header() http.Header {
+func (c *ServiceAttachmentsSetIamPolicyCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SecurityPoliciesPatchRuleCall) doRequest(alt string) (*http.Response, error) {
+func (c *ServiceAttachmentsSetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -209286,14 +218754,14 @@ func (c *SecurityPoliciesPatchRuleCall) doRequest(alt string) (*http.Response, e
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.securitypolicyrule)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.regionsetpolicyrequest)
 	if err != nil {
 		return nil, err
 	}
 	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/securityPolicies/{securityPolicy}/patchRule")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/serviceAttachments/{resource}/setIamPolicy")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -209301,20 +218769,21 @@ func (c *SecurityPoliciesPatchRuleCall) doRequest(alt string) (*http.Response, e
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project":        c.project,
-		"securityPolicy": c.securityPolicy,
+		"project":  c.project,
+		"region":   c.region,
+		"resource": c.resource,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.securityPolicies.patchRule" call.
-// Exactly one of *Operation or error will be non-nil. Any non-2xx
-// status code is an error. Response headers are in either
-// *Operation.ServerResponse.Header or (if a response was returned at
-// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
-// to check whether the returned error was because
-// http.StatusNotModified was returned.
-func (c *SecurityPoliciesPatchRuleCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+// Do executes the "compute.serviceAttachments.setIamPolicy" call.
+// Exactly one of *Policy or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Policy.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *ServiceAttachmentsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -209333,7 +218802,7 @@ func (c *SecurityPoliciesPatchRuleCall) Do(opts ...googleapi.CallOption) (*Opera
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &Operation{
+	ret := &Policy{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -209345,21 +218814,16 @@ func (c *SecurityPoliciesPatchRuleCall) Do(opts ...googleapi.CallOption) (*Opera
 	}
 	return ret, nil
 	// {
-	//   "description": "Patches a rule at the specified priority.",
-	//   "flatPath": "projects/{project}/global/securityPolicies/{securityPolicy}/patchRule",
+	//   "description": "Sets the access control policy on the specified resource. Replaces any existing policy.",
+	//   "flatPath": "projects/{project}/regions/{region}/serviceAttachments/{resource}/setIamPolicy",
 	//   "httpMethod": "POST",
-	//   "id": "compute.securityPolicies.patchRule",
+	//   "id": "compute.serviceAttachments.setIamPolicy",
 	//   "parameterOrder": [
 	//     "project",
-	//     "securityPolicy"
+	//     "region",
+	//     "resource"
 	//   ],
 	//   "parameters": {
-	//     "priority": {
-	//       "description": "The priority of the rule to patch.",
-	//       "format": "int32",
-	//       "location": "query",
-	//       "type": "integer"
-	//     },
 	//     "project": {
 	//       "description": "Project ID for this request.",
 	//       "location": "path",
@@ -209367,183 +218831,27 @@ func (c *SecurityPoliciesPatchRuleCall) Do(opts ...googleapi.CallOption) (*Opera
 	//       "required": true,
 	//       "type": "string"
 	//     },
-	//     "securityPolicy": {
-	//       "description": "Name of the security policy to update.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "validateOnly": {
-	//       "description": "If true, the request will not be committed.",
-	//       "location": "query",
-	//       "type": "boolean"
-	//     }
-	//   },
-	//   "path": "projects/{project}/global/securityPolicies/{securityPolicy}/patchRule",
-	//   "request": {
-	//     "$ref": "SecurityPolicyRule"
-	//   },
-	//   "response": {
-	//     "$ref": "Operation"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/compute"
-	//   ]
-	// }
-
-}
-
-// method id "compute.securityPolicies.removeRule":
-
-type SecurityPoliciesRemoveRuleCall struct {
-	s              *Service
-	project        string
-	securityPolicy string
-	urlParams_     gensupport.URLParams
-	ctx_           context.Context
-	header_        http.Header
-}
-
-// RemoveRule: Deletes a rule at the specified priority.
-//
-// - project: Project ID for this request.
-// - securityPolicy: Name of the security policy to update.
-func (r *SecurityPoliciesService) RemoveRule(project string, securityPolicy string) *SecurityPoliciesRemoveRuleCall {
-	c := &SecurityPoliciesRemoveRuleCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.project = project
-	c.securityPolicy = securityPolicy
-	return c
-}
-
-// Priority sets the optional parameter "priority": The priority of the
-// rule to remove from the security policy.
-func (c *SecurityPoliciesRemoveRuleCall) Priority(priority int64) *SecurityPoliciesRemoveRuleCall {
-	c.urlParams_.Set("priority", fmt.Sprint(priority))
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *SecurityPoliciesRemoveRuleCall) Fields(s ...googleapi.Field) *SecurityPoliciesRemoveRuleCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *SecurityPoliciesRemoveRuleCall) Context(ctx context.Context) *SecurityPoliciesRemoveRuleCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *SecurityPoliciesRemoveRuleCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *SecurityPoliciesRemoveRuleCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/securityPolicies/{securityPolicy}/removeRule")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("POST", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"project":        c.project,
-		"securityPolicy": c.securityPolicy,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "compute.securityPolicies.removeRule" call.
-// Exactly one of *Operation or error will be non-nil. Any non-2xx
-// status code is an error. Response headers are in either
-// *Operation.ServerResponse.Header or (if a response was returned at
-// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
-// to check whether the returned error was because
-// http.StatusNotModified was returned.
-func (c *SecurityPoliciesRemoveRuleCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &Operation{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Deletes a rule at the specified priority.",
-	//   "flatPath": "projects/{project}/global/securityPolicies/{securityPolicy}/removeRule",
-	//   "httpMethod": "POST",
-	//   "id": "compute.securityPolicies.removeRule",
-	//   "parameterOrder": [
-	//     "project",
-	//     "securityPolicy"
-	//   ],
-	//   "parameters": {
-	//     "priority": {
-	//       "description": "The priority of the rule to remove from the security policy.",
-	//       "format": "int32",
-	//       "location": "query",
-	//       "type": "integer"
-	//     },
-	//     "project": {
-	//       "description": "Project ID for this request.",
+	//     "region": {
+	//       "description": "The name of the region for this request.",
 	//       "location": "path",
-	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
 	//       "required": true,
 	//       "type": "string"
 	//     },
-	//     "securityPolicy": {
-	//       "description": "Name of the security policy to update.",
+	//     "resource": {
+	//       "description": "Name or id of the resource for this request.",
 	//       "location": "path",
 	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 	//       "required": true,
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/securityPolicies/{securityPolicy}/removeRule",
+	//   "path": "projects/{project}/regions/{region}/serviceAttachments/{resource}/setIamPolicy",
+	//   "request": {
+	//     "$ref": "RegionSetPolicyRequest"
+	//   },
 	//   "response": {
-	//     "$ref": "Operation"
+	//     "$ref": "Policy"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
@@ -209553,35 +218861,38 @@ func (c *SecurityPoliciesRemoveRuleCall) Do(opts ...googleapi.CallOption) (*Oper
 
 }
 
-// method id "compute.securityPolicies.setLabels":
+// method id "compute.serviceAttachments.testIamPermissions":
 
-type SecurityPoliciesSetLabelsCall struct {
+type ServiceAttachmentsTestIamPermissionsCall struct {
 	s                      *Service
 	project                string
+	region                 string
 	resource               string
-	globalsetlabelsrequest *GlobalSetLabelsRequest
+	testpermissionsrequest *TestPermissionsRequest
 	urlParams_             gensupport.URLParams
 	ctx_                   context.Context
 	header_                http.Header
 }
 
-// SetLabels: Sets the labels on a security policy. To learn more about
-// labels, read the Labeling Resources documentation.
+// TestIamPermissions: Returns permissions that a caller has on the
+// specified resource.
 //
 // - project: Project ID for this request.
+// - region: The name of the region for this request.
 // - resource: Name or id of the resource for this request.
-func (r *SecurityPoliciesService) SetLabels(project string, resource string, globalsetlabelsrequest *GlobalSetLabelsRequest) *SecurityPoliciesSetLabelsCall {
-	c := &SecurityPoliciesSetLabelsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *ServiceAttachmentsService) TestIamPermissions(project string, region string, resource string, testpermissionsrequest *TestPermissionsRequest) *ServiceAttachmentsTestIamPermissionsCall {
+	c := &ServiceAttachmentsTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
+	c.region = region
 	c.resource = resource
-	c.globalsetlabelsrequest = globalsetlabelsrequest
+	c.testpermissionsrequest = testpermissionsrequest
 	return c
 }
 
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SecurityPoliciesSetLabelsCall) Fields(s ...googleapi.Field) *SecurityPoliciesSetLabelsCall {
+func (c *ServiceAttachmentsTestIamPermissionsCall) Fields(s ...googleapi.Field) *ServiceAttachmentsTestIamPermissionsCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -209589,21 +218900,21 @@ func (c *SecurityPoliciesSetLabelsCall) Fields(s ...googleapi.Field) *SecurityPo
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SecurityPoliciesSetLabelsCall) Context(ctx context.Context) *SecurityPoliciesSetLabelsCall {
+func (c *ServiceAttachmentsTestIamPermissionsCall) Context(ctx context.Context) *ServiceAttachmentsTestIamPermissionsCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SecurityPoliciesSetLabelsCall) Header() http.Header {
+func (c *ServiceAttachmentsTestIamPermissionsCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SecurityPoliciesSetLabelsCall) doRequest(alt string) (*http.Response, error) {
+func (c *ServiceAttachmentsTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -209611,14 +218922,14 @@ func (c *SecurityPoliciesSetLabelsCall) doRequest(alt string) (*http.Response, e
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.globalsetlabelsrequest)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.testpermissionsrequest)
 	if err != nil {
 		return nil, err
 	}
 	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/securityPolicies/{resource}/setLabels")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/serviceAttachments/{resource}/testIamPermissions")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -209627,19 +218938,20 @@ func (c *SecurityPoliciesSetLabelsCall) doRequest(alt string) (*http.Response, e
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
 		"project":  c.project,
+		"region":   c.region,
 		"resource": c.resource,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.securityPolicies.setLabels" call.
-// Exactly one of *Operation or error will be non-nil. Any non-2xx
-// status code is an error. Response headers are in either
-// *Operation.ServerResponse.Header or (if a response was returned at
-// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
-// to check whether the returned error was because
-// http.StatusNotModified was returned.
-func (c *SecurityPoliciesSetLabelsCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+// Do executes the "compute.serviceAttachments.testIamPermissions" call.
+// Exactly one of *TestPermissionsResponse or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *TestPermissionsResponse.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *ServiceAttachmentsTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestPermissionsResponse, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -209658,7 +218970,7 @@ func (c *SecurityPoliciesSetLabelsCall) Do(opts ...googleapi.CallOption) (*Opera
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &Operation{
+	ret := &TestPermissionsResponse{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -209670,12 +218982,13 @@ func (c *SecurityPoliciesSetLabelsCall) Do(opts ...googleapi.CallOption) (*Opera
 	}
 	return ret, nil
 	// {
-	//   "description": "Sets the labels on a security policy. To learn more about labels, read the Labeling Resources documentation.",
-	//   "flatPath": "projects/{project}/global/securityPolicies/{resource}/setLabels",
+	//   "description": "Returns permissions that a caller has on the specified resource.",
+	//   "flatPath": "projects/{project}/regions/{region}/serviceAttachments/{resource}/testIamPermissions",
 	//   "httpMethod": "POST",
-	//   "id": "compute.securityPolicies.setLabels",
+	//   "id": "compute.serviceAttachments.testIamPermissions",
 	//   "parameterOrder": [
 	//     "project",
+	//     "region",
 	//     "resource"
 	//   ],
 	//   "parameters": {
@@ -209686,116 +218999,126 @@ func (c *SecurityPoliciesSetLabelsCall) Do(opts ...googleapi.CallOption) (*Opera
 	//       "required": true,
 	//       "type": "string"
 	//     },
+	//     "region": {
+	//       "description": "The name of the region for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     },
 	//     "resource": {
 	//       "description": "Name or id of the resource for this request.",
 	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9_]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 	//       "required": true,
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/securityPolicies/{resource}/setLabels",
+	//   "path": "projects/{project}/regions/{region}/serviceAttachments/{resource}/testIamPermissions",
 	//   "request": {
-	//     "$ref": "GlobalSetLabelsRequest"
+	//     "$ref": "TestPermissionsRequest"
 	//   },
 	//   "response": {
-	//     "$ref": "Operation"
+	//     "$ref": "TestPermissionsResponse"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/compute"
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
 	//   ]
 	// }
 
 }
 
-// method id "compute.securityPolicies.testIamPermissions":
+// method id "compute.snapshotSettings.get":
 
-type SecurityPoliciesTestIamPermissionsCall struct {
-	s                      *Service
-	project                string
-	resource               string
-	testpermissionsrequest *TestPermissionsRequest
-	urlParams_             gensupport.URLParams
-	ctx_                   context.Context
-	header_                http.Header
+type SnapshotSettingsGetCall struct {
+	s            *Service
+	project      string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
 }
 
-// TestIamPermissions: Returns permissions that a caller has on the
-// specified resource.
+// Get: Get snapshot settings.
 //
 // - project: Project ID for this request.
-// - resource: Name or id of the resource for this request.
-func (r *SecurityPoliciesService) TestIamPermissions(project string, resource string, testpermissionsrequest *TestPermissionsRequest) *SecurityPoliciesTestIamPermissionsCall {
-	c := &SecurityPoliciesTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *SnapshotSettingsService) Get(project string) *SnapshotSettingsGetCall {
+	c := &SnapshotSettingsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.resource = resource
-	c.testpermissionsrequest = testpermissionsrequest
 	return c
 }
 
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SecurityPoliciesTestIamPermissionsCall) Fields(s ...googleapi.Field) *SecurityPoliciesTestIamPermissionsCall {
+func (c *SnapshotSettingsGetCall) Fields(s ...googleapi.Field) *SnapshotSettingsGetCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
 
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *SnapshotSettingsGetCall) IfNoneMatch(entityTag string) *SnapshotSettingsGetCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SecurityPoliciesTestIamPermissionsCall) Context(ctx context.Context) *SecurityPoliciesTestIamPermissionsCall {
+func (c *SnapshotSettingsGetCall) Context(ctx context.Context) *SnapshotSettingsGetCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SecurityPoliciesTestIamPermissionsCall) Header() http.Header {
+func (c *SnapshotSettingsGetCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SecurityPoliciesTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
+func (c *SnapshotSettingsGetCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
 		reqHeaders[k] = v
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.testpermissionsrequest)
-	if err != nil {
-		return nil, err
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
 	}
-	reqHeaders.Set("Content-Type", "application/json")
+	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/securityPolicies/{resource}/testIamPermissions")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/snapshotSettings")
 	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("POST", urls, body)
+	req, err := http.NewRequest("GET", urls, body)
 	if err != nil {
 		return nil, err
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project":  c.project,
-		"resource": c.resource,
+		"project": c.project,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.securityPolicies.testIamPermissions" call.
-// Exactly one of *TestPermissionsResponse or error will be non-nil. Any
+// Do executes the "compute.snapshotSettings.get" call.
+// Exactly one of *SnapshotSettings or error will be non-nil. Any
 // non-2xx status code is an error. Response headers are in either
-// *TestPermissionsResponse.ServerResponse.Header or (if a response was
+// *SnapshotSettings.ServerResponse.Header or (if a response was
 // returned at all) in error.(*googleapi.Error).Header. Use
 // googleapi.IsNotModified to check whether the returned error was
 // because http.StatusNotModified was returned.
-func (c *SecurityPoliciesTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestPermissionsResponse, error) {
+func (c *SnapshotSettingsGetCall) Do(opts ...googleapi.CallOption) (*SnapshotSettings, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -209814,7 +219137,7 @@ func (c *SecurityPoliciesTestIamPermissionsCall) Do(opts ...googleapi.CallOption
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &TestPermissionsResponse{
+	ret := &SnapshotSettings{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -209826,13 +219149,12 @@ func (c *SecurityPoliciesTestIamPermissionsCall) Do(opts ...googleapi.CallOption
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns permissions that a caller has on the specified resource.",
-	//   "flatPath": "projects/{project}/global/securityPolicies/{resource}/testIamPermissions",
-	//   "httpMethod": "POST",
-	//   "id": "compute.securityPolicies.testIamPermissions",
+	//   "description": "Get snapshot settings.",
+	//   "flatPath": "projects/{project}/global/snapshotSettings",
+	//   "httpMethod": "GET",
+	//   "id": "compute.snapshotSettings.get",
 	//   "parameterOrder": [
-	//     "project",
-	//     "resource"
+	//     "project"
 	//   ],
 	//   "parameters": {
 	//     "project": {
@@ -209841,21 +219163,11 @@ func (c *SecurityPoliciesTestIamPermissionsCall) Do(opts ...googleapi.CallOption
 	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
 	//       "required": true,
 	//       "type": "string"
-	//     },
-	//     "resource": {
-	//       "description": "Name or id of the resource for this request.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9_]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-	//       "required": true,
-	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/securityPolicies/{resource}/testIamPermissions",
-	//   "request": {
-	//     "$ref": "TestPermissionsRequest"
-	//   },
+	//   "path": "projects/{project}/global/snapshotSettings",
 	//   "response": {
-	//     "$ref": "TestPermissionsResponse"
+	//     "$ref": "SnapshotSettings"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
@@ -209866,173 +219178,93 @@ func (c *SecurityPoliciesTestIamPermissionsCall) Do(opts ...googleapi.CallOption
 
 }
 
-// method id "compute.serviceAttachments.aggregatedList":
+// method id "compute.snapshotSettings.patch":
 
-type ServiceAttachmentsAggregatedListCall struct {
-	s            *Service
-	project      string
-	urlParams_   gensupport.URLParams
-	ifNoneMatch_ string
-	ctx_         context.Context
-	header_      http.Header
+type SnapshotSettingsPatchCall struct {
+	s                *Service
+	project          string
+	snapshotsettings *SnapshotSettings
+	urlParams_       gensupport.URLParams
+	ctx_             context.Context
+	header_          http.Header
 }
 
-// AggregatedList: Retrieves the list of all ServiceAttachment
-// resources, regional and global, available to the specified project.
+// Patch: Patch snapshot settings.
 //
-// - project: Name of the project scoping this request.
-func (r *ServiceAttachmentsService) AggregatedList(project string) *ServiceAttachmentsAggregatedListCall {
-	c := &ServiceAttachmentsAggregatedListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - project: Project ID for this request.
+func (r *SnapshotSettingsService) Patch(project string, snapshotsettings *SnapshotSettings) *SnapshotSettingsPatchCall {
+	c := &SnapshotSettingsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
+	c.snapshotsettings = snapshotsettings
 	return c
 }
 
-// Filter sets the optional parameter "filter": A filter expression that
-// filters resources listed in the response. Most Compute resources
-// support two types of filter expressions: expressions that support
-// regular expressions and expressions that follow API improvement
-// proposal AIP-160. If you want to use AIP-160, your expression must
-// specify the field name, an operator, and the value that you want to
-// use for filtering. The value must be a string, a number, or a
-// boolean. The operator must be either `=`, `!=`, `>`, `<`, `<=`, `>=`
-// or `:`. For example, if you are filtering Compute Engine instances,
-// you can exclude instances named `example-instance` by specifying
-// `name != example-instance`. The `:` operator can be used with string
-// fields to match substrings. For non-string fields it is equivalent to
-// the `=` operator. The `:*` comparison can be used to test whether a
-// key has been defined. For example, to find all objects with `owner`
-// label use: ``` labels.owner:* ``` You can also filter nested fields.
-// For example, you could specify `scheduling.automaticRestart = false`
-// to include instances only if they are not scheduled for automatic
-// restarts. You can use filtering on nested fields to filter based on
-// resource labels. To filter on multiple expressions, provide each
-// separate expression within parentheses. For example: ```
-// (scheduling.automaticRestart = true) (cpuPlatform = "Intel Skylake")
-// ``` By default, each expression is an `AND` expression. However, you
-// can include `AND` and `OR` expressions explicitly. For example: ```
-// (cpuPlatform = "Intel Skylake") OR (cpuPlatform = "Intel Broadwell")
-// AND (scheduling.automaticRestart = true) ``` If you want to use a
-// regular expression, use the `eq` (equal) or `ne` (not equal) operator
-// against a single un-parenthesized expression with or without quotes
-// or against multiple parenthesized expressions. Examples: `fieldname
-// eq unquoted literal` `fieldname eq 'single quoted literal'`
-// `fieldname eq "double quoted literal" `(fieldname1 eq literal)
-// (fieldname2 ne "literal")` The literal value is interpreted as a
-// regular expression using Google RE2 library syntax. The literal value
-// must match the entire field. For example, to filter for instances
-// that do not end with name "instance", you would use `name ne
-// .*instance`.
-func (c *ServiceAttachmentsAggregatedListCall) Filter(filter string) *ServiceAttachmentsAggregatedListCall {
-	c.urlParams_.Set("filter", filter)
-	return c
-}
-
-// IncludeAllScopes sets the optional parameter "includeAllScopes":
-// Indicates whether every visible scope for each scope type (zone,
-// region, global) should be included in the response. For new resource
-// types added after this field, the flag has no effect as new resource
-// types will always include every visible scope for each scope type in
-// response. For resource types which predate this field, if this flag
-// is omitted or false, only scopes of the scope types where the
-// resource type is expected to be found will be included.
-func (c *ServiceAttachmentsAggregatedListCall) IncludeAllScopes(includeAllScopes bool) *ServiceAttachmentsAggregatedListCall {
-	c.urlParams_.Set("includeAllScopes", fmt.Sprint(includeAllScopes))
-	return c
-}
-
-// MaxResults sets the optional parameter "maxResults": The maximum
-// number of results per page that should be returned. If the number of
-// available results is larger than `maxResults`, Compute Engine returns
-// a `nextPageToken` that can be used to get the next page of results in
-// subsequent list requests. Acceptable values are `0` to `500`,
-// inclusive. (Default: `500`)
-func (c *ServiceAttachmentsAggregatedListCall) MaxResults(maxResults int64) *ServiceAttachmentsAggregatedListCall {
-	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
-	return c
-}
-
-// OrderBy sets the optional parameter "orderBy": Sorts list results by
-// a certain order. By default, results are returned in alphanumerical
-// order based on the resource name. You can also sort results in
-// descending order based on the creation timestamp using
-// `orderBy="creationTimestamp desc". This sorts results based on the
-// `creationTimestamp` field in reverse chronological order (newest
-// result first). Use this to sort resources like operations so that the
-// newest operation is returned first. Currently, only sorting by `name`
-// or `creationTimestamp desc` is supported.
-func (c *ServiceAttachmentsAggregatedListCall) OrderBy(orderBy string) *ServiceAttachmentsAggregatedListCall {
-	c.urlParams_.Set("orderBy", orderBy)
-	return c
-}
-
-// PageToken sets the optional parameter "pageToken": Specifies a page
-// token to use. Set `pageToken` to the `nextPageToken` returned by a
-// previous list request to get the next page of results.
-func (c *ServiceAttachmentsAggregatedListCall) PageToken(pageToken string) *ServiceAttachmentsAggregatedListCall {
-	c.urlParams_.Set("pageToken", pageToken)
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *SnapshotSettingsPatchCall) RequestId(requestId string) *SnapshotSettingsPatchCall {
+	c.urlParams_.Set("requestId", requestId)
 	return c
 }
 
-// ReturnPartialSuccess sets the optional parameter
-// "returnPartialSuccess": Opt-in for partial success behavior which
-// provides partial results in case of failure. The default value is
-// false.
-func (c *ServiceAttachmentsAggregatedListCall) ReturnPartialSuccess(returnPartialSuccess bool) *ServiceAttachmentsAggregatedListCall {
-	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
+// UpdateMask sets the optional parameter "updateMask": update_mask
+// indicates fields to be updated as part of this request.
+func (c *SnapshotSettingsPatchCall) UpdateMask(updateMask string) *SnapshotSettingsPatchCall {
+	c.urlParams_.Set("updateMask", updateMask)
 	return c
 }
 
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *ServiceAttachmentsAggregatedListCall) Fields(s ...googleapi.Field) *ServiceAttachmentsAggregatedListCall {
+func (c *SnapshotSettingsPatchCall) Fields(s ...googleapi.Field) *SnapshotSettingsPatchCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
 
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *ServiceAttachmentsAggregatedListCall) IfNoneMatch(entityTag string) *ServiceAttachmentsAggregatedListCall {
-	c.ifNoneMatch_ = entityTag
-	return c
-}
-
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *ServiceAttachmentsAggregatedListCall) Context(ctx context.Context) *ServiceAttachmentsAggregatedListCall {
+func (c *SnapshotSettingsPatchCall) Context(ctx context.Context) *SnapshotSettingsPatchCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *ServiceAttachmentsAggregatedListCall) Header() http.Header {
+func (c *SnapshotSettingsPatchCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *ServiceAttachmentsAggregatedListCall) doRequest(alt string) (*http.Response, error) {
+func (c *SnapshotSettingsPatchCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
 		reqHeaders[k] = v
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
 	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.snapshotsettings)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/aggregated/serviceAttachments")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/snapshotSettings")
 	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
+	req, err := http.NewRequest("PATCH", urls, body)
 	if err != nil {
 		return nil, err
 	}
@@ -210043,14 +219275,14 @@ func (c *ServiceAttachmentsAggregatedListCall) doRequest(alt string) (*http.Resp
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.serviceAttachments.aggregatedList" call.
-// Exactly one of *ServiceAttachmentAggregatedList or error will be
-// non-nil. Any non-2xx status code is an error. Response headers are in
-// either *ServiceAttachmentAggregatedList.ServerResponse.Header or (if
-// a response was returned at all) in error.(*googleapi.Error).Header.
-// Use googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *ServiceAttachmentsAggregatedListCall) Do(opts ...googleapi.CallOption) (*ServiceAttachmentAggregatedList, error) {
+// Do executes the "compute.snapshotSettings.patch" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *SnapshotSettingsPatchCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -210069,7 +219301,7 @@ func (c *ServiceAttachmentsAggregatedListCall) Do(opts ...googleapi.CallOption)
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &ServiceAttachmentAggregatedList{
+	ret := &Operation{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -210081,112 +219313,72 @@ func (c *ServiceAttachmentsAggregatedListCall) Do(opts ...googleapi.CallOption)
 	}
 	return ret, nil
 	// {
-	//   "description": "Retrieves the list of all ServiceAttachment resources, regional and global, available to the specified project.",
-	//   "flatPath": "projects/{project}/aggregated/serviceAttachments",
-	//   "httpMethod": "GET",
-	//   "id": "compute.serviceAttachments.aggregatedList",
+	//   "description": "Patch snapshot settings.",
+	//   "flatPath": "projects/{project}/global/snapshotSettings",
+	//   "httpMethod": "PATCH",
+	//   "id": "compute.snapshotSettings.patch",
 	//   "parameterOrder": [
 	//     "project"
 	//   ],
 	//   "parameters": {
-	//     "filter": {
-	//       "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "includeAllScopes": {
-	//       "description": "Indicates whether every visible scope for each scope type (zone, region, global) should be included in the response. For new resource types added after this field, the flag has no effect as new resource types will always include every visible scope for each scope type in response. For resource types which predate this field, if this flag is omitted or false, only scopes of the scope types where the resource type is expected to be found will be included.",
-	//       "location": "query",
-	//       "type": "boolean"
-	//     },
-	//     "maxResults": {
-	//       "default": "500",
-	//       "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
-	//       "format": "uint32",
-	//       "location": "query",
-	//       "minimum": "0",
-	//       "type": "integer"
-	//     },
-	//     "orderBy": {
-	//       "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "pageToken": {
-	//       "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
 	//     "project": {
-	//       "description": "Name of the project scoping this request.",
+	//       "description": "Project ID for this request.",
 	//       "location": "path",
 	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
 	//       "required": true,
 	//       "type": "string"
 	//     },
-	//     "returnPartialSuccess": {
-	//       "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
 	//       "location": "query",
-	//       "type": "boolean"
+	//       "type": "string"
+	//     },
+	//     "updateMask": {
+	//       "description": "update_mask indicates fields to be updated as part of this request.",
+	//       "format": "google-fieldmask",
+	//       "location": "query",
+	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/aggregated/serviceAttachments",
+	//   "path": "projects/{project}/global/snapshotSettings",
+	//   "request": {
+	//     "$ref": "SnapshotSettings"
+	//   },
 	//   "response": {
-	//     "$ref": "ServiceAttachmentAggregatedList"
+	//     "$ref": "Operation"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/compute",
-	//     "https://www.googleapis.com/auth/compute.readonly"
+	//     "https://www.googleapis.com/auth/compute"
 	//   ]
 	// }
 
 }
 
-// Pages invokes f for each page of results.
-// A non-nil error returned from f will halt the iteration.
-// The provided context supersedes any context provided to the Context method.
-func (c *ServiceAttachmentsAggregatedListCall) Pages(ctx context.Context, f func(*ServiceAttachmentAggregatedList) error) error {
-	c.ctx_ = ctx
-	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
-	for {
-		x, err := c.Do()
-		if err != nil {
-			return err
-		}
-		if err := f(x); err != nil {
-			return err
-		}
-		if x.NextPageToken == "" {
-			return nil
-		}
-		c.PageToken(x.NextPageToken)
-	}
-}
-
-// method id "compute.serviceAttachments.delete":
+// method id "compute.snapshots.delete":
 
-type ServiceAttachmentsDeleteCall struct {
-	s                 *Service
-	project           string
-	region            string
-	serviceAttachment string
-	urlParams_        gensupport.URLParams
-	ctx_              context.Context
-	header_           http.Header
+type SnapshotsDeleteCall struct {
+	s          *Service
+	project    string
+	snapshot   string
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
 }
 
-// Delete: Deletes the specified ServiceAttachment in the given scope
+// Delete: Deletes the specified Snapshot resource. Keep in mind that
+// deleting a single snapshot might not necessarily delete all the data
+// on that snapshot. If any data on the snapshot that is marked for
+// deletion is needed for subsequent snapshots, the data will be moved
+// to the next corresponding snapshot. For more information, see
+// Deleting snapshots.
 //
-//   - project: Project ID for this request.
-//   - region: Name of the region of this request.
-//   - serviceAttachment: Name of the ServiceAttachment resource to
-//     delete.
-func (r *ServiceAttachmentsService) Delete(project string, region string, serviceAttachment string) *ServiceAttachmentsDeleteCall {
-	c := &ServiceAttachmentsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - project: Project ID for this request.
+// - snapshot: Name of the Snapshot resource to delete.
+func (r *SnapshotsService) Delete(project string, snapshot string) *SnapshotsDeleteCall {
+	c := &SnapshotsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.region = region
-	c.serviceAttachment = serviceAttachment
+	c.snapshot = snapshot
 	return c
 }
 
@@ -210201,7 +219393,7 @@ func (r *ServiceAttachmentsService) Delete(project string, region string, servic
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *ServiceAttachmentsDeleteCall) RequestId(requestId string) *ServiceAttachmentsDeleteCall {
+func (c *SnapshotsDeleteCall) RequestId(requestId string) *SnapshotsDeleteCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -210209,7 +219401,7 @@ func (c *ServiceAttachmentsDeleteCall) RequestId(requestId string) *ServiceAttac
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *ServiceAttachmentsDeleteCall) Fields(s ...googleapi.Field) *ServiceAttachmentsDeleteCall {
+func (c *SnapshotsDeleteCall) Fields(s ...googleapi.Field) *SnapshotsDeleteCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -210217,21 +219409,21 @@ func (c *ServiceAttachmentsDeleteCall) Fields(s ...googleapi.Field) *ServiceAtta
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *ServiceAttachmentsDeleteCall) Context(ctx context.Context) *ServiceAttachmentsDeleteCall {
+func (c *SnapshotsDeleteCall) Context(ctx context.Context) *SnapshotsDeleteCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *ServiceAttachmentsDeleteCall) Header() http.Header {
+func (c *SnapshotsDeleteCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *ServiceAttachmentsDeleteCall) doRequest(alt string) (*http.Response, error) {
+func (c *SnapshotsDeleteCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -210241,7 +219433,7 @@ func (c *ServiceAttachmentsDeleteCall) doRequest(alt string) (*http.Response, er
 	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/serviceAttachments/{serviceAttachment}")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/snapshots/{snapshot}")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("DELETE", urls, body)
 	if err != nil {
@@ -210249,21 +219441,20 @@ func (c *ServiceAttachmentsDeleteCall) doRequest(alt string) (*http.Response, er
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project":           c.project,
-		"region":            c.region,
-		"serviceAttachment": c.serviceAttachment,
+		"project":  c.project,
+		"snapshot": c.snapshot,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.serviceAttachments.delete" call.
+// Do executes the "compute.snapshots.delete" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *ServiceAttachmentsDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *SnapshotsDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -210294,14 +219485,13 @@ func (c *ServiceAttachmentsDeleteCall) Do(opts ...googleapi.CallOption) (*Operat
 	}
 	return ret, nil
 	// {
-	//   "description": "Deletes the specified ServiceAttachment in the given scope",
-	//   "flatPath": "projects/{project}/regions/{region}/serviceAttachments/{serviceAttachment}",
+	//   "description": "Deletes the specified Snapshot resource. Keep in mind that deleting a single snapshot might not necessarily delete all the data on that snapshot. If any data on the snapshot that is marked for deletion is needed for subsequent snapshots, the data will be moved to the next corresponding snapshot. For more information, see Deleting snapshots.",
+	//   "flatPath": "projects/{project}/global/snapshots/{snapshot}",
 	//   "httpMethod": "DELETE",
-	//   "id": "compute.serviceAttachments.delete",
+	//   "id": "compute.snapshots.delete",
 	//   "parameterOrder": [
 	//     "project",
-	//     "region",
-	//     "serviceAttachment"
+	//     "snapshot"
 	//   ],
 	//   "parameters": {
 	//     "project": {
@@ -210311,27 +219501,20 @@ func (c *ServiceAttachmentsDeleteCall) Do(opts ...googleapi.CallOption) (*Operat
 	//       "required": true,
 	//       "type": "string"
 	//     },
-	//     "region": {
-	//       "description": "Name of the region of this request.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-	//       "required": true,
-	//       "type": "string"
-	//     },
 	//     "requestId": {
 	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
 	//       "location": "query",
 	//       "type": "string"
 	//     },
-	//     "serviceAttachment": {
-	//       "description": "Name of the ServiceAttachment resource to delete.",
+	//     "snapshot": {
+	//       "description": "Name of the Snapshot resource to delete.",
 	//       "location": "path",
 	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 	//       "required": true,
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/regions/{region}/serviceAttachments/{serviceAttachment}",
+	//   "path": "projects/{project}/global/snapshots/{snapshot}",
 	//   "response": {
 	//     "$ref": "Operation"
 	//   },
@@ -210343,38 +219526,33 @@ func (c *ServiceAttachmentsDeleteCall) Do(opts ...googleapi.CallOption) (*Operat
 
 }
 
-// method id "compute.serviceAttachments.get":
+// method id "compute.snapshots.get":
 
-type ServiceAttachmentsGetCall struct {
-	s                 *Service
-	project           string
-	region            string
-	serviceAttachment string
-	urlParams_        gensupport.URLParams
-	ifNoneMatch_      string
-	ctx_              context.Context
-	header_           http.Header
+type SnapshotsGetCall struct {
+	s            *Service
+	project      string
+	snapshot     string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
 }
 
-// Get: Returns the specified ServiceAttachment resource in the given
-// scope.
+// Get: Returns the specified Snapshot resource.
 //
-//   - project: Project ID for this request.
-//   - region: Name of the region of this request.
-//   - serviceAttachment: Name of the ServiceAttachment resource to
-//     return.
-func (r *ServiceAttachmentsService) Get(project string, region string, serviceAttachment string) *ServiceAttachmentsGetCall {
-	c := &ServiceAttachmentsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - project: Project ID for this request.
+// - snapshot: Name of the Snapshot resource to return.
+func (r *SnapshotsService) Get(project string, snapshot string) *SnapshotsGetCall {
+	c := &SnapshotsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.region = region
-	c.serviceAttachment = serviceAttachment
+	c.snapshot = snapshot
 	return c
 }
 
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *ServiceAttachmentsGetCall) Fields(s ...googleapi.Field) *ServiceAttachmentsGetCall {
+func (c *SnapshotsGetCall) Fields(s ...googleapi.Field) *SnapshotsGetCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -210384,7 +219562,7 @@ func (c *ServiceAttachmentsGetCall) Fields(s ...googleapi.Field) *ServiceAttachm
 // getting updates only after the object has changed since the last
 // request. Use googleapi.IsNotModified to check whether the response
 // error from Do is the result of In-None-Match.
-func (c *ServiceAttachmentsGetCall) IfNoneMatch(entityTag string) *ServiceAttachmentsGetCall {
+func (c *SnapshotsGetCall) IfNoneMatch(entityTag string) *SnapshotsGetCall {
 	c.ifNoneMatch_ = entityTag
 	return c
 }
@@ -210392,21 +219570,21 @@ func (c *ServiceAttachmentsGetCall) IfNoneMatch(entityTag string) *ServiceAttach
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *ServiceAttachmentsGetCall) Context(ctx context.Context) *ServiceAttachmentsGetCall {
+func (c *SnapshotsGetCall) Context(ctx context.Context) *SnapshotsGetCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *ServiceAttachmentsGetCall) Header() http.Header {
+func (c *SnapshotsGetCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *ServiceAttachmentsGetCall) doRequest(alt string) (*http.Response, error) {
+func (c *SnapshotsGetCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -210419,7 +219597,7 @@ func (c *ServiceAttachmentsGetCall) doRequest(alt string) (*http.Response, error
 	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/serviceAttachments/{serviceAttachment}")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/snapshots/{snapshot}")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("GET", urls, body)
 	if err != nil {
@@ -210427,21 +219605,20 @@ func (c *ServiceAttachmentsGetCall) doRequest(alt string) (*http.Response, error
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project":           c.project,
-		"region":            c.region,
-		"serviceAttachment": c.serviceAttachment,
+		"project":  c.project,
+		"snapshot": c.snapshot,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.serviceAttachments.get" call.
-// Exactly one of *ServiceAttachment or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *ServiceAttachment.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *ServiceAttachmentsGetCall) Do(opts ...googleapi.CallOption) (*ServiceAttachment, error) {
+// Do executes the "compute.snapshots.get" call.
+// Exactly one of *Snapshot or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Snapshot.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *SnapshotsGetCall) Do(opts ...googleapi.CallOption) (*Snapshot, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -210460,7 +219637,7 @@ func (c *ServiceAttachmentsGetCall) Do(opts ...googleapi.CallOption) (*ServiceAt
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &ServiceAttachment{
+	ret := &Snapshot{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -210472,14 +219649,13 @@ func (c *ServiceAttachmentsGetCall) Do(opts ...googleapi.CallOption) (*ServiceAt
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified ServiceAttachment resource in the given scope.",
-	//   "flatPath": "projects/{project}/regions/{region}/serviceAttachments/{serviceAttachment}",
+	//   "description": "Returns the specified Snapshot resource.",
+	//   "flatPath": "projects/{project}/global/snapshots/{snapshot}",
 	//   "httpMethod": "GET",
-	//   "id": "compute.serviceAttachments.get",
+	//   "id": "compute.snapshots.get",
 	//   "parameterOrder": [
 	//     "project",
-	//     "region",
-	//     "serviceAttachment"
+	//     "snapshot"
 	//   ],
 	//   "parameters": {
 	//     "project": {
@@ -210489,24 +219665,17 @@ func (c *ServiceAttachmentsGetCall) Do(opts ...googleapi.CallOption) (*ServiceAt
 	//       "required": true,
 	//       "type": "string"
 	//     },
-	//     "region": {
-	//       "description": "Name of the region of this request.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "serviceAttachment": {
-	//       "description": "Name of the ServiceAttachment resource to return.",
+	//     "snapshot": {
+	//       "description": "Name of the Snapshot resource to return.",
 	//       "location": "path",
 	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 	//       "required": true,
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/regions/{region}/serviceAttachments/{serviceAttachment}",
+	//   "path": "projects/{project}/global/snapshots/{snapshot}",
 	//   "response": {
-	//     "$ref": "ServiceAttachment"
+	//     "$ref": "Snapshot"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
@@ -210517,12 +219686,11 @@ func (c *ServiceAttachmentsGetCall) Do(opts ...googleapi.CallOption) (*ServiceAt
 
 }
 
-// method id "compute.serviceAttachments.getIamPolicy":
+// method id "compute.snapshots.getIamPolicy":
 
-type ServiceAttachmentsGetIamPolicyCall struct {
+type SnapshotsGetIamPolicyCall struct {
 	s            *Service
 	project      string
-	region       string
 	resource     string
 	urlParams_   gensupport.URLParams
 	ifNoneMatch_ string
@@ -210534,19 +219702,17 @@ type ServiceAttachmentsGetIamPolicyCall struct {
 // empty if no such policy or resource exists.
 //
 // - project: Project ID for this request.
-// - region: The name of the region for this request.
 // - resource: Name or id of the resource for this request.
-func (r *ServiceAttachmentsService) GetIamPolicy(project string, region string, resource string) *ServiceAttachmentsGetIamPolicyCall {
-	c := &ServiceAttachmentsGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *SnapshotsService) GetIamPolicy(project string, resource string) *SnapshotsGetIamPolicyCall {
+	c := &SnapshotsGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.region = region
 	c.resource = resource
 	return c
 }
 
 // OptionsRequestedPolicyVersion sets the optional parameter
 // "optionsRequestedPolicyVersion": Requested IAM Policy version.
-func (c *ServiceAttachmentsGetIamPolicyCall) OptionsRequestedPolicyVersion(optionsRequestedPolicyVersion int64) *ServiceAttachmentsGetIamPolicyCall {
+func (c *SnapshotsGetIamPolicyCall) OptionsRequestedPolicyVersion(optionsRequestedPolicyVersion int64) *SnapshotsGetIamPolicyCall {
 	c.urlParams_.Set("optionsRequestedPolicyVersion", fmt.Sprint(optionsRequestedPolicyVersion))
 	return c
 }
@@ -210554,7 +219720,7 @@ func (c *ServiceAttachmentsGetIamPolicyCall) OptionsRequestedPolicyVersion(optio
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *ServiceAttachmentsGetIamPolicyCall) Fields(s ...googleapi.Field) *ServiceAttachmentsGetIamPolicyCall {
+func (c *SnapshotsGetIamPolicyCall) Fields(s ...googleapi.Field) *SnapshotsGetIamPolicyCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -210564,7 +219730,7 @@ func (c *ServiceAttachmentsGetIamPolicyCall) Fields(s ...googleapi.Field) *Servi
 // getting updates only after the object has changed since the last
 // request. Use googleapi.IsNotModified to check whether the response
 // error from Do is the result of In-None-Match.
-func (c *ServiceAttachmentsGetIamPolicyCall) IfNoneMatch(entityTag string) *ServiceAttachmentsGetIamPolicyCall {
+func (c *SnapshotsGetIamPolicyCall) IfNoneMatch(entityTag string) *SnapshotsGetIamPolicyCall {
 	c.ifNoneMatch_ = entityTag
 	return c
 }
@@ -210572,21 +219738,21 @@ func (c *ServiceAttachmentsGetIamPolicyCall) IfNoneMatch(entityTag string) *Serv
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *ServiceAttachmentsGetIamPolicyCall) Context(ctx context.Context) *ServiceAttachmentsGetIamPolicyCall {
+func (c *SnapshotsGetIamPolicyCall) Context(ctx context.Context) *SnapshotsGetIamPolicyCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *ServiceAttachmentsGetIamPolicyCall) Header() http.Header {
+func (c *SnapshotsGetIamPolicyCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *ServiceAttachmentsGetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
+func (c *SnapshotsGetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -210599,7 +219765,7 @@ func (c *ServiceAttachmentsGetIamPolicyCall) doRequest(alt string) (*http.Respon
 	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/serviceAttachments/{resource}/getIamPolicy")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/snapshots/{resource}/getIamPolicy")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("GET", urls, body)
 	if err != nil {
@@ -210608,20 +219774,19 @@ func (c *ServiceAttachmentsGetIamPolicyCall) doRequest(alt string) (*http.Respon
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
 		"project":  c.project,
-		"region":   c.region,
 		"resource": c.resource,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.serviceAttachments.getIamPolicy" call.
+// Do executes the "compute.snapshots.getIamPolicy" call.
 // Exactly one of *Policy or error will be non-nil. Any non-2xx status
 // code is an error. Response headers are in either
 // *Policy.ServerResponse.Header or (if a response was returned at all)
 // in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
 // check whether the returned error was because http.StatusNotModified
 // was returned.
-func (c *ServiceAttachmentsGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
+func (c *SnapshotsGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -210653,12 +219818,11 @@ func (c *ServiceAttachmentsGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*
 	return ret, nil
 	// {
 	//   "description": "Gets the access control policy for a resource. May be empty if no such policy or resource exists.",
-	//   "flatPath": "projects/{project}/regions/{region}/serviceAttachments/{resource}/getIamPolicy",
+	//   "flatPath": "projects/{project}/global/snapshots/{resource}/getIamPolicy",
 	//   "httpMethod": "GET",
-	//   "id": "compute.serviceAttachments.getIamPolicy",
+	//   "id": "compute.snapshots.getIamPolicy",
 	//   "parameterOrder": [
 	//     "project",
-	//     "region",
 	//     "resource"
 	//   ],
 	//   "parameters": {
@@ -210675,22 +219839,15 @@ func (c *ServiceAttachmentsGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*
 	//       "required": true,
 	//       "type": "string"
 	//     },
-	//     "region": {
-	//       "description": "The name of the region for this request.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-	//       "required": true,
-	//       "type": "string"
-	//     },
 	//     "resource": {
 	//       "description": "Name or id of the resource for this request.",
 	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "pattern": "[a-z](?:[-a-z0-9_]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 	//       "required": true,
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/regions/{region}/serviceAttachments/{resource}/getIamPolicy",
+	//   "path": "projects/{project}/global/snapshots/{resource}/getIamPolicy",
 	//   "response": {
 	//     "$ref": "Policy"
 	//   },
@@ -210703,28 +219860,28 @@ func (c *ServiceAttachmentsGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*
 
 }
 
-// method id "compute.serviceAttachments.insert":
+// method id "compute.snapshots.insert":
 
-type ServiceAttachmentsInsertCall struct {
-	s                 *Service
-	project           string
-	region            string
-	serviceattachment *ServiceAttachment
-	urlParams_        gensupport.URLParams
-	ctx_              context.Context
-	header_           http.Header
+type SnapshotsInsertCall struct {
+	s          *Service
+	project    string
+	snapshot   *Snapshot
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
 }
 
-// Insert: Creates a ServiceAttachment in the specified project in the
-// given scope using the parameters that are included in the request.
+// Insert: Creates a snapshot in the specified project using the data
+// included in the request. For regular snapshot creation, consider
+// using this method instead of disks.createSnapshot, as this method
+// supports more features, such as creating snapshots in a project
+// different from the source disk project.
 //
 // - project: Project ID for this request.
-// - region: Name of the region of this request.
-func (r *ServiceAttachmentsService) Insert(project string, region string, serviceattachment *ServiceAttachment) *ServiceAttachmentsInsertCall {
-	c := &ServiceAttachmentsInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *SnapshotsService) Insert(project string, snapshot *Snapshot) *SnapshotsInsertCall {
+	c := &SnapshotsInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.region = region
-	c.serviceattachment = serviceattachment
+	c.snapshot = snapshot
 	return c
 }
 
@@ -210739,7 +219896,7 @@ func (r *ServiceAttachmentsService) Insert(project string, region string, servic
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *ServiceAttachmentsInsertCall) RequestId(requestId string) *ServiceAttachmentsInsertCall {
+func (c *SnapshotsInsertCall) RequestId(requestId string) *SnapshotsInsertCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -210747,7 +219904,7 @@ func (c *ServiceAttachmentsInsertCall) RequestId(requestId string) *ServiceAttac
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *ServiceAttachmentsInsertCall) Fields(s ...googleapi.Field) *ServiceAttachmentsInsertCall {
+func (c *SnapshotsInsertCall) Fields(s ...googleapi.Field) *SnapshotsInsertCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -210755,21 +219912,21 @@ func (c *ServiceAttachmentsInsertCall) Fields(s ...googleapi.Field) *ServiceAtta
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *ServiceAttachmentsInsertCall) Context(ctx context.Context) *ServiceAttachmentsInsertCall {
+func (c *SnapshotsInsertCall) Context(ctx context.Context) *SnapshotsInsertCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *ServiceAttachmentsInsertCall) Header() http.Header {
+func (c *SnapshotsInsertCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *ServiceAttachmentsInsertCall) doRequest(alt string) (*http.Response, error) {
+func (c *SnapshotsInsertCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -210777,14 +219934,14 @@ func (c *ServiceAttachmentsInsertCall) doRequest(alt string) (*http.Response, er
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.serviceattachment)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.snapshot)
 	if err != nil {
 		return nil, err
 	}
 	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/serviceAttachments")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/snapshots")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -210793,19 +219950,18 @@ func (c *ServiceAttachmentsInsertCall) doRequest(alt string) (*http.Response, er
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
 		"project": c.project,
-		"region":  c.region,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.serviceAttachments.insert" call.
+// Do executes the "compute.snapshots.insert" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *ServiceAttachmentsInsertCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *SnapshotsInsertCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -210836,13 +219992,12 @@ func (c *ServiceAttachmentsInsertCall) Do(opts ...googleapi.CallOption) (*Operat
 	}
 	return ret, nil
 	// {
-	//   "description": "Creates a ServiceAttachment in the specified project in the given scope using the parameters that are included in the request.",
-	//   "flatPath": "projects/{project}/regions/{region}/serviceAttachments",
+	//   "description": "Creates a snapshot in the specified project using the data included in the request. For regular snapshot creation, consider using this method instead of disks.createSnapshot, as this method supports more features, such as creating snapshots in a project different from the source disk project.",
+	//   "flatPath": "projects/{project}/global/snapshots",
 	//   "httpMethod": "POST",
-	//   "id": "compute.serviceAttachments.insert",
+	//   "id": "compute.snapshots.insert",
 	//   "parameterOrder": [
-	//     "project",
-	//     "region"
+	//     "project"
 	//   ],
 	//   "parameters": {
 	//     "project": {
@@ -210852,22 +220007,15 @@ func (c *ServiceAttachmentsInsertCall) Do(opts ...googleapi.CallOption) (*Operat
 	//       "required": true,
 	//       "type": "string"
 	//     },
-	//     "region": {
-	//       "description": "Name of the region of this request.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-	//       "required": true,
-	//       "type": "string"
-	//     },
 	//     "requestId": {
 	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
 	//       "location": "query",
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/regions/{region}/serviceAttachments",
+	//   "path": "projects/{project}/global/snapshots",
 	//   "request": {
-	//     "$ref": "ServiceAttachment"
+	//     "$ref": "Snapshot"
 	//   },
 	//   "response": {
 	//     "$ref": "Operation"
@@ -210880,26 +220028,24 @@ func (c *ServiceAttachmentsInsertCall) Do(opts ...googleapi.CallOption) (*Operat
 
 }
 
-// method id "compute.serviceAttachments.list":
+// method id "compute.snapshots.list":
 
-type ServiceAttachmentsListCall struct {
+type SnapshotsListCall struct {
 	s            *Service
 	project      string
-	region       string
 	urlParams_   gensupport.URLParams
 	ifNoneMatch_ string
 	ctx_         context.Context
 	header_      http.Header
 }
 
-// List: Lists the ServiceAttachments for a project in the given scope.
+// List: Retrieves the list of Snapshot resources contained within the
+// specified project.
 //
 // - project: Project ID for this request.
-// - region: Name of the region of this request.
-func (r *ServiceAttachmentsService) List(project string, region string) *ServiceAttachmentsListCall {
-	c := &ServiceAttachmentsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *SnapshotsService) List(project string) *SnapshotsListCall {
+	c := &SnapshotsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.region = region
 	return c
 }
 
@@ -210938,7 +220084,7 @@ func (r *ServiceAttachmentsService) List(project string, region string) *Service
 // must match the entire field. For example, to filter for instances
 // that do not end with name "instance", you would use `name ne
 // .*instance`.
-func (c *ServiceAttachmentsListCall) Filter(filter string) *ServiceAttachmentsListCall {
+func (c *SnapshotsListCall) Filter(filter string) *SnapshotsListCall {
 	c.urlParams_.Set("filter", filter)
 	return c
 }
@@ -210949,7 +220095,7 @@ func (c *ServiceAttachmentsListCall) Filter(filter string) *ServiceAttachmentsLi
 // a `nextPageToken` that can be used to get the next page of results in
 // subsequent list requests. Acceptable values are `0` to `500`,
 // inclusive. (Default: `500`)
-func (c *ServiceAttachmentsListCall) MaxResults(maxResults int64) *ServiceAttachmentsListCall {
+func (c *SnapshotsListCall) MaxResults(maxResults int64) *SnapshotsListCall {
 	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
 	return c
 }
@@ -210963,7 +220109,7 @@ func (c *ServiceAttachmentsListCall) MaxResults(maxResults int64) *ServiceAttach
 // result first). Use this to sort resources like operations so that the
 // newest operation is returned first. Currently, only sorting by `name`
 // or `creationTimestamp desc` is supported.
-func (c *ServiceAttachmentsListCall) OrderBy(orderBy string) *ServiceAttachmentsListCall {
+func (c *SnapshotsListCall) OrderBy(orderBy string) *SnapshotsListCall {
 	c.urlParams_.Set("orderBy", orderBy)
 	return c
 }
@@ -210971,488 +220117,89 @@ func (c *ServiceAttachmentsListCall) OrderBy(orderBy string) *ServiceAttachments
 // PageToken sets the optional parameter "pageToken": Specifies a page
 // token to use. Set `pageToken` to the `nextPageToken` returned by a
 // previous list request to get the next page of results.
-func (c *ServiceAttachmentsListCall) PageToken(pageToken string) *ServiceAttachmentsListCall {
-	c.urlParams_.Set("pageToken", pageToken)
-	return c
-}
-
-// ReturnPartialSuccess sets the optional parameter
-// "returnPartialSuccess": Opt-in for partial success behavior which
-// provides partial results in case of failure. The default value is
-// false.
-func (c *ServiceAttachmentsListCall) ReturnPartialSuccess(returnPartialSuccess bool) *ServiceAttachmentsListCall {
-	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ServiceAttachmentsListCall) Fields(s ...googleapi.Field) *ServiceAttachmentsListCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *ServiceAttachmentsListCall) IfNoneMatch(entityTag string) *ServiceAttachmentsListCall {
-	c.ifNoneMatch_ = entityTag
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *ServiceAttachmentsListCall) Context(ctx context.Context) *ServiceAttachmentsListCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ServiceAttachmentsListCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ServiceAttachmentsListCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/serviceAttachments")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"project": c.project,
-		"region":  c.region,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "compute.serviceAttachments.list" call.
-// Exactly one of *ServiceAttachmentList or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *ServiceAttachmentList.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *ServiceAttachmentsListCall) Do(opts ...googleapi.CallOption) (*ServiceAttachmentList, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &ServiceAttachmentList{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Lists the ServiceAttachments for a project in the given scope.",
-	//   "flatPath": "projects/{project}/regions/{region}/serviceAttachments",
-	//   "httpMethod": "GET",
-	//   "id": "compute.serviceAttachments.list",
-	//   "parameterOrder": [
-	//     "project",
-	//     "region"
-	//   ],
-	//   "parameters": {
-	//     "filter": {
-	//       "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "maxResults": {
-	//       "default": "500",
-	//       "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
-	//       "format": "uint32",
-	//       "location": "query",
-	//       "minimum": "0",
-	//       "type": "integer"
-	//     },
-	//     "orderBy": {
-	//       "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "pageToken": {
-	//       "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "project": {
-	//       "description": "Project ID for this request.",
-	//       "location": "path",
-	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "region": {
-	//       "description": "Name of the region of this request.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "returnPartialSuccess": {
-	//       "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
-	//       "location": "query",
-	//       "type": "boolean"
-	//     }
-	//   },
-	//   "path": "projects/{project}/regions/{region}/serviceAttachments",
-	//   "response": {
-	//     "$ref": "ServiceAttachmentList"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/compute",
-	//     "https://www.googleapis.com/auth/compute.readonly"
-	//   ]
-	// }
-
-}
-
-// Pages invokes f for each page of results.
-// A non-nil error returned from f will halt the iteration.
-// The provided context supersedes any context provided to the Context method.
-func (c *ServiceAttachmentsListCall) Pages(ctx context.Context, f func(*ServiceAttachmentList) error) error {
-	c.ctx_ = ctx
-	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
-	for {
-		x, err := c.Do()
-		if err != nil {
-			return err
-		}
-		if err := f(x); err != nil {
-			return err
-		}
-		if x.NextPageToken == "" {
-			return nil
-		}
-		c.PageToken(x.NextPageToken)
-	}
-}
-
-// method id "compute.serviceAttachments.patch":
-
-type ServiceAttachmentsPatchCall struct {
-	s                 *Service
-	project           string
-	region            string
-	serviceAttachment string
-	serviceattachment *ServiceAttachment
-	urlParams_        gensupport.URLParams
-	ctx_              context.Context
-	header_           http.Header
-}
-
-// Patch: Patches the specified ServiceAttachment resource with the data
-// included in the request. This method supports PATCH semantics and
-// uses JSON merge patch format and processing rules.
-//
-//   - project: Project ID for this request.
-//   - region: The region scoping this request and should conform to
-//     RFC1035.
-//   - serviceAttachment: The resource id of the ServiceAttachment to
-//     patch. It should conform to RFC1035 resource name or be a string
-//     form on an unsigned long number.
-func (r *ServiceAttachmentsService) Patch(project string, region string, serviceAttachment string, serviceattachment *ServiceAttachment) *ServiceAttachmentsPatchCall {
-	c := &ServiceAttachmentsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.project = project
-	c.region = region
-	c.serviceAttachment = serviceAttachment
-	c.serviceattachment = serviceattachment
-	return c
-}
-
-// RequestId sets the optional parameter "requestId": An optional
-// request ID to identify requests. Specify a unique request ID so that
-// if you must retry your request, the server will know to ignore the
-// request if it has already been completed. For example, consider a
-// situation where you make an initial request and the request times
-// out. If you make the request again with the same request ID, the
-// server can check if original operation with the same request ID was
-// received, and if so, will ignore the second request. This prevents
-// clients from accidentally creating duplicate commitments. The request
-// ID must be a valid UUID with the exception that zero UUID is not
-// supported ( 00000000-0000-0000-0000-000000000000).
-func (c *ServiceAttachmentsPatchCall) RequestId(requestId string) *ServiceAttachmentsPatchCall {
-	c.urlParams_.Set("requestId", requestId)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ServiceAttachmentsPatchCall) Fields(s ...googleapi.Field) *ServiceAttachmentsPatchCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *ServiceAttachmentsPatchCall) Context(ctx context.Context) *ServiceAttachmentsPatchCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ServiceAttachmentsPatchCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ServiceAttachmentsPatchCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.serviceattachment)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/serviceAttachments/{serviceAttachment}")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("PATCH", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"project":           c.project,
-		"region":            c.region,
-		"serviceAttachment": c.serviceAttachment,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "compute.serviceAttachments.patch" call.
-// Exactly one of *Operation or error will be non-nil. Any non-2xx
-// status code is an error. Response headers are in either
-// *Operation.ServerResponse.Header or (if a response was returned at
-// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
-// to check whether the returned error was because
-// http.StatusNotModified was returned.
-func (c *ServiceAttachmentsPatchCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &Operation{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Patches the specified ServiceAttachment resource with the data included in the request. This method supports PATCH semantics and uses JSON merge patch format and processing rules.",
-	//   "flatPath": "projects/{project}/regions/{region}/serviceAttachments/{serviceAttachment}",
-	//   "httpMethod": "PATCH",
-	//   "id": "compute.serviceAttachments.patch",
-	//   "parameterOrder": [
-	//     "project",
-	//     "region",
-	//     "serviceAttachment"
-	//   ],
-	//   "parameters": {
-	//     "project": {
-	//       "description": "Project ID for this request.",
-	//       "location": "path",
-	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "region": {
-	//       "description": "The region scoping this request and should conform to RFC1035.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "requestId": {
-	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "serviceAttachment": {
-	//       "description": "The resource id of the ServiceAttachment to patch. It should conform to RFC1035 resource name or be a string form on an unsigned long number.",
-	//       "location": "path",
-	//       "required": true,
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "projects/{project}/regions/{region}/serviceAttachments/{serviceAttachment}",
-	//   "request": {
-	//     "$ref": "ServiceAttachment"
-	//   },
-	//   "response": {
-	//     "$ref": "Operation"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/compute"
-	//   ]
-	// }
-
-}
-
-// method id "compute.serviceAttachments.setIamPolicy":
-
-type ServiceAttachmentsSetIamPolicyCall struct {
-	s                      *Service
-	project                string
-	region                 string
-	resource               string
-	regionsetpolicyrequest *RegionSetPolicyRequest
-	urlParams_             gensupport.URLParams
-	ctx_                   context.Context
-	header_                http.Header
+func (c *SnapshotsListCall) PageToken(pageToken string) *SnapshotsListCall {
+	c.urlParams_.Set("pageToken", pageToken)
+	return c
 }
 
-// SetIamPolicy: Sets the access control policy on the specified
-// resource. Replaces any existing policy.
-//
-// - project: Project ID for this request.
-// - region: The name of the region for this request.
-// - resource: Name or id of the resource for this request.
-func (r *ServiceAttachmentsService) SetIamPolicy(project string, region string, resource string, regionsetpolicyrequest *RegionSetPolicyRequest) *ServiceAttachmentsSetIamPolicyCall {
-	c := &ServiceAttachmentsSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.project = project
-	c.region = region
-	c.resource = resource
-	c.regionsetpolicyrequest = regionsetpolicyrequest
+// ReturnPartialSuccess sets the optional parameter
+// "returnPartialSuccess": Opt-in for partial success behavior which
+// provides partial results in case of failure. The default value is
+// false.
+func (c *SnapshotsListCall) ReturnPartialSuccess(returnPartialSuccess bool) *SnapshotsListCall {
+	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
 	return c
 }
 
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *ServiceAttachmentsSetIamPolicyCall) Fields(s ...googleapi.Field) *ServiceAttachmentsSetIamPolicyCall {
+func (c *SnapshotsListCall) Fields(s ...googleapi.Field) *SnapshotsListCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
 
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *SnapshotsListCall) IfNoneMatch(entityTag string) *SnapshotsListCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *ServiceAttachmentsSetIamPolicyCall) Context(ctx context.Context) *ServiceAttachmentsSetIamPolicyCall {
+func (c *SnapshotsListCall) Context(ctx context.Context) *SnapshotsListCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *ServiceAttachmentsSetIamPolicyCall) Header() http.Header {
+func (c *SnapshotsListCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *ServiceAttachmentsSetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
+func (c *SnapshotsListCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
 		reqHeaders[k] = v
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.regionsetpolicyrequest)
-	if err != nil {
-		return nil, err
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
 	}
-	reqHeaders.Set("Content-Type", "application/json")
+	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/serviceAttachments/{resource}/setIamPolicy")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/snapshots")
 	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("POST", urls, body)
+	req, err := http.NewRequest("GET", urls, body)
 	if err != nil {
 		return nil, err
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project":  c.project,
-		"region":   c.region,
-		"resource": c.resource,
+		"project": c.project,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.serviceAttachments.setIamPolicy" call.
-// Exactly one of *Policy or error will be non-nil. Any non-2xx status
-// code is an error. Response headers are in either
-// *Policy.ServerResponse.Header or (if a response was returned at all)
-// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
-// check whether the returned error was because http.StatusNotModified
-// was returned.
-func (c *ServiceAttachmentsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
+// Do executes the "compute.snapshots.list" call.
+// Exactly one of *SnapshotList or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *SnapshotList.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *SnapshotsListCall) Do(opts ...googleapi.CallOption) (*SnapshotList, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -211471,7 +220218,7 @@ func (c *ServiceAttachmentsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &Policy{
+	ret := &SnapshotList{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -211483,85 +220230,113 @@ func (c *ServiceAttachmentsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*
 	}
 	return ret, nil
 	// {
-	//   "description": "Sets the access control policy on the specified resource. Replaces any existing policy.",
-	//   "flatPath": "projects/{project}/regions/{region}/serviceAttachments/{resource}/setIamPolicy",
-	//   "httpMethod": "POST",
-	//   "id": "compute.serviceAttachments.setIamPolicy",
+	//   "description": "Retrieves the list of Snapshot resources contained within the specified project.",
+	//   "flatPath": "projects/{project}/global/snapshots",
+	//   "httpMethod": "GET",
+	//   "id": "compute.snapshots.list",
 	//   "parameterOrder": [
-	//     "project",
-	//     "region",
-	//     "resource"
+	//     "project"
 	//   ],
 	//   "parameters": {
-	//     "project": {
-	//       "description": "Project ID for this request.",
-	//       "location": "path",
-	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-	//       "required": true,
+	//     "filter": {
+	//       "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+	//       "location": "query",
 	//       "type": "string"
 	//     },
-	//     "region": {
-	//       "description": "The name of the region for this request.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-	//       "required": true,
+	//     "maxResults": {
+	//       "default": "500",
+	//       "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+	//       "format": "uint32",
+	//       "location": "query",
+	//       "minimum": "0",
+	//       "type": "integer"
+	//     },
+	//     "orderBy": {
+	//       "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+	//       "location": "query",
 	//       "type": "string"
 	//     },
-	//     "resource": {
-	//       "description": "Name or id of the resource for this request.",
+	//     "pageToken": {
+	//       "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
 	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
 	//       "required": true,
 	//       "type": "string"
+	//     },
+	//     "returnPartialSuccess": {
+	//       "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+	//       "location": "query",
+	//       "type": "boolean"
 	//     }
 	//   },
-	//   "path": "projects/{project}/regions/{region}/serviceAttachments/{resource}/setIamPolicy",
-	//   "request": {
-	//     "$ref": "RegionSetPolicyRequest"
-	//   },
+	//   "path": "projects/{project}/global/snapshots",
 	//   "response": {
-	//     "$ref": "Policy"
+	//     "$ref": "SnapshotList"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/compute"
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
 	//   ]
 	// }
 
 }
 
-// method id "compute.serviceAttachments.testIamPermissions":
+// Pages invokes f for each page of results.
+// A non-nil error returned from f will halt the iteration.
+// The provided context supersedes any context provided to the Context method.
+func (c *SnapshotsListCall) Pages(ctx context.Context, f func(*SnapshotList) error) error {
+	c.ctx_ = ctx
+	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
+	for {
+		x, err := c.Do()
+		if err != nil {
+			return err
+		}
+		if err := f(x); err != nil {
+			return err
+		}
+		if x.NextPageToken == "" {
+			return nil
+		}
+		c.PageToken(x.NextPageToken)
+	}
+}
 
-type ServiceAttachmentsTestIamPermissionsCall struct {
+// method id "compute.snapshots.setIamPolicy":
+
+type SnapshotsSetIamPolicyCall struct {
 	s                      *Service
 	project                string
-	region                 string
 	resource               string
-	testpermissionsrequest *TestPermissionsRequest
+	globalsetpolicyrequest *GlobalSetPolicyRequest
 	urlParams_             gensupport.URLParams
 	ctx_                   context.Context
 	header_                http.Header
 }
 
-// TestIamPermissions: Returns permissions that a caller has on the
-// specified resource.
+// SetIamPolicy: Sets the access control policy on the specified
+// resource. Replaces any existing policy.
 //
 // - project: Project ID for this request.
-// - region: The name of the region for this request.
 // - resource: Name or id of the resource for this request.
-func (r *ServiceAttachmentsService) TestIamPermissions(project string, region string, resource string, testpermissionsrequest *TestPermissionsRequest) *ServiceAttachmentsTestIamPermissionsCall {
-	c := &ServiceAttachmentsTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *SnapshotsService) SetIamPolicy(project string, resource string, globalsetpolicyrequest *GlobalSetPolicyRequest) *SnapshotsSetIamPolicyCall {
+	c := &SnapshotsSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.region = region
 	c.resource = resource
-	c.testpermissionsrequest = testpermissionsrequest
+	c.globalsetpolicyrequest = globalsetpolicyrequest
 	return c
 }
 
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *ServiceAttachmentsTestIamPermissionsCall) Fields(s ...googleapi.Field) *ServiceAttachmentsTestIamPermissionsCall {
+func (c *SnapshotsSetIamPolicyCall) Fields(s ...googleapi.Field) *SnapshotsSetIamPolicyCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -211569,21 +220344,21 @@ func (c *ServiceAttachmentsTestIamPermissionsCall) Fields(s ...googleapi.Field)
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *ServiceAttachmentsTestIamPermissionsCall) Context(ctx context.Context) *ServiceAttachmentsTestIamPermissionsCall {
+func (c *SnapshotsSetIamPolicyCall) Context(ctx context.Context) *SnapshotsSetIamPolicyCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *ServiceAttachmentsTestIamPermissionsCall) Header() http.Header {
+func (c *SnapshotsSetIamPolicyCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *ServiceAttachmentsTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
+func (c *SnapshotsSetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -211591,14 +220366,14 @@ func (c *ServiceAttachmentsTestIamPermissionsCall) doRequest(alt string) (*http.
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.testpermissionsrequest)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.globalsetpolicyrequest)
 	if err != nil {
 		return nil, err
 	}
 	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/serviceAttachments/{resource}/testIamPermissions")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/snapshots/{resource}/setIamPolicy")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -211607,20 +220382,19 @@ func (c *ServiceAttachmentsTestIamPermissionsCall) doRequest(alt string) (*http.
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
 		"project":  c.project,
-		"region":   c.region,
 		"resource": c.resource,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.serviceAttachments.testIamPermissions" call.
-// Exactly one of *TestPermissionsResponse or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *TestPermissionsResponse.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *ServiceAttachmentsTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestPermissionsResponse, error) {
+// Do executes the "compute.snapshots.setIamPolicy" call.
+// Exactly one of *Policy or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Policy.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *SnapshotsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -211639,7 +220413,7 @@ func (c *ServiceAttachmentsTestIamPermissionsCall) Do(opts ...googleapi.CallOpti
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &TestPermissionsResponse{
+	ret := &Policy{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -211651,13 +220425,12 @@ func (c *ServiceAttachmentsTestIamPermissionsCall) Do(opts ...googleapi.CallOpti
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns permissions that a caller has on the specified resource.",
-	//   "flatPath": "projects/{project}/regions/{region}/serviceAttachments/{resource}/testIamPermissions",
+	//   "description": "Sets the access control policy on the specified resource. Replaces any existing policy.",
+	//   "flatPath": "projects/{project}/global/snapshots/{resource}/setIamPolicy",
 	//   "httpMethod": "POST",
-	//   "id": "compute.serviceAttachments.testIamPermissions",
+	//   "id": "compute.snapshots.setIamPolicy",
 	//   "parameterOrder": [
 	//     "project",
-	//     "region",
 	//     "resource"
 	//   ],
 	//   "parameters": {
@@ -211668,84 +220441,58 @@ func (c *ServiceAttachmentsTestIamPermissionsCall) Do(opts ...googleapi.CallOpti
 	//       "required": true,
 	//       "type": "string"
 	//     },
-	//     "region": {
-	//       "description": "The name of the region for this request.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-	//       "required": true,
-	//       "type": "string"
-	//     },
 	//     "resource": {
 	//       "description": "Name or id of the resource for this request.",
 	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "pattern": "[a-z](?:[-a-z0-9_]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 	//       "required": true,
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/regions/{region}/serviceAttachments/{resource}/testIamPermissions",
+	//   "path": "projects/{project}/global/snapshots/{resource}/setIamPolicy",
 	//   "request": {
-	//     "$ref": "TestPermissionsRequest"
+	//     "$ref": "GlobalSetPolicyRequest"
 	//   },
 	//   "response": {
-	//     "$ref": "TestPermissionsResponse"
+	//     "$ref": "Policy"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/compute",
-	//     "https://www.googleapis.com/auth/compute.readonly"
+	//     "https://www.googleapis.com/auth/compute"
 	//   ]
 	// }
 
 }
 
-// method id "compute.snapshots.delete":
+// method id "compute.snapshots.setLabels":
 
-type SnapshotsDeleteCall struct {
-	s          *Service
-	project    string
-	snapshot   string
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
+type SnapshotsSetLabelsCall struct {
+	s                      *Service
+	project                string
+	resource               string
+	globalsetlabelsrequest *GlobalSetLabelsRequest
+	urlParams_             gensupport.URLParams
+	ctx_                   context.Context
+	header_                http.Header
 }
 
-// Delete: Deletes the specified Snapshot resource. Keep in mind that
-// deleting a single snapshot might not necessarily delete all the data
-// on that snapshot. If any data on the snapshot that is marked for
-// deletion is needed for subsequent snapshots, the data will be moved
-// to the next corresponding snapshot. For more information, see
-// Deleting snapshots.
+// SetLabels: Sets the labels on a snapshot. To learn more about labels,
+// read the Labeling Resources documentation.
 //
 // - project: Project ID for this request.
-// - snapshot: Name of the Snapshot resource to delete.
-func (r *SnapshotsService) Delete(project string, snapshot string) *SnapshotsDeleteCall {
-	c := &SnapshotsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - resource: Name or id of the resource for this request.
+func (r *SnapshotsService) SetLabels(project string, resource string, globalsetlabelsrequest *GlobalSetLabelsRequest) *SnapshotsSetLabelsCall {
+	c := &SnapshotsSetLabelsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.snapshot = snapshot
-	return c
-}
-
-// RequestId sets the optional parameter "requestId": An optional
-// request ID to identify requests. Specify a unique request ID so that
-// if you must retry your request, the server will know to ignore the
-// request if it has already been completed. For example, consider a
-// situation where you make an initial request and the request times
-// out. If you make the request again with the same request ID, the
-// server can check if original operation with the same request ID was
-// received, and if so, will ignore the second request. This prevents
-// clients from accidentally creating duplicate commitments. The request
-// ID must be a valid UUID with the exception that zero UUID is not
-// supported ( 00000000-0000-0000-0000-000000000000).
-func (c *SnapshotsDeleteCall) RequestId(requestId string) *SnapshotsDeleteCall {
-	c.urlParams_.Set("requestId", requestId)
+	c.resource = resource
+	c.globalsetlabelsrequest = globalsetlabelsrequest
 	return c
 }
 
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SnapshotsDeleteCall) Fields(s ...googleapi.Field) *SnapshotsDeleteCall {
+func (c *SnapshotsSetLabelsCall) Fields(s ...googleapi.Field) *SnapshotsSetLabelsCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -211753,21 +220500,21 @@ func (c *SnapshotsDeleteCall) Fields(s ...googleapi.Field) *SnapshotsDeleteCall
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SnapshotsDeleteCall) Context(ctx context.Context) *SnapshotsDeleteCall {
+func (c *SnapshotsSetLabelsCall) Context(ctx context.Context) *SnapshotsSetLabelsCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SnapshotsDeleteCall) Header() http.Header {
+func (c *SnapshotsSetLabelsCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SnapshotsDeleteCall) doRequest(alt string) (*http.Response, error) {
+func (c *SnapshotsSetLabelsCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -211775,30 +220522,35 @@ func (c *SnapshotsDeleteCall) doRequest(alt string) (*http.Response, error) {
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.globalsetlabelsrequest)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/snapshots/{snapshot}")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/snapshots/{resource}/setLabels")
 	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("DELETE", urls, body)
+	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
 		return nil, err
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
 		"project":  c.project,
-		"snapshot": c.snapshot,
+		"resource": c.resource,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.snapshots.delete" call.
+// Do executes the "compute.snapshots.setLabels" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *SnapshotsDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *SnapshotsSetLabelsCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -211829,13 +220581,13 @@ func (c *SnapshotsDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, erro
 	}
 	return ret, nil
 	// {
-	//   "description": "Deletes the specified Snapshot resource. Keep in mind that deleting a single snapshot might not necessarily delete all the data on that snapshot. If any data on the snapshot that is marked for deletion is needed for subsequent snapshots, the data will be moved to the next corresponding snapshot. For more information, see Deleting snapshots.",
-	//   "flatPath": "projects/{project}/global/snapshots/{snapshot}",
-	//   "httpMethod": "DELETE",
-	//   "id": "compute.snapshots.delete",
+	//   "description": "Sets the labels on a snapshot. To learn more about labels, read the Labeling Resources documentation.",
+	//   "flatPath": "projects/{project}/global/snapshots/{resource}/setLabels",
+	//   "httpMethod": "POST",
+	//   "id": "compute.snapshots.setLabels",
 	//   "parameterOrder": [
 	//     "project",
-	//     "snapshot"
+	//     "resource"
 	//   ],
 	//   "parameters": {
 	//     "project": {
@@ -211845,20 +220597,18 @@ func (c *SnapshotsDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, erro
 	//       "required": true,
 	//       "type": "string"
 	//     },
-	//     "requestId": {
-	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "snapshot": {
-	//       "description": "Name of the Snapshot resource to delete.",
+	//     "resource": {
+	//       "description": "Name or id of the resource for this request.",
 	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "pattern": "[a-z](?:[-a-z0-9_]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 	//       "required": true,
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/snapshots/{snapshot}",
+	//   "path": "projects/{project}/global/snapshots/{resource}/setLabels",
+	//   "request": {
+	//     "$ref": "GlobalSetLabelsRequest"
+	//   },
 	//   "response": {
 	//     "$ref": "Operation"
 	//   },
@@ -211870,100 +220620,93 @@ func (c *SnapshotsDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, erro
 
 }
 
-// method id "compute.snapshots.get":
+// method id "compute.snapshots.testIamPermissions":
 
-type SnapshotsGetCall struct {
-	s            *Service
-	project      string
-	snapshot     string
-	urlParams_   gensupport.URLParams
-	ifNoneMatch_ string
-	ctx_         context.Context
-	header_      http.Header
+type SnapshotsTestIamPermissionsCall struct {
+	s                      *Service
+	project                string
+	resource               string
+	testpermissionsrequest *TestPermissionsRequest
+	urlParams_             gensupport.URLParams
+	ctx_                   context.Context
+	header_                http.Header
 }
 
-// Get: Returns the specified Snapshot resource. Gets a list of
-// available snapshots by making a list() request.
+// TestIamPermissions: Returns permissions that a caller has on the
+// specified resource.
 //
 // - project: Project ID for this request.
-// - snapshot: Name of the Snapshot resource to return.
-func (r *SnapshotsService) Get(project string, snapshot string) *SnapshotsGetCall {
-	c := &SnapshotsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - resource: Name or id of the resource for this request.
+func (r *SnapshotsService) TestIamPermissions(project string, resource string, testpermissionsrequest *TestPermissionsRequest) *SnapshotsTestIamPermissionsCall {
+	c := &SnapshotsTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.snapshot = snapshot
+	c.resource = resource
+	c.testpermissionsrequest = testpermissionsrequest
 	return c
 }
 
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SnapshotsGetCall) Fields(s ...googleapi.Field) *SnapshotsGetCall {
+func (c *SnapshotsTestIamPermissionsCall) Fields(s ...googleapi.Field) *SnapshotsTestIamPermissionsCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
 
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *SnapshotsGetCall) IfNoneMatch(entityTag string) *SnapshotsGetCall {
-	c.ifNoneMatch_ = entityTag
-	return c
-}
-
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SnapshotsGetCall) Context(ctx context.Context) *SnapshotsGetCall {
+func (c *SnapshotsTestIamPermissionsCall) Context(ctx context.Context) *SnapshotsTestIamPermissionsCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SnapshotsGetCall) Header() http.Header {
+func (c *SnapshotsTestIamPermissionsCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SnapshotsGetCall) doRequest(alt string) (*http.Response, error) {
+func (c *SnapshotsTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
 		reqHeaders[k] = v
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
 	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.testpermissionsrequest)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/snapshots/{snapshot}")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/snapshots/{resource}/testIamPermissions")
 	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
+	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
 		return nil, err
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
 		"project":  c.project,
-		"snapshot": c.snapshot,
+		"resource": c.resource,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.snapshots.get" call.
-// Exactly one of *Snapshot or error will be non-nil. Any non-2xx status
-// code is an error. Response headers are in either
-// *Snapshot.ServerResponse.Header or (if a response was returned at
-// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
-// to check whether the returned error was because
-// http.StatusNotModified was returned.
-func (c *SnapshotsGetCall) Do(opts ...googleapi.CallOption) (*Snapshot, error) {
+// Do executes the "compute.snapshots.testIamPermissions" call.
+// Exactly one of *TestPermissionsResponse or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *TestPermissionsResponse.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *SnapshotsTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestPermissionsResponse, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -211982,7 +220725,7 @@ func (c *SnapshotsGetCall) Do(opts ...googleapi.CallOption) (*Snapshot, error) {
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &Snapshot{
+	ret := &TestPermissionsResponse{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -211994,13 +220737,13 @@ func (c *SnapshotsGetCall) Do(opts ...googleapi.CallOption) (*Snapshot, error) {
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified Snapshot resource. Gets a list of available snapshots by making a list() request.",
-	//   "flatPath": "projects/{project}/global/snapshots/{snapshot}",
-	//   "httpMethod": "GET",
-	//   "id": "compute.snapshots.get",
+	//   "description": "Returns permissions that a caller has on the specified resource.",
+	//   "flatPath": "projects/{project}/global/snapshots/{resource}/testIamPermissions",
+	//   "httpMethod": "POST",
+	//   "id": "compute.snapshots.testIamPermissions",
 	//   "parameterOrder": [
 	//     "project",
-	//     "snapshot"
+	//     "resource"
 	//   ],
 	//   "parameters": {
 	//     "project": {
@@ -212010,17 +220753,20 @@ func (c *SnapshotsGetCall) Do(opts ...googleapi.CallOption) (*Snapshot, error) {
 	//       "required": true,
 	//       "type": "string"
 	//     },
-	//     "snapshot": {
-	//       "description": "Name of the Snapshot resource to return.",
+	//     "resource": {
+	//       "description": "Name or id of the resource for this request.",
 	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "pattern": "[a-z](?:[-a-z0-9_]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 	//       "required": true,
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/snapshots/{snapshot}",
+	//   "path": "projects/{project}/global/snapshots/{resource}/testIamPermissions",
+	//   "request": {
+	//     "$ref": "TestPermissionsRequest"
+	//   },
 	//   "response": {
-	//     "$ref": "Snapshot"
+	//     "$ref": "TestPermissionsResponse"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
@@ -212031,41 +220777,126 @@ func (c *SnapshotsGetCall) Do(opts ...googleapi.CallOption) (*Snapshot, error) {
 
 }
 
-// method id "compute.snapshots.getIamPolicy":
+// method id "compute.sslCertificates.aggregatedList":
 
-type SnapshotsGetIamPolicyCall struct {
+type SslCertificatesAggregatedListCall struct {
 	s            *Service
 	project      string
-	resource     string
 	urlParams_   gensupport.URLParams
 	ifNoneMatch_ string
 	ctx_         context.Context
 	header_      http.Header
 }
 
-// GetIamPolicy: Gets the access control policy for a resource. May be
-// empty if no such policy or resource exists.
+// AggregatedList: Retrieves the list of all SslCertificate resources,
+// regional and global, available to the specified project.
 //
-// - project: Project ID for this request.
-// - resource: Name or id of the resource for this request.
-func (r *SnapshotsService) GetIamPolicy(project string, resource string) *SnapshotsGetIamPolicyCall {
-	c := &SnapshotsGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - project: Name of the project scoping this request.
+func (r *SslCertificatesService) AggregatedList(project string) *SslCertificatesAggregatedListCall {
+	c := &SslCertificatesAggregatedListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.resource = resource
 	return c
 }
 
-// OptionsRequestedPolicyVersion sets the optional parameter
-// "optionsRequestedPolicyVersion": Requested IAM Policy version.
-func (c *SnapshotsGetIamPolicyCall) OptionsRequestedPolicyVersion(optionsRequestedPolicyVersion int64) *SnapshotsGetIamPolicyCall {
-	c.urlParams_.Set("optionsRequestedPolicyVersion", fmt.Sprint(optionsRequestedPolicyVersion))
+// Filter sets the optional parameter "filter": A filter expression that
+// filters resources listed in the response. Most Compute resources
+// support two types of filter expressions: expressions that support
+// regular expressions and expressions that follow API improvement
+// proposal AIP-160. If you want to use AIP-160, your expression must
+// specify the field name, an operator, and the value that you want to
+// use for filtering. The value must be a string, a number, or a
+// boolean. The operator must be either `=`, `!=`, `>`, `<`, `<=`, `>=`
+// or `:`. For example, if you are filtering Compute Engine instances,
+// you can exclude instances named `example-instance` by specifying
+// `name != example-instance`. The `:` operator can be used with string
+// fields to match substrings. For non-string fields it is equivalent to
+// the `=` operator. The `:*` comparison can be used to test whether a
+// key has been defined. For example, to find all objects with `owner`
+// label use: ``` labels.owner:* ``` You can also filter nested fields.
+// For example, you could specify `scheduling.automaticRestart = false`
+// to include instances only if they are not scheduled for automatic
+// restarts. You can use filtering on nested fields to filter based on
+// resource labels. To filter on multiple expressions, provide each
+// separate expression within parentheses. For example: ```
+// (scheduling.automaticRestart = true) (cpuPlatform = "Intel Skylake")
+// ``` By default, each expression is an `AND` expression. However, you
+// can include `AND` and `OR` expressions explicitly. For example: ```
+// (cpuPlatform = "Intel Skylake") OR (cpuPlatform = "Intel Broadwell")
+// AND (scheduling.automaticRestart = true) ``` If you want to use a
+// regular expression, use the `eq` (equal) or `ne` (not equal) operator
+// against a single un-parenthesized expression with or without quotes
+// or against multiple parenthesized expressions. Examples: `fieldname
+// eq unquoted literal` `fieldname eq 'single quoted literal'`
+// `fieldname eq "double quoted literal" `(fieldname1 eq literal)
+// (fieldname2 ne "literal")` The literal value is interpreted as a
+// regular expression using Google RE2 library syntax. The literal value
+// must match the entire field. For example, to filter for instances
+// that do not end with name "instance", you would use `name ne
+// .*instance`.
+func (c *SslCertificatesAggregatedListCall) Filter(filter string) *SslCertificatesAggregatedListCall {
+	c.urlParams_.Set("filter", filter)
+	return c
+}
+
+// IncludeAllScopes sets the optional parameter "includeAllScopes":
+// Indicates whether every visible scope for each scope type (zone,
+// region, global) should be included in the response. For new resource
+// types added after this field, the flag has no effect as new resource
+// types will always include every visible scope for each scope type in
+// response. For resource types which predate this field, if this flag
+// is omitted or false, only scopes of the scope types where the
+// resource type is expected to be found will be included.
+func (c *SslCertificatesAggregatedListCall) IncludeAllScopes(includeAllScopes bool) *SslCertificatesAggregatedListCall {
+	c.urlParams_.Set("includeAllScopes", fmt.Sprint(includeAllScopes))
+	return c
+}
+
+// MaxResults sets the optional parameter "maxResults": The maximum
+// number of results per page that should be returned. If the number of
+// available results is larger than `maxResults`, Compute Engine returns
+// a `nextPageToken` that can be used to get the next page of results in
+// subsequent list requests. Acceptable values are `0` to `500`,
+// inclusive. (Default: `500`)
+func (c *SslCertificatesAggregatedListCall) MaxResults(maxResults int64) *SslCertificatesAggregatedListCall {
+	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
+	return c
+}
+
+// OrderBy sets the optional parameter "orderBy": Sorts list results by
+// a certain order. By default, results are returned in alphanumerical
+// order based on the resource name. You can also sort results in
+// descending order based on the creation timestamp using
+// `orderBy="creationTimestamp desc". This sorts results based on the
+// `creationTimestamp` field in reverse chronological order (newest
+// result first). Use this to sort resources like operations so that the
+// newest operation is returned first. Currently, only sorting by `name`
+// or `creationTimestamp desc` is supported.
+func (c *SslCertificatesAggregatedListCall) OrderBy(orderBy string) *SslCertificatesAggregatedListCall {
+	c.urlParams_.Set("orderBy", orderBy)
+	return c
+}
+
+// PageToken sets the optional parameter "pageToken": Specifies a page
+// token to use. Set `pageToken` to the `nextPageToken` returned by a
+// previous list request to get the next page of results.
+func (c *SslCertificatesAggregatedListCall) PageToken(pageToken string) *SslCertificatesAggregatedListCall {
+	c.urlParams_.Set("pageToken", pageToken)
+	return c
+}
+
+// ReturnPartialSuccess sets the optional parameter
+// "returnPartialSuccess": Opt-in for partial success behavior which
+// provides partial results in case of failure. The default value is
+// false.
+func (c *SslCertificatesAggregatedListCall) ReturnPartialSuccess(returnPartialSuccess bool) *SslCertificatesAggregatedListCall {
+	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
 	return c
 }
 
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SnapshotsGetIamPolicyCall) Fields(s ...googleapi.Field) *SnapshotsGetIamPolicyCall {
+func (c *SslCertificatesAggregatedListCall) Fields(s ...googleapi.Field) *SslCertificatesAggregatedListCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -212075,7 +220906,7 @@ func (c *SnapshotsGetIamPolicyCall) Fields(s ...googleapi.Field) *SnapshotsGetIa
 // getting updates only after the object has changed since the last
 // request. Use googleapi.IsNotModified to check whether the response
 // error from Do is the result of In-None-Match.
-func (c *SnapshotsGetIamPolicyCall) IfNoneMatch(entityTag string) *SnapshotsGetIamPolicyCall {
+func (c *SslCertificatesAggregatedListCall) IfNoneMatch(entityTag string) *SslCertificatesAggregatedListCall {
 	c.ifNoneMatch_ = entityTag
 	return c
 }
@@ -212083,21 +220914,21 @@ func (c *SnapshotsGetIamPolicyCall) IfNoneMatch(entityTag string) *SnapshotsGetI
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SnapshotsGetIamPolicyCall) Context(ctx context.Context) *SnapshotsGetIamPolicyCall {
+func (c *SslCertificatesAggregatedListCall) Context(ctx context.Context) *SslCertificatesAggregatedListCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SnapshotsGetIamPolicyCall) Header() http.Header {
+func (c *SslCertificatesAggregatedListCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SnapshotsGetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
+func (c *SslCertificatesAggregatedListCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -212110,7 +220941,7 @@ func (c *SnapshotsGetIamPolicyCall) doRequest(alt string) (*http.Response, error
 	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/snapshots/{resource}/getIamPolicy")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/aggregated/sslCertificates")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("GET", urls, body)
 	if err != nil {
@@ -212118,20 +220949,19 @@ func (c *SnapshotsGetIamPolicyCall) doRequest(alt string) (*http.Response, error
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project":  c.project,
-		"resource": c.resource,
+		"project": c.project,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.snapshots.getIamPolicy" call.
-// Exactly one of *Policy or error will be non-nil. Any non-2xx status
-// code is an error. Response headers are in either
-// *Policy.ServerResponse.Header or (if a response was returned at all)
-// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
-// check whether the returned error was because http.StatusNotModified
-// was returned.
-func (c *SnapshotsGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
+// Do executes the "compute.sslCertificates.aggregatedList" call.
+// Exactly one of *SslCertificateAggregatedList or error will be
+// non-nil. Any non-2xx status code is an error. Response headers are in
+// either *SslCertificateAggregatedList.ServerResponse.Header or (if a
+// response was returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *SslCertificatesAggregatedListCall) Do(opts ...googleapi.CallOption) (*SslCertificateAggregatedList, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -212150,7 +220980,7 @@ func (c *SnapshotsGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, e
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &Policy{
+	ret := &SslCertificateAggregatedList{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -212162,39 +220992,58 @@ func (c *SnapshotsGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, e
 	}
 	return ret, nil
 	// {
-	//   "description": "Gets the access control policy for a resource. May be empty if no such policy or resource exists.",
-	//   "flatPath": "projects/{project}/global/snapshots/{resource}/getIamPolicy",
+	//   "description": "Retrieves the list of all SslCertificate resources, regional and global, available to the specified project.",
+	//   "flatPath": "projects/{project}/aggregated/sslCertificates",
 	//   "httpMethod": "GET",
-	//   "id": "compute.snapshots.getIamPolicy",
+	//   "id": "compute.sslCertificates.aggregatedList",
 	//   "parameterOrder": [
-	//     "project",
-	//     "resource"
+	//     "project"
 	//   ],
 	//   "parameters": {
-	//     "optionsRequestedPolicyVersion": {
-	//       "description": "Requested IAM Policy version.",
-	//       "format": "int32",
+	//     "filter": {
+	//       "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "includeAllScopes": {
+	//       "description": "Indicates whether every visible scope for each scope type (zone, region, global) should be included in the response. For new resource types added after this field, the flag has no effect as new resource types will always include every visible scope for each scope type in response. For resource types which predate this field, if this flag is omitted or false, only scopes of the scope types where the resource type is expected to be found will be included.",
+	//       "location": "query",
+	//       "type": "boolean"
+	//     },
+	//     "maxResults": {
+	//       "default": "500",
+	//       "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+	//       "format": "uint32",
 	//       "location": "query",
+	//       "minimum": "0",
 	//       "type": "integer"
 	//     },
+	//     "orderBy": {
+	//       "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "pageToken": {
+	//       "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
 	//     "project": {
-	//       "description": "Project ID for this request.",
+	//       "description": "Name of the project scoping this request.",
 	//       "location": "path",
 	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
 	//       "required": true,
 	//       "type": "string"
 	//     },
-	//     "resource": {
-	//       "description": "Name or id of the resource for this request.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9_]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-	//       "required": true,
-	//       "type": "string"
+	//     "returnPartialSuccess": {
+	//       "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+	//       "location": "query",
+	//       "type": "boolean"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/snapshots/{resource}/getIamPolicy",
+	//   "path": "projects/{project}/aggregated/sslCertificates",
 	//   "response": {
-	//     "$ref": "Policy"
+	//     "$ref": "SslCertificateAggregatedList"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
@@ -212205,28 +221054,46 @@ func (c *SnapshotsGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, e
 
 }
 
-// method id "compute.snapshots.insert":
+// Pages invokes f for each page of results.
+// A non-nil error returned from f will halt the iteration.
+// The provided context supersedes any context provided to the Context method.
+func (c *SslCertificatesAggregatedListCall) Pages(ctx context.Context, f func(*SslCertificateAggregatedList) error) error {
+	c.ctx_ = ctx
+	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
+	for {
+		x, err := c.Do()
+		if err != nil {
+			return err
+		}
+		if err := f(x); err != nil {
+			return err
+		}
+		if x.NextPageToken == "" {
+			return nil
+		}
+		c.PageToken(x.NextPageToken)
+	}
+}
 
-type SnapshotsInsertCall struct {
-	s          *Service
-	project    string
-	snapshot   *Snapshot
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
+// method id "compute.sslCertificates.delete":
+
+type SslCertificatesDeleteCall struct {
+	s              *Service
+	project        string
+	sslCertificate string
+	urlParams_     gensupport.URLParams
+	ctx_           context.Context
+	header_        http.Header
 }
 
-// Insert: Creates a snapshot in the specified project using the data
-// included in the request. For regular snapshot creation, consider
-// using this method instead of disks.createSnapshot, as this method
-// supports more features, such as creating snapshots in a project
-// different from the source disk project.
+// Delete: Deletes the specified SslCertificate resource.
 //
 // - project: Project ID for this request.
-func (r *SnapshotsService) Insert(project string, snapshot *Snapshot) *SnapshotsInsertCall {
-	c := &SnapshotsInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - sslCertificate: Name of the SslCertificate resource to delete.
+func (r *SslCertificatesService) Delete(project string, sslCertificate string) *SslCertificatesDeleteCall {
+	c := &SslCertificatesDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.snapshot = snapshot
+	c.sslCertificate = sslCertificate
 	return c
 }
 
@@ -212241,7 +221108,7 @@ func (r *SnapshotsService) Insert(project string, snapshot *Snapshot) *Snapshots
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *SnapshotsInsertCall) RequestId(requestId string) *SnapshotsInsertCall {
+func (c *SslCertificatesDeleteCall) RequestId(requestId string) *SslCertificatesDeleteCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -212249,7 +221116,7 @@ func (c *SnapshotsInsertCall) RequestId(requestId string) *SnapshotsInsertCall {
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SnapshotsInsertCall) Fields(s ...googleapi.Field) *SnapshotsInsertCall {
+func (c *SslCertificatesDeleteCall) Fields(s ...googleapi.Field) *SslCertificatesDeleteCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -212257,21 +221124,21 @@ func (c *SnapshotsInsertCall) Fields(s ...googleapi.Field) *SnapshotsInsertCall
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SnapshotsInsertCall) Context(ctx context.Context) *SnapshotsInsertCall {
+func (c *SslCertificatesDeleteCall) Context(ctx context.Context) *SslCertificatesDeleteCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SnapshotsInsertCall) Header() http.Header {
+func (c *SslCertificatesDeleteCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SnapshotsInsertCall) doRequest(alt string) (*http.Response, error) {
+func (c *SslCertificatesDeleteCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -212279,34 +221146,30 @@ func (c *SnapshotsInsertCall) doRequest(alt string) (*http.Response, error) {
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.snapshot)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/snapshots")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/sslCertificates/{sslCertificate}")
 	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("POST", urls, body)
+	req, err := http.NewRequest("DELETE", urls, body)
 	if err != nil {
 		return nil, err
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project": c.project,
+		"project":        c.project,
+		"sslCertificate": c.sslCertificate,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.snapshots.insert" call.
+// Do executes the "compute.sslCertificates.delete" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *SnapshotsInsertCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *SslCertificatesDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -212337,12 +221200,13 @@ func (c *SnapshotsInsertCall) Do(opts ...googleapi.CallOption) (*Operation, erro
 	}
 	return ret, nil
 	// {
-	//   "description": "Creates a snapshot in the specified project using the data included in the request. For regular snapshot creation, consider using this method instead of disks.createSnapshot, as this method supports more features, such as creating snapshots in a project different from the source disk project.",
-	//   "flatPath": "projects/{project}/global/snapshots",
-	//   "httpMethod": "POST",
-	//   "id": "compute.snapshots.insert",
+	//   "description": "Deletes the specified SslCertificate resource.",
+	//   "flatPath": "projects/{project}/global/sslCertificates/{sslCertificate}",
+	//   "httpMethod": "DELETE",
+	//   "id": "compute.sslCertificates.delete",
 	//   "parameterOrder": [
-	//     "project"
+	//     "project",
+	//     "sslCertificate"
 	//   ],
 	//   "parameters": {
 	//     "project": {
@@ -212356,12 +221220,16 @@ func (c *SnapshotsInsertCall) Do(opts ...googleapi.CallOption) (*Operation, erro
 	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
 	//       "location": "query",
 	//       "type": "string"
+	//     },
+	//     "sslCertificate": {
+	//       "description": "Name of the SslCertificate resource to delete.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/snapshots",
-	//   "request": {
-	//     "$ref": "Snapshot"
-	//   },
+	//   "path": "projects/{project}/global/sslCertificates/{sslCertificate}",
 	//   "response": {
 	//     "$ref": "Operation"
 	//   },
@@ -212373,113 +221241,33 @@ func (c *SnapshotsInsertCall) Do(opts ...googleapi.CallOption) (*Operation, erro
 
 }
 
-// method id "compute.snapshots.list":
+// method id "compute.sslCertificates.get":
 
-type SnapshotsListCall struct {
-	s            *Service
-	project      string
-	urlParams_   gensupport.URLParams
-	ifNoneMatch_ string
-	ctx_         context.Context
-	header_      http.Header
+type SslCertificatesGetCall struct {
+	s              *Service
+	project        string
+	sslCertificate string
+	urlParams_     gensupport.URLParams
+	ifNoneMatch_   string
+	ctx_           context.Context
+	header_        http.Header
 }
 
-// List: Retrieves the list of Snapshot resources contained within the
-// specified project.
+// Get: Returns the specified SslCertificate resource.
 //
 // - project: Project ID for this request.
-func (r *SnapshotsService) List(project string) *SnapshotsListCall {
-	c := &SnapshotsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - sslCertificate: Name of the SslCertificate resource to return.
+func (r *SslCertificatesService) Get(project string, sslCertificate string) *SslCertificatesGetCall {
+	c := &SslCertificatesGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	return c
-}
-
-// Filter sets the optional parameter "filter": A filter expression that
-// filters resources listed in the response. Most Compute resources
-// support two types of filter expressions: expressions that support
-// regular expressions and expressions that follow API improvement
-// proposal AIP-160. If you want to use AIP-160, your expression must
-// specify the field name, an operator, and the value that you want to
-// use for filtering. The value must be a string, a number, or a
-// boolean. The operator must be either `=`, `!=`, `>`, `<`, `<=`, `>=`
-// or `:`. For example, if you are filtering Compute Engine instances,
-// you can exclude instances named `example-instance` by specifying
-// `name != example-instance`. The `:` operator can be used with string
-// fields to match substrings. For non-string fields it is equivalent to
-// the `=` operator. The `:*` comparison can be used to test whether a
-// key has been defined. For example, to find all objects with `owner`
-// label use: ``` labels.owner:* ``` You can also filter nested fields.
-// For example, you could specify `scheduling.automaticRestart = false`
-// to include instances only if they are not scheduled for automatic
-// restarts. You can use filtering on nested fields to filter based on
-// resource labels. To filter on multiple expressions, provide each
-// separate expression within parentheses. For example: ```
-// (scheduling.automaticRestart = true) (cpuPlatform = "Intel Skylake")
-// ``` By default, each expression is an `AND` expression. However, you
-// can include `AND` and `OR` expressions explicitly. For example: ```
-// (cpuPlatform = "Intel Skylake") OR (cpuPlatform = "Intel Broadwell")
-// AND (scheduling.automaticRestart = true) ``` If you want to use a
-// regular expression, use the `eq` (equal) or `ne` (not equal) operator
-// against a single un-parenthesized expression with or without quotes
-// or against multiple parenthesized expressions. Examples: `fieldname
-// eq unquoted literal` `fieldname eq 'single quoted literal'`
-// `fieldname eq "double quoted literal" `(fieldname1 eq literal)
-// (fieldname2 ne "literal")` The literal value is interpreted as a
-// regular expression using Google RE2 library syntax. The literal value
-// must match the entire field. For example, to filter for instances
-// that do not end with name "instance", you would use `name ne
-// .*instance`.
-func (c *SnapshotsListCall) Filter(filter string) *SnapshotsListCall {
-	c.urlParams_.Set("filter", filter)
-	return c
-}
-
-// MaxResults sets the optional parameter "maxResults": The maximum
-// number of results per page that should be returned. If the number of
-// available results is larger than `maxResults`, Compute Engine returns
-// a `nextPageToken` that can be used to get the next page of results in
-// subsequent list requests. Acceptable values are `0` to `500`,
-// inclusive. (Default: `500`)
-func (c *SnapshotsListCall) MaxResults(maxResults int64) *SnapshotsListCall {
-	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
-	return c
-}
-
-// OrderBy sets the optional parameter "orderBy": Sorts list results by
-// a certain order. By default, results are returned in alphanumerical
-// order based on the resource name. You can also sort results in
-// descending order based on the creation timestamp using
-// `orderBy="creationTimestamp desc". This sorts results based on the
-// `creationTimestamp` field in reverse chronological order (newest
-// result first). Use this to sort resources like operations so that the
-// newest operation is returned first. Currently, only sorting by `name`
-// or `creationTimestamp desc` is supported.
-func (c *SnapshotsListCall) OrderBy(orderBy string) *SnapshotsListCall {
-	c.urlParams_.Set("orderBy", orderBy)
-	return c
-}
-
-// PageToken sets the optional parameter "pageToken": Specifies a page
-// token to use. Set `pageToken` to the `nextPageToken` returned by a
-// previous list request to get the next page of results.
-func (c *SnapshotsListCall) PageToken(pageToken string) *SnapshotsListCall {
-	c.urlParams_.Set("pageToken", pageToken)
-	return c
-}
-
-// ReturnPartialSuccess sets the optional parameter
-// "returnPartialSuccess": Opt-in for partial success behavior which
-// provides partial results in case of failure. The default value is
-// false.
-func (c *SnapshotsListCall) ReturnPartialSuccess(returnPartialSuccess bool) *SnapshotsListCall {
-	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
+	c.sslCertificate = sslCertificate
 	return c
 }
 
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SnapshotsListCall) Fields(s ...googleapi.Field) *SnapshotsListCall {
+func (c *SslCertificatesGetCall) Fields(s ...googleapi.Field) *SslCertificatesGetCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -212489,7 +221277,7 @@ func (c *SnapshotsListCall) Fields(s ...googleapi.Field) *SnapshotsListCall {
 // getting updates only after the object has changed since the last
 // request. Use googleapi.IsNotModified to check whether the response
 // error from Do is the result of In-None-Match.
-func (c *SnapshotsListCall) IfNoneMatch(entityTag string) *SnapshotsListCall {
+func (c *SslCertificatesGetCall) IfNoneMatch(entityTag string) *SslCertificatesGetCall {
 	c.ifNoneMatch_ = entityTag
 	return c
 }
@@ -212497,21 +221285,21 @@ func (c *SnapshotsListCall) IfNoneMatch(entityTag string) *SnapshotsListCall {
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SnapshotsListCall) Context(ctx context.Context) *SnapshotsListCall {
+func (c *SslCertificatesGetCall) Context(ctx context.Context) *SslCertificatesGetCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SnapshotsListCall) Header() http.Header {
+func (c *SslCertificatesGetCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SnapshotsListCall) doRequest(alt string) (*http.Response, error) {
+func (c *SslCertificatesGetCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -212524,7 +221312,7 @@ func (c *SnapshotsListCall) doRequest(alt string) (*http.Response, error) {
 	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/snapshots")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/sslCertificates/{sslCertificate}")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("GET", urls, body)
 	if err != nil {
@@ -212532,19 +221320,20 @@ func (c *SnapshotsListCall) doRequest(alt string) (*http.Response, error) {
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project": c.project,
+		"project":        c.project,
+		"sslCertificate": c.sslCertificate,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.snapshots.list" call.
-// Exactly one of *SnapshotList or error will be non-nil. Any non-2xx
+// Do executes the "compute.sslCertificates.get" call.
+// Exactly one of *SslCertificate or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
-// *SnapshotList.ServerResponse.Header or (if a response was returned at
-// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
-// to check whether the returned error was because
-// http.StatusNotModified was returned.
-func (c *SnapshotsListCall) Do(opts ...googleapi.CallOption) (*SnapshotList, error) {
+// *SslCertificate.ServerResponse.Header or (if a response was returned
+// at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *SslCertificatesGetCall) Do(opts ...googleapi.CallOption) (*SslCertificate, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -212563,7 +221352,7 @@ func (c *SnapshotsListCall) Do(opts ...googleapi.CallOption) (*SnapshotList, err
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &SnapshotList{
+	ret := &SslCertificate{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -212575,37 +221364,15 @@ func (c *SnapshotsListCall) Do(opts ...googleapi.CallOption) (*SnapshotList, err
 	}
 	return ret, nil
 	// {
-	//   "description": "Retrieves the list of Snapshot resources contained within the specified project.",
-	//   "flatPath": "projects/{project}/global/snapshots",
+	//   "description": "Returns the specified SslCertificate resource.",
+	//   "flatPath": "projects/{project}/global/sslCertificates/{sslCertificate}",
 	//   "httpMethod": "GET",
-	//   "id": "compute.snapshots.list",
+	//   "id": "compute.sslCertificates.get",
 	//   "parameterOrder": [
-	//     "project"
+	//     "project",
+	//     "sslCertificate"
 	//   ],
 	//   "parameters": {
-	//     "filter": {
-	//       "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "maxResults": {
-	//       "default": "500",
-	//       "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
-	//       "format": "uint32",
-	//       "location": "query",
-	//       "minimum": "0",
-	//       "type": "integer"
-	//     },
-	//     "orderBy": {
-	//       "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "pageToken": {
-	//       "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
 	//     "project": {
 	//       "description": "Project ID for this request.",
 	//       "location": "path",
@@ -212613,15 +221380,17 @@ func (c *SnapshotsListCall) Do(opts ...googleapi.CallOption) (*SnapshotList, err
 	//       "required": true,
 	//       "type": "string"
 	//     },
-	//     "returnPartialSuccess": {
-	//       "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
-	//       "location": "query",
-	//       "type": "boolean"
+	//     "sslCertificate": {
+	//       "description": "Name of the SslCertificate resource to return.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/snapshots",
+	//   "path": "projects/{project}/global/sslCertificates/{sslCertificate}",
 	//   "response": {
-	//     "$ref": "SnapshotList"
+	//     "$ref": "SslCertificate"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
@@ -212632,56 +221401,48 @@ func (c *SnapshotsListCall) Do(opts ...googleapi.CallOption) (*SnapshotList, err
 
 }
 
-// Pages invokes f for each page of results.
-// A non-nil error returned from f will halt the iteration.
-// The provided context supersedes any context provided to the Context method.
-func (c *SnapshotsListCall) Pages(ctx context.Context, f func(*SnapshotList) error) error {
-	c.ctx_ = ctx
-	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
-	for {
-		x, err := c.Do()
-		if err != nil {
-			return err
-		}
-		if err := f(x); err != nil {
-			return err
-		}
-		if x.NextPageToken == "" {
-			return nil
-		}
-		c.PageToken(x.NextPageToken)
-	}
-}
-
-// method id "compute.snapshots.setIamPolicy":
+// method id "compute.sslCertificates.insert":
 
-type SnapshotsSetIamPolicyCall struct {
-	s                      *Service
-	project                string
-	resource               string
-	globalsetpolicyrequest *GlobalSetPolicyRequest
-	urlParams_             gensupport.URLParams
-	ctx_                   context.Context
-	header_                http.Header
+type SslCertificatesInsertCall struct {
+	s              *Service
+	project        string
+	sslcertificate *SslCertificate
+	urlParams_     gensupport.URLParams
+	ctx_           context.Context
+	header_        http.Header
 }
 
-// SetIamPolicy: Sets the access control policy on the specified
-// resource. Replaces any existing policy.
+// Insert: Creates a SslCertificate resource in the specified project
+// using the data included in the request.
 //
 // - project: Project ID for this request.
-// - resource: Name or id of the resource for this request.
-func (r *SnapshotsService) SetIamPolicy(project string, resource string, globalsetpolicyrequest *GlobalSetPolicyRequest) *SnapshotsSetIamPolicyCall {
-	c := &SnapshotsSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *SslCertificatesService) Insert(project string, sslcertificate *SslCertificate) *SslCertificatesInsertCall {
+	c := &SslCertificatesInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.resource = resource
-	c.globalsetpolicyrequest = globalsetpolicyrequest
+	c.sslcertificate = sslcertificate
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *SslCertificatesInsertCall) RequestId(requestId string) *SslCertificatesInsertCall {
+	c.urlParams_.Set("requestId", requestId)
 	return c
 }
 
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SnapshotsSetIamPolicyCall) Fields(s ...googleapi.Field) *SnapshotsSetIamPolicyCall {
+func (c *SslCertificatesInsertCall) Fields(s ...googleapi.Field) *SslCertificatesInsertCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -212689,21 +221450,21 @@ func (c *SnapshotsSetIamPolicyCall) Fields(s ...googleapi.Field) *SnapshotsSetIa
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SnapshotsSetIamPolicyCall) Context(ctx context.Context) *SnapshotsSetIamPolicyCall {
+func (c *SslCertificatesInsertCall) Context(ctx context.Context) *SslCertificatesInsertCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SnapshotsSetIamPolicyCall) Header() http.Header {
+func (c *SslCertificatesInsertCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SnapshotsSetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
+func (c *SslCertificatesInsertCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -212711,14 +221472,14 @@ func (c *SnapshotsSetIamPolicyCall) doRequest(alt string) (*http.Response, error
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.globalsetpolicyrequest)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.sslcertificate)
 	if err != nil {
 		return nil, err
 	}
 	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/snapshots/{resource}/setIamPolicy")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/sslCertificates")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -212726,20 +221487,19 @@ func (c *SnapshotsSetIamPolicyCall) doRequest(alt string) (*http.Response, error
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project":  c.project,
-		"resource": c.resource,
+		"project": c.project,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.snapshots.setIamPolicy" call.
-// Exactly one of *Policy or error will be non-nil. Any non-2xx status
-// code is an error. Response headers are in either
-// *Policy.ServerResponse.Header or (if a response was returned at all)
-// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
-// check whether the returned error was because http.StatusNotModified
-// was returned.
-func (c *SnapshotsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
+// Do executes the "compute.sslCertificates.insert" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *SslCertificatesInsertCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -212758,7 +221518,7 @@ func (c *SnapshotsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, e
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &Policy{
+	ret := &Operation{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -212770,13 +221530,12 @@ func (c *SnapshotsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, e
 	}
 	return ret, nil
 	// {
-	//   "description": "Sets the access control policy on the specified resource. Replaces any existing policy.",
-	//   "flatPath": "projects/{project}/global/snapshots/{resource}/setIamPolicy",
+	//   "description": "Creates a SslCertificate resource in the specified project using the data included in the request.",
+	//   "flatPath": "projects/{project}/global/sslCertificates",
 	//   "httpMethod": "POST",
-	//   "id": "compute.snapshots.setIamPolicy",
+	//   "id": "compute.sslCertificates.insert",
 	//   "parameterOrder": [
-	//     "project",
-	//     "resource"
+	//     "project"
 	//   ],
 	//   "parameters": {
 	//     "project": {
@@ -212786,20 +221545,18 @@ func (c *SnapshotsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, e
 	//       "required": true,
 	//       "type": "string"
 	//     },
-	//     "resource": {
-	//       "description": "Name or id of the resource for this request.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9_]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-	//       "required": true,
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/snapshots/{resource}/setIamPolicy",
+	//   "path": "projects/{project}/global/sslCertificates",
 	//   "request": {
-	//     "$ref": "GlobalSetPolicyRequest"
+	//     "$ref": "SslCertificate"
 	//   },
 	//   "response": {
-	//     "$ref": "Policy"
+	//     "$ref": "Operation"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
@@ -212809,93 +221566,178 @@ func (c *SnapshotsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, e
 
 }
 
-// method id "compute.snapshots.setLabels":
+// method id "compute.sslCertificates.list":
 
-type SnapshotsSetLabelsCall struct {
-	s                      *Service
-	project                string
-	resource               string
-	globalsetlabelsrequest *GlobalSetLabelsRequest
-	urlParams_             gensupport.URLParams
-	ctx_                   context.Context
-	header_                http.Header
+type SslCertificatesListCall struct {
+	s            *Service
+	project      string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
 }
 
-// SetLabels: Sets the labels on a snapshot. To learn more about labels,
-// read the Labeling Resources documentation.
+// List: Retrieves the list of SslCertificate resources available to the
+// specified project.
 //
 // - project: Project ID for this request.
-// - resource: Name or id of the resource for this request.
-func (r *SnapshotsService) SetLabels(project string, resource string, globalsetlabelsrequest *GlobalSetLabelsRequest) *SnapshotsSetLabelsCall {
-	c := &SnapshotsSetLabelsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *SslCertificatesService) List(project string) *SslCertificatesListCall {
+	c := &SslCertificatesListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.resource = resource
-	c.globalsetlabelsrequest = globalsetlabelsrequest
+	return c
+}
+
+// Filter sets the optional parameter "filter": A filter expression that
+// filters resources listed in the response. Most Compute resources
+// support two types of filter expressions: expressions that support
+// regular expressions and expressions that follow API improvement
+// proposal AIP-160. If you want to use AIP-160, your expression must
+// specify the field name, an operator, and the value that you want to
+// use for filtering. The value must be a string, a number, or a
+// boolean. The operator must be either `=`, `!=`, `>`, `<`, `<=`, `>=`
+// or `:`. For example, if you are filtering Compute Engine instances,
+// you can exclude instances named `example-instance` by specifying
+// `name != example-instance`. The `:` operator can be used with string
+// fields to match substrings. For non-string fields it is equivalent to
+// the `=` operator. The `:*` comparison can be used to test whether a
+// key has been defined. For example, to find all objects with `owner`
+// label use: ``` labels.owner:* ``` You can also filter nested fields.
+// For example, you could specify `scheduling.automaticRestart = false`
+// to include instances only if they are not scheduled for automatic
+// restarts. You can use filtering on nested fields to filter based on
+// resource labels. To filter on multiple expressions, provide each
+// separate expression within parentheses. For example: ```
+// (scheduling.automaticRestart = true) (cpuPlatform = "Intel Skylake")
+// ``` By default, each expression is an `AND` expression. However, you
+// can include `AND` and `OR` expressions explicitly. For example: ```
+// (cpuPlatform = "Intel Skylake") OR (cpuPlatform = "Intel Broadwell")
+// AND (scheduling.automaticRestart = true) ``` If you want to use a
+// regular expression, use the `eq` (equal) or `ne` (not equal) operator
+// against a single un-parenthesized expression with or without quotes
+// or against multiple parenthesized expressions. Examples: `fieldname
+// eq unquoted literal` `fieldname eq 'single quoted literal'`
+// `fieldname eq "double quoted literal" `(fieldname1 eq literal)
+// (fieldname2 ne "literal")` The literal value is interpreted as a
+// regular expression using Google RE2 library syntax. The literal value
+// must match the entire field. For example, to filter for instances
+// that do not end with name "instance", you would use `name ne
+// .*instance`.
+func (c *SslCertificatesListCall) Filter(filter string) *SslCertificatesListCall {
+	c.urlParams_.Set("filter", filter)
+	return c
+}
+
+// MaxResults sets the optional parameter "maxResults": The maximum
+// number of results per page that should be returned. If the number of
+// available results is larger than `maxResults`, Compute Engine returns
+// a `nextPageToken` that can be used to get the next page of results in
+// subsequent list requests. Acceptable values are `0` to `500`,
+// inclusive. (Default: `500`)
+func (c *SslCertificatesListCall) MaxResults(maxResults int64) *SslCertificatesListCall {
+	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
+	return c
+}
+
+// OrderBy sets the optional parameter "orderBy": Sorts list results by
+// a certain order. By default, results are returned in alphanumerical
+// order based on the resource name. You can also sort results in
+// descending order based on the creation timestamp using
+// `orderBy="creationTimestamp desc". This sorts results based on the
+// `creationTimestamp` field in reverse chronological order (newest
+// result first). Use this to sort resources like operations so that the
+// newest operation is returned first. Currently, only sorting by `name`
+// or `creationTimestamp desc` is supported.
+func (c *SslCertificatesListCall) OrderBy(orderBy string) *SslCertificatesListCall {
+	c.urlParams_.Set("orderBy", orderBy)
+	return c
+}
+
+// PageToken sets the optional parameter "pageToken": Specifies a page
+// token to use. Set `pageToken` to the `nextPageToken` returned by a
+// previous list request to get the next page of results.
+func (c *SslCertificatesListCall) PageToken(pageToken string) *SslCertificatesListCall {
+	c.urlParams_.Set("pageToken", pageToken)
+	return c
+}
+
+// ReturnPartialSuccess sets the optional parameter
+// "returnPartialSuccess": Opt-in for partial success behavior which
+// provides partial results in case of failure. The default value is
+// false.
+func (c *SslCertificatesListCall) ReturnPartialSuccess(returnPartialSuccess bool) *SslCertificatesListCall {
+	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
 	return c
 }
 
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SnapshotsSetLabelsCall) Fields(s ...googleapi.Field) *SnapshotsSetLabelsCall {
+func (c *SslCertificatesListCall) Fields(s ...googleapi.Field) *SslCertificatesListCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
 
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *SslCertificatesListCall) IfNoneMatch(entityTag string) *SslCertificatesListCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SnapshotsSetLabelsCall) Context(ctx context.Context) *SnapshotsSetLabelsCall {
+func (c *SslCertificatesListCall) Context(ctx context.Context) *SslCertificatesListCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SnapshotsSetLabelsCall) Header() http.Header {
+func (c *SslCertificatesListCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SnapshotsSetLabelsCall) doRequest(alt string) (*http.Response, error) {
+func (c *SslCertificatesListCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
 		reqHeaders[k] = v
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.globalsetlabelsrequest)
-	if err != nil {
-		return nil, err
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
 	}
-	reqHeaders.Set("Content-Type", "application/json")
+	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/snapshots/{resource}/setLabels")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/sslCertificates")
 	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("POST", urls, body)
+	req, err := http.NewRequest("GET", urls, body)
 	if err != nil {
 		return nil, err
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project":  c.project,
-		"resource": c.resource,
+		"project": c.project,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.snapshots.setLabels" call.
-// Exactly one of *Operation or error will be non-nil. Any non-2xx
-// status code is an error. Response headers are in either
-// *Operation.ServerResponse.Header or (if a response was returned at
-// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
-// to check whether the returned error was because
-// http.StatusNotModified was returned.
-func (c *SnapshotsSetLabelsCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+// Do executes the "compute.sslCertificates.list" call.
+// Exactly one of *SslCertificateList or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *SslCertificateList.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *SslCertificatesListCall) Do(opts ...googleapi.CallOption) (*SslCertificateList, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -212914,7 +221756,7 @@ func (c *SnapshotsSetLabelsCall) Do(opts ...googleapi.CallOption) (*Operation, e
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &Operation{
+	ret := &SslCertificateList{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -212926,15 +221768,37 @@ func (c *SnapshotsSetLabelsCall) Do(opts ...googleapi.CallOption) (*Operation, e
 	}
 	return ret, nil
 	// {
-	//   "description": "Sets the labels on a snapshot. To learn more about labels, read the Labeling Resources documentation.",
-	//   "flatPath": "projects/{project}/global/snapshots/{resource}/setLabels",
-	//   "httpMethod": "POST",
-	//   "id": "compute.snapshots.setLabels",
+	//   "description": "Retrieves the list of SslCertificate resources available to the specified project.",
+	//   "flatPath": "projects/{project}/global/sslCertificates",
+	//   "httpMethod": "GET",
+	//   "id": "compute.sslCertificates.list",
 	//   "parameterOrder": [
-	//     "project",
-	//     "resource"
+	//     "project"
 	//   ],
 	//   "parameters": {
+	//     "filter": {
+	//       "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "maxResults": {
+	//       "default": "500",
+	//       "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+	//       "format": "uint32",
+	//       "location": "query",
+	//       "minimum": "0",
+	//       "type": "integer"
+	//     },
+	//     "orderBy": {
+	//       "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "pageToken": {
+	//       "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
 	//     "project": {
 	//       "description": "Project ID for this request.",
 	//       "location": "path",
@@ -212942,32 +221806,49 @@ func (c *SnapshotsSetLabelsCall) Do(opts ...googleapi.CallOption) (*Operation, e
 	//       "required": true,
 	//       "type": "string"
 	//     },
-	//     "resource": {
-	//       "description": "Name or id of the resource for this request.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9_]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-	//       "required": true,
-	//       "type": "string"
+	//     "returnPartialSuccess": {
+	//       "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+	//       "location": "query",
+	//       "type": "boolean"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/snapshots/{resource}/setLabels",
-	//   "request": {
-	//     "$ref": "GlobalSetLabelsRequest"
-	//   },
+	//   "path": "projects/{project}/global/sslCertificates",
 	//   "response": {
-	//     "$ref": "Operation"
+	//     "$ref": "SslCertificateList"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/compute"
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
 	//   ]
 	// }
 
 }
 
-// method id "compute.snapshots.testIamPermissions":
+// Pages invokes f for each page of results.
+// A non-nil error returned from f will halt the iteration.
+// The provided context supersedes any context provided to the Context method.
+func (c *SslCertificatesListCall) Pages(ctx context.Context, f func(*SslCertificateList) error) error {
+	c.ctx_ = ctx
+	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
+	for {
+		x, err := c.Do()
+		if err != nil {
+			return err
+		}
+		if err := f(x); err != nil {
+			return err
+		}
+		if x.NextPageToken == "" {
+			return nil
+		}
+		c.PageToken(x.NextPageToken)
+	}
+}
 
-type SnapshotsTestIamPermissionsCall struct {
+// method id "compute.sslCertificates.testIamPermissions":
+
+type SslCertificatesTestIamPermissionsCall struct {
 	s                      *Service
 	project                string
 	resource               string
@@ -212982,8 +221863,8 @@ type SnapshotsTestIamPermissionsCall struct {
 //
 // - project: Project ID for this request.
 // - resource: Name or id of the resource for this request.
-func (r *SnapshotsService) TestIamPermissions(project string, resource string, testpermissionsrequest *TestPermissionsRequest) *SnapshotsTestIamPermissionsCall {
-	c := &SnapshotsTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *SslCertificatesService) TestIamPermissions(project string, resource string, testpermissionsrequest *TestPermissionsRequest) *SslCertificatesTestIamPermissionsCall {
+	c := &SslCertificatesTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.resource = resource
 	c.testpermissionsrequest = testpermissionsrequest
@@ -212993,7 +221874,7 @@ func (r *SnapshotsService) TestIamPermissions(project string, resource string, t
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SnapshotsTestIamPermissionsCall) Fields(s ...googleapi.Field) *SnapshotsTestIamPermissionsCall {
+func (c *SslCertificatesTestIamPermissionsCall) Fields(s ...googleapi.Field) *SslCertificatesTestIamPermissionsCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -213001,21 +221882,21 @@ func (c *SnapshotsTestIamPermissionsCall) Fields(s ...googleapi.Field) *Snapshot
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SnapshotsTestIamPermissionsCall) Context(ctx context.Context) *SnapshotsTestIamPermissionsCall {
+func (c *SslCertificatesTestIamPermissionsCall) Context(ctx context.Context) *SslCertificatesTestIamPermissionsCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SnapshotsTestIamPermissionsCall) Header() http.Header {
+func (c *SslCertificatesTestIamPermissionsCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SnapshotsTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
+func (c *SslCertificatesTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -213030,7 +221911,7 @@ func (c *SnapshotsTestIamPermissionsCall) doRequest(alt string) (*http.Response,
 	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/snapshots/{resource}/testIamPermissions")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/sslCertificates/{resource}/testIamPermissions")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -213044,14 +221925,14 @@ func (c *SnapshotsTestIamPermissionsCall) doRequest(alt string) (*http.Response,
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.snapshots.testIamPermissions" call.
+// Do executes the "compute.sslCertificates.testIamPermissions" call.
 // Exactly one of *TestPermissionsResponse or error will be non-nil. Any
 // non-2xx status code is an error. Response headers are in either
 // *TestPermissionsResponse.ServerResponse.Header or (if a response was
 // returned at all) in error.(*googleapi.Error).Header. Use
 // googleapi.IsNotModified to check whether the returned error was
 // because http.StatusNotModified was returned.
-func (c *SnapshotsTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestPermissionsResponse, error) {
+func (c *SslCertificatesTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestPermissionsResponse, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -213083,9 +221964,9 @@ func (c *SnapshotsTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*Tes
 	return ret, nil
 	// {
 	//   "description": "Returns permissions that a caller has on the specified resource.",
-	//   "flatPath": "projects/{project}/global/snapshots/{resource}/testIamPermissions",
+	//   "flatPath": "projects/{project}/global/sslCertificates/{resource}/testIamPermissions",
 	//   "httpMethod": "POST",
-	//   "id": "compute.snapshots.testIamPermissions",
+	//   "id": "compute.sslCertificates.testIamPermissions",
 	//   "parameterOrder": [
 	//     "project",
 	//     "resource"
@@ -213106,7 +221987,7 @@ func (c *SnapshotsTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*Tes
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/snapshots/{resource}/testIamPermissions",
+	//   "path": "projects/{project}/global/sslCertificates/{resource}/testIamPermissions",
 	//   "request": {
 	//     "$ref": "TestPermissionsRequest"
 	//   },
@@ -213122,9 +222003,9 @@ func (c *SnapshotsTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*Tes
 
 }
 
-// method id "compute.sslCertificates.aggregatedList":
+// method id "compute.sslPolicies.aggregatedList":
 
-type SslCertificatesAggregatedListCall struct {
+type SslPoliciesAggregatedListCall struct {
 	s            *Service
 	project      string
 	urlParams_   gensupport.URLParams
@@ -213133,12 +222014,12 @@ type SslCertificatesAggregatedListCall struct {
 	header_      http.Header
 }
 
-// AggregatedList: Retrieves the list of all SslCertificate resources,
+// AggregatedList: Retrieves the list of all SslPolicy resources,
 // regional and global, available to the specified project.
 //
 // - project: Name of the project scoping this request.
-func (r *SslCertificatesService) AggregatedList(project string) *SslCertificatesAggregatedListCall {
-	c := &SslCertificatesAggregatedListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *SslPoliciesService) AggregatedList(project string) *SslPoliciesAggregatedListCall {
+	c := &SslPoliciesAggregatedListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	return c
 }
@@ -213178,7 +222059,7 @@ func (r *SslCertificatesService) AggregatedList(project string) *SslCertificates
 // must match the entire field. For example, to filter for instances
 // that do not end with name "instance", you would use `name ne
 // .*instance`.
-func (c *SslCertificatesAggregatedListCall) Filter(filter string) *SslCertificatesAggregatedListCall {
+func (c *SslPoliciesAggregatedListCall) Filter(filter string) *SslPoliciesAggregatedListCall {
 	c.urlParams_.Set("filter", filter)
 	return c
 }
@@ -213191,7 +222072,7 @@ func (c *SslCertificatesAggregatedListCall) Filter(filter string) *SslCertificat
 // response. For resource types which predate this field, if this flag
 // is omitted or false, only scopes of the scope types where the
 // resource type is expected to be found will be included.
-func (c *SslCertificatesAggregatedListCall) IncludeAllScopes(includeAllScopes bool) *SslCertificatesAggregatedListCall {
+func (c *SslPoliciesAggregatedListCall) IncludeAllScopes(includeAllScopes bool) *SslPoliciesAggregatedListCall {
 	c.urlParams_.Set("includeAllScopes", fmt.Sprint(includeAllScopes))
 	return c
 }
@@ -213202,7 +222083,7 @@ func (c *SslCertificatesAggregatedListCall) IncludeAllScopes(includeAllScopes bo
 // a `nextPageToken` that can be used to get the next page of results in
 // subsequent list requests. Acceptable values are `0` to `500`,
 // inclusive. (Default: `500`)
-func (c *SslCertificatesAggregatedListCall) MaxResults(maxResults int64) *SslCertificatesAggregatedListCall {
+func (c *SslPoliciesAggregatedListCall) MaxResults(maxResults int64) *SslPoliciesAggregatedListCall {
 	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
 	return c
 }
@@ -213216,7 +222097,7 @@ func (c *SslCertificatesAggregatedListCall) MaxResults(maxResults int64) *SslCer
 // result first). Use this to sort resources like operations so that the
 // newest operation is returned first. Currently, only sorting by `name`
 // or `creationTimestamp desc` is supported.
-func (c *SslCertificatesAggregatedListCall) OrderBy(orderBy string) *SslCertificatesAggregatedListCall {
+func (c *SslPoliciesAggregatedListCall) OrderBy(orderBy string) *SslPoliciesAggregatedListCall {
 	c.urlParams_.Set("orderBy", orderBy)
 	return c
 }
@@ -213224,7 +222105,7 @@ func (c *SslCertificatesAggregatedListCall) OrderBy(orderBy string) *SslCertific
 // PageToken sets the optional parameter "pageToken": Specifies a page
 // token to use. Set `pageToken` to the `nextPageToken` returned by a
 // previous list request to get the next page of results.
-func (c *SslCertificatesAggregatedListCall) PageToken(pageToken string) *SslCertificatesAggregatedListCall {
+func (c *SslPoliciesAggregatedListCall) PageToken(pageToken string) *SslPoliciesAggregatedListCall {
 	c.urlParams_.Set("pageToken", pageToken)
 	return c
 }
@@ -213233,7 +222114,7 @@ func (c *SslCertificatesAggregatedListCall) PageToken(pageToken string) *SslCert
 // "returnPartialSuccess": Opt-in for partial success behavior which
 // provides partial results in case of failure. The default value is
 // false.
-func (c *SslCertificatesAggregatedListCall) ReturnPartialSuccess(returnPartialSuccess bool) *SslCertificatesAggregatedListCall {
+func (c *SslPoliciesAggregatedListCall) ReturnPartialSuccess(returnPartialSuccess bool) *SslPoliciesAggregatedListCall {
 	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
 	return c
 }
@@ -213241,7 +222122,7 @@ func (c *SslCertificatesAggregatedListCall) ReturnPartialSuccess(returnPartialSu
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SslCertificatesAggregatedListCall) Fields(s ...googleapi.Field) *SslCertificatesAggregatedListCall {
+func (c *SslPoliciesAggregatedListCall) Fields(s ...googleapi.Field) *SslPoliciesAggregatedListCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -213251,7 +222132,7 @@ func (c *SslCertificatesAggregatedListCall) Fields(s ...googleapi.Field) *SslCer
 // getting updates only after the object has changed since the last
 // request. Use googleapi.IsNotModified to check whether the response
 // error from Do is the result of In-None-Match.
-func (c *SslCertificatesAggregatedListCall) IfNoneMatch(entityTag string) *SslCertificatesAggregatedListCall {
+func (c *SslPoliciesAggregatedListCall) IfNoneMatch(entityTag string) *SslPoliciesAggregatedListCall {
 	c.ifNoneMatch_ = entityTag
 	return c
 }
@@ -213259,21 +222140,21 @@ func (c *SslCertificatesAggregatedListCall) IfNoneMatch(entityTag string) *SslCe
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SslCertificatesAggregatedListCall) Context(ctx context.Context) *SslCertificatesAggregatedListCall {
+func (c *SslPoliciesAggregatedListCall) Context(ctx context.Context) *SslPoliciesAggregatedListCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SslCertificatesAggregatedListCall) Header() http.Header {
+func (c *SslPoliciesAggregatedListCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SslCertificatesAggregatedListCall) doRequest(alt string) (*http.Response, error) {
+func (c *SslPoliciesAggregatedListCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -213286,7 +222167,7 @@ func (c *SslCertificatesAggregatedListCall) doRequest(alt string) (*http.Respons
 	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/aggregated/sslCertificates")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/aggregated/sslPolicies")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("GET", urls, body)
 	if err != nil {
@@ -213299,14 +222180,14 @@ func (c *SslCertificatesAggregatedListCall) doRequest(alt string) (*http.Respons
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.sslCertificates.aggregatedList" call.
-// Exactly one of *SslCertificateAggregatedList or error will be
-// non-nil. Any non-2xx status code is an error. Response headers are in
-// either *SslCertificateAggregatedList.ServerResponse.Header or (if a
-// response was returned at all) in error.(*googleapi.Error).Header. Use
+// Do executes the "compute.sslPolicies.aggregatedList" call.
+// Exactly one of *SslPoliciesAggregatedList or error will be non-nil.
+// Any non-2xx status code is an error. Response headers are in either
+// *SslPoliciesAggregatedList.ServerResponse.Header or (if a response
+// was returned at all) in error.(*googleapi.Error).Header. Use
 // googleapi.IsNotModified to check whether the returned error was
 // because http.StatusNotModified was returned.
-func (c *SslCertificatesAggregatedListCall) Do(opts ...googleapi.CallOption) (*SslCertificateAggregatedList, error) {
+func (c *SslPoliciesAggregatedListCall) Do(opts ...googleapi.CallOption) (*SslPoliciesAggregatedList, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -213325,7 +222206,7 @@ func (c *SslCertificatesAggregatedListCall) Do(opts ...googleapi.CallOption) (*S
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &SslCertificateAggregatedList{
+	ret := &SslPoliciesAggregatedList{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -213337,10 +222218,10 @@ func (c *SslCertificatesAggregatedListCall) Do(opts ...googleapi.CallOption) (*S
 	}
 	return ret, nil
 	// {
-	//   "description": "Retrieves the list of all SslCertificate resources, regional and global, available to the specified project.",
-	//   "flatPath": "projects/{project}/aggregated/sslCertificates",
+	//   "description": "Retrieves the list of all SslPolicy resources, regional and global, available to the specified project.",
+	//   "flatPath": "projects/{project}/aggregated/sslPolicies",
 	//   "httpMethod": "GET",
-	//   "id": "compute.sslCertificates.aggregatedList",
+	//   "id": "compute.sslPolicies.aggregatedList",
 	//   "parameterOrder": [
 	//     "project"
 	//   ],
@@ -213386,9 +222267,9 @@ func (c *SslCertificatesAggregatedListCall) Do(opts ...googleapi.CallOption) (*S
 	//       "type": "boolean"
 	//     }
 	//   },
-	//   "path": "projects/{project}/aggregated/sslCertificates",
+	//   "path": "projects/{project}/aggregated/sslPolicies",
 	//   "response": {
-	//     "$ref": "SslCertificateAggregatedList"
+	//     "$ref": "SslPoliciesAggregatedList"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
@@ -213402,7 +222283,7 @@ func (c *SslCertificatesAggregatedListCall) Do(opts ...googleapi.CallOption) (*S
 // Pages invokes f for each page of results.
 // A non-nil error returned from f will halt the iteration.
 // The provided context supersedes any context provided to the Context method.
-func (c *SslCertificatesAggregatedListCall) Pages(ctx context.Context, f func(*SslCertificateAggregatedList) error) error {
+func (c *SslPoliciesAggregatedListCall) Pages(ctx context.Context, f func(*SslPoliciesAggregatedList) error) error {
 	c.ctx_ = ctx
 	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
 	for {
@@ -213420,25 +222301,28 @@ func (c *SslCertificatesAggregatedListCall) Pages(ctx context.Context, f func(*S
 	}
 }
 
-// method id "compute.sslCertificates.delete":
+// method id "compute.sslPolicies.delete":
 
-type SslCertificatesDeleteCall struct {
-	s              *Service
-	project        string
-	sslCertificate string
-	urlParams_     gensupport.URLParams
-	ctx_           context.Context
-	header_        http.Header
+type SslPoliciesDeleteCall struct {
+	s          *Service
+	project    string
+	sslPolicy  string
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
 }
 
-// Delete: Deletes the specified SslCertificate resource.
+// Delete: Deletes the specified SSL policy. The SSL policy resource can
+// be deleted only if it is not in use by any TargetHttpsProxy or
+// TargetSslProxy resources.
 //
-// - project: Project ID for this request.
-// - sslCertificate: Name of the SslCertificate resource to delete.
-func (r *SslCertificatesService) Delete(project string, sslCertificate string) *SslCertificatesDeleteCall {
-	c := &SslCertificatesDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+//   - project: Project ID for this request.
+//   - sslPolicy: Name of the SSL policy to delete. The name must be 1-63
+//     characters long, and comply with RFC1035.
+func (r *SslPoliciesService) Delete(project string, sslPolicy string) *SslPoliciesDeleteCall {
+	c := &SslPoliciesDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.sslCertificate = sslCertificate
+	c.sslPolicy = sslPolicy
 	return c
 }
 
@@ -213453,7 +222337,7 @@ func (r *SslCertificatesService) Delete(project string, sslCertificate string) *
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *SslCertificatesDeleteCall) RequestId(requestId string) *SslCertificatesDeleteCall {
+func (c *SslPoliciesDeleteCall) RequestId(requestId string) *SslPoliciesDeleteCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -213461,7 +222345,7 @@ func (c *SslCertificatesDeleteCall) RequestId(requestId string) *SslCertificates
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SslCertificatesDeleteCall) Fields(s ...googleapi.Field) *SslCertificatesDeleteCall {
+func (c *SslPoliciesDeleteCall) Fields(s ...googleapi.Field) *SslPoliciesDeleteCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -213469,21 +222353,21 @@ func (c *SslCertificatesDeleteCall) Fields(s ...googleapi.Field) *SslCertificate
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SslCertificatesDeleteCall) Context(ctx context.Context) *SslCertificatesDeleteCall {
+func (c *SslPoliciesDeleteCall) Context(ctx context.Context) *SslPoliciesDeleteCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SslCertificatesDeleteCall) Header() http.Header {
+func (c *SslPoliciesDeleteCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SslCertificatesDeleteCall) doRequest(alt string) (*http.Response, error) {
+func (c *SslPoliciesDeleteCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -213493,7 +222377,7 @@ func (c *SslCertificatesDeleteCall) doRequest(alt string) (*http.Response, error
 	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/sslCertificates/{sslCertificate}")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/sslPolicies/{sslPolicy}")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("DELETE", urls, body)
 	if err != nil {
@@ -213501,20 +222385,20 @@ func (c *SslCertificatesDeleteCall) doRequest(alt string) (*http.Response, error
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project":        c.project,
-		"sslCertificate": c.sslCertificate,
+		"project":   c.project,
+		"sslPolicy": c.sslPolicy,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.sslCertificates.delete" call.
+// Do executes the "compute.sslPolicies.delete" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *SslCertificatesDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *SslPoliciesDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -213545,13 +222429,13 @@ func (c *SslCertificatesDeleteCall) Do(opts ...googleapi.CallOption) (*Operation
 	}
 	return ret, nil
 	// {
-	//   "description": "Deletes the specified SslCertificate resource.",
-	//   "flatPath": "projects/{project}/global/sslCertificates/{sslCertificate}",
+	//   "description": "Deletes the specified SSL policy. The SSL policy resource can be deleted only if it is not in use by any TargetHttpsProxy or TargetSslProxy resources.",
+	//   "flatPath": "projects/{project}/global/sslPolicies/{sslPolicy}",
 	//   "httpMethod": "DELETE",
-	//   "id": "compute.sslCertificates.delete",
+	//   "id": "compute.sslPolicies.delete",
 	//   "parameterOrder": [
 	//     "project",
-	//     "sslCertificate"
+	//     "sslPolicy"
 	//   ],
 	//   "parameters": {
 	//     "project": {
@@ -213566,15 +222450,14 @@ func (c *SslCertificatesDeleteCall) Do(opts ...googleapi.CallOption) (*Operation
 	//       "location": "query",
 	//       "type": "string"
 	//     },
-	//     "sslCertificate": {
-	//       "description": "Name of the SslCertificate resource to delete.",
+	//     "sslPolicy": {
+	//       "description": "Name of the SSL policy to delete. The name must be 1-63 characters long, and comply with RFC1035.",
 	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 	//       "required": true,
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/sslCertificates/{sslCertificate}",
+	//   "path": "projects/{project}/global/sslPolicies/{sslPolicy}",
 	//   "response": {
 	//     "$ref": "Operation"
 	//   },
@@ -213586,34 +222469,35 @@ func (c *SslCertificatesDeleteCall) Do(opts ...googleapi.CallOption) (*Operation
 
 }
 
-// method id "compute.sslCertificates.get":
+// method id "compute.sslPolicies.get":
 
-type SslCertificatesGetCall struct {
-	s              *Service
-	project        string
-	sslCertificate string
-	urlParams_     gensupport.URLParams
-	ifNoneMatch_   string
-	ctx_           context.Context
-	header_        http.Header
+type SslPoliciesGetCall struct {
+	s            *Service
+	project      string
+	sslPolicy    string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
 }
 
-// Get: Returns the specified SslCertificate resource. Gets a list of
-// available SSL certificates by making a list() request.
+// Get: Lists all of the ordered rules present in a single specified
+// policy.
 //
-// - project: Project ID for this request.
-// - sslCertificate: Name of the SslCertificate resource to return.
-func (r *SslCertificatesService) Get(project string, sslCertificate string) *SslCertificatesGetCall {
-	c := &SslCertificatesGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+//   - project: Project ID for this request.
+//   - sslPolicy: Name of the SSL policy to update. The name must be 1-63
+//     characters long, and comply with RFC1035.
+func (r *SslPoliciesService) Get(project string, sslPolicy string) *SslPoliciesGetCall {
+	c := &SslPoliciesGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.sslCertificate = sslCertificate
+	c.sslPolicy = sslPolicy
 	return c
 }
 
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SslCertificatesGetCall) Fields(s ...googleapi.Field) *SslCertificatesGetCall {
+func (c *SslPoliciesGetCall) Fields(s ...googleapi.Field) *SslPoliciesGetCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -213623,7 +222507,7 @@ func (c *SslCertificatesGetCall) Fields(s ...googleapi.Field) *SslCertificatesGe
 // getting updates only after the object has changed since the last
 // request. Use googleapi.IsNotModified to check whether the response
 // error from Do is the result of In-None-Match.
-func (c *SslCertificatesGetCall) IfNoneMatch(entityTag string) *SslCertificatesGetCall {
+func (c *SslPoliciesGetCall) IfNoneMatch(entityTag string) *SslPoliciesGetCall {
 	c.ifNoneMatch_ = entityTag
 	return c
 }
@@ -213631,21 +222515,21 @@ func (c *SslCertificatesGetCall) IfNoneMatch(entityTag string) *SslCertificatesG
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SslCertificatesGetCall) Context(ctx context.Context) *SslCertificatesGetCall {
+func (c *SslPoliciesGetCall) Context(ctx context.Context) *SslPoliciesGetCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SslCertificatesGetCall) Header() http.Header {
+func (c *SslPoliciesGetCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SslCertificatesGetCall) doRequest(alt string) (*http.Response, error) {
+func (c *SslPoliciesGetCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -213658,7 +222542,7 @@ func (c *SslCertificatesGetCall) doRequest(alt string) (*http.Response, error) {
 	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/sslCertificates/{sslCertificate}")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/sslPolicies/{sslPolicy}")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("GET", urls, body)
 	if err != nil {
@@ -213666,20 +222550,20 @@ func (c *SslCertificatesGetCall) doRequest(alt string) (*http.Response, error) {
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project":        c.project,
-		"sslCertificate": c.sslCertificate,
+		"project":   c.project,
+		"sslPolicy": c.sslPolicy,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.sslCertificates.get" call.
-// Exactly one of *SslCertificate or error will be non-nil. Any non-2xx
+// Do executes the "compute.sslPolicies.get" call.
+// Exactly one of *SslPolicy or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
-// *SslCertificate.ServerResponse.Header or (if a response was returned
-// at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *SslCertificatesGetCall) Do(opts ...googleapi.CallOption) (*SslCertificate, error) {
+// *SslPolicy.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *SslPoliciesGetCall) Do(opts ...googleapi.CallOption) (*SslPolicy, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -213698,7 +222582,7 @@ func (c *SslCertificatesGetCall) Do(opts ...googleapi.CallOption) (*SslCertifica
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &SslCertificate{
+	ret := &SslPolicy{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -213710,13 +222594,13 @@ func (c *SslCertificatesGetCall) Do(opts ...googleapi.CallOption) (*SslCertifica
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified SslCertificate resource. Gets a list of available SSL certificates by making a list() request.",
-	//   "flatPath": "projects/{project}/global/sslCertificates/{sslCertificate}",
+	//   "description": "Lists all of the ordered rules present in a single specified policy.",
+	//   "flatPath": "projects/{project}/global/sslPolicies/{sslPolicy}",
 	//   "httpMethod": "GET",
-	//   "id": "compute.sslCertificates.get",
+	//   "id": "compute.sslPolicies.get",
 	//   "parameterOrder": [
 	//     "project",
-	//     "sslCertificate"
+	//     "sslPolicy"
 	//   ],
 	//   "parameters": {
 	//     "project": {
@@ -213726,17 +222610,16 @@ func (c *SslCertificatesGetCall) Do(opts ...googleapi.CallOption) (*SslCertifica
 	//       "required": true,
 	//       "type": "string"
 	//     },
-	//     "sslCertificate": {
-	//       "description": "Name of the SslCertificate resource to return.",
+	//     "sslPolicy": {
+	//       "description": "Name of the SSL policy to update. The name must be 1-63 characters long, and comply with RFC1035.",
 	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 	//       "required": true,
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/sslCertificates/{sslCertificate}",
+	//   "path": "projects/{project}/global/sslPolicies/{sslPolicy}",
 	//   "response": {
-	//     "$ref": "SslCertificate"
+	//     "$ref": "SslPolicy"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
@@ -213747,25 +222630,24 @@ func (c *SslCertificatesGetCall) Do(opts ...googleapi.CallOption) (*SslCertifica
 
 }
 
-// method id "compute.sslCertificates.insert":
+// method id "compute.sslPolicies.insert":
 
-type SslCertificatesInsertCall struct {
-	s              *Service
-	project        string
-	sslcertificate *SslCertificate
-	urlParams_     gensupport.URLParams
-	ctx_           context.Context
-	header_        http.Header
+type SslPoliciesInsertCall struct {
+	s          *Service
+	project    string
+	sslpolicy  *SslPolicy
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
 }
 
-// Insert: Creates a SslCertificate resource in the specified project
-// using the data included in the request.
+// Insert: Returns the specified SSL policy resource.
 //
 // - project: Project ID for this request.
-func (r *SslCertificatesService) Insert(project string, sslcertificate *SslCertificate) *SslCertificatesInsertCall {
-	c := &SslCertificatesInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *SslPoliciesService) Insert(project string, sslpolicy *SslPolicy) *SslPoliciesInsertCall {
+	c := &SslPoliciesInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.sslcertificate = sslcertificate
+	c.sslpolicy = sslpolicy
 	return c
 }
 
@@ -213780,7 +222662,7 @@ func (r *SslCertificatesService) Insert(project string, sslcertificate *SslCerti
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *SslCertificatesInsertCall) RequestId(requestId string) *SslCertificatesInsertCall {
+func (c *SslPoliciesInsertCall) RequestId(requestId string) *SslPoliciesInsertCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -213788,7 +222670,7 @@ func (c *SslCertificatesInsertCall) RequestId(requestId string) *SslCertificates
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SslCertificatesInsertCall) Fields(s ...googleapi.Field) *SslCertificatesInsertCall {
+func (c *SslPoliciesInsertCall) Fields(s ...googleapi.Field) *SslPoliciesInsertCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -213796,21 +222678,21 @@ func (c *SslCertificatesInsertCall) Fields(s ...googleapi.Field) *SslCertificate
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SslCertificatesInsertCall) Context(ctx context.Context) *SslCertificatesInsertCall {
+func (c *SslPoliciesInsertCall) Context(ctx context.Context) *SslPoliciesInsertCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SslCertificatesInsertCall) Header() http.Header {
+func (c *SslPoliciesInsertCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SslCertificatesInsertCall) doRequest(alt string) (*http.Response, error) {
+func (c *SslPoliciesInsertCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -213818,14 +222700,14 @@ func (c *SslCertificatesInsertCall) doRequest(alt string) (*http.Response, error
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.sslcertificate)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.sslpolicy)
 	if err != nil {
 		return nil, err
 	}
 	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/sslCertificates")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/sslPolicies")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -213838,14 +222720,14 @@ func (c *SslCertificatesInsertCall) doRequest(alt string) (*http.Response, error
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.sslCertificates.insert" call.
+// Do executes the "compute.sslPolicies.insert" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *SslCertificatesInsertCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *SslPoliciesInsertCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -213876,10 +222758,10 @@ func (c *SslCertificatesInsertCall) Do(opts ...googleapi.CallOption) (*Operation
 	}
 	return ret, nil
 	// {
-	//   "description": "Creates a SslCertificate resource in the specified project using the data included in the request.",
-	//   "flatPath": "projects/{project}/global/sslCertificates",
+	//   "description": "Returns the specified SSL policy resource.",
+	//   "flatPath": "projects/{project}/global/sslPolicies",
 	//   "httpMethod": "POST",
-	//   "id": "compute.sslCertificates.insert",
+	//   "id": "compute.sslPolicies.insert",
 	//   "parameterOrder": [
 	//     "project"
 	//   ],
@@ -213897,9 +222779,9 @@ func (c *SslCertificatesInsertCall) Do(opts ...googleapi.CallOption) (*Operation
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/sslCertificates",
+	//   "path": "projects/{project}/global/sslPolicies",
 	//   "request": {
-	//     "$ref": "SslCertificate"
+	//     "$ref": "SslPolicy"
 	//   },
 	//   "response": {
 	//     "$ref": "Operation"
@@ -213912,9 +222794,9 @@ func (c *SslCertificatesInsertCall) Do(opts ...googleapi.CallOption) (*Operation
 
 }
 
-// method id "compute.sslCertificates.list":
+// method id "compute.sslPolicies.list":
 
-type SslCertificatesListCall struct {
+type SslPoliciesListCall struct {
 	s            *Service
 	project      string
 	urlParams_   gensupport.URLParams
@@ -213923,12 +222805,12 @@ type SslCertificatesListCall struct {
 	header_      http.Header
 }
 
-// List: Retrieves the list of SslCertificate resources available to the
+// List: Lists all the SSL policies that have been configured for the
 // specified project.
 //
 // - project: Project ID for this request.
-func (r *SslCertificatesService) List(project string) *SslCertificatesListCall {
-	c := &SslCertificatesListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *SslPoliciesService) List(project string) *SslPoliciesListCall {
+	c := &SslPoliciesListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	return c
 }
@@ -213968,7 +222850,7 @@ func (r *SslCertificatesService) List(project string) *SslCertificatesListCall {
 // must match the entire field. For example, to filter for instances
 // that do not end with name "instance", you would use `name ne
 // .*instance`.
-func (c *SslCertificatesListCall) Filter(filter string) *SslCertificatesListCall {
+func (c *SslPoliciesListCall) Filter(filter string) *SslPoliciesListCall {
 	c.urlParams_.Set("filter", filter)
 	return c
 }
@@ -213979,7 +222861,7 @@ func (c *SslCertificatesListCall) Filter(filter string) *SslCertificatesListCall
 // a `nextPageToken` that can be used to get the next page of results in
 // subsequent list requests. Acceptable values are `0` to `500`,
 // inclusive. (Default: `500`)
-func (c *SslCertificatesListCall) MaxResults(maxResults int64) *SslCertificatesListCall {
+func (c *SslPoliciesListCall) MaxResults(maxResults int64) *SslPoliciesListCall {
 	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
 	return c
 }
@@ -213993,7 +222875,7 @@ func (c *SslCertificatesListCall) MaxResults(maxResults int64) *SslCertificatesL
 // result first). Use this to sort resources like operations so that the
 // newest operation is returned first. Currently, only sorting by `name`
 // or `creationTimestamp desc` is supported.
-func (c *SslCertificatesListCall) OrderBy(orderBy string) *SslCertificatesListCall {
+func (c *SslPoliciesListCall) OrderBy(orderBy string) *SslPoliciesListCall {
 	c.urlParams_.Set("orderBy", orderBy)
 	return c
 }
@@ -214001,7 +222883,7 @@ func (c *SslCertificatesListCall) OrderBy(orderBy string) *SslCertificatesListCa
 // PageToken sets the optional parameter "pageToken": Specifies a page
 // token to use. Set `pageToken` to the `nextPageToken` returned by a
 // previous list request to get the next page of results.
-func (c *SslCertificatesListCall) PageToken(pageToken string) *SslCertificatesListCall {
+func (c *SslPoliciesListCall) PageToken(pageToken string) *SslPoliciesListCall {
 	c.urlParams_.Set("pageToken", pageToken)
 	return c
 }
@@ -214010,7 +222892,7 @@ func (c *SslCertificatesListCall) PageToken(pageToken string) *SslCertificatesLi
 // "returnPartialSuccess": Opt-in for partial success behavior which
 // provides partial results in case of failure. The default value is
 // false.
-func (c *SslCertificatesListCall) ReturnPartialSuccess(returnPartialSuccess bool) *SslCertificatesListCall {
+func (c *SslPoliciesListCall) ReturnPartialSuccess(returnPartialSuccess bool) *SslPoliciesListCall {
 	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
 	return c
 }
@@ -214018,7 +222900,7 @@ func (c *SslCertificatesListCall) ReturnPartialSuccess(returnPartialSuccess bool
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SslCertificatesListCall) Fields(s ...googleapi.Field) *SslCertificatesListCall {
+func (c *SslPoliciesListCall) Fields(s ...googleapi.Field) *SslPoliciesListCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -214028,7 +222910,7 @@ func (c *SslCertificatesListCall) Fields(s ...googleapi.Field) *SslCertificatesL
 // getting updates only after the object has changed since the last
 // request. Use googleapi.IsNotModified to check whether the response
 // error from Do is the result of In-None-Match.
-func (c *SslCertificatesListCall) IfNoneMatch(entityTag string) *SslCertificatesListCall {
+func (c *SslPoliciesListCall) IfNoneMatch(entityTag string) *SslPoliciesListCall {
 	c.ifNoneMatch_ = entityTag
 	return c
 }
@@ -214036,21 +222918,21 @@ func (c *SslCertificatesListCall) IfNoneMatch(entityTag string) *SslCertificates
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SslCertificatesListCall) Context(ctx context.Context) *SslCertificatesListCall {
+func (c *SslPoliciesListCall) Context(ctx context.Context) *SslPoliciesListCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SslCertificatesListCall) Header() http.Header {
+func (c *SslPoliciesListCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SslCertificatesListCall) doRequest(alt string) (*http.Response, error) {
+func (c *SslPoliciesListCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -214063,7 +222945,7 @@ func (c *SslCertificatesListCall) doRequest(alt string) (*http.Response, error)
 	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/sslCertificates")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/sslPolicies")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("GET", urls, body)
 	if err != nil {
@@ -214076,14 +222958,14 @@ func (c *SslCertificatesListCall) doRequest(alt string) (*http.Response, error)
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.sslCertificates.list" call.
-// Exactly one of *SslCertificateList or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *SslCertificateList.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
+// Do executes the "compute.sslPolicies.list" call.
+// Exactly one of *SslPoliciesList or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *SslPoliciesList.ServerResponse.Header or (if a response was returned
+// at all) in error.(*googleapi.Error).Header. Use
 // googleapi.IsNotModified to check whether the returned error was
 // because http.StatusNotModified was returned.
-func (c *SslCertificatesListCall) Do(opts ...googleapi.CallOption) (*SslCertificateList, error) {
+func (c *SslPoliciesListCall) Do(opts ...googleapi.CallOption) (*SslPoliciesList, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -214102,7 +222984,7 @@ func (c *SslCertificatesListCall) Do(opts ...googleapi.CallOption) (*SslCertific
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &SslCertificateList{
+	ret := &SslPoliciesList{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -214114,10 +222996,10 @@ func (c *SslCertificatesListCall) Do(opts ...googleapi.CallOption) (*SslCertific
 	}
 	return ret, nil
 	// {
-	//   "description": "Retrieves the list of SslCertificate resources available to the specified project.",
-	//   "flatPath": "projects/{project}/global/sslCertificates",
+	//   "description": "Lists all the SSL policies that have been configured for the specified project.",
+	//   "flatPath": "projects/{project}/global/sslPolicies",
 	//   "httpMethod": "GET",
-	//   "id": "compute.sslCertificates.list",
+	//   "id": "compute.sslPolicies.list",
 	//   "parameterOrder": [
 	//     "project"
 	//   ],
@@ -214158,9 +223040,9 @@ func (c *SslCertificatesListCall) Do(opts ...googleapi.CallOption) (*SslCertific
 	//       "type": "boolean"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/sslCertificates",
+	//   "path": "projects/{project}/global/sslPolicies",
 	//   "response": {
-	//     "$ref": "SslCertificateList"
+	//     "$ref": "SslPoliciesList"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
@@ -214174,7 +223056,7 @@ func (c *SslCertificatesListCall) Do(opts ...googleapi.CallOption) (*SslCertific
 // Pages invokes f for each page of results.
 // A non-nil error returned from f will halt the iteration.
 // The provided context supersedes any context provided to the Context method.
-func (c *SslCertificatesListCall) Pages(ctx context.Context, f func(*SslCertificateList) error) error {
+func (c *SslPoliciesListCall) Pages(ctx context.Context, f func(*SslPoliciesList) error) error {
 	c.ctx_ = ctx
 	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
 	for {
@@ -214192,9 +223074,447 @@ func (c *SslCertificatesListCall) Pages(ctx context.Context, f func(*SslCertific
 	}
 }
 
-// method id "compute.sslCertificates.testIamPermissions":
+// method id "compute.sslPolicies.listAvailableFeatures":
+
+type SslPoliciesListAvailableFeaturesCall struct {
+	s            *Service
+	project      string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// ListAvailableFeatures: Lists all features that can be specified in
+// the SSL policy when using custom profile.
+//
+// - project: Project ID for this request.
+func (r *SslPoliciesService) ListAvailableFeatures(project string) *SslPoliciesListAvailableFeaturesCall {
+	c := &SslPoliciesListAvailableFeaturesCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	return c
+}
+
+// Filter sets the optional parameter "filter": A filter expression that
+// filters resources listed in the response. Most Compute resources
+// support two types of filter expressions: expressions that support
+// regular expressions and expressions that follow API improvement
+// proposal AIP-160. If you want to use AIP-160, your expression must
+// specify the field name, an operator, and the value that you want to
+// use for filtering. The value must be a string, a number, or a
+// boolean. The operator must be either `=`, `!=`, `>`, `<`, `<=`, `>=`
+// or `:`. For example, if you are filtering Compute Engine instances,
+// you can exclude instances named `example-instance` by specifying
+// `name != example-instance`. The `:` operator can be used with string
+// fields to match substrings. For non-string fields it is equivalent to
+// the `=` operator. The `:*` comparison can be used to test whether a
+// key has been defined. For example, to find all objects with `owner`
+// label use: ``` labels.owner:* ``` You can also filter nested fields.
+// For example, you could specify `scheduling.automaticRestart = false`
+// to include instances only if they are not scheduled for automatic
+// restarts. You can use filtering on nested fields to filter based on
+// resource labels. To filter on multiple expressions, provide each
+// separate expression within parentheses. For example: ```
+// (scheduling.automaticRestart = true) (cpuPlatform = "Intel Skylake")
+// ``` By default, each expression is an `AND` expression. However, you
+// can include `AND` and `OR` expressions explicitly. For example: ```
+// (cpuPlatform = "Intel Skylake") OR (cpuPlatform = "Intel Broadwell")
+// AND (scheduling.automaticRestart = true) ``` If you want to use a
+// regular expression, use the `eq` (equal) or `ne` (not equal) operator
+// against a single un-parenthesized expression with or without quotes
+// or against multiple parenthesized expressions. Examples: `fieldname
+// eq unquoted literal` `fieldname eq 'single quoted literal'`
+// `fieldname eq "double quoted literal" `(fieldname1 eq literal)
+// (fieldname2 ne "literal")` The literal value is interpreted as a
+// regular expression using Google RE2 library syntax. The literal value
+// must match the entire field. For example, to filter for instances
+// that do not end with name "instance", you would use `name ne
+// .*instance`.
+func (c *SslPoliciesListAvailableFeaturesCall) Filter(filter string) *SslPoliciesListAvailableFeaturesCall {
+	c.urlParams_.Set("filter", filter)
+	return c
+}
+
+// MaxResults sets the optional parameter "maxResults": The maximum
+// number of results per page that should be returned. If the number of
+// available results is larger than `maxResults`, Compute Engine returns
+// a `nextPageToken` that can be used to get the next page of results in
+// subsequent list requests. Acceptable values are `0` to `500`,
+// inclusive. (Default: `500`)
+func (c *SslPoliciesListAvailableFeaturesCall) MaxResults(maxResults int64) *SslPoliciesListAvailableFeaturesCall {
+	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
+	return c
+}
+
+// OrderBy sets the optional parameter "orderBy": Sorts list results by
+// a certain order. By default, results are returned in alphanumerical
+// order based on the resource name. You can also sort results in
+// descending order based on the creation timestamp using
+// `orderBy="creationTimestamp desc". This sorts results based on the
+// `creationTimestamp` field in reverse chronological order (newest
+// result first). Use this to sort resources like operations so that the
+// newest operation is returned first. Currently, only sorting by `name`
+// or `creationTimestamp desc` is supported.
+func (c *SslPoliciesListAvailableFeaturesCall) OrderBy(orderBy string) *SslPoliciesListAvailableFeaturesCall {
+	c.urlParams_.Set("orderBy", orderBy)
+	return c
+}
+
+// PageToken sets the optional parameter "pageToken": Specifies a page
+// token to use. Set `pageToken` to the `nextPageToken` returned by a
+// previous list request to get the next page of results.
+func (c *SslPoliciesListAvailableFeaturesCall) PageToken(pageToken string) *SslPoliciesListAvailableFeaturesCall {
+	c.urlParams_.Set("pageToken", pageToken)
+	return c
+}
+
+// ReturnPartialSuccess sets the optional parameter
+// "returnPartialSuccess": Opt-in for partial success behavior which
+// provides partial results in case of failure. The default value is
+// false.
+func (c *SslPoliciesListAvailableFeaturesCall) ReturnPartialSuccess(returnPartialSuccess bool) *SslPoliciesListAvailableFeaturesCall {
+	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *SslPoliciesListAvailableFeaturesCall) Fields(s ...googleapi.Field) *SslPoliciesListAvailableFeaturesCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *SslPoliciesListAvailableFeaturesCall) IfNoneMatch(entityTag string) *SslPoliciesListAvailableFeaturesCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *SslPoliciesListAvailableFeaturesCall) Context(ctx context.Context) *SslPoliciesListAvailableFeaturesCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *SslPoliciesListAvailableFeaturesCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *SslPoliciesListAvailableFeaturesCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/sslPolicies/listAvailableFeatures")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.sslPolicies.listAvailableFeatures" call.
+// Exactly one of *SslPoliciesListAvailableFeaturesResponse or error
+// will be non-nil. Any non-2xx status code is an error. Response
+// headers are in either
+// *SslPoliciesListAvailableFeaturesResponse.ServerResponse.Header or
+// (if a response was returned at all) in
+// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
+// whether the returned error was because http.StatusNotModified was
+// returned.
+func (c *SslPoliciesListAvailableFeaturesCall) Do(opts ...googleapi.CallOption) (*SslPoliciesListAvailableFeaturesResponse, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &SslPoliciesListAvailableFeaturesResponse{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Lists all features that can be specified in the SSL policy when using custom profile.",
+	//   "flatPath": "projects/{project}/global/sslPolicies/listAvailableFeatures",
+	//   "httpMethod": "GET",
+	//   "id": "compute.sslPolicies.listAvailableFeatures",
+	//   "parameterOrder": [
+	//     "project"
+	//   ],
+	//   "parameters": {
+	//     "filter": {
+	//       "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "maxResults": {
+	//       "default": "500",
+	//       "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+	//       "format": "uint32",
+	//       "location": "query",
+	//       "minimum": "0",
+	//       "type": "integer"
+	//     },
+	//     "orderBy": {
+	//       "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "pageToken": {
+	//       "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "returnPartialSuccess": {
+	//       "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+	//       "location": "query",
+	//       "type": "boolean"
+	//     }
+	//   },
+	//   "path": "projects/{project}/global/sslPolicies/listAvailableFeatures",
+	//   "response": {
+	//     "$ref": "SslPoliciesListAvailableFeaturesResponse"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
+	//   ]
+	// }
+
+}
+
+// method id "compute.sslPolicies.patch":
+
+type SslPoliciesPatchCall struct {
+	s          *Service
+	project    string
+	sslPolicy  string
+	sslpolicy  *SslPolicy
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// Patch: Patches the specified SSL policy with the data included in the
+// request.
+//
+//   - project: Project ID for this request.
+//   - sslPolicy: Name of the SSL policy to update. The name must be 1-63
+//     characters long, and comply with RFC1035.
+func (r *SslPoliciesService) Patch(project string, sslPolicy string, sslpolicy *SslPolicy) *SslPoliciesPatchCall {
+	c := &SslPoliciesPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.sslPolicy = sslPolicy
+	c.sslpolicy = sslpolicy
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *SslPoliciesPatchCall) RequestId(requestId string) *SslPoliciesPatchCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *SslPoliciesPatchCall) Fields(s ...googleapi.Field) *SslPoliciesPatchCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *SslPoliciesPatchCall) Context(ctx context.Context) *SslPoliciesPatchCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *SslPoliciesPatchCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *SslPoliciesPatchCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.sslpolicy)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/sslPolicies/{sslPolicy}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("PATCH", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":   c.project,
+		"sslPolicy": c.sslPolicy,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.sslPolicies.patch" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *SslPoliciesPatchCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Patches the specified SSL policy with the data included in the request.",
+	//   "flatPath": "projects/{project}/global/sslPolicies/{sslPolicy}",
+	//   "httpMethod": "PATCH",
+	//   "id": "compute.sslPolicies.patch",
+	//   "parameterOrder": [
+	//     "project",
+	//     "sslPolicy"
+	//   ],
+	//   "parameters": {
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "sslPolicy": {
+	//       "description": "Name of the SSL policy to update. The name must be 1-63 characters long, and comply with RFC1035.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/global/sslPolicies/{sslPolicy}",
+	//   "request": {
+	//     "$ref": "SslPolicy"
+	//   },
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.sslPolicies.testIamPermissions":
 
-type SslCertificatesTestIamPermissionsCall struct {
+type SslPoliciesTestIamPermissionsCall struct {
 	s                      *Service
 	project                string
 	resource               string
@@ -214209,8 +223529,8 @@ type SslCertificatesTestIamPermissionsCall struct {
 //
 // - project: Project ID for this request.
 // - resource: Name or id of the resource for this request.
-func (r *SslCertificatesService) TestIamPermissions(project string, resource string, testpermissionsrequest *TestPermissionsRequest) *SslCertificatesTestIamPermissionsCall {
-	c := &SslCertificatesTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *SslPoliciesService) TestIamPermissions(project string, resource string, testpermissionsrequest *TestPermissionsRequest) *SslPoliciesTestIamPermissionsCall {
+	c := &SslPoliciesTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.resource = resource
 	c.testpermissionsrequest = testpermissionsrequest
@@ -214220,7 +223540,7 @@ func (r *SslCertificatesService) TestIamPermissions(project string, resource str
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SslCertificatesTestIamPermissionsCall) Fields(s ...googleapi.Field) *SslCertificatesTestIamPermissionsCall {
+func (c *SslPoliciesTestIamPermissionsCall) Fields(s ...googleapi.Field) *SslPoliciesTestIamPermissionsCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -214228,21 +223548,21 @@ func (c *SslCertificatesTestIamPermissionsCall) Fields(s ...googleapi.Field) *Ss
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SslCertificatesTestIamPermissionsCall) Context(ctx context.Context) *SslCertificatesTestIamPermissionsCall {
+func (c *SslPoliciesTestIamPermissionsCall) Context(ctx context.Context) *SslPoliciesTestIamPermissionsCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SslCertificatesTestIamPermissionsCall) Header() http.Header {
+func (c *SslPoliciesTestIamPermissionsCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SslCertificatesTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
+func (c *SslPoliciesTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -214257,7 +223577,7 @@ func (c *SslCertificatesTestIamPermissionsCall) doRequest(alt string) (*http.Res
 	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/sslCertificates/{resource}/testIamPermissions")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/sslPolicies/{resource}/testIamPermissions")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -214271,14 +223591,14 @@ func (c *SslCertificatesTestIamPermissionsCall) doRequest(alt string) (*http.Res
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.sslCertificates.testIamPermissions" call.
+// Do executes the "compute.sslPolicies.testIamPermissions" call.
 // Exactly one of *TestPermissionsResponse or error will be non-nil. Any
 // non-2xx status code is an error. Response headers are in either
 // *TestPermissionsResponse.ServerResponse.Header or (if a response was
 // returned at all) in error.(*googleapi.Error).Header. Use
 // googleapi.IsNotModified to check whether the returned error was
 // because http.StatusNotModified was returned.
-func (c *SslCertificatesTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestPermissionsResponse, error) {
+func (c *SslPoliciesTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestPermissionsResponse, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -214310,9 +223630,9 @@ func (c *SslCertificatesTestIamPermissionsCall) Do(opts ...googleapi.CallOption)
 	return ret, nil
 	// {
 	//   "description": "Returns permissions that a caller has on the specified resource.",
-	//   "flatPath": "projects/{project}/global/sslCertificates/{resource}/testIamPermissions",
+	//   "flatPath": "projects/{project}/global/sslPolicies/{resource}/testIamPermissions",
 	//   "httpMethod": "POST",
-	//   "id": "compute.sslCertificates.testIamPermissions",
+	//   "id": "compute.sslPolicies.testIamPermissions",
 	//   "parameterOrder": [
 	//     "project",
 	//     "resource"
@@ -214333,7 +223653,7 @@ func (c *SslCertificatesTestIamPermissionsCall) Do(opts ...googleapi.CallOption)
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/sslCertificates/{resource}/testIamPermissions",
+	//   "path": "projects/{project}/global/sslPolicies/{resource}/testIamPermissions",
 	//   "request": {
 	//     "$ref": "TestPermissionsRequest"
 	//   },
@@ -214349,9 +223669,9 @@ func (c *SslCertificatesTestIamPermissionsCall) Do(opts ...googleapi.CallOption)
 
 }
 
-// method id "compute.sslPolicies.aggregatedList":
+// method id "compute.storagePools.aggregatedList":
 
-type SslPoliciesAggregatedListCall struct {
+type StoragePoolsAggregatedListCall struct {
 	s            *Service
 	project      string
 	urlParams_   gensupport.URLParams
@@ -214360,12 +223680,11 @@ type SslPoliciesAggregatedListCall struct {
 	header_      http.Header
 }
 
-// AggregatedList: Retrieves the list of all SslPolicy resources,
-// regional and global, available to the specified project.
+// AggregatedList: Retrieves an aggregated list of storage pools.
 //
-// - project: Name of the project scoping this request.
-func (r *SslPoliciesService) AggregatedList(project string) *SslPoliciesAggregatedListCall {
-	c := &SslPoliciesAggregatedListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - project: Project ID for this request.
+func (r *StoragePoolsService) AggregatedList(project string) *StoragePoolsAggregatedListCall {
+	c := &StoragePoolsAggregatedListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	return c
 }
@@ -214405,7 +223724,7 @@ func (r *SslPoliciesService) AggregatedList(project string) *SslPoliciesAggregat
 // must match the entire field. For example, to filter for instances
 // that do not end with name "instance", you would use `name ne
 // .*instance`.
-func (c *SslPoliciesAggregatedListCall) Filter(filter string) *SslPoliciesAggregatedListCall {
+func (c *StoragePoolsAggregatedListCall) Filter(filter string) *StoragePoolsAggregatedListCall {
 	c.urlParams_.Set("filter", filter)
 	return c
 }
@@ -214418,7 +223737,7 @@ func (c *SslPoliciesAggregatedListCall) Filter(filter string) *SslPoliciesAggreg
 // response. For resource types which predate this field, if this flag
 // is omitted or false, only scopes of the scope types where the
 // resource type is expected to be found will be included.
-func (c *SslPoliciesAggregatedListCall) IncludeAllScopes(includeAllScopes bool) *SslPoliciesAggregatedListCall {
+func (c *StoragePoolsAggregatedListCall) IncludeAllScopes(includeAllScopes bool) *StoragePoolsAggregatedListCall {
 	c.urlParams_.Set("includeAllScopes", fmt.Sprint(includeAllScopes))
 	return c
 }
@@ -214429,7 +223748,7 @@ func (c *SslPoliciesAggregatedListCall) IncludeAllScopes(includeAllScopes bool)
 // a `nextPageToken` that can be used to get the next page of results in
 // subsequent list requests. Acceptable values are `0` to `500`,
 // inclusive. (Default: `500`)
-func (c *SslPoliciesAggregatedListCall) MaxResults(maxResults int64) *SslPoliciesAggregatedListCall {
+func (c *StoragePoolsAggregatedListCall) MaxResults(maxResults int64) *StoragePoolsAggregatedListCall {
 	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
 	return c
 }
@@ -214443,7 +223762,7 @@ func (c *SslPoliciesAggregatedListCall) MaxResults(maxResults int64) *SslPolicie
 // result first). Use this to sort resources like operations so that the
 // newest operation is returned first. Currently, only sorting by `name`
 // or `creationTimestamp desc` is supported.
-func (c *SslPoliciesAggregatedListCall) OrderBy(orderBy string) *SslPoliciesAggregatedListCall {
+func (c *StoragePoolsAggregatedListCall) OrderBy(orderBy string) *StoragePoolsAggregatedListCall {
 	c.urlParams_.Set("orderBy", orderBy)
 	return c
 }
@@ -214451,7 +223770,7 @@ func (c *SslPoliciesAggregatedListCall) OrderBy(orderBy string) *SslPoliciesAggr
 // PageToken sets the optional parameter "pageToken": Specifies a page
 // token to use. Set `pageToken` to the `nextPageToken` returned by a
 // previous list request to get the next page of results.
-func (c *SslPoliciesAggregatedListCall) PageToken(pageToken string) *SslPoliciesAggregatedListCall {
+func (c *StoragePoolsAggregatedListCall) PageToken(pageToken string) *StoragePoolsAggregatedListCall {
 	c.urlParams_.Set("pageToken", pageToken)
 	return c
 }
@@ -214460,7 +223779,7 @@ func (c *SslPoliciesAggregatedListCall) PageToken(pageToken string) *SslPolicies
 // "returnPartialSuccess": Opt-in for partial success behavior which
 // provides partial results in case of failure. The default value is
 // false.
-func (c *SslPoliciesAggregatedListCall) ReturnPartialSuccess(returnPartialSuccess bool) *SslPoliciesAggregatedListCall {
+func (c *StoragePoolsAggregatedListCall) ReturnPartialSuccess(returnPartialSuccess bool) *StoragePoolsAggregatedListCall {
 	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
 	return c
 }
@@ -214468,7 +223787,7 @@ func (c *SslPoliciesAggregatedListCall) ReturnPartialSuccess(returnPartialSucces
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SslPoliciesAggregatedListCall) Fields(s ...googleapi.Field) *SslPoliciesAggregatedListCall {
+func (c *StoragePoolsAggregatedListCall) Fields(s ...googleapi.Field) *StoragePoolsAggregatedListCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -214478,7 +223797,7 @@ func (c *SslPoliciesAggregatedListCall) Fields(s ...googleapi.Field) *SslPolicie
 // getting updates only after the object has changed since the last
 // request. Use googleapi.IsNotModified to check whether the response
 // error from Do is the result of In-None-Match.
-func (c *SslPoliciesAggregatedListCall) IfNoneMatch(entityTag string) *SslPoliciesAggregatedListCall {
+func (c *StoragePoolsAggregatedListCall) IfNoneMatch(entityTag string) *StoragePoolsAggregatedListCall {
 	c.ifNoneMatch_ = entityTag
 	return c
 }
@@ -214486,21 +223805,21 @@ func (c *SslPoliciesAggregatedListCall) IfNoneMatch(entityTag string) *SslPolici
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SslPoliciesAggregatedListCall) Context(ctx context.Context) *SslPoliciesAggregatedListCall {
+func (c *StoragePoolsAggregatedListCall) Context(ctx context.Context) *StoragePoolsAggregatedListCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SslPoliciesAggregatedListCall) Header() http.Header {
+func (c *StoragePoolsAggregatedListCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SslPoliciesAggregatedListCall) doRequest(alt string) (*http.Response, error) {
+func (c *StoragePoolsAggregatedListCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -214513,7 +223832,7 @@ func (c *SslPoliciesAggregatedListCall) doRequest(alt string) (*http.Response, e
 	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/aggregated/sslPolicies")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/aggregated/storagePools")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("GET", urls, body)
 	if err != nil {
@@ -214526,14 +223845,14 @@ func (c *SslPoliciesAggregatedListCall) doRequest(alt string) (*http.Response, e
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.sslPolicies.aggregatedList" call.
-// Exactly one of *SslPoliciesAggregatedList or error will be non-nil.
+// Do executes the "compute.storagePools.aggregatedList" call.
+// Exactly one of *StoragePoolAggregatedList or error will be non-nil.
 // Any non-2xx status code is an error. Response headers are in either
-// *SslPoliciesAggregatedList.ServerResponse.Header or (if a response
+// *StoragePoolAggregatedList.ServerResponse.Header or (if a response
 // was returned at all) in error.(*googleapi.Error).Header. Use
 // googleapi.IsNotModified to check whether the returned error was
 // because http.StatusNotModified was returned.
-func (c *SslPoliciesAggregatedListCall) Do(opts ...googleapi.CallOption) (*SslPoliciesAggregatedList, error) {
+func (c *StoragePoolsAggregatedListCall) Do(opts ...googleapi.CallOption) (*StoragePoolAggregatedList, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -214552,7 +223871,7 @@ func (c *SslPoliciesAggregatedListCall) Do(opts ...googleapi.CallOption) (*SslPo
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &SslPoliciesAggregatedList{
+	ret := &StoragePoolAggregatedList{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -214564,10 +223883,10 @@ func (c *SslPoliciesAggregatedListCall) Do(opts ...googleapi.CallOption) (*SslPo
 	}
 	return ret, nil
 	// {
-	//   "description": "Retrieves the list of all SslPolicy resources, regional and global, available to the specified project.",
-	//   "flatPath": "projects/{project}/aggregated/sslPolicies",
+	//   "description": "Retrieves an aggregated list of storage pools.",
+	//   "flatPath": "projects/{project}/aggregated/storagePools",
 	//   "httpMethod": "GET",
-	//   "id": "compute.sslPolicies.aggregatedList",
+	//   "id": "compute.storagePools.aggregatedList",
 	//   "parameterOrder": [
 	//     "project"
 	//   ],
@@ -214601,7 +223920,7 @@ func (c *SslPoliciesAggregatedListCall) Do(opts ...googleapi.CallOption) (*SslPo
 	//       "type": "string"
 	//     },
 	//     "project": {
-	//       "description": "Name of the project scoping this request.",
+	//       "description": "Project ID for this request.",
 	//       "location": "path",
 	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
 	//       "required": true,
@@ -214613,9 +223932,9 @@ func (c *SslPoliciesAggregatedListCall) Do(opts ...googleapi.CallOption) (*SslPo
 	//       "type": "boolean"
 	//     }
 	//   },
-	//   "path": "projects/{project}/aggregated/sslPolicies",
+	//   "path": "projects/{project}/aggregated/storagePools",
 	//   "response": {
-	//     "$ref": "SslPoliciesAggregatedList"
+	//     "$ref": "StoragePoolAggregatedList"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
@@ -214629,7 +223948,7 @@ func (c *SslPoliciesAggregatedListCall) Do(opts ...googleapi.CallOption) (*SslPo
 // Pages invokes f for each page of results.
 // A non-nil error returned from f will halt the iteration.
 // The provided context supersedes any context provided to the Context method.
-func (c *SslPoliciesAggregatedListCall) Pages(ctx context.Context, f func(*SslPoliciesAggregatedList) error) error {
+func (c *StoragePoolsAggregatedListCall) Pages(ctx context.Context, f func(*StoragePoolAggregatedList) error) error {
 	c.ctx_ = ctx
 	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
 	for {
@@ -214647,28 +223966,31 @@ func (c *SslPoliciesAggregatedListCall) Pages(ctx context.Context, f func(*SslPo
 	}
 }
 
-// method id "compute.sslPolicies.delete":
+// method id "compute.storagePools.delete":
 
-type SslPoliciesDeleteCall struct {
-	s          *Service
-	project    string
-	sslPolicy  string
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
+type StoragePoolsDeleteCall struct {
+	s           *Service
+	project     string
+	zone        string
+	storagePool string
+	urlParams_  gensupport.URLParams
+	ctx_        context.Context
+	header_     http.Header
 }
 
-// Delete: Deletes the specified SSL policy. The SSL policy resource can
-// be deleted only if it is not in use by any TargetHttpsProxy or
-// TargetSslProxy resources.
+// Delete: Deletes the specified storage pool. Deleting a storagePool
+// removes its data permanently and is irreversible. However, deleting a
+// storagePool does not delete any snapshots previously made from the
+// storagePool. You must separately delete snapshots.
 //
-//   - project: Project ID for this request.
-//   - sslPolicy: Name of the SSL policy to delete. The name must be 1-63
-//     characters long, and comply with RFC1035.
-func (r *SslPoliciesService) Delete(project string, sslPolicy string) *SslPoliciesDeleteCall {
-	c := &SslPoliciesDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - project: Project ID for this request.
+// - storagePool: Name of the storage pool to delete.
+// - zone: The name of the zone for this request.
+func (r *StoragePoolsService) Delete(project string, zone string, storagePool string) *StoragePoolsDeleteCall {
+	c := &StoragePoolsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.sslPolicy = sslPolicy
+	c.zone = zone
+	c.storagePool = storagePool
 	return c
 }
 
@@ -214683,7 +224005,7 @@ func (r *SslPoliciesService) Delete(project string, sslPolicy string) *SslPolici
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *SslPoliciesDeleteCall) RequestId(requestId string) *SslPoliciesDeleteCall {
+func (c *StoragePoolsDeleteCall) RequestId(requestId string) *StoragePoolsDeleteCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -214691,7 +224013,7 @@ func (c *SslPoliciesDeleteCall) RequestId(requestId string) *SslPoliciesDeleteCa
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SslPoliciesDeleteCall) Fields(s ...googleapi.Field) *SslPoliciesDeleteCall {
+func (c *StoragePoolsDeleteCall) Fields(s ...googleapi.Field) *StoragePoolsDeleteCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -214699,21 +224021,21 @@ func (c *SslPoliciesDeleteCall) Fields(s ...googleapi.Field) *SslPoliciesDeleteC
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SslPoliciesDeleteCall) Context(ctx context.Context) *SslPoliciesDeleteCall {
+func (c *StoragePoolsDeleteCall) Context(ctx context.Context) *StoragePoolsDeleteCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SslPoliciesDeleteCall) Header() http.Header {
+func (c *StoragePoolsDeleteCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SslPoliciesDeleteCall) doRequest(alt string) (*http.Response, error) {
+func (c *StoragePoolsDeleteCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -214723,7 +224045,7 @@ func (c *SslPoliciesDeleteCall) doRequest(alt string) (*http.Response, error) {
 	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/sslPolicies/{sslPolicy}")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/storagePools/{storagePool}")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("DELETE", urls, body)
 	if err != nil {
@@ -214731,20 +224053,21 @@ func (c *SslPoliciesDeleteCall) doRequest(alt string) (*http.Response, error) {
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project":   c.project,
-		"sslPolicy": c.sslPolicy,
+		"project":     c.project,
+		"zone":        c.zone,
+		"storagePool": c.storagePool,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.sslPolicies.delete" call.
+// Do executes the "compute.storagePools.delete" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *SslPoliciesDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *StoragePoolsDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -214775,13 +224098,14 @@ func (c *SslPoliciesDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, er
 	}
 	return ret, nil
 	// {
-	//   "description": "Deletes the specified SSL policy. The SSL policy resource can be deleted only if it is not in use by any TargetHttpsProxy or TargetSslProxy resources.",
-	//   "flatPath": "projects/{project}/global/sslPolicies/{sslPolicy}",
+	//   "description": "Deletes the specified storage pool. Deleting a storagePool removes its data permanently and is irreversible. However, deleting a storagePool does not delete any snapshots previously made from the storagePool. You must separately delete snapshots.",
+	//   "flatPath": "projects/{project}/zones/{zone}/storagePools/{storagePool}",
 	//   "httpMethod": "DELETE",
-	//   "id": "compute.sslPolicies.delete",
+	//   "id": "compute.storagePools.delete",
 	//   "parameterOrder": [
 	//     "project",
-	//     "sslPolicy"
+	//     "zone",
+	//     "storagePool"
 	//   ],
 	//   "parameters": {
 	//     "project": {
@@ -214796,14 +224120,21 @@ func (c *SslPoliciesDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, er
 	//       "location": "query",
 	//       "type": "string"
 	//     },
-	//     "sslPolicy": {
-	//       "description": "Name of the SSL policy to delete. The name must be 1-63 characters long, and comply with RFC1035.",
+	//     "storagePool": {
+	//       "description": "Name of the storage pool to delete.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "zone": {
+	//       "description": "The name of the zone for this request.",
 	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
 	//       "required": true,
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/sslPolicies/{sslPolicy}",
+	//   "path": "projects/{project}/zones/{zone}/storagePools/{storagePool}",
 	//   "response": {
 	//     "$ref": "Operation"
 	//   },
@@ -214815,35 +224146,37 @@ func (c *SslPoliciesDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, er
 
 }
 
-// method id "compute.sslPolicies.get":
+// method id "compute.storagePools.get":
 
-type SslPoliciesGetCall struct {
+type StoragePoolsGetCall struct {
 	s            *Service
 	project      string
-	sslPolicy    string
+	zone         string
+	storagePool  string
 	urlParams_   gensupport.URLParams
 	ifNoneMatch_ string
 	ctx_         context.Context
 	header_      http.Header
 }
 
-// Get: Lists all of the ordered rules present in a single specified
-// policy.
+// Get: Returns a specified storage pool. Gets a list of available
+// storage pools by making a list() request.
 //
-//   - project: Project ID for this request.
-//   - sslPolicy: Name of the SSL policy to update. The name must be 1-63
-//     characters long, and comply with RFC1035.
-func (r *SslPoliciesService) Get(project string, sslPolicy string) *SslPoliciesGetCall {
-	c := &SslPoliciesGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - project: Project ID for this request.
+// - storagePool: Name of the storage pool to return.
+// - zone: The name of the zone for this request.
+func (r *StoragePoolsService) Get(project string, zone string, storagePool string) *StoragePoolsGetCall {
+	c := &StoragePoolsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.sslPolicy = sslPolicy
+	c.zone = zone
+	c.storagePool = storagePool
 	return c
 }
 
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SslPoliciesGetCall) Fields(s ...googleapi.Field) *SslPoliciesGetCall {
+func (c *StoragePoolsGetCall) Fields(s ...googleapi.Field) *StoragePoolsGetCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -214853,7 +224186,7 @@ func (c *SslPoliciesGetCall) Fields(s ...googleapi.Field) *SslPoliciesGetCall {
 // getting updates only after the object has changed since the last
 // request. Use googleapi.IsNotModified to check whether the response
 // error from Do is the result of In-None-Match.
-func (c *SslPoliciesGetCall) IfNoneMatch(entityTag string) *SslPoliciesGetCall {
+func (c *StoragePoolsGetCall) IfNoneMatch(entityTag string) *StoragePoolsGetCall {
 	c.ifNoneMatch_ = entityTag
 	return c
 }
@@ -214861,21 +224194,21 @@ func (c *SslPoliciesGetCall) IfNoneMatch(entityTag string) *SslPoliciesGetCall {
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SslPoliciesGetCall) Context(ctx context.Context) *SslPoliciesGetCall {
+func (c *StoragePoolsGetCall) Context(ctx context.Context) *StoragePoolsGetCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SslPoliciesGetCall) Header() http.Header {
+func (c *StoragePoolsGetCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SslPoliciesGetCall) doRequest(alt string) (*http.Response, error) {
+func (c *StoragePoolsGetCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -214888,7 +224221,7 @@ func (c *SslPoliciesGetCall) doRequest(alt string) (*http.Response, error) {
 	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/sslPolicies/{sslPolicy}")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/storagePools/{storagePool}")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("GET", urls, body)
 	if err != nil {
@@ -214896,20 +224229,21 @@ func (c *SslPoliciesGetCall) doRequest(alt string) (*http.Response, error) {
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project":   c.project,
-		"sslPolicy": c.sslPolicy,
+		"project":     c.project,
+		"zone":        c.zone,
+		"storagePool": c.storagePool,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.sslPolicies.get" call.
-// Exactly one of *SslPolicy or error will be non-nil. Any non-2xx
+// Do executes the "compute.storagePools.get" call.
+// Exactly one of *StoragePool or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
-// *SslPolicy.ServerResponse.Header or (if a response was returned at
+// *StoragePool.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *SslPoliciesGetCall) Do(opts ...googleapi.CallOption) (*SslPolicy, error) {
+func (c *StoragePoolsGetCall) Do(opts ...googleapi.CallOption) (*StoragePool, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -214928,7 +224262,7 @@ func (c *SslPoliciesGetCall) Do(opts ...googleapi.CallOption) (*SslPolicy, error
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &SslPolicy{
+	ret := &StoragePool{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -214940,13 +224274,14 @@ func (c *SslPoliciesGetCall) Do(opts ...googleapi.CallOption) (*SslPolicy, error
 	}
 	return ret, nil
 	// {
-	//   "description": "Lists all of the ordered rules present in a single specified policy.",
-	//   "flatPath": "projects/{project}/global/sslPolicies/{sslPolicy}",
+	//   "description": "Returns a specified storage pool. Gets a list of available storage pools by making a list() request.",
+	//   "flatPath": "projects/{project}/zones/{zone}/storagePools/{storagePool}",
 	//   "httpMethod": "GET",
-	//   "id": "compute.sslPolicies.get",
+	//   "id": "compute.storagePools.get",
 	//   "parameterOrder": [
 	//     "project",
-	//     "sslPolicy"
+	//     "zone",
+	//     "storagePool"
 	//   ],
 	//   "parameters": {
 	//     "project": {
@@ -214956,16 +224291,24 @@ func (c *SslPoliciesGetCall) Do(opts ...googleapi.CallOption) (*SslPolicy, error
 	//       "required": true,
 	//       "type": "string"
 	//     },
-	//     "sslPolicy": {
-	//       "description": "Name of the SSL policy to update. The name must be 1-63 characters long, and comply with RFC1035.",
+	//     "storagePool": {
+	//       "description": "Name of the storage pool to return.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "zone": {
+	//       "description": "The name of the zone for this request.",
 	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
 	//       "required": true,
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/sslPolicies/{sslPolicy}",
+	//   "path": "projects/{project}/zones/{zone}/storagePools/{storagePool}",
 	//   "response": {
-	//     "$ref": "SslPolicy"
+	//     "$ref": "StoragePool"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
@@ -214976,25 +224319,214 @@ func (c *SslPoliciesGetCall) Do(opts ...googleapi.CallOption) (*SslPolicy, error
 
 }
 
-// method id "compute.sslPolicies.insert":
+// method id "compute.storagePools.getIamPolicy":
 
-type SslPoliciesInsertCall struct {
-	s          *Service
-	project    string
-	sslpolicy  *SslPolicy
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
+type StoragePoolsGetIamPolicyCall struct {
+	s            *Service
+	project      string
+	zone         string
+	resource     string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
 }
 
-// Insert: Returns the specified SSL policy resource. Gets a list of
-// available SSL policies by making a list() request.
+// GetIamPolicy: Gets the access control policy for a resource. May be
+// empty if no such policy or resource exists.
 //
 // - project: Project ID for this request.
-func (r *SslPoliciesService) Insert(project string, sslpolicy *SslPolicy) *SslPoliciesInsertCall {
-	c := &SslPoliciesInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - resource: Name or id of the resource for this request.
+// - zone: The name of the zone for this request.
+func (r *StoragePoolsService) GetIamPolicy(project string, zone string, resource string) *StoragePoolsGetIamPolicyCall {
+	c := &StoragePoolsGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.sslpolicy = sslpolicy
+	c.zone = zone
+	c.resource = resource
+	return c
+}
+
+// OptionsRequestedPolicyVersion sets the optional parameter
+// "optionsRequestedPolicyVersion": Requested IAM Policy version.
+func (c *StoragePoolsGetIamPolicyCall) OptionsRequestedPolicyVersion(optionsRequestedPolicyVersion int64) *StoragePoolsGetIamPolicyCall {
+	c.urlParams_.Set("optionsRequestedPolicyVersion", fmt.Sprint(optionsRequestedPolicyVersion))
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *StoragePoolsGetIamPolicyCall) Fields(s ...googleapi.Field) *StoragePoolsGetIamPolicyCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *StoragePoolsGetIamPolicyCall) IfNoneMatch(entityTag string) *StoragePoolsGetIamPolicyCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *StoragePoolsGetIamPolicyCall) Context(ctx context.Context) *StoragePoolsGetIamPolicyCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *StoragePoolsGetIamPolicyCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *StoragePoolsGetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/storagePools/{resource}/getIamPolicy")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":  c.project,
+		"zone":     c.zone,
+		"resource": c.resource,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.storagePools.getIamPolicy" call.
+// Exactly one of *Policy or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Policy.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *StoragePoolsGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Policy{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Gets the access control policy for a resource. May be empty if no such policy or resource exists.",
+	//   "flatPath": "projects/{project}/zones/{zone}/storagePools/{resource}/getIamPolicy",
+	//   "httpMethod": "GET",
+	//   "id": "compute.storagePools.getIamPolicy",
+	//   "parameterOrder": [
+	//     "project",
+	//     "zone",
+	//     "resource"
+	//   ],
+	//   "parameters": {
+	//     "optionsRequestedPolicyVersion": {
+	//       "description": "Requested IAM Policy version.",
+	//       "format": "int32",
+	//       "location": "query",
+	//       "type": "integer"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "resource": {
+	//       "description": "Name or id of the resource for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "zone": {
+	//       "description": "The name of the zone for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/zones/{zone}/storagePools/{resource}/getIamPolicy",
+	//   "response": {
+	//     "$ref": "Policy"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
+	//   ]
+	// }
+
+}
+
+// method id "compute.storagePools.insert":
+
+type StoragePoolsInsertCall struct {
+	s           *Service
+	project     string
+	zone        string
+	storagepool *StoragePool
+	urlParams_  gensupport.URLParams
+	ctx_        context.Context
+	header_     http.Header
+}
+
+// Insert: Creates a storage pool in the specified project using the
+// data in the request.
+//
+// - project: Project ID for this request.
+// - zone: The name of the zone for this request.
+func (r *StoragePoolsService) Insert(project string, zone string, storagepool *StoragePool) *StoragePoolsInsertCall {
+	c := &StoragePoolsInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.zone = zone
+	c.storagepool = storagepool
 	return c
 }
 
@@ -215009,7 +224541,7 @@ func (r *SslPoliciesService) Insert(project string, sslpolicy *SslPolicy) *SslPo
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *SslPoliciesInsertCall) RequestId(requestId string) *SslPoliciesInsertCall {
+func (c *StoragePoolsInsertCall) RequestId(requestId string) *StoragePoolsInsertCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -215017,7 +224549,7 @@ func (c *SslPoliciesInsertCall) RequestId(requestId string) *SslPoliciesInsertCa
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SslPoliciesInsertCall) Fields(s ...googleapi.Field) *SslPoliciesInsertCall {
+func (c *StoragePoolsInsertCall) Fields(s ...googleapi.Field) *StoragePoolsInsertCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -215025,21 +224557,21 @@ func (c *SslPoliciesInsertCall) Fields(s ...googleapi.Field) *SslPoliciesInsertC
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SslPoliciesInsertCall) Context(ctx context.Context) *SslPoliciesInsertCall {
+func (c *StoragePoolsInsertCall) Context(ctx context.Context) *StoragePoolsInsertCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SslPoliciesInsertCall) Header() http.Header {
+func (c *StoragePoolsInsertCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SslPoliciesInsertCall) doRequest(alt string) (*http.Response, error) {
+func (c *StoragePoolsInsertCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -215047,14 +224579,14 @@ func (c *SslPoliciesInsertCall) doRequest(alt string) (*http.Response, error) {
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.sslpolicy)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.storagepool)
 	if err != nil {
 		return nil, err
 	}
 	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/sslPolicies")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/storagePools")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -215063,18 +224595,19 @@ func (c *SslPoliciesInsertCall) doRequest(alt string) (*http.Response, error) {
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
 		"project": c.project,
+		"zone":    c.zone,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.sslPolicies.insert" call.
+// Do executes the "compute.storagePools.insert" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *SslPoliciesInsertCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *StoragePoolsInsertCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -215105,12 +224638,13 @@ func (c *SslPoliciesInsertCall) Do(opts ...googleapi.CallOption) (*Operation, er
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified SSL policy resource. Gets a list of available SSL policies by making a list() request.",
-	//   "flatPath": "projects/{project}/global/sslPolicies",
+	//   "description": "Creates a storage pool in the specified project using the data in the request.",
+	//   "flatPath": "projects/{project}/zones/{zone}/storagePools",
 	//   "httpMethod": "POST",
-	//   "id": "compute.sslPolicies.insert",
+	//   "id": "compute.storagePools.insert",
 	//   "parameterOrder": [
-	//     "project"
+	//     "project",
+	//     "zone"
 	//   ],
 	//   "parameters": {
 	//     "project": {
@@ -215124,11 +224658,18 @@ func (c *SslPoliciesInsertCall) Do(opts ...googleapi.CallOption) (*Operation, er
 	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
 	//       "location": "query",
 	//       "type": "string"
+	//     },
+	//     "zone": {
+	//       "description": "The name of the zone for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/sslPolicies",
+	//   "path": "projects/{project}/zones/{zone}/storagePools",
 	//   "request": {
-	//     "$ref": "SslPolicy"
+	//     "$ref": "StoragePool"
 	//   },
 	//   "response": {
 	//     "$ref": "Operation"
@@ -215141,24 +224682,27 @@ func (c *SslPoliciesInsertCall) Do(opts ...googleapi.CallOption) (*Operation, er
 
 }
 
-// method id "compute.sslPolicies.list":
+// method id "compute.storagePools.list":
 
-type SslPoliciesListCall struct {
+type StoragePoolsListCall struct {
 	s            *Service
 	project      string
+	zone         string
 	urlParams_   gensupport.URLParams
 	ifNoneMatch_ string
 	ctx_         context.Context
 	header_      http.Header
 }
 
-// List: Lists all the SSL policies that have been configured for the
-// specified project.
+// List: Retrieves a list of storage pools contained within the
+// specified zone.
 //
 // - project: Project ID for this request.
-func (r *SslPoliciesService) List(project string) *SslPoliciesListCall {
-	c := &SslPoliciesListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - zone: The name of the zone for this request.
+func (r *StoragePoolsService) List(project string, zone string) *StoragePoolsListCall {
+	c := &StoragePoolsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
+	c.zone = zone
 	return c
 }
 
@@ -215197,7 +224741,7 @@ func (r *SslPoliciesService) List(project string) *SslPoliciesListCall {
 // must match the entire field. For example, to filter for instances
 // that do not end with name "instance", you would use `name ne
 // .*instance`.
-func (c *SslPoliciesListCall) Filter(filter string) *SslPoliciesListCall {
+func (c *StoragePoolsListCall) Filter(filter string) *StoragePoolsListCall {
 	c.urlParams_.Set("filter", filter)
 	return c
 }
@@ -215208,7 +224752,7 @@ func (c *SslPoliciesListCall) Filter(filter string) *SslPoliciesListCall {
 // a `nextPageToken` that can be used to get the next page of results in
 // subsequent list requests. Acceptable values are `0` to `500`,
 // inclusive. (Default: `500`)
-func (c *SslPoliciesListCall) MaxResults(maxResults int64) *SslPoliciesListCall {
+func (c *StoragePoolsListCall) MaxResults(maxResults int64) *StoragePoolsListCall {
 	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
 	return c
 }
@@ -215222,7 +224766,7 @@ func (c *SslPoliciesListCall) MaxResults(maxResults int64) *SslPoliciesListCall
 // result first). Use this to sort resources like operations so that the
 // newest operation is returned first. Currently, only sorting by `name`
 // or `creationTimestamp desc` is supported.
-func (c *SslPoliciesListCall) OrderBy(orderBy string) *SslPoliciesListCall {
+func (c *StoragePoolsListCall) OrderBy(orderBy string) *StoragePoolsListCall {
 	c.urlParams_.Set("orderBy", orderBy)
 	return c
 }
@@ -215230,7 +224774,7 @@ func (c *SslPoliciesListCall) OrderBy(orderBy string) *SslPoliciesListCall {
 // PageToken sets the optional parameter "pageToken": Specifies a page
 // token to use. Set `pageToken` to the `nextPageToken` returned by a
 // previous list request to get the next page of results.
-func (c *SslPoliciesListCall) PageToken(pageToken string) *SslPoliciesListCall {
+func (c *StoragePoolsListCall) PageToken(pageToken string) *StoragePoolsListCall {
 	c.urlParams_.Set("pageToken", pageToken)
 	return c
 }
@@ -215239,7 +224783,7 @@ func (c *SslPoliciesListCall) PageToken(pageToken string) *SslPoliciesListCall {
 // "returnPartialSuccess": Opt-in for partial success behavior which
 // provides partial results in case of failure. The default value is
 // false.
-func (c *SslPoliciesListCall) ReturnPartialSuccess(returnPartialSuccess bool) *SslPoliciesListCall {
+func (c *StoragePoolsListCall) ReturnPartialSuccess(returnPartialSuccess bool) *StoragePoolsListCall {
 	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
 	return c
 }
@@ -215247,7 +224791,7 @@ func (c *SslPoliciesListCall) ReturnPartialSuccess(returnPartialSuccess bool) *S
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SslPoliciesListCall) Fields(s ...googleapi.Field) *SslPoliciesListCall {
+func (c *StoragePoolsListCall) Fields(s ...googleapi.Field) *StoragePoolsListCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -215257,7 +224801,7 @@ func (c *SslPoliciesListCall) Fields(s ...googleapi.Field) *SslPoliciesListCall
 // getting updates only after the object has changed since the last
 // request. Use googleapi.IsNotModified to check whether the response
 // error from Do is the result of In-None-Match.
-func (c *SslPoliciesListCall) IfNoneMatch(entityTag string) *SslPoliciesListCall {
+func (c *StoragePoolsListCall) IfNoneMatch(entityTag string) *StoragePoolsListCall {
 	c.ifNoneMatch_ = entityTag
 	return c
 }
@@ -215265,21 +224809,21 @@ func (c *SslPoliciesListCall) IfNoneMatch(entityTag string) *SslPoliciesListCall
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SslPoliciesListCall) Context(ctx context.Context) *SslPoliciesListCall {
+func (c *StoragePoolsListCall) Context(ctx context.Context) *StoragePoolsListCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SslPoliciesListCall) Header() http.Header {
+func (c *StoragePoolsListCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SslPoliciesListCall) doRequest(alt string) (*http.Response, error) {
+func (c *StoragePoolsListCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -215292,7 +224836,7 @@ func (c *SslPoliciesListCall) doRequest(alt string) (*http.Response, error) {
 	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/sslPolicies")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/storagePools")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("GET", urls, body)
 	if err != nil {
@@ -215301,18 +224845,19 @@ func (c *SslPoliciesListCall) doRequest(alt string) (*http.Response, error) {
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
 		"project": c.project,
+		"zone":    c.zone,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.sslPolicies.list" call.
-// Exactly one of *SslPoliciesList or error will be non-nil. Any non-2xx
+// Do executes the "compute.storagePools.list" call.
+// Exactly one of *StoragePoolList or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
-// *SslPoliciesList.ServerResponse.Header or (if a response was returned
+// *StoragePoolList.ServerResponse.Header or (if a response was returned
 // at all) in error.(*googleapi.Error).Header. Use
 // googleapi.IsNotModified to check whether the returned error was
 // because http.StatusNotModified was returned.
-func (c *SslPoliciesListCall) Do(opts ...googleapi.CallOption) (*SslPoliciesList, error) {
+func (c *StoragePoolsListCall) Do(opts ...googleapi.CallOption) (*StoragePoolList, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -215331,7 +224876,7 @@ func (c *SslPoliciesListCall) Do(opts ...googleapi.CallOption) (*SslPoliciesList
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &SslPoliciesList{
+	ret := &StoragePoolList{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -215343,12 +224888,13 @@ func (c *SslPoliciesListCall) Do(opts ...googleapi.CallOption) (*SslPoliciesList
 	}
 	return ret, nil
 	// {
-	//   "description": "Lists all the SSL policies that have been configured for the specified project.",
-	//   "flatPath": "projects/{project}/global/sslPolicies",
+	//   "description": "Retrieves a list of storage pools contained within the specified zone.",
+	//   "flatPath": "projects/{project}/zones/{zone}/storagePools",
 	//   "httpMethod": "GET",
-	//   "id": "compute.sslPolicies.list",
+	//   "id": "compute.storagePools.list",
 	//   "parameterOrder": [
-	//     "project"
+	//     "project",
+	//     "zone"
 	//   ],
 	//   "parameters": {
 	//     "filter": {
@@ -215385,11 +224931,18 @@ func (c *SslPoliciesListCall) Do(opts ...googleapi.CallOption) (*SslPoliciesList
 	//       "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
 	//       "location": "query",
 	//       "type": "boolean"
+	//     },
+	//     "zone": {
+	//       "description": "The name of the zone for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/sslPolicies",
+	//   "path": "projects/{project}/zones/{zone}/storagePools",
 	//   "response": {
-	//     "$ref": "SslPoliciesList"
+	//     "$ref": "StoragePoolList"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
@@ -215403,7 +224956,7 @@ func (c *SslPoliciesListCall) Do(opts ...googleapi.CallOption) (*SslPoliciesList
 // Pages invokes f for each page of results.
 // A non-nil error returned from f will halt the iteration.
 // The provided context supersedes any context provided to the Context method.
-func (c *SslPoliciesListCall) Pages(ctx context.Context, f func(*SslPoliciesList) error) error {
+func (c *StoragePoolsListCall) Pages(ctx context.Context, f func(*StoragePoolList) error) error {
 	c.ctx_ = ctx
 	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
 	for {
@@ -215421,24 +224974,29 @@ func (c *SslPoliciesListCall) Pages(ctx context.Context, f func(*SslPoliciesList
 	}
 }
 
-// method id "compute.sslPolicies.listAvailableFeatures":
+// method id "compute.storagePools.listDisks":
 
-type SslPoliciesListAvailableFeaturesCall struct {
+type StoragePoolsListDisksCall struct {
 	s            *Service
 	project      string
+	zone         string
+	storagePool  string
 	urlParams_   gensupport.URLParams
 	ifNoneMatch_ string
 	ctx_         context.Context
 	header_      http.Header
 }
 
-// ListAvailableFeatures: Lists all features that can be specified in
-// the SSL policy when using custom profile.
+// ListDisks: Lists the disks in a specified storage pool.
 //
 // - project: Project ID for this request.
-func (r *SslPoliciesService) ListAvailableFeatures(project string) *SslPoliciesListAvailableFeaturesCall {
-	c := &SslPoliciesListAvailableFeaturesCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - storagePool: Name of the storage pool to list disks of.
+// - zone: The name of the zone for this request.
+func (r *StoragePoolsService) ListDisks(project string, zone string, storagePool string) *StoragePoolsListDisksCall {
+	c := &StoragePoolsListDisksCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
+	c.zone = zone
+	c.storagePool = storagePool
 	return c
 }
 
@@ -215477,7 +225035,7 @@ func (r *SslPoliciesService) ListAvailableFeatures(project string) *SslPoliciesL
 // must match the entire field. For example, to filter for instances
 // that do not end with name "instance", you would use `name ne
 // .*instance`.
-func (c *SslPoliciesListAvailableFeaturesCall) Filter(filter string) *SslPoliciesListAvailableFeaturesCall {
+func (c *StoragePoolsListDisksCall) Filter(filter string) *StoragePoolsListDisksCall {
 	c.urlParams_.Set("filter", filter)
 	return c
 }
@@ -215488,7 +225046,7 @@ func (c *SslPoliciesListAvailableFeaturesCall) Filter(filter string) *SslPolicie
 // a `nextPageToken` that can be used to get the next page of results in
 // subsequent list requests. Acceptable values are `0` to `500`,
 // inclusive. (Default: `500`)
-func (c *SslPoliciesListAvailableFeaturesCall) MaxResults(maxResults int64) *SslPoliciesListAvailableFeaturesCall {
+func (c *StoragePoolsListDisksCall) MaxResults(maxResults int64) *StoragePoolsListDisksCall {
 	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
 	return c
 }
@@ -215502,7 +225060,7 @@ func (c *SslPoliciesListAvailableFeaturesCall) MaxResults(maxResults int64) *Ssl
 // result first). Use this to sort resources like operations so that the
 // newest operation is returned first. Currently, only sorting by `name`
 // or `creationTimestamp desc` is supported.
-func (c *SslPoliciesListAvailableFeaturesCall) OrderBy(orderBy string) *SslPoliciesListAvailableFeaturesCall {
+func (c *StoragePoolsListDisksCall) OrderBy(orderBy string) *StoragePoolsListDisksCall {
 	c.urlParams_.Set("orderBy", orderBy)
 	return c
 }
@@ -215510,7 +225068,7 @@ func (c *SslPoliciesListAvailableFeaturesCall) OrderBy(orderBy string) *SslPolic
 // PageToken sets the optional parameter "pageToken": Specifies a page
 // token to use. Set `pageToken` to the `nextPageToken` returned by a
 // previous list request to get the next page of results.
-func (c *SslPoliciesListAvailableFeaturesCall) PageToken(pageToken string) *SslPoliciesListAvailableFeaturesCall {
+func (c *StoragePoolsListDisksCall) PageToken(pageToken string) *StoragePoolsListDisksCall {
 	c.urlParams_.Set("pageToken", pageToken)
 	return c
 }
@@ -215519,7 +225077,7 @@ func (c *SslPoliciesListAvailableFeaturesCall) PageToken(pageToken string) *SslP
 // "returnPartialSuccess": Opt-in for partial success behavior which
 // provides partial results in case of failure. The default value is
 // false.
-func (c *SslPoliciesListAvailableFeaturesCall) ReturnPartialSuccess(returnPartialSuccess bool) *SslPoliciesListAvailableFeaturesCall {
+func (c *StoragePoolsListDisksCall) ReturnPartialSuccess(returnPartialSuccess bool) *StoragePoolsListDisksCall {
 	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
 	return c
 }
@@ -215527,7 +225085,7 @@ func (c *SslPoliciesListAvailableFeaturesCall) ReturnPartialSuccess(returnPartia
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SslPoliciesListAvailableFeaturesCall) Fields(s ...googleapi.Field) *SslPoliciesListAvailableFeaturesCall {
+func (c *StoragePoolsListDisksCall) Fields(s ...googleapi.Field) *StoragePoolsListDisksCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -215537,7 +225095,7 @@ func (c *SslPoliciesListAvailableFeaturesCall) Fields(s ...googleapi.Field) *Ssl
 // getting updates only after the object has changed since the last
 // request. Use googleapi.IsNotModified to check whether the response
 // error from Do is the result of In-None-Match.
-func (c *SslPoliciesListAvailableFeaturesCall) IfNoneMatch(entityTag string) *SslPoliciesListAvailableFeaturesCall {
+func (c *StoragePoolsListDisksCall) IfNoneMatch(entityTag string) *StoragePoolsListDisksCall {
 	c.ifNoneMatch_ = entityTag
 	return c
 }
@@ -215545,21 +225103,21 @@ func (c *SslPoliciesListAvailableFeaturesCall) IfNoneMatch(entityTag string) *Ss
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SslPoliciesListAvailableFeaturesCall) Context(ctx context.Context) *SslPoliciesListAvailableFeaturesCall {
+func (c *StoragePoolsListDisksCall) Context(ctx context.Context) *StoragePoolsListDisksCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SslPoliciesListAvailableFeaturesCall) Header() http.Header {
+func (c *StoragePoolsListDisksCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SslPoliciesListAvailableFeaturesCall) doRequest(alt string) (*http.Response, error) {
+func (c *StoragePoolsListDisksCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -215572,7 +225130,7 @@ func (c *SslPoliciesListAvailableFeaturesCall) doRequest(alt string) (*http.Resp
 	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/sslPolicies/listAvailableFeatures")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/storagePools/{storagePool}/listDisks")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("GET", urls, body)
 	if err != nil {
@@ -215580,21 +225138,21 @@ func (c *SslPoliciesListAvailableFeaturesCall) doRequest(alt string) (*http.Resp
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project": c.project,
+		"project":     c.project,
+		"zone":        c.zone,
+		"storagePool": c.storagePool,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.sslPolicies.listAvailableFeatures" call.
-// Exactly one of *SslPoliciesListAvailableFeaturesResponse or error
-// will be non-nil. Any non-2xx status code is an error. Response
-// headers are in either
-// *SslPoliciesListAvailableFeaturesResponse.ServerResponse.Header or
-// (if a response was returned at all) in
-// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
-// whether the returned error was because http.StatusNotModified was
-// returned.
-func (c *SslPoliciesListAvailableFeaturesCall) Do(opts ...googleapi.CallOption) (*SslPoliciesListAvailableFeaturesResponse, error) {
+// Do executes the "compute.storagePools.listDisks" call.
+// Exactly one of *StoragePoolListDisks or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *StoragePoolListDisks.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *StoragePoolsListDisksCall) Do(opts ...googleapi.CallOption) (*StoragePoolListDisks, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -215613,7 +225171,7 @@ func (c *SslPoliciesListAvailableFeaturesCall) Do(opts ...googleapi.CallOption)
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &SslPoliciesListAvailableFeaturesResponse{
+	ret := &StoragePoolListDisks{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -215625,12 +225183,14 @@ func (c *SslPoliciesListAvailableFeaturesCall) Do(opts ...googleapi.CallOption)
 	}
 	return ret, nil
 	// {
-	//   "description": "Lists all features that can be specified in the SSL policy when using custom profile.",
-	//   "flatPath": "projects/{project}/global/sslPolicies/listAvailableFeatures",
+	//   "description": "Lists the disks in a specified storage pool.",
+	//   "flatPath": "projects/{project}/zones/{zone}/storagePools/{storagePool}/listDisks",
 	//   "httpMethod": "GET",
-	//   "id": "compute.sslPolicies.listAvailableFeatures",
+	//   "id": "compute.storagePools.listDisks",
 	//   "parameterOrder": [
-	//     "project"
+	//     "project",
+	//     "zone",
+	//     "storagePool"
 	//   ],
 	//   "parameters": {
 	//     "filter": {
@@ -215667,11 +225227,25 @@ func (c *SslPoliciesListAvailableFeaturesCall) Do(opts ...googleapi.CallOption)
 	//       "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
 	//       "location": "query",
 	//       "type": "boolean"
+	//     },
+	//     "storagePool": {
+	//       "description": "Name of the storage pool to list disks of.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "zone": {
+	//       "description": "The name of the zone for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/sslPolicies/listAvailableFeatures",
+	//   "path": "projects/{project}/zones/{zone}/storagePools/{storagePool}/listDisks",
 	//   "response": {
-	//     "$ref": "SslPoliciesListAvailableFeaturesResponse"
+	//     "$ref": "StoragePoolListDisks"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
@@ -215682,29 +225256,220 @@ func (c *SslPoliciesListAvailableFeaturesCall) Do(opts ...googleapi.CallOption)
 
 }
 
-// method id "compute.sslPolicies.patch":
+// Pages invokes f for each page of results.
+// A non-nil error returned from f will halt the iteration.
+// The provided context supersedes any context provided to the Context method.
+func (c *StoragePoolsListDisksCall) Pages(ctx context.Context, f func(*StoragePoolListDisks) error) error {
+	c.ctx_ = ctx
+	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
+	for {
+		x, err := c.Do()
+		if err != nil {
+			return err
+		}
+		if err := f(x); err != nil {
+			return err
+		}
+		if x.NextPageToken == "" {
+			return nil
+		}
+		c.PageToken(x.NextPageToken)
+	}
+}
 
-type SslPoliciesPatchCall struct {
-	s          *Service
-	project    string
-	sslPolicy  string
-	sslpolicy  *SslPolicy
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
+// method id "compute.storagePools.setIamPolicy":
+
+type StoragePoolsSetIamPolicyCall struct {
+	s                    *Service
+	project              string
+	zone                 string
+	resource             string
+	zonesetpolicyrequest *ZoneSetPolicyRequest
+	urlParams_           gensupport.URLParams
+	ctx_                 context.Context
+	header_              http.Header
 }
 
-// Patch: Patches the specified SSL policy with the data included in the
-// request.
+// SetIamPolicy: Sets the access control policy on the specified
+// resource. Replaces any existing policy.
 //
-//   - project: Project ID for this request.
-//   - sslPolicy: Name of the SSL policy to update. The name must be 1-63
-//     characters long, and comply with RFC1035.
-func (r *SslPoliciesService) Patch(project string, sslPolicy string, sslpolicy *SslPolicy) *SslPoliciesPatchCall {
-	c := &SslPoliciesPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - project: Project ID for this request.
+// - resource: Name or id of the resource for this request.
+// - zone: The name of the zone for this request.
+func (r *StoragePoolsService) SetIamPolicy(project string, zone string, resource string, zonesetpolicyrequest *ZoneSetPolicyRequest) *StoragePoolsSetIamPolicyCall {
+	c := &StoragePoolsSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
-	c.sslPolicy = sslPolicy
-	c.sslpolicy = sslpolicy
+	c.zone = zone
+	c.resource = resource
+	c.zonesetpolicyrequest = zonesetpolicyrequest
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *StoragePoolsSetIamPolicyCall) Fields(s ...googleapi.Field) *StoragePoolsSetIamPolicyCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *StoragePoolsSetIamPolicyCall) Context(ctx context.Context) *StoragePoolsSetIamPolicyCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *StoragePoolsSetIamPolicyCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *StoragePoolsSetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.zonesetpolicyrequest)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/storagePools/{resource}/setIamPolicy")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":  c.project,
+		"zone":     c.zone,
+		"resource": c.resource,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.storagePools.setIamPolicy" call.
+// Exactly one of *Policy or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Policy.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *StoragePoolsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Policy{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Sets the access control policy on the specified resource. Replaces any existing policy.",
+	//   "flatPath": "projects/{project}/zones/{zone}/storagePools/{resource}/setIamPolicy",
+	//   "httpMethod": "POST",
+	//   "id": "compute.storagePools.setIamPolicy",
+	//   "parameterOrder": [
+	//     "project",
+	//     "zone",
+	//     "resource"
+	//   ],
+	//   "parameters": {
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "resource": {
+	//       "description": "Name or id of the resource for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "zone": {
+	//       "description": "The name of the zone for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/zones/{zone}/storagePools/{resource}/setIamPolicy",
+	//   "request": {
+	//     "$ref": "ZoneSetPolicyRequest"
+	//   },
+	//   "response": {
+	//     "$ref": "Policy"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.storagePools.setLabels":
+
+type StoragePoolsSetLabelsCall struct {
+	s                    *Service
+	project              string
+	zone                 string
+	resource             string
+	zonesetlabelsrequest *ZoneSetLabelsRequest
+	urlParams_           gensupport.URLParams
+	ctx_                 context.Context
+	header_              http.Header
+}
+
+// SetLabels: Sets the labels on a storage pools. To learn more about
+// labels, read the Labeling Resources documentation.
+//
+// - project: Project ID for this request.
+// - resource: Name or id of the resource for this request.
+// - zone: The name of the zone for this request.
+func (r *StoragePoolsService) SetLabels(project string, zone string, resource string, zonesetlabelsrequest *ZoneSetLabelsRequest) *StoragePoolsSetLabelsCall {
+	c := &StoragePoolsSetLabelsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.zone = zone
+	c.resource = resource
+	c.zonesetlabelsrequest = zonesetlabelsrequest
 	return c
 }
 
@@ -215719,7 +225484,7 @@ func (r *SslPoliciesService) Patch(project string, sslPolicy string, sslpolicy *
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *SslPoliciesPatchCall) RequestId(requestId string) *SslPoliciesPatchCall {
+func (c *StoragePoolsSetLabelsCall) RequestId(requestId string) *StoragePoolsSetLabelsCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -215727,7 +225492,7 @@ func (c *SslPoliciesPatchCall) RequestId(requestId string) *SslPoliciesPatchCall
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *SslPoliciesPatchCall) Fields(s ...googleapi.Field) *SslPoliciesPatchCall {
+func (c *StoragePoolsSetLabelsCall) Fields(s ...googleapi.Field) *StoragePoolsSetLabelsCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -215735,21 +225500,21 @@ func (c *SslPoliciesPatchCall) Fields(s ...googleapi.Field) *SslPoliciesPatchCal
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *SslPoliciesPatchCall) Context(ctx context.Context) *SslPoliciesPatchCall {
+func (c *StoragePoolsSetLabelsCall) Context(ctx context.Context) *StoragePoolsSetLabelsCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *SslPoliciesPatchCall) Header() http.Header {
+func (c *StoragePoolsSetLabelsCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *SslPoliciesPatchCall) doRequest(alt string) (*http.Response, error) {
+func (c *StoragePoolsSetLabelsCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -215757,14 +225522,381 @@ func (c *SslPoliciesPatchCall) doRequest(alt string) (*http.Response, error) {
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.sslpolicy)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.zonesetlabelsrequest)
 	if err != nil {
 		return nil, err
 	}
 	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/sslPolicies/{sslPolicy}")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/storagePools/{resource}/setLabels")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":  c.project,
+		"zone":     c.zone,
+		"resource": c.resource,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.storagePools.setLabels" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *StoragePoolsSetLabelsCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Sets the labels on a storage pools. To learn more about labels, read the Labeling Resources documentation.",
+	//   "flatPath": "projects/{project}/zones/{zone}/storagePools/{resource}/setLabels",
+	//   "httpMethod": "POST",
+	//   "id": "compute.storagePools.setLabels",
+	//   "parameterOrder": [
+	//     "project",
+	//     "zone",
+	//     "resource"
+	//   ],
+	//   "parameters": {
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "resource": {
+	//       "description": "Name or id of the resource for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "zone": {
+	//       "description": "The name of the zone for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/zones/{zone}/storagePools/{resource}/setLabels",
+	//   "request": {
+	//     "$ref": "ZoneSetLabelsRequest"
+	//   },
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.storagePools.testIamPermissions":
+
+type StoragePoolsTestIamPermissionsCall struct {
+	s                      *Service
+	project                string
+	zone                   string
+	resource               string
+	testpermissionsrequest *TestPermissionsRequest
+	urlParams_             gensupport.URLParams
+	ctx_                   context.Context
+	header_                http.Header
+}
+
+// TestIamPermissions: Returns permissions that a caller has on the
+// specified resource.
+//
+// - project: Project ID for this request.
+// - resource: Name or id of the resource for this request.
+// - zone: The name of the zone for this request.
+func (r *StoragePoolsService) TestIamPermissions(project string, zone string, resource string, testpermissionsrequest *TestPermissionsRequest) *StoragePoolsTestIamPermissionsCall {
+	c := &StoragePoolsTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.zone = zone
+	c.resource = resource
+	c.testpermissionsrequest = testpermissionsrequest
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *StoragePoolsTestIamPermissionsCall) Fields(s ...googleapi.Field) *StoragePoolsTestIamPermissionsCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *StoragePoolsTestIamPermissionsCall) Context(ctx context.Context) *StoragePoolsTestIamPermissionsCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *StoragePoolsTestIamPermissionsCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *StoragePoolsTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.testpermissionsrequest)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/storagePools/{resource}/testIamPermissions")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":  c.project,
+		"zone":     c.zone,
+		"resource": c.resource,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.storagePools.testIamPermissions" call.
+// Exactly one of *TestPermissionsResponse or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *TestPermissionsResponse.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *StoragePoolsTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestPermissionsResponse, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &TestPermissionsResponse{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Returns permissions that a caller has on the specified resource.",
+	//   "flatPath": "projects/{project}/zones/{zone}/storagePools/{resource}/testIamPermissions",
+	//   "httpMethod": "POST",
+	//   "id": "compute.storagePools.testIamPermissions",
+	//   "parameterOrder": [
+	//     "project",
+	//     "zone",
+	//     "resource"
+	//   ],
+	//   "parameters": {
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "resource": {
+	//       "description": "Name or id of the resource for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "zone": {
+	//       "description": "The name of the zone for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/zones/{zone}/storagePools/{resource}/testIamPermissions",
+	//   "request": {
+	//     "$ref": "TestPermissionsRequest"
+	//   },
+	//   "response": {
+	//     "$ref": "TestPermissionsResponse"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
+	//   ]
+	// }
+
+}
+
+// method id "compute.storagePools.update":
+
+type StoragePoolsUpdateCall struct {
+	s           *Service
+	project     string
+	zone        string
+	storagePool string
+	storagepool *StoragePool
+	urlParams_  gensupport.URLParams
+	ctx_        context.Context
+	header_     http.Header
+}
+
+// Update: Updates the specified storagePool with the data included in
+// the request. The update is performed only on selected fields included
+// as part of update-mask. Only the following fields can be modified:
+// size_tb and provisioned_iops.
+//
+// - project: Project ID for this request.
+// - storagePool: The storagePool name for this request.
+// - zone: The name of the zone for this request.
+func (r *StoragePoolsService) Update(project string, zone string, storagePool string, storagepool *StoragePool) *StoragePoolsUpdateCall {
+	c := &StoragePoolsUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.zone = zone
+	c.storagePool = storagePool
+	c.storagepool = storagepool
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *StoragePoolsUpdateCall) RequestId(requestId string) *StoragePoolsUpdateCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// UpdateMask sets the optional parameter "updateMask": update_mask
+// indicates fields to be updated as part of this request.
+func (c *StoragePoolsUpdateCall) UpdateMask(updateMask string) *StoragePoolsUpdateCall {
+	c.urlParams_.Set("updateMask", updateMask)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *StoragePoolsUpdateCall) Fields(s ...googleapi.Field) *StoragePoolsUpdateCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *StoragePoolsUpdateCall) Context(ctx context.Context) *StoragePoolsUpdateCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *StoragePoolsUpdateCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *StoragePoolsUpdateCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.storagepool)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/storagePools/{storagePool}")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("PATCH", urls, body)
 	if err != nil {
@@ -215772,20 +225904,21 @@ func (c *SslPoliciesPatchCall) doRequest(alt string) (*http.Response, error) {
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project":   c.project,
-		"sslPolicy": c.sslPolicy,
+		"project":     c.project,
+		"zone":        c.zone,
+		"storagePool": c.storagePool,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.sslPolicies.patch" call.
+// Do executes the "compute.storagePools.update" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *SslPoliciesPatchCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *StoragePoolsUpdateCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -215816,13 +225949,14 @@ func (c *SslPoliciesPatchCall) Do(opts ...googleapi.CallOption) (*Operation, err
 	}
 	return ret, nil
 	// {
-	//   "description": "Patches the specified SSL policy with the data included in the request.",
-	//   "flatPath": "projects/{project}/global/sslPolicies/{sslPolicy}",
+	//   "description": "Updates the specified storagePool with the data included in the request. The update is performed only on selected fields included as part of update-mask. Only the following fields can be modified: size_tb and provisioned_iops.",
+	//   "flatPath": "projects/{project}/zones/{zone}/storagePools/{storagePool}",
 	//   "httpMethod": "PATCH",
-	//   "id": "compute.sslPolicies.patch",
+	//   "id": "compute.storagePools.update",
 	//   "parameterOrder": [
 	//     "project",
-	//     "sslPolicy"
+	//     "zone",
+	//     "storagePool"
 	//   ],
 	//   "parameters": {
 	//     "project": {
@@ -215837,180 +225971,37 @@ func (c *SslPoliciesPatchCall) Do(opts ...googleapi.CallOption) (*Operation, err
 	//       "location": "query",
 	//       "type": "string"
 	//     },
-	//     "sslPolicy": {
-	//       "description": "Name of the SSL policy to update. The name must be 1-63 characters long, and comply with RFC1035.",
+	//     "storagePool": {
+	//       "description": "The storagePool name for this request.",
 	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 	//       "required": true,
 	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "projects/{project}/global/sslPolicies/{sslPolicy}",
-	//   "request": {
-	//     "$ref": "SslPolicy"
-	//   },
-	//   "response": {
-	//     "$ref": "Operation"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/compute"
-	//   ]
-	// }
-
-}
-
-// method id "compute.sslPolicies.testIamPermissions":
-
-type SslPoliciesTestIamPermissionsCall struct {
-	s                      *Service
-	project                string
-	resource               string
-	testpermissionsrequest *TestPermissionsRequest
-	urlParams_             gensupport.URLParams
-	ctx_                   context.Context
-	header_                http.Header
-}
-
-// TestIamPermissions: Returns permissions that a caller has on the
-// specified resource.
-//
-// - project: Project ID for this request.
-// - resource: Name or id of the resource for this request.
-func (r *SslPoliciesService) TestIamPermissions(project string, resource string, testpermissionsrequest *TestPermissionsRequest) *SslPoliciesTestIamPermissionsCall {
-	c := &SslPoliciesTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.project = project
-	c.resource = resource
-	c.testpermissionsrequest = testpermissionsrequest
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *SslPoliciesTestIamPermissionsCall) Fields(s ...googleapi.Field) *SslPoliciesTestIamPermissionsCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *SslPoliciesTestIamPermissionsCall) Context(ctx context.Context) *SslPoliciesTestIamPermissionsCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *SslPoliciesTestIamPermissionsCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *SslPoliciesTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.testpermissionsrequest)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/sslPolicies/{resource}/testIamPermissions")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("POST", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"project":  c.project,
-		"resource": c.resource,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "compute.sslPolicies.testIamPermissions" call.
-// Exactly one of *TestPermissionsResponse or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *TestPermissionsResponse.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *SslPoliciesTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestPermissionsResponse, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &TestPermissionsResponse{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Returns permissions that a caller has on the specified resource.",
-	//   "flatPath": "projects/{project}/global/sslPolicies/{resource}/testIamPermissions",
-	//   "httpMethod": "POST",
-	//   "id": "compute.sslPolicies.testIamPermissions",
-	//   "parameterOrder": [
-	//     "project",
-	//     "resource"
-	//   ],
-	//   "parameters": {
-	//     "project": {
-	//       "description": "Project ID for this request.",
-	//       "location": "path",
-	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-	//       "required": true,
+	//     },
+	//     "updateMask": {
+	//       "description": "update_mask indicates fields to be updated as part of this request.",
+	//       "format": "google-fieldmask",
+	//       "location": "query",
 	//       "type": "string"
 	//     },
-	//     "resource": {
-	//       "description": "Name or id of the resource for this request.",
+	//     "zone": {
+	//       "description": "The name of the zone for this request.",
 	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9_]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
 	//       "required": true,
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/global/sslPolicies/{resource}/testIamPermissions",
+	//   "path": "projects/{project}/zones/{zone}/storagePools/{storagePool}",
 	//   "request": {
-	//     "$ref": "TestPermissionsRequest"
+	//     "$ref": "StoragePool"
 	//   },
 	//   "response": {
-	//     "$ref": "TestPermissionsResponse"
+	//     "$ref": "Operation"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/compute",
-	//     "https://www.googleapis.com/auth/compute.readonly"
+	//     "https://www.googleapis.com/auth/compute"
 	//   ]
 	// }
 
@@ -216693,8 +226684,7 @@ type SubnetworksGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified subnetwork. Gets a list of available
-// subnetworks list() request.
+// Get: Returns the specified subnetwork.
 //
 // - project: Project ID for this request.
 // - region: Name of the region scoping this request.
@@ -216808,7 +226798,7 @@ func (c *SubnetworksGetCall) Do(opts ...googleapi.CallOption) (*Subnetwork, erro
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified subnetwork. Gets a list of available subnetworks list() request.",
+	//   "description": "Returns the specified subnetwork.",
 	//   "flatPath": "projects/{project}/regions/{region}/subnetworks/{subnetwork}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.subnetworks.get",
@@ -220123,8 +230113,7 @@ type TargetHttpProxiesGetCall struct {
 	header_         http.Header
 }
 
-// Get: Returns the specified TargetHttpProxy resource. Gets a list of
-// available target HTTP proxies by making a list() request.
+// Get: Returns the specified TargetHttpProxy resource.
 //
 // - project: Project ID for this request.
 // - targetHttpProxy: Name of the TargetHttpProxy resource to return.
@@ -220235,7 +230224,7 @@ func (c *TargetHttpProxiesGetCall) Do(opts ...googleapi.CallOption) (*TargetHttp
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified TargetHttpProxy resource. Gets a list of available target HTTP proxies by making a list() request.",
+	//   "description": "Returns the specified TargetHttpProxy resource.",
 	//   "flatPath": "projects/{project}/global/targetHttpProxies/{targetHttpProxy}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.targetHttpProxies.get",
@@ -221704,8 +231693,7 @@ type TargetHttpsProxiesGetCall struct {
 	header_          http.Header
 }
 
-// Get: Returns the specified TargetHttpsProxy resource. Gets a list of
-// available target HTTPS proxies by making a list() request.
+// Get: Returns the specified TargetHttpsProxy resource.
 //
 // - project: Project ID for this request.
 // - targetHttpsProxy: Name of the TargetHttpsProxy resource to return.
@@ -221816,7 +231804,7 @@ func (c *TargetHttpsProxiesGetCall) Do(opts ...googleapi.CallOption) (*TargetHtt
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified TargetHttpsProxy resource. Gets a list of available target HTTPS proxies by making a list() request.",
+	//   "description": "Returns the specified TargetHttpsProxy resource.",
 	//   "flatPath": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.targetHttpsProxies.get",
@@ -224009,8 +233997,7 @@ type TargetInstancesGetCall struct {
 	header_        http.Header
 }
 
-// Get: Returns the specified TargetInstance resource. Gets a list of
-// available target instances by making a list() request.
+// Get: Returns the specified TargetInstance resource.
 //
 // - project: Project ID for this request.
 // - targetInstance: Name of the TargetInstance resource to return.
@@ -224124,7 +234111,7 @@ func (c *TargetInstancesGetCall) Do(opts ...googleapi.CallOption) (*TargetInstan
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified TargetInstance resource. Gets a list of available target instances by making a list() request.",
+	//   "description": "Returns the specified TargetInstance resource.",
 	//   "flatPath": "projects/{project}/zones/{zone}/targetInstances/{targetInstance}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.targetInstances.get",
@@ -224638,6 +234625,196 @@ func (c *TargetInstancesListCall) Pages(ctx context.Context, f func(*TargetInsta
 	}
 }
 
+// method id "compute.targetInstances.setSecurityPolicy":
+
+type TargetInstancesSetSecurityPolicyCall struct {
+	s                       *Service
+	project                 string
+	zone                    string
+	targetInstance          string
+	securitypolicyreference *SecurityPolicyReference
+	urlParams_              gensupport.URLParams
+	ctx_                    context.Context
+	header_                 http.Header
+}
+
+// SetSecurityPolicy: Sets the Google Cloud Armor security policy for
+// the specified target instance. For more information, see Google Cloud
+// Armor Overview
+//
+//   - project: Project ID for this request.
+//   - targetInstance: Name of the TargetInstance resource to which the
+//     security policy should be set. The name should conform to RFC1035.
+//   - zone: Name of the zone scoping this request.
+func (r *TargetInstancesService) SetSecurityPolicy(project string, zone string, targetInstance string, securitypolicyreference *SecurityPolicyReference) *TargetInstancesSetSecurityPolicyCall {
+	c := &TargetInstancesSetSecurityPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.zone = zone
+	c.targetInstance = targetInstance
+	c.securitypolicyreference = securitypolicyreference
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *TargetInstancesSetSecurityPolicyCall) RequestId(requestId string) *TargetInstancesSetSecurityPolicyCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *TargetInstancesSetSecurityPolicyCall) Fields(s ...googleapi.Field) *TargetInstancesSetSecurityPolicyCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *TargetInstancesSetSecurityPolicyCall) Context(ctx context.Context) *TargetInstancesSetSecurityPolicyCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *TargetInstancesSetSecurityPolicyCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *TargetInstancesSetSecurityPolicyCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.securitypolicyreference)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/targetInstances/{targetInstance}/setSecurityPolicy")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":        c.project,
+		"zone":           c.zone,
+		"targetInstance": c.targetInstance,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.targetInstances.setSecurityPolicy" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *TargetInstancesSetSecurityPolicyCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Sets the Google Cloud Armor security policy for the specified target instance. For more information, see Google Cloud Armor Overview",
+	//   "flatPath": "projects/{project}/zones/{zone}/targetInstances/{targetInstance}/setSecurityPolicy",
+	//   "httpMethod": "POST",
+	//   "id": "compute.targetInstances.setSecurityPolicy",
+	//   "parameterOrder": [
+	//     "project",
+	//     "zone",
+	//     "targetInstance"
+	//   ],
+	//   "parameters": {
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "targetInstance": {
+	//       "description": "Name of the TargetInstance resource to which the security policy should be set. The name should conform to RFC1035.",
+	//       "location": "path",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "zone": {
+	//       "description": "Name of the zone scoping this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/zones/{zone}/targetInstances/{targetInstance}/setSecurityPolicy",
+	//   "request": {
+	//     "$ref": "SecurityPolicyReference"
+	//   },
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
 // method id "compute.targetInstances.testIamPermissions":
 
 type TargetInstancesTestIamPermissionsCall struct {
@@ -225671,8 +235848,7 @@ type TargetPoolsGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified target pool. Gets a list of available
-// target pools by making a list() request.
+// Get: Returns the specified target pool.
 //
 // - project: Project ID for this request.
 // - region: Name of the region scoping this request.
@@ -225786,7 +235962,7 @@ func (c *TargetPoolsGetCall) Do(opts ...googleapi.CallOption) (*TargetPool, erro
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified target pool. Gets a list of available target pools by making a list() request.",
+	//   "description": "Returns the specified target pool.",
 	//   "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.targetPools.get",
@@ -226606,205 +236782,407 @@ func (c *TargetPoolsRemoveHealthCheckCall) Do(opts ...googleapi.CallOption) (*Op
 	}
 	return ret, nil
 	// {
-	//   "description": "Removes health check URL from a target pool.",
-	//   "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}/removeHealthCheck",
+	//   "description": "Removes health check URL from a target pool.",
+	//   "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}/removeHealthCheck",
+	//   "httpMethod": "POST",
+	//   "id": "compute.targetPools.removeHealthCheck",
+	//   "parameterOrder": [
+	//     "project",
+	//     "region",
+	//     "targetPool"
+	//   ],
+	//   "parameters": {
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "region": {
+	//       "description": "Name of the region for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "targetPool": {
+	//       "description": "Name of the target pool to remove health checks from.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/regions/{region}/targetPools/{targetPool}/removeHealthCheck",
+	//   "request": {
+	//     "$ref": "TargetPoolsRemoveHealthCheckRequest"
+	//   },
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.targetPools.removeInstance":
+
+type TargetPoolsRemoveInstanceCall struct {
+	s                                *Service
+	project                          string
+	region                           string
+	targetPool                       string
+	targetpoolsremoveinstancerequest *TargetPoolsRemoveInstanceRequest
+	urlParams_                       gensupport.URLParams
+	ctx_                             context.Context
+	header_                          http.Header
+}
+
+// RemoveInstance: Removes instance URL from a target pool.
+//
+//   - project: Project ID for this request.
+//   - region: Name of the region scoping this request.
+//   - targetPool: Name of the TargetPool resource to remove instances
+//     from.
+func (r *TargetPoolsService) RemoveInstance(project string, region string, targetPool string, targetpoolsremoveinstancerequest *TargetPoolsRemoveInstanceRequest) *TargetPoolsRemoveInstanceCall {
+	c := &TargetPoolsRemoveInstanceCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.region = region
+	c.targetPool = targetPool
+	c.targetpoolsremoveinstancerequest = targetpoolsremoveinstancerequest
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *TargetPoolsRemoveInstanceCall) RequestId(requestId string) *TargetPoolsRemoveInstanceCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *TargetPoolsRemoveInstanceCall) Fields(s ...googleapi.Field) *TargetPoolsRemoveInstanceCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *TargetPoolsRemoveInstanceCall) Context(ctx context.Context) *TargetPoolsRemoveInstanceCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *TargetPoolsRemoveInstanceCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *TargetPoolsRemoveInstanceCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.targetpoolsremoveinstancerequest)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/targetPools/{targetPool}/removeInstance")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":    c.project,
+		"region":     c.region,
+		"targetPool": c.targetPool,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.targetPools.removeInstance" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *TargetPoolsRemoveInstanceCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Removes instance URL from a target pool.",
+	//   "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}/removeInstance",
+	//   "httpMethod": "POST",
+	//   "id": "compute.targetPools.removeInstance",
+	//   "parameterOrder": [
+	//     "project",
+	//     "region",
+	//     "targetPool"
+	//   ],
+	//   "parameters": {
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "region": {
+	//       "description": "Name of the region scoping this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "targetPool": {
+	//       "description": "Name of the TargetPool resource to remove instances from.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/regions/{region}/targetPools/{targetPool}/removeInstance",
+	//   "request": {
+	//     "$ref": "TargetPoolsRemoveInstanceRequest"
+	//   },
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.targetPools.setBackup":
+
+type TargetPoolsSetBackupCall struct {
+	s               *Service
+	project         string
+	region          string
+	targetPool      string
+	targetreference *TargetReference
+	urlParams_      gensupport.URLParams
+	ctx_            context.Context
+	header_         http.Header
+}
+
+// SetBackup: Changes a backup target pool's configurations.
+//
+//   - project: Project ID for this request.
+//   - region: Name of the region scoping this request.
+//   - targetPool: Name of the TargetPool resource to set a backup pool
+//     for.
+func (r *TargetPoolsService) SetBackup(project string, region string, targetPool string, targetreference *TargetReference) *TargetPoolsSetBackupCall {
+	c := &TargetPoolsSetBackupCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.region = region
+	c.targetPool = targetPool
+	c.targetreference = targetreference
+	return c
+}
+
+// FailoverRatio sets the optional parameter "failoverRatio": New
+// failoverRatio value for the target pool.
+func (c *TargetPoolsSetBackupCall) FailoverRatio(failoverRatio float64) *TargetPoolsSetBackupCall {
+	c.urlParams_.Set("failoverRatio", fmt.Sprint(failoverRatio))
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *TargetPoolsSetBackupCall) RequestId(requestId string) *TargetPoolsSetBackupCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *TargetPoolsSetBackupCall) Fields(s ...googleapi.Field) *TargetPoolsSetBackupCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *TargetPoolsSetBackupCall) Context(ctx context.Context) *TargetPoolsSetBackupCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *TargetPoolsSetBackupCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *TargetPoolsSetBackupCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.targetreference)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/targetPools/{targetPool}/setBackup")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":    c.project,
+		"region":     c.region,
+		"targetPool": c.targetPool,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.targetPools.setBackup" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *TargetPoolsSetBackupCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Changes a backup target pool's configurations.",
+	//   "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}/setBackup",
 	//   "httpMethod": "POST",
-	//   "id": "compute.targetPools.removeHealthCheck",
+	//   "id": "compute.targetPools.setBackup",
 	//   "parameterOrder": [
 	//     "project",
 	//     "region",
 	//     "targetPool"
 	//   ],
 	//   "parameters": {
-	//     "project": {
-	//       "description": "Project ID for this request.",
-	//       "location": "path",
-	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "region": {
-	//       "description": "Name of the region for this request.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "requestId": {
-	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//     "failoverRatio": {
+	//       "description": "New failoverRatio value for the target pool.",
+	//       "format": "float",
 	//       "location": "query",
-	//       "type": "string"
+	//       "type": "number"
 	//     },
-	//     "targetPool": {
-	//       "description": "Name of the target pool to remove health checks from.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-	//       "required": true,
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "projects/{project}/regions/{region}/targetPools/{targetPool}/removeHealthCheck",
-	//   "request": {
-	//     "$ref": "TargetPoolsRemoveHealthCheckRequest"
-	//   },
-	//   "response": {
-	//     "$ref": "Operation"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/compute"
-	//   ]
-	// }
-
-}
-
-// method id "compute.targetPools.removeInstance":
-
-type TargetPoolsRemoveInstanceCall struct {
-	s                                *Service
-	project                          string
-	region                           string
-	targetPool                       string
-	targetpoolsremoveinstancerequest *TargetPoolsRemoveInstanceRequest
-	urlParams_                       gensupport.URLParams
-	ctx_                             context.Context
-	header_                          http.Header
-}
-
-// RemoveInstance: Removes instance URL from a target pool.
-//
-//   - project: Project ID for this request.
-//   - region: Name of the region scoping this request.
-//   - targetPool: Name of the TargetPool resource to remove instances
-//     from.
-func (r *TargetPoolsService) RemoveInstance(project string, region string, targetPool string, targetpoolsremoveinstancerequest *TargetPoolsRemoveInstanceRequest) *TargetPoolsRemoveInstanceCall {
-	c := &TargetPoolsRemoveInstanceCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.project = project
-	c.region = region
-	c.targetPool = targetPool
-	c.targetpoolsremoveinstancerequest = targetpoolsremoveinstancerequest
-	return c
-}
-
-// RequestId sets the optional parameter "requestId": An optional
-// request ID to identify requests. Specify a unique request ID so that
-// if you must retry your request, the server will know to ignore the
-// request if it has already been completed. For example, consider a
-// situation where you make an initial request and the request times
-// out. If you make the request again with the same request ID, the
-// server can check if original operation with the same request ID was
-// received, and if so, will ignore the second request. This prevents
-// clients from accidentally creating duplicate commitments. The request
-// ID must be a valid UUID with the exception that zero UUID is not
-// supported ( 00000000-0000-0000-0000-000000000000).
-func (c *TargetPoolsRemoveInstanceCall) RequestId(requestId string) *TargetPoolsRemoveInstanceCall {
-	c.urlParams_.Set("requestId", requestId)
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *TargetPoolsRemoveInstanceCall) Fields(s ...googleapi.Field) *TargetPoolsRemoveInstanceCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *TargetPoolsRemoveInstanceCall) Context(ctx context.Context) *TargetPoolsRemoveInstanceCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *TargetPoolsRemoveInstanceCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *TargetPoolsRemoveInstanceCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.targetpoolsremoveinstancerequest)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/targetPools/{targetPool}/removeInstance")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("POST", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"project":    c.project,
-		"region":     c.region,
-		"targetPool": c.targetPool,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "compute.targetPools.removeInstance" call.
-// Exactly one of *Operation or error will be non-nil. Any non-2xx
-// status code is an error. Response headers are in either
-// *Operation.ServerResponse.Header or (if a response was returned at
-// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
-// to check whether the returned error was because
-// http.StatusNotModified was returned.
-func (c *TargetPoolsRemoveInstanceCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &Operation{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Removes instance URL from a target pool.",
-	//   "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}/removeInstance",
-	//   "httpMethod": "POST",
-	//   "id": "compute.targetPools.removeInstance",
-	//   "parameterOrder": [
-	//     "project",
-	//     "region",
-	//     "targetPool"
-	//   ],
-	//   "parameters": {
 	//     "project": {
 	//       "description": "Project ID for this request.",
 	//       "location": "path",
@@ -226825,16 +237203,16 @@ func (c *TargetPoolsRemoveInstanceCall) Do(opts ...googleapi.CallOption) (*Opera
 	//       "type": "string"
 	//     },
 	//     "targetPool": {
-	//       "description": "Name of the TargetPool resource to remove instances from.",
+	//       "description": "Name of the TargetPool resource to set a backup pool for.",
 	//       "location": "path",
 	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 	//       "required": true,
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/regions/{region}/targetPools/{targetPool}/removeInstance",
+	//   "path": "projects/{project}/regions/{region}/targetPools/{targetPool}/setBackup",
 	//   "request": {
-	//     "$ref": "TargetPoolsRemoveInstanceRequest"
+	//     "$ref": "TargetReference"
 	//   },
 	//   "response": {
 	//     "$ref": "Operation"
@@ -226847,38 +237225,33 @@ func (c *TargetPoolsRemoveInstanceCall) Do(opts ...googleapi.CallOption) (*Opera
 
 }
 
-// method id "compute.targetPools.setBackup":
+// method id "compute.targetPools.setSecurityPolicy":
 
-type TargetPoolsSetBackupCall struct {
-	s               *Service
-	project         string
-	region          string
-	targetPool      string
-	targetreference *TargetReference
-	urlParams_      gensupport.URLParams
-	ctx_            context.Context
-	header_         http.Header
+type TargetPoolsSetSecurityPolicyCall struct {
+	s                       *Service
+	project                 string
+	region                  string
+	targetPool              string
+	securitypolicyreference *SecurityPolicyReference
+	urlParams_              gensupport.URLParams
+	ctx_                    context.Context
+	header_                 http.Header
 }
 
-// SetBackup: Changes a backup target pool's configurations.
+// SetSecurityPolicy: Sets the Google Cloud Armor security policy for
+// the specified target pool. For more information, see Google Cloud
+// Armor Overview
 //
 //   - project: Project ID for this request.
 //   - region: Name of the region scoping this request.
-//   - targetPool: Name of the TargetPool resource to set a backup pool
-//     for.
-func (r *TargetPoolsService) SetBackup(project string, region string, targetPool string, targetreference *TargetReference) *TargetPoolsSetBackupCall {
-	c := &TargetPoolsSetBackupCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+//   - targetPool: Name of the TargetPool resource to which the security
+//     policy should be set. The name should conform to RFC1035.
+func (r *TargetPoolsService) SetSecurityPolicy(project string, region string, targetPool string, securitypolicyreference *SecurityPolicyReference) *TargetPoolsSetSecurityPolicyCall {
+	c := &TargetPoolsSetSecurityPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.region = region
 	c.targetPool = targetPool
-	c.targetreference = targetreference
-	return c
-}
-
-// FailoverRatio sets the optional parameter "failoverRatio": New
-// failoverRatio value for the target pool.
-func (c *TargetPoolsSetBackupCall) FailoverRatio(failoverRatio float64) *TargetPoolsSetBackupCall {
-	c.urlParams_.Set("failoverRatio", fmt.Sprint(failoverRatio))
+	c.securitypolicyreference = securitypolicyreference
 	return c
 }
 
@@ -226893,7 +237266,7 @@ func (c *TargetPoolsSetBackupCall) FailoverRatio(failoverRatio float64) *TargetP
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *TargetPoolsSetBackupCall) RequestId(requestId string) *TargetPoolsSetBackupCall {
+func (c *TargetPoolsSetSecurityPolicyCall) RequestId(requestId string) *TargetPoolsSetSecurityPolicyCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -226901,7 +237274,7 @@ func (c *TargetPoolsSetBackupCall) RequestId(requestId string) *TargetPoolsSetBa
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *TargetPoolsSetBackupCall) Fields(s ...googleapi.Field) *TargetPoolsSetBackupCall {
+func (c *TargetPoolsSetSecurityPolicyCall) Fields(s ...googleapi.Field) *TargetPoolsSetSecurityPolicyCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -226909,21 +237282,21 @@ func (c *TargetPoolsSetBackupCall) Fields(s ...googleapi.Field) *TargetPoolsSetB
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *TargetPoolsSetBackupCall) Context(ctx context.Context) *TargetPoolsSetBackupCall {
+func (c *TargetPoolsSetSecurityPolicyCall) Context(ctx context.Context) *TargetPoolsSetSecurityPolicyCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *TargetPoolsSetBackupCall) Header() http.Header {
+func (c *TargetPoolsSetSecurityPolicyCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *TargetPoolsSetBackupCall) doRequest(alt string) (*http.Response, error) {
+func (c *TargetPoolsSetSecurityPolicyCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -226931,14 +237304,14 @@ func (c *TargetPoolsSetBackupCall) doRequest(alt string) (*http.Response, error)
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.targetreference)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.securitypolicyreference)
 	if err != nil {
 		return nil, err
 	}
 	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/targetPools/{targetPool}/setBackup")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/targetPools/{targetPool}/setSecurityPolicy")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -226953,14 +237326,14 @@ func (c *TargetPoolsSetBackupCall) doRequest(alt string) (*http.Response, error)
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.targetPools.setBackup" call.
+// Do executes the "compute.targetPools.setSecurityPolicy" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *TargetPoolsSetBackupCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *TargetPoolsSetSecurityPolicyCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -226991,22 +237364,16 @@ func (c *TargetPoolsSetBackupCall) Do(opts ...googleapi.CallOption) (*Operation,
 	}
 	return ret, nil
 	// {
-	//   "description": "Changes a backup target pool's configurations.",
-	//   "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}/setBackup",
+	//   "description": "Sets the Google Cloud Armor security policy for the specified target pool. For more information, see Google Cloud Armor Overview",
+	//   "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}/setSecurityPolicy",
 	//   "httpMethod": "POST",
-	//   "id": "compute.targetPools.setBackup",
+	//   "id": "compute.targetPools.setSecurityPolicy",
 	//   "parameterOrder": [
 	//     "project",
 	//     "region",
 	//     "targetPool"
 	//   ],
 	//   "parameters": {
-	//     "failoverRatio": {
-	//       "description": "New failoverRatio value for the target pool.",
-	//       "format": "float",
-	//       "location": "query",
-	//       "type": "number"
-	//     },
 	//     "project": {
 	//       "description": "Project ID for this request.",
 	//       "location": "path",
@@ -227027,16 +237394,15 @@ func (c *TargetPoolsSetBackupCall) Do(opts ...googleapi.CallOption) (*Operation,
 	//       "type": "string"
 	//     },
 	//     "targetPool": {
-	//       "description": "Name of the TargetPool resource to set a backup pool for.",
+	//       "description": "Name of the TargetPool resource to which the security policy should be set. The name should conform to RFC1035.",
 	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 	//       "required": true,
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/regions/{region}/targetPools/{targetPool}/setBackup",
+	//   "path": "projects/{project}/regions/{region}/targetPools/{targetPool}/setSecurityPolicy",
 	//   "request": {
-	//     "$ref": "TargetReference"
+	//     "$ref": "SecurityPolicyReference"
 	//   },
 	//   "response": {
 	//     "$ref": "Operation"
@@ -227396,8 +237762,7 @@ type TargetSslProxiesGetCall struct {
 	header_        http.Header
 }
 
-// Get: Returns the specified TargetSslProxy resource. Gets a list of
-// available target SSL proxies by making a list() request.
+// Get: Returns the specified TargetSslProxy resource.
 //
 // - project: Project ID for this request.
 // - targetSslProxy: Name of the TargetSslProxy resource to return.
@@ -227508,7 +237873,7 @@ func (c *TargetSslProxiesGetCall) Do(opts ...googleapi.CallOption) (*TargetSslPr
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified TargetSslProxy resource. Gets a list of available target SSL proxies by making a list() request.",
+	//   "description": "Returns the specified TargetSslProxy resource.",
 	//   "flatPath": "projects/{project}/global/targetSslProxies/{targetSslProxy}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.targetSslProxies.get",
@@ -229511,8 +239876,7 @@ type TargetTcpProxiesGetCall struct {
 	header_        http.Header
 }
 
-// Get: Returns the specified TargetTcpProxy resource. Gets a list of
-// available target TCP proxies by making a list() request.
+// Get: Returns the specified TargetTcpProxy resource.
 //
 // - project: Project ID for this request.
 // - targetTcpProxy: Name of the TargetTcpProxy resource to return.
@@ -229623,7 +239987,7 @@ func (c *TargetTcpProxiesGetCall) Do(opts ...googleapi.CallOption) (*TargetTcpPr
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified TargetTcpProxy resource. Gets a list of available target TCP proxies by making a list() request.",
+	//   "description": "Returns the specified TargetTcpProxy resource.",
 	//   "flatPath": "projects/{project}/global/targetTcpProxies/{targetTcpProxy}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.targetTcpProxies.get",
@@ -231104,8 +241468,7 @@ type TargetVpnGatewaysGetCall struct {
 	header_          http.Header
 }
 
-// Get: Returns the specified target VPN gateway. Gets a list of
-// available target VPN gateways by making a list() request.
+// Get: Returns the specified target VPN gateway.
 //
 // - project: Project ID for this request.
 // - region: Name of the region for this request.
@@ -231219,7 +241582,7 @@ func (c *TargetVpnGatewaysGetCall) Do(opts ...googleapi.CallOption) (*TargetVpnG
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified target VPN gateway. Gets a list of available target VPN gateways by making a list() request.",
+	//   "description": "Returns the specified target VPN gateway.",
 	//   "flatPath": "projects/{project}/regions/{region}/targetVpnGateways/{targetVpnGateway}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.targetVpnGateways.get",
@@ -232567,8 +242930,7 @@ type UrlMapsGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified UrlMap resource. Gets a list of available
-// URL maps by making a list() request.
+// Get: Returns the specified UrlMap resource.
 //
 // - project: Project ID for this request.
 // - urlMap: Name of the UrlMap resource to return.
@@ -232679,7 +243041,7 @@ func (c *UrlMapsGetCall) Do(opts ...googleapi.CallOption) (*UrlMap, error) {
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified UrlMap resource. Gets a list of available URL maps by making a list() request.",
+	//   "description": "Returns the specified UrlMap resource.",
 	//   "flatPath": "projects/{project}/global/urlMaps/{urlMap}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.urlMaps.get",
@@ -234497,8 +244859,7 @@ type VpnGatewaysGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified VPN gateway. Gets a list of available VPN
-// gateways by making a list() request.
+// Get: Returns the specified VPN gateway.
 //
 // - project: Project ID for this request.
 // - region: Name of the region for this request.
@@ -234612,7 +244973,7 @@ func (c *VpnGatewaysGetCall) Do(opts ...googleapi.CallOption) (*VpnGateway, erro
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified VPN gateway. Gets a list of available VPN gateways by making a list() request.",
+	//   "description": "Returns the specified VPN gateway.",
 	//   "flatPath": "projects/{project}/regions/{region}/vpnGateways/{vpnGateway}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.vpnGateways.get",
@@ -236144,8 +246505,7 @@ type VpnTunnelsGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified VpnTunnel resource. Gets a list of
-// available VPN tunnels by making a list() request.
+// Get: Returns the specified VpnTunnel resource.
 //
 // - project: Project ID for this request.
 // - region: Name of the region for this request.
@@ -236259,7 +246619,7 @@ func (c *VpnTunnelsGetCall) Do(opts ...googleapi.CallOption) (*VpnTunnel, error)
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified VpnTunnel resource. Gets a list of available VPN tunnels by making a list() request.",
+	//   "description": "Returns the specified VpnTunnel resource.",
 	//   "flatPath": "projects/{project}/regions/{region}/vpnTunnels/{vpnTunnel}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.vpnTunnels.get",
@@ -239200,8 +249560,7 @@ type ZonesGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified Zone resource. Gets a list of available
-// zones by making a list() request.
+// Get: Returns the specified Zone resource.
 //
 // - project: Project ID for this request.
 // - zone: Name of the zone resource to return.
@@ -239312,7 +249671,7 @@ func (c *ZonesGetCall) Do(opts ...googleapi.CallOption) (*Zone, error) {
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified Zone resource. Gets a list of available zones by making a list() request.",
+	//   "description": "Returns the specified Zone resource.",
 	//   "flatPath": "projects/{project}/zones/{zone}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.zones.get",
diff --git a/vendor/google.golang.org/api/compute/v0.beta/compute-api.json b/vendor/google.golang.org/api/compute/v0.beta/compute-api.json
index 89b8420da..e8a2fe1d3 100644
--- a/vendor/google.golang.org/api/compute/v0.beta/compute-api.json
+++ b/vendor/google.golang.org/api/compute/v0.beta/compute-api.json
@@ -550,6 +550,56 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
+        "move": {
+          "description": "Moves the specified address resource.",
+          "flatPath": "projects/{project}/regions/{region}/addresses/{address}/move",
+          "httpMethod": "POST",
+          "id": "compute.addresses.move",
+          "parameterOrder": [
+            "project",
+            "region",
+            "address"
+          ],
+          "parameters": {
+            "address": {
+              "description": "Name of the address resource to move.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Source project ID which the Address is moved from.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/addresses/{address}/move",
+          "request": {
+            "$ref": "RegionAddressesMoveRequest"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "setLabels": {
           "description": "Sets the labels on an Address. To learn more about labels, read the Labeling Resources documentation.",
           "flatPath": "projects/{project}/regions/{region}/addresses/{resource}/setLabels",
@@ -758,7 +808,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified autoscaler resource. Gets a list of available autoscalers by making a list() request.",
+          "description": "Returns the specified autoscaler resource.",
           "flatPath": "projects/{project}/zones/{zone}/autoscalers/{autoscaler}",
           "httpMethod": "GET",
           "id": "compute.autoscalers.get",
@@ -1177,7 +1227,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified BackendBucket resource. Gets a list of available backend buckets by making a list() request.",
+          "description": "Returns the specified BackendBucket resource.",
           "flatPath": "projects/{project}/global/backendBuckets/{backendBucket}",
           "httpMethod": "GET",
           "id": "compute.backendBuckets.get",
@@ -1731,7 +1781,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified BackendService resource. Gets a list of available backend services.",
+          "description": "Returns the specified BackendService resource.",
           "flatPath": "projects/{project}/global/backendServices/{backendService}",
           "httpMethod": "GET",
           "id": "compute.backendServices.get",
@@ -2238,7 +2288,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified disk type. Gets a list of available disk types by making a list() request.",
+          "description": "Returns the specified disk type.",
           "flatPath": "projects/{project}/zones/{zone}/diskTypes/{diskType}",
           "httpMethod": "GET",
           "id": "compute.diskTypes.get",
@@ -2457,29 +2507,16 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
-        "createSnapshot": {
-          "description": "Creates a snapshot of a specified persistent disk. For regular snapshot creation, consider using snapshots.insert instead, as that method supports more features, such as creating snapshots in a project different from the source disk project.",
-          "flatPath": "projects/{project}/zones/{zone}/disks/{disk}/createSnapshot",
+        "bulkInsert": {
+          "description": "Bulk create a set of disks.",
+          "flatPath": "projects/{project}/zones/{zone}/disks/bulkInsert",
           "httpMethod": "POST",
-          "id": "compute.disks.createSnapshot",
+          "id": "compute.disks.bulkInsert",
           "parameterOrder": [
             "project",
-            "zone",
-            "disk"
+            "zone"
           ],
           "parameters": {
-            "disk": {
-              "description": "Name of the persistent disk to snapshot.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-              "required": true,
-              "type": "string"
-            },
-            "guestFlush": {
-              "description": "[Input Only] Whether to attempt an application consistent snapshot by informing the OS to prepare for the snapshot process.",
-              "location": "query",
-              "type": "boolean"
-            },
             "project": {
               "description": "Project ID for this request.",
               "location": "path",
@@ -2500,56 +2537,10 @@
               "type": "string"
             }
           },
-          "path": "projects/{project}/zones/{zone}/disks/{disk}/createSnapshot",
+          "path": "projects/{project}/zones/{zone}/disks/bulkInsert",
           "request": {
-            "$ref": "Snapshot"
-          },
-          "response": {
-            "$ref": "Operation"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute"
-          ]
-        },
-        "delete": {
-          "description": "Deletes the specified persistent disk. Deleting a disk removes its data permanently and is irreversible. However, deleting a disk does not delete any snapshots previously made from the disk. You must separately delete snapshots.",
-          "flatPath": "projects/{project}/zones/{zone}/disks/{disk}",
-          "httpMethod": "DELETE",
-          "id": "compute.disks.delete",
-          "parameterOrder": [
-            "project",
-            "zone",
-            "disk"
-          ],
-          "parameters": {
-            "disk": {
-              "description": "Name of the persistent disk to delete.",
-              "location": "path",
-              "required": true,
-              "type": "string"
-            },
-            "project": {
-              "description": "Project ID for this request.",
-              "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-              "required": true,
-              "type": "string"
-            },
-            "requestId": {
-              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
-              "location": "query",
-              "type": "string"
-            },
-            "zone": {
-              "description": "The name of the zone for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            }
+            "$ref": "BulkInsertDiskResource"
           },
-          "path": "projects/{project}/zones/{zone}/disks/{disk}",
           "response": {
             "$ref": "Operation"
           },
@@ -2558,11 +2549,11 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "get": {
-          "description": "Returns a specified persistent disk. Gets a list of available persistent disks by making a list() request.",
-          "flatPath": "projects/{project}/zones/{zone}/disks/{disk}",
-          "httpMethod": "GET",
-          "id": "compute.disks.get",
+        "createSnapshot": {
+          "description": "Creates a snapshot of a specified persistent disk. For regular snapshot creation, consider using snapshots.insert instead, as that method supports more features, such as creating snapshots in a project different from the source disk project.",
+          "flatPath": "projects/{project}/zones/{zone}/disks/{disk}/createSnapshot",
+          "httpMethod": "POST",
+          "id": "compute.disks.createSnapshot",
           "parameterOrder": [
             "project",
             "zone",
@@ -2570,96 +2561,17 @@
           ],
           "parameters": {
             "disk": {
-              "description": "Name of the persistent disk to return.",
+              "description": "Name of the persistent disk to snapshot.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             },
-            "project": {
-              "description": "Project ID for this request.",
-              "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-              "required": true,
-              "type": "string"
-            },
-            "zone": {
-              "description": "The name of the zone for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "projects/{project}/zones/{zone}/disks/{disk}",
-          "response": {
-            "$ref": "Disk"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
-          ]
-        },
-        "getIamPolicy": {
-          "description": "Gets the access control policy for a resource. May be empty if no such policy or resource exists.",
-          "flatPath": "projects/{project}/zones/{zone}/disks/{resource}/getIamPolicy",
-          "httpMethod": "GET",
-          "id": "compute.disks.getIamPolicy",
-          "parameterOrder": [
-            "project",
-            "zone",
-            "resource"
-          ],
-          "parameters": {
-            "optionsRequestedPolicyVersion": {
-              "description": "Requested IAM Policy version.",
-              "format": "int32",
+            "guestFlush": {
+              "description": "[Input Only] Whether to attempt an application consistent snapshot by informing the OS to prepare for the snapshot process.",
               "location": "query",
-              "type": "integer"
+              "type": "boolean"
             },
-            "project": {
-              "description": "Project ID for this request.",
-              "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-              "required": true,
-              "type": "string"
-            },
-            "resource": {
-              "description": "Name or id of the resource for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-              "required": true,
-              "type": "string"
-            },
-            "zone": {
-              "description": "The name of the zone for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "projects/{project}/zones/{zone}/disks/{resource}/getIamPolicy",
-          "response": {
-            "$ref": "Policy"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
-          ]
-        },
-        "insert": {
-          "description": "Creates a persistent disk in the specified project using the data in the request. You can create a disk from a source (sourceImage, sourceSnapshot, or sourceDisk) or create an empty 500 GB data disk by omitting all properties. You can also create a disk that is larger than the default size by specifying the sizeGb property.",
-          "flatPath": "projects/{project}/zones/{zone}/disks",
-          "httpMethod": "POST",
-          "id": "compute.disks.insert",
-          "parameterOrder": [
-            "project",
-            "zone"
-          ],
-          "parameters": {
             "project": {
               "description": "Project ID for this request.",
               "location": "path",
@@ -2672,11 +2584,6 @@
               "location": "query",
               "type": "string"
             },
-            "sourceImage": {
-              "description": "Source image to restore onto a disk. This field is optional.",
-              "location": "query",
-              "type": "string"
-            },
             "zone": {
               "description": "The name of the zone for this request.",
               "location": "path",
@@ -2685,9 +2592,9 @@
               "type": "string"
             }
           },
-          "path": "projects/{project}/zones/{zone}/disks",
+          "path": "projects/{project}/zones/{zone}/disks/{disk}/createSnapshot",
           "request": {
-            "$ref": "Disk"
+            "$ref": "Snapshot"
           },
           "response": {
             "$ref": "Operation"
@@ -2697,74 +2604,11 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "list": {
-          "description": "Retrieves a list of persistent disks contained within the specified zone.",
-          "flatPath": "projects/{project}/zones/{zone}/disks",
-          "httpMethod": "GET",
-          "id": "compute.disks.list",
-          "parameterOrder": [
-            "project",
-            "zone"
-          ],
-          "parameters": {
-            "filter": {
-              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
-              "location": "query",
-              "type": "string"
-            },
-            "maxResults": {
-              "default": "500",
-              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
-              "format": "uint32",
-              "location": "query",
-              "minimum": "0",
-              "type": "integer"
-            },
-            "orderBy": {
-              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
-              "location": "query",
-              "type": "string"
-            },
-            "pageToken": {
-              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
-              "location": "query",
-              "type": "string"
-            },
-            "project": {
-              "description": "Project ID for this request.",
-              "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-              "required": true,
-              "type": "string"
-            },
-            "returnPartialSuccess": {
-              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
-              "location": "query",
-              "type": "boolean"
-            },
-            "zone": {
-              "description": "The name of the zone for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "projects/{project}/zones/{zone}/disks",
-          "response": {
-            "$ref": "DiskList"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
-          ]
-        },
-        "removeResourcePolicies": {
-          "description": "Removes resource policies from a disk.",
-          "flatPath": "projects/{project}/zones/{zone}/disks/{disk}/removeResourcePolicies",
-          "httpMethod": "POST",
-          "id": "compute.disks.removeResourcePolicies",
+        "delete": {
+          "description": "Deletes the specified persistent disk. Deleting a disk removes its data permanently and is irreversible. However, deleting a disk does not delete any snapshots previously made from the disk. You must separately delete snapshots.",
+          "flatPath": "projects/{project}/zones/{zone}/disks/{disk}",
+          "httpMethod": "DELETE",
+          "id": "compute.disks.delete",
           "parameterOrder": [
             "project",
             "zone",
@@ -2772,9 +2616,257 @@
           ],
           "parameters": {
             "disk": {
-              "description": "The disk name for this request.",
+              "description": "Name of the persistent disk to delete.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "zone": {
+              "description": "The name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/disks/{disk}",
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "get": {
+          "description": "Returns the specified persistent disk.",
+          "flatPath": "projects/{project}/zones/{zone}/disks/{disk}",
+          "httpMethod": "GET",
+          "id": "compute.disks.get",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "disk"
+          ],
+          "parameters": {
+            "disk": {
+              "description": "Name of the persistent disk to return.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "zone": {
+              "description": "The name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/disks/{disk}",
+          "response": {
+            "$ref": "Disk"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "getIamPolicy": {
+          "description": "Gets the access control policy for a resource. May be empty if no such policy or resource exists.",
+          "flatPath": "projects/{project}/zones/{zone}/disks/{resource}/getIamPolicy",
+          "httpMethod": "GET",
+          "id": "compute.disks.getIamPolicy",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "resource"
+          ],
+          "parameters": {
+            "optionsRequestedPolicyVersion": {
+              "description": "Requested IAM Policy version.",
+              "format": "int32",
+              "location": "query",
+              "type": "integer"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "resource": {
+              "description": "Name or id of the resource for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "zone": {
+              "description": "The name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/disks/{resource}/getIamPolicy",
+          "response": {
+            "$ref": "Policy"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "insert": {
+          "description": "Creates a persistent disk in the specified project using the data in the request. You can create a disk from a source (sourceImage, sourceSnapshot, or sourceDisk) or create an empty 500 GB data disk by omitting all properties. You can also create a disk that is larger than the default size by specifying the sizeGb property.",
+          "flatPath": "projects/{project}/zones/{zone}/disks",
+          "httpMethod": "POST",
+          "id": "compute.disks.insert",
+          "parameterOrder": [
+            "project",
+            "zone"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "sourceImage": {
+              "description": "Source image to restore onto a disk. This field is optional.",
+              "location": "query",
+              "type": "string"
+            },
+            "zone": {
+              "description": "The name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/disks",
+          "request": {
+            "$ref": "Disk"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "list": {
+          "description": "Retrieves a list of persistent disks contained within the specified zone.",
+          "flatPath": "projects/{project}/zones/{zone}/disks",
+          "httpMethod": "GET",
+          "id": "compute.disks.list",
+          "parameterOrder": [
+            "project",
+            "zone"
+          ],
+          "parameters": {
+            "filter": {
+              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+              "location": "query",
+              "type": "string"
+            },
+            "maxResults": {
+              "default": "500",
+              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+              "format": "uint32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "orderBy": {
+              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+              "location": "query",
+              "type": "string"
+            },
+            "pageToken": {
+              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+              "location": "query",
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "returnPartialSuccess": {
+              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+              "location": "query",
+              "type": "boolean"
+            },
+            "zone": {
+              "description": "The name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/disks",
+          "response": {
+            "$ref": "DiskList"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "removeResourcePolicies": {
+          "description": "Removes resource policies from a disk.",
+          "flatPath": "projects/{project}/zones/{zone}/disks/{disk}/removeResourcePolicies",
+          "httpMethod": "POST",
+          "id": "compute.disks.removeResourcePolicies",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "disk"
+          ],
+          "parameters": {
+            "disk": {
+              "description": "The disk name for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             },
@@ -2955,6 +3047,145 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
+        "startAsyncReplication": {
+          "description": "Starts asynchronous replication. Must be invoked on the primary disk.",
+          "flatPath": "projects/{project}/zones/{zone}/disks/{disk}/startAsyncReplication",
+          "httpMethod": "POST",
+          "id": "compute.disks.startAsyncReplication",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "disk"
+          ],
+          "parameters": {
+            "disk": {
+              "description": "The name of the persistent disk.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "zone": {
+              "description": "The name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/disks/{disk}/startAsyncReplication",
+          "request": {
+            "$ref": "DisksStartAsyncReplicationRequest"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "stopAsyncReplication": {
+          "description": "Stops asynchronous replication. Can be invoked either on the primary or on the secondary disk.",
+          "flatPath": "projects/{project}/zones/{zone}/disks/{disk}/stopAsyncReplication",
+          "httpMethod": "POST",
+          "id": "compute.disks.stopAsyncReplication",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "disk"
+          ],
+          "parameters": {
+            "disk": {
+              "description": "The name of the persistent disk.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "zone": {
+              "description": "The name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/disks/{disk}/stopAsyncReplication",
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "stopGroupAsyncReplication": {
+          "description": "Stops asynchronous replication for a consistency group of disks. Can be invoked either in the primary or secondary scope.",
+          "flatPath": "projects/{project}/zones/{zone}/disks/stopGroupAsyncReplication",
+          "httpMethod": "POST",
+          "id": "compute.disks.stopGroupAsyncReplication",
+          "parameterOrder": [
+            "project",
+            "zone"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "zone": {
+              "description": "The name of the zone for this request. This must be the zone of the primary or secondary disks in the consistency group.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/disks/stopGroupAsyncReplication",
+          "request": {
+            "$ref": "DisksStopGroupAsyncReplicationResource"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "testIamPermissions": {
           "description": "Returns permissions that a caller has on the specified resource.",
           "flatPath": "projects/{project}/zones/{zone}/disks/{resource}/testIamPermissions",
@@ -3632,7 +3863,7 @@
               "type": "string"
             },
             "parentId": {
-              "description": "Parent ID for this request.",
+              "description": "Parent ID for this request. The ID can be either be \"folders/[FOLDER_ID]\" if the parent is a folder or \"organizations/[ORGANIZATION_ID]\" if the parent is an organization.",
               "location": "query",
               "type": "string"
             },
@@ -3691,7 +3922,7 @@
               "type": "string"
             },
             "parentId": {
-              "description": "The new parent of the firewall policy.",
+              "description": "The new parent of the firewall policy. The ID can be either be \"folders/[FOLDER_ID]\" if the parent is a folder or \"organizations/[ORGANIZATION_ID]\" if the parent is an organization.",
               "location": "query",
               "type": "string"
             },
@@ -4704,7 +4935,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified address resource. Gets a list of available addresses by making a list() request.",
+          "description": "Returns the specified address resource.",
           "flatPath": "projects/{project}/global/addresses/{address}",
           "httpMethod": "GET",
           "id": "compute.globalAddresses.get",
@@ -4827,6 +5058,48 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
+        "move": {
+          "description": "Moves the specified address resource from one project to another project.",
+          "flatPath": "projects/{project}/global/addresses/{address}/move",
+          "httpMethod": "POST",
+          "id": "compute.globalAddresses.move",
+          "parameterOrder": [
+            "project",
+            "address"
+          ],
+          "parameters": {
+            "address": {
+              "description": "Name of the address resource to move.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Source project ID which the Address is moved from.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/global/addresses/{address}/move",
+          "request": {
+            "$ref": "GlobalAddressesMoveRequest"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "setLabels": {
           "description": "Sets the labels on a GlobalAddress. To learn more about labels, read the Labeling Resources documentation.",
           "flatPath": "projects/{project}/global/addresses/{resource}/setLabels",
@@ -5353,7 +5626,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified network endpoint group. Gets a list of available network endpoint groups by making a list() request.",
+          "description": "Returns the specified network endpoint group.",
           "flatPath": "projects/{project}/global/networkEndpointGroups/{networkEndpointGroup}",
           "httpMethod": "GET",
           "id": "compute.globalNetworkEndpointGroups.get",
@@ -6184,7 +6457,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified HealthCheck resource. Gets a list of available health checks by making a list() request.",
+          "description": "Returns the specified HealthCheck resource.",
           "flatPath": "projects/{project}/global/healthChecks/{healthCheck}",
           "httpMethod": "GET",
           "id": "compute.healthChecks.get",
@@ -6473,7 +6746,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified HttpHealthCheck resource. Gets a list of available HTTP health checks by making a list() request.",
+          "description": "Returns the specified HttpHealthCheck resource.",
           "flatPath": "projects/{project}/global/httpHealthChecks/{httpHealthCheck}",
           "httpMethod": "GET",
           "id": "compute.httpHealthChecks.get",
@@ -6762,7 +7035,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified HttpsHealthCheck resource. Gets a list of available HTTPS health checks by making a list() request.",
+          "description": "Returns the specified HttpsHealthCheck resource.",
           "flatPath": "projects/{project}/global/httpsHealthChecks/{httpsHealthCheck}",
           "httpMethod": "GET",
           "id": "compute.httpsHealthChecks.get",
@@ -7140,7 +7413,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified image. Gets a list of available images by making a list() request.",
+          "description": "Returns the specified image.",
           "flatPath": "projects/{project}/global/images/{image}",
           "httpMethod": "GET",
           "id": "compute.images.get",
@@ -7503,6 +7776,227 @@
         }
       }
     },
+    "instanceGroupManagerResizeRequests": {
+      "methods": {
+        "delete": {
+          "description": "Deletes the specified, inactive resize request. Requests that are still active cannot be deleted. Deleting request does not delete instances that were provisioned previously.",
+          "flatPath": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests/{resizeRequest}",
+          "httpMethod": "DELETE",
+          "id": "compute.instanceGroupManagerResizeRequests.delete",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "instanceGroupManager",
+            "resizeRequest"
+          ],
+          "parameters": {
+            "instanceGroupManager": {
+              "description": "The name of the managed instance group. The name should conform to RFC1035 or be a resource ID.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "resizeRequest": {
+              "description": "The name of the resize request to delete. The name should conform to RFC1035 or be a resource ID.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "zone": {
+              "description": "The name of the zone where the managed instance group is located. The name should conform to RFC1035.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests/{resizeRequest}",
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "get": {
+          "description": "Returns all of the details about the specified resize request.",
+          "flatPath": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests/{resizeRequest}",
+          "httpMethod": "GET",
+          "id": "compute.instanceGroupManagerResizeRequests.get",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "instanceGroupManager",
+            "resizeRequest"
+          ],
+          "parameters": {
+            "instanceGroupManager": {
+              "description": "The name of the managed instance group. Name should conform to RFC1035 or be a resource ID.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "resizeRequest": {
+              "description": "The name of the resize request. Name should conform to RFC1035 or be a resource ID.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "zone": {
+              "description": "Name of the href=\"/compute/docs/regions-zones/#available\"\u003ezone scoping this request. Name should conform to RFC1035.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests/{resizeRequest}",
+          "response": {
+            "$ref": "InstanceGroupManagerResizeRequest"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "insert": {
+          "description": "Creates a new resize request that starts provisioning VMs immediately or queues VM creation.",
+          "flatPath": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests",
+          "httpMethod": "POST",
+          "id": "compute.instanceGroupManagerResizeRequests.insert",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "instanceGroupManager"
+          ],
+          "parameters": {
+            "instanceGroupManager": {
+              "description": "The name of the managed instance group to which the resize request will be added. Name should conform to RFC1035 or be a resource ID.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "zone": {
+              "description": "The name of the zone where the managed instance group is located and where the resize request will be created. Name should conform to RFC1035.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests",
+          "request": {
+            "$ref": "InstanceGroupManagerResizeRequest"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "list": {
+          "description": "Retrieves a list of resize requests that are contained in the managed instance group.",
+          "flatPath": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests",
+          "httpMethod": "GET",
+          "id": "compute.instanceGroupManagerResizeRequests.list",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "instanceGroupManager"
+          ],
+          "parameters": {
+            "filter": {
+              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+              "location": "query",
+              "type": "string"
+            },
+            "instanceGroupManager": {
+              "description": "The name of the managed instance group. The name should conform to RFC1035.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "maxResults": {
+              "default": "500",
+              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+              "format": "uint32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "orderBy": {
+              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+              "location": "query",
+              "type": "string"
+            },
+            "pageToken": {
+              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+              "location": "query",
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "returnPartialSuccess": {
+              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+              "location": "query",
+              "type": "boolean"
+            },
+            "zone": {
+              "description": "The name of the zone where the managed instance group is located. The name should conform to RFC1035.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/resizeRequests",
+          "response": {
+            "$ref": "InstanceGroupManagerResizeRequestsListResponse"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        }
+      }
+    },
     "instanceGroupManagers": {
       "methods": {
         "abandonInstances": {
@@ -7841,7 +8335,7 @@
           ]
         },
         "get": {
-          "description": "Returns all of the details about the specified managed instance group. Gets a list of available managed instance groups by making a list() request.",
+          "description": "Returns all of the details about the specified managed instance group.",
           "flatPath": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}",
           "httpMethod": "GET",
           "id": "compute.instanceGroupManagers.get",
@@ -8437,6 +8931,7 @@
           ]
         },
         "setAutoHealingPolicies": {
+          "deprecated": true,
           "description": "Motifies the autohealing policy for the instances in this managed instance group. [Deprecated] This method is deprecated. Use instanceGroupManagers.patch instead.",
           "flatPath": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}/setAutoHealingPolicies",
           "httpMethod": "POST",
@@ -9341,7 +9836,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified instance template. Gets a list of available instance templates by making a list() request.",
+          "description": "Returns the specified instance template.",
           "flatPath": "projects/{project}/global/instanceTemplates/{instanceTemplate}",
           "httpMethod": "GET",
           "id": "compute.instanceTemplates.get",
@@ -10011,7 +10506,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified Instance resource. Gets a list of available instances by making a list() request.",
+          "description": "Returns the specified Instance resource.",
           "flatPath": "projects/{project}/zones/{zone}/instances/{instance}",
           "httpMethod": "GET",
           "id": "compute.instances.get",
@@ -11274,11 +11769,11 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "setServiceAccount": {
-          "description": "Sets the service account on the instance. For more information, read Changing the service account and access scopes for an instance.",
-          "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/setServiceAccount",
+        "setSecurityPolicy": {
+          "description": "Sets the Google Cloud Armor security policy for the specified instance. For more information, see Google Cloud Armor Overview",
+          "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/setSecurityPolicy",
           "httpMethod": "POST",
-          "id": "compute.instances.setServiceAccount",
+          "id": "compute.instances.setSecurityPolicy",
           "parameterOrder": [
             "project",
             "zone",
@@ -11286,9 +11781,8 @@
           ],
           "parameters": {
             "instance": {
-              "description": "Name of the instance resource to start.",
+              "description": "Name of the Instance resource to which the security policy should be set. The name should conform to RFC1035.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             },
@@ -11305,16 +11799,16 @@
               "type": "string"
             },
             "zone": {
-              "description": "The name of the zone for this request.",
+              "description": "Name of the zone scoping this request.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/zones/{zone}/instances/{instance}/setServiceAccount",
+          "path": "projects/{project}/zones/{zone}/instances/{instance}/setSecurityPolicy",
           "request": {
-            "$ref": "InstancesSetServiceAccountRequest"
+            "$ref": "InstancesSetSecurityPolicyRequest"
           },
           "response": {
             "$ref": "Operation"
@@ -11324,11 +11818,11 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "setShieldedInstanceIntegrityPolicy": {
-          "description": "Sets the Shielded Instance integrity policy for an instance. You can only use this method on a running instance. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.",
-          "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/setShieldedInstanceIntegrityPolicy",
-          "httpMethod": "PATCH",
-          "id": "compute.instances.setShieldedInstanceIntegrityPolicy",
+        "setServiceAccount": {
+          "description": "Sets the service account on the instance. For more information, read Changing the service account and access scopes for an instance.",
+          "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/setServiceAccount",
+          "httpMethod": "POST",
+          "id": "compute.instances.setServiceAccount",
           "parameterOrder": [
             "project",
             "zone",
@@ -11336,7 +11830,7 @@
           ],
           "parameters": {
             "instance": {
-              "description": "Name or id of the instance scoping this request.",
+              "description": "Name of the instance resource to start.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
@@ -11362,9 +11856,9 @@
               "type": "string"
             }
           },
-          "path": "projects/{project}/zones/{zone}/instances/{instance}/setShieldedInstanceIntegrityPolicy",
+          "path": "projects/{project}/zones/{zone}/instances/{instance}/setServiceAccount",
           "request": {
-            "$ref": "ShieldedInstanceIntegrityPolicy"
+            "$ref": "InstancesSetServiceAccountRequest"
           },
           "response": {
             "$ref": "Operation"
@@ -11374,11 +11868,11 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "setShieldedVmIntegrityPolicy": {
-          "description": "Sets the Shielded VM integrity policy for a VM instance. You can only use this method on a running VM instance. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.",
-          "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/setShieldedVmIntegrityPolicy",
+        "setShieldedInstanceIntegrityPolicy": {
+          "description": "Sets the Shielded Instance integrity policy for an instance. You can only use this method on a running instance. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.",
+          "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/setShieldedInstanceIntegrityPolicy",
           "httpMethod": "PATCH",
-          "id": "compute.instances.setShieldedVmIntegrityPolicy",
+          "id": "compute.instances.setShieldedInstanceIntegrityPolicy",
           "parameterOrder": [
             "project",
             "zone",
@@ -11386,7 +11880,57 @@
           ],
           "parameters": {
             "instance": {
-              "description": "Name of the instance scoping this request.",
+              "description": "Name or id of the instance scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "zone": {
+              "description": "The name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/instances/{instance}/setShieldedInstanceIntegrityPolicy",
+          "request": {
+            "$ref": "ShieldedInstanceIntegrityPolicy"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "setShieldedVmIntegrityPolicy": {
+          "description": "Sets the Shielded VM integrity policy for a VM instance. You can only use this method on a running VM instance. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.",
+          "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/setShieldedVmIntegrityPolicy",
+          "httpMethod": "PATCH",
+          "id": "compute.instances.setShieldedVmIntegrityPolicy",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "instance"
+          ],
+          "parameters": {
+            "instance": {
+              "description": "Name of the instance scoping this request.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
@@ -11499,6 +12043,11 @@
               "required": true,
               "type": "string"
             },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
             "zone": {
               "description": "The name of the zone for this request.",
               "location": "path",
@@ -12113,13 +12662,13 @@
         }
       }
     },
-    "interconnectAttachments": {
+    "instantSnapshots": {
       "methods": {
         "aggregatedList": {
-          "description": "Retrieves an aggregated list of interconnect attachments.",
-          "flatPath": "projects/{project}/aggregated/interconnectAttachments",
+          "description": "Retrieves an aggregated list of instantSnapshots.",
+          "flatPath": "projects/{project}/aggregated/instantSnapshots",
           "httpMethod": "GET",
-          "id": "compute.interconnectAttachments.aggregatedList",
+          "id": "compute.instantSnapshots.aggregatedList",
           "parameterOrder": [
             "project"
           ],
@@ -12165,9 +12714,9 @@
               "type": "boolean"
             }
           },
-          "path": "projects/{project}/aggregated/interconnectAttachments",
+          "path": "projects/{project}/aggregated/instantSnapshots",
           "response": {
-            "$ref": "InterconnectAttachmentAggregatedList"
+            "$ref": "InstantSnapshotAggregatedList"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -12176,18 +12725,18 @@
           ]
         },
         "delete": {
-          "description": "Deletes the specified interconnect attachment.",
-          "flatPath": "projects/{project}/regions/{region}/interconnectAttachments/{interconnectAttachment}",
+          "description": "Deletes the specified InstantSnapshot resource. Keep in mind that deleting a single instantSnapshot might not necessarily delete all the data on that instantSnapshot. If any data on the instantSnapshot that is marked for deletion is needed for subsequent instantSnapshots, the data will be moved to the next corresponding instantSnapshot. For more information, see Deleting instantSnapshots.",
+          "flatPath": "projects/{project}/zones/{zone}/instantSnapshots/{instantSnapshot}",
           "httpMethod": "DELETE",
-          "id": "compute.interconnectAttachments.delete",
+          "id": "compute.instantSnapshots.delete",
           "parameterOrder": [
             "project",
-            "region",
-            "interconnectAttachment"
+            "zone",
+            "instantSnapshot"
           ],
           "parameters": {
-            "interconnectAttachment": {
-              "description": "Name of the interconnect attachment to delete.",
+            "instantSnapshot": {
+              "description": "Name of the InstantSnapshot resource to delete.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
@@ -12200,20 +12749,20 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
             "requestId": {
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
+            },
+            "zone": {
+              "description": "The name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/interconnectAttachments/{interconnectAttachment}",
+          "path": "projects/{project}/zones/{zone}/instantSnapshots/{instantSnapshot}",
           "response": {
             "$ref": "Operation"
           },
@@ -12223,18 +12772,18 @@
           ]
         },
         "get": {
-          "description": "Returns the specified interconnect attachment.",
-          "flatPath": "projects/{project}/regions/{region}/interconnectAttachments/{interconnectAttachment}",
+          "description": "Returns the specified InstantSnapshot resource in the specified zone.",
+          "flatPath": "projects/{project}/zones/{zone}/instantSnapshots/{instantSnapshot}",
           "httpMethod": "GET",
-          "id": "compute.interconnectAttachments.get",
+          "id": "compute.instantSnapshots.get",
           "parameterOrder": [
             "project",
-            "region",
-            "interconnectAttachment"
+            "zone",
+            "instantSnapshot"
           ],
           "parameters": {
-            "interconnectAttachment": {
-              "description": "Name of the interconnect attachment to return.",
+            "instantSnapshot": {
+              "description": "Name of the InstantSnapshot resource to return.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
@@ -12247,17 +12796,17 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region for this request.",
+            "zone": {
+              "description": "The name of the zone for this request.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/interconnectAttachments/{interconnectAttachment}",
+          "path": "projects/{project}/zones/{zone}/instantSnapshots/{instantSnapshot}",
           "response": {
-            "$ref": "InterconnectAttachment"
+            "$ref": "InstantSnapshot"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -12265,16 +12814,23 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
-        "insert": {
-          "description": "Creates an InterconnectAttachment in the specified project using the data included in the request.",
-          "flatPath": "projects/{project}/regions/{region}/interconnectAttachments",
-          "httpMethod": "POST",
-          "id": "compute.interconnectAttachments.insert",
+        "getIamPolicy": {
+          "description": "Gets the access control policy for a resource. May be empty if no such policy or resource exists.",
+          "flatPath": "projects/{project}/zones/{zone}/instantSnapshots/{resource}/getIamPolicy",
+          "httpMethod": "GET",
+          "id": "compute.instantSnapshots.getIamPolicy",
           "parameterOrder": [
             "project",
-            "region"
+            "zone",
+            "resource"
           ],
           "parameters": {
+            "optionsRequestedPolicyVersion": {
+              "description": "Requested IAM Policy version.",
+              "format": "int32",
+              "location": "query",
+              "type": "integer"
+            },
             "project": {
               "description": "Project ID for this request.",
               "location": "path",
@@ -12282,27 +12838,64 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region for this request.",
+            "resource": {
+              "description": "Name or id of the resource for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "zone": {
+              "description": "The name of the zone for this request.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
               "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/instantSnapshots/{resource}/getIamPolicy",
+          "response": {
+            "$ref": "Policy"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "insert": {
+          "description": "Creates an instant snapshot in the specified zone.",
+          "flatPath": "projects/{project}/zones/{zone}/instantSnapshots",
+          "httpMethod": "POST",
+          "id": "compute.instantSnapshots.insert",
+          "parameterOrder": [
+            "project",
+            "zone"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
             },
             "requestId": {
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
             },
-            "validateOnly": {
-              "description": "If true, the request will not be committed.",
-              "location": "query",
-              "type": "boolean"
+            "zone": {
+              "description": "Name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/interconnectAttachments",
+          "path": "projects/{project}/zones/{zone}/instantSnapshots",
           "request": {
-            "$ref": "InterconnectAttachment"
+            "$ref": "InstantSnapshot"
           },
           "response": {
             "$ref": "Operation"
@@ -12313,13 +12906,13 @@
           ]
         },
         "list": {
-          "description": "Retrieves the list of interconnect attachments contained within the specified region.",
-          "flatPath": "projects/{project}/regions/{region}/interconnectAttachments",
+          "description": "Retrieves the list of InstantSnapshot resources contained within the specified zone.",
+          "flatPath": "projects/{project}/zones/{zone}/instantSnapshots",
           "httpMethod": "GET",
-          "id": "compute.interconnectAttachments.list",
+          "id": "compute.instantSnapshots.list",
           "parameterOrder": [
             "project",
-            "region"
+            "zone"
           ],
           "parameters": {
             "filter": {
@@ -12352,22 +12945,22 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
             "returnPartialSuccess": {
               "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
               "location": "query",
               "type": "boolean"
+            },
+            "zone": {
+              "description": "The name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/interconnectAttachments",
+          "path": "projects/{project}/zones/{zone}/instantSnapshots",
           "response": {
-            "$ref": "InterconnectAttachmentList"
+            "$ref": "InstantSnapshotList"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -12375,24 +12968,17 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
-        "patch": {
-          "description": "Updates the specified interconnect attachment with the data included in the request. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.",
-          "flatPath": "projects/{project}/regions/{region}/interconnectAttachments/{interconnectAttachment}",
-          "httpMethod": "PATCH",
-          "id": "compute.interconnectAttachments.patch",
+        "setIamPolicy": {
+          "description": "Sets the access control policy on the specified resource. Replaces any existing policy.",
+          "flatPath": "projects/{project}/zones/{zone}/instantSnapshots/{resource}/setIamPolicy",
+          "httpMethod": "POST",
+          "id": "compute.instantSnapshots.setIamPolicy",
           "parameterOrder": [
             "project",
-            "region",
-            "interconnectAttachment"
+            "zone",
+            "resource"
           ],
           "parameters": {
-            "interconnectAttachment": {
-              "description": "Name of the interconnect attachment to patch.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-              "required": true,
-              "type": "string"
-            },
             "project": {
               "description": "Project ID for this request.",
               "location": "path",
@@ -12400,25 +12986,27 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "Name of the region scoping this request.",
+            "resource": {
+              "description": "Name or id of the resource for this request.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             },
-            "requestId": {
-              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
-              "location": "query",
+            "zone": {
+              "description": "The name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/interconnectAttachments/{interconnectAttachment}",
+          "path": "projects/{project}/zones/{zone}/instantSnapshots/{resource}/setIamPolicy",
           "request": {
-            "$ref": "InterconnectAttachment"
+            "$ref": "ZoneSetPolicyRequest"
           },
           "response": {
-            "$ref": "Operation"
+            "$ref": "Policy"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
@@ -12426,13 +13014,13 @@
           ]
         },
         "setLabels": {
-          "description": "Sets the labels on an InterconnectAttachment. To learn more about labels, read the Labeling Resources documentation.",
-          "flatPath": "projects/{project}/regions/{region}/interconnectAttachments/{resource}/setLabels",
+          "description": "Sets the labels on a instantSnapshot in the given zone. To learn more about labels, read the Labeling Resources documentation.",
+          "flatPath": "projects/{project}/zones/{zone}/instantSnapshots/{resource}/setLabels",
           "httpMethod": "POST",
-          "id": "compute.interconnectAttachments.setLabels",
+          "id": "compute.instantSnapshots.setLabels",
           "parameterOrder": [
             "project",
-            "region",
+            "zone",
             "resource"
           ],
           "parameters": {
@@ -12443,13 +13031,6 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "The region for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
             "requestId": {
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
@@ -12461,11 +13042,18 @@
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
+            },
+            "zone": {
+              "description": "The name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/interconnectAttachments/{resource}/setLabels",
+          "path": "projects/{project}/zones/{zone}/instantSnapshots/{resource}/setLabels",
           "request": {
-            "$ref": "RegionSetLabelsRequest"
+            "$ref": "ZoneSetLabelsRequest"
           },
           "response": {
             "$ref": "Operation"
@@ -12477,12 +13065,12 @@
         },
         "testIamPermissions": {
           "description": "Returns permissions that a caller has on the specified resource.",
-          "flatPath": "projects/{project}/regions/{region}/interconnectAttachments/{resource}/testIamPermissions",
+          "flatPath": "projects/{project}/zones/{zone}/instantSnapshots/{resource}/testIamPermissions",
           "httpMethod": "POST",
-          "id": "compute.interconnectAttachments.testIamPermissions",
+          "id": "compute.instantSnapshots.testIamPermissions",
           "parameterOrder": [
             "project",
-            "region",
+            "zone",
             "resource"
           ],
           "parameters": {
@@ -12493,22 +13081,22 @@
               "required": true,
               "type": "string"
             },
-            "region": {
-              "description": "The name of the region for this request.",
+            "resource": {
+              "description": "Name or id of the resource for this request.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             },
-            "resource": {
-              "description": "Name or id of the resource for this request.",
+            "zone": {
+              "description": "The name of the zone for this request.",
               "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/interconnectAttachments/{resource}/testIamPermissions",
+          "path": "projects/{project}/zones/{zone}/instantSnapshots/{resource}/testIamPermissions",
           "request": {
             "$ref": "TestPermissionsRequest"
           },
@@ -12523,48 +13111,458 @@
         }
       }
     },
-    "interconnectLocations": {
+    "interconnectAttachments": {
       "methods": {
-        "get": {
-          "description": "Returns the details for the specified interconnect location. Gets a list of available interconnect locations by making a list() request.",
-          "flatPath": "projects/{project}/global/interconnectLocations/{interconnectLocation}",
-          "httpMethod": "GET",
-          "id": "compute.interconnectLocations.get",
-          "parameterOrder": [
-            "project",
-            "interconnectLocation"
-          ],
-          "parameters": {
-            "interconnectLocation": {
-              "description": "Name of the interconnect location to return.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-              "required": true,
-              "type": "string"
-            },
-            "project": {
-              "description": "Project ID for this request.",
-              "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "projects/{project}/global/interconnectLocations/{interconnectLocation}",
-          "response": {
-            "$ref": "InterconnectLocation"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
-          ]
-        },
-        "list": {
-          "description": "Retrieves the list of interconnect locations available to the specified project.",
-          "flatPath": "projects/{project}/global/interconnectLocations",
+        "aggregatedList": {
+          "description": "Retrieves an aggregated list of interconnect attachments.",
+          "flatPath": "projects/{project}/aggregated/interconnectAttachments",
           "httpMethod": "GET",
-          "id": "compute.interconnectLocations.list",
+          "id": "compute.interconnectAttachments.aggregatedList",
+          "parameterOrder": [
+            "project"
+          ],
+          "parameters": {
+            "filter": {
+              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+              "location": "query",
+              "type": "string"
+            },
+            "includeAllScopes": {
+              "description": "Indicates whether every visible scope for each scope type (zone, region, global) should be included in the response. For new resource types added after this field, the flag has no effect as new resource types will always include every visible scope for each scope type in response. For resource types which predate this field, if this flag is omitted or false, only scopes of the scope types where the resource type is expected to be found will be included.",
+              "location": "query",
+              "type": "boolean"
+            },
+            "maxResults": {
+              "default": "500",
+              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+              "format": "uint32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "orderBy": {
+              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+              "location": "query",
+              "type": "string"
+            },
+            "pageToken": {
+              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+              "location": "query",
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "returnPartialSuccess": {
+              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+              "location": "query",
+              "type": "boolean"
+            }
+          },
+          "path": "projects/{project}/aggregated/interconnectAttachments",
+          "response": {
+            "$ref": "InterconnectAttachmentAggregatedList"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "delete": {
+          "description": "Deletes the specified interconnect attachment.",
+          "flatPath": "projects/{project}/regions/{region}/interconnectAttachments/{interconnectAttachment}",
+          "httpMethod": "DELETE",
+          "id": "compute.interconnectAttachments.delete",
+          "parameterOrder": [
+            "project",
+            "region",
+            "interconnectAttachment"
+          ],
+          "parameters": {
+            "interconnectAttachment": {
+              "description": "Name of the interconnect attachment to delete.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/interconnectAttachments/{interconnectAttachment}",
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "get": {
+          "description": "Returns the specified interconnect attachment.",
+          "flatPath": "projects/{project}/regions/{region}/interconnectAttachments/{interconnectAttachment}",
+          "httpMethod": "GET",
+          "id": "compute.interconnectAttachments.get",
+          "parameterOrder": [
+            "project",
+            "region",
+            "interconnectAttachment"
+          ],
+          "parameters": {
+            "interconnectAttachment": {
+              "description": "Name of the interconnect attachment to return.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/interconnectAttachments/{interconnectAttachment}",
+          "response": {
+            "$ref": "InterconnectAttachment"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "insert": {
+          "description": "Creates an InterconnectAttachment in the specified project using the data included in the request.",
+          "flatPath": "projects/{project}/regions/{region}/interconnectAttachments",
+          "httpMethod": "POST",
+          "id": "compute.interconnectAttachments.insert",
+          "parameterOrder": [
+            "project",
+            "region"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "validateOnly": {
+              "description": "If true, the request will not be committed.",
+              "location": "query",
+              "type": "boolean"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/interconnectAttachments",
+          "request": {
+            "$ref": "InterconnectAttachment"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "list": {
+          "description": "Retrieves the list of interconnect attachments contained within the specified region.",
+          "flatPath": "projects/{project}/regions/{region}/interconnectAttachments",
+          "httpMethod": "GET",
+          "id": "compute.interconnectAttachments.list",
+          "parameterOrder": [
+            "project",
+            "region"
+          ],
+          "parameters": {
+            "filter": {
+              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+              "location": "query",
+              "type": "string"
+            },
+            "maxResults": {
+              "default": "500",
+              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+              "format": "uint32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "orderBy": {
+              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+              "location": "query",
+              "type": "string"
+            },
+            "pageToken": {
+              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+              "location": "query",
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "returnPartialSuccess": {
+              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+              "location": "query",
+              "type": "boolean"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/interconnectAttachments",
+          "response": {
+            "$ref": "InterconnectAttachmentList"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "patch": {
+          "description": "Updates the specified interconnect attachment with the data included in the request. This method supports PATCH semantics and uses the JSON merge patch format and processing rules.",
+          "flatPath": "projects/{project}/regions/{region}/interconnectAttachments/{interconnectAttachment}",
+          "httpMethod": "PATCH",
+          "id": "compute.interconnectAttachments.patch",
+          "parameterOrder": [
+            "project",
+            "region",
+            "interconnectAttachment"
+          ],
+          "parameters": {
+            "interconnectAttachment": {
+              "description": "Name of the interconnect attachment to patch.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/interconnectAttachments/{interconnectAttachment}",
+          "request": {
+            "$ref": "InterconnectAttachment"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "setLabels": {
+          "description": "Sets the labels on an InterconnectAttachment. To learn more about labels, read the Labeling Resources documentation.",
+          "flatPath": "projects/{project}/regions/{region}/interconnectAttachments/{resource}/setLabels",
+          "httpMethod": "POST",
+          "id": "compute.interconnectAttachments.setLabels",
+          "parameterOrder": [
+            "project",
+            "region",
+            "resource"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "The region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "resource": {
+              "description": "Name or id of the resource for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/interconnectAttachments/{resource}/setLabels",
+          "request": {
+            "$ref": "RegionSetLabelsRequest"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "testIamPermissions": {
+          "description": "Returns permissions that a caller has on the specified resource.",
+          "flatPath": "projects/{project}/regions/{region}/interconnectAttachments/{resource}/testIamPermissions",
+          "httpMethod": "POST",
+          "id": "compute.interconnectAttachments.testIamPermissions",
+          "parameterOrder": [
+            "project",
+            "region",
+            "resource"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "The name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "resource": {
+              "description": "Name or id of the resource for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/interconnectAttachments/{resource}/testIamPermissions",
+          "request": {
+            "$ref": "TestPermissionsRequest"
+          },
+          "response": {
+            "$ref": "TestPermissionsResponse"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        }
+      }
+    },
+    "interconnectLocations": {
+      "methods": {
+        "get": {
+          "description": "Returns the details for the specified interconnect location. Gets a list of available interconnect locations by making a list() request.",
+          "flatPath": "projects/{project}/global/interconnectLocations/{interconnectLocation}",
+          "httpMethod": "GET",
+          "id": "compute.interconnectLocations.get",
+          "parameterOrder": [
+            "project",
+            "interconnectLocation"
+          ],
+          "parameters": {
+            "interconnectLocation": {
+              "description": "Name of the interconnect location to return.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/global/interconnectLocations/{interconnectLocation}",
+          "response": {
+            "$ref": "InterconnectLocation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "list": {
+          "description": "Retrieves the list of interconnect locations available to the specified project.",
+          "flatPath": "projects/{project}/global/interconnectLocations",
+          "httpMethod": "GET",
+          "id": "compute.interconnectLocations.list",
           "parameterOrder": [
             "project"
           ],
@@ -12617,6 +13615,100 @@
         }
       }
     },
+    "interconnectRemoteLocations": {
+      "methods": {
+        "get": {
+          "description": "Returns the details for the specified interconnect remote location. Gets a list of available interconnect remote locations by making a list() request.",
+          "flatPath": "projects/{project}/global/interconnectRemoteLocations/{interconnectRemoteLocation}",
+          "httpMethod": "GET",
+          "id": "compute.interconnectRemoteLocations.get",
+          "parameterOrder": [
+            "project",
+            "interconnectRemoteLocation"
+          ],
+          "parameters": {
+            "interconnectRemoteLocation": {
+              "description": "Name of the interconnect remote location to return.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/global/interconnectRemoteLocations/{interconnectRemoteLocation}",
+          "response": {
+            "$ref": "InterconnectRemoteLocation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "list": {
+          "description": "Retrieves the list of interconnect remote locations available to the specified project.",
+          "flatPath": "projects/{project}/global/interconnectRemoteLocations",
+          "httpMethod": "GET",
+          "id": "compute.interconnectRemoteLocations.list",
+          "parameterOrder": [
+            "project"
+          ],
+          "parameters": {
+            "filter": {
+              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+              "location": "query",
+              "type": "string"
+            },
+            "maxResults": {
+              "default": "500",
+              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+              "format": "uint32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "orderBy": {
+              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+              "location": "query",
+              "type": "string"
+            },
+            "pageToken": {
+              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+              "location": "query",
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "returnPartialSuccess": {
+              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+              "location": "query",
+              "type": "boolean"
+            }
+          },
+          "path": "projects/{project}/global/interconnectRemoteLocations",
+          "response": {
+            "$ref": "InterconnectRemoteLocationList"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        }
+      }
+    },
     "interconnects": {
       "methods": {
         "delete": {
@@ -12728,6 +13820,41 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
+        "getMacsecConfig": {
+          "description": "Returns the interconnectMacsecConfig for the specified Interconnect.",
+          "flatPath": "projects/{project}/global/interconnects/{interconnect}/getMacsecConfig",
+          "httpMethod": "GET",
+          "id": "compute.interconnects.getMacsecConfig",
+          "parameterOrder": [
+            "project",
+            "interconnect"
+          ],
+          "parameters": {
+            "interconnect": {
+              "description": "Name of the interconnect resource to query.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/global/interconnects/{interconnect}/getMacsecConfig",
+          "response": {
+            "$ref": "InterconnectsGetMacsecConfigResponse"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
         "insert": {
           "description": "Creates an Interconnect in the specified project using the data included in the request.",
           "flatPath": "projects/{project}/global/interconnects",
@@ -13341,7 +14468,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified machine image. Gets a list of available machine images by making a list() request.",
+          "description": "Returns the specified machine image.",
           "flatPath": "projects/{project}/global/machineImages/{machineImage}",
           "httpMethod": "GET",
           "id": "compute.machineImages.get",
@@ -13650,7 +14777,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified machine type. Gets a list of available machine types by making a list() request.",
+          "description": "Returns the specified machine type.",
           "flatPath": "projects/{project}/zones/{zone}/machineTypes/{machineType}",
           "httpMethod": "GET",
           "id": "compute.machineTypes.get",
@@ -14622,7 +15749,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified network endpoint group. Gets a list of available network endpoint groups by making a list() request.",
+          "description": "Returns the specified network endpoint group.",
           "flatPath": "projects/{project}/zones/{zone}/networkEndpointGroups/{networkEndpointGroup}",
           "httpMethod": "GET",
           "id": "compute.networkEndpointGroups.get",
@@ -15657,7 +16784,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified network. Gets a list of available networks by making a list() request.",
+          "description": "Returns the specified network.",
           "flatPath": "projects/{project}/global/networks/{network}",
           "httpMethod": "GET",
           "id": "compute.networks.get",
@@ -16944,7 +18071,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified node template. Gets a list of available node templates by making a list() request.",
+          "description": "Returns the specified node template.",
           "flatPath": "projects/{project}/regions/{region}/nodeTemplates/{nodeTemplate}",
           "httpMethod": "GET",
           "id": "compute.nodeTemplates.get",
@@ -17296,7 +18423,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified node type. Gets a list of available node types by making a list() request.",
+          "description": "Returns the specified node type.",
           "flatPath": "projects/{project}/zones/{zone}/nodeTypes/{nodeType}",
           "httpMethod": "GET",
           "id": "compute.nodeTypes.get",
@@ -18609,7 +19736,8 @@
           ]
         },
         "moveInstance": {
-          "description": "Moves an instance and its attached persistent disks from one zone to another. *Note*: Moving VMs or disks by using this method might cause unexpected behavior. For more information, see the [known issue](/compute/docs/troubleshooting/known-issues#moving_vms_or_disks_using_the_moveinstance_api_or_the_causes_unexpected_behavior).",
+          "deprecated": true,
+          "description": "Moves an instance and its attached persistent disks from one zone to another. *Note*: Moving VMs or disks by using this method might cause unexpected behavior. For more information, see the [known issue](/compute/docs/troubleshooting/known-issues#moving_vms_or_disks_using_the_moveinstance_api_or_the_causes_unexpected_behavior). [Deprecated] This method is deprecated. See [moving instance across zones](/compute/docs/instances/moving-instance-across-zones) instead.",
           "flatPath": "projects/{project}/moveInstance",
           "httpMethod": "POST",
           "id": "compute.projects.moveInstance",
@@ -18710,6 +19838,40 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
+        "setManagedProtectionTier": {
+          "description": "Sets the Cloud Armor Managed Protection (CAMP) tier of the project. To set PLUS or above the billing account of the project must be subscribed to Managed Protection Plus. See Subscribing to Managed Protection Plus for more information.",
+          "flatPath": "projects/{project}/setManagedProtectionTier",
+          "httpMethod": "POST",
+          "id": "compute.projects.setManagedProtectionTier",
+          "parameterOrder": [
+            "project"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/setManagedProtectionTier",
+          "request": {
+            "$ref": "ProjectsSetManagedProtectionTierRequest"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "setUsageExportBucket": {
           "description": "Enables the usage export feature and sets the usage export bucket where reports are stored. If you provide an empty request body using this method, the usage export feature will be disabled.",
           "flatPath": "projects/{project}/setUsageExportBucket",
@@ -19994,6 +21156,55 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
+        "setSecurityPolicy": {
+          "description": "Sets the Google Cloud Armor security policy for the specified backend service. For more information, see Google Cloud Armor Overview",
+          "flatPath": "projects/{project}/regions/{region}/backendServices/{backendService}/setSecurityPolicy",
+          "httpMethod": "POST",
+          "id": "compute.regionBackendServices.setSecurityPolicy",
+          "parameterOrder": [
+            "project",
+            "region",
+            "backendService"
+          ],
+          "parameters": {
+            "backendService": {
+              "description": "Name of the BackendService resource to which the security policy should be set. The name should conform to RFC1035.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/backendServices/{backendService}/setSecurityPolicy",
+          "request": {
+            "$ref": "SecurityPolicyReference"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "testIamPermissions": {
           "description": "Returns permissions that a caller has on the specified resource.",
           "flatPath": "projects/{project}/regions/{region}/backendServices/{resource}/testIamPermissions",
@@ -20155,7 +21366,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified commitment resource. Gets a list of available commitments by making a list() request.",
+          "description": "Returns the specified commitment resource.",
           "flatPath": "projects/{project}/regions/{region}/commitments/{commitment}",
           "httpMethod": "GET",
           "id": "compute.regionCommitments.get",
@@ -20464,7 +21675,7 @@
     "regionDiskTypes": {
       "methods": {
         "get": {
-          "description": "Returns the specified regional disk type. Gets a list of available disk types by making a list() request.",
+          "description": "Returns the specified regional disk type.",
           "flatPath": "projects/{project}/regions/{region}/diskTypes/{diskType}",
           "httpMethod": "GET",
           "id": "compute.regionDiskTypes.get",
@@ -20623,6 +21834,48 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
+        "bulkInsert": {
+          "description": "Bulk create a set of disks.",
+          "flatPath": "projects/{project}/regions/{region}/disks/bulkInsert",
+          "httpMethod": "POST",
+          "id": "compute.regionDisks.bulkInsert",
+          "parameterOrder": [
+            "project",
+            "region"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "The name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/disks/bulkInsert",
+          "request": {
+            "$ref": "BulkInsertDiskResource"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "createSnapshot": {
           "description": "Creates a snapshot of a specified persistent disk. For regular snapshot creation, consider using snapshots.insert instead, as that method supports more features, such as creating snapshots in a project different from the source disk project.",
           "flatPath": "projects/{project}/regions/{region}/disks/{disk}/createSnapshot",
@@ -21116,6 +22369,145 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
+        "startAsyncReplication": {
+          "description": "Starts asynchronous replication. Must be invoked on the primary disk.",
+          "flatPath": "projects/{project}/regions/{region}/disks/{disk}/startAsyncReplication",
+          "httpMethod": "POST",
+          "id": "compute.regionDisks.startAsyncReplication",
+          "parameterOrder": [
+            "project",
+            "region",
+            "disk"
+          ],
+          "parameters": {
+            "disk": {
+              "description": "The name of the persistent disk.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "The name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/disks/{disk}/startAsyncReplication",
+          "request": {
+            "$ref": "RegionDisksStartAsyncReplicationRequest"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "stopAsyncReplication": {
+          "description": "Stops asynchronous replication. Can be invoked either on the primary or on the secondary disk.",
+          "flatPath": "projects/{project}/regions/{region}/disks/{disk}/stopAsyncReplication",
+          "httpMethod": "POST",
+          "id": "compute.regionDisks.stopAsyncReplication",
+          "parameterOrder": [
+            "project",
+            "region",
+            "disk"
+          ],
+          "parameters": {
+            "disk": {
+              "description": "The name of the persistent disk.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "The name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/disks/{disk}/stopAsyncReplication",
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "stopGroupAsyncReplication": {
+          "description": "Stops asynchronous replication for a consistency group of disks. Can be invoked either in the primary or secondary scope.",
+          "flatPath": "projects/{project}/regions/{region}/disks/stopGroupAsyncReplication",
+          "httpMethod": "POST",
+          "id": "compute.regionDisks.stopGroupAsyncReplication",
+          "parameterOrder": [
+            "project",
+            "region"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "The name of the region for this request. This must be the region of the primary or secondary disks in the consistency group.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/disks/stopGroupAsyncReplication",
+          "request": {
+            "$ref": "DisksStopGroupAsyncReplicationResource"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "testIamPermissions": {
           "description": "Returns permissions that a caller has on the specified resource.",
           "flatPath": "projects/{project}/regions/{region}/disks/{resource}/testIamPermissions",
@@ -21567,7 +22959,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified HealthCheck resource. Gets a list of available health checks by making a list() request.",
+          "description": "Returns the specified HealthCheck resource.",
           "flatPath": "projects/{project}/regions/{region}/healthChecks/{healthCheck}",
           "httpMethod": "GET",
           "id": "compute.regionHealthChecks.get",
@@ -22737,6 +24129,7 @@
           ]
         },
         "setAutoHealingPolicies": {
+          "deprecated": true,
           "description": "Modifies the autohealing policy for the instances in this managed instance group. [Deprecated] This method is deprecated. Use regionInstanceGroupManagers.patch instead.",
           "flatPath": "projects/{project}/regions/{region}/instanceGroupManagers/{instanceGroupManager}/setAutoHealingPolicies",
           "httpMethod": "POST",
@@ -23347,7 +24740,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified instance template. Gets a list of available instance templates by making a list() request.",
+          "description": "Returns the specified instance template.",
           "flatPath": "projects/{project}/regions/{region}/instanceTemplates/{instanceTemplate}",
           "httpMethod": "GET",
           "id": "compute.regionInstanceTemplates.get",
@@ -23542,8 +24935,445 @@
         }
       }
     },
+    "regionInstantSnapshots": {
+      "methods": {
+        "delete": {
+          "description": "Deletes the specified InstantSnapshot resource. Keep in mind that deleting a single instantSnapshot might not necessarily delete all the data on that instantSnapshot. If any data on the instantSnapshot that is marked for deletion is needed for subsequent instantSnapshots, the data will be moved to the next corresponding instantSnapshot. For more information, see Deleting instantSnapshots.",
+          "flatPath": "projects/{project}/regions/{region}/instantSnapshots/{instantSnapshot}",
+          "httpMethod": "DELETE",
+          "id": "compute.regionInstantSnapshots.delete",
+          "parameterOrder": [
+            "project",
+            "region",
+            "instantSnapshot"
+          ],
+          "parameters": {
+            "instantSnapshot": {
+              "description": "Name of the InstantSnapshot resource to delete.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "The name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/instantSnapshots/{instantSnapshot}",
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "get": {
+          "description": "Returns the specified InstantSnapshot resource in the specified region.",
+          "flatPath": "projects/{project}/regions/{region}/instantSnapshots/{instantSnapshot}",
+          "httpMethod": "GET",
+          "id": "compute.regionInstantSnapshots.get",
+          "parameterOrder": [
+            "project",
+            "region",
+            "instantSnapshot"
+          ],
+          "parameters": {
+            "instantSnapshot": {
+              "description": "Name of the InstantSnapshot resource to return.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "The name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/instantSnapshots/{instantSnapshot}",
+          "response": {
+            "$ref": "InstantSnapshot"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "getIamPolicy": {
+          "description": "Gets the access control policy for a resource. May be empty if no such policy or resource exists.",
+          "flatPath": "projects/{project}/regions/{region}/instantSnapshots/{resource}/getIamPolicy",
+          "httpMethod": "GET",
+          "id": "compute.regionInstantSnapshots.getIamPolicy",
+          "parameterOrder": [
+            "project",
+            "region",
+            "resource"
+          ],
+          "parameters": {
+            "optionsRequestedPolicyVersion": {
+              "description": "Requested IAM Policy version.",
+              "format": "int32",
+              "location": "query",
+              "type": "integer"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "The name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "resource": {
+              "description": "Name or id of the resource for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/instantSnapshots/{resource}/getIamPolicy",
+          "response": {
+            "$ref": "Policy"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "insert": {
+          "description": "Creates an instant snapshot in the specified region.",
+          "flatPath": "projects/{project}/regions/{region}/instantSnapshots",
+          "httpMethod": "POST",
+          "id": "compute.regionInstantSnapshots.insert",
+          "parameterOrder": [
+            "project",
+            "region"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/instantSnapshots",
+          "request": {
+            "$ref": "InstantSnapshot"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "list": {
+          "description": "Retrieves the list of InstantSnapshot resources contained within the specified region.",
+          "flatPath": "projects/{project}/regions/{region}/instantSnapshots",
+          "httpMethod": "GET",
+          "id": "compute.regionInstantSnapshots.list",
+          "parameterOrder": [
+            "project",
+            "region"
+          ],
+          "parameters": {
+            "filter": {
+              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+              "location": "query",
+              "type": "string"
+            },
+            "maxResults": {
+              "default": "500",
+              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+              "format": "uint32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "orderBy": {
+              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+              "location": "query",
+              "type": "string"
+            },
+            "pageToken": {
+              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+              "location": "query",
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "The name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "returnPartialSuccess": {
+              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+              "location": "query",
+              "type": "boolean"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/instantSnapshots",
+          "response": {
+            "$ref": "InstantSnapshotList"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "setIamPolicy": {
+          "description": "Sets the access control policy on the specified resource. Replaces any existing policy.",
+          "flatPath": "projects/{project}/regions/{region}/instantSnapshots/{resource}/setIamPolicy",
+          "httpMethod": "POST",
+          "id": "compute.regionInstantSnapshots.setIamPolicy",
+          "parameterOrder": [
+            "project",
+            "region",
+            "resource"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "The name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "resource": {
+              "description": "Name or id of the resource for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/instantSnapshots/{resource}/setIamPolicy",
+          "request": {
+            "$ref": "RegionSetPolicyRequest"
+          },
+          "response": {
+            "$ref": "Policy"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "setLabels": {
+          "description": "Sets the labels on a instantSnapshot in the given region. To learn more about labels, read the Labeling Resources documentation.",
+          "flatPath": "projects/{project}/regions/{region}/instantSnapshots/{resource}/setLabels",
+          "httpMethod": "POST",
+          "id": "compute.regionInstantSnapshots.setLabels",
+          "parameterOrder": [
+            "project",
+            "region",
+            "resource"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "The region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "resource": {
+              "description": "Name or id of the resource for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/instantSnapshots/{resource}/setLabels",
+          "request": {
+            "$ref": "RegionSetLabelsRequest"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "testIamPermissions": {
+          "description": "Returns permissions that a caller has on the specified resource.",
+          "flatPath": "projects/{project}/regions/{region}/instantSnapshots/{resource}/testIamPermissions",
+          "httpMethod": "POST",
+          "id": "compute.regionInstantSnapshots.testIamPermissions",
+          "parameterOrder": [
+            "project",
+            "region",
+            "resource"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "The name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "resource": {
+              "description": "Name or id of the resource for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/instantSnapshots/{resource}/testIamPermissions",
+          "request": {
+            "$ref": "TestPermissionsRequest"
+          },
+          "response": {
+            "$ref": "TestPermissionsResponse"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        }
+      }
+    },
     "regionNetworkEndpointGroups": {
       "methods": {
+        "attachNetworkEndpoints": {
+          "description": "Attach a list of network endpoints to the specified network endpoint group.",
+          "flatPath": "projects/{project}/regions/{region}/networkEndpointGroups/{networkEndpointGroup}/attachNetworkEndpoints",
+          "httpMethod": "POST",
+          "id": "compute.regionNetworkEndpointGroups.attachNetworkEndpoints",
+          "parameterOrder": [
+            "project",
+            "region",
+            "networkEndpointGroup"
+          ],
+          "parameters": {
+            "networkEndpointGroup": {
+              "description": "The name of the network endpoint group where you are attaching network endpoints to. It should comply with RFC1035.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "The name of the region where you want to create the network endpoint group. It should comply with RFC1035.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/networkEndpointGroups/{networkEndpointGroup}/attachNetworkEndpoints",
+          "request": {
+            "$ref": "RegionNetworkEndpointGroupsAttachEndpointsRequest"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "delete": {
           "description": "Deletes the specified network endpoint group. Note that the NEG cannot be deleted if it is configured as a backend of a backend service.",
           "flatPath": "projects/{project}/regions/{region}/networkEndpointGroups/{networkEndpointGroup}",
@@ -23589,8 +25419,56 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
+        "detachNetworkEndpoints": {
+          "description": "Detach the network endpoint from the specified network endpoint group.",
+          "flatPath": "projects/{project}/regions/{region}/networkEndpointGroups/{networkEndpointGroup}/detachNetworkEndpoints",
+          "httpMethod": "POST",
+          "id": "compute.regionNetworkEndpointGroups.detachNetworkEndpoints",
+          "parameterOrder": [
+            "project",
+            "region",
+            "networkEndpointGroup"
+          ],
+          "parameters": {
+            "networkEndpointGroup": {
+              "description": "The name of the network endpoint group you are detaching network endpoints from. It should comply with RFC1035.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "The name of the region where the network endpoint group is located. It should comply with RFC1035.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000). end_interface: MixerMutationRequestBuilder",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/networkEndpointGroups/{networkEndpointGroup}/detachNetworkEndpoints",
+          "request": {
+            "$ref": "RegionNetworkEndpointGroupsDetachEndpointsRequest"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "get": {
-          "description": "Returns the specified network endpoint group. Gets a list of available network endpoint groups by making a list() request.",
+          "description": "Returns the specified network endpoint group.",
           "flatPath": "projects/{project}/regions/{region}/networkEndpointGroups/{networkEndpointGroup}",
           "httpMethod": "GET",
           "id": "compute.regionNetworkEndpointGroups.get",
@@ -23732,6 +25610,75 @@
             "https://www.googleapis.com/auth/compute",
             "https://www.googleapis.com/auth/compute.readonly"
           ]
+        },
+        "listNetworkEndpoints": {
+          "description": "Lists the network endpoints in the specified network endpoint group.",
+          "flatPath": "projects/{project}/regions/{region}/networkEndpointGroups/{networkEndpointGroup}/listNetworkEndpoints",
+          "httpMethod": "POST",
+          "id": "compute.regionNetworkEndpointGroups.listNetworkEndpoints",
+          "parameterOrder": [
+            "project",
+            "region",
+            "networkEndpointGroup"
+          ],
+          "parameters": {
+            "filter": {
+              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+              "location": "query",
+              "type": "string"
+            },
+            "maxResults": {
+              "default": "500",
+              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+              "format": "uint32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "networkEndpointGroup": {
+              "description": "The name of the network endpoint group from which you want to generate a list of included network endpoints. It should comply with RFC1035.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "orderBy": {
+              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+              "location": "query",
+              "type": "string"
+            },
+            "pageToken": {
+              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+              "location": "query",
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "The name of the region where the network endpoint group is located. It should comply with RFC1035.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "returnPartialSuccess": {
+              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+              "location": "query",
+              "type": "boolean"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/networkEndpointGroups/{networkEndpointGroup}/listNetworkEndpoints",
+          "response": {
+            "$ref": "NetworkEndpointGroupsListNetworkEndpoints"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
         }
       }
     },
@@ -25032,6 +26979,56 @@
     },
     "regionSecurityPolicies": {
       "methods": {
+        "addRule": {
+          "description": "Inserts a rule into a security policy.",
+          "flatPath": "projects/{project}/regions/{region}/securityPolicies/{securityPolicy}/addRule",
+          "httpMethod": "POST",
+          "id": "compute.regionSecurityPolicies.addRule",
+          "parameterOrder": [
+            "project",
+            "region",
+            "securityPolicy"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "securityPolicy": {
+              "description": "Name of the security policy to update.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "validateOnly": {
+              "description": "If true, the request will not be committed.",
+              "location": "query",
+              "type": "boolean"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/securityPolicies/{securityPolicy}/addRule",
+          "request": {
+            "$ref": "SecurityPolicyRule"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "delete": {
           "description": "Deletes the specified policy.",
           "flatPath": "projects/{project}/regions/{region}/securityPolicies/{securityPolicy}",
@@ -25063,14 +27060,272 @@
               "type": "string"
             },
             "securityPolicy": {
-              "description": "Name of the security policy to delete.",
+              "description": "Name of the security policy to delete.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/securityPolicies/{securityPolicy}",
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "get": {
+          "description": "List all of the ordered rules present in a single specified policy.",
+          "flatPath": "projects/{project}/regions/{region}/securityPolicies/{securityPolicy}",
+          "httpMethod": "GET",
+          "id": "compute.regionSecurityPolicies.get",
+          "parameterOrder": [
+            "project",
+            "region",
+            "securityPolicy"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "securityPolicy": {
+              "description": "Name of the security policy to get.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/securityPolicies/{securityPolicy}",
+          "response": {
+            "$ref": "SecurityPolicy"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "getRule": {
+          "description": "Gets a rule at the specified priority.",
+          "flatPath": "projects/{project}/regions/{region}/securityPolicies/{securityPolicy}/getRule",
+          "httpMethod": "GET",
+          "id": "compute.regionSecurityPolicies.getRule",
+          "parameterOrder": [
+            "project",
+            "region",
+            "securityPolicy"
+          ],
+          "parameters": {
+            "priority": {
+              "description": "The priority of the rule to get from the security policy.",
+              "format": "int32",
+              "location": "query",
+              "type": "integer"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "securityPolicy": {
+              "description": "Name of the security policy to which the queried rule belongs.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/securityPolicies/{securityPolicy}/getRule",
+          "response": {
+            "$ref": "SecurityPolicyRule"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "insert": {
+          "description": "Creates a new policy in the specified project using the data included in the request.",
+          "flatPath": "projects/{project}/regions/{region}/securityPolicies",
+          "httpMethod": "POST",
+          "id": "compute.regionSecurityPolicies.insert",
+          "parameterOrder": [
+            "project",
+            "region"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "validateOnly": {
+              "description": "If true, the request will not be committed.",
+              "location": "query",
+              "type": "boolean"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/securityPolicies",
+          "request": {
+            "$ref": "SecurityPolicy"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "list": {
+          "description": "List all the policies that have been configured for the specified project and region.",
+          "flatPath": "projects/{project}/regions/{region}/securityPolicies",
+          "httpMethod": "GET",
+          "id": "compute.regionSecurityPolicies.list",
+          "parameterOrder": [
+            "project",
+            "region"
+          ],
+          "parameters": {
+            "filter": {
+              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+              "location": "query",
+              "type": "string"
+            },
+            "maxResults": {
+              "default": "500",
+              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+              "format": "uint32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "orderBy": {
+              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+              "location": "query",
+              "type": "string"
+            },
+            "pageToken": {
+              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+              "location": "query",
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "returnPartialSuccess": {
+              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+              "location": "query",
+              "type": "boolean"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/securityPolicies",
+          "response": {
+            "$ref": "SecurityPolicyList"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "patch": {
+          "description": "Patches the specified policy with the data included in the request. To clear fields in the policy, leave the fields empty and specify them in the updateMask. This cannot be used to be update the rules in the policy. Please use the per rule methods like addRule, patchRule, and removeRule instead.",
+          "flatPath": "projects/{project}/regions/{region}/securityPolicies/{securityPolicy}",
+          "httpMethod": "PATCH",
+          "id": "compute.regionSecurityPolicies.patch",
+          "parameterOrder": [
+            "project",
+            "region",
+            "securityPolicy"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "securityPolicy": {
+              "description": "Name of the security policy to update.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
+            },
+            "updateMask": {
+              "description": "Indicates fields to be cleared as part of this request.",
+              "format": "google-fieldmask",
+              "location": "query",
+              "type": "string"
             }
           },
           "path": "projects/{project}/regions/{region}/securityPolicies/{securityPolicy}",
+          "request": {
+            "$ref": "SecurityPolicy"
+          },
           "response": {
             "$ref": "Operation"
           },
@@ -25079,17 +27334,23 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "get": {
-          "description": "List all of the ordered rules present in a single specified policy.",
-          "flatPath": "projects/{project}/regions/{region}/securityPolicies/{securityPolicy}",
-          "httpMethod": "GET",
-          "id": "compute.regionSecurityPolicies.get",
+        "patchRule": {
+          "description": "Patches a rule at the specified priority. To clear fields in the rule, leave the fields empty and specify them in the updateMask.",
+          "flatPath": "projects/{project}/regions/{region}/securityPolicies/{securityPolicy}/patchRule",
+          "httpMethod": "POST",
+          "id": "compute.regionSecurityPolicies.patchRule",
           "parameterOrder": [
             "project",
             "region",
             "securityPolicy"
           ],
           "parameters": {
+            "priority": {
+              "description": "The priority of the rule to patch.",
+              "format": "int32",
+              "location": "query",
+              "type": "integer"
+            },
             "project": {
               "description": "Project ID for this request.",
               "location": "path",
@@ -25105,49 +27366,15 @@
               "type": "string"
             },
             "securityPolicy": {
-              "description": "Name of the security policy to get.",
+              "description": "Name of the security policy to update.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
-            }
-          },
-          "path": "projects/{project}/regions/{region}/securityPolicies/{securityPolicy}",
-          "response": {
-            "$ref": "SecurityPolicy"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
-          ]
-        },
-        "insert": {
-          "description": "Creates a new policy in the specified project using the data included in the request.",
-          "flatPath": "projects/{project}/regions/{region}/securityPolicies",
-          "httpMethod": "POST",
-          "id": "compute.regionSecurityPolicies.insert",
-          "parameterOrder": [
-            "project",
-            "region"
-          ],
-          "parameters": {
-            "project": {
-              "description": "Project ID for this request.",
-              "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-              "required": true,
-              "type": "string"
-            },
-            "region": {
-              "description": "Name of the region scoping this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
             },
-            "requestId": {
-              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+            "updateMask": {
+              "description": "Indicates fields to be cleared as part of this request.",
+              "format": "google-fieldmask",
               "location": "query",
               "type": "string"
             },
@@ -25157,9 +27384,9 @@
               "type": "boolean"
             }
           },
-          "path": "projects/{project}/regions/{region}/securityPolicies",
+          "path": "projects/{project}/regions/{region}/securityPolicies/{securityPolicy}/patchRule",
           "request": {
-            "$ref": "SecurityPolicy"
+            "$ref": "SecurityPolicyRule"
           },
           "response": {
             "$ref": "Operation"
@@ -25169,80 +27396,23 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "list": {
-          "description": "List all the policies that have been configured for the specified project and region.",
-          "flatPath": "projects/{project}/regions/{region}/securityPolicies",
-          "httpMethod": "GET",
-          "id": "compute.regionSecurityPolicies.list",
+        "removeRule": {
+          "description": "Deletes a rule at the specified priority.",
+          "flatPath": "projects/{project}/regions/{region}/securityPolicies/{securityPolicy}/removeRule",
+          "httpMethod": "POST",
+          "id": "compute.regionSecurityPolicies.removeRule",
           "parameterOrder": [
             "project",
-            "region"
+            "region",
+            "securityPolicy"
           ],
           "parameters": {
-            "filter": {
-              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
-              "location": "query",
-              "type": "string"
-            },
-            "maxResults": {
-              "default": "500",
-              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
-              "format": "uint32",
+            "priority": {
+              "description": "The priority of the rule to remove from the security policy.",
+              "format": "int32",
               "location": "query",
-              "minimum": "0",
               "type": "integer"
             },
-            "orderBy": {
-              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
-              "location": "query",
-              "type": "string"
-            },
-            "pageToken": {
-              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
-              "location": "query",
-              "type": "string"
-            },
-            "project": {
-              "description": "Project ID for this request.",
-              "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-              "required": true,
-              "type": "string"
-            },
-            "region": {
-              "description": "Name of the region scoping this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
-            "returnPartialSuccess": {
-              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
-              "location": "query",
-              "type": "boolean"
-            }
-          },
-          "path": "projects/{project}/regions/{region}/securityPolicies",
-          "response": {
-            "$ref": "SecurityPolicyList"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
-          ]
-        },
-        "patch": {
-          "description": "Patches the specified policy with the data included in the request. To clear fields in the rule, leave the fields empty and specify them in the updateMask. This cannot be used to be update the rules in the policy. Please use the per rule methods like addRule, patchRule, and removeRule instead.",
-          "flatPath": "projects/{project}/regions/{region}/securityPolicies/{securityPolicy}",
-          "httpMethod": "PATCH",
-          "id": "compute.regionSecurityPolicies.patch",
-          "parameterOrder": [
-            "project",
-            "region",
-            "securityPolicy"
-          ],
-          "parameters": {
             "project": {
               "description": "Project ID for this request.",
               "location": "path",
@@ -25257,11 +27427,6 @@
               "required": true,
               "type": "string"
             },
-            "requestId": {
-              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
-              "location": "query",
-              "type": "string"
-            },
             "securityPolicy": {
               "description": "Name of the security policy to update.",
               "location": "path",
@@ -25270,10 +27435,7 @@
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/securityPolicies/{securityPolicy}",
-          "request": {
-            "$ref": "SecurityPolicy"
-          },
+          "path": "projects/{project}/regions/{region}/securityPolicies/{securityPolicy}/removeRule",
           "response": {
             "$ref": "Operation"
           },
@@ -25934,7 +28096,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified TargetHttpProxy resource in the specified region. Gets a list of available target HTTP proxies by making a list() request.",
+          "description": "Returns the specified TargetHttpProxy resource in the specified region.",
           "flatPath": "projects/{project}/regions/{region}/targetHttpProxies/{targetHttpProxy}",
           "httpMethod": "GET",
           "id": "compute.regionTargetHttpProxies.get",
@@ -26229,7 +28391,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified TargetHttpsProxy resource in the specified region. Gets a list of available target HTTP proxies by making a list() request.",
+          "description": "Returns the specified TargetHttpsProxy resource in the specified region.",
           "flatPath": "projects/{project}/regions/{region}/targetHttpsProxies/{targetHttpsProxy}",
           "httpMethod": "GET",
           "id": "compute.regionTargetHttpsProxies.get",
@@ -26869,7 +29031,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified UrlMap resource. Gets a list of available URL maps by making a list() request.",
+          "description": "Returns the specified UrlMap resource.",
           "flatPath": "projects/{project}/regions/{region}/urlMaps/{urlMap}",
           "httpMethod": "GET",
           "id": "compute.regionUrlMaps.get",
@@ -27259,10 +29421,77 @@
         }
       }
     },
+    "regionZones": {
+      "methods": {
+        "list": {
+          "description": "Retrieves the list of Zone resources under the specific region available to the specified project.",
+          "flatPath": "projects/{project}/regions/{region}/zones",
+          "httpMethod": "GET",
+          "id": "compute.regionZones.list",
+          "parameterOrder": [
+            "project",
+            "region"
+          ],
+          "parameters": {
+            "filter": {
+              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+              "location": "query",
+              "type": "string"
+            },
+            "maxResults": {
+              "default": "500",
+              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+              "format": "uint32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "orderBy": {
+              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+              "location": "query",
+              "type": "string"
+            },
+            "pageToken": {
+              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+              "location": "query",
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "returnPartialSuccess": {
+              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+              "location": "query",
+              "type": "boolean"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/zones",
+          "response": {
+            "$ref": "ZoneList"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        }
+      }
+    },
     "regions": {
       "methods": {
         "get": {
-          "description": "Returns the specified Region resource. Gets a list of available regions by making a list() request. To decrease latency for this method, you can optionally omit any unneeded information from the response by using a field mask. This practice is especially recommended for unused quota information (the `quotas` field). To exclude one or more fields, set your request's `fields` query parameter to only include the fields you need. For example, to only include the `id` and `selfLink` fields, add the query parameter `?fields=id,selfLink` to your request.",
+          "description": "Returns the specified Region resource. To decrease latency for this method, you can optionally omit any unneeded information from the response by using a field mask. This practice is especially recommended for unused quota information (the `quotas` field). To exclude one or more fields, set your request's `fields` query parameter to only include the fields you need. For example, to only include the `id` and `selfLink` fields, add the query parameter `?fields=id,selfLink` to your request.",
           "flatPath": "projects/{project}/regions/{region}",
           "httpMethod": "GET",
           "id": "compute.regions.get",
@@ -28428,7 +30657,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified Router resource. Gets a list of available routers by making a list() request.",
+          "description": "Returns the specified Router resource.",
           "flatPath": "projects/{project}/regions/{region}/routers/{router}",
           "httpMethod": "GET",
           "id": "compute.routers.get",
@@ -28930,7 +31159,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified Route resource. Gets a list of available routes by making a list() request.",
+          "description": "Returns the specified Route resource.",
           "flatPath": "projects/{project}/global/routes/{route}",
           "httpMethod": "GET",
           "id": "compute.routes.get",
@@ -29462,7 +31691,7 @@
           ]
         },
         "patch": {
-          "description": "Patches the specified policy with the data included in the request. To clear fields in the rule, leave the fields empty and specify them in the updateMask. This cannot be used to be update the rules in the policy. Please use the per rule methods like addRule, patchRule, and removeRule instead.",
+          "description": "Patches the specified policy with the data included in the request. To clear fields in the policy, leave the fields empty and specify them in the updateMask. This cannot be used to be update the rules in the policy. Please use the per rule methods like addRule, patchRule, and removeRule instead.",
           "flatPath": "projects/{project}/global/securityPolicies/{securityPolicy}",
           "httpMethod": "PATCH",
           "id": "compute.securityPolicies.patch",
@@ -29489,6 +31718,12 @@
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
+            },
+            "updateMask": {
+              "description": "Indicates fields to be cleared as part of this request.",
+              "format": "google-fieldmask",
+              "location": "query",
+              "type": "string"
             }
           },
           "path": "projects/{project}/global/securityPolicies/{securityPolicy}",
@@ -29504,7 +31739,7 @@
           ]
         },
         "patchRule": {
-          "description": "Patches a rule at the specified priority.",
+          "description": "Patches a rule at the specified priority. To clear fields in the rule, leave the fields empty and specify them in the updateMask.",
           "flatPath": "projects/{project}/global/securityPolicies/{securityPolicy}/patchRule",
           "httpMethod": "POST",
           "id": "compute.securityPolicies.patchRule",
@@ -29533,6 +31768,12 @@
               "required": true,
               "type": "string"
             },
+            "updateMask": {
+              "description": "Indicates fields to be cleared as part of this request.",
+              "format": "google-fieldmask",
+              "location": "query",
+              "type": "string"
+            },
             "validateOnly": {
               "description": "If true, the request will not be committed.",
               "location": "query",
@@ -30157,7 +32398,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified Snapshot resource. Gets a list of available snapshots by making a list() request.",
+          "description": "Returns the specified Snapshot resource.",
           "flatPath": "projects/{project}/global/snapshots/{snapshot}",
           "httpMethod": "GET",
           "id": "compute.snapshots.get",
@@ -30537,7 +32778,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified SslCertificate resource. Gets a list of available SSL certificates by making a list() request.",
+          "description": "Returns the specified SslCertificate resource.",
           "flatPath": "projects/{project}/global/sslCertificates/{sslCertificate}",
           "httpMethod": "GET",
           "id": "compute.sslCertificates.get",
@@ -30835,7 +33076,7 @@
           ]
         },
         "insert": {
-          "description": "Returns the specified SSL policy resource. Gets a list of available SSL policies by making a list() request.",
+          "description": "Returns the specified SSL policy resource.",
           "flatPath": "projects/{project}/global/sslPolicies",
           "httpMethod": "POST",
           "id": "compute.sslPolicies.insert",
@@ -31219,7 +33460,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified subnetwork. Gets a list of available subnetworks list() request.",
+          "description": "Returns the specified subnetwork.",
           "flatPath": "projects/{project}/regions/{region}/subnetworks/{subnetwork}",
           "httpMethod": "GET",
           "id": "compute.subnetworks.get",
@@ -32023,7 +34264,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified TargetHttpProxy resource. Gets a list of available target HTTP proxies by making a list() request.",
+          "description": "Returns the specified TargetHttpProxy resource.",
           "flatPath": "projects/{project}/global/targetHttpProxies/{targetHttpProxy}",
           "httpMethod": "GET",
           "id": "compute.targetHttpProxies.get",
@@ -32372,7 +34613,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified TargetHttpsProxy resource. Gets a list of available target HTTPS proxies by making a list() request.",
+          "description": "Returns the specified TargetHttpsProxy resource.",
           "flatPath": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}",
           "httpMethod": "GET",
           "id": "compute.targetHttpsProxies.get",
@@ -32894,7 +35135,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified TargetInstance resource. Gets a list of available target instances by making a list() request.",
+          "description": "Returns the specified TargetInstance resource.",
           "flatPath": "projects/{project}/zones/{zone}/targetInstances/{targetInstance}",
           "httpMethod": "GET",
           "id": "compute.targetInstances.get",
@@ -33041,6 +35282,55 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
+        "setSecurityPolicy": {
+          "description": "Sets the Google Cloud Armor security policy for the specified target instance. For more information, see Google Cloud Armor Overview",
+          "flatPath": "projects/{project}/zones/{zone}/targetInstances/{targetInstance}/setSecurityPolicy",
+          "httpMethod": "POST",
+          "id": "compute.targetInstances.setSecurityPolicy",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "targetInstance"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "targetInstance": {
+              "description": "Name of the TargetInstance resource to which the security policy should be set. The name should conform to RFC1035.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            },
+            "zone": {
+              "description": "Name of the zone scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/targetInstances/{targetInstance}/setSecurityPolicy",
+          "request": {
+            "$ref": "SecurityPolicyReference"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "testIamPermissions": {
           "description": "Returns permissions that a caller has on the specified resource.",
           "flatPath": "projects/{project}/zones/{zone}/targetInstances/{resource}/testIamPermissions",
@@ -33299,7 +35589,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified target pool. Gets a list of available target pools by making a list() request.",
+          "description": "Returns the specified target pool.",
           "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}",
           "httpMethod": "GET",
           "id": "compute.targetPools.get",
@@ -33648,6 +35938,55 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
+        "setSecurityPolicy": {
+          "description": "Sets the Google Cloud Armor security policy for the specified target pool. For more information, see Google Cloud Armor Overview",
+          "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}/setSecurityPolicy",
+          "httpMethod": "POST",
+          "id": "compute.targetPools.setSecurityPolicy",
+          "parameterOrder": [
+            "project",
+            "region",
+            "targetPool"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region scoping this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "targetPool": {
+              "description": "Name of the TargetPool resource to which the security policy should be set. The name should conform to RFC1035.",
+              "location": "path",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/targetPools/{targetPool}/setSecurityPolicy",
+          "request": {
+            "$ref": "SecurityPolicyReference"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "testIamPermissions": {
           "description": "Returns permissions that a caller has on the specified resource.",
           "flatPath": "projects/{project}/regions/{region}/targetPools/{resource}/testIamPermissions",
@@ -33738,7 +36077,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified TargetSslProxy resource. Gets a list of available target SSL proxies by making a list() request.",
+          "description": "Returns the specified TargetSslProxy resource.",
           "flatPath": "projects/{project}/global/targetSslProxies/{targetSslProxy}",
           "httpMethod": "GET",
           "id": "compute.targetSslProxies.get",
@@ -34211,7 +36550,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified TargetTcpProxy resource. Gets a list of available target TCP proxies by making a list() request.",
+          "description": "Returns the specified TargetTcpProxy resource.",
           "flatPath": "projects/{project}/global/targetTcpProxies/{targetTcpProxy}",
           "httpMethod": "GET",
           "id": "compute.targetTcpProxies.get",
@@ -34568,7 +36907,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified target VPN gateway. Gets a list of available target VPN gateways by making a list() request.",
+          "description": "Returns the specified target VPN gateway.",
           "flatPath": "projects/{project}/regions/{region}/targetVpnGateways/{targetVpnGateway}",
           "httpMethod": "GET",
           "id": "compute.targetVpnGateways.get",
@@ -34915,7 +37254,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified UrlMap resource. Gets a list of available URL maps by making a list() request.",
+          "description": "Returns the specified UrlMap resource.",
           "flatPath": "projects/{project}/global/urlMaps/{urlMap}",
           "httpMethod": "GET",
           "id": "compute.urlMaps.get",
@@ -35351,7 +37690,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified VPN gateway. Gets a list of available VPN gateways by making a list() request.",
+          "description": "Returns the specified VPN gateway.",
           "flatPath": "projects/{project}/regions/{region}/vpnGateways/{vpnGateway}",
           "httpMethod": "GET",
           "id": "compute.vpnGateways.get",
@@ -35749,7 +38088,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified VpnTunnel resource. Gets a list of available VPN tunnels by making a list() request.",
+          "description": "Returns the specified VpnTunnel resource.",
           "flatPath": "projects/{project}/regions/{region}/vpnTunnels/{vpnTunnel}",
           "httpMethod": "GET",
           "id": "compute.vpnTunnels.get",
@@ -36189,7 +38528,7 @@
     "zones": {
       "methods": {
         "get": {
-          "description": "Returns the specified Zone resource. Gets a list of available zones by making a list() request.",
+          "description": "Returns the specified Zone resource.",
           "flatPath": "projects/{project}/zones/{zone}",
           "httpMethod": "GET",
           "id": "compute.zones.get",
@@ -36281,7 +38620,7 @@
       }
     }
   },
-  "revision": "20230210",
+  "revision": "20230711",
   "rootUrl": "https://compute.googleapis.com/",
   "schemas": {
     "AWSV4Signature": {
@@ -36421,6 +38760,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -36439,6 +38779,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -36450,6 +38820,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -36541,6 +38912,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -36559,6 +38931,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -36570,6 +38972,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -36643,6 +39046,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -36661,6 +39065,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -36672,6 +39106,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -36724,11 +39159,11 @@
       "id": "AccessConfig",
       "properties": {
         "externalIpv6": {
-          "description": "The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. To use a static external IP address, it must be unused and in the same region as the instance's zone. If not specified, GCP will automatically assign an external IPv6 address from the instance's subnetwork.",
+          "description": "Applies to ipv6AccessConfigs only. The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. To use a static external IP address, it must be unused and in the same region as the instance's zone. If not specified, Google Cloud will automatically assign an external IPv6 address from the instance's subnetwork.",
           "type": "string"
         },
         "externalIpv6PrefixLength": {
-          "description": "The prefix length of the external IPv6 range.",
+          "description": "Applies to ipv6AccessConfigs only. The prefix length of the external IPv6 range.",
           "format": "int32",
           "type": "integer"
         },
@@ -36738,11 +39173,11 @@
           "type": "string"
         },
         "name": {
-          "description": "The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.",
+          "description": "The name of this access configuration. In accessConfigs (IPv4), the default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. In ipv6AccessConfigs, the recommend name is External IPv6.",
           "type": "string"
         },
         "natIP": {
-          "description": "An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.",
+          "description": "Applies to accessConfigs (IPv4) only. An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.",
           "type": "string"
         },
         "networkTier": {
@@ -36765,13 +39200,16 @@
           "description": "The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.",
           "type": "string"
         },
+        "securityPolicy": {
+          "description": "[Output Only] The resource URL for the security policy associated with this access config.",
+          "type": "string"
+        },
         "setPublicPtr": {
           "description": "Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.",
           "type": "boolean"
         },
         "type": {
-          "default": "ONE_TO_ONE_NAT",
-          "description": "The type of configuration. The default and only option is ONE_TO_ONE_NAT.",
+          "description": "The type of configuration. In accessConfigs (IPv4), the default and only option is ONE_TO_ONE_NAT. In ipv6AccessConfigs, the default and only option is DIRECT_IPV6.",
           "enum": [
             "DIRECT_IPV6",
             "ONE_TO_ONE_NAT"
@@ -36821,7 +39259,7 @@
           "type": "string"
         },
         "ipVersion": {
-          "description": "The IP version that will be used by this address. Valid options are IPV4 or IPV6. This can only be specified for a global address.",
+          "description": "The IP version that will be used by this address. Valid options are IPV4 or IPV6.",
           "enum": [
             "IPV4",
             "IPV6",
@@ -37009,6 +39447,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -37027,6 +39466,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -37038,6 +39507,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -37129,6 +39599,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -37147,6 +39618,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -37158,6 +39659,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -37231,6 +39733,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -37249,6 +39752,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -37260,6 +39793,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -37569,6 +40103,18 @@
           ],
           "type": "string"
         },
+        "savedState": {
+          "description": "For LocalSSD disks on VM Instances in STOPPED or SUSPENDED state, this field is set to PRESERVED if the LocalSSD data has been saved to a persistent location by customer request. (see the discard_local_ssd option on Stop/Suspend). Read-only in the api.",
+          "enum": [
+            "DISK_SAVED_STATE_UNSPECIFIED",
+            "PRESERVED"
+          ],
+          "enumDescriptions": [
+            "*[Default]* Disk state has not been preserved.",
+            "Disk state has been preserved."
+          ],
+          "type": "string"
+        },
         "shieldedInstanceInitialState": {
           "$ref": "InitialStateConfig",
           "description": "[Output Only] shielded vm initial state stored on disk"
@@ -37634,6 +40180,10 @@
           "description": "Specifies the disk type to use to create the instance. If not specified, the default is pd-standard, specified using the full URL. For example: https://www.googleapis.com/compute/v1/projects/project/zones/zone /diskTypes/pd-standard For a full list of acceptable values, see Persistent disk types. If you specify this field when creating a VM, you can provide either the full or partial URL. For example, the following values are valid: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /diskTypes/diskType - projects/project/zones/zone/diskTypes/diskType - zones/zone/diskTypes/diskType If you specify this field when creating or updating an instance template or all-instances configuration, specify the type of the disk, not the URL. For example: pd-standard.",
           "type": "string"
         },
+        "enableConfidentialCompute": {
+          "description": "Whether this disk is using confidential compute mode.",
+          "type": "boolean"
+        },
         "guestOsFeatures": {
           "description": "A list of features to enable on the guest operating system. Applicable only for bootable images. Read Enabling guest operating system features to see a list of available options. Guest OS features are applied by merging initializeParams.guestOsFeatures and disks.guestOsFeatures",
           "items": {
@@ -37683,6 +40233,13 @@
           "format": "int64",
           "type": "string"
         },
+        "replicaZones": {
+          "description": "Required for each regional disk associated with the instance. Specify the URLs of the zones where the disk should be replicated to. You must provide exactly two replica zones, and one zone must be the same as the instance zone. You can't use this option with boot disks.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "resourceManagerTags": {
           "additionalProperties": {
             "type": "string"
@@ -37705,6 +40262,10 @@
           "$ref": "CustomerEncryptionKey",
           "description": "The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key. InstanceTemplate and InstancePropertiesPatch do not store customer-supplied encryption keys, so you cannot create disks for instances in a managed instance group if the source images are encrypted with your own keys."
         },
+        "sourceInstantSnapshot": {
+          "description": "The source instant-snapshot to create this disk. When creating a new instance, one of initializeParams.sourceSnapshot or initializeParams.sourceInstantSnapshot initializeParams.sourceImage or disks.source is required except for local SSD. To create a disk with a snapshot that you created, specify the snapshot name in the following format: us-central1-a/instantSnapshots/my-backup If the source instant-snapshot is deleted later, this field will not be set.",
+          "type": "string"
+        },
         "sourceSnapshot": {
           "description": "The source snapshot to create this disk. When creating a new instance, one of initializeParams.sourceSnapshot or initializeParams.sourceImage or disks.source is required except for local SSD. To create a disk with a snapshot that you created, specify the snapshot name in the following format: global/snapshots/my-backup If the source snapshot is deleted later, this field will not be set.",
           "type": "string"
@@ -37941,6 +40502,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -37959,6 +40521,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -37970,6 +40562,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -38061,6 +40654,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -38079,6 +40673,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -38090,6 +40714,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -38221,6 +40846,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -38239,6 +40865,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -38250,6 +40906,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -38302,7 +40959,7 @@
       "id": "AutoscalingPolicy",
       "properties": {
         "coolDownPeriodSec": {
-          "description": "The number of seconds that the autoscaler waits before it starts collecting information from a new instance. This prevents the autoscaler from collecting information when the instance is initializing, during which the collected usage would not be reliable. The default time autoscaler waits is 60 seconds. Virtual machine initialization times might vary because of numerous factors. We recommend that you test how long an instance may take to initialize. To do this, create an instance and time the startup process.",
+          "description": "The number of seconds that your application takes to initialize on a VM instance. This is referred to as the [initialization period](/compute/docs/autoscaler#cool_down_period). Specifying an accurate initialization period improves autoscaler decisions. For example, when scaling out, the autoscaler ignores data from VMs that are still initializing because those VMs might not yet represent normal usage of your application. The default initialization period is 60 seconds. Initialization periods might vary because of numerous factors. We recommend that you test how long your application takes to initialize. To do this, create a VM and time your application's startup process.",
           "format": "int32",
           "type": "integer"
         },
@@ -38332,7 +40989,7 @@
           "type": "integer"
         },
         "mode": {
-          "description": "Defines operating mode for this policy.",
+          "description": "Defines the operating mode for this policy. The following modes are available: - OFF: Disables the autoscaler but maintains its configuration. - ONLY_SCALE_OUT: Restricts the autoscaler to add VM instances only. - ON: Enables all autoscaler activities according to its policy. For more information, see \"Turning off or restricting an autoscaler\"",
           "enum": [
             "OFF",
             "ON",
@@ -38574,6 +41231,20 @@
           "description": "Optional parameter to define a target capacity for the UTILIZATION balancing mode. The valid range is [0.0, 1.0]. For usage guidelines, see Utilization balancing mode.",
           "format": "float",
           "type": "number"
+        },
+        "preference": {
+          "description": "This field indicates whether this backend should be fully utilized before sending traffic to backends with default preference. The possible values are: - PREFERRED: Backends with this preference level will be filled up to their capacity limits first, based on RTT. - DEFAULT: If preferred backends don't have enough capacity, backends in this layer would be used and traffic would be assigned based on the load balancing algorithm you use. This is the default ",
+          "enum": [
+            "DEFAULT",
+            "PREFERENCE_UNSPECIFIED",
+            "PREFERRED"
+          ],
+          "enumDescriptions": [
+            "No preference.",
+            "If preference is unspecified, we set it to the DEFAULT value",
+            "Traffic will be sent to this backend first."
+          ],
+          "type": "string"
         }
       },
       "type": "object"
@@ -38607,7 +41278,7 @@
           "type": "string"
         },
         "customResponseHeaders": {
-          "description": "Headers that the HTTP/S load balancer should add to proxied responses.",
+          "description": "Headers that the Application Load Balancer should add to proxied responses.",
           "items": {
             "type": "string"
           },
@@ -38821,6 +41492,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -38839,6 +41511,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -38850,6 +41552,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -39062,6 +41765,13 @@
           "$ref": "Duration",
           "description": "Specifies the default maximum duration (timeout) for streams to this service. Duration is computed from the beginning of the stream until the response has been completely processed, including all retries. A stream that does not complete in this duration is closed. If not specified, there will be no timeout limit, i.e. the maximum duration is infinite. This value can be overridden in the PathMatcher configuration of the UrlMap that references this backend service. This field is only allowed when the loadBalancingScheme of the backend service is INTERNAL_SELF_MANAGED."
         },
+        "metadatas": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Deployment metadata associated with the resource to be set by a GKE hub controller and read by the backend RCTH",
+          "type": "object"
+        },
         "name": {
           "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
           "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
@@ -39073,9 +41783,10 @@
         },
         "outlierDetection": {
           "$ref": "OutlierDetection",
-          "description": "Settings controlling the eviction of unhealthy hosts from the load balancing pool for the backend service. If not set, this feature is considered disabled. This field is applicable to either: - A regional backend service with the service_protocol set to HTTP, HTTPS, HTTP2, or GRPC, and load_balancing_scheme set to INTERNAL_MANAGED. - A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. "
+          "description": "Settings controlling the ejection of unhealthy backend endpoints from the load balancing pool of each individual proxy instance that processes the traffic for the given backend service. If not set, this feature is considered disabled. Results of the outlier detection algorithm (ejection of endpoints from the load balancing pool and returning them back to the pool) are executed independently by each proxy instance of the load balancer. In most cases, more than one proxy instance handles the traffic received by a backend service. Thus, it is possible that an unhealthy endpoint is detected and ejected by only some of the proxies, and while this happens, other proxies may continue to send requests to the same unhealthy endpoint until they detect and eject the unhealthy endpoint. Applicable backend endpoints can be: - VM instances in an Instance Group - Endpoints in a Zonal NEG (GCE_VM_IP, GCE_VM_IP_PORT) - Endpoints in a Hybrid Connectivity NEG (NON_GCP_PRIVATE_IP_PORT) - Serverless NEGs, that resolve to Cloud Run, App Engine, or Cloud Functions Services - Private Service Connect NEGs, that resolve to Google-managed regional API endpoints or managed services published using Private Service Connect Applicable backend service types can be: - A global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. - A regional backend service with the serviceProtocol set to HTTP, HTTPS, or HTTP2, and loadBalancingScheme set to INTERNAL_MANAGED or EXTERNAL_MANAGED. Not supported for Serverless NEGs. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true."
         },
         "port": {
+          "deprecated": true,
           "description": "Deprecated in favor of portName. The TCP port to connect on the backend. The default value is 80. For Internal TCP/UDP Load Balancing and Network Load Balancing, omit port.",
           "format": "int32",
           "type": "integer"
@@ -39131,6 +41842,10 @@
           },
           "type": "array"
         },
+        "serviceLbPolicy": {
+          "description": "URL to networkservices.ServiceLbPolicy resource. Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.",
+          "type": "string"
+        },
         "sessionAffinity": {
           "description": "Type of session affinity to use. The default is NONE. Only NONE and HEADER_FIELD are supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true. For more details, see: [Session Affinity](https://cloud.google.com/load-balancing/docs/backend-service#session_affinity).",
           "enum": [
@@ -39218,6 +41933,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -39236,6 +41952,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -39247,6 +41993,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -39559,6 +42306,246 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "BackendServiceLocalityLoadBalancingPolicyConfig": {
+      "description": "Container for either a built-in LB policy supported by gRPC or Envoy or a custom one implemented by the end user.",
+      "id": "BackendServiceLocalityLoadBalancingPolicyConfig",
+      "properties": {
+        "customPolicy": {
+          "$ref": "BackendServiceLocalityLoadBalancingPolicyConfigCustomPolicy"
+        },
+        "policy": {
+          "$ref": "BackendServiceLocalityLoadBalancingPolicyConfigPolicy"
+        }
+      },
+      "type": "object"
+    },
+    "BackendServiceLocalityLoadBalancingPolicyConfigCustomPolicy": {
+      "description": "The configuration for a custom policy implemented by the user and deployed with the client.",
+      "id": "BackendServiceLocalityLoadBalancingPolicyConfigCustomPolicy",
+      "properties": {
+        "data": {
+          "description": "An optional, arbitrary JSON object with configuration data, understood by a locally installed custom policy implementation.",
+          "type": "string"
+        },
+        "name": {
+          "description": "Identifies the custom policy. The value should match the name of a custom implementation registered on the gRPC clients. It should follow protocol buffer message naming conventions and include the full path (for example, myorg.CustomLbPolicy). The maximum length is 256 characters. Do not specify the same custom policy more than once for a backend. If you do, the configuration is rejected. For an example of how to use this field, see Use a custom policy.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "BackendServiceLocalityLoadBalancingPolicyConfigPolicy": {
+      "description": "The configuration for a built-in load balancing policy.",
+      "id": "BackendServiceLocalityLoadBalancingPolicyConfigPolicy",
+      "properties": {
+        "name": {
+          "description": "The name of a locality load-balancing policy. Valid values include ROUND_ROBIN and, for Java clients, LEAST_REQUEST. For information about these values, see the description of localityLbPolicy. Do not specify the same policy more than once for a backend. If you do, the configuration is rejected.",
+          "enum": [
+            "INVALID_LB_POLICY",
+            "LEAST_REQUEST",
+            "MAGLEV",
+            "ORIGINAL_DESTINATION",
+            "RANDOM",
+            "RING_HASH",
+            "ROUND_ROBIN",
+            "WEIGHTED_MAGLEV"
+          ],
+          "enumDescriptions": [
+            "",
+            "An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.",
+            "This algorithm implements consistent hashing to backends. Maglev can be used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, see https://ai.google/research/pubs/pub44824",
+            "Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.",
+            "The load balancer selects a random healthy host.",
+            "The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.",
+            "This is a simple policy in which each healthy backend is selected in round robin order. This is the default.",
+            "Per-instance weighted Load Balancing via health check reported weights. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weighted based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight. This option is only supported in Network Load Balancing."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "BackendServiceLogConfig": {
+      "description": "The available logging options for the load balancer traffic served by this backend service.",
+      "id": "BackendServiceLogConfig",
+      "properties": {
+        "enable": {
+          "description": "Denotes whether to enable logging for the load balancer traffic served by this backend service. The default value is false.",
+          "type": "boolean"
+        },
+        "optionalFields": {
+          "description": "This field can only be specified if logging is enabled for this backend service and \"logConfig.optionalMode\" was set to CUSTOM. Contains a list of optional fields you want to include in the logs. For example: serverInstance, serverGkeDetails.cluster, serverGkeDetails.pod.podNamespace",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "optionalMode": {
+          "description": "This field can only be specified if logging is enabled for this backend service. Configures whether all, none or a subset of optional fields should be added to the reported logs. One of [INCLUDE_ALL_OPTIONAL, EXCLUDE_ALL_OPTIONAL, CUSTOM]. Default is EXCLUDE_ALL_OPTIONAL.",
+          "enum": [
+            "CUSTOM",
+            "EXCLUDE_ALL_OPTIONAL",
+            "INCLUDE_ALL_OPTIONAL"
+          ],
+          "enumDescriptions": [
+            "A subset of optional fields.",
+            "None optional fields.",
+            "All optional fields."
+          ],
+          "type": "string"
+        },
+        "sampleRate": {
+          "description": "This field can only be specified if logging is enabled for this backend service. The value of the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0.",
+          "format": "float",
+          "type": "number"
+        }
+      },
+      "type": "object"
+    },
+    "BackendServiceReference": {
+      "id": "BackendServiceReference",
+      "properties": {
+        "backendService": {
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "BackendServicesScopedList": {
+      "id": "BackendServicesScopedList",
+      "properties": {
+        "backendServices": {
+          "description": "A list of BackendServices contained in this scope.",
+          "items": {
+            "$ref": "BackendService"
+          },
+          "type": "array"
+        },
+        "warning": {
+          "description": "Informational warning which replaces the list of backend services when the list is empty.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -39577,212 +42564,35 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "BackendServiceLocalityLoadBalancingPolicyConfig": {
-      "description": "Container for either a built-in LB policy supported by gRPC or Envoy or a custom one implemented by the end user.",
-      "id": "BackendServiceLocalityLoadBalancingPolicyConfig",
-      "properties": {
-        "customPolicy": {
-          "$ref": "BackendServiceLocalityLoadBalancingPolicyConfigCustomPolicy"
-        },
-        "policy": {
-          "$ref": "BackendServiceLocalityLoadBalancingPolicyConfigPolicy"
-        }
-      },
-      "type": "object"
-    },
-    "BackendServiceLocalityLoadBalancingPolicyConfigCustomPolicy": {
-      "description": "The configuration for a custom policy implemented by the user and deployed with the client.",
-      "id": "BackendServiceLocalityLoadBalancingPolicyConfigCustomPolicy",
-      "properties": {
-        "data": {
-          "description": "An optional, arbitrary JSON object with configuration data, understood by a locally installed custom policy implementation.",
-          "type": "string"
-        },
-        "name": {
-          "description": "Identifies the custom policy. The value should match the name of a custom implementation registered on the gRPC clients. It should follow protocol buffer message naming conventions and include the full path (for example, myorg.CustomLbPolicy). The maximum length is 256 characters. Do not specify the same custom policy more than once for a backend. If you do, the configuration is rejected. For an example of how to use this field, see Use a custom policy.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "BackendServiceLocalityLoadBalancingPolicyConfigPolicy": {
-      "description": "The configuration for a built-in load balancing policy.",
-      "id": "BackendServiceLocalityLoadBalancingPolicyConfigPolicy",
-      "properties": {
-        "name": {
-          "description": "The name of a locality load-balancing policy. Valid values include ROUND_ROBIN and, for Java clients, LEAST_REQUEST. For information about these values, see the description of localityLbPolicy. Do not specify the same policy more than once for a backend. If you do, the configuration is rejected.",
-          "enum": [
-            "INVALID_LB_POLICY",
-            "LEAST_REQUEST",
-            "MAGLEV",
-            "ORIGINAL_DESTINATION",
-            "RANDOM",
-            "RING_HASH",
-            "ROUND_ROBIN",
-            "WEIGHTED_MAGLEV"
-          ],
-          "enumDescriptions": [
-            "",
-            "An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.",
-            "This algorithm implements consistent hashing to backends. Maglev can be used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, see https://ai.google/research/pubs/pub44824",
-            "Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.",
-            "The load balancer selects a random healthy host.",
-            "The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.",
-            "This is a simple policy in which each healthy backend is selected in round robin order. This is the default.",
-            "Per-instance weighted Load Balancing via health check reported weights. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weighted based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight. This option is only supported in Network Load Balancing."
-          ],
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "BackendServiceLogConfig": {
-      "description": "The available logging options for the load balancer traffic served by this backend service.",
-      "id": "BackendServiceLogConfig",
-      "properties": {
-        "enable": {
-          "description": "Denotes whether to enable logging for the load balancer traffic served by this backend service. The default value is false.",
-          "type": "boolean"
-        },
-        "optionalFields": {
-          "description": "This field can only be specified if logging is enabled for this backend service and \"logConfig.optionalMode\" was set to CUSTOM. Contains a list of optional fields you want to include in the logs. For example: serverInstance, serverGkeDetails.cluster, serverGkeDetails.pod.podNamespace",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "optionalMode": {
-          "description": "This field can only be specified if logging is enabled for this backend service. Configures whether all, none or a subset of optional fields should be added to the reported logs. One of [INCLUDE_ALL_OPTIONAL, EXCLUDE_ALL_OPTIONAL, CUSTOM]. Default is EXCLUDE_ALL_OPTIONAL.",
-          "enum": [
-            "CUSTOM",
-            "EXCLUDE_ALL_OPTIONAL",
-            "INCLUDE_ALL_OPTIONAL"
-          ],
-          "enumDescriptions": [
-            "A subset of optional fields.",
-            "None optional fields.",
-            "All optional fields."
-          ],
-          "type": "string"
-        },
-        "sampleRate": {
-          "description": "This field can only be specified if logging is enabled for this backend service. The value of the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0.",
-          "format": "float",
-          "type": "number"
-        }
-      },
-      "type": "object"
-    },
-    "BackendServiceReference": {
-      "id": "BackendServiceReference",
-      "properties": {
-        "backendService": {
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "BackendServicesScopedList": {
-      "id": "BackendServicesScopedList",
-      "properties": {
-        "backendServices": {
-          "description": "A list of BackendServices contained in this scope.",
-          "items": {
-            "$ref": "BackendService"
-          },
-          "type": "array"
-        },
-        "warning": {
-          "description": "Informational warning which replaces the list of backend services when the list is empty.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
               ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
@@ -39795,6 +42605,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -40111,6 +42922,17 @@
       },
       "type": "object"
     },
+    "BulkInsertDiskResource": {
+      "description": "A transient resource used in compute.disks.bulkInsert and compute.regionDisks.bulkInsert. It is only used to process requests and is not persisted.",
+      "id": "BulkInsertDiskResource",
+      "properties": {
+        "sourceConsistencyGroupPolicy": {
+          "description": "The URL of the DiskConsistencyGroupPolicy for the group of disks to clone. This may be a full or partial URL, such as: - https://www.googleapis.com/compute/v1/projects/project/regions/region /resourcePolicies/resourcePolicy - projects/project/regions/region/resourcePolicies/resourcePolicy - regions/region/resourcePolicies/resourcePolicy ",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "BulkInsertInstanceResource": {
       "description": "A transient resource used in compute.instances.bulkInsert and compute.regionInstances.bulkInsert . This resource is not persisted anywhere, it is used only for processing the requests.",
       "id": "BulkInsertInstanceResource",
@@ -40155,6 +42977,10 @@
       "description": "Per-instance properties to be set on individual instances. To be extended in the future.",
       "id": "BulkInsertInstanceResourcePerInstanceProperties",
       "properties": {
+        "hostname": {
+          "description": "Specifies the hostname of the instance. More details in: https://cloud.google.com/compute/docs/instances/custom-hostname-vm#naming_convention",
+          "type": "string"
+        },
         "name": {
           "description": "This field is only temporary. It will be removed. Do not use it.",
           "type": "string"
@@ -40162,6 +42988,48 @@
       },
       "type": "object"
     },
+    "BulkInsertOperationStatus": {
+      "id": "BulkInsertOperationStatus",
+      "properties": {
+        "createdVmCount": {
+          "description": "[Output Only] Count of VMs successfully created so far.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "deletedVmCount": {
+          "description": "[Output Only] Count of VMs that got deleted during rollback.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "failedToCreateVmCount": {
+          "description": "[Output Only] Count of VMs that started creating but encountered an error.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "status": {
+          "description": "[Output Only] Creation status of BulkInsert operation - information if the flow is rolling forward or rolling back.",
+          "enum": [
+            "CREATING",
+            "DONE",
+            "ROLLING_BACK",
+            "STATUS_UNSPECIFIED"
+          ],
+          "enumDescriptions": [
+            "Rolling forward - creating VMs.",
+            "Done",
+            "Rolling back - cleaning up after an error.",
+            ""
+          ],
+          "type": "string"
+        },
+        "targetVmCount": {
+          "description": "[Output Only] Count of VMs originally planned to be created.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
     "BundledLocalSsds": {
       "id": "BundledLocalSsds",
       "properties": {
@@ -40370,7 +43238,7 @@
           "type": "string"
         },
         "splitSourceCommitment": {
-          "description": "Source commitment to be splitted into a new commitment.",
+          "description": "Source commitment to be split into a new commitment.",
           "type": "string"
         },
         "startTimestamp": {
@@ -40411,6 +43279,7 @@
             "GENERAL_PURPOSE_N2",
             "GENERAL_PURPOSE_N2D",
             "GENERAL_PURPOSE_T2D",
+            "GRAPHICS_OPTIMIZED",
             "MEMORY_OPTIMIZED",
             "MEMORY_OPTIMIZED_M3",
             "TYPE_UNSPECIFIED"
@@ -40427,6 +43296,7 @@
             "",
             "",
             "",
+            "",
             ""
           ],
           "type": "string"
@@ -40485,6 +43355,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -40503,6 +43374,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -40514,6 +43415,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -40605,6 +43507,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -40623,6 +43526,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -40634,6 +43567,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -40707,6 +43641,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -40725,6 +43660,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -40736,6 +43701,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -41025,7 +43991,7 @@
       "id": "CustomerEncryptionKey",
       "properties": {
         "kmsKeyName": {
-          "description": "The name of the encryption key that is stored in Google Cloud KMS. For example: \"kmsKeyName\": \"projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key ",
+          "description": "The name of the encryption key that is stored in Google Cloud KMS. For example: \"kmsKeyName\": \"projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key The fully-qualifed key name may be returned for resource GET requests. For example: \"kmsKeyName\": \"projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key /cryptoKeyVersions/1 ",
           "type": "string"
         },
         "kmsKeyServiceAccount": {
@@ -41122,6 +44088,17 @@
           ],
           "type": "string"
         },
+        "asyncPrimaryDisk": {
+          "$ref": "DiskAsyncReplication",
+          "description": "Disk asynchronously replicated into this disk."
+        },
+        "asyncSecondaryDisks": {
+          "additionalProperties": {
+            "$ref": "DiskAsyncReplicationList"
+          },
+          "description": "[Output Only] A list of disks this disk is asynchronously replicated to.",
+          "type": "object"
+        },
         "creationTimestamp": {
           "description": "[Output Only] Creation timestamp in RFC3339 text format.",
           "type": "string"
@@ -41134,6 +44111,10 @@
           "$ref": "CustomerEncryptionKey",
           "description": "Encrypts the disk using a customer-supplied encryption key or a customer-managed encryption key. Encryption keys do not protect access to metadata of the disk. After you encrypt a disk with a customer-supplied key, you must provide the same key if you use the disk later. For example, to create a disk snapshot, to create a disk image, to create a machine image, or to attach the disk to a virtual machine. After you encrypt a disk with a customer-managed key, the diskEncryptionKey.kmsKeyName is set to a key *version* name once the disk is created. The disk is encrypted with this version of the key. In the response, diskEncryptionKey.kmsKeyName appears in the following format: \"diskEncryptionKey.kmsKeyName\": \"projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key /cryptoKeysVersions/version If you do not provide an encryption key when creating the disk, then the disk is encrypted using an automatically generated key and you don't need to provide a key to use the disk later."
         },
+        "enableConfidentialCompute": {
+          "description": "Whether this disk is using confidential compute mode.",
+          "type": "boolean"
+        },
         "eraseWindowsVssSignature": {
           "description": "Specifies whether the disk restored from a source snapshot should erase Windows specific VSS signature.",
           "type": "boolean"
@@ -41151,6 +44132,7 @@
           "type": "string"
         },
         "interface": {
+          "deprecated": true,
           "description": "[Deprecated] Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI.",
           "enum": [
             "NVME",
@@ -41267,6 +44249,10 @@
           },
           "type": "array"
         },
+        "resourceStatus": {
+          "$ref": "DiskResourceStatus",
+          "description": "[Output Only] Status information for the disk resource."
+        },
         "satisfiesPzs": {
           "description": "[Output Only] Reserved for future use.",
           "type": "boolean"
@@ -41280,6 +44266,14 @@
           "format": "int64",
           "type": "string"
         },
+        "sourceConsistencyGroupPolicy": {
+          "description": "[Output Only] URL of the DiskConsistencyGroupPolicy for a secondary disk that was created using a consistency group.",
+          "type": "string"
+        },
+        "sourceConsistencyGroupPolicyId": {
+          "description": "[Output Only] ID of the DiskConsistencyGroupPolicy for a secondary disk that was created using a consistency group.",
+          "type": "string"
+        },
         "sourceDisk": {
           "description": "The source disk used to create this disk. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - https://www.googleapis.com/compute/v1/projects/project/regions/region /disks/disk - projects/project/zones/zone/disks/disk - projects/project/regions/region/disks/disk - zones/zone/disks/disk - regions/region/disks/disk ",
           "type": "string"
@@ -41300,6 +44294,14 @@
           "description": "[Output Only] The ID value of the image used to create this disk. This value identifies the exact image that was used to create this persistent disk. For example, if you created the persistent disk from an image that was later deleted and recreated under the same name, the source image ID would identify the exact version of the image that was used.",
           "type": "string"
         },
+        "sourceInstantSnapshot": {
+          "description": "The source instant snapshot used to create this disk. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /instantSnapshots/instantSnapshot - projects/project/zones/zone/instantSnapshots/instantSnapshot - zones/zone/instantSnapshots/instantSnapshot ",
+          "type": "string"
+        },
+        "sourceInstantSnapshotId": {
+          "description": "[Output Only] The unique ID of the instant snapshot used to create this disk. This value identifies the exact instant snapshot that was used to create this persistent disk. For example, if you created the persistent disk from an instant snapshot that was later deleted and recreated under the same name, the source instant snapshot ID would identify the exact version of the instant snapshot that was used.",
+          "type": "string"
+        },
         "sourceSnapshot": {
           "description": "The source snapshot used to create this disk. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project /global/snapshots/snapshot - projects/project/global/snapshots/snapshot - global/snapshots/snapshot ",
           "type": "string"
@@ -41422,6 +44424,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -41440,6 +44443,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -41451,6 +44484,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -41498,6 +44532,37 @@
       },
       "type": "object"
     },
+    "DiskAsyncReplication": {
+      "id": "DiskAsyncReplication",
+      "properties": {
+        "consistencyGroupPolicy": {
+          "description": "[Output Only] URL of the DiskConsistencyGroupPolicy if replication was started on the disk as a member of a group.",
+          "type": "string"
+        },
+        "consistencyGroupPolicyId": {
+          "description": "[Output Only] ID of the DiskConsistencyGroupPolicy if replication was started on the disk as a member of a group.",
+          "type": "string"
+        },
+        "disk": {
+          "description": "The other disk asynchronously replicated to or from the current disk. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - projects/project/zones/zone/disks/disk - zones/zone/disks/disk ",
+          "type": "string"
+        },
+        "diskId": {
+          "description": "[Output Only] The unique ID of the other disk asynchronously replicated to or from the current disk. This value identifies the exact disk that was used to create this replication. For example, if you started replicating the persistent disk from a disk that was later deleted and recreated under the same name, the disk ID would identify the exact version of the disk that was used.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DiskAsyncReplicationList": {
+      "id": "DiskAsyncReplicationList",
+      "properties": {
+        "asyncReplicationDisk": {
+          "$ref": "DiskAsyncReplication"
+        }
+      },
+      "type": "object"
+    },
     "DiskInstantiationConfig": {
       "description": "A specification of the desired way to instantiate a disk in the instance template when its created from a source instance.",
       "id": "DiskInstantiationConfig",
@@ -41583,6 +44648,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -41601,6 +44667,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -41612,6 +44708,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -41687,6 +44784,47 @@
       },
       "type": "object"
     },
+    "DiskResourceStatus": {
+      "id": "DiskResourceStatus",
+      "properties": {
+        "asyncPrimaryDisk": {
+          "$ref": "DiskResourceStatusAsyncReplicationStatus"
+        },
+        "asyncSecondaryDisks": {
+          "additionalProperties": {
+            "$ref": "DiskResourceStatusAsyncReplicationStatus"
+          },
+          "description": "Key: disk, value: AsyncReplicationStatus message",
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "DiskResourceStatusAsyncReplicationStatus": {
+      "id": "DiskResourceStatusAsyncReplicationStatus",
+      "properties": {
+        "state": {
+          "enum": [
+            "ACTIVE",
+            "CREATED",
+            "STARTING",
+            "STATE_UNSPECIFIED",
+            "STOPPED",
+            "STOPPING"
+          ],
+          "enumDescriptions": [
+            "Replication is active.",
+            "Secondary disk is created and is waiting for replication to start.",
+            "Replication is starting.",
+            "",
+            "Replication is stopped.",
+            "Replication is stopping."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "DiskType": {
       "description": "Represents a Disk Type resource. Google Compute Engine has two Disk Type resources: * [Regional](/compute/docs/reference/rest/beta/regionDiskTypes) * [Zonal](/compute/docs/reference/rest/beta/diskTypes) You can choose from a variety of disk types based on your needs. For more information, read Storage options. The diskTypes resource represents disk types for a zonal persistent disk. For more information, read Zonal persistent disks. The regionDiskTypes resource represents disk types for a regional persistent disk. For more information, read Regional persistent disks.",
       "id": "DiskType",
@@ -41793,6 +44931,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -41811,6 +44950,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -41822,6 +44991,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -41913,6 +45083,312 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "DiskTypesScopedList": {
+      "id": "DiskTypesScopedList",
+      "properties": {
+        "diskTypes": {
+          "description": "[Output Only] A list of disk types contained in this scope.",
+          "items": {
+            "$ref": "DiskType"
+          },
+          "type": "array"
+        },
+        "warning": {
+          "description": "[Output Only] Informational warning which replaces the list of disk types when the list is empty.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "DisksAddResourcePoliciesRequest": {
+      "id": "DisksAddResourcePoliciesRequest",
+      "properties": {
+        "resourcePolicies": {
+          "description": "Full or relative path to the resource policy to be added to this disk. You can only specify one resource policy.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "DisksRemoveResourcePoliciesRequest": {
+      "id": "DisksRemoveResourcePoliciesRequest",
+      "properties": {
+        "resourcePolicies": {
+          "description": "Resource policies to be removed from this disk.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "DisksResizeRequest": {
+      "id": "DisksResizeRequest",
+      "properties": {
+        "sizeGb": {
+          "description": "The new size of the persistent disk, which is specified in GB.",
+          "format": "int64",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DisksScopedList": {
+      "id": "DisksScopedList",
+      "properties": {
+        "disks": {
+          "description": "[Output Only] A list of disks contained in this scope.",
+          "items": {
+            "$ref": "Disk"
+          },
+          "type": "array"
+        },
+        "warning": {
+          "description": "[Output Only] Informational warning which replaces the list of disks when the list is empty.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -41931,107 +45407,35 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "DiskTypesScopedList": {
-      "id": "DiskTypesScopedList",
-      "properties": {
-        "diskTypes": {
-          "description": "[Output Only] A list of disk types contained in this scope.",
-          "items": {
-            "$ref": "DiskType"
-          },
-          "type": "array"
-        },
-        "warning": {
-          "description": "[Output Only] Informational warning which replaces the list of disk types when the list is empty.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
               ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
@@ -42044,6 +45448,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -42091,141 +45496,23 @@
       },
       "type": "object"
     },
-    "DisksAddResourcePoliciesRequest": {
-      "id": "DisksAddResourcePoliciesRequest",
-      "properties": {
-        "resourcePolicies": {
-          "description": "Full or relative path to the resource policy to be added to this disk. You can only specify one resource policy.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "DisksRemoveResourcePoliciesRequest": {
-      "id": "DisksRemoveResourcePoliciesRequest",
-      "properties": {
-        "resourcePolicies": {
-          "description": "Resource policies to be removed from this disk.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "DisksResizeRequest": {
-      "id": "DisksResizeRequest",
+    "DisksStartAsyncReplicationRequest": {
+      "id": "DisksStartAsyncReplicationRequest",
       "properties": {
-        "sizeGb": {
-          "description": "The new size of the persistent disk, which is specified in GB.",
-          "format": "int64",
+        "asyncSecondaryDisk": {
+          "description": "The secondary disk to start asynchronous replication to. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - https://www.googleapis.com/compute/v1/projects/project/regions/region /disks/disk - projects/project/zones/zone/disks/disk - projects/project/regions/region/disks/disk - zones/zone/disks/disk - regions/region/disks/disk ",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "DisksScopedList": {
-      "id": "DisksScopedList",
+    "DisksStopGroupAsyncReplicationResource": {
+      "description": "A transient resource used in compute.disks.stopGroupAsyncReplication and compute.regionDisks.stopGroupAsyncReplication. It is only used to process requests and is not persisted.",
+      "id": "DisksStopGroupAsyncReplicationResource",
       "properties": {
-        "disks": {
-          "description": "[Output Only] A list of disks contained in this scope.",
-          "items": {
-            "$ref": "Disk"
-          },
-          "type": "array"
-        },
-        "warning": {
-          "description": "[Output Only] Informational warning which replaces the list of disks when the list is empty.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
-              ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
+        "resourcePolicy": {
+          "description": "The URL of the DiskConsistencyGroupPolicy for the group of disks to stop. This may be a full or partial URL, such as: - https://www.googleapis.com/compute/v1/projects/project/regions/region /resourcePolicies/resourcePolicy - projects/project/regions/region/resourcePolicies/resourcePolicy - regions/region/resourcePolicies/resourcePolicy ",
+          "type": "string"
         }
       },
       "type": "object"
@@ -42405,6 +45692,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -42423,6 +45711,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -42434,6 +45752,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -42588,6 +45907,10 @@
         "ipAddress": {
           "description": "IP address of the interface in the external VPN gateway. Only IPv4 is supported. This IP address can be either from your on-premise gateway or another Cloud provider's VPN gateway, it cannot be an IP address from Google Compute Engine.",
           "type": "string"
+        },
+        "ipv6Address": {
+          "description": "IPv6 address of the interface in the external VPN gateway. This IPv6 address can be either from your on-premise gateway or another Cloud provider's VPN gateway, it cannot be an IP address from Google Compute Engine. Must specify an IPv6 address (not IPV4-mapped) using any format described in RFC 4291 (e.g. 2001:db8:0:0:2d9:51:0:0). The output format is RFC 5952 format (e.g. 2001:db8::2d9:51:0:0).",
+          "type": "string"
         }
       },
       "type": "object"
@@ -42639,6 +45962,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -42657,6 +45981,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -42668,6 +46022,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -42816,6 +46171,7 @@
           "type": "boolean"
         },
         "enableLogging": {
+          "deprecated": true,
           "description": "Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.",
           "type": "boolean"
         },
@@ -42939,6 +46295,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -42957,6 +46314,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -42968,6 +46355,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -43076,6 +46464,7 @@
           "type": "string"
         },
         "displayName": {
+          "deprecated": true,
           "description": "Deprecated, please use short name instead. User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
           "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
@@ -43143,6 +46532,7 @@
           "type": "string"
         },
         "displayName": {
+          "deprecated": true,
           "description": "[Output Only] Deprecated, please use short name instead. The display name of the firewall policy of the association.",
           "type": "string"
         },
@@ -43200,6 +46590,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -43218,6 +46609,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -43229,6 +46650,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -43331,6 +46753,10 @@
           "format": "int32",
           "type": "integer"
         },
+        "securityProfileGroup": {
+          "description": "A fully-qualified URL of a SecurityProfile resource instance. Example: https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group Must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions.",
+          "type": "string"
+        },
         "targetResources": {
           "description": "A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.",
           "items": {
@@ -43351,6 +46777,10 @@
             "type": "string"
           },
           "type": "array"
+        },
+        "tlsInspect": {
+          "description": "Boolean flag indicating if the traffic should be TLS decrypted. Can be set only if action = 'apply_security_profile_group' and cannot be set for other actions.",
+          "type": "boolean"
         }
       },
       "type": "object"
@@ -43543,7 +46973,7 @@
           "type": "boolean"
         },
         "allowGlobalAccess": {
-          "description": "This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.",
+          "description": "This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If set to true, clients can access the Internal TCP/UDP Load Balancer, Internal HTTP(S) and TCP Proxy Load Balancer from all regions. If false, only allows access from the local region the load balancer is located at. Note that for INTERNAL_MANAGED forwarding rules, this field cannot be changed after the forwarding rule is created.",
           "type": "boolean"
         },
         "allowPscGlobalAccess": {
@@ -43644,7 +47074,7 @@
           "type": "string"
         },
         "network": {
-          "description": "This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If this field is not specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.",
+          "description": "This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.",
           "type": "string"
         },
         "networkTier": {
@@ -43795,6 +47225,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -43813,6 +47244,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -43824,6 +47285,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -43915,6 +47377,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -43933,6 +47396,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -43944,6 +47437,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -44045,6 +47539,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -44063,6 +47558,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -44074,6 +47599,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -44154,6 +47680,20 @@
       },
       "type": "object"
     },
+    "GlobalAddressesMoveRequest": {
+      "id": "GlobalAddressesMoveRequest",
+      "properties": {
+        "description": {
+          "description": "An optional destination address description if intended to be different from the source.",
+          "type": "string"
+        },
+        "destinationAddress": {
+          "description": "The URL of the destination address to move to. This can be a full or partial URL. For example, the following are all valid URLs to a address: - https://www.googleapis.com/compute/v1/projects/project /global/addresses/address - projects/project/global/addresses/address Note that destination project must be different from the source project. So /global/addresses/address is not valid partial url.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "GlobalNetworkEndpointGroupsAttachEndpointsRequest": {
       "id": "GlobalNetworkEndpointGroupsAttachEndpointsRequest",
       "properties": {
@@ -44311,13 +47851,14 @@
       "id": "GuestOsFeature",
       "properties": {
         "type": {
-          "description": "The ID of a supported feature. To add multiple values, use commas to separate values. Set to one or more of the following values: - VIRTIO_SCSI_MULTIQUEUE - WINDOWS - MULTI_IP_SUBNET - UEFI_COMPATIBLE - GVNIC - SEV_CAPABLE - SUSPEND_RESUME_COMPATIBLE - SEV_SNP_CAPABLE For more information, see Enabling guest operating system features.",
+          "description": "The ID of a supported feature. To add multiple values, use commas to separate values. Set to one or more of the following values: - VIRTIO_SCSI_MULTIQUEUE - WINDOWS - MULTI_IP_SUBNET - UEFI_COMPATIBLE - GVNIC - SEV_CAPABLE - SUSPEND_RESUME_COMPATIBLE - SEV_LIVE_MIGRATABLE - SEV_SNP_CAPABLE For more information, see Enabling guest operating system features.",
           "enum": [
             "FEATURE_TYPE_UNSPECIFIED",
             "GVNIC",
             "MULTI_IP_SUBNET",
             "SECURE_BOOT",
             "SEV_CAPABLE",
+            "SEV_LIVE_MIGRATABLE",
             "SEV_SNP_CAPABLE",
             "UEFI_COMPATIBLE",
             "VIRTIO_SCSI_MULTIQUEUE",
@@ -44332,6 +47873,7 @@
             "",
             "",
             "",
+            "",
             ""
           ],
           "type": "string"
@@ -44499,7 +48041,7 @@
       "type": "object"
     },
     "HealthCheck": {
-      "description": "Represents a Health Check resource. Google Compute Engine has two Health Check resources: * [Global](/compute/docs/reference/rest/beta/healthChecks) * [Regional](/compute/docs/reference/rest/beta/regionHealthChecks) Internal HTTP(S) load balancers must use regional health checks (`compute.v1.regionHealthChecks`). Traffic Director must use global health checks (`compute.v1.HealthChecks`). Internal TCP/UDP load balancers can use either regional or global health checks (`compute.v1.regionHealthChecks` or `compute.v1.HealthChecks`). External HTTP(S), TCP proxy, and SSL proxy load balancers as well as managed instance group auto-healing must use global health checks (`compute.v1.HealthChecks`). Backend service-based network load balancers must use regional health checks (`compute.v1.regionHealthChecks`). Target pool-based network load balancers must use legacy HTTP health checks (`compute.v1.httpHealthChecks`). For more information, see Health checks overview.",
+      "description": "Represents a Health Check resource. Google Compute Engine has two Health Check resources: * [Global](/compute/docs/reference/rest/beta/healthChecks) * [Regional](/compute/docs/reference/rest/beta/regionHealthChecks) Internal HTTP(S) load balancers must use regional health checks (`compute.v1.regionHealthChecks`). Traffic Director must use global health checks (`compute.v1.healthChecks`). Internal TCP/UDP load balancers can use either regional or global health checks (`compute.v1.regionHealthChecks` or `compute.v1.healthChecks`). External HTTP(S), TCP proxy, and SSL proxy load balancers as well as managed instance group auto-healing must use global health checks (`compute.v1.healthChecks`). Backend service-based network load balancers must use regional health checks (`compute.v1.regionHealthChecks`). Target pool-based network load balancers must use legacy HTTP health checks (`compute.v1.httpHealthChecks`). For more information, see Health checks overview.",
       "id": "HealthCheck",
       "properties": {
         "checkIntervalSec": {
@@ -44644,6 +48186,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -44662,6 +48205,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -44673,6 +48246,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -44778,6 +48352,7 @@
           "type": "string"
         },
         "healthStatusAggregationStrategy": {
+          "deprecated": true,
           "description": "This field is deprecated. Use health_status_aggregation_policy instead. Policy for how the results from multiple health checks for the same endpoint are aggregated. - NO_AGGREGATION. An EndpointHealth message is returned for each backend in the health check service. - AND. If any backend's health check reports UNHEALTHY, then UNHEALTHY is the HealthState of the entire health check service. If all backend's are healthy, the HealthState of the health check service is HEALTHY. .",
           "enum": [
             "AND",
@@ -44882,6 +48457,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -44900,6 +48476,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -44911,6 +48517,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -45009,6 +48616,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -45027,6 +48635,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -45038,6 +48676,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -45111,6 +48750,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -45129,6 +48769,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -45140,6 +48810,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -45206,7 +48877,7 @@
           "type": "string"
         },
         "healthState": {
-          "description": "Health state of the instance.",
+          "description": "Health state of the IPv4 address of the instance.",
           "enum": [
             "HEALTHY",
             "UNHEALTHY"
@@ -45279,10 +48950,26 @@
             "UNKNOWN"
           ],
           "enumDescriptions": [
-            "",
-            "",
-            "",
-            ""
+            "Endpoint is being drained.",
+            "Endpoint is healthy.",
+            "Endpoint is unhealthy.",
+            "Health status of the endpoint is unknown."
+          ],
+          "type": "string"
+        },
+        "ipv6HealthState": {
+          "description": "Health state of the ipv6 network endpoint determined based on the health checks configured.",
+          "enum": [
+            "DRAINING",
+            "HEALTHY",
+            "UNHEALTHY",
+            "UNKNOWN"
+          ],
+          "enumDescriptions": [
+            "Endpoint is being drained.",
+            "Endpoint is healthy.",
+            "Endpoint is unhealthy.",
+            "Health status of the endpoint is unknown."
           ],
           "type": "string"
         }
@@ -45547,7 +49234,7 @@
           "type": "integer"
         },
         "requestPath": {
-          "description": "The request path of the HTTP health check request. The default value is /. This field does not support query parameters.",
+          "description": "The request path of the HTTP health check request. The default value is /. This field does not support query parameters. Must comply with RFC3986.",
           "type": "string"
         },
         "selfLink": {
@@ -45611,6 +49298,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -45629,6 +49317,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -45640,6 +49358,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -45971,7 +49690,7 @@
           "type": "integer"
         },
         "requestPath": {
-          "description": "The request path of the HTTPS health check request. The default value is \"/\".",
+          "description": "The request path of the HTTPS health check request. The default value is \"/\". Must comply with RFC3986.",
           "type": "string"
         },
         "selfLink": {
@@ -46035,6 +49754,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -46053,6 +49773,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -46064,6 +49814,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -46151,6 +49902,10 @@
           "format": "int64",
           "type": "string"
         },
+        "enableConfidentialCompute": {
+          "description": "Whether this image is created from a confidential compute mode disk. [Output Only]: This field is not set by user, but from source disk.",
+          "type": "boolean"
+        },
         "family": {
           "description": "The name of the image family to which this image belongs. The image family name can be from a publicly managed image family provided by Compute Engine, or from a custom image family you create. For example, centos-stream-9 is a publicly available image family. For more information, see Image family best practices. When creating disks, you can specify an image family instead of a specific image name. The image family always returns its latest image that is not deprecated. The name of the image family must comply with RFC1035.",
           "type": "string"
@@ -46231,6 +49986,7 @@
               "type": "string"
             },
             "sha1Checksum": {
+              "deprecated": true,
               "description": "[Deprecated] This field is deprecated. An optional SHA1 checksum of the disk image before unpackaging provided by the client when the disk image is created.",
               "pattern": "[a-f0-9]{40}",
               "type": "string"
@@ -46392,6 +50148,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -46410,6 +50167,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -46421,6 +50208,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -46753,7 +50541,7 @@
             "TERMINATED"
           ],
           "enumDescriptions": [
-            "The Nanny is halted and we are performing tear down tasks like network deprogramming, releasing quota, IP, tearing down disks etc.",
+            "The instance is halted and we are performing tear down tasks like network deprogramming, releasing quota, IP, tearing down disks etc.",
             "Resources are being allocated for the instance.",
             "The instance is in repair.",
             "The instance is running.",
@@ -46832,6 +50620,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -46850,6 +50639,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -46861,6 +50680,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -47071,6 +50891,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -47089,6 +50910,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -47100,6 +50951,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -47191,6 +51043,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -47209,6 +51062,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -47220,6 +51103,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -47555,6 +51439,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -47573,6 +51458,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -47584,6 +51499,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -47649,7 +51565,7 @@
           "type": "string"
         },
         "initialDelaySec": {
-          "description": "The number of seconds that the managed instance group waits before it applies autohealing policies to new instances or recently recreated instances. This initial delay allows instances to initialize and run their startup scripts before the instance group determines that they are UNHEALTHY. This prevents the managed instance group from recreating its instances prematurely. This value must be from range [0, 3600].",
+          "description": "The initial delay is the number of seconds that a new VM takes to initialize and run its startup script. During a VM's initial delay period, the MIG ignores unsuccessful health checks because the VM might be in the startup process. This prevents the MIG from prematurely recreating a VM. If the health check receives a healthy response during the initial delay, it indicates that the startup process is complete and the VM is ready. The value of initial delay must be between 0 and 3600 seconds. The default value is 0.",
           "format": "int32",
           "type": "integer"
         }
@@ -47659,6 +51575,20 @@
     "InstanceGroupManagerInstanceLifecyclePolicy": {
       "id": "InstanceGroupManagerInstanceLifecyclePolicy",
       "properties": {
+        "defaultActionOnFailure": {
+          "description": "The action that a MIG performs on a failed or an unhealthy VM. A VM is marked as unhealthy when the application running on that VM fails a health check. Valid values are - REPAIR (default): MIG automatically repairs a failed or an unhealthy VM by recreating it. For more information, see About repairing VMs in a MIG. - DO_NOTHING: MIG does not repair a failed or an unhealthy VM. ",
+          "enum": [
+            "DELETE",
+            "DO_NOTHING",
+            "REPAIR"
+          ],
+          "enumDescriptions": [
+            "MIG deletes a failed or an unhealthy VM. Deleting the VM decreases the target size of the MIG.",
+            "MIG does not repair a failed or an unhealthy VM.",
+            "(Default) MIG automatically repairs a failed or an unhealthy VM by recreating it. For more information, see About repairing VMs in a MIG."
+          ],
+          "type": "string"
+        },
         "forceUpdateOnRepair": {
           "description": "A bit indicating whether to forcefully apply the group's latest configuration when repairing a VM. Valid options are: - NO (default): If configuration updates are available, they are not forcefully applied during repair. Instead, configuration updates are applied according to the group's update policy. - YES: If configuration updates are available, they are applied during repair. ",
           "enum": [
@@ -47718,6 +51648,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -47736,6 +51667,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -47747,6 +51708,289 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "InstanceGroupManagerResizeRequest": {
+      "description": "InstanceGroupManagerResizeRequest represents a request to create a number of VMs: either immediately or by queuing the request for the specified time. This resize request is nested under InstanceGroupManager and the VMs created by this request are added to the owning InstanceGroupManager.",
+      "id": "InstanceGroupManagerResizeRequest",
+      "properties": {
+        "count": {
+          "description": "The count of instances to create as part of this resize request.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "creationTimestamp": {
+          "description": "[Output Only] The creation timestamp for this resize request in RFC3339 text format.",
+          "type": "string"
+        },
+        "description": {
+          "description": "An optional description of this resource.",
+          "type": "string"
+        },
+        "id": {
+          "description": "[Output Only] A unique identifier for this resource type. The server generates this identifier.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "kind": {
+          "default": "compute#instanceGroupManagerResizeRequest",
+          "description": "[Output Only] The resource type, which is always compute#instanceGroupManagerResizeRequest for resize requests.",
+          "type": "string"
+        },
+        "name": {
+          "annotations": {
+            "required": [
+              "compute.instanceGroupManagerResizeRequests.insert"
+            ]
+          },
+          "description": "The name of this resize request. The name must be 1-63 characters long, and comply with RFC1035.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] The URL for this resize request. The server defines this URL.",
+          "type": "string"
+        },
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource with the resource id.",
+          "type": "string"
+        },
+        "state": {
+          "description": "[Output only] Current state of the request.",
+          "enum": [
+            "ACCEPTED",
+            "CANCELLED",
+            "CREATING",
+            "FAILED",
+            "PROVISIONING",
+            "SUCCEEDED"
+          ],
+          "enumDescriptions": [
+            "The request was created successfully and was accepted for provisioning when the capacity becomes available.",
+            "The request is cancelled.",
+            "resize request is being created and may still fail creation.",
+            "The request failed before or during provisioning. If the request fails during provisioning, any VMs that were created during provisioning are rolled back and removed from the MIG.",
+            "The target resource(s) are being provisioned.",
+            "The request succeeded."
+          ],
+          "type": "string"
+        },
+        "status": {
+          "$ref": "InstanceGroupManagerResizeRequestStatus",
+          "description": "[Output only] Status of the request. The Status message is aligned with QueuedResource.status. ResizeRequest.queuing_policy contains the queuing policy as provided by the user; it could have either valid_until_time or valid_until_duration. ResizeRequest.status.queuing_policy always contains absolute time as calculated by the server when the request is queued."
+        },
+        "zone": {
+          "description": "[Output Only] The URL of a zone where the resize request is located. Populated only for zonal resize requests.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "InstanceGroupManagerResizeRequestStatus": {
+      "id": "InstanceGroupManagerResizeRequestStatus",
+      "properties": {
+        "error": {
+          "description": "Errors encountered during the queueing or provisioning phases of the ResizeRequest.",
+          "properties": {
+            "errors": {
+              "description": "[Output Only] The array of errors encountered while processing this operation.",
+              "items": {
+                "properties": {
+                  "code": {
+                    "description": "[Output Only] The error type identifier for this error.",
+                    "type": "string"
+                  },
+                  "errorDetails": {
+                    "description": "[Output Only] An optional list of messages that contain the error details. There is a set of defined message types to use for providing details.The syntax depends on the error code. For example, QuotaExceededInfo will have details when the error code is QUOTA_EXCEEDED.",
+                    "items": {
+                      "properties": {
+                        "errorInfo": {
+                          "$ref": "ErrorInfo"
+                        },
+                        "help": {
+                          "$ref": "Help"
+                        },
+                        "localizedMessage": {
+                          "$ref": "LocalizedMessage"
+                        },
+                        "quotaInfo": {
+                          "$ref": "QuotaExceededInfo"
+                        }
+                      },
+                      "type": "object"
+                    },
+                    "type": "array"
+                  },
+                  "location": {
+                    "description": "[Output Only] Indicates the field in the request that caused the error. This property is optional.",
+                    "type": "string"
+                  },
+                  "message": {
+                    "description": "[Output Only] An optional, human-readable error message.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "InstanceGroupManagerResizeRequestsListResponse": {
+      "description": "[Output Only] A list of resize requests.",
+      "id": "InstanceGroupManagerResizeRequestsListResponse",
+      "properties": {
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "type": "string"
+        },
+        "items": {
+          "description": "A list of resize request resources.",
+          "items": {
+            "$ref": "InstanceGroupManagerResizeRequest"
+          },
+          "type": "array"
+        },
+        "kind": {
+          "default": "compute#instanceGroupManagerResizeRequestList",
+          "description": "[Output Only] Type of the resource. Always compute#instanceGroupManagerResizeRequestList for a list of resize requests.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
+        "warning": {
+          "description": "[Output Only] Informational warning message.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -47842,6 +52086,7 @@
           "type": "boolean"
         },
         "isStateful": {
+          "deprecated": true,
           "description": "[Output Only] A bit indicating whether the managed instance group has stateful configuration, that is, if you have configured any items in a stateful policy or in per-instance configs. The group might report that it has no stateful configuration even when there is still some preserved state on a managed instance, for example, if you have deleted all PICs but not yet applied those deletions. This field is deprecated in favor of has_stateful_config.",
           "type": "boolean"
         },
@@ -47910,14 +52155,14 @@
           ],
           "enumDescriptions": [
             "Do not perform any action.",
-            "Updates applied in runtime, instances will not be disrupted.",
-            "Old instances will be deleted. New instances will be created from the target template.",
-            "Every instance will be restarted."
+            "Do not stop the instance.",
+            "(Default.) Replace the instance according to the replacement method option.",
+            "Stop the instance and start it again."
           ],
           "type": "string"
         },
         "mostDisruptiveAllowedAction": {
-          "description": "Most disruptive action that is allowed to be taken on an instance. You can specify either NONE to forbid any actions, REFRESH to allow actions that do not need instance restart, RESTART to allow actions that can be applied without instance replacing or REPLACE to allow all possible actions. If the Updater determines that the minimal update action needed is more disruptive than most disruptive allowed action you specify it will not perform the update at all.",
+          "description": "Most disruptive action that is allowed to be taken on an instance. You can specify either NONE to forbid any actions, REFRESH to avoid restarting the VM and to limit disruption as much as possible. RESTART to allow actions that can be applied without instance replacing or REPLACE to allow all possible actions. If the Updater determines that the minimal update action needed is more disruptive than most disruptive allowed action you specify it will not perform the update at all.",
           "enum": [
             "NONE",
             "REFRESH",
@@ -47926,9 +52171,9 @@
           ],
           "enumDescriptions": [
             "Do not perform any action.",
-            "Updates applied in runtime, instances will not be disrupted.",
-            "Old instances will be deleted. New instances will be created from the target template.",
-            "Every instance will be restarted."
+            "Do not stop the instance.",
+            "(Default.) Replace the instance according to the replacement method option.",
+            "Stop the instance and start it again."
           ],
           "type": "string"
         },
@@ -47945,14 +52190,14 @@
           "type": "string"
         },
         "type": {
-          "description": "The type of update process. You can specify either PROACTIVE so that the instance group manager proactively executes actions in order to bring instances to their target versions or OPPORTUNISTIC so that no action is proactively executed but the update will be performed as part of other actions (for example, resizes or recreateInstances calls).",
+          "description": "The type of update process. You can specify either PROACTIVE so that the MIG automatically updates VMs to the latest configurations or OPPORTUNISTIC so that you can select the VMs that you want to update.",
           "enum": [
             "OPPORTUNISTIC",
             "PROACTIVE"
           ],
           "enumDescriptions": [
-            "No action is being proactively performed in order to bring this IGM to its target version distribution (regardless of whether this distribution is expressed using instanceTemplate or versions field).",
-            "This IGM will actively converge to its target version distribution (regardless of whether this distribution is expressed using instanceTemplate or versions field)."
+            "MIG will apply new configurations to existing VMs only when you selectively target specific or all VMs to be updated.",
+            "MIG will automatically apply new configurations to all or a subset of existing VMs and also to new VMs that are added to the group."
           ],
           "type": "string"
         }
@@ -48006,7 +52251,7 @@
           "type": "array"
         },
         "minimalAction": {
-          "description": "The minimal action that you want to perform on each instance during the update: - REPLACE: At minimum, delete the instance and create it again. - RESTART: Stop the instance and start it again. - REFRESH: Do not stop the instance. - NONE: Do not disrupt the instance at all. By default, the minimum action is NONE. If your update requires a more disruptive action than you set with this flag, the necessary action is performed to execute the update.",
+          "description": "The minimal action that you want to perform on each instance during the update: - REPLACE: At minimum, delete the instance and create it again. - RESTART: Stop the instance and start it again. - REFRESH: Do not stop the instance and limit disruption as much as possible. - NONE: Do not disrupt the instance at all. By default, the minimum action is NONE. If your update requires a more disruptive action than you set with this flag, the necessary action is performed to execute the update.",
           "enum": [
             "NONE",
             "REFRESH",
@@ -48015,14 +52260,14 @@
           ],
           "enumDescriptions": [
             "Do not perform any action.",
-            "Updates applied in runtime, instances will not be disrupted.",
-            "Old instances will be deleted. New instances will be created from the target template.",
-            "Every instance will be restarted."
+            "Do not stop the instance.",
+            "(Default.) Replace the instance according to the replacement method option.",
+            "Stop the instance and start it again."
           ],
           "type": "string"
         },
         "mostDisruptiveAllowedAction": {
-          "description": "The most disruptive action that you want to perform on each instance during the update: - REPLACE: Delete the instance and create it again. - RESTART: Stop the instance and start it again. - REFRESH: Do not stop the instance. - NONE: Do not disrupt the instance at all. By default, the most disruptive allowed action is REPLACE. If your update requires a more disruptive action than you set with this flag, the update request will fail.",
+          "description": "The most disruptive action that you want to perform on each instance during the update: - REPLACE: Delete the instance and create it again. - RESTART: Stop the instance and start it again. - REFRESH: Do not stop the instance and limit disruption as much as possible. - NONE: Do not disrupt the instance at all. By default, the most disruptive allowed action is REPLACE. If your update requires a more disruptive action than you set with this flag, the update request will fail.",
           "enum": [
             "NONE",
             "REFRESH",
@@ -48031,9 +52276,9 @@
           ],
           "enumDescriptions": [
             "Do not perform any action.",
-            "Updates applied in runtime, instances will not be disrupted.",
-            "Old instances will be deleted. New instances will be created from the target template.",
-            "Every instance will be restarted."
+            "Do not stop the instance.",
+            "(Default.) Replace the instance according to the replacement method option.",
+            "Stop the instance and start it again."
           ],
           "type": "string"
         }
@@ -48058,7 +52303,7 @@
       "id": "InstanceGroupManagersDeleteInstancesRequest",
       "properties": {
         "instances": {
-          "description": "The URLs of one or more instances to delete. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
+          "description": "The URLs of one or more instances to delete. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME]. Queued instances do not have URL and can be deleted only by name. One cannot specify both URLs and names in a single request.",
           "items": {
             "type": "string"
           },
@@ -48149,6 +52394,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -48167,6 +52413,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -48178,6 +52454,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -48293,6 +52570,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -48311,6 +52589,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -48322,6 +52630,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -48479,6 +52788,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -48497,6 +52807,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -48508,6 +52848,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -48612,6 +52953,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -48630,6 +52972,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -48641,6 +53013,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -48750,6 +53123,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -48768,6 +53142,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -48779,6 +53183,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -48870,6 +53275,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -48888,6 +53294,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -48899,6 +53335,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -49343,6 +53780,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -49361,6 +53799,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -49372,6 +53840,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -49463,6 +53932,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -49481,6 +53951,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -49492,6 +53992,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -49565,6 +54066,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -49583,6 +54085,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -49594,6 +54126,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -49670,7 +54203,7 @@
             "TERMINATED"
           ],
           "enumDescriptions": [
-            "The Nanny is halted and we are performing tear down tasks like network deprogramming, releasing quota, IP, tearing down disks etc.",
+            "The instance is halted and we are performing tear down tasks like network deprogramming, releasing quota, IP, tearing down disks etc.",
             "Resources are being allocated for the instance.",
             "The instance is in repair.",
             "The instance is running.",
@@ -49699,6 +54232,19 @@
       },
       "type": "object"
     },
+    "InstancesBulkInsertOperationMetadata": {
+      "id": "InstancesBulkInsertOperationMetadata",
+      "properties": {
+        "perLocationStatus": {
+          "additionalProperties": {
+            "$ref": "BulkInsertOperationStatus"
+          },
+          "description": "Status information per location (location name is key). Example key: zones/us-central1-a",
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
     "InstancesGetEffectiveFirewallsResponse": {
       "id": "InstancesGetEffectiveFirewallsResponse",
       "properties": {
@@ -49730,6 +54276,7 @@
       "id": "InstancesGetEffectiveFirewallsResponseEffectiveFirewallPolicy",
       "properties": {
         "displayName": {
+          "deprecated": true,
           "description": "[Output Only] Deprecated, please use short name instead. The display name of the firewall policy.",
           "type": "string"
         },
@@ -49842,6 +54389,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -49860,6 +54408,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -49871,6 +54449,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -49982,6 +54561,23 @@
       },
       "type": "object"
     },
+    "InstancesSetSecurityPolicyRequest": {
+      "id": "InstancesSetSecurityPolicyRequest",
+      "properties": {
+        "networkInterfaces": {
+          "description": "The network interfaces that the security policy will be applied to. Network interfaces use the nicN naming format. You can only set a security policy for network interfaces with an access config.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "securityPolicy": {
+          "description": "A full or partial URL to a security policy to add to this instance. If this field is set to an empty string it will remove the associated security policy.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "InstancesSetServiceAccountRequest": {
       "id": "InstancesSetServiceAccountRequest",
       "properties": {
@@ -50012,6 +54608,571 @@
       },
       "type": "object"
     },
+    "InstantSnapshot": {
+      "description": "Represents a InstantSnapshot resource. You can use instant snapshots to create disk rollback points quickly..",
+      "id": "InstantSnapshot",
+      "properties": {
+        "architecture": {
+          "description": "[Output Only] The architecture of the instant snapshot. Valid values are ARM64 or X86_64.",
+          "enum": [
+            "ARCHITECTURE_UNSPECIFIED",
+            "ARM64",
+            "X86_64"
+          ],
+          "enumDescriptions": [
+            "Default value indicating Architecture is not set.",
+            "Machines with architecture ARM64",
+            "Machines with architecture X86_64"
+          ],
+          "type": "string"
+        },
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
+        },
+        "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
+          "type": "string"
+        },
+        "diskSizeGb": {
+          "description": "[Output Only] Size of the source disk, specified in GB.",
+          "format": "int64",
+          "type": "string"
+        },
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "kind": {
+          "default": "compute#instantSnapshot",
+          "description": "[Output Only] Type of the resource. Always compute#instantSnapshot for InstantSnapshot resources.",
+          "type": "string"
+        },
+        "labelFingerprint": {
+          "description": "A fingerprint for the labels being applied to this InstantSnapshot, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a InstantSnapshot.",
+          "format": "byte",
+          "type": "string"
+        },
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Labels to apply to this InstantSnapshot. These can be later modified by the setLabels method. Label values may be empty.",
+          "type": "object"
+        },
+        "name": {
+          "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
+        },
+        "region": {
+          "description": "[Output Only] URL of the region where the instant snapshot resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
+          "type": "string"
+        },
+        "resourceStatus": {
+          "$ref": "InstantSnapshotResourceStatus",
+          "description": "[Output Only] Status information for the instant snapshot resource."
+        },
+        "satisfiesPzs": {
+          "description": "[Output Only] Reserved for future use.",
+          "type": "boolean"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
+          "type": "string"
+        },
+        "selfLinkWithId": {
+          "description": "[Output Only] Server-defined URL for this resource's resource id.",
+          "type": "string"
+        },
+        "sourceDisk": {
+          "description": "URL of the source disk used to create this instant snapshot. Note that the source disk must be in the same zone/region as the instant snapshot to be created. This can be a full or valid partial URL. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - https://www.googleapis.com/compute/v1/projects/project/regions/region /disks/disk - projects/project/zones/zone/disks/disk - projects/project/regions/region/disks/disk - zones/zone/disks/disk - regions/region/disks/disk ",
+          "type": "string"
+        },
+        "sourceDiskId": {
+          "description": "[Output Only] The ID value of the disk used to create this InstantSnapshot. This value may be used to determine whether the InstantSnapshot was taken from the current or a previous instance of a given disk name.",
+          "type": "string"
+        },
+        "status": {
+          "description": "[Output Only] The status of the instantSnapshot. This can be CREATING, DELETING, FAILED, or READY.",
+          "enum": [
+            "CREATING",
+            "DELETING",
+            "FAILED",
+            "READY"
+          ],
+          "enumDescriptions": [
+            "InstantSnapshot creation is in progress.",
+            "InstantSnapshot is currently being deleted.",
+            "InstantSnapshot creation failed.",
+            "InstantSnapshot has been created successfully."
+          ],
+          "type": "string"
+        },
+        "zone": {
+          "description": "[Output Only] URL of the zone where the instant snapshot resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "InstantSnapshotAggregatedList": {
+      "id": "InstantSnapshotAggregatedList",
+      "properties": {
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "type": "string"
+        },
+        "items": {
+          "additionalProperties": {
+            "$ref": "InstantSnapshotsScopedList",
+            "description": "[Output Only] Name of the scope containing this set of instantSnapshots."
+          },
+          "description": "A list of InstantSnapshotsScopedList resources.",
+          "type": "object"
+        },
+        "kind": {
+          "default": "compute#instantSnapshotAggregatedList",
+          "description": "[Output Only] Type of resource. Always compute#instantSnapshotAggregatedList for aggregated lists of instantSnapshots.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "warning": {
+          "description": "[Output Only] Informational warning message.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "InstantSnapshotList": {
+      "description": "Contains a list of InstantSnapshot resources.",
+      "id": "InstantSnapshotList",
+      "properties": {
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "type": "string"
+        },
+        "items": {
+          "description": "A list of InstantSnapshot resources.",
+          "items": {
+            "$ref": "InstantSnapshot"
+          },
+          "type": "array"
+        },
+        "kind": {
+          "default": "compute#instantSnapshotList",
+          "description": "Type of resource.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
+        "warning": {
+          "description": "[Output Only] Informational warning message.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "InstantSnapshotResourceStatus": {
+      "id": "InstantSnapshotResourceStatus",
+      "properties": {
+        "storageSizeBytes": {
+          "description": "[Output Only] The storage size of this instant snapshot.",
+          "format": "int64",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "InstantSnapshotsScopedList": {
+      "id": "InstantSnapshotsScopedList",
+      "properties": {
+        "instantSnapshots": {
+          "description": "[Output Only] A list of instantSnapshots contained in this scope.",
+          "items": {
+            "$ref": "InstantSnapshot"
+          },
+          "type": "array"
+        },
+        "warning": {
+          "description": "[Output Only] Informational warning which replaces the list of instantSnapshots when the list is empty.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
     "Int64RangeMatch": {
       "description": "HttpRouteRuleMatch criteria for field values that must stay within the specified integer range.",
       "id": "Int64RangeMatch",
@@ -50030,13 +55191,26 @@
       "type": "object"
     },
     "Interconnect": {
-      "description": "Represents an Interconnect resource. An Interconnect resource is a dedicated connection between the GCP network and your on-premises network. For more information, read the Dedicated Interconnect Overview.",
+      "description": "Represents an Interconnect resource. An Interconnect resource is a dedicated connection between the Google Cloud network and your on-premises network. For more information, read the Dedicated Interconnect Overview.",
       "id": "Interconnect",
       "properties": {
         "adminEnabled": {
           "description": "Administrative status of the interconnect. When this is set to true, the Interconnect is functional and can carry traffic. When set to false, no packets can be carried over the interconnect and no BGP routes are exchanged over it. By default, the status is set to true.",
           "type": "boolean"
         },
+        "availableFeatures": {
+          "description": "[Output only] List of features available for this Interconnect connection, which can take one of the following values: - MACSEC If present then the interconnect was created on MACsec capable hardware ports. If not present then the interconnect is provisioned on non-MACsec capable ports and MACsec enablement will fail.",
+          "items": {
+            "enum": [
+              "IF_MACSEC"
+            ],
+            "enumDescriptions": [
+              "Media Access Control security (MACsec)"
+            ],
+            "type": "string"
+          },
+          "type": "array"
+        },
         "circuitInfos": {
           "description": "[Output Only] A list of CircuitInfo objects, that describe the individual circuits in this LAG.",
           "items": {
@@ -50130,6 +55304,14 @@
           "description": "URL of the InterconnectLocation object that represents where this connection is to be provisioned.",
           "type": "string"
         },
+        "macsec": {
+          "$ref": "InterconnectMacsec",
+          "description": "Configuration to enable Media Access Control security (MACsec) on the Interconnect connection between Google and your on-premises router."
+        },
+        "macsecEnabled": {
+          "description": "Enable or disable MACsec on this Interconnect connection. MACsec enablement fails if the MACsec object is not specified.",
+          "type": "boolean"
+        },
         "name": {
           "annotations": {
             "required": [
@@ -50165,13 +55347,30 @@
           "format": "int32",
           "type": "integer"
         },
+        "remoteLocation": {
+          "description": "Indicates that this is a Cross-Cloud Interconnect. This field specifies the location outside of Google's network that the interconnect is connected to.",
+          "type": "string"
+        },
+        "requestedFeatures": {
+          "description": "Optional. List of features requested for this Interconnect connection, which can take one of the following values: - MACSEC If specified then the interconnect will be created on MACsec capable hardware ports. If not specified, the default value is false, which will allocate non-MACsec capable ports first if available. This parameter can only be provided during interconnect INSERT and cannot be changed using interconnect PATCH.",
+          "items": {
+            "enum": [
+              "IF_MACSEC"
+            ],
+            "enumDescriptions": [
+              "Media Access Control security (MACsec)"
+            ],
+            "type": "string"
+          },
+          "type": "array"
+        },
         "requestedLinkCount": {
           "description": "Target number of physical links in the link bundle, as requested by the customer.",
           "format": "int32",
           "type": "integer"
         },
         "satisfiesPzs": {
-          "description": "[Output Only] Set to true if the resource satisfies the zone separation organization policy constraints and false otherwise. Defaults to false if the field is not present.",
+          "description": "[Output Only] Reserved for future use.",
           "type": "boolean"
         },
         "selfLink": {
@@ -50259,6 +55458,10 @@
           "description": "This field is not available.",
           "type": "string"
         },
+        "configurationConstraints": {
+          "$ref": "InterconnectAttachmentConfigurationConstraints",
+          "description": "[Output Only] Constraints for this attachment, if any. The attachment does not work if these constraints are not met."
+        },
         "creationTimestamp": {
           "description": "[Output Only] Creation timestamp in RFC3339 text format.",
           "type": "string"
@@ -50311,6 +55514,7 @@
           "type": "string"
         },
         "googleReferenceId": {
+          "deprecated": true,
           "description": "[Output Only] Google reference ID, to be used when raising support tickets with Google or otherwise to debug backend connectivity issues. [Deprecated] This field is not used.",
           "type": "string"
         },
@@ -50324,7 +55528,7 @@
           "type": "string"
         },
         "ipsecInternalAddresses": {
-          "description": "A list of URLs of addresses that have been reserved for the VLAN attachment. Used only for the VLAN attachment that has the encryption option as IPSEC. The addresses must be regional internal IP address ranges. When creating an HA VPN gateway over the VLAN attachment, if the attachment is configured to use a regional internal IP address, then the VPN gateway's IP address is allocated from the IP address range specified here. For example, if the HA VPN gateway's interface 0 is paired to this VLAN attachment, then a regional internal IP address for the VPN gateway interface 0 will be allocated from the IP address specified for this VLAN attachment. If this field is not specified when creating the VLAN attachment, then later on when creating an HA VPN gateway on this VLAN attachment, the HA VPN gateway's IP address is allocated from the regional external IP address pool. Not currently available publicly. ",
+          "description": "A list of URLs of addresses that have been reserved for the VLAN attachment. Used only for the VLAN attachment that has the encryption option as IPSEC. The addresses must be regional internal IP address ranges. When creating an HA VPN gateway over the VLAN attachment, if the attachment is configured to use a regional internal IP address, then the VPN gateway's IP address is allocated from the IP address range specified here. For example, if the HA VPN gateway's interface 0 is paired to this VLAN attachment, then a regional internal IP address for the VPN gateway interface 0 will be allocated from the IP address specified for this VLAN attachment. If this field is not specified when creating the VLAN attachment, then later on when creating an HA VPN gateway on this VLAN attachment, the HA VPN gateway's IP address is allocated from the regional external IP address pool.",
           "items": {
             "type": "string"
           },
@@ -50390,12 +55594,16 @@
           "description": "[Output Only] URL of the region where the regional interconnect attachment resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
           "type": "string"
         },
+        "remoteService": {
+          "description": "[Output Only] If the attachment is on a Cross-Cloud Interconnect connection, this field contains the interconnect's remote location service provider. Example values: \"Amazon Web Services\" \"Microsoft Azure\". The field is set only for attachments on Cross-Cloud Interconnect connections. Its value is copied from the InterconnectRemoteLocation remoteService field.",
+          "type": "string"
+        },
         "router": {
           "description": "URL of the Cloud Router to be used for dynamic routing. This router must be in the same region as this InterconnectAttachment. The InterconnectAttachment will automatically connect the Interconnect to the network \u0026 region within which the Cloud Router is configured.",
           "type": "string"
         },
         "satisfiesPzs": {
-          "description": "[Output Only] Set to true if the resource satisfies the zone separation organization policy constraints and false otherwise. Defaults to false if the field is not present.",
+          "description": "[Output Only] Reserved for future use.",
           "type": "boolean"
         },
         "selfLink": {
@@ -50436,6 +55644,11 @@
           ],
           "type": "string"
         },
+        "subnetLength": {
+          "description": "Length of the IPv4 subnet mask. Allowed values: - 29 (default) - 30 The default value is 29, except for Cross-Cloud Interconnect connections that use an InterconnectRemoteLocation with a constraints.subnetLengthRange.min equal to 30. For example, connections that use an Azure remote location fall into this category. In these cases, the default value is 30, and requesting 29 returns an error. Where both 29 and 30 are allowed, 29 is preferred, because it gives Google Cloud Support more debugging visibility. ",
+          "format": "int32",
+          "type": "integer"
+        },
         "type": {
           "description": "The type of interconnect attachment this is, which can take one of the following values: - DEDICATED: an attachment to a Dedicated Interconnect. - PARTNER: an attachment to a Partner Interconnect, created by the customer. - PARTNER_PROVIDER: an attachment to a Partner Interconnect, created by the partner. ",
           "enum": [
@@ -50509,6 +55722,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -50527,6 +55741,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -50538,6 +55782,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -50585,6 +55830,47 @@
       },
       "type": "object"
     },
+    "InterconnectAttachmentConfigurationConstraints": {
+      "id": "InterconnectAttachmentConfigurationConstraints",
+      "properties": {
+        "bgpMd5": {
+          "description": "[Output Only] Whether the attachment's BGP session requires/allows/disallows BGP MD5 authentication. This can take one of the following values: MD5_OPTIONAL, MD5_REQUIRED, MD5_UNSUPPORTED. For example, a Cross-Cloud Interconnect connection to a remote cloud provider that requires BGP MD5 authentication has the interconnectRemoteLocation attachment_configuration_constraints.bgp_md5 field set to MD5_REQUIRED, and that property is propagated to the attachment. Similarly, if BGP MD5 is MD5_UNSUPPORTED, an error is returned if MD5 is requested.",
+          "enum": [
+            "MD5_OPTIONAL",
+            "MD5_REQUIRED",
+            "MD5_UNSUPPORTED"
+          ],
+          "enumDescriptions": [
+            "MD5_OPTIONAL: BGP MD5 authentication is supported and can optionally be configured.",
+            "MD5_REQUIRED: BGP MD5 authentication must be configured.",
+            "MD5_UNSUPPORTED: BGP MD5 authentication must not be configured"
+          ],
+          "type": "string"
+        },
+        "bgpPeerAsnRanges": {
+          "description": "[Output Only] List of ASN ranges that the remote location is known to support. Formatted as an array of inclusive ranges {min: min-value, max: max-value}. For example, [{min: 123, max: 123}, {min: 64512, max: 65534}] allows the peer ASN to be 123 or anything in the range 64512-65534. This field is only advisory. Although the API accepts other ranges, these are the ranges that we recommend.",
+          "items": {
+            "$ref": "InterconnectAttachmentConfigurationConstraintsBgpPeerASNRange"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "InterconnectAttachmentConfigurationConstraintsBgpPeerASNRange": {
+      "id": "InterconnectAttachmentConfigurationConstraintsBgpPeerASNRange",
+      "properties": {
+        "max": {
+          "format": "uint32",
+          "type": "integer"
+        },
+        "min": {
+          "format": "uint32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
     "InterconnectAttachmentList": {
       "description": "Response to the list request, and contains a list of interconnect attachments.",
       "id": "InterconnectAttachmentList",
@@ -50629,6 +55915,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -50647,6 +55934,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -50658,6 +55975,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -50762,6 +56080,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -50780,6 +56099,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -50791,6 +56140,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -50858,7 +56208,7 @@
       "type": "object"
     },
     "InterconnectDiagnostics": {
-      "description": "Diagnostics information about interconnect, contains detailed and current technical information about Google's side of the connection.",
+      "description": "Diagnostics information about the Interconnect connection, which contains detailed and current technical information about Google's side of the connection.",
       "id": "InterconnectDiagnostics",
       "properties": {
         "arpCaches": {
@@ -50997,6 +56347,10 @@
         "lacpStatus": {
           "$ref": "InterconnectDiagnosticsLinkLACPStatus"
         },
+        "macsec": {
+          "$ref": "InterconnectDiagnosticsMacsecStatus",
+          "description": "Describes the status of MACsec encryption on this link."
+        },
         "operationalStatus": {
           "description": "The operational status of the link.",
           "enum": [
@@ -51020,6 +56374,21 @@
       },
       "type": "object"
     },
+    "InterconnectDiagnosticsMacsecStatus": {
+      "description": "Describes the status of MACsec encryption on the link.",
+      "id": "InterconnectDiagnosticsMacsecStatus",
+      "properties": {
+        "ckn": {
+          "description": "Indicates the Connectivity Association Key Name (CKN) currently being used if MACsec is operational.",
+          "type": "string"
+        },
+        "operational": {
+          "description": "Indicates whether or not MACsec is operational on this link.",
+          "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
     "InterconnectList": {
       "description": "Response to the list request, and contains a list of interconnects.",
       "id": "InterconnectList",
@@ -51064,6 +56433,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -51082,6 +56452,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -51093,6 +56493,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -51152,6 +56553,34 @@
           "description": "[Output Only] Availability zone for this InterconnectLocation. Within a metropolitan area (metro), maintenance will not be simultaneously scheduled in more than one availability zone. Example: \"zone1\" or \"zone2\".",
           "type": "string"
         },
+        "availableFeatures": {
+          "description": "[Output only] List of features available at this InterconnectLocation, which can take one of the following values: - MACSEC ",
+          "items": {
+            "enum": [
+              "IF_MACSEC"
+            ],
+            "enumDescriptions": [
+              "Media Access Control security (MACsec)"
+            ],
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "availableLinkTypes": {
+          "description": "[Output only] List of link types available at this InterconnectLocation, which can take one of the following values: - LINK_TYPE_ETHERNET_10G_LR - LINK_TYPE_ETHERNET_100G_LR ",
+          "items": {
+            "enum": [
+              "LINK_TYPE_ETHERNET_100G_LR",
+              "LINK_TYPE_ETHERNET_10G_LR"
+            ],
+            "enumDescriptions": [
+              "100G Ethernet, LR Optics.",
+              "10G Ethernet, LR Optics. [(rate_bps) = 10000000000];"
+            ],
+            "type": "string"
+          },
+          "type": "array"
+        },
         "city": {
           "description": "[Output Only] Metropolitan area designator that indicates which city an interconnect is located. For example: \"Chicago, IL\", \"Amsterdam, Netherlands\".",
           "type": "string"
@@ -51206,10 +56635,466 @@
           "type": "string"
         },
         "kind": {
-          "default": "compute#interconnectLocation",
-          "description": "[Output Only] Type of the resource. Always compute#interconnectLocation for interconnect locations.",
+          "default": "compute#interconnectLocation",
+          "description": "[Output Only] Type of the resource. Always compute#interconnectLocation for interconnect locations.",
+          "type": "string"
+        },
+        "name": {
+          "description": "[Output Only] Name of the resource.",
+          "type": "string"
+        },
+        "peeringdbFacilityId": {
+          "description": "[Output Only] The peeringdb identifier for this facility (corresponding with a netfac type in peeringdb).",
+          "type": "string"
+        },
+        "regionInfos": {
+          "description": "[Output Only] A list of InterconnectLocation.RegionInfo objects, that describe parameters pertaining to the relation between this InterconnectLocation and various Google Cloud regions.",
+          "items": {
+            "$ref": "InterconnectLocationRegionInfo"
+          },
+          "type": "array"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
+          "type": "string"
+        },
+        "status": {
+          "description": "[Output Only] The status of this InterconnectLocation, which can take one of the following values: - CLOSED: The InterconnectLocation is closed and is unavailable for provisioning new Interconnects. - AVAILABLE: The InterconnectLocation is available for provisioning new Interconnects. ",
+          "enum": [
+            "AVAILABLE",
+            "CLOSED"
+          ],
+          "enumDescriptions": [
+            "The InterconnectLocation is available for provisioning new Interconnects.",
+            "The InterconnectLocation is closed for provisioning new Interconnects."
+          ],
+          "type": "string"
+        },
+        "supportsPzs": {
+          "description": "[Output Only] Reserved for future use.",
+          "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
+    "InterconnectLocationList": {
+      "description": "Response to the list request, and contains a list of interconnect locations.",
+      "id": "InterconnectLocationList",
+      "properties": {
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "type": "string"
+        },
+        "items": {
+          "description": "A list of InterconnectLocation resources.",
+          "items": {
+            "$ref": "InterconnectLocation"
+          },
+          "type": "array"
+        },
+        "kind": {
+          "default": "compute#interconnectLocationList",
+          "description": "[Output Only] Type of resource. Always compute#interconnectLocationList for lists of interconnect locations.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
+        "warning": {
+          "description": "[Output Only] Informational warning message.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "InterconnectLocationRegionInfo": {
+      "description": "Information about any potential InterconnectAttachments between an Interconnect at a specific InterconnectLocation, and a specific Cloud Region.",
+      "id": "InterconnectLocationRegionInfo",
+      "properties": {
+        "expectedRttMs": {
+          "description": "Expected round-trip time in milliseconds, from this InterconnectLocation to a VM in this region.",
+          "format": "int64",
+          "type": "string"
+        },
+        "locationPresence": {
+          "description": "Identifies the network presence of this location.",
+          "enum": [
+            "GLOBAL",
+            "LOCAL_REGION",
+            "LP_GLOBAL",
+            "LP_LOCAL_REGION"
+          ],
+          "enumDescriptions": [
+            "This region is not in any common network presence with this InterconnectLocation.",
+            "This region shares the same regional network presence as this InterconnectLocation.",
+            "[Deprecated] This region is not in any common network presence with this InterconnectLocation.",
+            "[Deprecated] This region shares the same regional network presence as this InterconnectLocation."
+          ],
+          "type": "string"
+        },
+        "region": {
+          "description": "URL for the region of this location.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "InterconnectMacsec": {
+      "description": "Configuration information for enabling Media Access Control security (MACsec) on this Interconnect connection between Google and your on-premises router.",
+      "id": "InterconnectMacsec",
+      "properties": {
+        "failOpen": {
+          "description": "If set to true, the Interconnect connection is configured with a should-secure MACsec security policy, that allows the Google router to fallback to cleartext traffic if the MKA session cannot be established. By default, the Interconnect connection is configured with a must-secure security policy that drops all traffic if the MKA session cannot be established with your router.",
+          "type": "boolean"
+        },
+        "preSharedKeys": {
+          "description": "Required. A keychain placeholder describing a set of named key objects along with their start times. A MACsec CKN/CAK will be generated for each key in the key chain. Google router will automatically pick the key with the most recent startTime when establishing or re-establishing a MACsec secure link.",
+          "items": {
+            "$ref": "InterconnectMacsecPreSharedKey"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "InterconnectMacsecConfig": {
+      "description": "MACsec configuration information for the Interconnect connection. Contains the generated Connectivity Association Key Name (CKN) and the key (CAK) for this Interconnect connection.",
+      "id": "InterconnectMacsecConfig",
+      "properties": {
+        "preSharedKeys": {
+          "description": "A keychain placeholder describing a set of named key objects along with their start times. A MACsec CKN/CAK is generated for each key in the key chain. Google router automatically picks the key with the most recent startTime when establishing or re-establishing a MACsec secure link.",
+          "items": {
+            "$ref": "InterconnectMacsecConfigPreSharedKey"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "InterconnectMacsecConfigPreSharedKey": {
+      "description": "Describes a pre-shared key used to setup MACsec in static connectivity association key (CAK) mode.",
+      "id": "InterconnectMacsecConfigPreSharedKey",
+      "properties": {
+        "cak": {
+          "description": "An auto-generated Connectivity Association Key (CAK) for this key.",
+          "type": "string"
+        },
+        "ckn": {
+          "description": "An auto-generated Connectivity Association Key Name (CKN) for this key.",
+          "type": "string"
+        },
+        "name": {
+          "description": "User provided name for this pre-shared key.",
+          "type": "string"
+        },
+        "startTime": {
+          "description": "User provided timestamp on or after which this key is valid.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "InterconnectMacsecPreSharedKey": {
+      "description": "Describes a pre-shared key used to setup MACsec in static connectivity association key (CAK) mode.",
+      "id": "InterconnectMacsecPreSharedKey",
+      "properties": {
+        "name": {
+          "description": "Required. A name for this pre-shared key. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "type": "string"
+        },
+        "startTime": {
+          "description": "A RFC3339 timestamp on or after which the key is valid. startTime can be in the future. If the keychain has a single key, startTime can be omitted. If the keychain has multiple keys, startTime is mandatory for each key. The start times of keys must be in increasing order. The start times of two consecutive keys must be at least 6 hours apart.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "InterconnectOutageNotification": {
+      "description": "Description of a planned outage on this Interconnect.",
+      "id": "InterconnectOutageNotification",
+      "properties": {
+        "affectedCircuits": {
+          "description": "If issue_type is IT_PARTIAL_OUTAGE, a list of the Google-side circuit IDs that will be affected.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "description": {
+          "description": "A description about the purpose of the outage.",
+          "type": "string"
+        },
+        "endTime": {
+          "description": "Scheduled end time for the outage (milliseconds since Unix epoch).",
+          "format": "int64",
+          "type": "string"
+        },
+        "issueType": {
+          "description": "Form this outage is expected to take, which can take one of the following values: - OUTAGE: The Interconnect may be completely out of service for some or all of the specified window. - PARTIAL_OUTAGE: Some circuits comprising the Interconnect as a whole should remain up, but with reduced bandwidth. Note that the versions of this enum prefixed with \"IT_\" have been deprecated in favor of the unprefixed values.",
+          "enum": [
+            "IT_OUTAGE",
+            "IT_PARTIAL_OUTAGE",
+            "OUTAGE",
+            "PARTIAL_OUTAGE"
+          ],
+          "enumDescriptions": [
+            "[Deprecated] The Interconnect may be completely out of service for some or all of the specified window.",
+            "[Deprecated] Some circuits comprising the Interconnect will be out of service during the expected window. The interconnect as a whole should remain up, albeit with reduced bandwidth.",
+            "The Interconnect may be completely out of service for some or all of the specified window.",
+            "Some circuits comprising the Interconnect will be out of service during the expected window. The interconnect as a whole should remain up, albeit with reduced bandwidth."
+          ],
+          "type": "string"
+        },
+        "name": {
+          "description": "Unique identifier for this outage notification.",
+          "type": "string"
+        },
+        "source": {
+          "description": "The party that generated this notification, which can take the following value: - GOOGLE: this notification as generated by Google. Note that the value of NSRC_GOOGLE has been deprecated in favor of GOOGLE.",
+          "enum": [
+            "GOOGLE",
+            "NSRC_GOOGLE"
+          ],
+          "enumDescriptions": [
+            "This notification was generated by Google.",
+            "[Deprecated] This notification was generated by Google."
+          ],
+          "type": "string"
+        },
+        "startTime": {
+          "description": "Scheduled start time for the outage (milliseconds since Unix epoch).",
+          "format": "int64",
+          "type": "string"
+        },
+        "state": {
+          "description": "State of this notification, which can take one of the following values: - ACTIVE: This outage notification is active. The event could be in the past, present, or future. See start_time and end_time for scheduling. - CANCELLED: The outage associated with this notification was cancelled before the outage was due to start. - COMPLETED: The outage associated with this notification is complete. Note that the versions of this enum prefixed with \"NS_\" have been deprecated in favor of the unprefixed values.",
+          "enum": [
+            "ACTIVE",
+            "CANCELLED",
+            "COMPLETED",
+            "NS_ACTIVE",
+            "NS_CANCELED"
+          ],
+          "enumDescriptions": [
+            "This outage notification is active. The event could be in the future, present, or past. See start_time and end_time for scheduling.",
+            "The outage associated with this notification was cancelled before the outage was due to start.",
+            "The outage associated with this notification is complete.",
+            "[Deprecated] This outage notification is active. The event could be in the future, present, or past. See start_time and end_time for scheduling.",
+            "[Deprecated] The outage associated with this notification was canceled before the outage was due to start."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "InterconnectRemoteLocation": {
+      "description": "Represents a Cross-Cloud Interconnect Remote Location resource. You can use this resource to find remote location details about an Interconnect attachment (VLAN).",
+      "id": "InterconnectRemoteLocation",
+      "properties": {
+        "address": {
+          "description": "[Output Only] The postal address of the Point of Presence, each line in the address is separated by a newline character.",
+          "type": "string"
+        },
+        "attachmentConfigurationConstraints": {
+          "$ref": "InterconnectAttachmentConfigurationConstraints",
+          "description": "[Output Only] Subset of fields from InterconnectAttachment's |configurationConstraints| field that apply to all attachments for this remote location."
+        },
+        "city": {
+          "description": "[Output Only] Metropolitan area designator that indicates which city an interconnect is located. For example: \"Chicago, IL\", \"Amsterdam, Netherlands\".",
+          "type": "string"
+        },
+        "constraints": {
+          "$ref": "InterconnectRemoteLocationConstraints",
+          "description": "[Output Only] Constraints on the parameters for creating Cross-Cloud Interconnect and associated InterconnectAttachments."
+        },
+        "continent": {
+          "description": "[Output Only] Continent for this location, which can take one of the following values: - AFRICA - ASIA_PAC - EUROPE - NORTH_AMERICA - SOUTH_AMERICA ",
+          "enum": [
+            "AFRICA",
+            "ASIA_PAC",
+            "EUROPE",
+            "NORTH_AMERICA",
+            "SOUTH_AMERICA"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
+        },
+        "description": {
+          "description": "[Output Only] An optional description of the resource.",
+          "type": "string"
+        },
+        "facilityProvider": {
+          "description": "[Output Only] The name of the provider for this facility (e.g., EQUINIX).",
+          "type": "string"
+        },
+        "facilityProviderFacilityId": {
+          "description": "[Output Only] A provider-assigned Identifier for this facility (e.g., Ashburn-DC1).",
+          "type": "string"
+        },
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "kind": {
+          "default": "compute#interconnectRemoteLocation",
+          "description": "[Output Only] Type of the resource. Always compute#interconnectRemoteLocation for interconnect remote locations.",
           "type": "string"
         },
+        "lacp": {
+          "description": "[Output Only] Link Aggregation Control Protocol (LACP) constraints, which can take one of the following values: LACP_SUPPORTED, LACP_UNSUPPORTED",
+          "enum": [
+            "LACP_SUPPORTED",
+            "LACP_UNSUPPORTED"
+          ],
+          "enumDescriptions": [
+            "LACP_SUPPORTED: LACP is supported, and enabled by default on the Cross-Cloud Interconnect.",
+            "LACP_UNSUPPORTED: LACP is not supported and is not be enabled on this port. GetDiagnostics shows bundleAggregationType as \"static\". GCP does not support LAGs without LACP, so requestedLinkCount must be 1."
+          ],
+          "type": "string"
+        },
+        "maxLagSize100Gbps": {
+          "description": "[Output Only] The maximum number of 100 Gbps ports supported in a link aggregation group (LAG). When linkType is 100 Gbps, requestedLinkCount cannot exceed max_lag_size_100_gbps.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "maxLagSize10Gbps": {
+          "description": "[Output Only] The maximum number of 10 Gbps ports supported in a link aggregation group (LAG). When linkType is 10 Gbps, requestedLinkCount cannot exceed max_lag_size_10_gbps.",
+          "format": "int32",
+          "type": "integer"
+        },
         "name": {
           "description": "[Output Only] Name of the resource.",
           "type": "string"
@@ -51218,58 +57103,106 @@
           "description": "[Output Only] The peeringdb identifier for this facility (corresponding with a netfac type in peeringdb).",
           "type": "string"
         },
-        "regionInfos": {
-          "description": "[Output Only] A list of InterconnectLocation.RegionInfo objects, that describe parameters pertaining to the relation between this InterconnectLocation and various Google Cloud regions.",
+        "permittedConnections": {
+          "description": "[Output Only] Permitted connections.",
           "items": {
-            "$ref": "InterconnectLocationRegionInfo"
+            "$ref": "InterconnectRemoteLocationPermittedConnections"
           },
           "type": "array"
         },
+        "remoteService": {
+          "description": "[Output Only] Indicates the service provider present at the remote location. Example values: \"Amazon Web Services\", \"Microsoft Azure\".",
+          "type": "string"
+        },
         "selfLink": {
           "description": "[Output Only] Server-defined URL for the resource.",
           "type": "string"
         },
         "status": {
-          "description": "[Output Only] The status of this InterconnectLocation, which can take one of the following values: - CLOSED: The InterconnectLocation is closed and is unavailable for provisioning new Interconnects. - AVAILABLE: The InterconnectLocation is available for provisioning new Interconnects. ",
+          "description": "[Output Only] The status of this InterconnectRemoteLocation, which can take one of the following values: - CLOSED: The InterconnectRemoteLocation is closed and is unavailable for provisioning new Cross-Cloud Interconnects. - AVAILABLE: The InterconnectRemoteLocation is available for provisioning new Cross-Cloud Interconnects. ",
           "enum": [
             "AVAILABLE",
             "CLOSED"
           ],
           "enumDescriptions": [
-            "The InterconnectLocation is available for provisioning new Interconnects.",
-            "The InterconnectLocation is closed for provisioning new Interconnects."
+            "The InterconnectRemoteLocation is available for provisioning new Cross-Cloud Interconnects.",
+            "The InterconnectRemoteLocation is closed for provisioning new Cross-Cloud Interconnects."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "InterconnectRemoteLocationConstraints": {
+      "id": "InterconnectRemoteLocationConstraints",
+      "properties": {
+        "portPairRemoteLocation": {
+          "description": "[Output Only] Port pair remote location constraints, which can take one of the following values: PORT_PAIR_UNCONSTRAINED_REMOTE_LOCATION, PORT_PAIR_MATCHING_REMOTE_LOCATION. GCP's API refers only to individual ports, but the UI uses this field when ordering a pair of ports, to prevent users from accidentally ordering something that is incompatible with their cloud provider. Specifically, when ordering a redundant pair of Cross-Cloud Interconnect ports, and one of them uses a remote location with portPairMatchingRemoteLocation set to matching, the UI requires that both ports use the same remote location.",
+          "enum": [
+            "PORT_PAIR_MATCHING_REMOTE_LOCATION",
+            "PORT_PAIR_UNCONSTRAINED_REMOTE_LOCATION"
+          ],
+          "enumDescriptions": [
+            "If PORT_PAIR_MATCHING_REMOTE_LOCATION, the remote cloud provider allocates ports in pairs, and the user should choose the same remote location for both ports.",
+            "If PORT_PAIR_UNCONSTRAINED_REMOTE_LOCATION, a user may opt to provision a redundant pair of Cross-Cloud Interconnects using two different remote locations in the same city."
           ],
           "type": "string"
         },
-        "supportsPzs": {
-          "description": "[Output Only] Set to true for locations that support physical zone separation. Defaults to false if the field is not present.",
-          "type": "boolean"
+        "portPairVlan": {
+          "description": "[Output Only] Port pair VLAN constraints, which can take one of the following values: PORT_PAIR_UNCONSTRAINED_VLAN, PORT_PAIR_MATCHING_VLAN",
+          "enum": [
+            "PORT_PAIR_MATCHING_VLAN",
+            "PORT_PAIR_UNCONSTRAINED_VLAN"
+          ],
+          "enumDescriptions": [
+            "If PORT_PAIR_MATCHING_VLAN, the Interconnect for this attachment is part of a pair of ports that should have matching VLAN allocations. This occurs with Cross-Cloud Interconnect to Azure remote locations. While GCP's API does not explicitly group pairs of ports, the UI uses this field to ensure matching VLAN ids when configuring a redundant VLAN pair.",
+            "PORT_PAIR_UNCONSTRAINED_VLAN means there is no constraint."
+          ],
+          "type": "string"
+        },
+        "subnetLengthRange": {
+          "$ref": "InterconnectRemoteLocationConstraintsSubnetLengthRange",
+          "description": "[Output Only] [min-length, max-length] The minimum and maximum value (inclusive) for the IPv4 subnet length. For example, an interconnectRemoteLocation for Azure has {min: 30, max: 30} because Azure requires /30 subnets. This range specifies the values supported by both cloud providers. Interconnect currently supports /29 and /30 IPv4 subnet lengths. If a remote cloud has no constraint on IPv4 subnet length, the range would thus be {min: 29, max: 30}. "
         }
       },
       "type": "object"
     },
-    "InterconnectLocationList": {
-      "description": "Response to the list request, and contains a list of interconnect locations.",
-      "id": "InterconnectLocationList",
+    "InterconnectRemoteLocationConstraintsSubnetLengthRange": {
+      "id": "InterconnectRemoteLocationConstraintsSubnetLengthRange",
+      "properties": {
+        "max": {
+          "format": "int32",
+          "type": "integer"
+        },
+        "min": {
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "InterconnectRemoteLocationList": {
+      "description": "Response to the list request, and contains a list of interconnect remote locations.",
+      "id": "InterconnectRemoteLocationList",
       "properties": {
         "id": {
           "description": "[Output Only] Unique identifier for the resource; defined by the server.",
           "type": "string"
         },
         "items": {
-          "description": "A list of InterconnectLocation resources.",
+          "description": "A list of InterconnectRemoteLocation resources.",
           "items": {
-            "$ref": "InterconnectLocation"
+            "$ref": "InterconnectRemoteLocation"
           },
           "type": "array"
         },
         "kind": {
-          "default": "compute#interconnectLocationList",
-          "description": "[Output Only] Type of resource. Always compute#interconnectLocationList for lists of interconnect locations.",
+          "default": "compute#interconnectRemoteLocationList",
+          "description": "[Output Only] Type of resource. Always compute#interconnectRemoteLocationList for lists of interconnect remote locations.",
           "type": "string"
         },
         "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "description": "[Output Only] This token lets you get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
           "type": "string"
         },
         "selfLink": {
@@ -51292,6 +57225,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -51310,6 +57244,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -51321,6 +57285,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -51368,122 +57333,36 @@
       },
       "type": "object"
     },
-    "InterconnectLocationRegionInfo": {
-      "description": "Information about any potential InterconnectAttachments between an Interconnect at a specific InterconnectLocation, and a specific Cloud Region.",
-      "id": "InterconnectLocationRegionInfo",
+    "InterconnectRemoteLocationPermittedConnections": {
+      "id": "InterconnectRemoteLocationPermittedConnections",
       "properties": {
-        "expectedRttMs": {
-          "description": "Expected round-trip time in milliseconds, from this InterconnectLocation to a VM in this region.",
-          "format": "int64",
-          "type": "string"
-        },
-        "locationPresence": {
-          "description": "Identifies the network presence of this location.",
-          "enum": [
-            "GLOBAL",
-            "LOCAL_REGION",
-            "LP_GLOBAL",
-            "LP_LOCAL_REGION"
-          ],
-          "enumDescriptions": [
-            "This region is not in any common network presence with this InterconnectLocation.",
-            "This region shares the same regional network presence as this InterconnectLocation.",
-            "[Deprecated] This region is not in any common network presence with this InterconnectLocation.",
-            "[Deprecated] This region shares the same regional network presence as this InterconnectLocation."
-          ],
-          "type": "string"
-        },
-        "region": {
-          "description": "URL for the region of this location.",
+        "interconnectLocation": {
+          "description": "[Output Only] URL of an Interconnect location that is permitted to connect to this Interconnect remote location.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "InterconnectOutageNotification": {
-      "description": "Description of a planned outage on this Interconnect.",
-      "id": "InterconnectOutageNotification",
+    "InterconnectsGetDiagnosticsResponse": {
+      "description": "Response for the InterconnectsGetDiagnosticsRequest.",
+      "id": "InterconnectsGetDiagnosticsResponse",
       "properties": {
-        "affectedCircuits": {
-          "description": "If issue_type is IT_PARTIAL_OUTAGE, a list of the Google-side circuit IDs that will be affected.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "description": {
-          "description": "A description about the purpose of the outage.",
-          "type": "string"
-        },
-        "endTime": {
-          "description": "Scheduled end time for the outage (milliseconds since Unix epoch).",
-          "format": "int64",
-          "type": "string"
-        },
-        "issueType": {
-          "description": "Form this outage is expected to take, which can take one of the following values: - OUTAGE: The Interconnect may be completely out of service for some or all of the specified window. - PARTIAL_OUTAGE: Some circuits comprising the Interconnect as a whole should remain up, but with reduced bandwidth. Note that the versions of this enum prefixed with \"IT_\" have been deprecated in favor of the unprefixed values.",
-          "enum": [
-            "IT_OUTAGE",
-            "IT_PARTIAL_OUTAGE",
-            "OUTAGE",
-            "PARTIAL_OUTAGE"
-          ],
-          "enumDescriptions": [
-            "[Deprecated] The Interconnect may be completely out of service for some or all of the specified window.",
-            "[Deprecated] Some circuits comprising the Interconnect will be out of service during the expected window. The interconnect as a whole should remain up, albeit with reduced bandwidth.",
-            "The Interconnect may be completely out of service for some or all of the specified window.",
-            "Some circuits comprising the Interconnect will be out of service during the expected window. The interconnect as a whole should remain up, albeit with reduced bandwidth."
-          ],
-          "type": "string"
-        },
-        "name": {
-          "description": "Unique identifier for this outage notification.",
-          "type": "string"
-        },
-        "source": {
-          "description": "The party that generated this notification, which can take the following value: - GOOGLE: this notification as generated by Google. Note that the value of NSRC_GOOGLE has been deprecated in favor of GOOGLE.",
-          "enum": [
-            "GOOGLE",
-            "NSRC_GOOGLE"
-          ],
-          "enumDescriptions": [
-            "This notification was generated by Google.",
-            "[Deprecated] This notification was generated by Google."
-          ],
-          "type": "string"
-        },
-        "startTime": {
-          "description": "Scheduled start time for the outage (milliseconds since Unix epoch).",
-          "format": "int64",
-          "type": "string"
-        },
-        "state": {
-          "description": "State of this notification, which can take one of the following values: - ACTIVE: This outage notification is active. The event could be in the past, present, or future. See start_time and end_time for scheduling. - CANCELLED: The outage associated with this notification was cancelled before the outage was due to start. - COMPLETED: The outage associated with this notification is complete. Note that the versions of this enum prefixed with \"NS_\" have been deprecated in favor of the unprefixed values.",
-          "enum": [
-            "ACTIVE",
-            "CANCELLED",
-            "COMPLETED",
-            "NS_ACTIVE",
-            "NS_CANCELED"
-          ],
-          "enumDescriptions": [
-            "This outage notification is active. The event could be in the future, present, or past. See start_time and end_time for scheduling.",
-            "The outage associated with this notification was cancelled before the outage was due to start.",
-            "The outage associated with this notification is complete.",
-            "[Deprecated] This outage notification is active. The event could be in the future, present, or past. See start_time and end_time for scheduling.",
-            "[Deprecated] The outage associated with this notification was canceled before the outage was due to start."
-          ],
-          "type": "string"
+        "result": {
+          "$ref": "InterconnectDiagnostics"
         }
       },
       "type": "object"
     },
-    "InterconnectsGetDiagnosticsResponse": {
-      "description": "Response for the InterconnectsGetDiagnosticsRequest.",
-      "id": "InterconnectsGetDiagnosticsResponse",
+    "InterconnectsGetMacsecConfigResponse": {
+      "description": "Response for the InterconnectsGetMacsecConfigRequest.",
+      "id": "InterconnectsGetMacsecConfigResponse",
       "properties": {
+        "etag": {
+          "description": "end_interface: MixerGetResponseWithEtagBuilder",
+          "type": "string"
+        },
         "result": {
-          "$ref": "InterconnectDiagnostics"
+          "$ref": "InterconnectMacsecConfig"
         }
       },
       "type": "object"
@@ -51699,6 +57578,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -51717,6 +57597,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -51728,6 +57638,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -52125,6 +58036,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -52143,6 +58055,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -52154,6 +58096,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -52215,7 +58158,7 @@
                 "type": "integer"
               },
               "guestAcceleratorType": {
-                "description": "The accelerator type resource name, not a full URL, e.g. 'nvidia-tesla-k80'.",
+                "description": "The accelerator type resource name, not a full URL, e.g. nvidia-tesla-t4.",
                 "type": "string"
               }
             },
@@ -52340,6 +58283,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -52358,6 +58302,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -52369,6 +58343,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -52460,6 +58435,141 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "MachineTypesScopedList": {
+      "id": "MachineTypesScopedList",
+      "properties": {
+        "machineTypes": {
+          "description": "[Output Only] A list of machine types contained in this scope.",
+          "items": {
+            "$ref": "MachineType"
+          },
+          "type": "array"
+        },
+        "warning": {
+          "description": "[Output Only] An informational warning that appears when the machine types list is empty.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -52478,107 +58588,35 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "MachineTypesScopedList": {
-      "id": "MachineTypesScopedList",
-      "properties": {
-        "machineTypes": {
-          "description": "[Output Only] A list of machine types contained in this scope.",
-          "items": {
-            "$ref": "MachineType"
-          },
-          "type": "array"
-        },
-        "warning": {
-          "description": "[Output Only] An informational warning that appears when the machine types list is empty.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
               ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
@@ -52591,6 +58629,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -52711,7 +58750,7 @@
             "TERMINATED"
           ],
           "enumDescriptions": [
-            "The Nanny is halted and we are performing tear down tasks like network deprogramming, releasing quota, IP, tearing down disks etc.",
+            "The instance is halted and we are performing tear down tasks like network deprogramming, releasing quota, IP, tearing down disks etc.",
             "Resources are being allocated for the instance.",
             "The instance is in repair.",
             "The instance is running.",
@@ -52728,6 +58767,10 @@
           "$ref": "ManagedInstanceLastAttempt",
           "description": "[Output Only] Information about the last attempt to create or delete the instance."
         },
+        "name": {
+          "description": "[Output Only] The name of the instance. The name will always exist even if the instance has not yet been created.",
+          "type": "string"
+        },
         "preservedStateFromConfig": {
           "$ref": "PreservedState",
           "description": "[Output Only] Preserved state applied from per-instance config for this instance."
@@ -52961,6 +59004,7 @@
       "id": "Network",
       "properties": {
         "IPv4Range": {
+          "deprecated": true,
           "description": "Deprecated in favor of subnet mode networks. The range of internal addresses that are legal on this network. This range is a CIDR specification, for example: 192.168.0.0/16. Provided by the client when the network is created.",
           "pattern": "[0-9]{1,3}(?:\\.[0-9]{1,3}){3}/[0-9]{1,2}",
           "type": "string"
@@ -52986,7 +59030,7 @@
           "type": "string"
         },
         "gatewayIPv4": {
-          "description": "[Output Only] The gateway address for default routing out of the network, selected by GCP.",
+          "description": "[Output Only] The gateway address for default routing out of the network, selected by Google Cloud.",
           "pattern": "[0-9]{1,3}(?:\\.[0-9]{1,3}){3}",
           "type": "string"
         },
@@ -53093,7 +59137,7 @@
           "type": "string"
         },
         "fingerprint": {
-          "description": "[Output Only] Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. An up-to-date fingerprint must be provided in order to patch.",
+          "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. An up-to-date fingerprint must be provided in order to patch.",
           "format": "byte",
           "type": "string"
         },
@@ -53118,7 +59162,7 @@
           "type": "string"
         },
         "network": {
-          "description": "[Output Only] The URL of the network which the Network Attachment belongs to.",
+          "description": "[Output Only] The URL of the network which the Network Attachment belongs to. Practically it is inferred by fetching the network of the first subnetwork associated. Because it is required that all the subnetworks must be from the same network, it is assured that the Network Attachment belongs to the same network as all the subnetworks.",
           "type": "string"
         },
         "producerAcceptLists": {
@@ -53201,6 +59245,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -53219,6 +59264,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -53230,6 +59305,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -53282,7 +59358,7 @@
       "id": "NetworkAttachmentConnectedEndpoint",
       "properties": {
         "ipAddress": {
-          "description": "The IP address assigned to the producer instance network interface. This value will be a range in case of Serverless.",
+          "description": "The IPv4 address assigned to the producer instance network interface. This value will be a range in case of Serverless.",
           "type": "string"
         },
         "projectIdOrNum": {
@@ -53290,7 +59366,7 @@
           "type": "string"
         },
         "secondaryIpCidrRanges": {
-          "description": "Alias IP ranges from the same subnetwork",
+          "description": "Alias IP ranges from the same subnetwork.",
           "items": {
             "type": "string"
           },
@@ -53365,6 +59441,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -53383,6 +59460,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -53394,6 +59501,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -53467,6 +59575,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -53485,6 +59594,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -53496,6 +59635,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -53648,6 +59788,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -53666,6 +59807,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -53677,6 +59848,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -53750,6 +59922,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -53768,6 +59941,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -53779,6 +59982,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -53849,6 +60053,10 @@
           "description": "Optional IPv4 address of network endpoint. The IP address must belong to a VM in Compute Engine (either the primary IP or as part of an aliased IP range). If the IP address is not specified, then the primary IP address for the VM instance in the network that the network endpoint group belongs to will be used.",
           "type": "string"
         },
+        "ipv6Address": {
+          "description": "Optional IPv6 address of network endpoint.",
+          "type": "string"
+        },
         "port": {
           "description": "Optional port number of network endpoint. If not specified, the defaultPort for the network endpoint group will be used.",
           "format": "int32",
@@ -53905,6 +60113,7 @@
         },
         "loadBalancer": {
           "$ref": "NetworkEndpointGroupLbNetworkEndpointGroup",
+          "deprecated": true,
           "description": "This field is only valid when the network endpoint group is used for load balancing. [Deprecated] This field is deprecated."
         },
         "name": {
@@ -54023,6 +60232,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -54041,6 +60251,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -54052,6 +60292,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -54157,19 +60398,23 @@
       "id": "NetworkEndpointGroupLbNetworkEndpointGroup",
       "properties": {
         "defaultPort": {
+          "deprecated": true,
           "description": "The default port used if the port number is not specified in the network endpoint. [Deprecated] This field is deprecated.",
           "format": "int32",
           "type": "integer"
         },
         "network": {
+          "deprecated": true,
           "description": "The URL of the network to which all network endpoints in the NEG belong. Uses \"default\" project network if unspecified. [Deprecated] This field is deprecated.",
           "type": "string"
         },
         "subnetwork": {
+          "deprecated": true,
           "description": "Optional URL of the subnetwork to which all network endpoints in the NEG belong. [Deprecated] This field is deprecated.",
           "type": "string"
         },
         "zone": {
+          "deprecated": true,
           "description": "[Output Only] The URL of the zone where the network endpoint group is located. [Deprecated] This field is deprecated.",
           "type": "string"
         }
@@ -54219,6 +60464,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -54237,6 +60483,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -54248,6 +60524,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -54453,6 +60730,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -54471,6 +60749,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -54482,6 +60790,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -54555,6 +60864,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -54573,6 +60883,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -54584,6 +60924,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -54696,7 +61037,7 @@
           "type": "string"
         },
         "ipv6Address": {
-          "description": "An IPv6 internal network address for this network interface. To use a static internal IP address, it must be unused and in the same region as the instance's zone. If not specified, GCP will automatically assign an internal IPv6 address from the instance's subnetwork.",
+          "description": "An IPv6 internal network address for this network interface. To use a static internal IP address, it must be unused and in the same region as the instance's zone. If not specified, Google Cloud will automatically assign an internal IPv6 address from the instance's subnetwork.",
           "type": "string"
         },
         "kind": {
@@ -54740,7 +61081,7 @@
           "type": "integer"
         },
         "stackType": {
-          "description": "The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used. This field can be both set at instance creation and update network interface operations.",
+          "description": "The stack type for this network interface. To assign only IPv4 addresses, use IPV4_ONLY. To assign both IPv4 and IPv6 addresses, use IPV4_IPV6. If not specified, IPV4_ONLY is used. This field can be both set at instance creation and update network interface operations.",
           "enum": [
             "IPV4_IPV6",
             "IPV4_ONLY"
@@ -54802,6 +61143,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -54820,6 +61162,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -54831,6 +61203,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -55044,6 +61417,7 @@
       "id": "NetworksGetEffectiveFirewallsResponseEffectiveFirewallPolicy",
       "properties": {
         "displayName": {
+          "deprecated": true,
           "description": "[Output Only] Deprecated, please use short name instead. The display name of the firewall policy.",
           "type": "string"
         },
@@ -55264,6 +61638,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -55282,6 +61657,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -55293,6 +61698,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -55416,6 +61822,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -55434,6 +61841,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -55445,6 +61882,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -55667,6 +62105,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -55685,6 +62124,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -55696,6 +62165,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -55769,6 +62239,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -55787,6 +62258,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -55798,6 +62299,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -55933,7 +62435,7 @@
         },
         "nodeTypeFlexibility": {
           "$ref": "NodeTemplateNodeTypeFlexibility",
-          "description": "The flexible properties of the desired node type. Node groups that use this node template will create nodes of a type that matches these properties. This field is mutually exclusive with the node_type property; you can only define one or the other, but not both."
+          "description": "Do not use. Instead, use the node_type property."
         },
         "region": {
           "description": "[Output Only] The name of the region where the node template resides, such as us-central1.",
@@ -56021,6 +62523,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -56039,6 +62542,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -56050,6 +62583,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -56141,6 +62675,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -56159,6 +62694,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -56170,6 +62735,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -56258,6 +62824,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -56276,6 +62843,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -56287,6 +62884,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -56446,6 +63044,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -56464,6 +63063,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -56475,6 +63104,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -56566,6 +63196,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -56584,6 +63215,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -56595,6 +63256,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -56668,6 +63330,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -56686,6 +63349,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -56697,6 +63390,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -56857,6 +63551,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -56875,6 +63570,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -56886,6 +63611,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -57019,6 +63745,9 @@
           "description": "[Output Only] The time that this operation was requested. This value is in RFC3339 text format.",
           "type": "string"
         },
+        "instancesBulkInsertOperationMetadata": {
+          "$ref": "InstancesBulkInsertOperationMetadata"
+        },
         "kind": {
           "default": "compute#operation",
           "description": "[Output Only] Type of the resource. Always `compute#operation` for Operation resources.",
@@ -57101,6 +63830,7 @@
                   "INJECTED_KERNELS_DEPRECATED",
                   "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                   "LARGE_DEPLOYMENT_WARNING",
+                  "LIST_OVERHEAD_QUOTA_EXCEED",
                   "MISSING_TYPE_DEPENDENCY",
                   "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                   "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -57119,6 +63849,36 @@
                   "UNDECLARED_PROPERTIES",
                   "UNREACHABLE"
                 ],
+                "enumDeprecated": [
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  true,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false
+                ],
                 "enumDescriptions": [
                   "Warning about failed cleanup of transient changes made by a failed operation.",
                   "A link to a deprecated resource was created.",
@@ -57130,6 +63890,7 @@
                   "The operation involved use of an injected kernel, which is deprecated.",
                   "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                   "When deploying a deployment with a exceedingly large number of resources",
+                  "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                   "A resource depends on a missing type",
                   "The route's nextHopIp address is not assigned to an instance on the network.",
                   "The route's next hop instance cannot ip forward.",
@@ -57234,6 +63995,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -57252,6 +64014,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -57263,6 +64055,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -57354,6 +64147,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -57372,6 +64166,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -57383,6 +64207,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -57456,6 +64281,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -57474,6 +64300,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -57485,6 +64341,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -57556,54 +64413,54 @@
       "properties": {
         "baseEjectionTime": {
           "$ref": "Duration",
-          "description": "The base time that a host is ejected for. The real ejection time is equal to the base ejection time multiplied by the number of times the host has been ejected. Defaults to 30000ms or 30s."
+          "description": "The base time that a backend endpoint is ejected for. Defaults to 30000ms or 30s. After a backend endpoint is returned back to the load balancing pool, it can be ejected again in another ejection analysis. Thus, the total ejection time is equal to the base ejection time multiplied by the number of times the backend endpoint has been ejected. Defaults to 30000ms or 30s."
         },
         "consecutiveErrors": {
-          "description": "Number of errors before a host is ejected from the connection pool. When the backend host is accessed over HTTP, a 5xx return code qualifies as an error. Defaults to 5. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.",
+          "description": "Number of consecutive errors before a backend endpoint is ejected from the load balancing pool. When the backend endpoint is accessed over HTTP, a 5xx return code qualifies as an error. Defaults to 5.",
           "format": "int32",
           "type": "integer"
         },
         "consecutiveGatewayFailure": {
-          "description": "The number of consecutive gateway failures (502, 503, 504 status or connection errors that are mapped to one of those status codes) before a consecutive gateway failure ejection occurs. Defaults to 3. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.",
+          "description": "The number of consecutive gateway failures (502, 503, 504 status or connection errors that are mapped to one of those status codes) before a consecutive gateway failure ejection occurs. Defaults to 3.",
           "format": "int32",
           "type": "integer"
         },
         "enforcingConsecutiveErrors": {
-          "description": "The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 0. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.",
+          "description": "The percentage chance that a backend endpoint will be ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 0.",
           "format": "int32",
           "type": "integer"
         },
         "enforcingConsecutiveGatewayFailure": {
-          "description": "The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive gateway failures. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.",
+          "description": "The percentage chance that a backend endpoint will be ejected when an outlier status is detected through consecutive gateway failures. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.",
           "format": "int32",
           "type": "integer"
         },
         "enforcingSuccessRate": {
-          "description": "The percentage chance that a host will be actually ejected when an outlier status is detected through success rate statistics. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.",
+          "description": "The percentage chance that a backend endpoint will be ejected when an outlier status is detected through success rate statistics. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100. Not supported when the backend service uses Serverless NEG.",
           "format": "int32",
           "type": "integer"
         },
         "interval": {
           "$ref": "Duration",
-          "description": "Time interval between ejection analysis sweeps. This can result in both new ejections as well as hosts being returned to service. Defaults to 1 second."
+          "description": "Time interval between ejection analysis sweeps. This can result in both new ejections and backend endpoints being returned to service. The interval is equal to the number of seconds as defined in outlierDetection.interval.seconds plus the number of nanoseconds as defined in outlierDetection.interval.nanos. Defaults to 1 second."
         },
         "maxEjectionPercent": {
-          "description": "Maximum percentage of hosts in the load balancing pool for the backend service that can be ejected. Defaults to 50%.",
+          "description": "Maximum percentage of backend endpoints in the load balancing pool for the backend service that can be ejected if the ejection conditions are met. Defaults to 50%.",
           "format": "int32",
           "type": "integer"
         },
         "successRateMinimumHosts": {
-          "description": "The number of hosts in a cluster that must have enough request volume to detect success rate outliers. If the number of hosts is less than this setting, outlier detection via success rate statistics is not performed for any host in the cluster. Defaults to 5.",
+          "description": "The number of backend endpoints in the load balancing pool that must have enough request volume to detect success rate outliers. If the number of backend endpoints is fewer than this setting, outlier detection via success rate statistics is not performed for any backend endpoint in the load balancing pool. Defaults to 5. Not supported when the backend service uses Serverless NEG.",
           "format": "int32",
           "type": "integer"
         },
         "successRateRequestVolume": {
-          "description": "The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to include this host in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that host. Defaults to 100.",
+          "description": "The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to include this backend endpoint in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that backend endpoint. Defaults to 100. Not supported when the backend service uses Serverless NEG.",
           "format": "int32",
           "type": "integer"
         },
         "successRateStdevFactor": {
-          "description": "This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided by a thousand to get a double. That is, if the desired factor is 1.9, the runtime value should be 1900. Defaults to 1900.",
+          "description": "This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (stdev * successRateStdevFactor). This factor is divided by a thousand to get a double. That is, if the desired factor is 1.9, the runtime value should be 1900. Defaults to 1900. Not supported when the backend service uses Serverless NEG.",
           "format": "int32",
           "type": "integer"
         }
@@ -57802,6 +64659,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -57820,6 +64678,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -57831,6 +64719,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -57970,6 +64859,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -57988,6 +64878,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -57999,6 +64919,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -58141,6 +65062,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -58159,6 +65081,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -58170,6 +65122,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -58544,6 +65497,20 @@
           "description": "[Output Only] Type of the resource. Always compute#project for projects.",
           "type": "string"
         },
+        "managedProtectionTier": {
+          "description": "[Output Only] The Cloud Armor Managed Protection (CAMP) tier for this project. It can be one of the following values: CA_STANDARD, CAMP_PLUS_MONTHLY. If this field is not specified, it is assumed to be CA_STANDARD.",
+          "enum": [
+            "CAMP_PLUS_ANNUAL",
+            "CAMP_PLUS_MONTHLY",
+            "CA_STANDARD"
+          ],
+          "enumDescriptions": [
+            "Plus tier protection annual.",
+            "Plus tier protection monthly.",
+            "Standard protection."
+          ],
+          "type": "string"
+        },
         "name": {
           "description": "The project ID. For example: my-example-project. Use the project ID to make requests to Compute Engine.",
           "type": "string"
@@ -58668,6 +65635,26 @@
       },
       "type": "object"
     },
+    "ProjectsSetManagedProtectionTierRequest": {
+      "id": "ProjectsSetManagedProtectionTierRequest",
+      "properties": {
+        "managedProtectionTier": {
+          "description": "Managed protection tier to be set.",
+          "enum": [
+            "CAMP_PLUS_ANNUAL",
+            "CAMP_PLUS_MONTHLY",
+            "CA_STANDARD"
+          ],
+          "enumDescriptions": [
+            "Plus tier protection annual.",
+            "Plus tier protection monthly.",
+            "Standard protection."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "PublicAdvertisedPrefix": {
       "description": "A public advertised prefix represents an aggregated IP prefix or netblock which customers bring to cloud. The IP prefix is a single unit of route advertisement and is announced globally to the internet.",
       "id": "PublicAdvertisedPrefix",
@@ -58681,7 +65668,7 @@
           "type": "string"
         },
         "dnsVerificationIp": {
-          "description": "The IPv4 address to be used for reverse DNS verification.",
+          "description": "The address to be used for reverse DNS verification.",
           "type": "string"
         },
         "fingerprint": {
@@ -58695,7 +65682,7 @@
           "type": "string"
         },
         "ipCidrRange": {
-          "description": "The IPv4 address range, in CIDR format, represented by this public advertised prefix.",
+          "description": "The address range, in CIDR format, represented by this public advertised prefix.",
           "type": "string"
         },
         "kind": {
@@ -58796,6 +65783,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -58814,6 +65802,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -58825,6 +65843,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -58922,7 +65941,7 @@
           "type": "string"
         },
         "ipCidrRange": {
-          "description": "The IPv4 address range, in CIDR format, represented by this public delegated prefix.",
+          "description": "The IP address range, in CIDR format, represented by this public delegated prefix.",
           "type": "string"
         },
         "isLiveMigration": {
@@ -59033,6 +66052,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -59051,6 +66071,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -59062,6 +66112,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -59152,6 +66203,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -59170,6 +66222,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -59181,6 +66263,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -59241,7 +66324,7 @@
           "type": "string"
         },
         "ipCidrRange": {
-          "description": "The IPv4 address range, in CIDR format, represented by this sub public delegated prefix.",
+          "description": "The IP address range, in CIDR format, represented by this sub public delegated prefix.",
           "type": "string"
         },
         "isAddress": {
@@ -59297,6 +66380,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -59315,6 +66399,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -59326,6 +66440,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -59410,6 +66525,7 @@
             "COMMITTED_NVIDIA_A100_80GB_GPUS",
             "COMMITTED_NVIDIA_A100_GPUS",
             "COMMITTED_NVIDIA_K80_GPUS",
+            "COMMITTED_NVIDIA_L4_GPUS",
             "COMMITTED_NVIDIA_P100_GPUS",
             "COMMITTED_NVIDIA_P4_GPUS",
             "COMMITTED_NVIDIA_T4_GPUS",
@@ -59461,11 +66577,15 @@
             "NETWORK_ATTACHMENTS",
             "NETWORK_ENDPOINT_GROUPS",
             "NETWORK_FIREWALL_POLICIES",
+            "NET_LB_SECURITY_POLICIES_PER_REGION",
+            "NET_LB_SECURITY_POLICY_RULES_PER_REGION",
+            "NET_LB_SECURITY_POLICY_RULE_ATTRIBUTES_PER_REGION",
             "NODE_GROUPS",
             "NODE_TEMPLATES",
             "NVIDIA_A100_80GB_GPUS",
             "NVIDIA_A100_GPUS",
             "NVIDIA_K80_GPUS",
+            "NVIDIA_L4_GPUS",
             "NVIDIA_P100_GPUS",
             "NVIDIA_P100_VWS_GPUS",
             "NVIDIA_P4_GPUS",
@@ -59480,6 +66600,7 @@
             "PREEMPTIBLE_NVIDIA_A100_80GB_GPUS",
             "PREEMPTIBLE_NVIDIA_A100_GPUS",
             "PREEMPTIBLE_NVIDIA_K80_GPUS",
+            "PREEMPTIBLE_NVIDIA_L4_GPUS",
             "PREEMPTIBLE_NVIDIA_P100_GPUS",
             "PREEMPTIBLE_NVIDIA_P100_VWS_GPUS",
             "PREEMPTIBLE_NVIDIA_P4_GPUS",
@@ -59504,6 +66625,7 @@
             "ROUTES",
             "SECURITY_POLICIES",
             "SECURITY_POLICIES_PER_REGION",
+            "SECURITY_POLICY_ADVANCED_RULES_PER_REGION",
             "SECURITY_POLICY_CEVAL_RULES",
             "SECURITY_POLICY_RULES",
             "SECURITY_POLICY_RULES_PER_REGION",
@@ -59561,6 +66683,7 @@
             "",
             "",
             "",
+            "",
             "Guest CPUs",
             "",
             "",
@@ -59653,6 +66776,12 @@
             "",
             "",
             "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
             "The total number of snapshots allowed for a single project.",
             "",
             "",
@@ -59699,6 +66828,11 @@
           "description": "The map holding related quota dimensions.",
           "type": "object"
         },
+        "futureLimit": {
+          "description": "Future quota limit being rolled out. The limit's unit depends on the quota type or metric.",
+          "format": "double",
+          "type": "number"
+        },
         "limit": {
           "description": "Current effective quota limit. The limit's unit depends on the quota type or metric.",
           "format": "double",
@@ -59711,6 +66845,18 @@
         "metricName": {
           "description": "The Compute Engine quota metric name.",
           "type": "string"
+        },
+        "rolloutStatus": {
+          "description": "Rollout status of the future quota limit.",
+          "enum": [
+            "IN_PROGRESS",
+            "ROLLOUT_STATUS_UNSPECIFIED"
+          ],
+          "enumDescriptions": [
+            "IN_PROGRESS - A rollout is in process which will change the limit value to future limit.",
+            "ROLLOUT_STATUS_UNSPECIFIED - Rollout status is not specified. The default value."
+          ],
+          "type": "string"
         }
       },
       "type": "object"
@@ -59806,6 +66952,20 @@
       },
       "type": "object"
     },
+    "RegionAddressesMoveRequest": {
+      "id": "RegionAddressesMoveRequest",
+      "properties": {
+        "description": {
+          "description": "An optional destination address description if intended to be different from the source.",
+          "type": "string"
+        },
+        "destinationAddress": {
+          "description": "The URL of the destination address to move to. This can be a full or partial URL. For example, the following are all valid URLs to a address: - https://www.googleapis.com/compute/v1/projects/project/regions/region /addresses/address - projects/project/regions/region/addresses/address Note that destination project must be different from the source project. So /regions/region/addresses/address is not valid partial url.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "RegionAutoscalerList": {
       "description": "Contains a list of autoscalers.",
       "id": "RegionAutoscalerList",
@@ -59850,6 +67010,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -59868,6 +67029,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -59879,6 +67070,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -59982,6 +67174,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -60000,6 +67193,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -60011,6 +67234,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -60095,6 +67319,16 @@
       },
       "type": "object"
     },
+    "RegionDisksStartAsyncReplicationRequest": {
+      "id": "RegionDisksStartAsyncReplicationRequest",
+      "properties": {
+        "asyncSecondaryDisk": {
+          "description": "The secondary disk to start asynchronous replication to. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - https://www.googleapis.com/compute/v1/projects/project/regions/region /disks/disk - projects/project/zones/zone/disks/disk - projects/project/regions/region/disks/disk - zones/zone/disks/disk - regions/region/disks/disk ",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "RegionInstanceGroupList": {
       "description": "Contains a list of InstanceGroup resources.",
       "id": "RegionInstanceGroupList",
@@ -60139,6 +67373,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -60157,6 +67392,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -60168,6 +67433,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -60273,6 +67539,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -60291,6 +67558,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -60302,6 +67599,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -60406,7 +67704,7 @@
           "type": "array"
         },
         "minimalAction": {
-          "description": "The minimal action that you want to perform on each instance during the update: - REPLACE: At minimum, delete the instance and create it again. - RESTART: Stop the instance and start it again. - REFRESH: Do not stop the instance. - NONE: Do not disrupt the instance at all. By default, the minimum action is NONE. If your update requires a more disruptive action than you set with this flag, the necessary action is performed to execute the update.",
+          "description": "The minimal action that you want to perform on each instance during the update: - REPLACE: At minimum, delete the instance and create it again. - RESTART: Stop the instance and start it again. - REFRESH: Do not stop the instance and limit disruption as much as possible. - NONE: Do not disrupt the instance at all. By default, the minimum action is NONE. If your update requires a more disruptive action than you set with this flag, the necessary action is performed to execute the update.",
           "enum": [
             "NONE",
             "REFRESH",
@@ -60415,14 +67713,14 @@
           ],
           "enumDescriptions": [
             "Do not perform any action.",
-            "Updates applied in runtime, instances will not be disrupted.",
-            "Old instances will be deleted. New instances will be created from the target template.",
-            "Every instance will be restarted."
+            "Do not stop the instance.",
+            "(Default.) Replace the instance according to the replacement method option.",
+            "Stop the instance and start it again."
           ],
           "type": "string"
         },
         "mostDisruptiveAllowedAction": {
-          "description": "The most disruptive action that you want to perform on each instance during the update: - REPLACE: Delete the instance and create it again. - RESTART: Stop the instance and start it again. - REFRESH: Do not stop the instance. - NONE: Do not disrupt the instance at all. By default, the most disruptive allowed action is REPLACE. If your update requires a more disruptive action than you set with this flag, the update request will fail.",
+          "description": "The most disruptive action that you want to perform on each instance during the update: - REPLACE: Delete the instance and create it again. - RESTART: Stop the instance and start it again. - REFRESH: Do not stop the instance and limit disruption as much as possible. - NONE: Do not disrupt the instance at all. By default, the most disruptive allowed action is REPLACE. If your update requires a more disruptive action than you set with this flag, the update request will fail.",
           "enum": [
             "NONE",
             "REFRESH",
@@ -60431,9 +67729,9 @@
           ],
           "enumDescriptions": [
             "Do not perform any action.",
-            "Updates applied in runtime, instances will not be disrupted.",
-            "Old instances will be deleted. New instances will be created from the target template.",
-            "Every instance will be restarted."
+            "Do not stop the instance.",
+            "(Default.) Replace the instance according to the replacement method option.",
+            "Stop the instance and start it again."
           ],
           "type": "string"
         }
@@ -60518,6 +67816,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -60536,6 +67835,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -60547,6 +67876,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -60722,6 +68052,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -60740,6 +68071,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -60751,6 +68112,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -60883,6 +68245,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -60901,6 +68264,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -60912,6 +68305,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -60959,6 +68353,32 @@
       },
       "type": "object"
     },
+    "RegionNetworkEndpointGroupsAttachEndpointsRequest": {
+      "id": "RegionNetworkEndpointGroupsAttachEndpointsRequest",
+      "properties": {
+        "networkEndpoints": {
+          "description": "The list of network endpoints to be attached.",
+          "items": {
+            "$ref": "NetworkEndpoint"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "RegionNetworkEndpointGroupsDetachEndpointsRequest": {
+      "id": "RegionNetworkEndpointGroupsDetachEndpointsRequest",
+      "properties": {
+        "networkEndpoints": {
+          "description": "The list of network endpoints to be detached.",
+          "items": {
+            "$ref": "NetworkEndpoint"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
     "RegionNetworkFirewallPoliciesGetEffectiveFirewallsResponse": {
       "id": "RegionNetworkFirewallPoliciesGetEffectiveFirewallsResponse",
       "properties": {
@@ -61270,6 +68690,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -61288,6 +68709,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -61299,6 +68750,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -61389,6 +68841,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -61407,6 +68860,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -61418,6 +68901,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -61502,6 +68986,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -61520,6 +69005,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -61531,6 +69046,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -61648,6 +69164,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -61666,6 +69183,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -61677,6 +69224,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -61735,6 +69283,10 @@
         "description": {
           "type": "string"
         },
+        "diskConsistencyGroupPolicy": {
+          "$ref": "ResourcePolicyDiskConsistencyGroupPolicy",
+          "description": "Resource policy for disk consistency groups."
+        },
         "groupPlacementPolicy": {
           "$ref": "ResourcePolicyGroupPlacementPolicy",
           "description": "Resource policy for instances for placement configuration."
@@ -61854,6 +69406,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -61872,6 +69425,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -61883,6 +69466,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -61950,6 +69534,12 @@
       },
       "type": "object"
     },
+    "ResourcePolicyDiskConsistencyGroupPolicy": {
+      "description": "Resource policy for disk consistency groups.",
+      "id": "ResourcePolicyDiskConsistencyGroupPolicy",
+      "properties": {},
+      "type": "object"
+    },
     "ResourcePolicyGroupPlacementPolicy": {
       "description": "A GroupPlacementPolicy specifies resource placement configuration. It specifies the failure bucket separation as well as network locality",
       "id": "ResourcePolicyGroupPlacementPolicy",
@@ -62017,7 +69607,7 @@
           "type": "string"
         },
         "timeZone": {
-          "description": "Specifies the time zone to be used in interpreting Schedule.schedule. The value of this field must be a time zone name from the tz database: http://en.wikipedia.org/wiki/Tz_database.",
+          "description": "Specifies the time zone to be used in interpreting Schedule.schedule. The value of this field must be a time zone name from the tz database: https://wikipedia.org/wiki/Tz_database.",
           "type": "string"
         },
         "vmStartSchedule": {
@@ -62088,6 +69678,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -62106,6 +69697,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -62117,6 +69738,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -62434,6 +70056,10 @@
           "description": "The URL to a gateway that should handle matching packets. You can only specify the internet gateway using a full or partial valid URL: projects/ project/global/gateways/default-internet-gateway",
           "type": "string"
         },
+        "nextHopHub": {
+          "description": "[Output Only] The full resource name of the Network Connectivity Center hub that will handle matching packets.",
+          "type": "string"
+        },
         "nextHopIlb": {
           "description": "The URL to a forwarding rule of type loadBalancingScheme=INTERNAL that should handle matching packets or the IP address of the forwarding Rule. For example, the following are all valid URLs: - 10.128.0.56 - https://www.googleapis.com/compute/v1/projects/project/regions/region /forwardingRules/forwardingRule - regions/region/forwardingRules/forwardingRule ",
           "type": "string"
@@ -62537,6 +70163,7 @@
                   "INJECTED_KERNELS_DEPRECATED",
                   "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                   "LARGE_DEPLOYMENT_WARNING",
+                  "LIST_OVERHEAD_QUOTA_EXCEED",
                   "MISSING_TYPE_DEPENDENCY",
                   "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                   "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -62555,6 +70182,36 @@
                   "UNDECLARED_PROPERTIES",
                   "UNREACHABLE"
                 ],
+                "enumDeprecated": [
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  true,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false
+                ],
                 "enumDescriptions": [
                   "Warning about failed cleanup of transient changes made by a failed operation.",
                   "A link to a deprecated resource was created.",
@@ -62566,6 +70223,7 @@
                   "The operation involved use of an injected kernel, which is deprecated.",
                   "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                   "When deploying a deployment with a exceedingly large number of resources",
+                  "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                   "A resource depends on a missing type",
                   "The route's nextHopIp address is not assigned to an instance on the network.",
                   "The route's next hop instance cannot ip forward.",
@@ -62689,6 +70347,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -62707,6 +70366,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -62718,6 +70407,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -62921,6 +70611,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -62939,6 +70630,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -62950,6 +70671,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -63061,7 +70783,7 @@
           "type": "string"
         },
         "advertisedGroups": {
-          "description": "User-specified list of prefix groups to advertise in custom mode, which can take one of the following options: - ALL_SUBNETS: Advertises all available subnets, including peer VPC subnets. - ALL_VPC_SUBNETS: Advertises the router's own VPC subnets. Note that this field can only be populated if advertise_mode is CUSTOM and overrides the list defined for the router (in the \"bgp\" message). These groups are advertised in addition to any specified prefixes. Leave this field blank to advertise no custom groups.",
+          "description": "User-specified list of prefix groups to advertise in custom mode, which currently supports the following option: - ALL_SUBNETS: Advertises all of the router's own VPC subnets. This excludes any routes learned for subnets that use VPC Network Peering. Note that this field can only be populated if advertise_mode is CUSTOM and overrides the list defined for the router (in the \"bgp\" message). These groups are advertised in addition to any specified prefixes. Leave this field blank to advertise no custom groups.",
           "items": {
             "enum": [
               "ALL_SUBNETS"
@@ -63089,6 +70811,18 @@
           "$ref": "RouterBgpPeerBfd",
           "description": "BFD configuration for the BGP peering."
         },
+        "customLearnedIpRanges": {
+          "description": "A list of user-defined custom learned route IP address ranges for a BGP session.",
+          "items": {
+            "$ref": "RouterBgpPeerCustomLearnedIpRange"
+          },
+          "type": "array"
+        },
+        "customLearnedRoutePriority": {
+          "description": "The user-defined custom learned route priority for a BGP session. This value is applied to all custom learned route ranges for the session. You can choose a value from `0` to `65335`. If you don't provide a value, Google Cloud assigns a priority of `100` to the ranges.",
+          "format": "int32",
+          "type": "integer"
+        },
         "enable": {
           "description": "The status of the BGP peer connection. If set to FALSE, any active session with the peer is terminated and all associated routing information is removed. If set to TRUE, the peer connection can be established with routing information. The default is TRUE.",
           "enum": [
@@ -63203,6 +70937,16 @@
       },
       "type": "object"
     },
+    "RouterBgpPeerCustomLearnedIpRange": {
+      "id": "RouterBgpPeerCustomLearnedIpRange",
+      "properties": {
+        "range": {
+          "description": "The custom learned route IP address range. Must be a valid CIDR-formatted prefix. If an IP address is provided without a subnet mask, it is interpreted as, for IPv4, a `/32` singular IP address range, and, for IPv6, `/128`.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "RouterInterface": {
       "id": "RouterInterface",
       "properties": {
@@ -63300,6 +71044,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -63318,6 +71063,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -63329,6 +71104,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -63405,6 +71181,22 @@
       "description": "Represents a Nat resource. It enables the VMs within the specified subnetworks to access Internet without external IP addresses. It specifies a list of subnetworks (and the ranges within) that want to use NAT. Customers can also provide the external IPs that would be used for NAT. GCP would auto-allocate ephemeral IPs if no external IPs are provided.",
       "id": "RouterNat",
       "properties": {
+        "autoNetworkTier": {
+          "description": "The network tier to use when automatically reserving IP addresses. Must be one of: PREMIUM, STANDARD. If not specified, PREMIUM tier will be used.",
+          "enum": [
+            "FIXED_STANDARD",
+            "PREMIUM",
+            "STANDARD",
+            "STANDARD_OVERRIDES_FIXED_STANDARD"
+          ],
+          "enumDescriptions": [
+            "Public internet quality with fixed bandwidth.",
+            "High quality, Google-grade network tier, support for all networking products.",
+            "Public internet quality, only limited support for other networking products.",
+            "(Output only) Temporary tier for FIXED_STANDARD when fixed standard tier is expired or not configured."
+          ],
+          "type": "string"
+        },
         "drainNatIps": {
           "description": "A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT. These IPs should be used for updating/patching a NAT only.",
           "items": {
@@ -63423,10 +71215,12 @@
           "description": "List of NAT-ted endpoint types supported by the Nat Gateway. If the list is empty, then it will be equivalent to include ENDPOINT_TYPE_VM",
           "items": {
             "enum": [
+              "ENDPOINT_TYPE_MANAGED_PROXY_LB",
               "ENDPOINT_TYPE_SWG",
               "ENDPOINT_TYPE_VM"
             ],
             "enumDescriptions": [
+              "This is used for Regional Internal/External HTTP(S) and TCP Proxy load balancer endpoints.",
               "This is used for Secure Web Gateway endpoints.",
               "This is the default."
             ],
@@ -63485,7 +71279,7 @@
           "type": "array"
         },
         "sourceSubnetworkIpRangesToNat": {
-          "description": "Specify the Nat option, which can take one of the following values: - ALL_SUBNETWORKS_ALL_IP_RANGES: All of the IP ranges in every Subnetwork are allowed to Nat. - ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES: All of the primary IP ranges in every Subnetwork are allowed to Nat. - LIST_OF_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below) The default is SUBNETWORK_IP_RANGE_TO_NAT_OPTION_UNSPECIFIED. Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES or ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any other Router.Nat section in any Router for this network in this region.",
+          "description": "Specify the Nat option, which can take one of the following values: - ALL_SUBNETWORKS_ALL_IP_RANGES: All of the IP ranges in every Subnetwork are allowed to Nat. - ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES: All of the primary IP ranges in every Subnetwork are allowed to Nat. - LIST_OF_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below) The default is SUBNETWORK_IP_RANGE_TO_NAT_OPTION_UNSPECIFIED. Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES then there should not be any other Router.Nat section in any Router for this network in this region.",
           "enum": [
             "ALL_SUBNETWORKS_ALL_IP_RANGES",
             "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES",
@@ -63520,6 +71314,18 @@
           "format": "int32",
           "type": "integer"
         },
+        "type": {
+          "description": "Indicates whether this NAT is used for public or private IP translation. If unspecified, it defaults to PUBLIC.",
+          "enum": [
+            "PRIVATE",
+            "PUBLIC"
+          ],
+          "enumDescriptions": [
+            "NAT used for private IP translation.",
+            "NAT used for public IP translation. This is the default."
+          ],
+          "type": "string"
+        },
         "udpIdleTimeoutSec": {
           "description": "Timeout (in seconds) for UDP connections. Defaults to 30s if not set.",
           "format": "int32",
@@ -63586,12 +71392,26 @@
           },
           "type": "array"
         },
+        "sourceNatActiveRanges": {
+          "description": "A list of URLs of the subnetworks used as source ranges for this NAT Rule. These subnetworks must have purpose set to PRIVATE_NAT. This field is used for private NAT.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "sourceNatDrainIps": {
           "description": "A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT. These IPs should be used for updating/patching a NAT rule only. This field is used for public NAT.",
           "items": {
             "type": "string"
           },
           "type": "array"
+        },
+        "sourceNatDrainRanges": {
+          "description": "A list of URLs of subnetworks representing source ranges to be drained. This is only supported on patch/update, and these subnetworks must have previously been used as active ranges in this NAT Rule. This field is used for private NAT.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object"
@@ -63911,6 +71731,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -63929,6 +71750,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -63940,6 +71791,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -64319,6 +72171,10 @@
           ],
           "type": "string"
         },
+        "localSsdRecoveryTimeout": {
+          "$ref": "Duration",
+          "description": "Specifies the maximum amount of time a Local Ssd Vm should wait while recovery of the Local Ssd state is attempted. Its value should be in between 0 and 168 hours with hour granularity and the default value being 1 hour."
+        },
         "locationHint": {
           "description": "An opaque location hint used to place the instance close to other resources. This field is for use by internal tools that use the public API.",
           "type": "string"
@@ -64491,6 +72347,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -64509,6 +72366,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -64520,6 +72407,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -64602,6 +72490,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -64620,6 +72509,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -64631,6 +72550,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -64798,6 +72718,13 @@
             ""
           ],
           "type": "string"
+        },
+        "userDefinedFields": {
+          "description": "Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies. A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits. Rules may then specify matching values for these fields. Example: userDefinedFields: - name: \"ipv4_fragment_offset\" base: IPV4 offset: 6 size: 2 mask: \"0x1fff\"",
+          "items": {
+            "$ref": "SecurityPolicyUserDefinedField"
+          },
+          "type": "array"
         }
       },
       "type": "object"
@@ -64840,15 +72767,15 @@
       "type": "object"
     },
     "SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfig": {
-      "description": "Configuration options for L7 DDoS detection.",
+      "description": "Configuration options for L7 DDoS detection. This field is only supported in Global Security Policies of type CLOUD_ARMOR.",
       "id": "SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfig",
       "properties": {
         "enable": {
-          "description": "If set to true, enables CAAP for L7 DDoS detection.",
+          "description": "If set to true, enables CAAP for L7 DDoS detection. This field is only supported in Global Security Policies of type CLOUD_ARMOR.",
           "type": "boolean"
         },
         "ruleVisibility": {
-          "description": "Rule visibility can be one of the following: STANDARD - opaque rules. (default) PREMIUM - transparent rules.",
+          "description": "Rule visibility can be one of the following: STANDARD - opaque rules. (default) PREMIUM - transparent rules. This field is only supported in Global Security Policies of type CLOUD_ARMOR.",
           "enum": [
             "PREMIUM",
             "STANDARD"
@@ -64858,6 +72785,40 @@
             ""
           ],
           "type": "string"
+        },
+        "thresholdConfigs": {
+          "description": "Configuration options for layer7 adaptive protection for various customizable thresholds.",
+          "items": {
+            "$ref": "SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfig"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfig": {
+      "id": "SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigThresholdConfig",
+      "properties": {
+        "autoDeployConfidenceThreshold": {
+          "format": "float",
+          "type": "number"
+        },
+        "autoDeployExpirationSec": {
+          "format": "int32",
+          "type": "integer"
+        },
+        "autoDeployImpactedBaselineThreshold": {
+          "format": "float",
+          "type": "number"
+        },
+        "autoDeployLoadThreshold": {
+          "format": "float",
+          "type": "number"
+        },
+        "name": {
+          "description": "The name must be 1-63 characters long, and comply with RFC1035. The name must be unique within the security policy.",
+          "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+          "type": "string"
         }
       },
       "type": "object"
@@ -64872,9 +72833,11 @@
         "jsonParsing": {
           "enum": [
             "DISABLED",
-            "STANDARD"
+            "STANDARD",
+            "STANDARD_WITH_GRAPHQL"
           ],
           "enumDescriptions": [
+            "",
             "",
             ""
           ],
@@ -64890,6 +72853,13 @@
             ""
           ],
           "type": "string"
+        },
+        "userIpRequestHeaders": {
+          "description": "An optional list of case-insensitive request header names to use for resolving the callers client IP address.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object"
@@ -64935,9 +72905,11 @@
         "ddosProtection": {
           "enum": [
             "ADVANCED",
+            "ADVANCED_PREVIEW",
             "STANDARD"
           ],
           "enumDescriptions": [
+            "",
             "",
             ""
           ],
@@ -64985,6 +72957,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -65003,6 +72976,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -65014,6 +73017,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -65065,7 +73069,7 @@
       "id": "SecurityPolicyRecaptchaOptionsConfig",
       "properties": {
         "redirectSiteKey": {
-          "description": "An optional field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used.",
+          "description": "An optional field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used. This field is only supported in Global Security Policies of type CLOUD_ARMOR.",
           "type": "string"
         }
       },
@@ -65085,7 +73089,7 @@
       "id": "SecurityPolicyRule",
       "properties": {
         "action": {
-          "description": "The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for `STATUS` are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this. ",
+          "description": "The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for `STATUS` are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this. ",
           "type": "string"
         },
         "description": {
@@ -65110,7 +73114,7 @@
         },
         "headerAction": {
           "$ref": "SecurityPolicyRuleHttpHeaderAction",
-          "description": "Optional, additional actions that are performed on headers."
+          "description": "Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR."
         },
         "kind": {
           "default": "compute#securityPolicyRule",
@@ -65121,6 +73125,10 @@
           "$ref": "SecurityPolicyRuleMatcher",
           "description": "A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced."
         },
+        "networkMatch": {
+          "$ref": "SecurityPolicyRuleNetworkMatcher",
+          "description": "A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. Example: networkMatch: srcIpRanges: - \"192.0.2.0/24\" - \"198.51.100.0/24\" userDefinedFields: - name: \"ipv4_fragment_offset\" values: - \"1-0x1fff\" The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named \"ipv4_fragment_offset\" with a value between 1 and 0x1fff inclusive."
+        },
         "preconfiguredWafConfig": {
           "$ref": "SecurityPolicyRulePreconfiguredWafConfig",
           "description": "Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect."
@@ -65140,7 +73148,7 @@
         },
         "redirectOptions": {
           "$ref": "SecurityPolicyRuleRedirectOptions",
-          "description": "Parameters defining the redirect action. Cannot be specified for any other actions."
+          "description": "Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR."
         },
         "ruleNumber": {
           "description": "Identifier for the rule. This is only unique within the given security policy. This can only be set during rule creation, if rule number is not specified it will be generated by the server.",
@@ -65206,7 +73214,11 @@
         },
         "expr": {
           "$ref": "Expr",
-          "description": "User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header."
+          "description": "User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Expressions containing `evaluateThreatIntelligence` require Cloud Armor Managed Protection Plus tier and are not supported in Edge Policies nor in Regional Policies. Expressions containing `evaluatePreconfiguredExpr('sourceiplist-*')` require Cloud Armor Managed Protection Plus tier and are only supported in Global Security Policies."
+        },
+        "exprOptions": {
+          "$ref": "SecurityPolicyRuleMatcherExprOptions",
+          "description": "The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr')."
         },
         "versionedExpr": {
           "description": "Preconfigured versioned expression. If this field is specified, config must also be specified. Available preconfigured expressions along with their requirements are: SRC_IPS_V1 - must specify the corresponding src_ip_range field in config.",
@@ -65267,6 +73279,117 @@
       },
       "type": "object"
     },
+    "SecurityPolicyRuleMatcherExprOptions": {
+      "id": "SecurityPolicyRuleMatcherExprOptions",
+      "properties": {
+        "recaptchaOptions": {
+          "$ref": "SecurityPolicyRuleMatcherExprOptionsRecaptchaOptions",
+          "description": "reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field will have no effect."
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPolicyRuleMatcherExprOptionsRecaptchaOptions": {
+      "id": "SecurityPolicyRuleMatcherExprOptionsRecaptchaOptions",
+      "properties": {
+        "actionTokenSiteKeys": {
+          "description": "A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "sessionTokenSiteKeys": {
+          "description": "A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPolicyRuleNetworkMatcher": {
+      "description": "Represents a match condition that incoming network traffic is evaluated against.",
+      "id": "SecurityPolicyRuleNetworkMatcher",
+      "properties": {
+        "destIpRanges": {
+          "description": "Destination IPv4/IPv6 addresses or CIDR prefixes, in standard text format.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "destPorts": {
+          "description": "Destination port numbers for TCP/UDP/SCTP. Each element can be a 16-bit unsigned decimal number (e.g. \"80\") or range (e.g. \"0-1023\").",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "ipProtocols": {
+          "description": "IPv4 protocol / IPv6 next header (after extension headers). Each element can be an 8-bit unsigned decimal number (e.g. \"6\"), range (e.g. \"253-254\"), or one of the following protocol names: \"tcp\", \"udp\", \"icmp\", \"esp\", \"ah\", \"ipip\", or \"sctp\".",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "srcAsns": {
+          "description": "BGP Autonomous System Number associated with the source IP address.",
+          "items": {
+            "format": "uint32",
+            "type": "integer"
+          },
+          "type": "array"
+        },
+        "srcIpRanges": {
+          "description": "Source IPv4/IPv6 addresses or CIDR prefixes, in standard text format.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "srcPorts": {
+          "description": "Source port numbers for TCP/UDP/SCTP. Each element can be a 16-bit unsigned decimal number (e.g. \"80\") or range (e.g. \"0-1023\").",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "srcRegionCodes": {
+          "description": "Two-letter ISO 3166-1 alpha-2 country code associated with the source IP address.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "userDefinedFields": {
+          "description": "User-defined fields. Each element names a defined field and lists the matching values for that field.",
+          "items": {
+            "$ref": "SecurityPolicyRuleNetworkMatcherUserDefinedFieldMatch"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPolicyRuleNetworkMatcherUserDefinedFieldMatch": {
+      "id": "SecurityPolicyRuleNetworkMatcherUserDefinedFieldMatch",
+      "properties": {
+        "name": {
+          "description": "Name of the user-defined field, as given in the definition.",
+          "type": "string"
+        },
+        "values": {
+          "description": "Matching values of the field. Each element can be a 32-bit unsigned decimal or hexadecimal (starting with \"0x\") number (e.g. \"64\") or range (e.g. \"0x400-0x7ff\").",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
     "SecurityPolicyRulePreconfiguredWafConfig": {
       "id": "SecurityPolicyRulePreconfiguredWafConfig",
       "properties": {
@@ -65382,6 +73505,17 @@
             "SNI",
             "XFF_IP"
           ],
+          "enumDeprecated": [
+            false,
+            true,
+            false,
+            false,
+            false,
+            false,
+            false,
+            false,
+            false
+          ],
           "enumDescriptions": [
             "",
             "",
@@ -65407,12 +73541,12 @@
           "type": "string"
         },
         "exceedAction": {
-          "description": "Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are `deny(STATUS)`, where valid values for `STATUS` are 403, 404, 429, and 502, and `redirect`, where the redirect parameters come from `exceedRedirectOptions` below.",
+          "description": "Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are `deny(STATUS)`, where valid values for `STATUS` are 403, 404, 429, and 502, and `redirect`, where the redirect parameters come from `exceedRedirectOptions` below. The `redirect` action is only supported in Global Security Policies of type CLOUD_ARMOR.",
           "type": "string"
         },
         "exceedRedirectOptions": {
           "$ref": "SecurityPolicyRuleRedirectOptions",
-          "description": "Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect."
+          "description": "Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect. This field is only supported in Global Security Policies of type CLOUD_ARMOR."
         },
         "rateLimitThreshold": {
           "$ref": "SecurityPolicyRuleRateLimitOptionsThreshold",
@@ -65441,6 +73575,17 @@
             "SNI",
             "XFF_IP"
           ],
+          "enumDeprecated": [
+            false,
+            true,
+            false,
+            false,
+            false,
+            false,
+            false,
+            false,
+            false
+          ],
           "enumDescriptions": [
             "",
             "",
@@ -65495,11 +73640,52 @@
       },
       "type": "object"
     },
+    "SecurityPolicyUserDefinedField": {
+      "id": "SecurityPolicyUserDefinedField",
+      "properties": {
+        "base": {
+          "description": "The base relative to which 'offset' is measured. Possible values are: - IPV4: Points to the beginning of the IPv4 header. - IPV6: Points to the beginning of the IPv6 header. - TCP: Points to the beginning of the TCP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments. - UDP: Points to the beginning of the UDP header, skipping over any IPv4 options or IPv6 extension headers. Not present for non-first fragments. required",
+          "enum": [
+            "IPV4",
+            "IPV6",
+            "TCP",
+            "UDP"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "mask": {
+          "description": "If specified, apply this mask (bitwise AND) to the field to ignore bits before matching. Encoded as a hexadecimal number (starting with \"0x\"). The last byte of the field (in network byte order) corresponds to the least significant byte of the mask.",
+          "type": "string"
+        },
+        "name": {
+          "description": "The name of this field. Must be unique within the policy.",
+          "type": "string"
+        },
+        "offset": {
+          "description": "Offset of the first byte of the field (in network byte order) relative to 'base'.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "size": {
+          "description": "Size of the field in bytes. Valid values: 1-4.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
     "SecuritySettings": {
       "description": "The authentication and authorization settings for a BackendService.",
       "id": "SecuritySettings",
       "properties": {
         "authentication": {
+          "deprecated": true,
           "description": "[Deprecated] Use clientTlsPolicy instead.",
           "type": "string"
         },
@@ -65508,11 +73694,11 @@
           "description": "The configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication. Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends."
         },
         "clientTlsPolicy": {
-          "description": "Optional. A URL referring to a networksecurity.ClientTlsPolicy resource that describes how clients should authenticate with this service's backends. clientTlsPolicy only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED. If left blank, communications are not encrypted. Note: This field currently has no impact.",
+          "description": "Optional. A URL referring to a networksecurity.ClientTlsPolicy resource that describes how clients should authenticate with this service's backends. clientTlsPolicy only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED. If left blank, communications are not encrypted.",
           "type": "string"
         },
         "subjectAltNames": {
-          "description": "Optional. A list of Subject Alternative Names (SANs) that the client verifies during a mutual TLS handshake with an server/endpoint for this BackendService. When the server presents its X.509 certificate to the client, the client inspects the certificate's subjectAltName field. If the field contains one of the specified values, the communication continues. Otherwise, it fails. This additional check enables the client to verify that the server is authorized to run the requested service. Note that the contents of the server certificate's subjectAltName field are configured by the Public Key Infrastructure which provisions server identities. Only applies to a global BackendService with loadBalancingScheme set to INTERNAL_SELF_MANAGED. Only applies when BackendService has an attached clientTlsPolicy with clientCertificate (mTLS mode). Note: This field currently has no impact.",
+          "description": "Optional. A list of Subject Alternative Names (SANs) that the client verifies during a mutual TLS handshake with an server/endpoint for this BackendService. When the server presents its X.509 certificate to the client, the client inspects the certificate's subjectAltName field. If the field contains one of the specified values, the communication continues. Otherwise, it fails. This additional check enables the client to verify that the server is authorized to run the requested service. Note that the contents of the server certificate's subjectAltName field are configured by the Public Key Infrastructure which provisions server identities. Only applies to a global BackendService with loadBalancingScheme set to INTERNAL_SELF_MANAGED. Only applies when BackendService has an attached clientTlsPolicy with clientCertificate (mTLS mode).",
           "items": {
             "type": "string"
           },
@@ -65589,7 +73775,7 @@
       "type": "object"
     },
     "ServiceAttachment": {
-      "description": "Represents a ServiceAttachment resource. A service attachment represents a service that a producer has exposed. It encapsulates the load balancer which fronts the service runs and a list of NAT IP ranges that the producers uses to represent the consumers connecting to the service. next tag = 20",
+      "description": "Represents a ServiceAttachment resource. A service attachment represents a service that a producer has exposed. It encapsulates the load balancer which fronts the service runs and a list of NAT IP ranges that the producers uses to represent the consumers connecting to the service.",
       "id": "ServiceAttachment",
       "properties": {
         "connectedEndpoints": {
@@ -65679,6 +73865,7 @@
           "type": "array"
         },
         "producerForwardingRule": {
+          "deprecated": true,
           "description": "The URL of a forwarding rule with loadBalancingScheme INTERNAL* that is serving the endpoint identified by this service attachment.",
           "type": "string"
         },
@@ -65686,6 +73873,10 @@
           "$ref": "Uint128",
           "description": "[Output Only] An 128-bit global unique ID of the PSC service attachment."
         },
+        "reconcileConnections": {
+          "description": "This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. - If false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified . - If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list. For newly created service attachment, this boolean defaults to true.",
+          "type": "boolean"
+        },
         "region": {
           "description": "[Output Only] URL of the region where the service attachment resides. This field applies only to the region resource. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
           "type": "string"
@@ -65753,6 +73944,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -65771,6 +73963,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -65782,6 +74004,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -65833,6 +74056,10 @@
       "description": "[Output Only] A connection connected to this service attachment.",
       "id": "ServiceAttachmentConnectedEndpoint",
       "properties": {
+        "consumerNetwork": {
+          "description": "The url of the consumer network.",
+          "type": "string"
+        },
         "endpoint": {
           "description": "The url of a connected endpoint.",
           "type": "string"
@@ -65927,6 +74154,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -65945,6 +74173,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -65956,6 +74214,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -66029,6 +74288,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -66047,6 +74307,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -66058,6 +74348,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -66348,10 +74639,21 @@
           "format": "int64",
           "type": "string"
         },
+        "enableConfidentialCompute": {
+          "description": "Whether this snapshot is created from a confidential compute mode disk. [Output Only]: This field is not set by user, but from source disk.",
+          "type": "boolean"
+        },
         "guestFlush": {
           "description": "[Input Only] Whether to attempt an application consistent snapshot by informing the OS to prepare for the snapshot process.",
           "type": "boolean"
         },
+        "guestOsFeatures": {
+          "description": "[Output Only] A list of features to enable on the guest operating system. Applicable only for bootable images. Read Enabling guest operating system features to see a list of available options.",
+          "items": {
+            "$ref": "GuestOsFeature"
+          },
+          "type": "array"
+        },
         "id": {
           "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
           "format": "uint64",
@@ -66396,6 +74698,7 @@
         "name": {
           "annotations": {
             "required": [
+              "compute.disks.createSnapshot",
               "compute.snapshots.insert"
             ]
           },
@@ -66439,6 +74742,18 @@
           "description": "[Output Only] The ID value of the disk used to create this snapshot. This value may be used to determine whether the snapshot was taken from the current or a previous instance of a given disk name.",
           "type": "string"
         },
+        "sourceInstantSnapshot": {
+          "description": "The source instant snapshot used to create this snapshot. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /instantSnapshots/instantSnapshot - projects/project/zones/zone/instantSnapshots/instantSnapshot - zones/zone/instantSnapshots/instantSnapshot ",
+          "type": "string"
+        },
+        "sourceInstantSnapshotEncryptionKey": {
+          "$ref": "CustomerEncryptionKey",
+          "description": "Customer provided encryption key when creating Snapshot from Instant Snapshot."
+        },
+        "sourceInstantSnapshotId": {
+          "description": "[Output Only] The unique ID of the instant snapshot used to create this snapshot. This value identifies the exact instant snapshot that was used to create this persistent disk. For example, if you created the persistent disk from an instant snapshot that was later deleted and recreated under the same name, the source instant snapshot ID would identify the exact instant snapshot that was used.",
+          "type": "string"
+        },
         "sourceSnapshotSchedulePolicy": {
           "description": "[Output Only] URL of the resource policy which created this scheduled snapshot.",
           "type": "string"
@@ -66543,6 +74858,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -66561,6 +74877,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -66572,6 +74918,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -66879,6 +75226,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -66897,6 +75245,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -66908,6 +75286,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -66999,6 +75378,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -67017,6 +75397,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -67028,6 +75438,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -67175,6 +75586,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -67193,6 +75605,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -67204,6 +75646,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -67305,6 +75748,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -67323,6 +75767,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -67334,6 +75808,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -67424,6 +75899,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -67442,6 +75918,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -67453,6 +75959,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -67538,6 +76045,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -67556,6 +76064,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -67567,6 +76105,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -67715,6 +76254,7 @@
                   "INJECTED_KERNELS_DEPRECATED",
                   "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                   "LARGE_DEPLOYMENT_WARNING",
+                  "LIST_OVERHEAD_QUOTA_EXCEED",
                   "MISSING_TYPE_DEPENDENCY",
                   "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                   "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -67733,6 +76273,36 @@
                   "UNDECLARED_PROPERTIES",
                   "UNREACHABLE"
                 ],
+                "enumDeprecated": [
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  true,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false
+                ],
                 "enumDescriptions": [
                   "Warning about failed cleanup of transient changes made by a failed operation.",
                   "A link to a deprecated resource was created.",
@@ -67744,6 +76314,7 @@
                   "The operation involved use of an injected kernel, which is deprecated.",
                   "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                   "When deploying a deployment with a exceedingly large number of resources",
+                  "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                   "A resource depends on a missing type",
                   "The route's nextHopIp address is not assigned to an instance on the network.",
                   "The route's next hop instance cannot ip forward.",
@@ -67893,7 +76464,7 @@
           "type": "string"
         },
         "enableFlowLogs": {
-          "description": "Whether to enable flow logging for this subnetwork. If this field is not explicitly set, it will not appear in get listings. If not set the default behavior is determined by the org policy, if there is no org policy specified, then it will default to disabled. This field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER.",
+          "description": "Whether to enable flow logging for this subnetwork. If this field is not explicitly set, it will not appear in get listings. If not set the default behavior is determined by the org policy, if there is no org policy specified, then it will default to disabled. This field isn't supported if the subnet purpose field is set to REGIONAL_MANAGED_PROXY.",
           "type": "boolean"
         },
         "externalIpv6Prefix": {
@@ -67975,10 +76546,11 @@
           "type": "string"
         },
         "purpose": {
-          "description": "The purpose of the resource. This field can be either PRIVATE_RFC_1918 or INTERNAL_HTTPS_LOAD_BALANCER. A subnetwork with purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is reserved for Internal HTTP(S) Load Balancing. If unspecified, the purpose defaults to PRIVATE_RFC_1918. The enableFlowLogs field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER.",
+          "description": "The purpose of the resource. This field can be either PRIVATE, REGIONAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT, or INTERNAL_HTTPS_LOAD_BALANCER. PRIVATE is the default purpose for user-created subnets or subnets that are automatically created in auto mode networks. A subnet with purpose set to REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved for regional Envoy-based load balancers. A subnet with purpose set to PRIVATE_SERVICE_CONNECT is used to publish services using Private Service Connect. A subnet with purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a proxy-only subnet that can be used only by regional internal HTTP(S) load balancers. Note that REGIONAL_MANAGED_PROXY is the preferred setting for all regional Envoy load balancers. If unspecified, the subnet purpose defaults to PRIVATE. The enableFlowLogs field isn't supported if the subnet purpose field is set to REGIONAL_MANAGED_PROXY.",
           "enum": [
             "INTERNAL_HTTPS_LOAD_BALANCER",
             "PRIVATE",
+            "PRIVATE_NAT",
             "PRIVATE_RFC_1918",
             "PRIVATE_SERVICE_CONNECT",
             "REGIONAL_MANAGED_PROXY"
@@ -67986,6 +76558,7 @@
           "enumDescriptions": [
             "Subnet reserved for Internal HTTP(S) Load Balancing.",
             "Regular user created or automatically created subnet.",
+            "Subnetwork used as source range for Private NAT Gateways.",
             "Regular user created or automatically created subnet.",
             "Subnetworks created for Private Service Connect in the producer network.",
             "Subnetwork used for Regional Internal/External HTTP(S) Load Balancing."
@@ -68001,7 +76574,7 @@
           "type": "string"
         },
         "role": {
-          "description": "The role of subnetwork. Currently, this field is only used when purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently being used for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one that is ready to be promoted to ACTIVE or is currently draining. This field can be updated with a patch request.",
+          "description": "The role of subnetwork. Currently, this field is only used when purpose = REGIONAL_MANAGED_PROXY. The value can be set to ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently being used for Envoy-based load balancers in a region. A BACKUP subnetwork is one that is ready to be promoted to ACTIVE or is currently draining. This field can be updated with a patch request.",
           "enum": [
             "ACTIVE",
             "BACKUP"
@@ -68101,6 +76674,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -68119,6 +76693,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -68130,6 +76734,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -68221,6 +76826,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -68239,6 +76845,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -68250,6 +76886,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -68322,7 +76959,7 @@
           "type": "string"
         },
         "enable": {
-          "description": "Whether to enable flow logging for this subnetwork. If this field is not explicitly set, it will not appear in get listings. If not set the default behavior is determined by the org policy, if there is no org policy specified, then it will default to disabled.",
+          "description": "Whether to enable flow logging for this subnetwork. If this field is not explicitly set, it will not appear in get listings. If not set the default behavior is determined by the org policy, if there is no org policy specified, then it will default to disabled. Flow logging isn't supported if the subnet purpose field is set to REGIONAL_MANAGED_PROXY.",
           "type": "boolean"
         },
         "filterExpr": {
@@ -68413,6 +77050,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -68431,6 +77069,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -68442,6 +77110,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -68689,6 +77358,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -68707,6 +77377,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -68718,6 +77418,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -68791,6 +77492,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -68809,6 +77511,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -68820,6 +77552,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -68891,6 +77624,11 @@
           },
           "type": "array"
         },
+        "httpKeepAliveTimeoutSec": {
+          "description": "Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keep-alive is not specified, a default value (610 seconds) will be used. For Global external HTTP(S) load balancer, the minimum allowed value is 5 seconds and the maximum allowed value is 1200 seconds. For Global external HTTP(S) load balancer (classic), this option is not available publicly.",
+          "format": "int32",
+          "type": "integer"
+        },
         "id": {
           "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
           "format": "uint64",
@@ -68976,6 +77714,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -68994,6 +77733,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -69005,6 +77774,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -69096,6 +77866,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -69114,6 +77885,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -69125,6 +77926,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -69198,6 +78000,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -69216,6 +78019,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -69227,6 +78060,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -69278,7 +78112,7 @@
       "id": "TargetHttpsProxiesSetCertificateMapRequest",
       "properties": {
         "certificateMap": {
-          "description": "URL of the Certificate Map to associate with this TargetHttpsProxy.",
+          "description": "URL of the Certificate Map to associate with this TargetHttpsProxy. Accepted format is //certificatemanager.googleapis.com/projects/{project }/locations/{location}/certificateMaps/{resourceName}.",
           "type": "string"
         }
       },
@@ -69322,10 +78156,12 @@
       "id": "TargetHttpsProxy",
       "properties": {
         "authentication": {
+          "deprecated": true,
           "description": "[Deprecated] Use serverTlsPolicy instead.",
           "type": "string"
         },
         "authorization": {
+          "deprecated": true,
           "description": "[Deprecated] Use authorizationPolicy instead.",
           "type": "string"
         },
@@ -69334,7 +78170,7 @@
           "type": "string"
         },
         "certificateMap": {
-          "description": "URL of a certificate map that identifies a certificate map associated with the given target proxy. This field can only be set for global target proxies. If set, sslCertificates will be ignored.",
+          "description": "URL of a certificate map that identifies a certificate map associated with the given target proxy. This field can only be set for global target proxies. If set, sslCertificates will be ignored. Accepted format is //certificatemanager.googleapis.com/projects/{project }/locations/{location}/certificateMaps/{resourceName}.",
           "type": "string"
         },
         "creationTimestamp": {
@@ -69357,6 +78193,11 @@
           },
           "type": "array"
         },
+        "httpKeepAliveTimeoutSec": {
+          "description": "Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keep-alive is not specified, a default value (610 seconds) will be used. For Global external HTTP(S) load balancer, the minimum allowed value is 5 seconds and the maximum allowed value is 1200 seconds. For Global external HTTP(S) load balancer (classic), this option is not available publicly.",
+          "format": "int32",
+          "type": "integer"
+        },
         "id": {
           "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
           "format": "uint64",
@@ -69399,7 +78240,7 @@
           "type": "string"
         },
         "serverTlsPolicy": {
-          "description": "Optional. A URL referring to a networksecurity.ServerTlsPolicy resource that describes how the proxy should authenticate inbound traffic. serverTlsPolicy only applies to a global TargetHttpsProxy attached to globalForwardingRules with the loadBalancingScheme set to INTERNAL_SELF_MANAGED. If left blank, communications are not encrypted. Note: This field currently has no impact.",
+          "description": "Optional. A URL referring to a networksecurity.ServerTlsPolicy resource that describes how the proxy should authenticate inbound traffic. serverTlsPolicy only applies to a global TargetHttpsProxy attached to globalForwardingRules with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. For details which ServerTlsPolicy resources are accepted with INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted.",
           "type": "string"
         },
         "sslCertificates": {
@@ -69471,6 +78312,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -69489,6 +78331,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -69500,6 +78372,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -69591,6 +78464,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -69609,6 +78483,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -69620,6 +78524,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -69712,6 +78617,10 @@
           "description": "The URL of the network this target instance uses to forward traffic. If not specified, the traffic will be forwarded to the network that the default network interface belongs to.",
           "type": "string"
         },
+        "securityPolicy": {
+          "description": "[Output Only] The resource URL for the security policy associated with this target instance.",
+          "type": "string"
+        },
         "selfLink": {
           "description": "[Output Only] Server-defined URL for the resource.",
           "type": "string"
@@ -69774,6 +78683,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -69792,6 +78702,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -69803,6 +78743,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -69894,6 +78835,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -69912,6 +78854,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -69923,6 +78895,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -69996,6 +78969,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -70014,6 +78988,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -70025,6 +79029,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -70126,6 +79131,10 @@
           "description": "[Output Only] URL of the region where the target pool resides.",
           "type": "string"
         },
+        "securityPolicy": {
+          "description": "[Output Only] The resource URL for the security policy associated with this target pool.",
+          "type": "string"
+        },
         "selfLink": {
           "description": "[Output Only] Server-defined URL for the resource.",
           "type": "string"
@@ -70208,6 +79217,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -70226,6 +79236,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -70237,6 +79277,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -70345,6 +79386,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -70363,6 +79405,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -70374,6 +79446,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -70499,6 +79572,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -70517,6 +79591,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -70528,6 +79632,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -70598,7 +79703,7 @@
       "id": "TargetSslProxiesSetCertificateMapRequest",
       "properties": {
         "certificateMap": {
-          "description": "URL of the Certificate Map to associate with this TargetSslProxy.",
+          "description": "URL of the Certificate Map to associate with this TargetSslProxy. Accepted format is //certificatemanager.googleapis.com/projects/{project }/locations/{location}/certificateMaps/{resourceName}.",
           "type": "string"
         }
       },
@@ -70640,7 +79745,7 @@
       "id": "TargetSslProxy",
       "properties": {
         "certificateMap": {
-          "description": "URL of a certificate map that identifies a certificate map associated with the given target proxy. This field can only be set for global target proxies. If set, sslCertificates will be ignored.",
+          "description": "URL of a certificate map that identifies a certificate map associated with the given target proxy. This field can only be set for global target proxies. If set, sslCertificates will be ignored. Accepted format is //certificatemanager.googleapis.com/projects/{project }/locations/{location}/certificateMaps/{resourceName}.",
           "type": "string"
         },
         "creationTimestamp": {
@@ -70744,6 +79849,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -70762,6 +79868,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -70773,6 +79909,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -70846,6 +79983,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -70864,6 +80002,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -70875,6 +80043,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -71059,6 +80228,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -71077,6 +80247,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -71088,6 +80288,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -71179,6 +80380,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -71197,6 +80399,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -71208,6 +80440,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -71400,6 +80633,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -71418,6 +80652,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -71429,6 +80693,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -71520,6 +80785,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -71538,6 +80804,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -71549,6 +80845,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -71622,6 +80919,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -71640,6 +80938,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -71651,6 +80979,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -71913,6 +81242,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -71931,6 +81261,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -71942,6 +81302,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -72130,6 +81491,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -72148,6 +81510,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -72159,6 +81551,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -72232,6 +81625,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -72250,6 +81644,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -72261,6 +81685,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -72396,10 +81821,11 @@
           "type": "string"
         },
         "purpose": {
-          "description": "The purpose of the resource. This field can be either PRIVATE_RFC_1918 or INTERNAL_HTTPS_LOAD_BALANCER. A subnetwork with purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is reserved for Internal HTTP(S) Load Balancing. If unspecified, the purpose defaults to PRIVATE_RFC_1918. The enableFlowLogs field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER.",
+          "description": "The purpose of the resource. This field can be either PRIVATE, REGIONAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT, or INTERNAL_HTTPS_LOAD_BALANCER. PRIVATE is the default purpose for user-created subnets or subnets that are automatically created in auto mode networks. A subnet with purpose set to REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved for regional Envoy-based load balancers. A subnet with purpose set to PRIVATE_SERVICE_CONNECT is used to publish services using Private Service Connect. A subnet with purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a proxy-only subnet that can be used only by regional internal HTTP(S) load balancers. Note that REGIONAL_MANAGED_PROXY is the preferred setting for all regional Envoy load balancers. If unspecified, the subnet purpose defaults to PRIVATE. The enableFlowLogs field isn't supported if the subnet purpose field is set to REGIONAL_MANAGED_PROXY.",
           "enum": [
             "INTERNAL_HTTPS_LOAD_BALANCER",
             "PRIVATE",
+            "PRIVATE_NAT",
             "PRIVATE_RFC_1918",
             "PRIVATE_SERVICE_CONNECT",
             "REGIONAL_MANAGED_PROXY"
@@ -72407,6 +81833,7 @@
           "enumDescriptions": [
             "Subnet reserved for Internal HTTP(S) Load Balancing.",
             "Regular user created or automatically created subnet.",
+            "Subnetwork used as source range for Private NAT Gateways.",
             "Regular user created or automatically created subnet.",
             "Subnetworks created for Private Service Connect in the producer network.",
             "Subnetwork used for Regional Internal/External HTTP(S) Load Balancing."
@@ -72414,7 +81841,7 @@
           "type": "string"
         },
         "role": {
-          "description": "The role of subnetwork. Currently, this field is only used when purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently being used for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one that is ready to be promoted to ACTIVE or is currently draining. This field can be updated with a patch request.",
+          "description": "The role of subnetwork. Currently, this field is only used when purpose = REGIONAL_MANAGED_PROXY. The value can be set to ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently being used for Envoy-based load balancers in a region. A BACKUP subnetwork is one that is ready to be promoted to ACTIVE or is currently draining. This field can be updated with a patch request.",
           "enum": [
             "ACTIVE",
             "BACKUP"
@@ -72509,6 +81936,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -72527,6 +81955,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -72538,6 +81996,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -72743,6 +82202,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -72761,6 +82221,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -72772,6 +82262,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -72831,6 +82322,18 @@
           "description": "An optional description of this resource. Provide this property when you create the resource.",
           "type": "string"
         },
+        "gatewayIpVersion": {
+          "description": "The IP family of the gateway IPs for the HA-VPN gateway interfaces. If not specified, IPV4 will be used.",
+          "enum": [
+            "IPV4",
+            "IPV6"
+          ],
+          "enumDescriptions": [
+            "Every HA-VPN gateway interface is configured with an IPv4 address.",
+            "Every HA-VPN gateway interface is configured with an IPv6 address."
+          ],
+          "type": "string"
+        },
         "id": {
           "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
           "format": "uint64",
@@ -72953,6 +82456,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -72971,6 +82475,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -72982,6 +82516,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -73073,6 +82608,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -73091,6 +82627,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -73102,6 +82668,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -73201,7 +82768,7 @@
           "type": "integer"
         },
         "peerGatewayInterface": {
-          "description": "The peer gateway interface this VPN tunnel is connected to, the peer gateway could either be an external VPN gateway or GCP VPN gateway.",
+          "description": "The peer gateway interface this VPN tunnel is connected to, the peer gateway could either be an external VPN gateway or a Google Cloud VPN gateway.",
           "format": "uint32",
           "type": "integer"
         },
@@ -73213,7 +82780,7 @@
       "type": "object"
     },
     "VpnGatewayStatusVpnConnection": {
-      "description": "A VPN connection contains all VPN tunnels connected from this VpnGateway to the same peer gateway. The peer gateway could either be a external VPN gateway or GCP VPN gateway.",
+      "description": "A VPN connection contains all VPN tunnels connected from this VpnGateway to the same peer gateway. The peer gateway could either be an external VPN gateway or a Google Cloud VPN gateway.",
       "id": "VpnGatewayStatusVpnConnection",
       "properties": {
         "peerExternalGateway": {
@@ -73254,6 +82821,10 @@
         "ipAddress": {
           "description": "[Output Only] IP address for this VPN interface associated with the VPN gateway. The IP address could be either a regional external IP address or a regional internal IP address. The two IP addresses for a VPN gateway must be all regional external or regional internal IP addresses. There cannot be a mix of regional external IP addresses and regional internal IP addresses. For HA VPN over Cloud Interconnect, the IP addresses for both interfaces could either be regional internal IP addresses or regional external IP addresses. For regular (non HA VPN over Cloud Interconnect) HA VPN tunnels, the IP address must be a regional external IP address.",
           "type": "string"
+        },
+        "ipv6Address": {
+          "description": "[Output Only] IPv6 address for this VPN interface associated with the VPN gateway. The IPv6 address must be a regional external IPv6 address. The format is RFC 5952 format (e.g. 2001:db8::2d9:51:0:0).",
+          "type": "string"
         }
       },
       "type": "object"
@@ -73293,6 +82864,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -73311,6 +82883,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -73322,6 +82924,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -73574,6 +83177,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -73592,6 +83196,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -73603,6 +83237,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -73694,6 +83329,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -73712,6 +83348,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -73723,6 +83389,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -73796,6 +83463,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -73814,6 +83482,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -73825,6 +83523,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -73974,6 +83673,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -73992,6 +83692,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -74003,6 +83733,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -74181,6 +83912,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -74199,6 +83931,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -74210,6 +83972,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
diff --git a/vendor/google.golang.org/api/compute/v0.beta/compute-gen.go b/vendor/google.golang.org/api/compute/v0.beta/compute-gen.go
index d1b1baf57..73d2223e1 100644
--- a/vendor/google.golang.org/api/compute/v0.beta/compute-gen.go
+++ b/vendor/google.golang.org/api/compute/v0.beta/compute-gen.go
@@ -20476,6 +20476,7 @@ type InstanceGroupManagerResizeRequest struct {
 	// Possible values:
 	//   "ACCEPTED" - The request was created successfully and was accepted
 	// for provisioning when the capacity becomes available.
+	//   "CANCELLED" - The request is cancelled.
 	//   "CREATING" - resize request is being created and may still fail
 	// creation.
 	//   "FAILED" - The request failed before or during provisioning. If the
@@ -179196,7 +179197,7 @@ type RegionSecurityPoliciesPatchCall struct {
 }
 
 // Patch: Patches the specified policy with the data included in the
-// request. To clear fields in the rule, leave the fields empty and
+// request. To clear fields in the policy, leave the fields empty and
 // specify them in the updateMask. This cannot be used to be update the
 // rules in the policy. Please use the per rule methods like addRule,
 // patchRule, and removeRule instead.
@@ -179329,7 +179330,7 @@ func (c *RegionSecurityPoliciesPatchCall) Do(opts ...googleapi.CallOption) (*Ope
 	}
 	return ret, nil
 	// {
-	//   "description": "Patches the specified policy with the data included in the request. To clear fields in the rule, leave the fields empty and specify them in the updateMask. This cannot be used to be update the rules in the policy. Please use the per rule methods like addRule, patchRule, and removeRule instead.",
+	//   "description": "Patches the specified policy with the data included in the request. To clear fields in the policy, leave the fields empty and specify them in the updateMask. This cannot be used to be update the rules in the policy. Please use the per rule methods like addRule, patchRule, and removeRule instead.",
 	//   "flatPath": "projects/{project}/regions/{region}/securityPolicies/{securityPolicy}",
 	//   "httpMethod": "PATCH",
 	//   "id": "compute.regionSecurityPolicies.patch",
@@ -197192,7 +197193,7 @@ type SecurityPoliciesPatchCall struct {
 }
 
 // Patch: Patches the specified policy with the data included in the
-// request. To clear fields in the rule, leave the fields empty and
+// request. To clear fields in the policy, leave the fields empty and
 // specify them in the updateMask. This cannot be used to be update the
 // rules in the policy. Please use the per rule methods like addRule,
 // patchRule, and removeRule instead.
@@ -197322,7 +197323,7 @@ func (c *SecurityPoliciesPatchCall) Do(opts ...googleapi.CallOption) (*Operation
 	}
 	return ret, nil
 	// {
-	//   "description": "Patches the specified policy with the data included in the request. To clear fields in the rule, leave the fields empty and specify them in the updateMask. This cannot be used to be update the rules in the policy. Please use the per rule methods like addRule, patchRule, and removeRule instead.",
+	//   "description": "Patches the specified policy with the data included in the request. To clear fields in the policy, leave the fields empty and specify them in the updateMask. This cannot be used to be update the rules in the policy. Please use the per rule methods like addRule, patchRule, and removeRule instead.",
 	//   "flatPath": "projects/{project}/global/securityPolicies/{securityPolicy}",
 	//   "httpMethod": "PATCH",
 	//   "id": "compute.securityPolicies.patch",
@@ -197384,7 +197385,9 @@ type SecurityPoliciesPatchRuleCall struct {
 	header_            http.Header
 }
 
-// PatchRule: Patches a rule at the specified priority.
+// PatchRule: Patches a rule at the specified priority. To clear fields
+// in the rule, leave the fields empty and specify them in the
+// updateMask.
 //
 // - project: Project ID for this request.
 // - securityPolicy: Name of the security policy to update.
@@ -197509,7 +197512,7 @@ func (c *SecurityPoliciesPatchRuleCall) Do(opts ...googleapi.CallOption) (*Opera
 	}
 	return ret, nil
 	// {
-	//   "description": "Patches a rule at the specified priority.",
+	//   "description": "Patches a rule at the specified priority. To clear fields in the rule, leave the fields empty and specify them in the updateMask.",
 	//   "flatPath": "projects/{project}/global/securityPolicies/{securityPolicy}/patchRule",
 	//   "httpMethod": "POST",
 	//   "id": "compute.securityPolicies.patchRule",
@@ -226866,4 +226869,4 @@ func (c *ZonesListCall) Pages(ctx context.Context, f func(*ZoneList) error) erro
 		}
 		c.PageToken(x.NextPageToken)
 	}
-}
\ No newline at end of file
+}
diff --git a/vendor/google.golang.org/api/compute/v1/compute-api.json b/vendor/google.golang.org/api/compute/v1/compute-api.json
index 664713a56..8b77f64d4 100644
--- a/vendor/google.golang.org/api/compute/v1/compute-api.json
+++ b/vendor/google.golang.org/api/compute/v1/compute-api.json
@@ -550,6 +550,56 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
+        "move": {
+          "description": "Moves the specified address resource.",
+          "flatPath": "projects/{project}/regions/{region}/addresses/{address}/move",
+          "httpMethod": "POST",
+          "id": "compute.addresses.move",
+          "parameterOrder": [
+            "project",
+            "region",
+            "address"
+          ],
+          "parameters": {
+            "address": {
+              "description": "Name of the address resource to move.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Source project ID which the Address is moved from.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/addresses/{address}/move",
+          "request": {
+            "$ref": "RegionAddressesMoveRequest"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "setLabels": {
           "description": "Sets the labels on an Address. To learn more about labels, read the Labeling Resources documentation.",
           "flatPath": "projects/{project}/regions/{region}/addresses/{resource}/setLabels",
@@ -712,7 +762,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified autoscaler resource. Gets a list of available autoscalers by making a list() request.",
+          "description": "Returns the specified autoscaler resource.",
           "flatPath": "projects/{project}/zones/{zone}/autoscalers/{autoscaler}",
           "httpMethod": "GET",
           "id": "compute.autoscalers.get",
@@ -1085,7 +1135,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified BackendBucket resource. Gets a list of available backend buckets by making a list() request.",
+          "description": "Returns the specified BackendBucket resource.",
           "flatPath": "projects/{project}/global/backendBuckets/{backendBucket}",
           "httpMethod": "GET",
           "id": "compute.backendBuckets.get",
@@ -1523,7 +1573,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified BackendService resource. Gets a list of available backend services.",
+          "description": "Returns the specified BackendService resource.",
           "flatPath": "projects/{project}/global/backendServices/{backendService}",
           "httpMethod": "GET",
           "id": "compute.backendServices.get",
@@ -1992,7 +2042,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified disk type. Gets a list of available disk types by making a list() request.",
+          "description": "Returns the specified disk type.",
           "flatPath": "projects/{project}/zones/{zone}/diskTypes/{diskType}",
           "httpMethod": "GET",
           "id": "compute.diskTypes.get",
@@ -2211,6 +2261,48 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
+        "bulkInsert": {
+          "description": "Bulk create a set of disks.",
+          "flatPath": "projects/{project}/zones/{zone}/disks/bulkInsert",
+          "httpMethod": "POST",
+          "id": "compute.disks.bulkInsert",
+          "parameterOrder": [
+            "project",
+            "zone"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "zone": {
+              "description": "The name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/disks/bulkInsert",
+          "request": {
+            "$ref": "BulkInsertDiskResource"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "createSnapshot": {
           "description": "Creates a snapshot of a specified persistent disk. For regular snapshot creation, consider using snapshots.insert instead, as that method supports more features, such as creating snapshots in a project different from the source disk project.",
           "flatPath": "projects/{project}/zones/{zone}/disks/{disk}/createSnapshot",
@@ -2313,7 +2405,7 @@
           ]
         },
         "get": {
-          "description": "Returns a specified persistent disk. Gets a list of available persistent disks by making a list() request.",
+          "description": "Returns the specified persistent disk.",
           "flatPath": "projects/{project}/zones/{zone}/disks/{disk}",
           "httpMethod": "GET",
           "id": "compute.disks.get",
@@ -2709,6 +2801,145 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
+        "startAsyncReplication": {
+          "description": "Starts asynchronous replication. Must be invoked on the primary disk.",
+          "flatPath": "projects/{project}/zones/{zone}/disks/{disk}/startAsyncReplication",
+          "httpMethod": "POST",
+          "id": "compute.disks.startAsyncReplication",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "disk"
+          ],
+          "parameters": {
+            "disk": {
+              "description": "The name of the persistent disk.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "zone": {
+              "description": "The name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/disks/{disk}/startAsyncReplication",
+          "request": {
+            "$ref": "DisksStartAsyncReplicationRequest"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "stopAsyncReplication": {
+          "description": "Stops asynchronous replication. Can be invoked either on the primary or on the secondary disk.",
+          "flatPath": "projects/{project}/zones/{zone}/disks/{disk}/stopAsyncReplication",
+          "httpMethod": "POST",
+          "id": "compute.disks.stopAsyncReplication",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "disk"
+          ],
+          "parameters": {
+            "disk": {
+              "description": "The name of the persistent disk.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "zone": {
+              "description": "The name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/disks/{disk}/stopAsyncReplication",
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "stopGroupAsyncReplication": {
+          "description": "Stops asynchronous replication for a consistency group of disks. Can be invoked either in the primary or secondary scope.",
+          "flatPath": "projects/{project}/zones/{zone}/disks/stopGroupAsyncReplication",
+          "httpMethod": "POST",
+          "id": "compute.disks.stopGroupAsyncReplication",
+          "parameterOrder": [
+            "project",
+            "zone"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "zone": {
+              "description": "The name of the zone for this request. This must be the zone of the primary or secondary disks in the consistency group.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/disks/stopGroupAsyncReplication",
+          "request": {
+            "$ref": "DisksStopGroupAsyncReplicationResource"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "testIamPermissions": {
           "description": "Returns permissions that a caller has on the specified resource.",
           "flatPath": "projects/{project}/zones/{zone}/disks/{resource}/testIamPermissions",
@@ -3386,7 +3617,7 @@
               "type": "string"
             },
             "parentId": {
-              "description": "Parent ID for this request.",
+              "description": "Parent ID for this request. The ID can be either be \"folders/[FOLDER_ID]\" if the parent is a folder or \"organizations/[ORGANIZATION_ID]\" if the parent is an organization.",
               "location": "query",
               "type": "string"
             },
@@ -3445,7 +3676,7 @@
               "type": "string"
             },
             "parentId": {
-              "description": "The new parent of the firewall policy.",
+              "description": "The new parent of the firewall policy. The ID can be either be \"folders/[FOLDER_ID]\" if the parent is a folder or \"organizations/[ORGANIZATION_ID]\" if the parent is an organization.",
               "location": "query",
               "type": "string"
             },
@@ -4374,7 +4605,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified address resource. Gets a list of available addresses by making a list() request.",
+          "description": "Returns the specified address resource.",
           "flatPath": "projects/{project}/global/addresses/{address}",
           "httpMethod": "GET",
           "id": "compute.globalAddresses.get",
@@ -4497,6 +4728,48 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
+        "move": {
+          "description": "Moves the specified address resource from one project to another project.",
+          "flatPath": "projects/{project}/global/addresses/{address}/move",
+          "httpMethod": "POST",
+          "id": "compute.globalAddresses.move",
+          "parameterOrder": [
+            "project",
+            "address"
+          ],
+          "parameters": {
+            "address": {
+              "description": "Name of the address resource to move.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Source project ID which the Address is moved from.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/global/addresses/{address}/move",
+          "request": {
+            "$ref": "GlobalAddressesMoveRequest"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "setLabels": {
           "description": "Sets the labels on a GlobalAddress. To learn more about labels, read the Labeling Resources documentation.",
           "flatPath": "projects/{project}/global/addresses/{resource}/setLabels",
@@ -4947,7 +5220,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified network endpoint group. Gets a list of available network endpoint groups by making a list() request.",
+          "description": "Returns the specified network endpoint group.",
           "flatPath": "projects/{project}/global/networkEndpointGroups/{networkEndpointGroup}",
           "httpMethod": "GET",
           "id": "compute.globalNetworkEndpointGroups.get",
@@ -5778,7 +6051,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified HealthCheck resource. Gets a list of available health checks by making a list() request.",
+          "description": "Returns the specified HealthCheck resource.",
           "flatPath": "projects/{project}/global/healthChecks/{healthCheck}",
           "httpMethod": "GET",
           "id": "compute.healthChecks.get",
@@ -6029,7 +6302,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified HttpHealthCheck resource. Gets a list of available HTTP health checks by making a list() request.",
+          "description": "Returns the specified HttpHealthCheck resource.",
           "flatPath": "projects/{project}/global/httpHealthChecks/{httpHealthCheck}",
           "httpMethod": "GET",
           "id": "compute.httpHealthChecks.get",
@@ -6280,7 +6553,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified HttpsHealthCheck resource. Gets a list of available HTTPS health checks by making a list() request.",
+          "description": "Returns the specified HttpsHealthCheck resource.",
           "flatPath": "projects/{project}/global/httpsHealthChecks/{httpsHealthCheck}",
           "httpMethod": "GET",
           "id": "compute.httpsHealthChecks.get",
@@ -6620,7 +6893,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified image. Gets a list of available images by making a list() request.",
+          "description": "Returns the specified image.",
           "flatPath": "projects/{project}/global/images/{image}",
           "httpMethod": "GET",
           "id": "compute.images.get",
@@ -7321,7 +7594,7 @@
           ]
         },
         "get": {
-          "description": "Returns all of the details about the specified managed instance group. Gets a list of available managed instance groups by making a list() request.",
+          "description": "Returns all of the details about the specified managed instance group.",
           "flatPath": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}",
           "httpMethod": "GET",
           "id": "compute.instanceGroupManagers.get",
@@ -8585,7 +8858,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified instance template. Gets a list of available instance templates by making a list() request.",
+          "description": "Returns the specified instance template.",
           "flatPath": "projects/{project}/global/instanceTemplates/{instanceTemplate}",
           "httpMethod": "GET",
           "id": "compute.instanceTemplates.get",
@@ -9255,7 +9528,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified Instance resource. Gets a list of available instances by making a list() request.",
+          "description": "Returns the specified Instance resource.",
           "flatPath": "projects/{project}/zones/{zone}/instances/{instance}",
           "httpMethod": "GET",
           "id": "compute.instances.get",
@@ -10647,48 +10920,6 @@
               "required": true,
               "type": "string"
             },
-            "zone": {
-              "description": "The name of the zone for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "projects/{project}/zones/{zone}/instances/{instance}/simulateMaintenanceEvent",
-          "response": {
-            "$ref": "Operation"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute"
-          ]
-        },
-        "start": {
-          "description": "Starts an instance that was stopped using the instances().stop method. For more information, see Restart an instance.",
-          "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/start",
-          "httpMethod": "POST",
-          "id": "compute.instances.start",
-          "parameterOrder": [
-            "project",
-            "zone",
-            "instance"
-          ],
-          "parameters": {
-            "instance": {
-              "description": "Name of the instance resource to start.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-              "required": true,
-              "type": "string"
-            },
-            "project": {
-              "description": "Project ID for this request.",
-              "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-              "required": true,
-              "type": "string"
-            },
             "requestId": {
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
@@ -10702,7 +10933,7 @@
               "type": "string"
             }
           },
-          "path": "projects/{project}/zones/{zone}/instances/{instance}/start",
+          "path": "projects/{project}/zones/{zone}/instances/{instance}/simulateMaintenanceEvent",
           "response": {
             "$ref": "Operation"
           },
@@ -10711,11 +10942,58 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "startWithEncryptionKey": {
+        "start": {
           "description": "Starts an instance that was stopped using the instances().stop method. For more information, see Restart an instance.",
-          "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/startWithEncryptionKey",
+          "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/start",
           "httpMethod": "POST",
-          "id": "compute.instances.startWithEncryptionKey",
+          "id": "compute.instances.start",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "instance"
+          ],
+          "parameters": {
+            "instance": {
+              "description": "Name of the instance resource to start.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "zone": {
+              "description": "The name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/instances/{instance}/start",
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "startWithEncryptionKey": {
+          "description": "Starts an instance that was stopped using the instances().stop method. For more information, see Restart an instance.",
+          "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/startWithEncryptionKey",
+          "httpMethod": "POST",
+          "id": "compute.instances.startWithEncryptionKey",
           "parameterOrder": [
             "project",
             "zone",
@@ -11669,6 +11947,100 @@
         }
       }
     },
+    "interconnectRemoteLocations": {
+      "methods": {
+        "get": {
+          "description": "Returns the details for the specified interconnect remote location. Gets a list of available interconnect remote locations by making a list() request.",
+          "flatPath": "projects/{project}/global/interconnectRemoteLocations/{interconnectRemoteLocation}",
+          "httpMethod": "GET",
+          "id": "compute.interconnectRemoteLocations.get",
+          "parameterOrder": [
+            "project",
+            "interconnectRemoteLocation"
+          ],
+          "parameters": {
+            "interconnectRemoteLocation": {
+              "description": "Name of the interconnect remote location to return.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/global/interconnectRemoteLocations/{interconnectRemoteLocation}",
+          "response": {
+            "$ref": "InterconnectRemoteLocation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "list": {
+          "description": "Retrieves the list of interconnect remote locations available to the specified project.",
+          "flatPath": "projects/{project}/global/interconnectRemoteLocations",
+          "httpMethod": "GET",
+          "id": "compute.interconnectRemoteLocations.list",
+          "parameterOrder": [
+            "project"
+          ],
+          "parameters": {
+            "filter": {
+              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+              "location": "query",
+              "type": "string"
+            },
+            "maxResults": {
+              "default": "500",
+              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+              "format": "uint32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "orderBy": {
+              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+              "location": "query",
+              "type": "string"
+            },
+            "pageToken": {
+              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+              "location": "query",
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "returnPartialSuccess": {
+              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+              "location": "query",
+              "type": "boolean"
+            }
+          },
+          "path": "projects/{project}/global/interconnectRemoteLocations",
+          "response": {
+            "$ref": "InterconnectRemoteLocationList"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        }
+      }
+    },
     "interconnects": {
       "methods": {
         "delete": {
@@ -12355,7 +12727,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified machine image. Gets a list of available machine images by making a list() request.",
+          "description": "Returns the specified machine image.",
           "flatPath": "projects/{project}/global/machineImages/{machineImage}",
           "httpMethod": "GET",
           "id": "compute.machineImages.get",
@@ -12664,7 +13036,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified machine type. Gets a list of available machine types by making a list() request.",
+          "description": "Returns the specified machine type.",
           "flatPath": "projects/{project}/zones/{zone}/machineTypes/{machineType}",
           "httpMethod": "GET",
           "id": "compute.machineTypes.get",
@@ -13636,7 +14008,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified network endpoint group. Gets a list of available network endpoint groups by making a list() request.",
+          "description": "Returns the specified network endpoint group.",
           "flatPath": "projects/{project}/zones/{zone}/networkEndpointGroups/{networkEndpointGroup}",
           "httpMethod": "GET",
           "id": "compute.networkEndpointGroups.get",
@@ -14671,7 +15043,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified network. Gets a list of available networks by making a list() request.",
+          "description": "Returns the specified network.",
           "flatPath": "projects/{project}/global/networks/{network}",
           "httpMethod": "GET",
           "id": "compute.networks.get",
@@ -15712,6 +16084,56 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
+        "simulateMaintenanceEvent": {
+          "description": "Simulates maintenance event on specified nodes from the node group.",
+          "flatPath": "projects/{project}/zones/{zone}/nodeGroups/{nodeGroup}/simulateMaintenanceEvent",
+          "httpMethod": "POST",
+          "id": "compute.nodeGroups.simulateMaintenanceEvent",
+          "parameterOrder": [
+            "project",
+            "zone",
+            "nodeGroup"
+          ],
+          "parameters": {
+            "nodeGroup": {
+              "description": "Name of the NodeGroup resource whose nodes will go under maintenance simulation.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "zone": {
+              "description": "The name of the zone for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/zones/{zone}/nodeGroups/{nodeGroup}/simulateMaintenanceEvent",
+          "request": {
+            "$ref": "NodeGroupsSimulateMaintenanceEventRequest"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "testIamPermissions": {
           "description": "Returns permissions that a caller has on the specified resource.",
           "flatPath": "projects/{project}/zones/{zone}/nodeGroups/{resource}/testIamPermissions",
@@ -15870,7 +16292,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified node template. Gets a list of available node templates by making a list() request.",
+          "description": "Returns the specified node template.",
           "flatPath": "projects/{project}/regions/{region}/nodeTemplates/{nodeTemplate}",
           "httpMethod": "GET",
           "id": "compute.nodeTemplates.get",
@@ -16222,7 +16644,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified node type. Gets a list of available node types by making a list() request.",
+          "description": "Returns the specified node type.",
           "flatPath": "projects/{project}/zones/{zone}/nodeTypes/{nodeType}",
           "httpMethod": "GET",
           "id": "compute.nodeTypes.get",
@@ -17015,7 +17437,8 @@
           ]
         },
         "moveInstance": {
-          "description": "Moves an instance and its attached persistent disks from one zone to another. *Note*: Moving VMs or disks by using this method might cause unexpected behavior. For more information, see the [known issue](/compute/docs/troubleshooting/known-issues#moving_vms_or_disks_using_the_moveinstance_api_or_the_causes_unexpected_behavior).",
+          "deprecated": true,
+          "description": "Moves an instance and its attached persistent disks from one zone to another. *Note*: Moving VMs or disks by using this method might cause unexpected behavior. For more information, see the [known issue](/compute/docs/troubleshooting/known-issues#moving_vms_or_disks_using_the_moveinstance_api_or_the_causes_unexpected_behavior). [Deprecated] This method is deprecated. See [moving instance across zones](/compute/docs/instances/moving-instance-across-zones) instead.",
           "flatPath": "projects/{project}/moveInstance",
           "httpMethod": "POST",
           "id": "compute.projects.moveInstance",
@@ -18469,7 +18892,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified commitment resource. Gets a list of available commitments by making a list() request.",
+          "description": "Returns the specified commitment resource.",
           "flatPath": "projects/{project}/regions/{region}/commitments/{commitment}",
           "httpMethod": "GET",
           "id": "compute.regionCommitments.get",
@@ -18682,7 +19105,7 @@
     "regionDiskTypes": {
       "methods": {
         "get": {
-          "description": "Returns the specified regional disk type. Gets a list of available disk types by making a list() request.",
+          "description": "Returns the specified regional disk type.",
           "flatPath": "projects/{project}/regions/{region}/diskTypes/{diskType}",
           "httpMethod": "GET",
           "id": "compute.regionDiskTypes.get",
@@ -18841,6 +19264,48 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
+        "bulkInsert": {
+          "description": "Bulk create a set of disks.",
+          "flatPath": "projects/{project}/regions/{region}/disks/bulkInsert",
+          "httpMethod": "POST",
+          "id": "compute.regionDisks.bulkInsert",
+          "parameterOrder": [
+            "project",
+            "region"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "The name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/disks/bulkInsert",
+          "request": {
+            "$ref": "BulkInsertDiskResource"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "createSnapshot": {
           "description": "Creates a snapshot of a specified persistent disk. For regular snapshot creation, consider using snapshots.insert instead, as that method supports more features, such as creating snapshots in a project different from the source disk project.",
           "flatPath": "projects/{project}/regions/{region}/disks/{disk}/createSnapshot",
@@ -19019,24 +19484,280 @@
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/disks/{resource}/getIamPolicy",
+          "path": "projects/{project}/regions/{region}/disks/{resource}/getIamPolicy",
+          "response": {
+            "$ref": "Policy"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "insert": {
+          "description": "Creates a persistent regional disk in the specified project using the data included in the request.",
+          "flatPath": "projects/{project}/regions/{region}/disks",
+          "httpMethod": "POST",
+          "id": "compute.regionDisks.insert",
+          "parameterOrder": [
+            "project",
+            "region"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "sourceImage": {
+              "description": "Source image to restore onto a disk. This field is optional.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/disks",
+          "request": {
+            "$ref": "Disk"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "list": {
+          "description": "Retrieves the list of persistent disks contained within the specified region.",
+          "flatPath": "projects/{project}/regions/{region}/disks",
+          "httpMethod": "GET",
+          "id": "compute.regionDisks.list",
+          "parameterOrder": [
+            "project",
+            "region"
+          ],
+          "parameters": {
+            "filter": {
+              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+              "location": "query",
+              "type": "string"
+            },
+            "maxResults": {
+              "default": "500",
+              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+              "format": "uint32",
+              "location": "query",
+              "minimum": "0",
+              "type": "integer"
+            },
+            "orderBy": {
+              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+              "location": "query",
+              "type": "string"
+            },
+            "pageToken": {
+              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+              "location": "query",
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "returnPartialSuccess": {
+              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+              "location": "query",
+              "type": "boolean"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/disks",
+          "response": {
+            "$ref": "DiskList"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute",
+            "https://www.googleapis.com/auth/compute.readonly"
+          ]
+        },
+        "removeResourcePolicies": {
+          "description": "Removes resource policies from a regional disk.",
+          "flatPath": "projects/{project}/regions/{region}/disks/{disk}/removeResourcePolicies",
+          "httpMethod": "POST",
+          "id": "compute.regionDisks.removeResourcePolicies",
+          "parameterOrder": [
+            "project",
+            "region",
+            "disk"
+          ],
+          "parameters": {
+            "disk": {
+              "description": "The disk name for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "The name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/disks/{disk}/removeResourcePolicies",
+          "request": {
+            "$ref": "RegionDisksRemoveResourcePoliciesRequest"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "resize": {
+          "description": "Resizes the specified regional persistent disk.",
+          "flatPath": "projects/{project}/regions/{region}/disks/{disk}/resize",
+          "httpMethod": "POST",
+          "id": "compute.regionDisks.resize",
+          "parameterOrder": [
+            "project",
+            "region",
+            "disk"
+          ],
+          "parameters": {
+            "disk": {
+              "description": "Name of the regional persistent disk.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "project": {
+              "description": "The project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/disks/{disk}/resize",
+          "request": {
+            "$ref": "RegionDisksResizeRequest"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
+        "setIamPolicy": {
+          "description": "Sets the access control policy on the specified resource. Replaces any existing policy.",
+          "flatPath": "projects/{project}/regions/{region}/disks/{resource}/setIamPolicy",
+          "httpMethod": "POST",
+          "id": "compute.regionDisks.setIamPolicy",
+          "parameterOrder": [
+            "project",
+            "region",
+            "resource"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "The name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "resource": {
+              "description": "Name or id of the resource for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/disks/{resource}/setIamPolicy",
+          "request": {
+            "$ref": "RegionSetPolicyRequest"
+          },
           "response": {
             "$ref": "Policy"
           },
           "scopes": [
             "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
+            "https://www.googleapis.com/auth/compute"
           ]
         },
-        "insert": {
-          "description": "Creates a persistent regional disk in the specified project using the data included in the request.",
-          "flatPath": "projects/{project}/regions/{region}/disks",
+        "setLabels": {
+          "description": "Sets the labels on the target regional disk.",
+          "flatPath": "projects/{project}/regions/{region}/disks/{resource}/setLabels",
           "httpMethod": "POST",
-          "id": "compute.regionDisks.insert",
+          "id": "compute.regionDisks.setLabels",
           "parameterOrder": [
             "project",
-            "region"
+            "region",
+            "resource"
           ],
           "parameters": {
             "project": {
@@ -19047,7 +19768,7 @@
               "type": "string"
             },
             "region": {
-              "description": "Name of the region for this request.",
+              "description": "The region for this request.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
@@ -19058,15 +19779,17 @@
               "location": "query",
               "type": "string"
             },
-            "sourceImage": {
-              "description": "Source image to restore onto a disk. This field is optional.",
-              "location": "query",
+            "resource": {
+              "description": "Name or id of the resource for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/disks",
+          "path": "projects/{project}/regions/{region}/disks/{resource}/setLabels",
           "request": {
-            "$ref": "Disk"
+            "$ref": "RegionSetLabelsRequest"
           },
           "response": {
             "$ref": "Operation"
@@ -19076,74 +19799,11 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "list": {
-          "description": "Retrieves the list of persistent disks contained within the specified region.",
-          "flatPath": "projects/{project}/regions/{region}/disks",
-          "httpMethod": "GET",
-          "id": "compute.regionDisks.list",
-          "parameterOrder": [
-            "project",
-            "region"
-          ],
-          "parameters": {
-            "filter": {
-              "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
-              "location": "query",
-              "type": "string"
-            },
-            "maxResults": {
-              "default": "500",
-              "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
-              "format": "uint32",
-              "location": "query",
-              "minimum": "0",
-              "type": "integer"
-            },
-            "orderBy": {
-              "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
-              "location": "query",
-              "type": "string"
-            },
-            "pageToken": {
-              "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
-              "location": "query",
-              "type": "string"
-            },
-            "project": {
-              "description": "Project ID for this request.",
-              "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-              "required": true,
-              "type": "string"
-            },
-            "region": {
-              "description": "Name of the region for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
-            "returnPartialSuccess": {
-              "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
-              "location": "query",
-              "type": "boolean"
-            }
-          },
-          "path": "projects/{project}/regions/{region}/disks",
-          "response": {
-            "$ref": "DiskList"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute",
-            "https://www.googleapis.com/auth/compute.readonly"
-          ]
-        },
-        "removeResourcePolicies": {
-          "description": "Removes resource policies from a regional disk.",
-          "flatPath": "projects/{project}/regions/{region}/disks/{disk}/removeResourcePolicies",
+        "startAsyncReplication": {
+          "description": "Starts asynchronous replication. Must be invoked on the primary disk.",
+          "flatPath": "projects/{project}/regions/{region}/disks/{disk}/startAsyncReplication",
           "httpMethod": "POST",
-          "id": "compute.regionDisks.removeResourcePolicies",
+          "id": "compute.regionDisks.startAsyncReplication",
           "parameterOrder": [
             "project",
             "region",
@@ -19151,7 +19811,7 @@
           ],
           "parameters": {
             "disk": {
-              "description": "The disk name for this request.",
+              "description": "The name of the persistent disk.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
@@ -19177,9 +19837,9 @@
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/disks/{disk}/removeResourcePolicies",
+          "path": "projects/{project}/regions/{region}/disks/{disk}/startAsyncReplication",
           "request": {
-            "$ref": "RegionDisksRemoveResourcePoliciesRequest"
+            "$ref": "RegionDisksStartAsyncReplicationRequest"
           },
           "response": {
             "$ref": "Operation"
@@ -19189,11 +19849,11 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "resize": {
-          "description": "Resizes the specified regional persistent disk.",
-          "flatPath": "projects/{project}/regions/{region}/disks/{disk}/resize",
+        "stopAsyncReplication": {
+          "description": "Stops asynchronous replication. Can be invoked either on the primary or on the secondary disk.",
+          "flatPath": "projects/{project}/regions/{region}/disks/{disk}/stopAsyncReplication",
           "httpMethod": "POST",
-          "id": "compute.regionDisks.resize",
+          "id": "compute.regionDisks.stopAsyncReplication",
           "parameterOrder": [
             "project",
             "region",
@@ -19201,21 +19861,21 @@
           ],
           "parameters": {
             "disk": {
-              "description": "Name of the regional persistent disk.",
+              "description": "The name of the persistent disk.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
               "required": true,
               "type": "string"
             },
             "project": {
-              "description": "The project ID for this request.",
+              "description": "Project ID for this request.",
               "location": "path",
               "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
               "required": true,
               "type": "string"
             },
             "region": {
-              "description": "Name of the region for this request.",
+              "description": "The name of the region for this request.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
@@ -19227,10 +19887,7 @@
               "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/disks/{disk}/resize",
-          "request": {
-            "$ref": "RegionDisksResizeRequest"
-          },
+          "path": "projects/{project}/regions/{region}/disks/{disk}/stopAsyncReplication",
           "response": {
             "$ref": "Operation"
           },
@@ -19239,60 +19896,14 @@
             "https://www.googleapis.com/auth/compute"
           ]
         },
-        "setIamPolicy": {
-          "description": "Sets the access control policy on the specified resource. Replaces any existing policy.",
-          "flatPath": "projects/{project}/regions/{region}/disks/{resource}/setIamPolicy",
+        "stopGroupAsyncReplication": {
+          "description": "Stops asynchronous replication for a consistency group of disks. Can be invoked either in the primary or secondary scope.",
+          "flatPath": "projects/{project}/regions/{region}/disks/stopGroupAsyncReplication",
           "httpMethod": "POST",
-          "id": "compute.regionDisks.setIamPolicy",
+          "id": "compute.regionDisks.stopGroupAsyncReplication",
           "parameterOrder": [
             "project",
-            "region",
-            "resource"
-          ],
-          "parameters": {
-            "project": {
-              "description": "Project ID for this request.",
-              "location": "path",
-              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-              "required": true,
-              "type": "string"
-            },
-            "region": {
-              "description": "The name of the region for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-              "required": true,
-              "type": "string"
-            },
-            "resource": {
-              "description": "Name or id of the resource for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "path": "projects/{project}/regions/{region}/disks/{resource}/setIamPolicy",
-          "request": {
-            "$ref": "RegionSetPolicyRequest"
-          },
-          "response": {
-            "$ref": "Policy"
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform",
-            "https://www.googleapis.com/auth/compute"
-          ]
-        },
-        "setLabels": {
-          "description": "Sets the labels on the target regional disk.",
-          "flatPath": "projects/{project}/regions/{region}/disks/{resource}/setLabels",
-          "httpMethod": "POST",
-          "id": "compute.regionDisks.setLabels",
-          "parameterOrder": [
-            "project",
-            "region",
-            "resource"
+            "region"
           ],
           "parameters": {
             "project": {
@@ -19303,7 +19914,7 @@
               "type": "string"
             },
             "region": {
-              "description": "The region for this request.",
+              "description": "The name of the region for this request. This must be the region of the primary or secondary disks in the consistency group.",
               "location": "path",
               "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
               "required": true,
@@ -19313,18 +19924,11 @@
               "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
               "location": "query",
               "type": "string"
-            },
-            "resource": {
-              "description": "Name or id of the resource for this request.",
-              "location": "path",
-              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-              "required": true,
-              "type": "string"
             }
           },
-          "path": "projects/{project}/regions/{region}/disks/{resource}/setLabels",
+          "path": "projects/{project}/regions/{region}/disks/stopGroupAsyncReplication",
           "request": {
-            "$ref": "RegionSetLabelsRequest"
+            "$ref": "DisksStopGroupAsyncReplicationResource"
           },
           "response": {
             "$ref": "Operation"
@@ -19739,7 +20343,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified HealthCheck resource. Gets a list of available health checks by making a list() request.",
+          "description": "Returns the specified HealthCheck resource.",
           "flatPath": "projects/{project}/regions/{region}/healthChecks/{healthCheck}",
           "httpMethod": "GET",
           "id": "compute.regionHealthChecks.get",
@@ -21237,7 +21841,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified instance template. Gets a list of available instance templates by making a list() request.",
+          "description": "Returns the specified instance template.",
           "flatPath": "projects/{project}/regions/{region}/instanceTemplates/{instanceTemplate}",
           "httpMethod": "GET",
           "id": "compute.regionInstanceTemplates.get",
@@ -21480,7 +22084,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified network endpoint group. Gets a list of available network endpoint groups by making a list() request.",
+          "description": "Returns the specified network endpoint group.",
           "flatPath": "projects/{project}/regions/{region}/networkEndpointGroups/{networkEndpointGroup}",
           "httpMethod": "GET",
           "id": "compute.regionNetworkEndpointGroups.get",
@@ -23077,7 +23681,7 @@
           ]
         },
         "patch": {
-          "description": "Patches the specified policy with the data included in the request. To clear fields in the rule, leave the fields empty and specify them in the updateMask. This cannot be used to be update the rules in the policy. Please use the per rule methods like addRule, patchRule, and removeRule instead.",
+          "description": "Patches the specified policy with the data included in the request. To clear fields in the policy, leave the fields empty and specify them in the updateMask. This cannot be used to be update the rules in the policy. Please use the per rule methods like addRule, patchRule, and removeRule instead.",
           "flatPath": "projects/{project}/regions/{region}/securityPolicies/{securityPolicy}",
           "httpMethod": "PATCH",
           "id": "compute.regionSecurityPolicies.patch",
@@ -23686,7 +24290,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified TargetHttpProxy resource in the specified region. Gets a list of available target HTTP proxies by making a list() request.",
+          "description": "Returns the specified TargetHttpProxy resource in the specified region.",
           "flatPath": "projects/{project}/regions/{region}/targetHttpProxies/{targetHttpProxy}",
           "httpMethod": "GET",
           "id": "compute.regionTargetHttpProxies.get",
@@ -23935,7 +24539,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified TargetHttpsProxy resource in the specified region. Gets a list of available target HTTP proxies by making a list() request.",
+          "description": "Returns the specified TargetHttpsProxy resource in the specified region.",
           "flatPath": "projects/{project}/regions/{region}/targetHttpsProxies/{targetHttpsProxy}",
           "httpMethod": "GET",
           "id": "compute.regionTargetHttpsProxies.get",
@@ -24483,7 +25087,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified UrlMap resource. Gets a list of available URL maps by making a list() request.",
+          "description": "Returns the specified UrlMap resource.",
           "flatPath": "projects/{project}/regions/{region}/urlMaps/{urlMap}",
           "httpMethod": "GET",
           "id": "compute.regionUrlMaps.get",
@@ -24780,7 +25384,7 @@
     "regions": {
       "methods": {
         "get": {
-          "description": "Returns the specified Region resource. Gets a list of available regions by making a list() request. To decrease latency for this method, you can optionally omit any unneeded information from the response by using a field mask. This practice is especially recommended for unused quota information (the `quotas` field). To exclude one or more fields, set your request's `fields` query parameter to only include the fields you need. For example, to only include the `id` and `selfLink` fields, add the query parameter `?fields=id,selfLink` to your request.",
+          "description": "Returns the specified Region resource. To decrease latency for this method, you can optionally omit any unneeded information from the response by using a field mask. This practice is especially recommended for unused quota information (the `quotas` field). To exclude one or more fields, set your request's `fields` query parameter to only include the fields you need. For example, to only include the `id` and `selfLink` fields, add the query parameter `?fields=id,selfLink` to your request.",
           "flatPath": "projects/{project}/regions/{region}",
           "httpMethod": "GET",
           "id": "compute.regions.get",
@@ -25687,6 +26291,62 @@
             "https://www.googleapis.com/auth/compute.readonly"
           ]
         },
+        "patch": {
+          "description": "Modify the specified resource policy.",
+          "flatPath": "projects/{project}/regions/{region}/resourcePolicies/{resourcePolicy}",
+          "httpMethod": "PATCH",
+          "id": "compute.resourcePolicies.patch",
+          "parameterOrder": [
+            "project",
+            "region",
+            "resourcePolicy"
+          ],
+          "parameters": {
+            "project": {
+              "description": "Project ID for this request.",
+              "location": "path",
+              "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+              "required": true,
+              "type": "string"
+            },
+            "region": {
+              "description": "Name of the region for this request.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+              "required": true,
+              "type": "string"
+            },
+            "requestId": {
+              "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+              "location": "query",
+              "type": "string"
+            },
+            "resourcePolicy": {
+              "description": "Id of the resource policy to patch.",
+              "location": "path",
+              "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+              "required": true,
+              "type": "string"
+            },
+            "updateMask": {
+              "description": "update_mask indicates fields to be updated as part of this request.",
+              "format": "google-fieldmask",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "projects/{project}/regions/{region}/resourcePolicies/{resourcePolicy}",
+          "request": {
+            "$ref": "ResourcePolicy"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform",
+            "https://www.googleapis.com/auth/compute"
+          ]
+        },
         "setIamPolicy": {
           "description": "Sets the access control policy on the specified resource. Replaces any existing policy.",
           "flatPath": "projects/{project}/regions/{region}/resourcePolicies/{resource}/setIamPolicy",
@@ -25890,7 +26550,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified Router resource. Gets a list of available routers by making a list() request.",
+          "description": "Returns the specified Router resource.",
           "flatPath": "projects/{project}/regions/{region}/routers/{router}",
           "httpMethod": "GET",
           "id": "compute.routers.get",
@@ -25956,6 +26616,11 @@
               "minimum": "0",
               "type": "integer"
             },
+            "natName": {
+              "description": "Name of the nat service to filter the Nat Mapping information. If it is omitted, all nats for this router will be returned. Name should conform to RFC1035.",
+              "location": "query",
+              "type": "string"
+            },
             "orderBy": {
               "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
               "location": "query",
@@ -26341,7 +27006,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified Route resource. Gets a list of available routes by making a list() request.",
+          "description": "Returns the specified Route resource.",
           "flatPath": "projects/{project}/global/routes/{route}",
           "httpMethod": "GET",
           "id": "compute.routes.get",
@@ -26835,7 +27500,7 @@
           ]
         },
         "patch": {
-          "description": "Patches the specified policy with the data included in the request. To clear fields in the rule, leave the fields empty and specify them in the updateMask. This cannot be used to be update the rules in the policy. Please use the per rule methods like addRule, patchRule, and removeRule instead.",
+          "description": "Patches the specified policy with the data included in the request. To clear fields in the policy, leave the fields empty and specify them in the updateMask. This cannot be used to be update the rules in the policy. Please use the per rule methods like addRule, patchRule, and removeRule instead.",
           "flatPath": "projects/{project}/global/securityPolicies/{securityPolicy}",
           "httpMethod": "PATCH",
           "id": "compute.securityPolicies.patch",
@@ -26877,7 +27542,7 @@
           ]
         },
         "patchRule": {
-          "description": "Patches a rule at the specified priority.",
+          "description": "Patches a rule at the specified priority. To clear fields in the rule, leave the fields empty and specify them in the updateMask.",
           "flatPath": "projects/{project}/global/securityPolicies/{securityPolicy}/patchRule",
           "httpMethod": "POST",
           "id": "compute.securityPolicies.patchRule",
@@ -27492,7 +28157,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified Snapshot resource. Gets a list of available snapshots by making a list() request.",
+          "description": "Returns the specified Snapshot resource.",
           "flatPath": "projects/{project}/global/snapshots/{snapshot}",
           "httpMethod": "GET",
           "id": "compute.snapshots.get",
@@ -27872,7 +28537,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified SslCertificate resource. Gets a list of available SSL certificates by making a list() request.",
+          "description": "Returns the specified SslCertificate resource.",
           "flatPath": "projects/{project}/global/sslCertificates/{sslCertificate}",
           "httpMethod": "GET",
           "id": "compute.sslCertificates.get",
@@ -28132,7 +28797,7 @@
           ]
         },
         "insert": {
-          "description": "Returns the specified SSL policy resource. Gets a list of available SSL policies by making a list() request.",
+          "description": "Returns the specified SSL policy resource.",
           "flatPath": "projects/{project}/global/sslPolicies",
           "httpMethod": "POST",
           "id": "compute.sslPolicies.insert",
@@ -28478,7 +29143,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified subnetwork. Gets a list of available subnetworks list() request.",
+          "description": "Returns the specified subnetwork.",
           "flatPath": "projects/{project}/regions/{region}/subnetworks/{subnetwork}",
           "httpMethod": "GET",
           "id": "compute.subnetworks.get",
@@ -29239,7 +29904,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified TargetHttpProxy resource. Gets a list of available target HTTP proxies by making a list() request.",
+          "description": "Returns the specified TargetHttpProxy resource.",
           "flatPath": "projects/{project}/global/targetHttpProxies/{targetHttpProxy}",
           "httpMethod": "GET",
           "id": "compute.targetHttpProxies.get",
@@ -29550,7 +30215,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified TargetHttpsProxy resource. Gets a list of available target HTTPS proxies by making a list() request.",
+          "description": "Returns the specified TargetHttpsProxy resource.",
           "flatPath": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}",
           "httpMethod": "GET",
           "id": "compute.targetHttpsProxies.get",
@@ -30034,7 +30699,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified TargetInstance resource. Gets a list of available target instances by making a list() request.",
+          "description": "Returns the specified TargetInstance resource.",
           "flatPath": "projects/{project}/zones/{zone}/targetInstances/{targetInstance}",
           "httpMethod": "GET",
           "id": "compute.targetInstances.get",
@@ -30393,7 +31058,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified target pool. Gets a list of available target pools by making a list() request.",
+          "description": "Returns the specified target pool.",
           "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}",
           "httpMethod": "GET",
           "id": "compute.targetPools.get",
@@ -30786,7 +31451,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified TargetSslProxy resource. Gets a list of available target SSL proxies by making a list() request.",
+          "description": "Returns the specified TargetSslProxy resource.",
           "flatPath": "projects/{project}/global/targetSslProxies/{targetSslProxy}",
           "httpMethod": "GET",
           "id": "compute.targetSslProxies.get",
@@ -31221,7 +31886,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified TargetTcpProxy resource. Gets a list of available target TCP proxies by making a list() request.",
+          "description": "Returns the specified TargetTcpProxy resource.",
           "flatPath": "projects/{project}/global/targetTcpProxies/{targetTcpProxy}",
           "httpMethod": "GET",
           "id": "compute.targetTcpProxies.get",
@@ -31540,7 +32205,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified target VPN gateway. Gets a list of available target VPN gateways by making a list() request.",
+          "description": "Returns the specified target VPN gateway.",
           "flatPath": "projects/{project}/regions/{region}/targetVpnGateways/{targetVpnGateway}",
           "httpMethod": "GET",
           "id": "compute.targetVpnGateways.get",
@@ -31841,7 +32506,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified UrlMap resource. Gets a list of available URL maps by making a list() request.",
+          "description": "Returns the specified UrlMap resource.",
           "flatPath": "projects/{project}/global/urlMaps/{urlMap}",
           "httpMethod": "GET",
           "id": "compute.urlMaps.get",
@@ -32239,7 +32904,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified VPN gateway. Gets a list of available VPN gateways by making a list() request.",
+          "description": "Returns the specified VPN gateway.",
           "flatPath": "projects/{project}/regions/{region}/vpnGateways/{vpnGateway}",
           "httpMethod": "GET",
           "id": "compute.vpnGateways.get",
@@ -32637,7 +33302,7 @@
           ]
         },
         "get": {
-          "description": "Returns the specified VpnTunnel resource. Gets a list of available VPN tunnels by making a list() request.",
+          "description": "Returns the specified VpnTunnel resource.",
           "flatPath": "projects/{project}/regions/{region}/vpnTunnels/{vpnTunnel}",
           "httpMethod": "GET",
           "id": "compute.vpnTunnels.get",
@@ -33031,7 +33696,7 @@
     "zones": {
       "methods": {
         "get": {
-          "description": "Returns the specified Zone resource. Gets a list of available zones by making a list() request.",
+          "description": "Returns the specified Zone resource.",
           "flatPath": "projects/{project}/zones/{zone}",
           "httpMethod": "GET",
           "id": "compute.zones.get",
@@ -33123,7 +33788,7 @@
       }
     }
   },
-  "revision": "20230210",
+  "revision": "20230711",
   "rootUrl": "https://compute.googleapis.com/",
   "schemas": {
     "AcceleratorConfig": {
@@ -33240,6 +33905,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -33258,6 +33924,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -33269,6 +33965,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -33360,6 +34057,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -33378,6 +34076,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -33389,6 +34117,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -33462,6 +34191,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -33480,6 +34210,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -33491,6 +34251,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -33543,11 +34304,11 @@
       "id": "AccessConfig",
       "properties": {
         "externalIpv6": {
-          "description": "The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. To use a static external IP address, it must be unused and in the same region as the instance's zone. If not specified, GCP will automatically assign an external IPv6 address from the instance's subnetwork.",
+          "description": "Applies to ipv6AccessConfigs only. The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. To use a static external IP address, it must be unused and in the same region as the instance's zone. If not specified, Google Cloud will automatically assign an external IPv6 address from the instance's subnetwork.",
           "type": "string"
         },
         "externalIpv6PrefixLength": {
-          "description": "The prefix length of the external IPv6 range.",
+          "description": "Applies to ipv6AccessConfigs only. The prefix length of the external IPv6 range.",
           "format": "int32",
           "type": "integer"
         },
@@ -33557,11 +34318,11 @@
           "type": "string"
         },
         "name": {
-          "description": "The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.",
+          "description": "The name of this access configuration. In accessConfigs (IPv4), the default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. In ipv6AccessConfigs, the recommend name is External IPv6.",
           "type": "string"
         },
         "natIP": {
-          "description": "An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.",
+          "description": "Applies to accessConfigs (IPv4) only. An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.",
           "type": "string"
         },
         "networkTier": {
@@ -33589,8 +34350,7 @@
           "type": "boolean"
         },
         "type": {
-          "default": "ONE_TO_ONE_NAT",
-          "description": "The type of configuration. The default and only option is ONE_TO_ONE_NAT.",
+          "description": "The type of configuration. In accessConfigs (IPv4), the default and only option is ONE_TO_ONE_NAT. In ipv6AccessConfigs, the default and only option is DIRECT_IPV6.",
           "enum": [
             "DIRECT_IPV6",
             "ONE_TO_ONE_NAT"
@@ -33640,7 +34400,7 @@
           "type": "string"
         },
         "ipVersion": {
-          "description": "The IP version that will be used by this address. Valid options are IPV4 or IPV6. This can only be specified for a global address.",
+          "description": "The IP version that will be used by this address. Valid options are IPV4 or IPV6.",
           "enum": [
             "IPV4",
             "IPV6",
@@ -33670,6 +34430,18 @@
           "description": "[Output Only] Type of the resource. Always compute#address for addresses.",
           "type": "string"
         },
+        "labelFingerprint": {
+          "description": "A fingerprint for the labels being applied to this Address, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve an Address.",
+          "format": "byte",
+          "type": "string"
+        },
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.",
+          "type": "object"
+        },
         "name": {
           "annotations": {
             "required": [
@@ -33816,6 +34588,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -33834,6 +34607,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -33845,6 +34648,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -33936,6 +34740,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -33954,6 +34759,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -33965,6 +34800,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -34038,6 +34874,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -34056,6 +34893,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -34067,6 +34934,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -34357,6 +35225,18 @@
           ],
           "type": "string"
         },
+        "savedState": {
+          "description": "For LocalSSD disks on VM Instances in STOPPED or SUSPENDED state, this field is set to PRESERVED if the LocalSSD data has been saved to a persistent location by customer request. (see the discard_local_ssd option on Stop/Suspend). Read-only in the api.",
+          "enum": [
+            "DISK_SAVED_STATE_UNSPECIFIED",
+            "PRESERVED"
+          ],
+          "enumDescriptions": [
+            "*[Default]* Disk state has not been preserved.",
+            "Disk state has been preserved."
+          ],
+          "type": "string"
+        },
         "shieldedInstanceInitialState": {
           "$ref": "InitialStateConfig",
           "description": "[Output Only] shielded vm initial state stored on disk"
@@ -34448,6 +35328,18 @@
           "format": "int64",
           "type": "string"
         },
+        "provisionedThroughput": {
+          "description": "Indicates how much throughput to provision for the disk. This sets the number of throughput mb per second that the disk can handle. Values must be between 1 and 7,124.",
+          "format": "int64",
+          "type": "string"
+        },
+        "replicaZones": {
+          "description": "Required for each regional disk associated with the instance. Specify the URLs of the zones where the disk should be replicated to. You must provide exactly two replica zones, and one zone must be the same as the instance zone. You can't use this option with boot disks.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "resourceManagerTags": {
           "additionalProperties": {
             "type": "string"
@@ -34706,6 +35598,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -34724,6 +35617,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -34735,6 +35658,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -34826,6 +35750,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -34844,6 +35769,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -34855,6 +35810,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -34986,6 +35942,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -35004,6 +35961,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -35015,6 +36002,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -35067,7 +36055,7 @@
       "id": "AutoscalingPolicy",
       "properties": {
         "coolDownPeriodSec": {
-          "description": "The number of seconds that the autoscaler waits before it starts collecting information from a new instance. This prevents the autoscaler from collecting information when the instance is initializing, during which the collected usage would not be reliable. The default time autoscaler waits is 60 seconds. Virtual machine initialization times might vary because of numerous factors. We recommend that you test how long an instance may take to initialize. To do this, create an instance and time the startup process.",
+          "description": "The number of seconds that your application takes to initialize on a VM instance. This is referred to as the [initialization period](/compute/docs/autoscaler#cool_down_period). Specifying an accurate initialization period improves autoscaler decisions. For example, when scaling out, the autoscaler ignores data from VMs that are still initializing because those VMs might not yet represent normal usage of your application. The default initialization period is 60 seconds. Initialization periods might vary because of numerous factors. We recommend that you test how long your application takes to initialize. To do this, create a VM and time your application's startup process.",
           "format": "int32",
           "type": "integer"
         },
@@ -35097,7 +36085,7 @@
           "type": "integer"
         },
         "mode": {
-          "description": "Defines operating mode for this policy.",
+          "description": "Defines the operating mode for this policy. The following modes are available: - OFF: Disables the autoscaler but maintains its configuration. - ONLY_SCALE_OUT: Restricts the autoscaler to add VM instances only. - ON: Enables all autoscaler activities according to its policy. For more information, see \"Turning off or restricting an autoscaler\"",
           "enum": [
             "OFF",
             "ON",
@@ -35351,7 +36339,7 @@
           "type": "string"
         },
         "customResponseHeaders": {
-          "description": "Headers that the HTTP/S load balancer should add to proxied responses.",
+          "description": "Headers that the Application Load Balancer should add to proxied responses.",
           "items": {
             "type": "string"
           },
@@ -35565,6 +36553,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -35583,6 +36572,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -35594,6 +36613,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -35806,6 +36826,13 @@
           "$ref": "Duration",
           "description": "Specifies the default maximum duration (timeout) for streams to this service. Duration is computed from the beginning of the stream until the response has been completely processed, including all retries. A stream that does not complete in this duration is closed. If not specified, there will be no timeout limit, i.e. the maximum duration is infinite. This value can be overridden in the PathMatcher configuration of the UrlMap that references this backend service. This field is only allowed when the loadBalancingScheme of the backend service is INTERNAL_SELF_MANAGED."
         },
+        "metadatas": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Deployment metadata associated with the resource to be set by a GKE hub controller and read by the backend RCTH",
+          "type": "object"
+        },
         "name": {
           "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
           "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
@@ -35817,9 +36844,10 @@
         },
         "outlierDetection": {
           "$ref": "OutlierDetection",
-          "description": "Settings controlling the eviction of unhealthy hosts from the load balancing pool for the backend service. If not set, this feature is considered disabled. This field is applicable to either: - A regional backend service with the service_protocol set to HTTP, HTTPS, HTTP2, or GRPC, and load_balancing_scheme set to INTERNAL_MANAGED. - A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. "
+          "description": "Settings controlling the ejection of unhealthy backend endpoints from the load balancing pool of each individual proxy instance that processes the traffic for the given backend service. If not set, this feature is considered disabled. Results of the outlier detection algorithm (ejection of endpoints from the load balancing pool and returning them back to the pool) are executed independently by each proxy instance of the load balancer. In most cases, more than one proxy instance handles the traffic received by a backend service. Thus, it is possible that an unhealthy endpoint is detected and ejected by only some of the proxies, and while this happens, other proxies may continue to send requests to the same unhealthy endpoint until they detect and eject the unhealthy endpoint. Applicable backend endpoints can be: - VM instances in an Instance Group - Endpoints in a Zonal NEG (GCE_VM_IP, GCE_VM_IP_PORT) - Endpoints in a Hybrid Connectivity NEG (NON_GCP_PRIVATE_IP_PORT) - Serverless NEGs, that resolve to Cloud Run, App Engine, or Cloud Functions Services - Private Service Connect NEGs, that resolve to Google-managed regional API endpoints or managed services published using Private Service Connect Applicable backend service types can be: - A global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. - A regional backend service with the serviceProtocol set to HTTP, HTTPS, or HTTP2, and loadBalancingScheme set to INTERNAL_MANAGED or EXTERNAL_MANAGED. Not supported for Serverless NEGs. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true."
         },
         "port": {
+          "deprecated": true,
           "description": "Deprecated in favor of portName. The TCP port to connect on the backend. The default value is 80. For Internal TCP/UDP Load Balancing and Network Load Balancing, omit port.",
           "format": "int32",
           "type": "integer"
@@ -35962,6 +36990,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -35980,6 +37009,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -35991,6 +37050,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -36303,6 +37363,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -36321,6 +37382,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -36332,6 +37423,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -36510,6 +37602,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -36528,6 +37621,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -36539,6 +37662,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -36855,6 +37979,17 @@
       },
       "type": "object"
     },
+    "BulkInsertDiskResource": {
+      "description": "A transient resource used in compute.disks.bulkInsert and compute.regionDisks.bulkInsert. It is only used to process requests and is not persisted.",
+      "id": "BulkInsertDiskResource",
+      "properties": {
+        "sourceConsistencyGroupPolicy": {
+          "description": "The URL of the DiskConsistencyGroupPolicy for the group of disks to clone. This may be a full or partial URL, such as: - https://www.googleapis.com/compute/v1/projects/project/regions/region /resourcePolicies/resourcePolicy - projects/project/regions/region/resourcePolicies/resourcePolicy - regions/region/resourcePolicies/resourcePolicy ",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "BulkInsertInstanceResource": {
       "description": "A transient resource used in compute.instances.bulkInsert and compute.regionInstances.bulkInsert . This resource is not persisted anywhere, it is used only for processing the requests.",
       "id": "BulkInsertInstanceResource",
@@ -37095,7 +38230,7 @@
           "type": "string"
         },
         "splitSourceCommitment": {
-          "description": "Source commitment to be splitted into a new commitment.",
+          "description": "Source commitment to be split into a new commitment.",
           "type": "string"
         },
         "startTimestamp": {
@@ -37136,6 +38271,7 @@
             "GENERAL_PURPOSE_N2",
             "GENERAL_PURPOSE_N2D",
             "GENERAL_PURPOSE_T2D",
+            "GRAPHICS_OPTIMIZED",
             "MEMORY_OPTIMIZED",
             "MEMORY_OPTIMIZED_M3",
             "TYPE_UNSPECIFIED"
@@ -37152,6 +38288,7 @@
             "",
             "",
             "",
+            "",
             ""
           ],
           "type": "string"
@@ -37210,6 +38347,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -37228,6 +38366,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -37239,6 +38407,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -37330,6 +38499,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -37348,6 +38518,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -37359,6 +38559,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -37432,6 +38633,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -37450,6 +38652,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -37461,6 +38693,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -37709,7 +38942,7 @@
       "id": "CustomerEncryptionKey",
       "properties": {
         "kmsKeyName": {
-          "description": "The name of the encryption key that is stored in Google Cloud KMS. For example: \"kmsKeyName\": \"projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key ",
+          "description": "The name of the encryption key that is stored in Google Cloud KMS. For example: \"kmsKeyName\": \"projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key The fully-qualifed key name may be returned for resource GET requests. For example: \"kmsKeyName\": \"projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key /cryptoKeyVersions/1 ",
           "type": "string"
         },
         "kmsKeyServiceAccount": {
@@ -37802,6 +39035,17 @@
           ],
           "type": "string"
         },
+        "asyncPrimaryDisk": {
+          "$ref": "DiskAsyncReplication",
+          "description": "Disk asynchronously replicated into this disk."
+        },
+        "asyncSecondaryDisks": {
+          "additionalProperties": {
+            "$ref": "DiskAsyncReplicationList"
+          },
+          "description": "[Output Only] A list of disks this disk is asynchronously replicated to.",
+          "type": "object"
+        },
         "creationTimestamp": {
           "description": "[Output Only] Creation timestamp in RFC3339 text format.",
           "type": "string"
@@ -37898,6 +39142,11 @@
           "format": "int64",
           "type": "string"
         },
+        "provisionedThroughput": {
+          "description": "Indicates how much throughput to provision for the disk. This sets the number of throughput mb per second that the disk can handle. Values must be between 1 and 7,124.",
+          "format": "int64",
+          "type": "string"
+        },
         "region": {
           "description": "[Output Only] URL of the region where the disk resides. Only applicable for regional resources. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
           "type": "string"
@@ -37916,6 +39165,10 @@
           },
           "type": "array"
         },
+        "resourceStatus": {
+          "$ref": "DiskResourceStatus",
+          "description": "[Output Only] Status information for the disk resource."
+        },
         "satisfiesPzs": {
           "description": "[Output Only] Reserved for future use.",
           "type": "boolean"
@@ -37929,6 +39182,14 @@
           "format": "int64",
           "type": "string"
         },
+        "sourceConsistencyGroupPolicy": {
+          "description": "[Output Only] URL of the DiskConsistencyGroupPolicy for a secondary disk that was created using a consistency group.",
+          "type": "string"
+        },
+        "sourceConsistencyGroupPolicyId": {
+          "description": "[Output Only] ID of the DiskConsistencyGroupPolicy for a secondary disk that was created using a consistency group.",
+          "type": "string"
+        },
         "sourceDisk": {
           "description": "The source disk used to create this disk. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - https://www.googleapis.com/compute/v1/projects/project/regions/region /disks/disk - projects/project/zones/zone/disks/disk - projects/project/regions/region/disks/disk - zones/zone/disks/disk - regions/region/disks/disk ",
           "type": "string"
@@ -38052,6 +39313,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -38070,6 +39332,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -38081,6 +39373,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -38128,6 +39421,37 @@
       },
       "type": "object"
     },
+    "DiskAsyncReplication": {
+      "id": "DiskAsyncReplication",
+      "properties": {
+        "consistencyGroupPolicy": {
+          "description": "[Output Only] URL of the DiskConsistencyGroupPolicy if replication was started on the disk as a member of a group.",
+          "type": "string"
+        },
+        "consistencyGroupPolicyId": {
+          "description": "[Output Only] ID of the DiskConsistencyGroupPolicy if replication was started on the disk as a member of a group.",
+          "type": "string"
+        },
+        "disk": {
+          "description": "The other disk asynchronously replicated to or from the current disk. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - projects/project/zones/zone/disks/disk - zones/zone/disks/disk ",
+          "type": "string"
+        },
+        "diskId": {
+          "description": "[Output Only] The unique ID of the other disk asynchronously replicated to or from the current disk. This value identifies the exact disk that was used to create this replication. For example, if you started replicating the persistent disk from a disk that was later deleted and recreated under the same name, the disk ID would identify the exact version of the disk that was used.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DiskAsyncReplicationList": {
+      "id": "DiskAsyncReplicationList",
+      "properties": {
+        "asyncReplicationDisk": {
+          "$ref": "DiskAsyncReplication"
+        }
+      },
+      "type": "object"
+    },
     "DiskInstantiationConfig": {
       "description": "A specification of the desired way to instantiate a disk in the instance template when its created from a source instance.",
       "id": "DiskInstantiationConfig",
@@ -38213,6 +39537,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -38231,6 +39556,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -38242,6 +39597,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -38317,6 +39673,47 @@
       },
       "type": "object"
     },
+    "DiskResourceStatus": {
+      "id": "DiskResourceStatus",
+      "properties": {
+        "asyncPrimaryDisk": {
+          "$ref": "DiskResourceStatusAsyncReplicationStatus"
+        },
+        "asyncSecondaryDisks": {
+          "additionalProperties": {
+            "$ref": "DiskResourceStatusAsyncReplicationStatus"
+          },
+          "description": "Key: disk, value: AsyncReplicationStatus message",
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "DiskResourceStatusAsyncReplicationStatus": {
+      "id": "DiskResourceStatusAsyncReplicationStatus",
+      "properties": {
+        "state": {
+          "enum": [
+            "ACTIVE",
+            "CREATED",
+            "STARTING",
+            "STATE_UNSPECIFIED",
+            "STOPPED",
+            "STOPPING"
+          ],
+          "enumDescriptions": [
+            "Replication is active.",
+            "Secondary disk is created and is waiting for replication to start.",
+            "Replication is starting.",
+            "",
+            "Replication is stopped.",
+            "Replication is stopping."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "DiskType": {
       "description": "Represents a Disk Type resource. Google Compute Engine has two Disk Type resources: * [Regional](/compute/docs/reference/rest/v1/regionDiskTypes) * [Zonal](/compute/docs/reference/rest/v1/diskTypes) You can choose from a variety of disk types based on your needs. For more information, read Storage options. The diskTypes resource represents disk types for a zonal persistent disk. For more information, read Zonal persistent disks. The regionDiskTypes resource represents disk types for a regional persistent disk. For more information, read Regional persistent disks.",
       "id": "DiskType",
@@ -38423,6 +39820,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -38441,6 +39839,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -38452,6 +39880,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -38543,6 +39972,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -38561,6 +39991,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -38572,6 +40032,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -38645,6 +40106,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -38663,6 +40125,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -38674,6 +40166,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -38784,6 +40277,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -38802,6 +40296,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -38813,6 +40337,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -38860,6 +40385,27 @@
       },
       "type": "object"
     },
+    "DisksStartAsyncReplicationRequest": {
+      "id": "DisksStartAsyncReplicationRequest",
+      "properties": {
+        "asyncSecondaryDisk": {
+          "description": "The secondary disk to start asynchronous replication to. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - https://www.googleapis.com/compute/v1/projects/project/regions/region /disks/disk - projects/project/zones/zone/disks/disk - projects/project/regions/region/disks/disk - zones/zone/disks/disk - regions/region/disks/disk ",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DisksStopGroupAsyncReplicationResource": {
+      "description": "A transient resource used in compute.disks.stopGroupAsyncReplication and compute.regionDisks.stopGroupAsyncReplication. It is only used to process requests and is not persisted.",
+      "id": "DisksStopGroupAsyncReplicationResource",
+      "properties": {
+        "resourcePolicy": {
+          "description": "The URL of the DiskConsistencyGroupPolicy for the group of disks to stop. This may be a full or partial URL, such as: - https://www.googleapis.com/compute/v1/projects/project/regions/region /resourcePolicies/resourcePolicy - projects/project/regions/region/resourcePolicies/resourcePolicy - regions/region/resourcePolicies/resourcePolicy ",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "DisplayDevice": {
       "description": "A set of Display Device options",
       "id": "DisplayDevice",
@@ -38878,11 +40424,13 @@
           "description": "The distribution shape to which the group converges either proactively or on resize events (depending on the value set in updatePolicy.instanceRedistributionType).",
           "enum": [
             "ANY",
+            "ANY_SINGLE_ZONE",
             "BALANCED",
             "EVEN"
           ],
           "enumDescriptions": [
             "The group picks zones for creating VM instances to fulfill the requested number of VMs within present resource constraints and to maximize utilization of unused zonal reservations. Recommended for batch workloads that do not require high availability.",
+            "The group creates all VM instances within a single zone. The zone is selected based on the present resource constraints and to maximize utilization of unused zonal reservations. Recommended for batch workloads with heavy interprocess communication.",
             "The group prioritizes acquisition of resources, scheduling VMs in zones where resources are available while distributing VMs as evenly as possible across selected zones to minimize the impact of zonal failure. Recommended for highly available serving workloads.",
             "The group schedules VM instance creation and deletion to achieve and maintain an even number of managed instances across the selected zones. The distribution is even when the number of managed instances does not differ by more than 1 between any two zones. Recommended for highly available serving workloads."
           ],
@@ -39032,6 +40580,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -39050,6 +40599,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -39061,6 +40640,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -39266,6 +40846,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -39284,6 +40865,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -39295,6 +40906,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -39562,6 +41174,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -39580,6 +41193,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -39591,6 +41234,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -39699,6 +41343,7 @@
           "type": "string"
         },
         "displayName": {
+          "deprecated": true,
           "description": "Deprecated, please use short name instead. User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
           "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
           "type": "string"
@@ -39766,6 +41411,7 @@
           "type": "string"
         },
         "displayName": {
+          "deprecated": true,
           "description": "[Output Only] Deprecated, please use short name instead. The display name of the firewall policy of the association.",
           "type": "string"
         },
@@ -39823,6 +41469,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -39841,6 +41488,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -39852,6 +41529,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -39982,6 +41660,20 @@
       "description": "Represents a match condition that incoming traffic is evaluated against. Exactly one field must be specified.",
       "id": "FirewallPolicyRuleMatcher",
       "properties": {
+        "destAddressGroups": {
+          "description": "Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "destFqdns": {
+          "description": "Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "destIpRanges": {
           "description": "CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.",
           "items": {
@@ -39989,6 +41681,20 @@
           },
           "type": "array"
         },
+        "destRegionCodes": {
+          "description": "Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex.\"US\" Maximum number of dest region codes allowed is 5000.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "destThreatIntelligences": {
+          "description": "Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "layer4Configs": {
           "description": "Pairs of IP protocols and ports that the rule should match.",
           "items": {
@@ -39996,6 +41702,20 @@
           },
           "type": "array"
         },
+        "srcAddressGroups": {
+          "description": "Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "srcFqdns": {
+          "description": "Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "srcIpRanges": {
           "description": "CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.",
           "items": {
@@ -40003,12 +41723,26 @@
           },
           "type": "array"
         },
+        "srcRegionCodes": {
+          "description": "Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex.\"US\" Maximum number of source region codes allowed is 5000.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "srcSecureTags": {
           "description": "List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256.",
           "items": {
             "$ref": "FirewallPolicyRuleSecureTag"
           },
           "type": "array"
+        },
+        "srcThreatIntelligences": {
+          "description": "Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object"
@@ -40110,13 +41844,21 @@
           "type": "boolean"
         },
         "allowGlobalAccess": {
-          "description": "This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.",
+          "description": "This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If set to true, clients can access the Internal TCP/UDP Load Balancer, Internal HTTP(S) and TCP Proxy Load Balancer from all regions. If false, only allows access from the local region the load balancer is located at. Note that for INTERNAL_MANAGED forwarding rules, this field cannot be changed after the forwarding rule is created.",
+          "type": "boolean"
+        },
+        "allowPscGlobalAccess": {
+          "description": "This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.",
           "type": "boolean"
         },
         "backendService": {
           "description": "Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.",
           "type": "string"
         },
+        "baseForwardingRule": {
+          "description": "[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.",
+          "type": "string"
+        },
         "creationTimestamp": {
           "description": "[Output Only] Creation timestamp in RFC3339 text format.",
           "type": "string"
@@ -40203,7 +41945,7 @@
           "type": "string"
         },
         "network": {
-          "description": "This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If this field is not specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.",
+          "description": "This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.",
           "type": "string"
         },
         "networkTier": {
@@ -40285,6 +42027,13 @@
           "description": "[Output Only] The internal fully qualified service name for this Forwarding Rule. This field is only used for internal load balancing.",
           "type": "string"
         },
+        "sourceIpRanges": {
+          "description": "If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each source_ip_range entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "subnetwork": {
           "description": "This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.",
           "type": "string"
@@ -40347,6 +42096,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -40365,6 +42115,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -40376,6 +42156,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -40467,6 +42248,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -40485,6 +42267,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -40496,6 +42308,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -40597,6 +42410,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -40615,6 +42429,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -40626,6 +42470,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -40706,6 +42551,20 @@
       },
       "type": "object"
     },
+    "GlobalAddressesMoveRequest": {
+      "id": "GlobalAddressesMoveRequest",
+      "properties": {
+        "description": {
+          "description": "An optional destination address description if intended to be different from the source.",
+          "type": "string"
+        },
+        "destinationAddress": {
+          "description": "The URL of the destination address to move to. This can be a full or partial URL. For example, the following are all valid URLs to a address: - https://www.googleapis.com/compute/v1/projects/project /global/addresses/address - projects/project/global/addresses/address Note that destination project must be different from the source project. So /global/addresses/address is not valid partial url.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "GlobalNetworkEndpointGroupsAttachEndpointsRequest": {
       "id": "GlobalNetworkEndpointGroupsAttachEndpointsRequest",
       "properties": {
@@ -40863,13 +42722,14 @@
       "id": "GuestOsFeature",
       "properties": {
         "type": {
-          "description": "The ID of a supported feature. To add multiple values, use commas to separate values. Set to one or more of the following values: - VIRTIO_SCSI_MULTIQUEUE - WINDOWS - MULTI_IP_SUBNET - UEFI_COMPATIBLE - GVNIC - SEV_CAPABLE - SUSPEND_RESUME_COMPATIBLE - SEV_SNP_CAPABLE For more information, see Enabling guest operating system features.",
+          "description": "The ID of a supported feature. To add multiple values, use commas to separate values. Set to one or more of the following values: - VIRTIO_SCSI_MULTIQUEUE - WINDOWS - MULTI_IP_SUBNET - UEFI_COMPATIBLE - GVNIC - SEV_CAPABLE - SUSPEND_RESUME_COMPATIBLE - SEV_LIVE_MIGRATABLE - SEV_SNP_CAPABLE For more information, see Enabling guest operating system features.",
           "enum": [
             "FEATURE_TYPE_UNSPECIFIED",
             "GVNIC",
             "MULTI_IP_SUBNET",
             "SECURE_BOOT",
             "SEV_CAPABLE",
+            "SEV_LIVE_MIGRATABLE",
             "SEV_SNP_CAPABLE",
             "UEFI_COMPATIBLE",
             "VIRTIO_SCSI_MULTIQUEUE",
@@ -40884,6 +42744,7 @@
             "",
             "",
             "",
+            "",
             ""
           ],
           "type": "string"
@@ -41051,7 +42912,7 @@
       "type": "object"
     },
     "HealthCheck": {
-      "description": "Represents a Health Check resource. Google Compute Engine has two Health Check resources: * [Global](/compute/docs/reference/rest/v1/healthChecks) * [Regional](/compute/docs/reference/rest/v1/regionHealthChecks) Internal HTTP(S) load balancers must use regional health checks (`compute.v1.regionHealthChecks`). Traffic Director must use global health checks (`compute.v1.HealthChecks`). Internal TCP/UDP load balancers can use either regional or global health checks (`compute.v1.regionHealthChecks` or `compute.v1.HealthChecks`). External HTTP(S), TCP proxy, and SSL proxy load balancers as well as managed instance group auto-healing must use global health checks (`compute.v1.HealthChecks`). Backend service-based network load balancers must use regional health checks (`compute.v1.regionHealthChecks`). Target pool-based network load balancers must use legacy HTTP health checks (`compute.v1.httpHealthChecks`). For more information, see Health checks overview.",
+      "description": "Represents a Health Check resource. Google Compute Engine has two Health Check resources: * [Global](/compute/docs/reference/rest/v1/healthChecks) * [Regional](/compute/docs/reference/rest/v1/regionHealthChecks) Internal HTTP(S) load balancers must use regional health checks (`compute.v1.regionHealthChecks`). Traffic Director must use global health checks (`compute.v1.healthChecks`). Internal TCP/UDP load balancers can use either regional or global health checks (`compute.v1.regionHealthChecks` or `compute.v1.healthChecks`). External HTTP(S), TCP proxy, and SSL proxy load balancers as well as managed instance group auto-healing must use global health checks (`compute.v1.healthChecks`). Backend service-based network load balancers must use regional health checks (`compute.v1.regionHealthChecks`). Target pool-based network load balancers must use legacy HTTP health checks (`compute.v1.httpHealthChecks`). For more information, see Health checks overview.",
       "id": "HealthCheck",
       "properties": {
         "checkIntervalSec": {
@@ -41196,6 +43057,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -41214,6 +43076,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -41225,6 +43117,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -41422,6 +43315,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -41440,6 +43334,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -41451,6 +43375,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -41549,6 +43474,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -41567,6 +43493,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -41578,6 +43534,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -41651,6 +43608,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -41669,6 +43627,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -41680,6 +43668,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -41746,7 +43735,7 @@
           "type": "string"
         },
         "healthState": {
-          "description": "Health state of the instance.",
+          "description": "Health state of the IPv4 address of the instance.",
           "enum": [
             "HEALTHY",
             "UNHEALTHY"
@@ -41819,10 +43808,10 @@
             "UNKNOWN"
           ],
           "enumDescriptions": [
-            "",
-            "",
-            "",
-            ""
+            "Endpoint is being drained.",
+            "Endpoint is healthy.",
+            "Endpoint is unhealthy.",
+            "Health status of the endpoint is unknown."
           ],
           "type": "string"
         }
@@ -42068,7 +44057,7 @@
           "type": "integer"
         },
         "requestPath": {
-          "description": "The request path of the HTTP health check request. The default value is /. This field does not support query parameters.",
+          "description": "The request path of the HTTP health check request. The default value is /. This field does not support query parameters. Must comply with RFC3986.",
           "type": "string"
         },
         "selfLink": {
@@ -42132,6 +44121,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -42150,6 +44140,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -42161,6 +44181,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -42405,6 +44426,10 @@
           },
           "type": "array"
         },
+        "pathTemplateMatch": {
+          "description": "If specified, the route is a pattern match expression that must match the :path header once the query string is removed. A pattern match allows you to match - The value must be between 1 and 1024 characters - The pattern must start with a leading slash (\"/\") - There may be no more than 5 operators in pattern Precisely one of prefix_match, full_path_match, regex_match or path_template_match must be set.",
+          "type": "string"
+        },
         "prefixMatch": {
           "description": "For satisfying the matchRule condition, the request's path must begin with the specified prefixMatch. prefixMatch must begin with a /. The value must be from 1 to 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must be specified.",
           "type": "string"
@@ -42470,7 +44495,7 @@
           "type": "integer"
         },
         "requestPath": {
-          "description": "The request path of the HTTPS health check request. The default value is \"/\".",
+          "description": "The request path of the HTTPS health check request. The default value is \"/\". Must comply with RFC3986.",
           "type": "string"
         },
         "selfLink": {
@@ -42534,6 +44559,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -42552,6 +44578,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -42563,6 +44619,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -42726,6 +44783,7 @@
               "type": "string"
             },
             "sha1Checksum": {
+              "deprecated": true,
               "description": "[Deprecated] This field is deprecated. An optional SHA1 checksum of the disk image before unpackaging provided by the client when the disk image is created.",
               "pattern": "[a-f0-9]{40}",
               "type": "string"
@@ -42876,6 +44934,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -42894,6 +44953,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -42905,6 +44994,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -43047,6 +45137,10 @@
           "format": "uint64",
           "type": "string"
         },
+        "instanceEncryptionKey": {
+          "$ref": "CustomerEncryptionKey",
+          "description": "Encrypts suspended data for an instance with a customer-managed encryption key. If you are creating a new instance, this field will encrypt the local SSD and in-memory contents of the instance during the suspend operation. If you do not provide an encryption key when creating the instance, then the local SSD and in-memory contents will be encrypted using an automatically generated key during the suspend operation."
+        },
         "keyRevocationActionType": {
           "description": "KeyRevocationActionType of the instance. Supported options are \"STOP\" and \"NONE\". The default value is \"NONE\" if it is not specified.",
           "enum": [
@@ -43207,7 +45301,7 @@
             "TERMINATED"
           ],
           "enumDescriptions": [
-            "The Nanny is halted and we are performing tear down tasks like network deprogramming, releasing quota, IP, tearing down disks etc.",
+            "The instance is halted and we are performing tear down tasks like network deprogramming, releasing quota, IP, tearing down disks etc.",
             "Resources are being allocated for the instance.",
             "The instance is in repair.",
             "The instance is running.",
@@ -43286,6 +45380,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -43304,6 +45399,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -43315,6 +45440,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -43525,6 +45651,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -43543,6 +45670,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -43554,6 +45711,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -43645,6 +45803,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -43663,6 +45822,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -43674,6 +45863,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -43772,6 +45962,10 @@
           "description": "[Output Only] The URL of the Instance Group resource.",
           "type": "string"
         },
+        "instanceLifecyclePolicy": {
+          "$ref": "InstanceGroupManagerInstanceLifecyclePolicy",
+          "description": "The repair policy for this managed instance group."
+        },
         "instanceTemplate": {
           "description": "The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group. The templates for existing instances in the group do not change unless you run recreateInstances, run applyUpdatesToInstances, or set the group's updatePolicy.type to PROACTIVE.",
           "type": "string"
@@ -43985,6 +46179,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -44003,6 +46198,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -44014,6 +46239,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -44069,13 +46295,31 @@
           "type": "string"
         },
         "initialDelaySec": {
-          "description": "The number of seconds that the managed instance group waits before it applies autohealing policies to new instances or recently recreated instances. This initial delay allows instances to initialize and run their startup scripts before the instance group determines that they are UNHEALTHY. This prevents the managed instance group from recreating its instances prematurely. This value must be from range [0, 3600].",
+          "description": "The initial delay is the number of seconds that a new VM takes to initialize and run its startup script. During a VM's initial delay period, the MIG ignores unsuccessful health checks because the VM might be in the startup process. This prevents the MIG from prematurely recreating a VM. If the health check receives a healthy response during the initial delay, it indicates that the startup process is complete and the VM is ready. The value of initial delay must be between 0 and 3600 seconds. The default value is 0.",
           "format": "int32",
           "type": "integer"
         }
       },
       "type": "object"
     },
+    "InstanceGroupManagerInstanceLifecyclePolicy": {
+      "id": "InstanceGroupManagerInstanceLifecyclePolicy",
+      "properties": {
+        "forceUpdateOnRepair": {
+          "description": "A bit indicating whether to forcefully apply the group's latest configuration when repairing a VM. Valid options are: - NO (default): If configuration updates are available, they are not forcefully applied during repair. Instead, configuration updates are applied according to the group's update policy. - YES: If configuration updates are available, they are applied during repair. ",
+          "enum": [
+            "NO",
+            "YES"
+          ],
+          "enumDescriptions": [
+            "",
+            ""
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "InstanceGroupManagerList": {
       "description": "[Output Only] A list of managed instance groups.",
       "id": "InstanceGroupManagerList",
@@ -44120,6 +46364,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -44138,6 +46383,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -44149,6 +46424,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -44285,14 +46561,14 @@
           ],
           "enumDescriptions": [
             "Do not perform any action.",
-            "Updates applied in runtime, instances will not be disrupted.",
-            "Old instances will be deleted. New instances will be created from the target template.",
-            "Every instance will be restarted."
+            "Do not stop the instance.",
+            "(Default.) Replace the instance according to the replacement method option.",
+            "Stop the instance and start it again."
           ],
           "type": "string"
         },
         "mostDisruptiveAllowedAction": {
-          "description": "Most disruptive action that is allowed to be taken on an instance. You can specify either NONE to forbid any actions, REFRESH to allow actions that do not need instance restart, RESTART to allow actions that can be applied without instance replacing or REPLACE to allow all possible actions. If the Updater determines that the minimal update action needed is more disruptive than most disruptive allowed action you specify it will not perform the update at all.",
+          "description": "Most disruptive action that is allowed to be taken on an instance. You can specify either NONE to forbid any actions, REFRESH to avoid restarting the VM and to limit disruption as much as possible. RESTART to allow actions that can be applied without instance replacing or REPLACE to allow all possible actions. If the Updater determines that the minimal update action needed is more disruptive than most disruptive allowed action you specify it will not perform the update at all.",
           "enum": [
             "NONE",
             "REFRESH",
@@ -44301,9 +46577,9 @@
           ],
           "enumDescriptions": [
             "Do not perform any action.",
-            "Updates applied in runtime, instances will not be disrupted.",
-            "Old instances will be deleted. New instances will be created from the target template.",
-            "Every instance will be restarted."
+            "Do not stop the instance.",
+            "(Default.) Replace the instance according to the replacement method option.",
+            "Stop the instance and start it again."
           ],
           "type": "string"
         },
@@ -44320,14 +46596,14 @@
           "type": "string"
         },
         "type": {
-          "description": "The type of update process. You can specify either PROACTIVE so that the instance group manager proactively executes actions in order to bring instances to their target versions or OPPORTUNISTIC so that no action is proactively executed but the update will be performed as part of other actions (for example, resizes or recreateInstances calls).",
+          "description": "The type of update process. You can specify either PROACTIVE so that the MIG automatically updates VMs to the latest configurations or OPPORTUNISTIC so that you can select the VMs that you want to update.",
           "enum": [
             "OPPORTUNISTIC",
             "PROACTIVE"
           ],
           "enumDescriptions": [
-            "No action is being proactively performed in order to bring this IGM to its target version distribution (regardless of whether this distribution is expressed using instanceTemplate or versions field).",
-            "This IGM will actively converge to its target version distribution (regardless of whether this distribution is expressed using instanceTemplate or versions field)."
+            "MIG will apply new configurations to existing VMs only when you selectively target specific or all VMs to be updated.",
+            "MIG will automatically apply new configurations to all or a subset of existing VMs and also to new VMs that are added to the group."
           ],
           "type": "string"
         }
@@ -44381,7 +46657,7 @@
           "type": "array"
         },
         "minimalAction": {
-          "description": "The minimal action that you want to perform on each instance during the update: - REPLACE: At minimum, delete the instance and create it again. - RESTART: Stop the instance and start it again. - REFRESH: Do not stop the instance. - NONE: Do not disrupt the instance at all. By default, the minimum action is NONE. If your update requires a more disruptive action than you set with this flag, the necessary action is performed to execute the update.",
+          "description": "The minimal action that you want to perform on each instance during the update: - REPLACE: At minimum, delete the instance and create it again. - RESTART: Stop the instance and start it again. - REFRESH: Do not stop the instance and limit disruption as much as possible. - NONE: Do not disrupt the instance at all. By default, the minimum action is NONE. If your update requires a more disruptive action than you set with this flag, the necessary action is performed to execute the update.",
           "enum": [
             "NONE",
             "REFRESH",
@@ -44390,14 +46666,14 @@
           ],
           "enumDescriptions": [
             "Do not perform any action.",
-            "Updates applied in runtime, instances will not be disrupted.",
-            "Old instances will be deleted. New instances will be created from the target template.",
-            "Every instance will be restarted."
+            "Do not stop the instance.",
+            "(Default.) Replace the instance according to the replacement method option.",
+            "Stop the instance and start it again."
           ],
           "type": "string"
         },
         "mostDisruptiveAllowedAction": {
-          "description": "The most disruptive action that you want to perform on each instance during the update: - REPLACE: Delete the instance and create it again. - RESTART: Stop the instance and start it again. - REFRESH: Do not stop the instance. - NONE: Do not disrupt the instance at all. By default, the most disruptive allowed action is REPLACE. If your update requires a more disruptive action than you set with this flag, the update request will fail.",
+          "description": "The most disruptive action that you want to perform on each instance during the update: - REPLACE: Delete the instance and create it again. - RESTART: Stop the instance and start it again. - REFRESH: Do not stop the instance and limit disruption as much as possible. - NONE: Do not disrupt the instance at all. By default, the most disruptive allowed action is REPLACE. If your update requires a more disruptive action than you set with this flag, the update request will fail.",
           "enum": [
             "NONE",
             "REFRESH",
@@ -44406,9 +46682,9 @@
           ],
           "enumDescriptions": [
             "Do not perform any action.",
-            "Updates applied in runtime, instances will not be disrupted.",
-            "Old instances will be deleted. New instances will be created from the target template.",
-            "Every instance will be restarted."
+            "Do not stop the instance.",
+            "(Default.) Replace the instance according to the replacement method option.",
+            "Stop the instance and start it again."
           ],
           "type": "string"
         }
@@ -44433,7 +46709,7 @@
       "id": "InstanceGroupManagersDeleteInstancesRequest",
       "properties": {
         "instances": {
-          "description": "The URLs of one or more instances to delete. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME].",
+          "description": "The URLs of one or more instances to delete. This can be a full URL or a partial URL, such as zones/[ZONE]/instances/[INSTANCE_NAME]. Queued instances do not have URL and can be deleted only by name. One cannot specify both URLs and names in a single request.",
           "items": {
             "type": "string"
           },
@@ -44524,6 +46800,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -44542,6 +46819,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -44553,6 +46860,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -44653,6 +46961,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -44671,6 +46980,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -44682,6 +47021,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -44827,6 +47167,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -44845,6 +47186,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -44856,6 +47227,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -44960,6 +47332,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -44978,6 +47351,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -44989,6 +47392,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -45098,6 +47502,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -45116,6 +47521,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -45127,6 +47562,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -45218,6 +47654,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -45236,6 +47673,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -45247,6 +47714,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -45648,6 +48116,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -45666,6 +48135,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -45677,6 +48176,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -45768,6 +48268,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -45786,6 +48287,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -45797,6 +48328,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -45870,6 +48402,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -45888,6 +48421,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -45899,6 +48462,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -45975,7 +48539,7 @@
             "TERMINATED"
           ],
           "enumDescriptions": [
-            "The Nanny is halted and we are performing tear down tasks like network deprogramming, releasing quota, IP, tearing down disks etc.",
+            "The instance is halted and we are performing tear down tasks like network deprogramming, releasing quota, IP, tearing down disks etc.",
             "Resources are being allocated for the instance.",
             "The instance is in repair.",
             "The instance is running.",
@@ -46028,6 +48592,7 @@
       "id": "InstancesGetEffectiveFirewallsResponseEffectiveFirewallPolicy",
       "properties": {
         "displayName": {
+          "deprecated": true,
           "description": "[Output Only] Deprecated, please use short name instead. The display name of the firewall policy.",
           "type": "string"
         },
@@ -46104,6 +48669,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -46122,6 +48688,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -46133,6 +48729,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -46292,7 +48889,7 @@
       "type": "object"
     },
     "Interconnect": {
-      "description": "Represents an Interconnect resource. An Interconnect resource is a dedicated connection between the GCP network and your on-premises network. For more information, read the Dedicated Interconnect Overview.",
+      "description": "Represents an Interconnect resource. An Interconnect resource is a dedicated connection between the Google Cloud network and your on-premises network. For more information, read the Dedicated Interconnect Overview.",
       "id": "Interconnect",
       "properties": {
         "adminEnabled": {
@@ -46364,6 +48961,18 @@
           "description": "[Output Only] Type of the resource. Always compute#interconnect for interconnects.",
           "type": "string"
         },
+        "labelFingerprint": {
+          "description": "A fingerprint for the labels being applied to this Interconnect, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve an Interconnect.",
+          "format": "byte",
+          "type": "string"
+        },
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.",
+          "type": "object"
+        },
         "linkType": {
           "description": "Type of link requested, which can take one of the following values: - LINK_TYPE_ETHERNET_10G_LR: A 10G Ethernet with LR optics - LINK_TYPE_ETHERNET_100G_LR: A 100G Ethernet with LR optics. Note that this field indicates the speed of each of the links in the bundle, not the speed of the entire bundle.",
           "enum": [
@@ -46415,13 +49024,17 @@
           "format": "int32",
           "type": "integer"
         },
+        "remoteLocation": {
+          "description": "Indicates that this is a Cross-Cloud Interconnect. This field specifies the location outside of Google's network that the interconnect is connected to.",
+          "type": "string"
+        },
         "requestedLinkCount": {
           "description": "Target number of physical links in the link bundle, as requested by the customer.",
           "format": "int32",
           "type": "integer"
         },
         "satisfiesPzs": {
-          "description": "[Output Only] Set to true if the resource satisfies the zone separation organization policy constraints and false otherwise. Defaults to false if the field is not present.",
+          "description": "[Output Only] Reserved for future use.",
           "type": "boolean"
         },
         "selfLink": {
@@ -46509,6 +49122,10 @@
           "description": "This field is not available.",
           "type": "string"
         },
+        "configurationConstraints": {
+          "$ref": "InterconnectAttachmentConfigurationConstraints",
+          "description": "[Output Only] Constraints for this attachment, if any. The attachment does not work if these constraints are not met."
+        },
         "creationTimestamp": {
           "description": "[Output Only] Creation timestamp in RFC3339 text format.",
           "type": "string"
@@ -46561,6 +49178,7 @@
           "type": "string"
         },
         "googleReferenceId": {
+          "deprecated": true,
           "description": "[Output Only] Google reference ID, to be used when raising support tickets with Google or otherwise to debug backend connectivity issues. [Deprecated] This field is not used.",
           "type": "string"
         },
@@ -46574,7 +49192,7 @@
           "type": "string"
         },
         "ipsecInternalAddresses": {
-          "description": "A list of URLs of addresses that have been reserved for the VLAN attachment. Used only for the VLAN attachment that has the encryption option as IPSEC. The addresses must be regional internal IP address ranges. When creating an HA VPN gateway over the VLAN attachment, if the attachment is configured to use a regional internal IP address, then the VPN gateway's IP address is allocated from the IP address range specified here. For example, if the HA VPN gateway's interface 0 is paired to this VLAN attachment, then a regional internal IP address for the VPN gateway interface 0 will be allocated from the IP address specified for this VLAN attachment. If this field is not specified when creating the VLAN attachment, then later on when creating an HA VPN gateway on this VLAN attachment, the HA VPN gateway's IP address is allocated from the regional external IP address pool. Not currently available publicly. ",
+          "description": "A list of URLs of addresses that have been reserved for the VLAN attachment. Used only for the VLAN attachment that has the encryption option as IPSEC. The addresses must be regional internal IP address ranges. When creating an HA VPN gateway over the VLAN attachment, if the attachment is configured to use a regional internal IP address, then the VPN gateway's IP address is allocated from the IP address range specified here. For example, if the HA VPN gateway's interface 0 is paired to this VLAN attachment, then a regional internal IP address for the VPN gateway interface 0 will be allocated from the IP address specified for this VLAN attachment. If this field is not specified when creating the VLAN attachment, then later on when creating an HA VPN gateway on this VLAN attachment, the HA VPN gateway's IP address is allocated from the regional external IP address pool.",
           "items": {
             "type": "string"
           },
@@ -46585,6 +49203,18 @@
           "description": "[Output Only] Type of the resource. Always compute#interconnectAttachment for interconnect attachments.",
           "type": "string"
         },
+        "labelFingerprint": {
+          "description": "A fingerprint for the labels being applied to this InterconnectAttachment, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve an InterconnectAttachment.",
+          "format": "byte",
+          "type": "string"
+        },
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.",
+          "type": "object"
+        },
         "mtu": {
           "description": "Maximum Transmission Unit (MTU), in bytes, of packets passing through this interconnect attachment. Only 1440 and 1500 are allowed. If not specified, the value will default to 1440.",
           "format": "int32",
@@ -46628,12 +49258,16 @@
           "description": "[Output Only] URL of the region where the regional interconnect attachment resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
           "type": "string"
         },
+        "remoteService": {
+          "description": "[Output Only] If the attachment is on a Cross-Cloud Interconnect connection, this field contains the interconnect's remote location service provider. Example values: \"Amazon Web Services\" \"Microsoft Azure\". The field is set only for attachments on Cross-Cloud Interconnect connections. Its value is copied from the InterconnectRemoteLocation remoteService field.",
+          "type": "string"
+        },
         "router": {
           "description": "URL of the Cloud Router to be used for dynamic routing. This router must be in the same region as this InterconnectAttachment. The InterconnectAttachment will automatically connect the Interconnect to the network \u0026 region within which the Cloud Router is configured.",
           "type": "string"
         },
         "satisfiesPzs": {
-          "description": "[Output Only] Set to true if the resource satisfies the zone separation organization policy constraints and false otherwise. Defaults to false if the field is not present.",
+          "description": "[Output Only] Reserved for future use.",
           "type": "boolean"
         },
         "selfLink": {
@@ -46674,6 +49308,11 @@
           ],
           "type": "string"
         },
+        "subnetLength": {
+          "description": "Length of the IPv4 subnet mask. Allowed values: - 29 (default) - 30 The default value is 29, except for Cross-Cloud Interconnect connections that use an InterconnectRemoteLocation with a constraints.subnetLengthRange.min equal to 30. For example, connections that use an Azure remote location fall into this category. In these cases, the default value is 30, and requesting 29 returns an error. Where both 29 and 30 are allowed, 29 is preferred, because it gives Google Cloud Support more debugging visibility. ",
+          "format": "int32",
+          "type": "integer"
+        },
         "type": {
           "description": "The type of interconnect attachment this is, which can take one of the following values: - DEDICATED: an attachment to a Dedicated Interconnect. - PARTNER: an attachment to a Partner Interconnect, created by the customer. - PARTNER_PROVIDER: an attachment to a Partner Interconnect, created by the partner. ",
           "enum": [
@@ -46747,6 +49386,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -46765,6 +49405,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -46776,6 +49446,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -46823,6 +49494,47 @@
       },
       "type": "object"
     },
+    "InterconnectAttachmentConfigurationConstraints": {
+      "id": "InterconnectAttachmentConfigurationConstraints",
+      "properties": {
+        "bgpMd5": {
+          "description": "[Output Only] Whether the attachment's BGP session requires/allows/disallows BGP MD5 authentication. This can take one of the following values: MD5_OPTIONAL, MD5_REQUIRED, MD5_UNSUPPORTED. For example, a Cross-Cloud Interconnect connection to a remote cloud provider that requires BGP MD5 authentication has the interconnectRemoteLocation attachment_configuration_constraints.bgp_md5 field set to MD5_REQUIRED, and that property is propagated to the attachment. Similarly, if BGP MD5 is MD5_UNSUPPORTED, an error is returned if MD5 is requested.",
+          "enum": [
+            "MD5_OPTIONAL",
+            "MD5_REQUIRED",
+            "MD5_UNSUPPORTED"
+          ],
+          "enumDescriptions": [
+            "MD5_OPTIONAL: BGP MD5 authentication is supported and can optionally be configured.",
+            "MD5_REQUIRED: BGP MD5 authentication must be configured.",
+            "MD5_UNSUPPORTED: BGP MD5 authentication must not be configured"
+          ],
+          "type": "string"
+        },
+        "bgpPeerAsnRanges": {
+          "description": "[Output Only] List of ASN ranges that the remote location is known to support. Formatted as an array of inclusive ranges {min: min-value, max: max-value}. For example, [{min: 123, max: 123}, {min: 64512, max: 65534}] allows the peer ASN to be 123 or anything in the range 64512-65534. This field is only advisory. Although the API accepts other ranges, these are the ranges that we recommend.",
+          "items": {
+            "$ref": "InterconnectAttachmentConfigurationConstraintsBgpPeerASNRange"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "InterconnectAttachmentConfigurationConstraintsBgpPeerASNRange": {
+      "id": "InterconnectAttachmentConfigurationConstraintsBgpPeerASNRange",
+      "properties": {
+        "max": {
+          "format": "uint32",
+          "type": "integer"
+        },
+        "min": {
+          "format": "uint32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
     "InterconnectAttachmentList": {
       "description": "Response to the list request, and contains a list of interconnect attachments.",
       "id": "InterconnectAttachmentList",
@@ -46867,6 +49579,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -46885,6 +49598,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -46896,6 +49639,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -47000,6 +49744,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -47018,6 +49763,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -47029,6 +49804,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -47096,7 +49872,7 @@
       "type": "object"
     },
     "InterconnectDiagnostics": {
-      "description": "Diagnostics information about interconnect, contains detailed and current technical information about Google's side of the connection.",
+      "description": "Diagnostics information about the Interconnect connection, which contains detailed and current technical information about Google's side of the connection.",
       "id": "InterconnectDiagnostics",
       "properties": {
         "arpCaches": {
@@ -47302,6 +50078,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -47320,6 +50097,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -47331,6 +50138,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -47480,7 +50288,7 @@
           "type": "string"
         },
         "supportsPzs": {
-          "description": "[Output Only] Set to true for locations that support physical zone separation. Defaults to false if the field is not present.",
+          "description": "[Output Only] Reserved for future use.",
           "type": "boolean"
         }
       },
@@ -47530,6 +50338,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -47548,6 +50357,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -47559,6 +50398,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -47716,6 +50556,340 @@
       },
       "type": "object"
     },
+    "InterconnectRemoteLocation": {
+      "description": "Represents a Cross-Cloud Interconnect Remote Location resource. You can use this resource to find remote location details about an Interconnect attachment (VLAN).",
+      "id": "InterconnectRemoteLocation",
+      "properties": {
+        "address": {
+          "description": "[Output Only] The postal address of the Point of Presence, each line in the address is separated by a newline character.",
+          "type": "string"
+        },
+        "attachmentConfigurationConstraints": {
+          "$ref": "InterconnectAttachmentConfigurationConstraints",
+          "description": "[Output Only] Subset of fields from InterconnectAttachment's |configurationConstraints| field that apply to all attachments for this remote location."
+        },
+        "city": {
+          "description": "[Output Only] Metropolitan area designator that indicates which city an interconnect is located. For example: \"Chicago, IL\", \"Amsterdam, Netherlands\".",
+          "type": "string"
+        },
+        "constraints": {
+          "$ref": "InterconnectRemoteLocationConstraints",
+          "description": "[Output Only] Constraints on the parameters for creating Cross-Cloud Interconnect and associated InterconnectAttachments."
+        },
+        "continent": {
+          "description": "[Output Only] Continent for this location, which can take one of the following values: - AFRICA - ASIA_PAC - EUROPE - NORTH_AMERICA - SOUTH_AMERICA ",
+          "enum": [
+            "AFRICA",
+            "ASIA_PAC",
+            "EUROPE",
+            "NORTH_AMERICA",
+            "SOUTH_AMERICA"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
+        },
+        "description": {
+          "description": "[Output Only] An optional description of the resource.",
+          "type": "string"
+        },
+        "facilityProvider": {
+          "description": "[Output Only] The name of the provider for this facility (e.g., EQUINIX).",
+          "type": "string"
+        },
+        "facilityProviderFacilityId": {
+          "description": "[Output Only] A provider-assigned Identifier for this facility (e.g., Ashburn-DC1).",
+          "type": "string"
+        },
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "kind": {
+          "default": "compute#interconnectRemoteLocation",
+          "description": "[Output Only] Type of the resource. Always compute#interconnectRemoteLocation for interconnect remote locations.",
+          "type": "string"
+        },
+        "lacp": {
+          "description": "[Output Only] Link Aggregation Control Protocol (LACP) constraints, which can take one of the following values: LACP_SUPPORTED, LACP_UNSUPPORTED",
+          "enum": [
+            "LACP_SUPPORTED",
+            "LACP_UNSUPPORTED"
+          ],
+          "enumDescriptions": [
+            "LACP_SUPPORTED: LACP is supported, and enabled by default on the Cross-Cloud Interconnect.",
+            "LACP_UNSUPPORTED: LACP is not supported and is not be enabled on this port. GetDiagnostics shows bundleAggregationType as \"static\". GCP does not support LAGs without LACP, so requestedLinkCount must be 1."
+          ],
+          "type": "string"
+        },
+        "maxLagSize100Gbps": {
+          "description": "[Output Only] The maximum number of 100 Gbps ports supported in a link aggregation group (LAG). When linkType is 100 Gbps, requestedLinkCount cannot exceed max_lag_size_100_gbps.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "maxLagSize10Gbps": {
+          "description": "[Output Only] The maximum number of 10 Gbps ports supported in a link aggregation group (LAG). When linkType is 10 Gbps, requestedLinkCount cannot exceed max_lag_size_10_gbps.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "name": {
+          "description": "[Output Only] Name of the resource.",
+          "type": "string"
+        },
+        "peeringdbFacilityId": {
+          "description": "[Output Only] The peeringdb identifier for this facility (corresponding with a netfac type in peeringdb).",
+          "type": "string"
+        },
+        "permittedConnections": {
+          "description": "[Output Only] Permitted connections.",
+          "items": {
+            "$ref": "InterconnectRemoteLocationPermittedConnections"
+          },
+          "type": "array"
+        },
+        "remoteService": {
+          "description": "[Output Only] Indicates the service provider present at the remote location. Example values: \"Amazon Web Services\", \"Microsoft Azure\".",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
+          "type": "string"
+        },
+        "status": {
+          "description": "[Output Only] The status of this InterconnectRemoteLocation, which can take one of the following values: - CLOSED: The InterconnectRemoteLocation is closed and is unavailable for provisioning new Cross-Cloud Interconnects. - AVAILABLE: The InterconnectRemoteLocation is available for provisioning new Cross-Cloud Interconnects. ",
+          "enum": [
+            "AVAILABLE",
+            "CLOSED"
+          ],
+          "enumDescriptions": [
+            "The InterconnectRemoteLocation is available for provisioning new Cross-Cloud Interconnects.",
+            "The InterconnectRemoteLocation is closed for provisioning new Cross-Cloud Interconnects."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "InterconnectRemoteLocationConstraints": {
+      "id": "InterconnectRemoteLocationConstraints",
+      "properties": {
+        "portPairRemoteLocation": {
+          "description": "[Output Only] Port pair remote location constraints, which can take one of the following values: PORT_PAIR_UNCONSTRAINED_REMOTE_LOCATION, PORT_PAIR_MATCHING_REMOTE_LOCATION. GCP's API refers only to individual ports, but the UI uses this field when ordering a pair of ports, to prevent users from accidentally ordering something that is incompatible with their cloud provider. Specifically, when ordering a redundant pair of Cross-Cloud Interconnect ports, and one of them uses a remote location with portPairMatchingRemoteLocation set to matching, the UI requires that both ports use the same remote location.",
+          "enum": [
+            "PORT_PAIR_MATCHING_REMOTE_LOCATION",
+            "PORT_PAIR_UNCONSTRAINED_REMOTE_LOCATION"
+          ],
+          "enumDescriptions": [
+            "If PORT_PAIR_MATCHING_REMOTE_LOCATION, the remote cloud provider allocates ports in pairs, and the user should choose the same remote location for both ports.",
+            "If PORT_PAIR_UNCONSTRAINED_REMOTE_LOCATION, a user may opt to provision a redundant pair of Cross-Cloud Interconnects using two different remote locations in the same city."
+          ],
+          "type": "string"
+        },
+        "portPairVlan": {
+          "description": "[Output Only] Port pair VLAN constraints, which can take one of the following values: PORT_PAIR_UNCONSTRAINED_VLAN, PORT_PAIR_MATCHING_VLAN",
+          "enum": [
+            "PORT_PAIR_MATCHING_VLAN",
+            "PORT_PAIR_UNCONSTRAINED_VLAN"
+          ],
+          "enumDescriptions": [
+            "If PORT_PAIR_MATCHING_VLAN, the Interconnect for this attachment is part of a pair of ports that should have matching VLAN allocations. This occurs with Cross-Cloud Interconnect to Azure remote locations. While GCP's API does not explicitly group pairs of ports, the UI uses this field to ensure matching VLAN ids when configuring a redundant VLAN pair.",
+            "PORT_PAIR_UNCONSTRAINED_VLAN means there is no constraint."
+          ],
+          "type": "string"
+        },
+        "subnetLengthRange": {
+          "$ref": "InterconnectRemoteLocationConstraintsSubnetLengthRange",
+          "description": "[Output Only] [min-length, max-length] The minimum and maximum value (inclusive) for the IPv4 subnet length. For example, an interconnectRemoteLocation for Azure has {min: 30, max: 30} because Azure requires /30 subnets. This range specifies the values supported by both cloud providers. Interconnect currently supports /29 and /30 IPv4 subnet lengths. If a remote cloud has no constraint on IPv4 subnet length, the range would thus be {min: 29, max: 30}. "
+        }
+      },
+      "type": "object"
+    },
+    "InterconnectRemoteLocationConstraintsSubnetLengthRange": {
+      "id": "InterconnectRemoteLocationConstraintsSubnetLengthRange",
+      "properties": {
+        "max": {
+          "format": "int32",
+          "type": "integer"
+        },
+        "min": {
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "InterconnectRemoteLocationList": {
+      "description": "Response to the list request, and contains a list of interconnect remote locations.",
+      "id": "InterconnectRemoteLocationList",
+      "properties": {
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "type": "string"
+        },
+        "items": {
+          "description": "A list of InterconnectRemoteLocation resources.",
+          "items": {
+            "$ref": "InterconnectRemoteLocation"
+          },
+          "type": "array"
+        },
+        "kind": {
+          "default": "compute#interconnectRemoteLocationList",
+          "description": "[Output Only] Type of resource. Always compute#interconnectRemoteLocationList for lists of interconnect remote locations.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token lets you get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
+        "warning": {
+          "description": "[Output Only] Informational warning message.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "InterconnectRemoteLocationPermittedConnections": {
+      "id": "InterconnectRemoteLocationPermittedConnections",
+      "properties": {
+        "interconnectLocation": {
+          "description": "[Output Only] URL of an Interconnect location that is permitted to connect to this Interconnect remote location.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "InterconnectsGetDiagnosticsResponse": {
       "description": "Response for the InterconnectsGetDiagnosticsRequest.",
       "id": "InterconnectsGetDiagnosticsResponse",
@@ -47937,6 +51111,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -47955,6 +51130,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -47966,6 +51171,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -48363,6 +51569,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -48381,6 +51588,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -48392,6 +51629,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -48453,7 +51691,7 @@
                 "type": "integer"
               },
               "guestAcceleratorType": {
-                "description": "The accelerator type resource name, not a full URL, e.g. 'nvidia-tesla-k80'.",
+                "description": "The accelerator type resource name, not a full URL, e.g. nvidia-tesla-t4.",
                 "type": "string"
               }
             },
@@ -48593,6 +51831,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -48611,6 +51850,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -48622,6 +51891,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -48713,6 +51983,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -48731,6 +52002,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -48742,6 +52043,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -48815,6 +52117,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -48833,6 +52136,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -48844,6 +52177,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -48960,7 +52294,7 @@
             "TERMINATED"
           ],
           "enumDescriptions": [
-            "The Nanny is halted and we are performing tear down tasks like network deprogramming, releasing quota, IP, tearing down disks etc.",
+            "The instance is halted and we are performing tear down tasks like network deprogramming, releasing quota, IP, tearing down disks etc.",
             "Resources are being allocated for the instance.",
             "The instance is in repair.",
             "The instance is running.",
@@ -49200,6 +52534,7 @@
       "id": "Network",
       "properties": {
         "IPv4Range": {
+          "deprecated": true,
           "description": "Deprecated in favor of subnet mode networks. The range of internal addresses that are legal on this network. This range is a CIDR specification, for example: 192.168.0.0/16. Provided by the client when the network is created.",
           "pattern": "[0-9]{1,3}(?:\\.[0-9]{1,3}){3}/[0-9]{1,2}",
           "type": "string"
@@ -49225,7 +52560,7 @@
           "type": "string"
         },
         "gatewayIPv4": {
-          "description": "[Output Only] The gateway address for default routing out of the network, selected by GCP.",
+          "description": "[Output Only] The gateway address for default routing out of the network, selected by Google Cloud.",
           "pattern": "[0-9]{1,3}(?:\\.[0-9]{1,3}){3}",
           "type": "string"
         },
@@ -49332,7 +52667,7 @@
           "type": "string"
         },
         "fingerprint": {
-          "description": "[Output Only] Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. An up-to-date fingerprint must be provided in order to patch.",
+          "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. An up-to-date fingerprint must be provided in order to patch.",
           "format": "byte",
           "type": "string"
         },
@@ -49357,7 +52692,7 @@
           "type": "string"
         },
         "network": {
-          "description": "[Output Only] The URL of the network which the Network Attachment belongs to.",
+          "description": "[Output Only] The URL of the network which the Network Attachment belongs to. Practically it is inferred by fetching the network of the first subnetwork associated. Because it is required that all the subnetworks must be from the same network, it is assured that the Network Attachment belongs to the same network as all the subnetworks.",
           "type": "string"
         },
         "producerAcceptLists": {
@@ -49440,6 +52775,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -49458,6 +52794,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -49469,6 +52835,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -49521,7 +52888,7 @@
       "id": "NetworkAttachmentConnectedEndpoint",
       "properties": {
         "ipAddress": {
-          "description": "The IP address assigned to the producer instance network interface. This value will be a range in case of Serverless.",
+          "description": "The IPv4 address assigned to the producer instance network interface. This value will be a range in case of Serverless.",
           "type": "string"
         },
         "projectIdOrNum": {
@@ -49529,7 +52896,7 @@
           "type": "string"
         },
         "secondaryIpCidrRanges": {
-          "description": "Alias IP ranges from the same subnetwork",
+          "description": "Alias IP ranges from the same subnetwork.",
           "items": {
             "type": "string"
           },
@@ -49604,6 +52971,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -49622,6 +52990,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -49633,6 +53031,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -49706,6 +53105,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -49724,6 +53124,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -49735,6 +53165,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -49887,6 +53318,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -49905,6 +53337,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -49916,6 +53378,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -49989,6 +53452,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -50007,6 +53471,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -50018,6 +53512,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -50254,6 +53749,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -50272,6 +53768,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -50283,6 +53809,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -50426,6 +53953,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -50444,6 +53972,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -50455,6 +54013,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -50621,6 +54180,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -50639,6 +54199,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -50650,6 +54240,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -50723,6 +54314,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -50741,6 +54333,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -50752,6 +54374,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -50864,7 +54487,7 @@
           "type": "string"
         },
         "ipv6Address": {
-          "description": "An IPv6 internal network address for this network interface. To use a static internal IP address, it must be unused and in the same region as the instance's zone. If not specified, GCP will automatically assign an internal IPv6 address from the instance's subnetwork.",
+          "description": "An IPv6 internal network address for this network interface. To use a static internal IP address, it must be unused and in the same region as the instance's zone. If not specified, Google Cloud will automatically assign an internal IPv6 address from the instance's subnetwork.",
           "type": "string"
         },
         "kind": {
@@ -50908,7 +54531,7 @@
           "type": "integer"
         },
         "stackType": {
-          "description": "The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used. This field can be both set at instance creation and update network interface operations.",
+          "description": "The stack type for this network interface. To assign only IPv4 addresses, use IPV4_ONLY. To assign both IPv4 and IPv6 addresses, use IPV4_IPV6. If not specified, IPV4_ONLY is used. This field can be both set at instance creation and update network interface operations.",
           "enum": [
             "IPV4_IPV6",
             "IPV4_ONLY"
@@ -50970,6 +54593,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -50988,6 +54612,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -50999,6 +54653,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -51205,6 +54860,7 @@
       "id": "NetworksGetEffectiveFirewallsResponseEffectiveFirewallPolicy",
       "properties": {
         "displayName": {
+          "deprecated": true,
           "description": "[Output Only] Deprecated, please use short name instead. The display name of the firewall policy.",
           "type": "string"
         },
@@ -51406,6 +55062,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -51424,6 +55081,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -51435,6 +55122,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -51558,6 +55246,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -51576,6 +55265,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -51587,6 +55306,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -51809,6 +55529,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -51827,6 +55548,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -51838,6 +55589,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -51911,6 +55663,291 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
+                "MISSING_TYPE_DEPENDENCY",
+                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+                "NEXT_HOP_CANNOT_IP_FORWARD",
+                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+                "NEXT_HOP_INSTANCE_NOT_FOUND",
+                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+                "NEXT_HOP_NOT_RUNNING",
+                "NOT_CRITICAL_ERROR",
+                "NO_RESULTS_ON_PAGE",
+                "PARTIAL_SUCCESS",
+                "REQUIRED_TOS_AGREEMENT",
+                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+                "RESOURCE_NOT_DELETED",
+                "SCHEMA_VALIDATION_IGNORED",
+                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+                "UNDECLARED_PROPERTIES",
+                "UNREACHABLE"
+              ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
+              "enumDescriptions": [
+                "Warning about failed cleanup of transient changes made by a failed operation.",
+                "A link to a deprecated resource was created.",
+                "When deploying and at least one of the resources has a type marked as deprecated",
+                "The user created a boot disk that is larger than image size.",
+                "When deploying and at least one of the resources has a type marked as experimental",
+                "Warning that is present in an external api call",
+                "Warning that value of a field has been overridden. Deprecated unused field.",
+                "The operation involved use of an injected kernel, which is deprecated.",
+                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+                "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+                "A resource depends on a missing type",
+                "The route's nextHopIp address is not assigned to an instance on the network.",
+                "The route's next hop instance cannot ip forward.",
+                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+                "The route's nextHopInstance URL refers to an instance that does not exist.",
+                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+                "The route's next hop instance does not have a status of RUNNING.",
+                "Error which is not critical. We decided to continue the process despite the mentioned error.",
+                "No results are present on a particular list page.",
+                "Success is reported, but some results may be missing due to errors",
+                "The user attempted to use a resource that requires a TOS they have not accepted.",
+                "Warning that a resource is in use.",
+                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
+                "When a resource schema validation is ignored.",
+                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+                "When undeclared properties in the schema are present",
+                "A given scope cannot be reached."
+              ],
+              "type": "string"
+            },
+            "data": {
+              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+              "items": {
+                "properties": {
+                  "key": {
+                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+                    "type": "string"
+                  },
+                  "value": {
+                    "description": "[Output Only] A warning data value corresponding to the key.",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "array"
+            },
+            "message": {
+              "description": "[Output Only] A human-readable description of the warning code.",
+              "type": "string"
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "NodeGroupsSetNodeTemplateRequest": {
+      "id": "NodeGroupsSetNodeTemplateRequest",
+      "properties": {
+        "nodeTemplate": {
+          "description": "Full or partial URL of the node template resource to be updated for this node group.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "NodeGroupsSimulateMaintenanceEventRequest": {
+      "id": "NodeGroupsSimulateMaintenanceEventRequest",
+      "properties": {
+        "nodes": {
+          "description": "Names of the nodes to go under maintenance simulation.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "NodeTemplate": {
+      "description": "Represent a sole-tenant Node Template resource. You can use a template to define properties for nodes in a node group. For more information, read Creating node groups and instances.",
+      "id": "NodeTemplate",
+      "properties": {
+        "accelerators": {
+          "items": {
+            "$ref": "AcceleratorConfig"
+          },
+          "type": "array"
+        },
+        "cpuOvercommitType": {
+          "description": "CPU overcommit.",
+          "enum": [
+            "CPU_OVERCOMMIT_TYPE_UNSPECIFIED",
+            "ENABLED",
+            "NONE"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "creationTimestamp": {
+          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
+          "type": "string"
+        },
+        "description": {
+          "description": "An optional description of this resource. Provide this property when you create the resource.",
+          "type": "string"
+        },
+        "disks": {
+          "items": {
+            "$ref": "LocalDisk"
+          },
+          "type": "array"
+        },
+        "id": {
+          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+          "format": "uint64",
+          "type": "string"
+        },
+        "kind": {
+          "default": "compute#nodeTemplate",
+          "description": "[Output Only] The type of the resource. Always compute#nodeTemplate for node templates.",
+          "type": "string"
+        },
+        "name": {
+          "description": "The name of the resource, provided by the client when initially creating the resource. The resource name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+          "type": "string"
+        },
+        "nodeAffinityLabels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Labels to use for node affinity, which will be used in instance scheduling.",
+          "type": "object"
+        },
+        "nodeType": {
+          "description": "The node type to use for nodes group that are created from this template.",
+          "type": "string"
+        },
+        "nodeTypeFlexibility": {
+          "$ref": "NodeTemplateNodeTypeFlexibility",
+          "description": "Do not use. Instead, use the node_type property."
+        },
+        "region": {
+          "description": "[Output Only] The name of the region where the node template resides, such as us-central1.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for the resource.",
+          "type": "string"
+        },
+        "serverBinding": {
+          "$ref": "ServerBinding",
+          "description": "Sets the binding properties for the physical server. Valid values include: - *[Default]* RESTART_NODE_ON_ANY_SERVER: Restarts VMs on any available physical server - RESTART_NODE_ON_MINIMAL_SERVER: Restarts VMs on the same physical server whenever possible See Sole-tenant node options for more information."
+        },
+        "status": {
+          "description": "[Output Only] The status of the node template. One of the following values: CREATING, READY, and DELETING.",
+          "enum": [
+            "CREATING",
+            "DELETING",
+            "INVALID",
+            "READY"
+          ],
+          "enumDescriptions": [
+            "Resources are being allocated.",
+            "The node template is currently being deleted.",
+            "Invalid status.",
+            "The node template is ready."
+          ],
+          "type": "string"
+        },
+        "statusMessage": {
+          "description": "[Output Only] An optional, human-readable explanation of the status.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "NodeTemplateAggregatedList": {
+      "id": "NodeTemplateAggregatedList",
+      "properties": {
+        "id": {
+          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
+          "type": "string"
+        },
+        "items": {
+          "additionalProperties": {
+            "$ref": "NodeTemplatesScopedList",
+            "description": "[Output Only] Name of the scope containing this set of node templates."
+          },
+          "description": "A list of NodeTemplatesScopedList resources.",
+          "type": "object"
+        },
+        "kind": {
+          "default": "compute#nodeTemplateAggregatedList",
+          "description": "[Output Only] Type of resource.Always compute#nodeTemplateAggregatedList for aggregated lists of node templates.",
+          "type": "string"
+        },
+        "nextPageToken": {
+          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+          "type": "string"
+        },
+        "selfLink": {
+          "description": "[Output Only] Server-defined URL for this resource.",
+          "type": "string"
+        },
+        "unreachables": {
+          "description": "[Output Only] Unreachable resources.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "warning": {
+          "description": "[Output Only] Informational warning message.",
+          "properties": {
+            "code": {
+              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+              "enum": [
+                "CLEANUP_FAILED",
+                "DEPRECATED_RESOURCE_USED",
+                "DEPRECATED_TYPE_USED",
+                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+                "EXPERIMENTAL_TYPE_USED",
+                "EXTERNAL_API_WARNING",
+                "FIELD_VALUE_OVERRIDEN",
+                "INJECTED_KERNELS_DEPRECATED",
+                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+                "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -51929,244 +55966,35 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
-              "enumDescriptions": [
-                "Warning about failed cleanup of transient changes made by a failed operation.",
-                "A link to a deprecated resource was created.",
-                "When deploying and at least one of the resources has a type marked as deprecated",
-                "The user created a boot disk that is larger than image size.",
-                "When deploying and at least one of the resources has a type marked as experimental",
-                "Warning that is present in an external api call",
-                "Warning that value of a field has been overridden. Deprecated unused field.",
-                "The operation involved use of an injected kernel, which is deprecated.",
-                "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
-                "When deploying a deployment with a exceedingly large number of resources",
-                "A resource depends on a missing type",
-                "The route's nextHopIp address is not assigned to an instance on the network.",
-                "The route's next hop instance cannot ip forward.",
-                "The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
-                "The route's nextHopInstance URL refers to an instance that does not exist.",
-                "The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
-                "The route's next hop instance does not have a status of RUNNING.",
-                "Error which is not critical. We decided to continue the process despite the mentioned error.",
-                "No results are present on a particular list page.",
-                "Success is reported, but some results may be missing due to errors",
-                "The user attempted to use a resource that requires a TOS they have not accepted.",
-                "Warning that a resource is in use.",
-                "One or more of the resources set to auto-delete could not be deleted because they were in use.",
-                "When a resource schema validation is ignored.",
-                "Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
-                "When undeclared properties in the schema are present",
-                "A given scope cannot be reached."
-              ],
-              "type": "string"
-            },
-            "data": {
-              "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
-              "items": {
-                "properties": {
-                  "key": {
-                    "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
-                    "type": "string"
-                  },
-                  "value": {
-                    "description": "[Output Only] A warning data value corresponding to the key.",
-                    "type": "string"
-                  }
-                },
-                "type": "object"
-              },
-              "type": "array"
-            },
-            "message": {
-              "description": "[Output Only] A human-readable description of the warning code.",
-              "type": "string"
-            }
-          },
-          "type": "object"
-        }
-      },
-      "type": "object"
-    },
-    "NodeGroupsSetNodeTemplateRequest": {
-      "id": "NodeGroupsSetNodeTemplateRequest",
-      "properties": {
-        "nodeTemplate": {
-          "description": "Full or partial URL of the node template resource to be updated for this node group.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "NodeTemplate": {
-      "description": "Represent a sole-tenant Node Template resource. You can use a template to define properties for nodes in a node group. For more information, read Creating node groups and instances.",
-      "id": "NodeTemplate",
-      "properties": {
-        "accelerators": {
-          "items": {
-            "$ref": "AcceleratorConfig"
-          },
-          "type": "array"
-        },
-        "cpuOvercommitType": {
-          "description": "CPU overcommit.",
-          "enum": [
-            "CPU_OVERCOMMIT_TYPE_UNSPECIFIED",
-            "ENABLED",
-            "NONE"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "creationTimestamp": {
-          "description": "[Output Only] Creation timestamp in RFC3339 text format.",
-          "type": "string"
-        },
-        "description": {
-          "description": "An optional description of this resource. Provide this property when you create the resource.",
-          "type": "string"
-        },
-        "disks": {
-          "items": {
-            "$ref": "LocalDisk"
-          },
-          "type": "array"
-        },
-        "id": {
-          "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
-          "format": "uint64",
-          "type": "string"
-        },
-        "kind": {
-          "default": "compute#nodeTemplate",
-          "description": "[Output Only] The type of the resource. Always compute#nodeTemplate for node templates.",
-          "type": "string"
-        },
-        "name": {
-          "description": "The name of the resource, provided by the client when initially creating the resource. The resource name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
-          "type": "string"
-        },
-        "nodeAffinityLabels": {
-          "additionalProperties": {
-            "type": "string"
-          },
-          "description": "Labels to use for node affinity, which will be used in instance scheduling.",
-          "type": "object"
-        },
-        "nodeType": {
-          "description": "The node type to use for nodes group that are created from this template.",
-          "type": "string"
-        },
-        "nodeTypeFlexibility": {
-          "$ref": "NodeTemplateNodeTypeFlexibility",
-          "description": "The flexible properties of the desired node type. Node groups that use this node template will create nodes of a type that matches these properties. This field is mutually exclusive with the node_type property; you can only define one or the other, but not both."
-        },
-        "region": {
-          "description": "[Output Only] The name of the region where the node template resides, such as us-central1.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for the resource.",
-          "type": "string"
-        },
-        "serverBinding": {
-          "$ref": "ServerBinding",
-          "description": "Sets the binding properties for the physical server. Valid values include: - *[Default]* RESTART_NODE_ON_ANY_SERVER: Restarts VMs on any available physical server - RESTART_NODE_ON_MINIMAL_SERVER: Restarts VMs on the same physical server whenever possible See Sole-tenant node options for more information."
-        },
-        "status": {
-          "description": "[Output Only] The status of the node template. One of the following values: CREATING, READY, and DELETING.",
-          "enum": [
-            "CREATING",
-            "DELETING",
-            "INVALID",
-            "READY"
-          ],
-          "enumDescriptions": [
-            "Resources are being allocated.",
-            "The node template is currently being deleted.",
-            "Invalid status.",
-            "The node template is ready."
-          ],
-          "type": "string"
-        },
-        "statusMessage": {
-          "description": "[Output Only] An optional, human-readable explanation of the status.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
-    "NodeTemplateAggregatedList": {
-      "id": "NodeTemplateAggregatedList",
-      "properties": {
-        "id": {
-          "description": "[Output Only] Unique identifier for the resource; defined by the server.",
-          "type": "string"
-        },
-        "items": {
-          "additionalProperties": {
-            "$ref": "NodeTemplatesScopedList",
-            "description": "[Output Only] Name of the scope containing this set of node templates."
-          },
-          "description": "A list of NodeTemplatesScopedList resources.",
-          "type": "object"
-        },
-        "kind": {
-          "default": "compute#nodeTemplateAggregatedList",
-          "description": "[Output Only] Type of resource.Always compute#nodeTemplateAggregatedList for aggregated lists of node templates.",
-          "type": "string"
-        },
-        "nextPageToken": {
-          "description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
-          "type": "string"
-        },
-        "selfLink": {
-          "description": "[Output Only] Server-defined URL for this resource.",
-          "type": "string"
-        },
-        "unreachables": {
-          "description": "[Output Only] Unreachable resources.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "warning": {
-          "description": "[Output Only] Informational warning message.",
-          "properties": {
-            "code": {
-              "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
-              "enum": [
-                "CLEANUP_FAILED",
-                "DEPRECATED_RESOURCE_USED",
-                "DEPRECATED_TYPE_USED",
-                "DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
-                "EXPERIMENTAL_TYPE_USED",
-                "EXTERNAL_API_WARNING",
-                "FIELD_VALUE_OVERRIDEN",
-                "INJECTED_KERNELS_DEPRECATED",
-                "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
-                "LARGE_DEPLOYMENT_WARNING",
-                "MISSING_TYPE_DEPENDENCY",
-                "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
-                "NEXT_HOP_CANNOT_IP_FORWARD",
-                "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
-                "NEXT_HOP_INSTANCE_NOT_FOUND",
-                "NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
-                "NEXT_HOP_NOT_RUNNING",
-                "NOT_CRITICAL_ERROR",
-                "NO_RESULTS_ON_PAGE",
-                "PARTIAL_SUCCESS",
-                "REQUIRED_TOS_AGREEMENT",
-                "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
-                "RESOURCE_NOT_DELETED",
-                "SCHEMA_VALIDATION_IGNORED",
-                "SINGLE_INSTANCE_PROPERTY_TEMPLATE",
-                "UNDECLARED_PROPERTIES",
-                "UNREACHABLE"
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
               ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
@@ -52179,6 +56007,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -52270,6 +56099,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -52288,6 +56118,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -52299,6 +56159,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -52387,6 +56248,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -52405,6 +56267,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -52416,6 +56308,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -52575,6 +56468,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -52593,6 +56487,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -52604,6 +56528,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -52695,6 +56620,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -52713,6 +56639,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -52724,6 +56680,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -52797,6 +56754,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -52815,6 +56773,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -52826,6 +56814,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -52986,6 +56975,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -53004,6 +56994,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -53015,6 +57035,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -53230,6 +57251,7 @@
                   "INJECTED_KERNELS_DEPRECATED",
                   "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                   "LARGE_DEPLOYMENT_WARNING",
+                  "LIST_OVERHEAD_QUOTA_EXCEED",
                   "MISSING_TYPE_DEPENDENCY",
                   "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                   "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -53248,6 +57270,36 @@
                   "UNDECLARED_PROPERTIES",
                   "UNREACHABLE"
                 ],
+                "enumDeprecated": [
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  true,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false
+                ],
                 "enumDescriptions": [
                   "Warning about failed cleanup of transient changes made by a failed operation.",
                   "A link to a deprecated resource was created.",
@@ -53259,6 +57311,7 @@
                   "The operation involved use of an injected kernel, which is deprecated.",
                   "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                   "When deploying a deployment with a exceedingly large number of resources",
+                  "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                   "A resource depends on a missing type",
                   "The route's nextHopIp address is not assigned to an instance on the network.",
                   "The route's next hop instance cannot ip forward.",
@@ -53363,6 +57416,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -53381,6 +57435,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -53392,6 +57476,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -53483,6 +57568,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -53501,6 +57587,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -53512,6 +57628,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -53585,6 +57702,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -53603,6 +57721,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -53614,6 +57762,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -53667,54 +57816,54 @@
       "properties": {
         "baseEjectionTime": {
           "$ref": "Duration",
-          "description": "The base time that a host is ejected for. The real ejection time is equal to the base ejection time multiplied by the number of times the host has been ejected. Defaults to 30000ms or 30s."
+          "description": "The base time that a backend endpoint is ejected for. Defaults to 30000ms or 30s. After a backend endpoint is returned back to the load balancing pool, it can be ejected again in another ejection analysis. Thus, the total ejection time is equal to the base ejection time multiplied by the number of times the backend endpoint has been ejected. Defaults to 30000ms or 30s."
         },
         "consecutiveErrors": {
-          "description": "Number of errors before a host is ejected from the connection pool. When the backend host is accessed over HTTP, a 5xx return code qualifies as an error. Defaults to 5. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.",
+          "description": "Number of consecutive errors before a backend endpoint is ejected from the load balancing pool. When the backend endpoint is accessed over HTTP, a 5xx return code qualifies as an error. Defaults to 5.",
           "format": "int32",
           "type": "integer"
         },
         "consecutiveGatewayFailure": {
-          "description": "The number of consecutive gateway failures (502, 503, 504 status or connection errors that are mapped to one of those status codes) before a consecutive gateway failure ejection occurs. Defaults to 3. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.",
+          "description": "The number of consecutive gateway failures (502, 503, 504 status or connection errors that are mapped to one of those status codes) before a consecutive gateway failure ejection occurs. Defaults to 3.",
           "format": "int32",
           "type": "integer"
         },
         "enforcingConsecutiveErrors": {
-          "description": "The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 0. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.",
+          "description": "The percentage chance that a backend endpoint will be ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 0.",
           "format": "int32",
           "type": "integer"
         },
         "enforcingConsecutiveGatewayFailure": {
-          "description": "The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive gateway failures. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.",
+          "description": "The percentage chance that a backend endpoint will be ejected when an outlier status is detected through consecutive gateway failures. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.",
           "format": "int32",
           "type": "integer"
         },
         "enforcingSuccessRate": {
-          "description": "The percentage chance that a host will be actually ejected when an outlier status is detected through success rate statistics. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.",
+          "description": "The percentage chance that a backend endpoint will be ejected when an outlier status is detected through success rate statistics. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100. Not supported when the backend service uses Serverless NEG.",
           "format": "int32",
           "type": "integer"
         },
         "interval": {
           "$ref": "Duration",
-          "description": "Time interval between ejection analysis sweeps. This can result in both new ejections as well as hosts being returned to service. Defaults to 1 second."
+          "description": "Time interval between ejection analysis sweeps. This can result in both new ejections and backend endpoints being returned to service. The interval is equal to the number of seconds as defined in outlierDetection.interval.seconds plus the number of nanoseconds as defined in outlierDetection.interval.nanos. Defaults to 1 second."
         },
         "maxEjectionPercent": {
-          "description": "Maximum percentage of hosts in the load balancing pool for the backend service that can be ejected. Defaults to 50%.",
+          "description": "Maximum percentage of backend endpoints in the load balancing pool for the backend service that can be ejected if the ejection conditions are met. Defaults to 50%.",
           "format": "int32",
           "type": "integer"
         },
         "successRateMinimumHosts": {
-          "description": "The number of hosts in a cluster that must have enough request volume to detect success rate outliers. If the number of hosts is less than this setting, outlier detection via success rate statistics is not performed for any host in the cluster. Defaults to 5.",
+          "description": "The number of backend endpoints in the load balancing pool that must have enough request volume to detect success rate outliers. If the number of backend endpoints is fewer than this setting, outlier detection via success rate statistics is not performed for any backend endpoint in the load balancing pool. Defaults to 5. Not supported when the backend service uses Serverless NEG.",
           "format": "int32",
           "type": "integer"
         },
         "successRateRequestVolume": {
-          "description": "The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to include this host in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that host. Defaults to 100.",
+          "description": "The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to include this backend endpoint in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that backend endpoint. Defaults to 100. Not supported when the backend service uses Serverless NEG.",
           "format": "int32",
           "type": "integer"
         },
         "successRateStdevFactor": {
-          "description": "This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided by a thousand to get a double. That is, if the desired factor is 1.9, the runtime value should be 1900. Defaults to 1900.",
+          "description": "This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (stdev * successRateStdevFactor). This factor is divided by a thousand to get a double. That is, if the desired factor is 1.9, the runtime value should be 1900. Defaults to 1900. Not supported when the backend service uses Serverless NEG.",
           "format": "int32",
           "type": "integer"
         }
@@ -53913,6 +58062,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -53931,6 +58081,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -53942,6 +58122,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -54081,6 +58262,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -54099,6 +58281,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -54110,6 +58322,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -54252,6 +58465,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -54270,6 +58484,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -54281,6 +58525,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -54734,7 +58979,7 @@
           "type": "string"
         },
         "dnsVerificationIp": {
-          "description": "The IPv4 address to be used for reverse DNS verification.",
+          "description": "The address to be used for reverse DNS verification.",
           "type": "string"
         },
         "fingerprint": {
@@ -54748,7 +58993,7 @@
           "type": "string"
         },
         "ipCidrRange": {
-          "description": "The IPv4 address range, in CIDR format, represented by this public advertised prefix.",
+          "description": "The address range, in CIDR format, represented by this public advertised prefix.",
           "type": "string"
         },
         "kind": {
@@ -54849,6 +59094,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -54867,6 +59113,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -54878,6 +59154,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -54975,7 +59252,7 @@
           "type": "string"
         },
         "ipCidrRange": {
-          "description": "The IPv4 address range, in CIDR format, represented by this public delegated prefix.",
+          "description": "The IP address range, in CIDR format, represented by this public delegated prefix.",
           "type": "string"
         },
         "isLiveMigration": {
@@ -55086,6 +59363,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -55104,6 +59382,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -55115,6 +59423,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -55205,6 +59514,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -55223,6 +59533,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -55234,6 +59574,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -55294,7 +59635,7 @@
           "type": "string"
         },
         "ipCidrRange": {
-          "description": "The IPv4 address range, in CIDR format, represented by this sub public delegated prefix.",
+          "description": "The IP address range, in CIDR format, represented by this sub public delegated prefix.",
           "type": "string"
         },
         "isAddress": {
@@ -55350,6 +59691,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -55368,6 +59710,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -55379,6 +59751,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -55463,6 +59836,7 @@
             "COMMITTED_NVIDIA_A100_80GB_GPUS",
             "COMMITTED_NVIDIA_A100_GPUS",
             "COMMITTED_NVIDIA_K80_GPUS",
+            "COMMITTED_NVIDIA_L4_GPUS",
             "COMMITTED_NVIDIA_P100_GPUS",
             "COMMITTED_NVIDIA_P4_GPUS",
             "COMMITTED_NVIDIA_T4_GPUS",
@@ -55514,11 +59888,15 @@
             "NETWORK_ATTACHMENTS",
             "NETWORK_ENDPOINT_GROUPS",
             "NETWORK_FIREWALL_POLICIES",
+            "NET_LB_SECURITY_POLICIES_PER_REGION",
+            "NET_LB_SECURITY_POLICY_RULES_PER_REGION",
+            "NET_LB_SECURITY_POLICY_RULE_ATTRIBUTES_PER_REGION",
             "NODE_GROUPS",
             "NODE_TEMPLATES",
             "NVIDIA_A100_80GB_GPUS",
             "NVIDIA_A100_GPUS",
             "NVIDIA_K80_GPUS",
+            "NVIDIA_L4_GPUS",
             "NVIDIA_P100_GPUS",
             "NVIDIA_P100_VWS_GPUS",
             "NVIDIA_P4_GPUS",
@@ -55533,6 +59911,7 @@
             "PREEMPTIBLE_NVIDIA_A100_80GB_GPUS",
             "PREEMPTIBLE_NVIDIA_A100_GPUS",
             "PREEMPTIBLE_NVIDIA_K80_GPUS",
+            "PREEMPTIBLE_NVIDIA_L4_GPUS",
             "PREEMPTIBLE_NVIDIA_P100_GPUS",
             "PREEMPTIBLE_NVIDIA_P100_VWS_GPUS",
             "PREEMPTIBLE_NVIDIA_P4_GPUS",
@@ -55556,6 +59935,7 @@
             "ROUTES",
             "SECURITY_POLICIES",
             "SECURITY_POLICIES_PER_REGION",
+            "SECURITY_POLICY_ADVANCED_RULES_PER_REGION",
             "SECURITY_POLICY_CEVAL_RULES",
             "SECURITY_POLICY_RULES",
             "SECURITY_POLICY_RULES_PER_REGION",
@@ -55613,7 +59993,14 @@
             "",
             "",
             "",
-            "Guest CPUs",
+            "",
+            "Guest CPUs",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
             "",
             "",
             "",
@@ -55750,6 +60137,11 @@
           "description": "The map holding related quota dimensions.",
           "type": "object"
         },
+        "futureLimit": {
+          "description": "Future quota limit being rolled out. The limit's unit depends on the quota type or metric.",
+          "format": "double",
+          "type": "number"
+        },
         "limit": {
           "description": "Current effective quota limit. The limit's unit depends on the quota type or metric.",
           "format": "double",
@@ -55762,6 +60154,18 @@
         "metricName": {
           "description": "The Compute Engine quota metric name.",
           "type": "string"
+        },
+        "rolloutStatus": {
+          "description": "Rollout status of the future quota limit.",
+          "enum": [
+            "IN_PROGRESS",
+            "ROLLOUT_STATUS_UNSPECIFIED"
+          ],
+          "enumDescriptions": [
+            "IN_PROGRESS - A rollout is in process which will change the limit value to future limit.",
+            "ROLLOUT_STATUS_UNSPECIFIED - Rollout status is not specified. The default value."
+          ],
+          "type": "string"
         }
       },
       "type": "object"
@@ -55857,6 +60261,20 @@
       },
       "type": "object"
     },
+    "RegionAddressesMoveRequest": {
+      "id": "RegionAddressesMoveRequest",
+      "properties": {
+        "description": {
+          "description": "An optional destination address description if intended to be different from the source.",
+          "type": "string"
+        },
+        "destinationAddress": {
+          "description": "The URL of the destination address to move to. This can be a full or partial URL. For example, the following are all valid URLs to a address: - https://www.googleapis.com/compute/v1/projects/project/regions/region /addresses/address - projects/project/regions/region/addresses/address Note that destination project must be different from the source project. So /regions/region/addresses/address is not valid partial url.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "RegionAutoscalerList": {
       "description": "Contains a list of autoscalers.",
       "id": "RegionAutoscalerList",
@@ -55901,6 +60319,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -55919,6 +60338,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -55930,6 +60379,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -56020,6 +60470,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -56038,6 +60489,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -56049,6 +60530,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -56133,6 +60615,16 @@
       },
       "type": "object"
     },
+    "RegionDisksStartAsyncReplicationRequest": {
+      "id": "RegionDisksStartAsyncReplicationRequest",
+      "properties": {
+        "asyncSecondaryDisk": {
+          "description": "The secondary disk to start asynchronous replication to. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - https://www.googleapis.com/compute/v1/projects/project/regions/region /disks/disk - projects/project/zones/zone/disks/disk - projects/project/regions/region/disks/disk - zones/zone/disks/disk - regions/region/disks/disk ",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "RegionInstanceGroupList": {
       "description": "Contains a list of InstanceGroup resources.",
       "id": "RegionInstanceGroupList",
@@ -56177,6 +60669,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -56195,6 +60688,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -56206,6 +60729,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -56311,6 +60835,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -56329,6 +60854,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -56340,6 +60895,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -56444,7 +61000,7 @@
           "type": "array"
         },
         "minimalAction": {
-          "description": "The minimal action that you want to perform on each instance during the update: - REPLACE: At minimum, delete the instance and create it again. - RESTART: Stop the instance and start it again. - REFRESH: Do not stop the instance. - NONE: Do not disrupt the instance at all. By default, the minimum action is NONE. If your update requires a more disruptive action than you set with this flag, the necessary action is performed to execute the update.",
+          "description": "The minimal action that you want to perform on each instance during the update: - REPLACE: At minimum, delete the instance and create it again. - RESTART: Stop the instance and start it again. - REFRESH: Do not stop the instance and limit disruption as much as possible. - NONE: Do not disrupt the instance at all. By default, the minimum action is NONE. If your update requires a more disruptive action than you set with this flag, the necessary action is performed to execute the update.",
           "enum": [
             "NONE",
             "REFRESH",
@@ -56453,14 +61009,14 @@
           ],
           "enumDescriptions": [
             "Do not perform any action.",
-            "Updates applied in runtime, instances will not be disrupted.",
-            "Old instances will be deleted. New instances will be created from the target template.",
-            "Every instance will be restarted."
+            "Do not stop the instance.",
+            "(Default.) Replace the instance according to the replacement method option.",
+            "Stop the instance and start it again."
           ],
           "type": "string"
         },
         "mostDisruptiveAllowedAction": {
-          "description": "The most disruptive action that you want to perform on each instance during the update: - REPLACE: Delete the instance and create it again. - RESTART: Stop the instance and start it again. - REFRESH: Do not stop the instance. - NONE: Do not disrupt the instance at all. By default, the most disruptive allowed action is REPLACE. If your update requires a more disruptive action than you set with this flag, the update request will fail.",
+          "description": "The most disruptive action that you want to perform on each instance during the update: - REPLACE: Delete the instance and create it again. - RESTART: Stop the instance and start it again. - REFRESH: Do not stop the instance and limit disruption as much as possible. - NONE: Do not disrupt the instance at all. By default, the most disruptive allowed action is REPLACE. If your update requires a more disruptive action than you set with this flag, the update request will fail.",
           "enum": [
             "NONE",
             "REFRESH",
@@ -56469,9 +61025,9 @@
           ],
           "enumDescriptions": [
             "Do not perform any action.",
-            "Updates applied in runtime, instances will not be disrupted.",
-            "Old instances will be deleted. New instances will be created from the target template.",
-            "Every instance will be restarted."
+            "Do not stop the instance.",
+            "(Default.) Replace the instance according to the replacement method option.",
+            "Stop the instance and start it again."
           ],
           "type": "string"
         }
@@ -56556,6 +61112,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -56574,6 +61131,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -56585,6 +61172,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -56733,6 +61321,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -56751,6 +61340,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -56762,6 +61381,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -56894,6 +61514,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -56912,6 +61533,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -56923,6 +61574,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -57279,6 +61931,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -57297,6 +61950,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -57308,6 +61991,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -57398,6 +62082,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -57416,6 +62101,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -57427,6 +62142,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -57511,6 +62227,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -57529,6 +62246,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -57540,6 +62287,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -57657,6 +62405,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -57675,6 +62424,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -57686,6 +62465,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -57744,6 +62524,10 @@
         "description": {
           "type": "string"
         },
+        "diskConsistencyGroupPolicy": {
+          "$ref": "ResourcePolicyDiskConsistencyGroupPolicy",
+          "description": "Resource policy for disk consistency groups."
+        },
         "groupPlacementPolicy": {
           "$ref": "ResourcePolicyGroupPlacementPolicy",
           "description": "Resource policy for instances for placement configuration."
@@ -57863,6 +62647,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -57881,6 +62666,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -57892,6 +62707,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -57959,6 +62775,12 @@
       },
       "type": "object"
     },
+    "ResourcePolicyDiskConsistencyGroupPolicy": {
+      "description": "Resource policy for disk consistency groups.",
+      "id": "ResourcePolicyDiskConsistencyGroupPolicy",
+      "properties": {},
+      "type": "object"
+    },
     "ResourcePolicyGroupPlacementPolicy": {
       "description": "A GroupPlacementPolicy specifies resource placement configuration. It specifies the failure bucket separation as well as network locality",
       "id": "ResourcePolicyGroupPlacementPolicy",
@@ -58021,7 +62843,7 @@
           "type": "string"
         },
         "timeZone": {
-          "description": "Specifies the time zone to be used in interpreting Schedule.schedule. The value of this field must be a time zone name from the tz database: http://en.wikipedia.org/wiki/Tz_database.",
+          "description": "Specifies the time zone to be used in interpreting Schedule.schedule. The value of this field must be a time zone name from the tz database: https://wikipedia.org/wiki/Tz_database.",
           "type": "string"
         },
         "vmStartSchedule": {
@@ -58092,6 +62914,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -58110,6 +62933,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -58121,6 +62974,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -58407,6 +63261,10 @@
           "description": "The URL to a gateway that should handle matching packets. You can only specify the internet gateway using a full or partial valid URL: projects/ project/global/gateways/default-internet-gateway",
           "type": "string"
         },
+        "nextHopHub": {
+          "description": "[Output Only] The full resource name of the Network Connectivity Center hub that will handle matching packets.",
+          "type": "string"
+        },
         "nextHopIlb": {
           "description": "The URL to a forwarding rule of type loadBalancingScheme=INTERNAL that should handle matching packets or the IP address of the forwarding Rule. For example, the following are all valid URLs: - 10.128.0.56 - https://www.googleapis.com/compute/v1/projects/project/regions/region /forwardingRules/forwardingRule - regions/region/forwardingRules/forwardingRule ",
           "type": "string"
@@ -58506,6 +63364,7 @@
                   "INJECTED_KERNELS_DEPRECATED",
                   "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                   "LARGE_DEPLOYMENT_WARNING",
+                  "LIST_OVERHEAD_QUOTA_EXCEED",
                   "MISSING_TYPE_DEPENDENCY",
                   "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                   "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -58524,6 +63383,36 @@
                   "UNDECLARED_PROPERTIES",
                   "UNREACHABLE"
                 ],
+                "enumDeprecated": [
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  true,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false
+                ],
                 "enumDescriptions": [
                   "Warning about failed cleanup of transient changes made by a failed operation.",
                   "A link to a deprecated resource was created.",
@@ -58535,6 +63424,7 @@
                   "The operation involved use of an injected kernel, which is deprecated.",
                   "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                   "When deploying a deployment with a exceedingly large number of resources",
+                  "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                   "A resource depends on a missing type",
                   "The route's nextHopIp address is not assigned to an instance on the network.",
                   "The route's next hop instance cannot ip forward.",
@@ -58658,6 +63548,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -58676,6 +63567,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -58687,6 +63608,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -58890,6 +63812,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -58908,6 +63831,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -58919,6 +63872,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -59030,7 +63984,7 @@
           "type": "string"
         },
         "advertisedGroups": {
-          "description": "User-specified list of prefix groups to advertise in custom mode, which can take one of the following options: - ALL_SUBNETS: Advertises all available subnets, including peer VPC subnets. - ALL_VPC_SUBNETS: Advertises the router's own VPC subnets. Note that this field can only be populated if advertise_mode is CUSTOM and overrides the list defined for the router (in the \"bgp\" message). These groups are advertised in addition to any specified prefixes. Leave this field blank to advertise no custom groups.",
+          "description": "User-specified list of prefix groups to advertise in custom mode, which currently supports the following option: - ALL_SUBNETS: Advertises all of the router's own VPC subnets. This excludes any routes learned for subnets that use VPC Network Peering. Note that this field can only be populated if advertise_mode is CUSTOM and overrides the list defined for the router (in the \"bgp\" message). These groups are advertised in addition to any specified prefixes. Leave this field blank to advertise no custom groups.",
           "items": {
             "enum": [
               "ALL_SUBNETS"
@@ -59058,6 +64012,18 @@
           "$ref": "RouterBgpPeerBfd",
           "description": "BFD configuration for the BGP peering."
         },
+        "customLearnedIpRanges": {
+          "description": "A list of user-defined custom learned route IP address ranges for a BGP session.",
+          "items": {
+            "$ref": "RouterBgpPeerCustomLearnedIpRange"
+          },
+          "type": "array"
+        },
+        "customLearnedRoutePriority": {
+          "description": "The user-defined custom learned route priority for a BGP session. This value is applied to all custom learned route ranges for the session. You can choose a value from `0` to `65335`. If you don't provide a value, Google Cloud assigns a priority of `100` to the ranges.",
+          "format": "int32",
+          "type": "integer"
+        },
         "enable": {
           "description": "The status of the BGP peer connection. If set to FALSE, any active session with the peer is terminated and all associated routing information is removed. If set to TRUE, the peer connection can be established with routing information. The default is TRUE.",
           "enum": [
@@ -59172,6 +64138,16 @@
       },
       "type": "object"
     },
+    "RouterBgpPeerCustomLearnedIpRange": {
+      "id": "RouterBgpPeerCustomLearnedIpRange",
+      "properties": {
+        "range": {
+          "description": "The custom learned route IP address range. Must be a valid CIDR-formatted prefix. If an IP address is provided without a subnet mask, it is interpreted as, for IPv4, a `/32` singular IP address range, and, for IPv6, `/128`.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "RouterInterface": {
       "id": "RouterInterface",
       "properties": {
@@ -59269,6 +64245,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -59287,6 +64264,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -59298,6 +64305,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -59374,6 +64382,22 @@
       "description": "Represents a Nat resource. It enables the VMs within the specified subnetworks to access Internet without external IP addresses. It specifies a list of subnetworks (and the ranges within) that want to use NAT. Customers can also provide the external IPs that would be used for NAT. GCP would auto-allocate ephemeral IPs if no external IPs are provided.",
       "id": "RouterNat",
       "properties": {
+        "autoNetworkTier": {
+          "description": "The network tier to use when automatically reserving IP addresses. Must be one of: PREMIUM, STANDARD. If not specified, PREMIUM tier will be used.",
+          "enum": [
+            "FIXED_STANDARD",
+            "PREMIUM",
+            "STANDARD",
+            "STANDARD_OVERRIDES_FIXED_STANDARD"
+          ],
+          "enumDescriptions": [
+            "Public internet quality with fixed bandwidth.",
+            "High quality, Google-grade network tier, support for all networking products.",
+            "Public internet quality, only limited support for other networking products.",
+            "(Output only) Temporary tier for FIXED_STANDARD when fixed standard tier is expired or not configured."
+          ],
+          "type": "string"
+        },
         "drainNatIps": {
           "description": "A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT. These IPs should be used for updating/patching a NAT only.",
           "items": {
@@ -59454,7 +64478,7 @@
           "type": "array"
         },
         "sourceSubnetworkIpRangesToNat": {
-          "description": "Specify the Nat option, which can take one of the following values: - ALL_SUBNETWORKS_ALL_IP_RANGES: All of the IP ranges in every Subnetwork are allowed to Nat. - ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES: All of the primary IP ranges in every Subnetwork are allowed to Nat. - LIST_OF_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below) The default is SUBNETWORK_IP_RANGE_TO_NAT_OPTION_UNSPECIFIED. Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES or ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any other Router.Nat section in any Router for this network in this region.",
+          "description": "Specify the Nat option, which can take one of the following values: - ALL_SUBNETWORKS_ALL_IP_RANGES: All of the IP ranges in every Subnetwork are allowed to Nat. - ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES: All of the primary IP ranges in every Subnetwork are allowed to Nat. - LIST_OF_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below) The default is SUBNETWORK_IP_RANGE_TO_NAT_OPTION_UNSPECIFIED. Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES then there should not be any other Router.Nat section in any Router for this network in this region.",
           "enum": [
             "ALL_SUBNETWORKS_ALL_IP_RANGES",
             "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES",
@@ -59880,6 +64904,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -59898,6 +64923,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -59909,6 +64964,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -60283,6 +65339,10 @@
           ],
           "type": "string"
         },
+        "localSsdRecoveryTimeout": {
+          "$ref": "Duration",
+          "description": "Specifies the maximum amount of time a Local Ssd Vm should wait while recovery of the Local Ssd state is attempted. Its value should be in between 0 and 168 hours with hour granularity and the default value being 1 hour."
+        },
         "locationHint": {
           "description": "An opaque location hint used to place the instance close to other resources. This field is for use by internal tools that use the public API.",
           "type": "string"
@@ -60432,6 +65492,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -60450,6 +65511,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -60461,6 +65552,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -60543,6 +65635,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -60561,6 +65654,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -60572,6 +65695,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -60664,6 +65788,18 @@
           "description": "[Output only] Type of the resource. Always compute#securityPolicyfor security policies",
           "type": "string"
         },
+        "labelFingerprint": {
+          "description": "A fingerprint for the labels being applied to this security policy, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels. To see the latest fingerprint, make get() request to the security policy.",
+          "format": "byte",
+          "type": "string"
+        },
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.",
+          "type": "object"
+        },
         "name": {
           "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
           "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
@@ -60716,15 +65852,15 @@
       "type": "object"
     },
     "SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfig": {
-      "description": "Configuration options for L7 DDoS detection.",
+      "description": "Configuration options for L7 DDoS detection. This field is only supported in Global Security Policies of type CLOUD_ARMOR.",
       "id": "SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfig",
       "properties": {
         "enable": {
-          "description": "If set to true, enables CAAP for L7 DDoS detection.",
+          "description": "If set to true, enables CAAP for L7 DDoS detection. This field is only supported in Global Security Policies of type CLOUD_ARMOR.",
           "type": "boolean"
         },
         "ruleVisibility": {
-          "description": "Rule visibility can be one of the following: STANDARD - opaque rules. (default) PREMIUM - transparent rules.",
+          "description": "Rule visibility can be one of the following: STANDARD - opaque rules. (default) PREMIUM - transparent rules. This field is only supported in Global Security Policies of type CLOUD_ARMOR.",
           "enum": [
             "PREMIUM",
             "STANDARD"
@@ -60839,6 +65975,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -60857,6 +65994,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -60868,6 +66035,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -60919,7 +66087,7 @@
       "id": "SecurityPolicyRecaptchaOptionsConfig",
       "properties": {
         "redirectSiteKey": {
-          "description": "An optional field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used.",
+          "description": "An optional field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used. This field is only supported in Global Security Policies of type CLOUD_ARMOR.",
           "type": "string"
         }
       },
@@ -60939,7 +66107,7 @@
       "id": "SecurityPolicyRule",
       "properties": {
         "action": {
-          "description": "The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for `STATUS` are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this. ",
+          "description": "The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for `STATUS` are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this. ",
           "type": "string"
         },
         "description": {
@@ -60948,7 +66116,7 @@
         },
         "headerAction": {
           "$ref": "SecurityPolicyRuleHttpHeaderAction",
-          "description": "Optional, additional actions that are performed on headers."
+          "description": "Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR."
         },
         "kind": {
           "default": "compute#securityPolicyRule",
@@ -60959,6 +66127,10 @@
           "$ref": "SecurityPolicyRuleMatcher",
           "description": "A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced."
         },
+        "preconfiguredWafConfig": {
+          "$ref": "SecurityPolicyRulePreconfiguredWafConfig",
+          "description": "Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect."
+        },
         "preview": {
           "description": "If set to true, the specified action is not enforced.",
           "type": "boolean"
@@ -60974,7 +66146,7 @@
         },
         "redirectOptions": {
           "$ref": "SecurityPolicyRuleRedirectOptions",
-          "description": "Parameters defining the redirect action. Cannot be specified for any other actions."
+          "description": "Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR."
         }
       },
       "type": "object"
@@ -61016,7 +66188,7 @@
         },
         "expr": {
           "$ref": "Expr",
-          "description": "User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header."
+          "description": "User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Expressions containing `evaluateThreatIntelligence` require Cloud Armor Managed Protection Plus tier and are not supported in Edge Policies nor in Regional Policies. Expressions containing `evaluatePreconfiguredExpr('sourceiplist-*')` require Cloud Armor Managed Protection Plus tier and are only supported in Global Security Policies."
         },
         "versionedExpr": {
           "description": "Preconfigured versioned expression. If this field is specified, config must also be specified. Available preconfigured expressions along with their requirements are: SRC_IPS_V1 - must specify the corresponding src_ip_range field in config.",
@@ -61044,6 +66216,92 @@
       },
       "type": "object"
     },
+    "SecurityPolicyRulePreconfiguredWafConfig": {
+      "id": "SecurityPolicyRulePreconfiguredWafConfig",
+      "properties": {
+        "exclusions": {
+          "description": "A list of exclusions to apply during preconfigured WAF evaluation.",
+          "items": {
+            "$ref": "SecurityPolicyRulePreconfiguredWafConfigExclusion"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPolicyRulePreconfiguredWafConfigExclusion": {
+      "id": "SecurityPolicyRulePreconfiguredWafConfigExclusion",
+      "properties": {
+        "requestCookiesToExclude": {
+          "description": "A list of request cookie names whose value will be excluded from inspection during preconfigured WAF evaluation.",
+          "items": {
+            "$ref": "SecurityPolicyRulePreconfiguredWafConfigExclusionFieldParams"
+          },
+          "type": "array"
+        },
+        "requestHeadersToExclude": {
+          "description": "A list of request header names whose value will be excluded from inspection during preconfigured WAF evaluation.",
+          "items": {
+            "$ref": "SecurityPolicyRulePreconfiguredWafConfigExclusionFieldParams"
+          },
+          "type": "array"
+        },
+        "requestQueryParamsToExclude": {
+          "description": "A list of request query parameter names whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body.",
+          "items": {
+            "$ref": "SecurityPolicyRulePreconfiguredWafConfigExclusionFieldParams"
+          },
+          "type": "array"
+        },
+        "requestUrisToExclude": {
+          "description": "A list of request URIs from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded.",
+          "items": {
+            "$ref": "SecurityPolicyRulePreconfiguredWafConfigExclusionFieldParams"
+          },
+          "type": "array"
+        },
+        "targetRuleIds": {
+          "description": "A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "targetRuleSet": {
+          "description": "Target WAF rule set to apply the preconfigured WAF exclusion.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "SecurityPolicyRulePreconfiguredWafConfigExclusionFieldParams": {
+      "id": "SecurityPolicyRulePreconfiguredWafConfigExclusionFieldParams",
+      "properties": {
+        "op": {
+          "description": "The match operator for the field.",
+          "enum": [
+            "CONTAINS",
+            "ENDS_WITH",
+            "EQUALS",
+            "EQUALS_ANY",
+            "STARTS_WITH"
+          ],
+          "enumDescriptions": [
+            "The operator matches if the field value contains the specified value.",
+            "The operator matches if the field value ends with the specified value.",
+            "The operator matches if the field value equals the specified value.",
+            "The operator matches if the field value is any value.",
+            "The operator matches if the field value starts with the specified value."
+          ],
+          "type": "string"
+        },
+        "val": {
+          "description": "The value of the field.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "SecurityPolicyRuleRateLimitOptions": {
       "id": "SecurityPolicyRuleRateLimitOptions",
       "properties": {
@@ -61084,17 +66342,24 @@
           ],
           "type": "string"
         },
+        "enforceOnKeyConfigs": {
+          "description": "If specified, any combination of values of enforce_on_key_type/enforce_on_key_name is treated as the key on which ratelimit threshold/action is enforced. You can specify up to 3 enforce_on_key_configs. If enforce_on_key_configs is specified, enforce_on_key must not be specified.",
+          "items": {
+            "$ref": "SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig"
+          },
+          "type": "array"
+        },
         "enforceOnKeyName": {
           "description": "Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.",
           "type": "string"
         },
         "exceedAction": {
-          "description": "Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are `deny(STATUS)`, where valid values for `STATUS` are 403, 404, 429, and 502, and `redirect`, where the redirect parameters come from `exceedRedirectOptions` below.",
+          "description": "Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are `deny(STATUS)`, where valid values for `STATUS` are 403, 404, 429, and 502, and `redirect`, where the redirect parameters come from `exceedRedirectOptions` below. The `redirect` action is only supported in Global Security Policies of type CLOUD_ARMOR.",
           "type": "string"
         },
         "exceedRedirectOptions": {
           "$ref": "SecurityPolicyRuleRedirectOptions",
-          "description": "Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect."
+          "description": "Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect. This field is only supported in Global Security Policies of type CLOUD_ARMOR."
         },
         "rateLimitThreshold": {
           "$ref": "SecurityPolicyRuleRateLimitOptionsThreshold",
@@ -61103,6 +66368,40 @@
       },
       "type": "object"
     },
+    "SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig": {
+      "id": "SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig",
+      "properties": {
+        "enforceOnKeyName": {
+          "description": "Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.",
+          "type": "string"
+        },
+        "enforceOnKeyType": {
+          "description": "Determines the key to enforce the rate_limit_threshold on. Possible values are: - ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if \"enforceOnKeyConfigs\" is not configured. - IP: The source IP address of the request is the key. Each IP has this limit enforced separately. - HTTP_HEADER: The value of the HTTP header whose name is configured under \"enforceOnKeyName\". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL. - XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP. - HTTP_COOKIE: The value of the HTTP cookie whose name is configured under \"enforceOnKeyName\". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL. - HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes. - SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session. - REGION_CODE: The country/region from which the request originates. ",
+          "enum": [
+            "ALL",
+            "HTTP_COOKIE",
+            "HTTP_HEADER",
+            "HTTP_PATH",
+            "IP",
+            "REGION_CODE",
+            "SNI",
+            "XFF_IP"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "SecurityPolicyRuleRateLimitOptionsThreshold": {
       "id": "SecurityPolicyRuleRateLimitOptionsThreshold",
       "properties": {
@@ -61146,11 +66445,11 @@
       "id": "SecuritySettings",
       "properties": {
         "clientTlsPolicy": {
-          "description": "Optional. A URL referring to a networksecurity.ClientTlsPolicy resource that describes how clients should authenticate with this service's backends. clientTlsPolicy only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED. If left blank, communications are not encrypted. Note: This field currently has no impact.",
+          "description": "Optional. A URL referring to a networksecurity.ClientTlsPolicy resource that describes how clients should authenticate with this service's backends. clientTlsPolicy only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED. If left blank, communications are not encrypted.",
           "type": "string"
         },
         "subjectAltNames": {
-          "description": "Optional. A list of Subject Alternative Names (SANs) that the client verifies during a mutual TLS handshake with an server/endpoint for this BackendService. When the server presents its X.509 certificate to the client, the client inspects the certificate's subjectAltName field. If the field contains one of the specified values, the communication continues. Otherwise, it fails. This additional check enables the client to verify that the server is authorized to run the requested service. Note that the contents of the server certificate's subjectAltName field are configured by the Public Key Infrastructure which provisions server identities. Only applies to a global BackendService with loadBalancingScheme set to INTERNAL_SELF_MANAGED. Only applies when BackendService has an attached clientTlsPolicy with clientCertificate (mTLS mode). Note: This field currently has no impact.",
+          "description": "Optional. A list of Subject Alternative Names (SANs) that the client verifies during a mutual TLS handshake with an server/endpoint for this BackendService. When the server presents its X.509 certificate to the client, the client inspects the certificate's subjectAltName field. If the field contains one of the specified values, the communication continues. Otherwise, it fails. This additional check enables the client to verify that the server is authorized to run the requested service. Note that the contents of the server certificate's subjectAltName field are configured by the Public Key Infrastructure which provisions server identities. Only applies to a global BackendService with loadBalancingScheme set to INTERNAL_SELF_MANAGED. Only applies when BackendService has an attached clientTlsPolicy with clientCertificate (mTLS mode).",
           "items": {
             "type": "string"
           },
@@ -61227,7 +66526,7 @@
       "type": "object"
     },
     "ServiceAttachment": {
-      "description": "Represents a ServiceAttachment resource. A service attachment represents a service that a producer has exposed. It encapsulates the load balancer which fronts the service runs and a list of NAT IP ranges that the producers uses to represent the consumers connecting to the service. next tag = 20",
+      "description": "Represents a ServiceAttachment resource. A service attachment represents a service that a producer has exposed. It encapsulates the load balancer which fronts the service runs and a list of NAT IP ranges that the producers uses to represent the consumers connecting to the service.",
       "id": "ServiceAttachment",
       "properties": {
         "connectedEndpoints": {
@@ -61317,6 +66616,7 @@
           "type": "array"
         },
         "producerForwardingRule": {
+          "deprecated": true,
           "description": "The URL of a forwarding rule with loadBalancingScheme INTERNAL* that is serving the endpoint identified by this service attachment.",
           "type": "string"
         },
@@ -61324,6 +66624,10 @@
           "$ref": "Uint128",
           "description": "[Output Only] An 128-bit global unique ID of the PSC service attachment."
         },
+        "reconcileConnections": {
+          "description": "This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. - If false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified . - If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list. For newly created service attachment, this boolean defaults to true.",
+          "type": "boolean"
+        },
         "region": {
           "description": "[Output Only] URL of the region where the service attachment resides. This field applies only to the region resource. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.",
           "type": "string"
@@ -61391,6 +66695,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -61409,6 +66714,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -61420,6 +66755,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -61471,6 +66807,10 @@
       "description": "[Output Only] A connection connected to this service attachment.",
       "id": "ServiceAttachmentConnectedEndpoint",
       "properties": {
+        "consumerNetwork": {
+          "description": "The url of the consumer network.",
+          "type": "string"
+        },
         "endpoint": {
           "description": "The url of a connected endpoint.",
           "type": "string"
@@ -61565,6 +66905,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -61583,6 +66924,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -61594,6 +66965,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -61667,6 +67039,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -61685,6 +67058,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -61696,6 +67099,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -61958,6 +67362,7 @@
         "name": {
           "annotations": {
             "required": [
+              "compute.disks.createSnapshot",
               "compute.snapshots.insert"
             ]
           },
@@ -62098,6 +67503,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -62116,6 +67522,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -62127,6 +67563,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -62420,6 +67857,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -62438,6 +67876,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -62449,6 +67917,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -62540,6 +68009,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -62558,6 +68028,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -62569,6 +68069,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -62716,6 +68217,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -62734,6 +68236,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -62745,6 +68277,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -62846,6 +68379,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -62864,6 +68398,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -62875,6 +68439,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -62965,6 +68530,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -62983,6 +68549,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -62994,6 +68590,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -63079,6 +68676,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -63097,6 +68695,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -63108,6 +68736,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -63256,6 +68885,7 @@
                   "INJECTED_KERNELS_DEPRECATED",
                   "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                   "LARGE_DEPLOYMENT_WARNING",
+                  "LIST_OVERHEAD_QUOTA_EXCEED",
                   "MISSING_TYPE_DEPENDENCY",
                   "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                   "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -63274,6 +68904,36 @@
                   "UNDECLARED_PROPERTIES",
                   "UNREACHABLE"
                 ],
+                "enumDeprecated": [
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  true,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false,
+                  false
+                ],
                 "enumDescriptions": [
                   "Warning about failed cleanup of transient changes made by a failed operation.",
                   "A link to a deprecated resource was created.",
@@ -63285,6 +68945,7 @@
                   "The operation involved use of an injected kernel, which is deprecated.",
                   "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                   "When deploying a deployment with a exceedingly large number of resources",
+                  "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                   "A resource depends on a missing type",
                   "The route's nextHopIp address is not assigned to an instance on the network.",
                   "The route's next hop instance cannot ip forward.",
@@ -63398,7 +69059,7 @@
           "type": "string"
         },
         "enableFlowLogs": {
-          "description": "Whether to enable flow logging for this subnetwork. If this field is not explicitly set, it will not appear in get listings. If not set the default behavior is determined by the org policy, if there is no org policy specified, then it will default to disabled. This field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER.",
+          "description": "Whether to enable flow logging for this subnetwork. If this field is not explicitly set, it will not appear in get listings. If not set the default behavior is determined by the org policy, if there is no org policy specified, then it will default to disabled. This field isn't supported if the subnet purpose field is set to REGIONAL_MANAGED_PROXY.",
           "type": "boolean"
         },
         "externalIpv6Prefix": {
@@ -63480,7 +69141,7 @@
           "type": "string"
         },
         "purpose": {
-          "description": "The purpose of the resource. This field can be either PRIVATE_RFC_1918 or INTERNAL_HTTPS_LOAD_BALANCER. A subnetwork with purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is reserved for Internal HTTP(S) Load Balancing. If unspecified, the purpose defaults to PRIVATE_RFC_1918. The enableFlowLogs field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER.",
+          "description": "The purpose of the resource. This field can be either PRIVATE, REGIONAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT, or INTERNAL_HTTPS_LOAD_BALANCER. PRIVATE is the default purpose for user-created subnets or subnets that are automatically created in auto mode networks. A subnet with purpose set to REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved for regional Envoy-based load balancers. A subnet with purpose set to PRIVATE_SERVICE_CONNECT is used to publish services using Private Service Connect. A subnet with purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a proxy-only subnet that can be used only by regional internal HTTP(S) load balancers. Note that REGIONAL_MANAGED_PROXY is the preferred setting for all regional Envoy load balancers. If unspecified, the subnet purpose defaults to PRIVATE. The enableFlowLogs field isn't supported if the subnet purpose field is set to REGIONAL_MANAGED_PROXY.",
           "enum": [
             "INTERNAL_HTTPS_LOAD_BALANCER",
             "PRIVATE",
@@ -63502,7 +69163,7 @@
           "type": "string"
         },
         "role": {
-          "description": "The role of subnetwork. Currently, this field is only used when purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently being used for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one that is ready to be promoted to ACTIVE or is currently draining. This field can be updated with a patch request.",
+          "description": "The role of subnetwork. Currently, this field is only used when purpose = REGIONAL_MANAGED_PROXY. The value can be set to ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently being used for Envoy-based load balancers in a region. A BACKUP subnetwork is one that is ready to be promoted to ACTIVE or is currently draining. This field can be updated with a patch request.",
           "enum": [
             "ACTIVE",
             "BACKUP"
@@ -63602,6 +69263,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -63620,6 +69282,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -63631,6 +69323,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -63722,6 +69415,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -63740,6 +69434,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -63751,6 +69475,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -63823,7 +69548,7 @@
           "type": "string"
         },
         "enable": {
-          "description": "Whether to enable flow logging for this subnetwork. If this field is not explicitly set, it will not appear in get listings. If not set the default behavior is determined by the org policy, if there is no org policy specified, then it will default to disabled.",
+          "description": "Whether to enable flow logging for this subnetwork. If this field is not explicitly set, it will not appear in get listings. If not set the default behavior is determined by the org policy, if there is no org policy specified, then it will default to disabled. Flow logging isn't supported if the subnet purpose field is set to REGIONAL_MANAGED_PROXY.",
           "type": "boolean"
         },
         "filterExpr": {
@@ -63910,6 +69635,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -63928,6 +69654,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -63939,6 +69695,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -64181,6 +69938,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -64199,6 +69957,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -64210,6 +69998,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -64283,6 +70072,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -64301,6 +70091,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -64312,6 +70132,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -64376,6 +70197,11 @@
           "format": "byte",
           "type": "string"
         },
+        "httpKeepAliveTimeoutSec": {
+          "description": "Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keep-alive is not specified, a default value (610 seconds) will be used. For Global external HTTP(S) load balancer, the minimum allowed value is 5 seconds and the maximum allowed value is 1200 seconds. For Global external HTTP(S) load balancer (classic), this option is not available publicly.",
+          "format": "int32",
+          "type": "integer"
+        },
         "id": {
           "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
           "format": "uint64",
@@ -64492,6 +70318,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -64510,6 +70337,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -64521,6 +70378,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -64594,6 +70452,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -64612,6 +70471,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -64623,6 +70512,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -64674,7 +70564,7 @@
       "id": "TargetHttpsProxiesSetCertificateMapRequest",
       "properties": {
         "certificateMap": {
-          "description": "URL of the Certificate Map to associate with this TargetHttpsProxy.",
+          "description": "URL of the Certificate Map to associate with this TargetHttpsProxy. Accepted format is //certificatemanager.googleapis.com/projects/{project }/locations/{location}/certificateMaps/{resourceName}.",
           "type": "string"
         }
       },
@@ -64722,7 +70612,7 @@
           "type": "string"
         },
         "certificateMap": {
-          "description": "URL of a certificate map that identifies a certificate map associated with the given target proxy. This field can only be set for global target proxies. If set, sslCertificates will be ignored.",
+          "description": "URL of a certificate map that identifies a certificate map associated with the given target proxy. This field can only be set for global target proxies. If set, sslCertificates will be ignored. Accepted format is //certificatemanager.googleapis.com/projects/{project }/locations/{location}/certificateMaps/{resourceName}.",
           "type": "string"
         },
         "creationTimestamp": {
@@ -64738,6 +70628,11 @@
           "format": "byte",
           "type": "string"
         },
+        "httpKeepAliveTimeoutSec": {
+          "description": "Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keep-alive is not specified, a default value (610 seconds) will be used. For Global external HTTP(S) load balancer, the minimum allowed value is 5 seconds and the maximum allowed value is 1200 seconds. For Global external HTTP(S) load balancer (classic), this option is not available publicly.",
+          "format": "int32",
+          "type": "integer"
+        },
         "id": {
           "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
           "format": "uint64",
@@ -64780,7 +70675,7 @@
           "type": "string"
         },
         "serverTlsPolicy": {
-          "description": "Optional. A URL referring to a networksecurity.ServerTlsPolicy resource that describes how the proxy should authenticate inbound traffic. serverTlsPolicy only applies to a global TargetHttpsProxy attached to globalForwardingRules with the loadBalancingScheme set to INTERNAL_SELF_MANAGED. If left blank, communications are not encrypted. Note: This field currently has no impact.",
+          "description": "Optional. A URL referring to a networksecurity.ServerTlsPolicy resource that describes how the proxy should authenticate inbound traffic. serverTlsPolicy only applies to a global TargetHttpsProxy attached to globalForwardingRules with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. For details which ServerTlsPolicy resources are accepted with INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted.",
           "type": "string"
         },
         "sslCertificates": {
@@ -64852,6 +70747,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -64870,6 +70766,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -64881,6 +70807,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -64972,6 +70899,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -64990,6 +70918,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -65001,6 +70959,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -65155,6 +71114,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -65173,6 +71133,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -65184,6 +71174,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -65275,6 +71266,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -65293,6 +71285,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -65304,6 +71326,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -65377,6 +71400,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -65395,6 +71419,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -65406,6 +71460,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -65589,6 +71644,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -65607,6 +71663,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -65618,6 +71704,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -65726,6 +71813,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -65744,6 +71832,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -65755,6 +71873,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -65880,6 +71999,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -65898,6 +72018,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -65909,6 +72059,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -65979,7 +72130,7 @@
       "id": "TargetSslProxiesSetCertificateMapRequest",
       "properties": {
         "certificateMap": {
-          "description": "URL of the Certificate Map to associate with this TargetSslProxy.",
+          "description": "URL of the Certificate Map to associate with this TargetSslProxy. Accepted format is //certificatemanager.googleapis.com/projects/{project }/locations/{location}/certificateMaps/{resourceName}.",
           "type": "string"
         }
       },
@@ -66021,7 +72172,7 @@
       "id": "TargetSslProxy",
       "properties": {
         "certificateMap": {
-          "description": "URL of a certificate map that identifies a certificate map associated with the given target proxy. This field can only be set for global target proxies. If set, sslCertificates will be ignored.",
+          "description": "URL of a certificate map that identifies a certificate map associated with the given target proxy. This field can only be set for global target proxies. If set, sslCertificates will be ignored. Accepted format is //certificatemanager.googleapis.com/projects/{project }/locations/{location}/certificateMaps/{resourceName}.",
           "type": "string"
         },
         "creationTimestamp": {
@@ -66125,6 +72276,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -66143,6 +72295,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -66154,6 +72336,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -66227,6 +72410,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -66245,6 +72429,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -66256,6 +72470,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -66440,6 +72655,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -66458,6 +72674,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -66469,6 +72715,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -66560,6 +72807,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -66578,6 +72826,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -66589,6 +72867,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -66665,6 +72944,18 @@
           "description": "[Output Only] Type of resource. Always compute#targetVpnGateway for target VPN gateways.",
           "type": "string"
         },
+        "labelFingerprint": {
+          "description": "A fingerprint for the labels being applied to this TargetVpnGateway, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a TargetVpnGateway.",
+          "format": "byte",
+          "type": "string"
+        },
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.",
+          "type": "object"
+        },
         "name": {
           "annotations": {
             "required": [
@@ -66769,6 +73060,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -66787,6 +73079,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -66798,6 +73120,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -66889,6 +73212,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -66907,6 +73231,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -66918,6 +73272,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -66991,6 +73346,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -67009,6 +73365,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -67020,6 +73406,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -67278,6 +73665,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -67296,6 +73684,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -67307,6 +73725,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -67495,6 +73914,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -67513,6 +73933,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -67524,6 +73974,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -67597,6 +74048,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -67615,6 +74067,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -67626,6 +74108,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -67720,6 +74203,10 @@
         "pathPrefixRewrite": {
           "description": "Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. The value must be from 1 to 1024 characters.",
           "type": "string"
+        },
+        "pathTemplateRewrite": {
+          "description": " If specified, the pattern rewrites the URL path (based on the :path header) using the HTTP template syntax. A corresponding path_template_match must be specified. Any template variables must exist in the path_template_match field. - -At least one variable must be specified in the path_template_match field - You can omit variables from the rewritten URL - The * and ** operators cannot be matched unless they have a corresponding variable name - e.g. {format=*} or {var=**}. For example, a path_template_match of /static/{format=**} could be rewritten as /static/content/{format} to prefix /content to the URL. Variables can also be re-ordered in a rewrite, so that /{country}/{format}/{suffix=**} can be rewritten as /content/{format}/{country}/{suffix}. At least one non-empty routeRules[].matchRules[].path_template_match is required. Only one of path_prefix_rewrite or path_template_rewrite may be specified.",
+          "type": "string"
         }
       },
       "type": "object"
@@ -67757,7 +74244,7 @@
           "type": "string"
         },
         "purpose": {
-          "description": "The purpose of the resource. This field can be either PRIVATE_RFC_1918 or INTERNAL_HTTPS_LOAD_BALANCER. A subnetwork with purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is reserved for Internal HTTP(S) Load Balancing. If unspecified, the purpose defaults to PRIVATE_RFC_1918. The enableFlowLogs field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER.",
+          "description": "The purpose of the resource. This field can be either PRIVATE, REGIONAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT, or INTERNAL_HTTPS_LOAD_BALANCER. PRIVATE is the default purpose for user-created subnets or subnets that are automatically created in auto mode networks. A subnet with purpose set to REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved for regional Envoy-based load balancers. A subnet with purpose set to PRIVATE_SERVICE_CONNECT is used to publish services using Private Service Connect. A subnet with purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a proxy-only subnet that can be used only by regional internal HTTP(S) load balancers. Note that REGIONAL_MANAGED_PROXY is the preferred setting for all regional Envoy load balancers. If unspecified, the subnet purpose defaults to PRIVATE. The enableFlowLogs field isn't supported if the subnet purpose field is set to REGIONAL_MANAGED_PROXY.",
           "enum": [
             "INTERNAL_HTTPS_LOAD_BALANCER",
             "PRIVATE",
@@ -67775,7 +74262,7 @@
           "type": "string"
         },
         "role": {
-          "description": "The role of subnetwork. Currently, this field is only used when purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently being used for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one that is ready to be promoted to ACTIVE or is currently draining. This field can be updated with a patch request.",
+          "description": "The role of subnetwork. Currently, this field is only used when purpose = REGIONAL_MANAGED_PROXY. The value can be set to ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently being used for Envoy-based load balancers in a region. A BACKUP subnetwork is one that is ready to be promoted to ACTIVE or is currently draining. This field can be updated with a patch request.",
           "enum": [
             "ACTIVE",
             "BACKUP"
@@ -67870,6 +74357,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -67888,6 +74376,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -67899,6 +74417,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -68104,6 +74623,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -68122,6 +74642,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -68133,6 +74683,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -68314,6 +74865,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -68332,6 +74884,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -68343,6 +74925,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -68434,6 +75017,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -68452,6 +75036,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -68463,6 +75077,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -68562,7 +75177,7 @@
           "type": "integer"
         },
         "peerGatewayInterface": {
-          "description": "The peer gateway interface this VPN tunnel is connected to, the peer gateway could either be an external VPN gateway or GCP VPN gateway.",
+          "description": "The peer gateway interface this VPN tunnel is connected to, the peer gateway could either be an external VPN gateway or a Google Cloud VPN gateway.",
           "format": "uint32",
           "type": "integer"
         },
@@ -68574,7 +75189,7 @@
       "type": "object"
     },
     "VpnGatewayStatusVpnConnection": {
-      "description": "A VPN connection contains all VPN tunnels connected from this VpnGateway to the same peer gateway. The peer gateway could either be a external VPN gateway or GCP VPN gateway.",
+      "description": "A VPN connection contains all VPN tunnels connected from this VpnGateway to the same peer gateway. The peer gateway could either be an external VPN gateway or a Google Cloud VPN gateway.",
       "id": "VpnGatewayStatusVpnConnection",
       "properties": {
         "peerExternalGateway": {
@@ -68654,6 +75269,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -68672,6 +75288,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -68683,6 +75329,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -68761,6 +75408,18 @@
           "description": "[Output Only] Type of resource. Always compute#vpnTunnel for VPN tunnels.",
           "type": "string"
         },
+        "labelFingerprint": {
+          "description": "A fingerprint for the labels being applied to this VpnTunnel, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a VpnTunnel.",
+          "format": "byte",
+          "type": "string"
+        },
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.",
+          "type": "object"
+        },
         "localTrafficSelector": {
           "description": "Local traffic selector to use when establishing the VPN tunnel with the peer VPN gateway. The value should be a CIDR formatted string, for example: 192.168.0.0/16. The ranges must be disjoint. Only IPv4 is supported.",
           "items": {
@@ -68923,6 +75582,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -68941,6 +75601,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -68952,6 +75642,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -69043,6 +75734,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -69061,6 +75753,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -69072,6 +75794,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -69145,6 +75868,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -69163,6 +75887,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -69174,6 +75928,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -69323,6 +76078,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -69341,6 +76097,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -69352,6 +76138,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
@@ -69530,6 +76317,7 @@
                 "INJECTED_KERNELS_DEPRECATED",
                 "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
                 "LARGE_DEPLOYMENT_WARNING",
+                "LIST_OVERHEAD_QUOTA_EXCEED",
                 "MISSING_TYPE_DEPENDENCY",
                 "NEXT_HOP_ADDRESS_NOT_ASSIGNED",
                 "NEXT_HOP_CANNOT_IP_FORWARD",
@@ -69548,6 +76336,36 @@
                 "UNDECLARED_PROPERTIES",
                 "UNREACHABLE"
               ],
+              "enumDeprecated": [
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                true,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false,
+                false
+              ],
               "enumDescriptions": [
                 "Warning about failed cleanup of transient changes made by a failed operation.",
                 "A link to a deprecated resource was created.",
@@ -69559,6 +76377,7 @@
                 "The operation involved use of an injected kernel, which is deprecated.",
                 "A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
                 "When deploying a deployment with a exceedingly large number of resources",
+                "Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
                 "A resource depends on a missing type",
                 "The route's nextHopIp address is not assigned to an instance on the network.",
                 "The route's next hop instance cannot ip forward.",
diff --git a/vendor/google.golang.org/api/compute/v1/compute-gen.go b/vendor/google.golang.org/api/compute/v1/compute-gen.go
index 8688fd223..811675da1 100644
--- a/vendor/google.golang.org/api/compute/v1/compute-gen.go
+++ b/vendor/google.golang.org/api/compute/v1/compute-gen.go
@@ -75,6 +75,7 @@ var _ = errors.New
 var _ = strings.Replace
 var _ = context.Canceled
 var _ = internaloption.WithDefaultEndpoint
+var _ = internal.Version
 
 const apiId = "compute:v1"
 const apiName = "compute"
@@ -172,6 +173,7 @@ func New(client *http.Client) (*Service, error) {
 	s.Instances = NewInstancesService(s)
 	s.InterconnectAttachments = NewInterconnectAttachmentsService(s)
 	s.InterconnectLocations = NewInterconnectLocationsService(s)
+	s.InterconnectRemoteLocations = NewInterconnectRemoteLocationsService(s)
 	s.Interconnects = NewInterconnectsService(s)
 	s.LicenseCodes = NewLicenseCodesService(s)
 	s.Licenses = NewLicensesService(s)
@@ -299,6 +301,8 @@ type Service struct {
 
 	InterconnectLocations *InterconnectLocationsService
 
+	InterconnectRemoteLocations *InterconnectRemoteLocationsService
+
 	Interconnects *InterconnectsService
 
 	LicenseCodes *LicenseCodesService
@@ -685,6 +689,15 @@ type InterconnectLocationsService struct {
 	s *Service
 }
 
+func NewInterconnectRemoteLocationsService(s *Service) *InterconnectRemoteLocationsService {
+	rs := &InterconnectRemoteLocationsService{s: s}
+	return rs
+}
+
+type InterconnectRemoteLocationsService struct {
+	s *Service
+}
+
 func NewInterconnectsService(s *Service) *InterconnectsService {
 	rs := &InterconnectsService{s: s}
 	return rs
@@ -1448,6 +1461,9 @@ type AcceleratorTypeAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -1638,6 +1654,9 @@ type AcceleratorTypeListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -1807,6 +1826,9 @@ type AcceleratorTypesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -1917,32 +1939,35 @@ func (s *AcceleratorTypesScopedListWarningData) MarshalJSON() ([]byte, error) {
 // AccessConfig: An access configuration attached to an instance's
 // network interface. Only one access config per instance is supported.
 type AccessConfig struct {
-	// ExternalIpv6: The first IPv6 address of the external IPv6 range
-	// associated with this instance, prefix length is stored in
-	// externalIpv6PrefixLength in ipv6AccessConfig. To use a static
-	// external IP address, it must be unused and in the same region as the
-	// instance's zone. If not specified, GCP will automatically assign an
-	// external IPv6 address from the instance's subnetwork.
+	// ExternalIpv6: Applies to ipv6AccessConfigs only. The first IPv6
+	// address of the external IPv6 range associated with this instance,
+	// prefix length is stored in externalIpv6PrefixLength in
+	// ipv6AccessConfig. To use a static external IP address, it must be
+	// unused and in the same region as the instance's zone. If not
+	// specified, Google Cloud will automatically assign an external IPv6
+	// address from the instance's subnetwork.
 	ExternalIpv6 string `json:"externalIpv6,omitempty"`
 
-	// ExternalIpv6PrefixLength: The prefix length of the external IPv6
-	// range.
+	// ExternalIpv6PrefixLength: Applies to ipv6AccessConfigs only. The
+	// prefix length of the external IPv6 range.
 	ExternalIpv6PrefixLength int64 `json:"externalIpv6PrefixLength,omitempty"`
 
 	// Kind: [Output Only] Type of the resource. Always compute#accessConfig
 	// for access configs.
 	Kind string `json:"kind,omitempty"`
 
-	// Name: The name of this access configuration. The default and
-	// recommended name is External NAT, but you can use any arbitrary
-	// string, such as My external IP or Network Access.
+	// Name: The name of this access configuration. In accessConfigs (IPv4),
+	// the default and recommended name is External NAT, but you can use any
+	// arbitrary string, such as My external IP or Network Access. In
+	// ipv6AccessConfigs, the recommend name is External IPv6.
 	Name string `json:"name,omitempty"`
 
-	// NatIP: An external IP address associated with this instance. Specify
-	// an unused static external IP address available to the project or
-	// leave this field undefined to use an IP from a shared ephemeral IP
-	// address pool. If you specify a static external IP address, it must
-	// live in the same region as the zone of the instance.
+	// NatIP: Applies to accessConfigs (IPv4) only. An external IP address
+	// associated with this instance. Specify an unused static external IP
+	// address available to the project or leave this field undefined to use
+	// an IP from a shared ephemeral IP address pool. If you specify a
+	// static external IP address, it must live in the same region as the
+	// zone of the instance.
 	NatIP string `json:"natIP,omitempty"`
 
 	// NetworkTier: This signifies the networking tier used for configuring
@@ -1978,12 +2003,13 @@ type AccessConfig struct {
 	// associated.
 	SetPublicPtr bool `json:"setPublicPtr,omitempty"`
 
-	// Type: The type of configuration. The default and only option is
-	// ONE_TO_ONE_NAT.
+	// Type: The type of configuration. In accessConfigs (IPv4), the default
+	// and only option is ONE_TO_ONE_NAT. In ipv6AccessConfigs, the default
+	// and only option is DIRECT_IPV6.
 	//
 	// Possible values:
 	//   "DIRECT_IPV6"
-	//   "ONE_TO_ONE_NAT" (default)
+	//   "ONE_TO_ONE_NAT"
 	Type string `json:"type,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g. "ExternalIpv6") to
@@ -2042,8 +2068,7 @@ type Address struct {
 	Id uint64 `json:"id,omitempty,string"`
 
 	// IpVersion: The IP version that will be used by this address. Valid
-	// options are IPV4 or IPV6. This can only be specified for a global
-	// address.
+	// options are IPV4 or IPV6.
 	//
 	// Possible values:
 	//   "IPV4"
@@ -2065,6 +2090,21 @@ type Address struct {
 	// addresses.
 	Kind string `json:"kind,omitempty"`
 
+	// LabelFingerprint: A fingerprint for the labels being applied to this
+	// Address, which is essentially a hash of the labels set used for
+	// optimistic locking. The fingerprint is initially generated by Compute
+	// Engine and changes after every request to modify or update labels.
+	// You must always provide an up-to-date fingerprint hash in order to
+	// update or change labels, otherwise the request will fail with error
+	// 412 conditionNotMet. To see the latest fingerprint, make a get()
+	// request to retrieve an Address.
+	LabelFingerprint string `json:"labelFingerprint,omitempty"`
+
+	// Labels: Labels for this resource. These can only be added or modified
+	// by the setLabels method. Each label key/value pair must comply with
+	// RFC1035. Label values may be empty.
+	Labels map[string]string `json:"labels,omitempty"`
+
 	// Name: Name of the resource. Provided by the client when the resource
 	// is created. The name must be 1-63 characters long, and comply with
 	// RFC1035. Specifically, the name must be 1-63 characters long and
@@ -2285,6 +2325,9 @@ type AddressAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -2474,6 +2517,9 @@ type AddressListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -2641,6 +2687,9 @@ type AddressesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -3140,6 +3189,17 @@ type AttachedDisk struct {
 	// read-write mode.
 	Mode string `json:"mode,omitempty"`
 
+	// SavedState: For LocalSSD disks on VM Instances in STOPPED or
+	// SUSPENDED state, this field is set to PRESERVED if the LocalSSD data
+	// has been saved to a persistent location by customer request. (see the
+	// discard_local_ssd option on Stop/Suspend). Read-only in the api.
+	//
+	// Possible values:
+	//   "DISK_SAVED_STATE_UNSPECIFIED" - *[Default]* Disk state has not
+	// been preserved.
+	//   "PRESERVED" - Disk state has been preserved.
+	SavedState string `json:"savedState,omitempty"`
+
 	// ShieldedInstanceInitialState: [Output Only] shielded vm initial state
 	// stored on disk
 	ShieldedInstanceInitialState *InitialStateConfig `json:"shieldedInstanceInitialState,omitempty"`
@@ -3263,6 +3323,18 @@ type AttachedDiskInitializeParams struct {
 	// see the Extreme persistent disk documentation.
 	ProvisionedIops int64 `json:"provisionedIops,omitempty,string"`
 
+	// ProvisionedThroughput: Indicates how much throughput to provision for
+	// the disk. This sets the number of throughput mb per second that the
+	// disk can handle. Values must be between 1 and 7,124.
+	ProvisionedThroughput int64 `json:"provisionedThroughput,omitempty,string"`
+
+	// ReplicaZones: Required for each regional disk associated with the
+	// instance. Specify the URLs of the zones where the disk should be
+	// replicated to. You must provide exactly two replica zones, and one
+	// zone must be the same as the instance zone. You can't use this option
+	// with boot disks.
+	ReplicaZones []string `json:"replicaZones,omitempty"`
+
 	// ResourceManagerTags: Resource manager tags to be bound to the disk.
 	// Tag keys and values have the same definition as resource manager
 	// tags. Keys must be in the format `tagKeys/{tag_key_id}`, and values
@@ -3681,6 +3753,9 @@ type AutoscalerAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -3870,6 +3945,9 @@ type AutoscalerListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -4153,6 +4231,9 @@ type AutoscalersScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -4262,15 +4343,17 @@ func (s *AutoscalersScopedListWarningData) MarshalJSON() ([]byte, error) {
 
 // AutoscalingPolicy: Cloud Autoscaler policy.
 type AutoscalingPolicy struct {
-	// CoolDownPeriodSec: The number of seconds that the autoscaler waits
-	// before it starts collecting information from a new instance. This
-	// prevents the autoscaler from collecting information when the instance
-	// is initializing, during which the collected usage would not be
-	// reliable. The default time autoscaler waits is 60 seconds. Virtual
-	// machine initialization times might vary because of numerous factors.
-	// We recommend that you test how long an instance may take to
-	// initialize. To do this, create an instance and time the startup
-	// process.
+	// CoolDownPeriodSec: The number of seconds that your application takes
+	// to initialize on a VM instance. This is referred to as the
+	// initialization period (/compute/docs/autoscaler#cool_down_period).
+	// Specifying an accurate initialization period improves autoscaler
+	// decisions. For example, when scaling out, the autoscaler ignores data
+	// from VMs that are still initializing because those VMs might not yet
+	// represent normal usage of your application. The default
+	// initialization period is 60 seconds. Initialization periods might
+	// vary because of numerous factors. We recommend that you test how long
+	// your application takes to initialize. To do this, create a VM and
+	// time your application's startup process.
 	CoolDownPeriodSec int64 `json:"coolDownPeriodSec,omitempty"`
 
 	// CpuUtilization: Defines the CPU utilization policy that allows the
@@ -4298,7 +4381,12 @@ type AutoscalingPolicy struct {
 	// instances allowed.
 	MinNumReplicas int64 `json:"minNumReplicas,omitempty"`
 
-	// Mode: Defines operating mode for this policy.
+	// Mode: Defines the operating mode for this policy. The following modes
+	// are available: - OFF: Disables the autoscaler but maintains its
+	// configuration. - ONLY_SCALE_OUT: Restricts the autoscaler to add VM
+	// instances only. - ON: Enables all autoscaler activities according to
+	// its policy. For more information, see "Turning off or restricting an
+	// autoscaler"
 	//
 	// Possible values:
 	//   "OFF" - Do not automatically scale the MIG in or out. The
@@ -4834,8 +4922,8 @@ type BackendBucket struct {
 	// format.
 	CreationTimestamp string `json:"creationTimestamp,omitempty"`
 
-	// CustomResponseHeaders: Headers that the HTTP/S load balancer should
-	// add to proxied responses.
+	// CustomResponseHeaders: Headers that the Application Load Balancer
+	// should add to proxied responses.
 	CustomResponseHeaders []string `json:"customResponseHeaders,omitempty"`
 
 	// Description: An optional textual description of the resource;
@@ -5246,6 +5334,9 @@ type BackendBucketListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -5591,6 +5682,10 @@ type BackendService struct {
 	// loadBalancingScheme of the backend service is INTERNAL_SELF_MANAGED.
 	MaxStreamDuration *Duration `json:"maxStreamDuration,omitempty"`
 
+	// Metadatas: Deployment metadata associated with the resource to be set
+	// by a GKE hub controller and read by the backend RCTH
+	Metadatas map[string]string `json:"metadatas,omitempty"`
+
 	// Name: Name of the resource. Provided by the client when the resource
 	// is created. The name must be 1-63 characters long, and comply with
 	// RFC1035. Specifically, the name must be 1-63 characters long and
@@ -5605,13 +5700,32 @@ type BackendService struct {
 	// scheme is set to INTERNAL.
 	Network string `json:"network,omitempty"`
 
-	// OutlierDetection: Settings controlling the eviction of unhealthy
-	// hosts from the load balancing pool for the backend service. If not
-	// set, this feature is considered disabled. This field is applicable to
-	// either: - A regional backend service with the service_protocol set to
-	// HTTP, HTTPS, HTTP2, or GRPC, and load_balancing_scheme set to
-	// INTERNAL_MANAGED. - A global backend service with the
-	// load_balancing_scheme set to INTERNAL_SELF_MANAGED.
+	// OutlierDetection: Settings controlling the ejection of unhealthy
+	// backend endpoints from the load balancing pool of each individual
+	// proxy instance that processes the traffic for the given backend
+	// service. If not set, this feature is considered disabled. Results of
+	// the outlier detection algorithm (ejection of endpoints from the load
+	// balancing pool and returning them back to the pool) are executed
+	// independently by each proxy instance of the load balancer. In most
+	// cases, more than one proxy instance handles the traffic received by a
+	// backend service. Thus, it is possible that an unhealthy endpoint is
+	// detected and ejected by only some of the proxies, and while this
+	// happens, other proxies may continue to send requests to the same
+	// unhealthy endpoint until they detect and eject the unhealthy
+	// endpoint. Applicable backend endpoints can be: - VM instances in an
+	// Instance Group - Endpoints in a Zonal NEG (GCE_VM_IP, GCE_VM_IP_PORT)
+	// - Endpoints in a Hybrid Connectivity NEG (NON_GCP_PRIVATE_IP_PORT) -
+	// Serverless NEGs, that resolve to Cloud Run, App Engine, or Cloud
+	// Functions Services - Private Service Connect NEGs, that resolve to
+	// Google-managed regional API endpoints or managed services published
+	// using Private Service Connect Applicable backend service types can
+	// be: - A global backend service with the loadBalancingScheme set to
+	// INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. - A regional backend
+	// service with the serviceProtocol set to HTTP, HTTPS, or HTTP2, and
+	// loadBalancingScheme set to INTERNAL_MANAGED or EXTERNAL_MANAGED. Not
+	// supported for Serverless NEGs. Not supported when the backend service
+	// is referenced by a URL map that is bound to target gRPC proxy that
+	// has validateForProxyless field set to true.
 	OutlierDetection *OutlierDetection `json:"outlierDetection,omitempty"`
 
 	// Port: Deprecated in favor of portName. The TCP port to connect on the
@@ -5835,6 +5949,9 @@ type BackendServiceAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -6505,6 +6622,9 @@ type BackendServiceListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -6906,6 +7026,9 @@ type BackendServicesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -7340,6 +7463,44 @@ func (s *Binding) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+// BulkInsertDiskResource: A transient resource used in
+// compute.disks.bulkInsert and compute.regionDisks.bulkInsert. It is
+// only used to process requests and is not persisted.
+type BulkInsertDiskResource struct {
+	// SourceConsistencyGroupPolicy: The URL of the
+	// DiskConsistencyGroupPolicy for the group of disks to clone. This may
+	// be a full or partial URL, such as: -
+	// https://www.googleapis.com/compute/v1/projects/project/regions/region
+	// /resourcePolicies/resourcePolicy -
+	// projects/project/regions/region/resourcePolicies/resourcePolicy -
+	// regions/region/resourcePolicies/resourcePolicy
+	SourceConsistencyGroupPolicy string `json:"sourceConsistencyGroupPolicy,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g.
+	// "SourceConsistencyGroupPolicy") to unconditionally include in API
+	// requests. By default, fields with empty or default values are omitted
+	// from API requests. However, any non-pointer, non-interface field
+	// appearing in ForceSendFields will be sent to the server regardless of
+	// whether the field is empty or not. This may be used to include empty
+	// fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g.
+	// "SourceConsistencyGroupPolicy") to include in API requests with the
+	// JSON null value. By default, fields with empty values are omitted
+	// from API requests. However, any field with an empty value appearing
+	// in NullFields will be sent to the server as null. It is an error if a
+	// field in this list has a non-empty value. This may be used to include
+	// null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *BulkInsertDiskResource) MarshalJSON() ([]byte, error) {
+	type NoMethod BulkInsertDiskResource
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 // BulkInsertInstanceResource: A transient resource used in
 // compute.instances.bulkInsert and compute.regionInstances.bulkInsert .
 // This resource is not persisted anywhere, it is used only for
@@ -7685,7 +7846,7 @@ type Commitment struct {
 	// SelfLink: [Output Only] Server-defined URL for the resource.
 	SelfLink string `json:"selfLink,omitempty"`
 
-	// SplitSourceCommitment: Source commitment to be splitted into a new
+	// SplitSourceCommitment: Source commitment to be split into a new
 	// commitment.
 	SplitSourceCommitment string `json:"splitSourceCommitment,omitempty"`
 
@@ -7726,6 +7887,7 @@ type Commitment struct {
 	//   "GENERAL_PURPOSE_N2"
 	//   "GENERAL_PURPOSE_N2D"
 	//   "GENERAL_PURPOSE_T2D"
+	//   "GRAPHICS_OPTIMIZED"
 	//   "MEMORY_OPTIMIZED"
 	//   "MEMORY_OPTIMIZED_M3"
 	//   "TYPE_UNSPECIFIED"
@@ -7843,6 +8005,9 @@ type CommitmentAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -8032,6 +8197,9 @@ type CommitmentListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -8200,6 +8368,9 @@ type CommitmentsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -8595,7 +8766,10 @@ type CustomerEncryptionKey struct {
 	// KmsKeyName: The name of the encryption key that is stored in Google
 	// Cloud KMS. For example: "kmsKeyName":
 	// "projects/kms_project_id/locations/region/keyRings/
-	// key_region/cryptoKeys/key
+	// key_region/cryptoKeys/key The fully-qualifed key name may be returned
+	// for resource GET requests. For example: "kmsKeyName":
+	// "projects/kms_project_id/locations/region/keyRings/
+	// key_region/cryptoKeys/key /cryptoKeyVersions/1
 	KmsKeyName string `json:"kmsKeyName,omitempty"`
 
 	// KmsKeyServiceAccount: The service account being used for the
@@ -8773,6 +8947,13 @@ type Disk struct {
 	//   "X86_64" - Machines with architecture X86_64
 	Architecture string `json:"architecture,omitempty"`
 
+	// AsyncPrimaryDisk: Disk asynchronously replicated into this disk.
+	AsyncPrimaryDisk *DiskAsyncReplication `json:"asyncPrimaryDisk,omitempty"`
+
+	// AsyncSecondaryDisks: [Output Only] A list of disks this disk is
+	// asynchronously replicated to.
+	AsyncSecondaryDisks map[string]DiskAsyncReplicationList `json:"asyncSecondaryDisks,omitempty"`
+
 	// CreationTimestamp: [Output Only] Creation timestamp in RFC3339 text
 	// format.
 	CreationTimestamp string `json:"creationTimestamp,omitempty"`
@@ -8877,6 +9058,11 @@ type Disk struct {
 	// see the Extreme persistent disk documentation.
 	ProvisionedIops int64 `json:"provisionedIops,omitempty,string"`
 
+	// ProvisionedThroughput: Indicates how much throughput to provision for
+	// the disk. This sets the number of throughput mb per second that the
+	// disk can handle. Values must be between 1 and 7,124.
+	ProvisionedThroughput int64 `json:"provisionedThroughput,omitempty,string"`
+
 	// Region: [Output Only] URL of the region where the disk resides. Only
 	// applicable for regional resources. You must specify this field as
 	// part of the HTTP request URL. It is not settable as a field in the
@@ -8891,6 +9077,10 @@ type Disk struct {
 	// automatic snapshot creations.
 	ResourcePolicies []string `json:"resourcePolicies,omitempty"`
 
+	// ResourceStatus: [Output Only] Status information for the disk
+	// resource.
+	ResourceStatus *DiskResourceStatus `json:"resourceStatus,omitempty"`
+
 	// SatisfiesPzs: [Output Only] Reserved for future use.
 	SatisfiesPzs bool `json:"satisfiesPzs,omitempty"`
 
@@ -8906,6 +9096,16 @@ type Disk struct {
 	// source. Acceptable values are 1 to 65536, inclusive.
 	SizeGb int64 `json:"sizeGb,omitempty,string"`
 
+	// SourceConsistencyGroupPolicy: [Output Only] URL of the
+	// DiskConsistencyGroupPolicy for a secondary disk that was created
+	// using a consistency group.
+	SourceConsistencyGroupPolicy string `json:"sourceConsistencyGroupPolicy,omitempty"`
+
+	// SourceConsistencyGroupPolicyId: [Output Only] ID of the
+	// DiskConsistencyGroupPolicy for a secondary disk that was created
+	// using a consistency group.
+	SourceConsistencyGroupPolicyId string `json:"sourceConsistencyGroupPolicyId,omitempty"`
+
 	// SourceDisk: The source disk used to create this disk. You can provide
 	// this as a partial or full URL to the resource. For example, the
 	// following are valid values: -
@@ -9123,6 +9323,9 @@ type DiskAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -9230,6 +9433,86 @@ func (s *DiskAggregatedListWarningData) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+type DiskAsyncReplication struct {
+	// ConsistencyGroupPolicy: [Output Only] URL of the
+	// DiskConsistencyGroupPolicy if replication was started on the disk as
+	// a member of a group.
+	ConsistencyGroupPolicy string `json:"consistencyGroupPolicy,omitempty"`
+
+	// ConsistencyGroupPolicyId: [Output Only] ID of the
+	// DiskConsistencyGroupPolicy if replication was started on the disk as
+	// a member of a group.
+	ConsistencyGroupPolicyId string `json:"consistencyGroupPolicyId,omitempty"`
+
+	// Disk: The other disk asynchronously replicated to or from the current
+	// disk. You can provide this as a partial or full URL to the resource.
+	// For example, the following are valid values: -
+	// https://www.googleapis.com/compute/v1/projects/project/zones/zone
+	// /disks/disk - projects/project/zones/zone/disks/disk -
+	// zones/zone/disks/disk
+	Disk string `json:"disk,omitempty"`
+
+	// DiskId: [Output Only] The unique ID of the other disk asynchronously
+	// replicated to or from the current disk. This value identifies the
+	// exact disk that was used to create this replication. For example, if
+	// you started replicating the persistent disk from a disk that was
+	// later deleted and recreated under the same name, the disk ID would
+	// identify the exact version of the disk that was used.
+	DiskId string `json:"diskId,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g.
+	// "ConsistencyGroupPolicy") to unconditionally include in API requests.
+	// By default, fields with empty or default values are omitted from API
+	// requests. However, any non-pointer, non-interface field appearing in
+	// ForceSendFields will be sent to the server regardless of whether the
+	// field is empty or not. This may be used to include empty fields in
+	// Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "ConsistencyGroupPolicy")
+	// to include in API requests with the JSON null value. By default,
+	// fields with empty values are omitted from API requests. However, any
+	// field with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *DiskAsyncReplication) MarshalJSON() ([]byte, error) {
+	type NoMethod DiskAsyncReplication
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type DiskAsyncReplicationList struct {
+	AsyncReplicationDisk *DiskAsyncReplication `json:"asyncReplicationDisk,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g.
+	// "AsyncReplicationDisk") to unconditionally include in API requests.
+	// By default, fields with empty or default values are omitted from API
+	// requests. However, any non-pointer, non-interface field appearing in
+	// ForceSendFields will be sent to the server regardless of whether the
+	// field is empty or not. This may be used to include empty fields in
+	// Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "AsyncReplicationDisk") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *DiskAsyncReplicationList) MarshalJSON() ([]byte, error) {
+	type NoMethod DiskAsyncReplicationList
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 // DiskInstantiationConfig: A specification of the desired way to
 // instantiate a disk in the instance template when its created from a
 // source instance.
@@ -9392,6 +9675,9 @@ type DiskListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -9571,6 +9857,70 @@ func (s *DiskParams) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+type DiskResourceStatus struct {
+	AsyncPrimaryDisk *DiskResourceStatusAsyncReplicationStatus `json:"asyncPrimaryDisk,omitempty"`
+
+	// AsyncSecondaryDisks: Key: disk, value: AsyncReplicationStatus message
+	AsyncSecondaryDisks map[string]DiskResourceStatusAsyncReplicationStatus `json:"asyncSecondaryDisks,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "AsyncPrimaryDisk") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "AsyncPrimaryDisk") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *DiskResourceStatus) MarshalJSON() ([]byte, error) {
+	type NoMethod DiskResourceStatus
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type DiskResourceStatusAsyncReplicationStatus struct {
+	// Possible values:
+	//   "ACTIVE" - Replication is active.
+	//   "CREATED" - Secondary disk is created and is waiting for
+	// replication to start.
+	//   "STARTING" - Replication is starting.
+	//   "STATE_UNSPECIFIED"
+	//   "STOPPED" - Replication is stopped.
+	//   "STOPPING" - Replication is stopping.
+	State string `json:"state,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "State") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "State") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *DiskResourceStatusAsyncReplicationStatus) MarshalJSON() ([]byte, error) {
+	type NoMethod DiskResourceStatusAsyncReplicationStatus
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 // DiskType: Represents a Disk Type resource. Google Compute Engine has
 // two Disk Type resources: * Regional
 // (/compute/docs/reference/rest/v1/regionDiskTypes) * Zonal
@@ -9739,6 +10089,9 @@ type DiskTypeAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -9928,6 +10281,9 @@ type DiskTypeListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -10096,6 +10452,9 @@ type DiskTypesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -10348,6 +10707,9 @@ type DisksScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -10455,6 +10817,79 @@ func (s *DisksScopedListWarningData) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+type DisksStartAsyncReplicationRequest struct {
+	// AsyncSecondaryDisk: The secondary disk to start asynchronous
+	// replication to. You can provide this as a partial or full URL to the
+	// resource. For example, the following are valid values: -
+	// https://www.googleapis.com/compute/v1/projects/project/zones/zone
+	// /disks/disk -
+	// https://www.googleapis.com/compute/v1/projects/project/regions/region
+	// /disks/disk - projects/project/zones/zone/disks/disk -
+	// projects/project/regions/region/disks/disk - zones/zone/disks/disk -
+	// regions/region/disks/disk
+	AsyncSecondaryDisk string `json:"asyncSecondaryDisk,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "AsyncSecondaryDisk")
+	// to unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "AsyncSecondaryDisk") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *DisksStartAsyncReplicationRequest) MarshalJSON() ([]byte, error) {
+	type NoMethod DisksStartAsyncReplicationRequest
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// DisksStopGroupAsyncReplicationResource: A transient resource used in
+// compute.disks.stopGroupAsyncReplication and
+// compute.regionDisks.stopGroupAsyncReplication. It is only used to
+// process requests and is not persisted.
+type DisksStopGroupAsyncReplicationResource struct {
+	// ResourcePolicy: The URL of the DiskConsistencyGroupPolicy for the
+	// group of disks to stop. This may be a full or partial URL, such as: -
+	// https://www.googleapis.com/compute/v1/projects/project/regions/region
+	// /resourcePolicies/resourcePolicy -
+	// projects/project/regions/region/resourcePolicies/resourcePolicy -
+	// regions/region/resourcePolicies/resourcePolicy
+	ResourcePolicy string `json:"resourcePolicy,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "ResourcePolicy") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "ResourcePolicy") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *DisksStopGroupAsyncReplicationResource) MarshalJSON() ([]byte, error) {
+	type NoMethod DisksStopGroupAsyncReplicationResource
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 // DisplayDevice: A set of Display Device options
 type DisplayDevice struct {
 	// EnableDisplay: Defines whether the instance has Display enabled.
@@ -10493,6 +10928,11 @@ type DistributionPolicy struct {
 	// the requested number of VMs within present resource constraints and
 	// to maximize utilization of unused zonal reservations. Recommended for
 	// batch workloads that do not require high availability.
+	//   "ANY_SINGLE_ZONE" - The group creates all VM instances within a
+	// single zone. The zone is selected based on the present resource
+	// constraints and to maximize utilization of unused zonal reservations.
+	// Recommended for batch workloads with heavy interprocess
+	// communication.
 	//   "BALANCED" - The group prioritizes acquisition of resources,
 	// scheduling VMs in zones where resources are available while
 	// distributing VMs as evenly as possible across selected zones to
@@ -10791,6 +11231,9 @@ type ExchangedPeeringRoutesListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -11200,6 +11643,9 @@ type ExternalVpnGatewayListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -11669,6 +12115,9 @@ type FirewallListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -12092,6 +12541,9 @@ type FirewallPolicyListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -12303,38 +12755,77 @@ func (s *FirewallPolicyRule) MarshalJSON() ([]byte, error) {
 // FirewallPolicyRuleMatcher: Represents a match condition that incoming
 // traffic is evaluated against. Exactly one field must be specified.
 type FirewallPolicyRuleMatcher struct {
+	// DestAddressGroups: Address groups which should be matched against the
+	// traffic destination. Maximum number of destination address groups is
+	// 10.
+	DestAddressGroups []string `json:"destAddressGroups,omitempty"`
+
+	// DestFqdns: Fully Qualified Domain Name (FQDN) which should be matched
+	// against traffic destination. Maximum number of destination fqdn
+	// allowed is 100.
+	DestFqdns []string `json:"destFqdns,omitempty"`
+
 	// DestIpRanges: CIDR IP address range. Maximum number of destination
 	// CIDR IP ranges allowed is 5000.
 	DestIpRanges []string `json:"destIpRanges,omitempty"`
 
+	// DestRegionCodes: Region codes whose IP addresses will be used to
+	// match for destination of traffic. Should be specified as 2 letter
+	// country code defined as per ISO 3166 alpha-2 country codes. ex."US"
+	// Maximum number of dest region codes allowed is 5000.
+	DestRegionCodes []string `json:"destRegionCodes,omitempty"`
+
+	// DestThreatIntelligences: Names of Network Threat Intelligence lists.
+	// The IPs in these lists will be matched against traffic destination.
+	DestThreatIntelligences []string `json:"destThreatIntelligences,omitempty"`
+
 	// Layer4Configs: Pairs of IP protocols and ports that the rule should
 	// match.
 	Layer4Configs []*FirewallPolicyRuleMatcherLayer4Config `json:"layer4Configs,omitempty"`
 
+	// SrcAddressGroups: Address groups which should be matched against the
+	// traffic source. Maximum number of source address groups is 10.
+	SrcAddressGroups []string `json:"srcAddressGroups,omitempty"`
+
+	// SrcFqdns: Fully Qualified Domain Name (FQDN) which should be matched
+	// against traffic source. Maximum number of source fqdn allowed is 100.
+	SrcFqdns []string `json:"srcFqdns,omitempty"`
+
 	// SrcIpRanges: CIDR IP address range. Maximum number of source CIDR IP
 	// ranges allowed is 5000.
 	SrcIpRanges []string `json:"srcIpRanges,omitempty"`
 
+	// SrcRegionCodes: Region codes whose IP addresses will be used to match
+	// for source of traffic. Should be specified as 2 letter country code
+	// defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number
+	// of source region codes allowed is 5000.
+	SrcRegionCodes []string `json:"srcRegionCodes,omitempty"`
+
 	// SrcSecureTags: List of secure tag values, which should be matched at
 	// the source of the traffic. For INGRESS rule, if all the srcSecureTag
 	// are INEFFECTIVE, and there is no srcIpRange, this rule will be
 	// ignored. Maximum number of source tag values allowed is 256.
 	SrcSecureTags []*FirewallPolicyRuleSecureTag `json:"srcSecureTags,omitempty"`
 
-	// ForceSendFields is a list of field names (e.g. "DestIpRanges") to
-	// unconditionally include in API requests. By default, fields with
+	// SrcThreatIntelligences: Names of Network Threat Intelligence lists.
+	// The IPs in these lists will be matched against traffic source.
+	SrcThreatIntelligences []string `json:"srcThreatIntelligences,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "DestAddressGroups")
+	// to unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
 	// non-pointer, non-interface field appearing in ForceSendFields will be
 	// sent to the server regardless of whether the field is empty or not.
 	// This may be used to include empty fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "DestIpRanges") to include
-	// in API requests with the JSON null value. By default, fields with
-	// empty values are omitted from API requests. However, any field with
-	// an empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
+	// NullFields is a list of field names (e.g. "DestAddressGroups") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
 	NullFields []string `json:"-"`
 }
 
@@ -12528,17 +13019,32 @@ type ForwardingRule struct {
 
 	// AllowGlobalAccess: This field is used along with the backend_service
 	// field for internal load balancing or with the target field for
-	// internal TargetInstance. If the field is set to TRUE, clients can
-	// access ILB from all regions. Otherwise only allows access from
-	// clients in the same region as the internal load balancer.
+	// internal TargetInstance. If set to true, clients can access the
+	// Internal TCP/UDP Load Balancer, Internal HTTP(S) and TCP Proxy Load
+	// Balancer from all regions. If false, only allows access from the
+	// local region the load balancer is located at. Note that for
+	// INTERNAL_MANAGED forwarding rules, this field cannot be changed after
+	// the forwarding rule is created.
 	AllowGlobalAccess bool `json:"allowGlobalAccess,omitempty"`
 
+	// AllowPscGlobalAccess: This is used in PSC consumer ForwardingRule to
+	// control whether the PSC endpoint can be accessed from another region.
+	AllowPscGlobalAccess bool `json:"allowPscGlobalAccess,omitempty"`
+
 	// BackendService: Identifies the backend service to which the
 	// forwarding rule sends traffic. Required for Internal TCP/UDP Load
 	// Balancing and Network Load Balancing; must be omitted for all other
 	// load balancer types.
 	BackendService string `json:"backendService,omitempty"`
 
+	// BaseForwardingRule: [Output Only] The URL for the corresponding base
+	// Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule
+	// that has the same IP address, protocol, and port settings with the
+	// current Forwarding Rule, but without sourceIPRanges specified. Always
+	// empty if the current Forwarding Rule does not have sourceIPRanges
+	// specified.
+	BaseForwardingRule string `json:"baseForwardingRule,omitempty"`
+
 	// CreationTimestamp: [Output Only] Creation timestamp in RFC3339 text
 	// format.
 	CreationTimestamp string `json:"creationTimestamp,omitempty"`
@@ -12643,9 +13149,10 @@ type ForwardingRule struct {
 	// Network: This field is not used for external load balancing. For
 	// Internal TCP/UDP Load Balancing, this field identifies the network
 	// that the load balanced IP should belong to for this Forwarding Rule.
-	// If this field is not specified, the default network will be used. For
-	// Private Service Connect forwarding rules that forward traffic to
-	// Google APIs, a network must be provided.
+	// If the subnetwork is specified, the network of the subnetwork will be
+	// used. If neither subnetwork nor this field is specified, the default
+	// network will be used. For Private Service Connect forwarding rules
+	// that forward traffic to Google APIs, a network must be provided.
 	Network string `json:"network,omitempty"`
 
 	// NetworkTier: This signifies the networking tier used for configuring
@@ -12751,6 +13258,15 @@ type ForwardingRule struct {
 	// balancing.
 	ServiceName string `json:"serviceName,omitempty"`
 
+	// SourceIpRanges: If not empty, this Forwarding Rule will only forward
+	// the traffic when the source IP address matches one of the IP
+	// addresses or CIDR ranges set here. Note that a Forwarding Rule can
+	// only have up to 64 source IP ranges, and this field can only be used
+	// with a regional Forwarding Rule whose scheme is EXTERNAL. Each
+	// source_ip_range entry should be either an IP address (for example,
+	// 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
+	SourceIpRanges []string `json:"sourceIpRanges,omitempty"`
+
 	// Subnetwork: This field identifies the subnetwork that the load
 	// balanced IP should belong to for this Forwarding Rule, used in
 	// internal load balancing and network load balancing with IPv6. If the
@@ -12886,6 +13402,9 @@ type ForwardingRuleAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -13075,6 +13594,9 @@ type ForwardingRuleListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -13313,6 +13835,9 @@ type ForwardingRulesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -13494,6 +14019,43 @@ func (s *GRPCHealthCheck) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+type GlobalAddressesMoveRequest struct {
+	// Description: An optional destination address description if intended
+	// to be different from the source.
+	Description string `json:"description,omitempty"`
+
+	// DestinationAddress: The URL of the destination address to move to.
+	// This can be a full or partial URL. For example, the following are all
+	// valid URLs to a address: -
+	// https://www.googleapis.com/compute/v1/projects/project
+	// /global/addresses/address - projects/project/global/addresses/address
+	// Note that destination project must be different from the source
+	// project. So /global/addresses/address is not valid partial url.
+	DestinationAddress string `json:"destinationAddress,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Description") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Description") to include
+	// in API requests with the JSON null value. By default, fields with
+	// empty values are omitted from API requests. However, any field with
+	// an empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *GlobalAddressesMoveRequest) MarshalJSON() ([]byte, error) {
+	type NoMethod GlobalAddressesMoveRequest
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 type GlobalNetworkEndpointGroupsAttachEndpointsRequest struct {
 	// NetworkEndpoints: The list of network endpoints to be attached.
 	NetworkEndpoints []*NetworkEndpoint `json:"networkEndpoints,omitempty"`
@@ -13783,8 +14345,8 @@ type GuestOsFeature struct {
 	// commas to separate values. Set to one or more of the following
 	// values: - VIRTIO_SCSI_MULTIQUEUE - WINDOWS - MULTI_IP_SUBNET -
 	// UEFI_COMPATIBLE - GVNIC - SEV_CAPABLE - SUSPEND_RESUME_COMPATIBLE -
-	// SEV_SNP_CAPABLE For more information, see Enabling guest operating
-	// system features.
+	// SEV_LIVE_MIGRATABLE - SEV_SNP_CAPABLE For more information, see
+	// Enabling guest operating system features.
 	//
 	// Possible values:
 	//   "FEATURE_TYPE_UNSPECIFIED"
@@ -13792,6 +14354,7 @@ type GuestOsFeature struct {
 	//   "MULTI_IP_SUBNET"
 	//   "SECURE_BOOT"
 	//   "SEV_CAPABLE"
+	//   "SEV_LIVE_MIGRATABLE"
 	//   "SEV_SNP_CAPABLE"
 	//   "UEFI_COMPATIBLE"
 	//   "VIRTIO_SCSI_MULTIQUEUE"
@@ -14109,12 +14672,12 @@ func (s *HTTPSHealthCheck) MarshalJSON() ([]byte, error) {
 // (/compute/docs/reference/rest/v1/regionHealthChecks) Internal HTTP(S)
 // load balancers must use regional health checks
 // (`compute.v1.regionHealthChecks`). Traffic Director must use global
-// health checks (`compute.v1.HealthChecks`). Internal TCP/UDP load
+// health checks (`compute.v1.healthChecks`). Internal TCP/UDP load
 // balancers can use either regional or global health checks
-// (`compute.v1.regionHealthChecks` or `compute.v1.HealthChecks`).
+// (`compute.v1.regionHealthChecks` or `compute.v1.healthChecks`).
 // External HTTP(S), TCP proxy, and SSL proxy load balancers as well as
 // managed instance group auto-healing must use global health checks
-// (`compute.v1.HealthChecks`). Backend service-based network load
+// (`compute.v1.healthChecks`). Backend service-based network load
 // balancers must use regional health checks
 // (`compute.v1.regionHealthChecks`). Target pool-based network load
 // balancers must use legacy HTTP health checks
@@ -14309,6 +14872,9 @@ type HealthCheckListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -14715,6 +15281,9 @@ type HealthCheckServicesListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -14906,6 +15475,9 @@ type HealthChecksAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -15073,6 +15645,9 @@ type HealthChecksScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -15192,7 +15767,7 @@ type HealthStatus struct {
 	// instance.
 	ForwardingRuleIp string `json:"forwardingRuleIp,omitempty"`
 
-	// HealthState: Health state of the instance.
+	// HealthState: Health state of the IPv4 address of the instance.
 	//
 	// Possible values:
 	//   "HEALTHY"
@@ -15277,10 +15852,10 @@ type HealthStatusForNetworkEndpoint struct {
 	// the health checks configured.
 	//
 	// Possible values:
-	//   "DRAINING"
-	//   "HEALTHY"
-	//   "UNHEALTHY"
-	//   "UNKNOWN"
+	//   "DRAINING" - Endpoint is being drained.
+	//   "HEALTHY" - Endpoint is healthy.
+	//   "UNHEALTHY" - Endpoint is unhealthy.
+	//   "UNKNOWN" - Health status of the endpoint is unknown.
 	HealthState string `json:"healthState,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g. "BackendService") to
@@ -15776,6 +16351,7 @@ type HttpHealthCheck struct {
 
 	// RequestPath: The request path of the HTTP health check request. The
 	// default value is /. This field does not support query parameters.
+	// Must comply with RFC3986.
 	RequestPath string `json:"requestPath,omitempty"`
 
 	// SelfLink: [Output Only] Server-defined URL for the resource.
@@ -15901,6 +16477,9 @@ type HttpHealthCheckListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -16432,6 +17011,15 @@ type HttpRouteRuleMatch struct {
 	// validateForProxyless field set to true.
 	MetadataFilters []*MetadataFilter `json:"metadataFilters,omitempty"`
 
+	// PathTemplateMatch: If specified, the route is a pattern match
+	// expression that must match the :path header once the query string is
+	// removed. A pattern match allows you to match - The value must be
+	// between 1 and 1024 characters - The pattern must start with a leading
+	// slash ("/") - There may be no more than 5 operators in pattern
+	// Precisely one of prefix_match, full_path_match, regex_match or
+	// path_template_match must be set.
+	PathTemplateMatch string `json:"pathTemplateMatch,omitempty"`
+
 	// PrefixMatch: For satisfying the matchRule condition, the request's
 	// path must begin with the specified prefixMatch. prefixMatch must
 	// begin with a /. The value must be from 1 to 1024 characters. Only one
@@ -16526,7 +17114,7 @@ type HttpsHealthCheck struct {
 	Port int64 `json:"port,omitempty"`
 
 	// RequestPath: The request path of the HTTPS health check request. The
-	// default value is "/".
+	// default value is "/". Must comply with RFC3986.
 	RequestPath string `json:"requestPath,omitempty"`
 
 	// SelfLink: [Output Only] Server-defined URL for the resource.
@@ -16652,6 +17240,9 @@ type HttpsHealthCheckListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -17138,6 +17729,9 @@ type ImageListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -17345,6 +17939,15 @@ type Instance struct {
 	// identifier is defined by the server.
 	Id uint64 `json:"id,omitempty,string"`
 
+	// InstanceEncryptionKey: Encrypts suspended data for an instance with a
+	// customer-managed encryption key. If you are creating a new instance,
+	// this field will encrypt the local SSD and in-memory contents of the
+	// instance during the suspend operation. If you do not provide an
+	// encryption key when creating the instance, then the local SSD and
+	// in-memory contents will be encrypted using an automatically generated
+	// key during the suspend operation.
+	InstanceEncryptionKey *CustomerEncryptionKey `json:"instanceEncryptionKey,omitempty"`
+
 	// KeyRevocationActionType: KeyRevocationActionType of the instance.
 	// Supported options are "STOP" and "NONE". The default value is "NONE"
 	// if it is not specified.
@@ -17502,9 +18105,9 @@ type Instance struct {
 	// cycle.
 	//
 	// Possible values:
-	//   "DEPROVISIONING" - The Nanny is halted and we are performing tear
-	// down tasks like network deprogramming, releasing quota, IP, tearing
-	// down disks etc.
+	//   "DEPROVISIONING" - The instance is halted and we are performing
+	// tear down tasks like network deprogramming, releasing quota, IP,
+	// tearing down disks etc.
 	//   "PROVISIONING" - Resources are being allocated for the instance.
 	//   "REPAIRING" - The instance is in repair.
 	//   "RUNNING" - The instance is running.
@@ -17650,6 +18253,9 @@ type InstanceAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -18013,6 +18619,9 @@ type InstanceGroupAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -18203,6 +18812,9 @@ type InstanceGroupListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -18358,6 +18970,10 @@ type InstanceGroupManager struct {
 	// InstanceGroup: [Output Only] The URL of the Instance Group resource.
 	InstanceGroup string `json:"instanceGroup,omitempty"`
 
+	// InstanceLifecyclePolicy: The repair policy for this managed instance
+	// group.
+	InstanceLifecyclePolicy *InstanceGroupManagerInstanceLifecyclePolicy `json:"instanceLifecyclePolicy,omitempty"`
+
 	// InstanceTemplate: The URL of the instance template that is specified
 	// for this managed instance group. The group uses this template to
 	// create all new instances in the managed instance group. The templates
@@ -18646,6 +19262,9 @@ type InstanceGroupManagerAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -18757,13 +19376,14 @@ type InstanceGroupManagerAutoHealingPolicy struct {
 	// HealthCheck: The URL for the health check that signals autohealing.
 	HealthCheck string `json:"healthCheck,omitempty"`
 
-	// InitialDelaySec: The number of seconds that the managed instance
-	// group waits before it applies autohealing policies to new instances
-	// or recently recreated instances. This initial delay allows instances
-	// to initialize and run their startup scripts before the instance group
-	// determines that they are UNHEALTHY. This prevents the managed
-	// instance group from recreating its instances prematurely. This value
-	// must be from range [0, 3600].
+	// InitialDelaySec: The initial delay is the number of seconds that a
+	// new VM takes to initialize and run its startup script. During a VM's
+	// initial delay period, the MIG ignores unsuccessful health checks
+	// because the VM might be in the startup process. This prevents the MIG
+	// from prematurely recreating a VM. If the health check receives a
+	// healthy response during the initial delay, it indicates that the
+	// startup process is complete and the VM is ready. The value of initial
+	// delay must be between 0 and 3600 seconds. The default value is 0.
 	InitialDelaySec int64 `json:"initialDelaySec,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g. "HealthCheck") to
@@ -18789,6 +19409,43 @@ func (s *InstanceGroupManagerAutoHealingPolicy) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+type InstanceGroupManagerInstanceLifecyclePolicy struct {
+	// ForceUpdateOnRepair: A bit indicating whether to forcefully apply the
+	// group's latest configuration when repairing a VM. Valid options are:
+	// - NO (default): If configuration updates are available, they are not
+	// forcefully applied during repair. Instead, configuration updates are
+	// applied according to the group's update policy. - YES: If
+	// configuration updates are available, they are applied during repair.
+	//
+	// Possible values:
+	//   "NO"
+	//   "YES"
+	ForceUpdateOnRepair string `json:"forceUpdateOnRepair,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "ForceUpdateOnRepair")
+	// to unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "ForceUpdateOnRepair") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *InstanceGroupManagerInstanceLifecyclePolicy) MarshalJSON() ([]byte, error) {
+	type NoMethod InstanceGroupManagerInstanceLifecyclePolicy
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 // InstanceGroupManagerList: [Output Only] A list of managed instance
 // groups.
 type InstanceGroupManagerList struct {
@@ -18874,6 +19531,9 @@ type InstanceGroupManagerListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -19177,29 +19837,27 @@ type InstanceGroupManagerUpdatePolicy struct {
 	//
 	// Possible values:
 	//   "NONE" - Do not perform any action.
-	//   "REFRESH" - Updates applied in runtime, instances will not be
-	// disrupted.
-	//   "REPLACE" - Old instances will be deleted. New instances will be
-	// created from the target template.
-	//   "RESTART" - Every instance will be restarted.
+	//   "REFRESH" - Do not stop the instance.
+	//   "REPLACE" - (Default.) Replace the instance according to the
+	// replacement method option.
+	//   "RESTART" - Stop the instance and start it again.
 	MinimalAction string `json:"minimalAction,omitempty"`
 
 	// MostDisruptiveAllowedAction: Most disruptive action that is allowed
 	// to be taken on an instance. You can specify either NONE to forbid any
-	// actions, REFRESH to allow actions that do not need instance restart,
-	// RESTART to allow actions that can be applied without instance
-	// replacing or REPLACE to allow all possible actions. If the Updater
-	// determines that the minimal update action needed is more disruptive
-	// than most disruptive allowed action you specify it will not perform
-	// the update at all.
+	// actions, REFRESH to avoid restarting the VM and to limit disruption
+	// as much as possible. RESTART to allow actions that can be applied
+	// without instance replacing or REPLACE to allow all possible actions.
+	// If the Updater determines that the minimal update action needed is
+	// more disruptive than most disruptive allowed action you specify it
+	// will not perform the update at all.
 	//
 	// Possible values:
 	//   "NONE" - Do not perform any action.
-	//   "REFRESH" - Updates applied in runtime, instances will not be
-	// disrupted.
-	//   "REPLACE" - Old instances will be deleted. New instances will be
-	// created from the target template.
-	//   "RESTART" - Every instance will be restarted.
+	//   "REFRESH" - Do not stop the instance.
+	//   "REPLACE" - (Default.) Replace the instance according to the
+	// replacement method option.
+	//   "RESTART" - Stop the instance and start it again.
 	MostDisruptiveAllowedAction string `json:"mostDisruptiveAllowedAction,omitempty"`
 
 	// ReplacementMethod: What action should be used to replace instances.
@@ -19212,20 +19870,16 @@ type InstanceGroupManagerUpdatePolicy struct {
 	ReplacementMethod string `json:"replacementMethod,omitempty"`
 
 	// Type: The type of update process. You can specify either PROACTIVE so
-	// that the instance group manager proactively executes actions in order
-	// to bring instances to their target versions or OPPORTUNISTIC so that
-	// no action is proactively executed but the update will be performed as
-	// part of other actions (for example, resizes or recreateInstances
-	// calls).
+	// that the MIG automatically updates VMs to the latest configurations
+	// or OPPORTUNISTIC so that you can select the VMs that you want to
+	// update.
 	//
 	// Possible values:
-	//   "OPPORTUNISTIC" - No action is being proactively performed in order
-	// to bring this IGM to its target version distribution (regardless of
-	// whether this distribution is expressed using instanceTemplate or
-	// versions field).
-	//   "PROACTIVE" - This IGM will actively converge to its target version
-	// distribution (regardless of whether this distribution is expressed
-	// using instanceTemplate or versions field).
+	//   "OPPORTUNISTIC" - MIG will apply new configurations to existing VMs
+	// only when you selectively target specific or all VMs to be updated.
+	//   "PROACTIVE" - MIG will automatically apply new configurations to
+	// all or a subset of existing VMs and also to new VMs that are added to
+	// the group.
 	Type string `json:"type,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g.
@@ -19348,35 +20002,35 @@ type InstanceGroupManagersApplyUpdatesRequest struct {
 	// MinimalAction: The minimal action that you want to perform on each
 	// instance during the update: - REPLACE: At minimum, delete the
 	// instance and create it again. - RESTART: Stop the instance and start
-	// it again. - REFRESH: Do not stop the instance. - NONE: Do not disrupt
-	// the instance at all. By default, the minimum action is NONE. If your
-	// update requires a more disruptive action than you set with this flag,
-	// the necessary action is performed to execute the update.
+	// it again. - REFRESH: Do not stop the instance and limit disruption as
+	// much as possible. - NONE: Do not disrupt the instance at all. By
+	// default, the minimum action is NONE. If your update requires a more
+	// disruptive action than you set with this flag, the necessary action
+	// is performed to execute the update.
 	//
 	// Possible values:
 	//   "NONE" - Do not perform any action.
-	//   "REFRESH" - Updates applied in runtime, instances will not be
-	// disrupted.
-	//   "REPLACE" - Old instances will be deleted. New instances will be
-	// created from the target template.
-	//   "RESTART" - Every instance will be restarted.
+	//   "REFRESH" - Do not stop the instance.
+	//   "REPLACE" - (Default.) Replace the instance according to the
+	// replacement method option.
+	//   "RESTART" - Stop the instance and start it again.
 	MinimalAction string `json:"minimalAction,omitempty"`
 
 	// MostDisruptiveAllowedAction: The most disruptive action that you want
 	// to perform on each instance during the update: - REPLACE: Delete the
 	// instance and create it again. - RESTART: Stop the instance and start
-	// it again. - REFRESH: Do not stop the instance. - NONE: Do not disrupt
-	// the instance at all. By default, the most disruptive allowed action
-	// is REPLACE. If your update requires a more disruptive action than you
-	// set with this flag, the update request will fail.
+	// it again. - REFRESH: Do not stop the instance and limit disruption as
+	// much as possible. - NONE: Do not disrupt the instance at all. By
+	// default, the most disruptive allowed action is REPLACE. If your
+	// update requires a more disruptive action than you set with this flag,
+	// the update request will fail.
 	//
 	// Possible values:
 	//   "NONE" - Do not perform any action.
-	//   "REFRESH" - Updates applied in runtime, instances will not be
-	// disrupted.
-	//   "REPLACE" - Old instances will be deleted. New instances will be
-	// created from the target template.
-	//   "RESTART" - Every instance will be restarted.
+	//   "REFRESH" - Do not stop the instance.
+	//   "REPLACE" - (Default.) Replace the instance according to the
+	// replacement method option.
+	//   "RESTART" - Stop the instance and start it again.
 	MostDisruptiveAllowedAction string `json:"mostDisruptiveAllowedAction,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g. "AllInstances") to
@@ -19434,7 +20088,9 @@ func (s *InstanceGroupManagersCreateInstancesRequest) MarshalJSON() ([]byte, err
 type InstanceGroupManagersDeleteInstancesRequest struct {
 	// Instances: The URLs of one or more instances to delete. This can be a
 	// full URL or a partial URL, such as
-	// zones/[ZONE]/instances/[INSTANCE_NAME].
+	// zones/[ZONE]/instances/[INSTANCE_NAME]. Queued instances do not have
+	// URL and can be deleted only by name. One cannot specify both URLs and
+	// names in a single request.
 	Instances []string `json:"instances,omitempty"`
 
 	// SkipInstancesOnValidationError: Specifies whether the request should
@@ -19652,6 +20308,9 @@ type InstanceGroupManagersListPerInstanceConfigsRespWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -19883,6 +20542,9 @@ type InstanceGroupManagersScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -20203,6 +20865,9 @@ type InstanceGroupsListInstancesWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -20436,6 +21101,9 @@ type InstanceGroupsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -20662,6 +21330,9 @@ type InstanceListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -20852,6 +21523,9 @@ type InstanceListReferrersWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -21514,6 +22188,9 @@ type InstanceTemplateAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -21704,6 +22381,9 @@ type InstanceTemplateListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -21874,6 +22554,9 @@ type InstanceTemplatesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -21992,9 +22675,9 @@ type InstanceWithNamedPorts struct {
 	// Status: [Output Only] The status of the instance.
 	//
 	// Possible values:
-	//   "DEPROVISIONING" - The Nanny is halted and we are performing tear
-	// down tasks like network deprogramming, releasing quota, IP, tearing
-	// down disks etc.
+	//   "DEPROVISIONING" - The instance is halted and we are performing
+	// tear down tasks like network deprogramming, releasing quota, IP,
+	// tearing down disks etc.
 	//   "PROVISIONING" - Resources are being allocated for the instance.
 	//   "REPAIRING" - The instance is in repair.
 	//   "RUNNING" - The instance is running.
@@ -22230,6 +22913,9 @@ type InstancesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -22586,9 +23272,9 @@ func (s *Int64RangeMatch) MarshalJSON() ([]byte, error) {
 }
 
 // Interconnect: Represents an Interconnect resource. An Interconnect
-// resource is a dedicated connection between the GCP network and your
-// on-premises network. For more information, read the Dedicated
-// Interconnect Overview.
+// resource is a dedicated connection between the Google Cloud network
+// and your on-premises network. For more information, read the
+// Dedicated Interconnect Overview.
 type Interconnect struct {
 	// AdminEnabled: Administrative status of the interconnect. When this is
 	// set to true, the Interconnect is functional and can carry traffic.
@@ -22653,6 +23339,21 @@ type Interconnect struct {
 	// for interconnects.
 	Kind string `json:"kind,omitempty"`
 
+	// LabelFingerprint: A fingerprint for the labels being applied to this
+	// Interconnect, which is essentially a hash of the labels set used for
+	// optimistic locking. The fingerprint is initially generated by Compute
+	// Engine and changes after every request to modify or update labels.
+	// You must always provide an up-to-date fingerprint hash in order to
+	// update or change labels, otherwise the request will fail with error
+	// 412 conditionNotMet. To see the latest fingerprint, make a get()
+	// request to retrieve an Interconnect.
+	LabelFingerprint string `json:"labelFingerprint,omitempty"`
+
+	// Labels: Labels for this resource. These can only be added or modified
+	// by the setLabels method. Each label key/value pair must comply with
+	// RFC1035. Label values may be empty.
+	Labels map[string]string `json:"labels,omitempty"`
+
 	// LinkType: Type of link requested, which can take one of the following
 	// values: - LINK_TYPE_ETHERNET_10G_LR: A 10G Ethernet with LR optics -
 	// LINK_TYPE_ETHERNET_100G_LR: A 100G Ethernet with LR optics. Note that
@@ -22713,13 +23414,16 @@ type Interconnect struct {
 	// provisioned in this interconnect.
 	ProvisionedLinkCount int64 `json:"provisionedLinkCount,omitempty"`
 
+	// RemoteLocation: Indicates that this is a Cross-Cloud Interconnect.
+	// This field specifies the location outside of Google's network that
+	// the interconnect is connected to.
+	RemoteLocation string `json:"remoteLocation,omitempty"`
+
 	// RequestedLinkCount: Target number of physical links in the link
 	// bundle, as requested by the customer.
 	RequestedLinkCount int64 `json:"requestedLinkCount,omitempty"`
 
-	// SatisfiesPzs: [Output Only] Set to true if the resource satisfies the
-	// zone separation organization policy constraints and false otherwise.
-	// Defaults to false if the field is not present.
+	// SatisfiesPzs: [Output Only] Reserved for future use.
 	SatisfiesPzs bool `json:"satisfiesPzs,omitempty"`
 
 	// SelfLink: [Output Only] Server-defined URL for the resource.
@@ -22830,6 +23534,11 @@ type InterconnectAttachment struct {
 	// CloudRouterIpv6InterfaceId: This field is not available.
 	CloudRouterIpv6InterfaceId string `json:"cloudRouterIpv6InterfaceId,omitempty"`
 
+	// ConfigurationConstraints: [Output Only] Constraints for this
+	// attachment, if any. The attachment does not work if these constraints
+	// are not met.
+	ConfigurationConstraints *InterconnectAttachmentConfigurationConstraints `json:"configurationConstraints,omitempty"`
+
 	// CreationTimestamp: [Output Only] Creation timestamp in RFC3339 text
 	// format.
 	CreationTimestamp string `json:"creationTimestamp,omitempty"`
@@ -22922,14 +23631,28 @@ type InterconnectAttachment struct {
 	// attachment. If this field is not specified when creating the VLAN
 	// attachment, then later on when creating an HA VPN gateway on this
 	// VLAN attachment, the HA VPN gateway's IP address is allocated from
-	// the regional external IP address pool. Not currently available
-	// publicly.
+	// the regional external IP address pool.
 	IpsecInternalAddresses []string `json:"ipsecInternalAddresses,omitempty"`
 
 	// Kind: [Output Only] Type of the resource. Always
 	// compute#interconnectAttachment for interconnect attachments.
 	Kind string `json:"kind,omitempty"`
 
+	// LabelFingerprint: A fingerprint for the labels being applied to this
+	// InterconnectAttachment, which is essentially a hash of the labels set
+	// used for optimistic locking. The fingerprint is initially generated
+	// by Compute Engine and changes after every request to modify or update
+	// labels. You must always provide an up-to-date fingerprint hash in
+	// order to update or change labels, otherwise the request will fail
+	// with error 412 conditionNotMet. To see the latest fingerprint, make a
+	// get() request to retrieve an InterconnectAttachment.
+	LabelFingerprint string `json:"labelFingerprint,omitempty"`
+
+	// Labels: Labels for this resource. These can only be added or modified
+	// by the setLabels method. Each label key/value pair must comply with
+	// RFC1035. Label values may be empty.
+	Labels map[string]string `json:"labels,omitempty"`
+
 	// Mtu: Maximum Transmission Unit (MTU), in bytes, of packets passing
 	// through this interconnect attachment. Only 1440 and 1500 are allowed.
 	// If not specified, the value will default to 1440.
@@ -22985,15 +23708,21 @@ type InterconnectAttachment struct {
 	// body.
 	Region string `json:"region,omitempty"`
 
+	// RemoteService: [Output Only] If the attachment is on a Cross-Cloud
+	// Interconnect connection, this field contains the interconnect's
+	// remote location service provider. Example values: "Amazon Web
+	// Services" "Microsoft Azure". The field is set only for attachments on
+	// Cross-Cloud Interconnect connections. Its value is copied from the
+	// InterconnectRemoteLocation remoteService field.
+	RemoteService string `json:"remoteService,omitempty"`
+
 	// Router: URL of the Cloud Router to be used for dynamic routing. This
 	// router must be in the same region as this InterconnectAttachment. The
 	// InterconnectAttachment will automatically connect the Interconnect to
 	// the network & region within which the Cloud Router is configured.
 	Router string `json:"router,omitempty"`
 
-	// SatisfiesPzs: [Output Only] Set to true if the resource satisfies the
-	// zone separation organization policy constraints and false otherwise.
-	// Defaults to false if the field is not present.
+	// SatisfiesPzs: [Output Only] Reserved for future use.
 	SatisfiesPzs bool `json:"satisfiesPzs,omitempty"`
 
 	// SelfLink: [Output Only] Server-defined URL for the resource.
@@ -23050,6 +23779,16 @@ type InterconnectAttachment struct {
 	// yet, because turnup is not complete.
 	State string `json:"state,omitempty"`
 
+	// SubnetLength: Length of the IPv4 subnet mask. Allowed values: - 29
+	// (default) - 30 The default value is 29, except for Cross-Cloud
+	// Interconnect connections that use an InterconnectRemoteLocation with
+	// a constraints.subnetLengthRange.min equal to 30. For example,
+	// connections that use an Azure remote location fall into this
+	// category. In these cases, the default value is 30, and requesting 29
+	// returns an error. Where both 29 and 30 are allowed, 29 is preferred,
+	// because it gives Google Cloud Support more debugging visibility.
+	SubnetLength int64 `json:"subnetLength,omitempty"`
+
 	// Type: The type of interconnect attachment this is, which can take one
 	// of the following values: - DEDICATED: an attachment to a Dedicated
 	// Interconnect. - PARTNER: an attachment to a Partner Interconnect,
@@ -23181,6 +23920,9 @@ type InterconnectAttachmentAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -23288,139 +24030,37 @@ func (s *InterconnectAttachmentAggregatedListWarningData) MarshalJSON() ([]byte,
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// InterconnectAttachmentList: Response to the list request, and
-// contains a list of interconnect attachments.
-type InterconnectAttachmentList struct {
-	// Id: [Output Only] Unique identifier for the resource; defined by the
-	// server.
-	Id string `json:"id,omitempty"`
-
-	// Items: A list of InterconnectAttachment resources.
-	Items []*InterconnectAttachment `json:"items,omitempty"`
-
-	// Kind: [Output Only] Type of resource. Always
-	// compute#interconnectAttachmentList for lists of interconnect
-	// attachments.
-	Kind string `json:"kind,omitempty"`
-
-	// NextPageToken: [Output Only] This token allows you to get the next
-	// page of results for list requests. If the number of results is larger
-	// than maxResults, use the nextPageToken as a value for the query
-	// parameter pageToken in the next list request. Subsequent list
-	// requests will have their own nextPageToken to continue paging through
-	// the results.
-	NextPageToken string `json:"nextPageToken,omitempty"`
-
-	// SelfLink: [Output Only] Server-defined URL for this resource.
-	SelfLink string `json:"selfLink,omitempty"`
-
-	// Warning: [Output Only] Informational warning message.
-	Warning *InterconnectAttachmentListWarning `json:"warning,omitempty"`
-
-	// ServerResponse contains the HTTP response code and headers from the
-	// server.
-	googleapi.ServerResponse `json:"-"`
-
-	// ForceSendFields is a list of field names (e.g. "Id") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Id") to include in API
-	// requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *InterconnectAttachmentList) MarshalJSON() ([]byte, error) {
-	type NoMethod InterconnectAttachmentList
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-// InterconnectAttachmentListWarning: [Output Only] Informational
-// warning message.
-type InterconnectAttachmentListWarning struct {
-	// Code: [Output Only] A warning code, if applicable. For example,
-	// Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in
-	// the response.
+type InterconnectAttachmentConfigurationConstraints struct {
+	// BgpMd5: [Output Only] Whether the attachment's BGP session
+	// requires/allows/disallows BGP MD5 authentication. This can take one
+	// of the following values: MD5_OPTIONAL, MD5_REQUIRED, MD5_UNSUPPORTED.
+	// For example, a Cross-Cloud Interconnect connection to a remote cloud
+	// provider that requires BGP MD5 authentication has the
+	// interconnectRemoteLocation
+	// attachment_configuration_constraints.bgp_md5 field set to
+	// MD5_REQUIRED, and that property is propagated to the attachment.
+	// Similarly, if BGP MD5 is MD5_UNSUPPORTED, an error is returned if MD5
+	// is requested.
 	//
 	// Possible values:
-	//   "CLEANUP_FAILED" - Warning about failed cleanup of transient
-	// changes made by a failed operation.
-	//   "DEPRECATED_RESOURCE_USED" - A link to a deprecated resource was
-	// created.
-	//   "DEPRECATED_TYPE_USED" - When deploying and at least one of the
-	// resources has a type marked as deprecated
-	//   "DISK_SIZE_LARGER_THAN_IMAGE_SIZE" - The user created a boot disk
-	// that is larger than image size.
-	//   "EXPERIMENTAL_TYPE_USED" - When deploying and at least one of the
-	// resources has a type marked as experimental
-	//   "EXTERNAL_API_WARNING" - Warning that is present in an external api
-	// call
-	//   "FIELD_VALUE_OVERRIDEN" - Warning that value of a field has been
-	// overridden. Deprecated unused field.
-	//   "INJECTED_KERNELS_DEPRECATED" - The operation involved use of an
-	// injected kernel, which is deprecated.
-	//   "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB" - A WEIGHTED_MAGLEV
-	// backend service is associated with a health check that is not of type
-	// HTTP/HTTPS/HTTP2.
-	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
-	// exceedingly large number of resources
-	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
-	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
-	// not assigned to an instance on the network.
-	//   "NEXT_HOP_CANNOT_IP_FORWARD" - The route's next hop instance cannot
-	// ip forward.
-	//   "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE" - The route's
-	// nextHopInstance URL refers to an instance that does not have an ipv6
-	// interface on the same network as the route.
-	//   "NEXT_HOP_INSTANCE_NOT_FOUND" - The route's nextHopInstance URL
-	// refers to an instance that does not exist.
-	//   "NEXT_HOP_INSTANCE_NOT_ON_NETWORK" - The route's nextHopInstance
-	// URL refers to an instance that is not on the same network as the
-	// route.
-	//   "NEXT_HOP_NOT_RUNNING" - The route's next hop instance does not
-	// have a status of RUNNING.
-	//   "NOT_CRITICAL_ERROR" - Error which is not critical. We decided to
-	// continue the process despite the mentioned error.
-	//   "NO_RESULTS_ON_PAGE" - No results are present on a particular list
-	// page.
-	//   "PARTIAL_SUCCESS" - Success is reported, but some results may be
-	// missing due to errors
-	//   "REQUIRED_TOS_AGREEMENT" - The user attempted to use a resource
-	// that requires a TOS they have not accepted.
-	//   "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING" - Warning that a
-	// resource is in use.
-	//   "RESOURCE_NOT_DELETED" - One or more of the resources set to
-	// auto-delete could not be deleted because they were in use.
-	//   "SCHEMA_VALIDATION_IGNORED" - When a resource schema validation is
-	// ignored.
-	//   "SINGLE_INSTANCE_PROPERTY_TEMPLATE" - Instance template used in
-	// instance group manager is valid as such, but its application does not
-	// make a lot of sense, because it allows only single instance in
-	// instance group.
-	//   "UNDECLARED_PROPERTIES" - When undeclared properties in the schema
-	// are present
-	//   "UNREACHABLE" - A given scope cannot be reached.
-	Code string `json:"code,omitempty"`
-
-	// Data: [Output Only] Metadata about this warning in key: value format.
-	// For example: "data": [ { "key": "scope", "value": "zones/us-east1-d"
-	// }
-	Data []*InterconnectAttachmentListWarningData `json:"data,omitempty"`
+	//   "MD5_OPTIONAL" - MD5_OPTIONAL: BGP MD5 authentication is supported
+	// and can optionally be configured.
+	//   "MD5_REQUIRED" - MD5_REQUIRED: BGP MD5 authentication must be
+	// configured.
+	//   "MD5_UNSUPPORTED" - MD5_UNSUPPORTED: BGP MD5 authentication must
+	// not be configured
+	BgpMd5 string `json:"bgpMd5,omitempty"`
 
-	// Message: [Output Only] A human-readable description of the warning
-	// code.
-	Message string `json:"message,omitempty"`
+	// BgpPeerAsnRanges: [Output Only] List of ASN ranges that the remote
+	// location is known to support. Formatted as an array of inclusive
+	// ranges {min: min-value, max: max-value}. For example, [{min: 123,
+	// max: 123}, {min: 64512, max: 65534}] allows the peer ASN to be 123 or
+	// anything in the range 64512-65534. This field is only advisory.
+	// Although the API accepts other ranges, these are the ranges that we
+	// recommend.
+	BgpPeerAsnRanges []*InterconnectAttachmentConfigurationConstraintsBgpPeerASNRange `json:"bgpPeerAsnRanges,omitempty"`
 
-	// ForceSendFields is a list of field names (e.g. "Code") to
+	// ForceSendFields is a list of field names (e.g. "BgpMd5") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
 	// non-pointer, non-interface field appearing in ForceSendFields will be
@@ -23428,7 +24068,7 @@ type InterconnectAttachmentListWarning struct {
 	// This may be used to include empty fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "Code") to include in API
+	// NullFields is a list of field names (e.g. "BgpMd5") to include in API
 	// requests with the JSON null value. By default, fields with empty
 	// values are omitted from API requests. However, any field with an
 	// empty value appearing in NullFields will be sent to the server as
@@ -23437,27 +24077,18 @@ type InterconnectAttachmentListWarning struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *InterconnectAttachmentListWarning) MarshalJSON() ([]byte, error) {
-	type NoMethod InterconnectAttachmentListWarning
+func (s *InterconnectAttachmentConfigurationConstraints) MarshalJSON() ([]byte, error) {
+	type NoMethod InterconnectAttachmentConfigurationConstraints
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-type InterconnectAttachmentListWarningData struct {
-	// Key: [Output Only] A key that provides more detail on the warning
-	// being returned. For example, for warnings where there are no results
-	// in a list request for a particular zone, this key might be scope and
-	// the key value might be the zone name. Other examples might be a key
-	// indicating a deprecated resource and a suggested replacement, or a
-	// warning about invalid network settings (for example, if an instance
-	// attempts to perform IP forwarding but is not enabled for IP
-	// forwarding).
-	Key string `json:"key,omitempty"`
+type InterconnectAttachmentConfigurationConstraintsBgpPeerASNRange struct {
+	Max int64 `json:"max,omitempty"`
 
-	// Value: [Output Only] A warning data value corresponding to the key.
-	Value string `json:"value,omitempty"`
+	Min int64 `json:"min,omitempty"`
 
-	// ForceSendFields is a list of field names (e.g. "Key") to
+	// ForceSendFields is a list of field names (e.g. "Max") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
 	// non-pointer, non-interface field appearing in ForceSendFields will be
@@ -23465,7 +24096,7 @@ type InterconnectAttachmentListWarningData struct {
 	// This may be used to include empty fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "Key") to include in API
+	// NullFields is a list of field names (e.g. "Max") to include in API
 	// requests with the JSON null value. By default, fields with empty
 	// values are omitted from API requests. However, any field with an
 	// empty value appearing in NullFields will be sent to the server as
@@ -23474,67 +24105,46 @@ type InterconnectAttachmentListWarningData struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *InterconnectAttachmentListWarningData) MarshalJSON() ([]byte, error) {
-	type NoMethod InterconnectAttachmentListWarningData
+func (s *InterconnectAttachmentConfigurationConstraintsBgpPeerASNRange) MarshalJSON() ([]byte, error) {
+	type NoMethod InterconnectAttachmentConfigurationConstraintsBgpPeerASNRange
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// InterconnectAttachmentPartnerMetadata: Informational metadata about
-// Partner attachments from Partners to display to customers. These
-// fields are propagated from PARTNER_PROVIDER attachments to their
-// corresponding PARTNER attachments.
-type InterconnectAttachmentPartnerMetadata struct {
-	// InterconnectName: Plain text name of the Interconnect this attachment
-	// is connected to, as displayed in the Partner's portal. For instance
-	// "Chicago 1". This value may be validated to match approved Partner
-	// values.
-	InterconnectName string `json:"interconnectName,omitempty"`
+// InterconnectAttachmentList: Response to the list request, and
+// contains a list of interconnect attachments.
+type InterconnectAttachmentList struct {
+	// Id: [Output Only] Unique identifier for the resource; defined by the
+	// server.
+	Id string `json:"id,omitempty"`
 
-	// PartnerName: Plain text name of the Partner providing this
-	// attachment. This value may be validated to match approved Partner
-	// values.
-	PartnerName string `json:"partnerName,omitempty"`
+	// Items: A list of InterconnectAttachment resources.
+	Items []*InterconnectAttachment `json:"items,omitempty"`
 
-	// PortalUrl: URL of the Partner's portal for this Attachment. Partners
-	// may customise this to be a deep link to the specific resource on the
-	// Partner portal. This value may be validated to match approved Partner
-	// values.
-	PortalUrl string `json:"portalUrl,omitempty"`
+	// Kind: [Output Only] Type of resource. Always
+	// compute#interconnectAttachmentList for lists of interconnect
+	// attachments.
+	Kind string `json:"kind,omitempty"`
 
-	// ForceSendFields is a list of field names (e.g. "InterconnectName") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
+	// NextPageToken: [Output Only] This token allows you to get the next
+	// page of results for list requests. If the number of results is larger
+	// than maxResults, use the nextPageToken as a value for the query
+	// parameter pageToken in the next list request. Subsequent list
+	// requests will have their own nextPageToken to continue paging through
+	// the results.
+	NextPageToken string `json:"nextPageToken,omitempty"`
 
-	// NullFields is a list of field names (e.g. "InterconnectName") to
-	// include in API requests with the JSON null value. By default, fields
-	// with empty values are omitted from API requests. However, any field
-	// with an empty value appearing in NullFields will be sent to the
-	// server as null. It is an error if a field in this list has a
-	// non-empty value. This may be used to include null fields in Patch
-	// requests.
-	NullFields []string `json:"-"`
-}
+	// SelfLink: [Output Only] Server-defined URL for this resource.
+	SelfLink string `json:"selfLink,omitempty"`
 
-func (s *InterconnectAttachmentPartnerMetadata) MarshalJSON() ([]byte, error) {
-	type NoMethod InterconnectAttachmentPartnerMetadata
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
+	// Warning: [Output Only] Informational warning message.
+	Warning *InterconnectAttachmentListWarning `json:"warning,omitempty"`
 
-// InterconnectAttachmentPrivateInfo: Information for an interconnect
-// attachment when this belongs to an interconnect of type DEDICATED.
-type InterconnectAttachmentPrivateInfo struct {
-	// Tag8021q: [Output Only] 802.1q encapsulation tag to be used for
-	// traffic between Google and the customer, going to and from this
-	// network and region.
-	Tag8021q int64 `json:"tag8021q,omitempty"`
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
 
-	// ForceSendFields is a list of field names (e.g. "Tag8021q") to
+	// ForceSendFields is a list of field names (e.g. "Id") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
 	// non-pointer, non-interface field appearing in ForceSendFields will be
@@ -23542,8 +24152,8 @@ type InterconnectAttachmentPrivateInfo struct {
 	// This may be used to include empty fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "Tag8021q") to include in
-	// API requests with the JSON null value. By default, fields with empty
+	// NullFields is a list of field names (e.g. "Id") to include in API
+	// requests with the JSON null value. By default, fields with empty
 	// values are omitted from API requests. However, any field with an
 	// empty value appearing in NullFields will be sent to the server as
 	// null. It is an error if a field in this list has a non-empty value.
@@ -23551,49 +24161,15 @@ type InterconnectAttachmentPrivateInfo struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *InterconnectAttachmentPrivateInfo) MarshalJSON() ([]byte, error) {
-	type NoMethod InterconnectAttachmentPrivateInfo
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-type InterconnectAttachmentsScopedList struct {
-	// InterconnectAttachments: A list of interconnect attachments contained
-	// in this scope.
-	InterconnectAttachments []*InterconnectAttachment `json:"interconnectAttachments,omitempty"`
-
-	// Warning: Informational warning which replaces the list of addresses
-	// when the list is empty.
-	Warning *InterconnectAttachmentsScopedListWarning `json:"warning,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g.
-	// "InterconnectAttachments") to unconditionally include in API
-	// requests. By default, fields with empty or default values are omitted
-	// from API requests. However, any non-pointer, non-interface field
-	// appearing in ForceSendFields will be sent to the server regardless of
-	// whether the field is empty or not. This may be used to include empty
-	// fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "InterconnectAttachments")
-	// to include in API requests with the JSON null value. By default,
-	// fields with empty values are omitted from API requests. However, any
-	// field with an empty value appearing in NullFields will be sent to the
-	// server as null. It is an error if a field in this list has a
-	// non-empty value. This may be used to include null fields in Patch
-	// requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *InterconnectAttachmentsScopedList) MarshalJSON() ([]byte, error) {
-	type NoMethod InterconnectAttachmentsScopedList
+func (s *InterconnectAttachmentList) MarshalJSON() ([]byte, error) {
+	type NoMethod InterconnectAttachmentList
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// InterconnectAttachmentsScopedListWarning: Informational warning which
-// replaces the list of addresses when the list is empty.
-type InterconnectAttachmentsScopedListWarning struct {
+// InterconnectAttachmentListWarning: [Output Only] Informational
+// warning message.
+type InterconnectAttachmentListWarning struct {
 	// Code: [Output Only] A warning code, if applicable. For example,
 	// Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in
 	// the response.
@@ -23620,6 +24196,259 @@ type InterconnectAttachmentsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
+	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
+	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
+	// not assigned to an instance on the network.
+	//   "NEXT_HOP_CANNOT_IP_FORWARD" - The route's next hop instance cannot
+	// ip forward.
+	//   "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE" - The route's
+	// nextHopInstance URL refers to an instance that does not have an ipv6
+	// interface on the same network as the route.
+	//   "NEXT_HOP_INSTANCE_NOT_FOUND" - The route's nextHopInstance URL
+	// refers to an instance that does not exist.
+	//   "NEXT_HOP_INSTANCE_NOT_ON_NETWORK" - The route's nextHopInstance
+	// URL refers to an instance that is not on the same network as the
+	// route.
+	//   "NEXT_HOP_NOT_RUNNING" - The route's next hop instance does not
+	// have a status of RUNNING.
+	//   "NOT_CRITICAL_ERROR" - Error which is not critical. We decided to
+	// continue the process despite the mentioned error.
+	//   "NO_RESULTS_ON_PAGE" - No results are present on a particular list
+	// page.
+	//   "PARTIAL_SUCCESS" - Success is reported, but some results may be
+	// missing due to errors
+	//   "REQUIRED_TOS_AGREEMENT" - The user attempted to use a resource
+	// that requires a TOS they have not accepted.
+	//   "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING" - Warning that a
+	// resource is in use.
+	//   "RESOURCE_NOT_DELETED" - One or more of the resources set to
+	// auto-delete could not be deleted because they were in use.
+	//   "SCHEMA_VALIDATION_IGNORED" - When a resource schema validation is
+	// ignored.
+	//   "SINGLE_INSTANCE_PROPERTY_TEMPLATE" - Instance template used in
+	// instance group manager is valid as such, but its application does not
+	// make a lot of sense, because it allows only single instance in
+	// instance group.
+	//   "UNDECLARED_PROPERTIES" - When undeclared properties in the schema
+	// are present
+	//   "UNREACHABLE" - A given scope cannot be reached.
+	Code string `json:"code,omitempty"`
+
+	// Data: [Output Only] Metadata about this warning in key: value format.
+	// For example: "data": [ { "key": "scope", "value": "zones/us-east1-d"
+	// }
+	Data []*InterconnectAttachmentListWarningData `json:"data,omitempty"`
+
+	// Message: [Output Only] A human-readable description of the warning
+	// code.
+	Message string `json:"message,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Code") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Code") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *InterconnectAttachmentListWarning) MarshalJSON() ([]byte, error) {
+	type NoMethod InterconnectAttachmentListWarning
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type InterconnectAttachmentListWarningData struct {
+	// Key: [Output Only] A key that provides more detail on the warning
+	// being returned. For example, for warnings where there are no results
+	// in a list request for a particular zone, this key might be scope and
+	// the key value might be the zone name. Other examples might be a key
+	// indicating a deprecated resource and a suggested replacement, or a
+	// warning about invalid network settings (for example, if an instance
+	// attempts to perform IP forwarding but is not enabled for IP
+	// forwarding).
+	Key string `json:"key,omitempty"`
+
+	// Value: [Output Only] A warning data value corresponding to the key.
+	Value string `json:"value,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Key") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Key") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *InterconnectAttachmentListWarningData) MarshalJSON() ([]byte, error) {
+	type NoMethod InterconnectAttachmentListWarningData
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// InterconnectAttachmentPartnerMetadata: Informational metadata about
+// Partner attachments from Partners to display to customers. These
+// fields are propagated from PARTNER_PROVIDER attachments to their
+// corresponding PARTNER attachments.
+type InterconnectAttachmentPartnerMetadata struct {
+	// InterconnectName: Plain text name of the Interconnect this attachment
+	// is connected to, as displayed in the Partner's portal. For instance
+	// "Chicago 1". This value may be validated to match approved Partner
+	// values.
+	InterconnectName string `json:"interconnectName,omitempty"`
+
+	// PartnerName: Plain text name of the Partner providing this
+	// attachment. This value may be validated to match approved Partner
+	// values.
+	PartnerName string `json:"partnerName,omitempty"`
+
+	// PortalUrl: URL of the Partner's portal for this Attachment. Partners
+	// may customise this to be a deep link to the specific resource on the
+	// Partner portal. This value may be validated to match approved Partner
+	// values.
+	PortalUrl string `json:"portalUrl,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "InterconnectName") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "InterconnectName") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *InterconnectAttachmentPartnerMetadata) MarshalJSON() ([]byte, error) {
+	type NoMethod InterconnectAttachmentPartnerMetadata
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// InterconnectAttachmentPrivateInfo: Information for an interconnect
+// attachment when this belongs to an interconnect of type DEDICATED.
+type InterconnectAttachmentPrivateInfo struct {
+	// Tag8021q: [Output Only] 802.1q encapsulation tag to be used for
+	// traffic between Google and the customer, going to and from this
+	// network and region.
+	Tag8021q int64 `json:"tag8021q,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Tag8021q") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Tag8021q") to include in
+	// API requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *InterconnectAttachmentPrivateInfo) MarshalJSON() ([]byte, error) {
+	type NoMethod InterconnectAttachmentPrivateInfo
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type InterconnectAttachmentsScopedList struct {
+	// InterconnectAttachments: A list of interconnect attachments contained
+	// in this scope.
+	InterconnectAttachments []*InterconnectAttachment `json:"interconnectAttachments,omitempty"`
+
+	// Warning: Informational warning which replaces the list of addresses
+	// when the list is empty.
+	Warning *InterconnectAttachmentsScopedListWarning `json:"warning,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g.
+	// "InterconnectAttachments") to unconditionally include in API
+	// requests. By default, fields with empty or default values are omitted
+	// from API requests. However, any non-pointer, non-interface field
+	// appearing in ForceSendFields will be sent to the server regardless of
+	// whether the field is empty or not. This may be used to include empty
+	// fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "InterconnectAttachments")
+	// to include in API requests with the JSON null value. By default,
+	// fields with empty values are omitted from API requests. However, any
+	// field with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *InterconnectAttachmentsScopedList) MarshalJSON() ([]byte, error) {
+	type NoMethod InterconnectAttachmentsScopedList
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// InterconnectAttachmentsScopedListWarning: Informational warning which
+// replaces the list of addresses when the list is empty.
+type InterconnectAttachmentsScopedListWarning struct {
+	// Code: [Output Only] A warning code, if applicable. For example,
+	// Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in
+	// the response.
+	//
+	// Possible values:
+	//   "CLEANUP_FAILED" - Warning about failed cleanup of transient
+	// changes made by a failed operation.
+	//   "DEPRECATED_RESOURCE_USED" - A link to a deprecated resource was
+	// created.
+	//   "DEPRECATED_TYPE_USED" - When deploying and at least one of the
+	// resources has a type marked as deprecated
+	//   "DISK_SIZE_LARGER_THAN_IMAGE_SIZE" - The user created a boot disk
+	// that is larger than image size.
+	//   "EXPERIMENTAL_TYPE_USED" - When deploying and at least one of the
+	// resources has a type marked as experimental
+	//   "EXTERNAL_API_WARNING" - Warning that is present in an external api
+	// call
+	//   "FIELD_VALUE_OVERRIDEN" - Warning that value of a field has been
+	// overridden. Deprecated unused field.
+	//   "INJECTED_KERNELS_DEPRECATED" - The operation involved use of an
+	// injected kernel, which is deprecated.
+	//   "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB" - A WEIGHTED_MAGLEV
+	// backend service is associated with a health check that is not of type
+	// HTTP/HTTPS/HTTP2.
+	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
+	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -23766,9 +24595,9 @@ func (s *InterconnectCircuitInfo) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// InterconnectDiagnostics: Diagnostics information about interconnect,
-// contains detailed and current technical information about Google's
-// side of the connection.
+// InterconnectDiagnostics: Diagnostics information about the
+// Interconnect connection, which contains detailed and current
+// technical information about Google's side of the connection.
 type InterconnectDiagnostics struct {
 	// ArpCaches: A list of InterconnectDiagnostics.ARPEntry objects,
 	// describing individual neighbors currently seen by the Google router
@@ -24111,6 +24940,9 @@ type InterconnectListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -24306,9 +25138,7 @@ type InterconnectLocation struct {
 	// Interconnects.
 	Status string `json:"status,omitempty"`
 
-	// SupportsPzs: [Output Only] Set to true for locations that support
-	// physical zone separation. Defaults to false if the field is not
-	// present.
+	// SupportsPzs: [Output Only] Reserved for future use.
 	SupportsPzs bool `json:"supportsPzs,omitempty"`
 
 	// ServerResponse contains the HTTP response code and headers from the
@@ -24422,6 +25252,9 @@ type InterconnectLocationListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -24678,86 +25511,123 @@ func (s *InterconnectOutageNotification) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// InterconnectsGetDiagnosticsResponse: Response for the
-// InterconnectsGetDiagnosticsRequest.
-type InterconnectsGetDiagnosticsResponse struct {
-	Result *InterconnectDiagnostics `json:"result,omitempty"`
-
-	// ServerResponse contains the HTTP response code and headers from the
-	// server.
-	googleapi.ServerResponse `json:"-"`
+// InterconnectRemoteLocation: Represents a Cross-Cloud Interconnect
+// Remote Location resource. You can use this resource to find remote
+// location details about an Interconnect attachment (VLAN).
+type InterconnectRemoteLocation struct {
+	// Address: [Output Only] The postal address of the Point of Presence,
+	// each line in the address is separated by a newline character.
+	Address string `json:"address,omitempty"`
 
-	// ForceSendFields is a list of field names (e.g. "Result") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
+	// AttachmentConfigurationConstraints: [Output Only] Subset of fields
+	// from InterconnectAttachment's |configurationConstraints| field that
+	// apply to all attachments for this remote location.
+	AttachmentConfigurationConstraints *InterconnectAttachmentConfigurationConstraints `json:"attachmentConfigurationConstraints,omitempty"`
 
-	// NullFields is a list of field names (e.g. "Result") to include in API
-	// requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
+	// City: [Output Only] Metropolitan area designator that indicates which
+	// city an interconnect is located. For example: "Chicago, IL",
+	// "Amsterdam, Netherlands".
+	City string `json:"city,omitempty"`
 
-func (s *InterconnectsGetDiagnosticsResponse) MarshalJSON() ([]byte, error) {
-	type NoMethod InterconnectsGetDiagnosticsResponse
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
+	// Constraints: [Output Only] Constraints on the parameters for creating
+	// Cross-Cloud Interconnect and associated InterconnectAttachments.
+	Constraints *InterconnectRemoteLocationConstraints `json:"constraints,omitempty"`
 
-// License: Represents a License resource. A License represents billing
-// and aggregate usage data for public and marketplace images. *Caution*
-// This resource is intended for use only by third-party partners who
-// are creating Cloud Marketplace images.
-type License struct {
-	// ChargesUseFee: [Output Only] Deprecated. This field no longer
-	// reflects whether a license charges a usage fee.
-	ChargesUseFee bool `json:"chargesUseFee,omitempty"`
+	// Continent: [Output Only] Continent for this location, which can take
+	// one of the following values: - AFRICA - ASIA_PAC - EUROPE -
+	// NORTH_AMERICA - SOUTH_AMERICA
+	//
+	// Possible values:
+	//   "AFRICA"
+	//   "ASIA_PAC"
+	//   "EUROPE"
+	//   "NORTH_AMERICA"
+	//   "SOUTH_AMERICA"
+	Continent string `json:"continent,omitempty"`
 
 	// CreationTimestamp: [Output Only] Creation timestamp in RFC3339 text
 	// format.
 	CreationTimestamp string `json:"creationTimestamp,omitempty"`
 
-	// Description: An optional textual description of the resource;
-	// provided by the client when the resource is created.
+	// Description: [Output Only] An optional description of the resource.
 	Description string `json:"description,omitempty"`
 
+	// FacilityProvider: [Output Only] The name of the provider for this
+	// facility (e.g., EQUINIX).
+	FacilityProvider string `json:"facilityProvider,omitempty"`
+
+	// FacilityProviderFacilityId: [Output Only] A provider-assigned
+	// Identifier for this facility (e.g., Ashburn-DC1).
+	FacilityProviderFacilityId string `json:"facilityProviderFacilityId,omitempty"`
+
 	// Id: [Output Only] The unique identifier for the resource. This
 	// identifier is defined by the server.
 	Id uint64 `json:"id,omitempty,string"`
 
-	// Kind: [Output Only] Type of resource. Always compute#license for
-	// licenses.
+	// Kind: [Output Only] Type of the resource. Always
+	// compute#interconnectRemoteLocation for interconnect remote locations.
 	Kind string `json:"kind,omitempty"`
 
-	// LicenseCode: [Output Only] The unique code used to attach this
-	// license to images, snapshots, and disks.
-	LicenseCode uint64 `json:"licenseCode,omitempty,string"`
+	// Lacp: [Output Only] Link Aggregation Control Protocol (LACP)
+	// constraints, which can take one of the following values:
+	// LACP_SUPPORTED, LACP_UNSUPPORTED
+	//
+	// Possible values:
+	//   "LACP_SUPPORTED" - LACP_SUPPORTED: LACP is supported, and enabled
+	// by default on the Cross-Cloud Interconnect.
+	//   "LACP_UNSUPPORTED" - LACP_UNSUPPORTED: LACP is not supported and is
+	// not be enabled on this port. GetDiagnostics shows
+	// bundleAggregationType as "static". GCP does not support LAGs without
+	// LACP, so requestedLinkCount must be 1.
+	Lacp string `json:"lacp,omitempty"`
+
+	// MaxLagSize100Gbps: [Output Only] The maximum number of 100 Gbps ports
+	// supported in a link aggregation group (LAG). When linkType is 100
+	// Gbps, requestedLinkCount cannot exceed max_lag_size_100_gbps.
+	MaxLagSize100Gbps int64 `json:"maxLagSize100Gbps,omitempty"`
+
+	// MaxLagSize10Gbps: [Output Only] The maximum number of 10 Gbps ports
+	// supported in a link aggregation group (LAG). When linkType is 10
+	// Gbps, requestedLinkCount cannot exceed max_lag_size_10_gbps.
+	MaxLagSize10Gbps int64 `json:"maxLagSize10Gbps,omitempty"`
 
-	// Name: Name of the resource. The name must be 1-63 characters long and
-	// comply with RFC1035.
+	// Name: [Output Only] Name of the resource.
 	Name string `json:"name,omitempty"`
 
-	ResourceRequirements *LicenseResourceRequirements `json:"resourceRequirements,omitempty"`
+	// PeeringdbFacilityId: [Output Only] The peeringdb identifier for this
+	// facility (corresponding with a netfac type in peeringdb).
+	PeeringdbFacilityId string `json:"peeringdbFacilityId,omitempty"`
+
+	// PermittedConnections: [Output Only] Permitted connections.
+	PermittedConnections []*InterconnectRemoteLocationPermittedConnections `json:"permittedConnections,omitempty"`
+
+	// RemoteService: [Output Only] Indicates the service provider present
+	// at the remote location. Example values: "Amazon Web Services",
+	// "Microsoft Azure".
+	RemoteService string `json:"remoteService,omitempty"`
 
 	// SelfLink: [Output Only] Server-defined URL for the resource.
 	SelfLink string `json:"selfLink,omitempty"`
 
-	// Transferable: If false, licenses will not be copied from the source
-	// resource when creating an image from a disk, disk from snapshot, or
-	// snapshot from disk.
-	Transferable bool `json:"transferable,omitempty"`
+	// Status: [Output Only] The status of this InterconnectRemoteLocation,
+	// which can take one of the following values: - CLOSED: The
+	// InterconnectRemoteLocation is closed and is unavailable for
+	// provisioning new Cross-Cloud Interconnects. - AVAILABLE: The
+	// InterconnectRemoteLocation is available for provisioning new
+	// Cross-Cloud Interconnects.
+	//
+	// Possible values:
+	//   "AVAILABLE" - The InterconnectRemoteLocation is available for
+	// provisioning new Cross-Cloud Interconnects.
+	//   "CLOSED" - The InterconnectRemoteLocation is closed for
+	// provisioning new Cross-Cloud Interconnects.
+	Status string `json:"status,omitempty"`
 
 	// ServerResponse contains the HTTP response code and headers from the
 	// server.
 	googleapi.ServerResponse `json:"-"`
 
-	// ForceSendFields is a list of field names (e.g. "ChargesUseFee") to
+	// ForceSendFields is a list of field names (e.g. "Address") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
 	// non-pointer, non-interface field appearing in ForceSendFields will be
@@ -24765,144 +25635,101 @@ type License struct {
 	// This may be used to include empty fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "ChargesUseFee") to include
-	// in API requests with the JSON null value. By default, fields with
-	// empty values are omitted from API requests. However, any field with
-	// an empty value appearing in NullFields will be sent to the server as
+	// NullFields is a list of field names (e.g. "Address") to include in
+	// API requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
 	// null. It is an error if a field in this list has a non-empty value.
 	// This may be used to include null fields in Patch requests.
 	NullFields []string `json:"-"`
 }
 
-func (s *License) MarshalJSON() ([]byte, error) {
-	type NoMethod License
+func (s *InterconnectRemoteLocation) MarshalJSON() ([]byte, error) {
+	type NoMethod InterconnectRemoteLocation
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// LicenseCode: Represents a License Code resource. A License Code is a
-// unique identifier used to represent a license resource. *Caution*
-// This resource is intended for use only by third-party partners who
-// are creating Cloud Marketplace images.
-type LicenseCode struct {
-	// CreationTimestamp: [Output Only] Creation timestamp in RFC3339 text
-	// format.
-	CreationTimestamp string `json:"creationTimestamp,omitempty"`
-
-	// Description: [Output Only] Description of this License Code.
-	Description string `json:"description,omitempty"`
-
-	// Id: [Output Only] The unique identifier for the resource. This
-	// identifier is defined by the server.
-	Id uint64 `json:"id,omitempty,string"`
-
-	// Kind: [Output Only] Type of resource. Always compute#licenseCode for
-	// licenses.
-	Kind string `json:"kind,omitempty"`
-
-	// LicenseAlias: [Output Only] URL and description aliases of Licenses
-	// with the same License Code.
-	LicenseAlias []*LicenseCodeLicenseAlias `json:"licenseAlias,omitempty"`
-
-	// Name: [Output Only] Name of the resource. The name is 1-20 characters
-	// long and must be a valid 64 bit integer.
-	Name string `json:"name,omitempty"`
-
-	// SelfLink: [Output Only] Server-defined URL for the resource.
-	SelfLink string `json:"selfLink,omitempty"`
-
-	// State: [Output Only] Current state of this License Code.
+type InterconnectRemoteLocationConstraints struct {
+	// PortPairRemoteLocation: [Output Only] Port pair remote location
+	// constraints, which can take one of the following values:
+	// PORT_PAIR_UNCONSTRAINED_REMOTE_LOCATION,
+	// PORT_PAIR_MATCHING_REMOTE_LOCATION. GCP's API refers only to
+	// individual ports, but the UI uses this field when ordering a pair of
+	// ports, to prevent users from accidentally ordering something that is
+	// incompatible with their cloud provider. Specifically, when ordering a
+	// redundant pair of Cross-Cloud Interconnect ports, and one of them
+	// uses a remote location with portPairMatchingRemoteLocation set to
+	// matching, the UI requires that both ports use the same remote
+	// location.
 	//
 	// Possible values:
-	//   "DISABLED" - Machines are not allowed to attach boot disks with
-	// this License Code. Requests to create new resources with this license
-	// will be rejected.
-	//   "ENABLED" - Use is allowed for anyone with USE_READ_ONLY access to
-	// this License Code.
-	//   "RESTRICTED" - Use of this license is limited to a project
-	// whitelist.
-	//   "STATE_UNSPECIFIED"
-	//   "TERMINATED" - Reserved state.
-	State string `json:"state,omitempty"`
-
-	// Transferable: [Output Only] If true, the license will remain attached
-	// when creating images or snapshots from disks. Otherwise, the license
-	// is not transferred.
-	Transferable bool `json:"transferable,omitempty"`
-
-	// ServerResponse contains the HTTP response code and headers from the
-	// server.
-	googleapi.ServerResponse `json:"-"`
+	//   "PORT_PAIR_MATCHING_REMOTE_LOCATION" - If
+	// PORT_PAIR_MATCHING_REMOTE_LOCATION, the remote cloud provider
+	// allocates ports in pairs, and the user should choose the same remote
+	// location for both ports.
+	//   "PORT_PAIR_UNCONSTRAINED_REMOTE_LOCATION" - If
+	// PORT_PAIR_UNCONSTRAINED_REMOTE_LOCATION, a user may opt to provision
+	// a redundant pair of Cross-Cloud Interconnects using two different
+	// remote locations in the same city.
+	PortPairRemoteLocation string `json:"portPairRemoteLocation,omitempty"`
+
+	// PortPairVlan: [Output Only] Port pair VLAN constraints, which can
+	// take one of the following values: PORT_PAIR_UNCONSTRAINED_VLAN,
+	// PORT_PAIR_MATCHING_VLAN
+	//
+	// Possible values:
+	//   "PORT_PAIR_MATCHING_VLAN" - If PORT_PAIR_MATCHING_VLAN, the
+	// Interconnect for this attachment is part of a pair of ports that
+	// should have matching VLAN allocations. This occurs with Cross-Cloud
+	// Interconnect to Azure remote locations. While GCP's API does not
+	// explicitly group pairs of ports, the UI uses this field to ensure
+	// matching VLAN ids when configuring a redundant VLAN pair.
+	//   "PORT_PAIR_UNCONSTRAINED_VLAN" - PORT_PAIR_UNCONSTRAINED_VLAN means
+	// there is no constraint.
+	PortPairVlan string `json:"portPairVlan,omitempty"`
+
+	// SubnetLengthRange: [Output Only] [min-length, max-length] The minimum
+	// and maximum value (inclusive) for the IPv4 subnet length. For
+	// example, an interconnectRemoteLocation for Azure has {min: 30, max:
+	// 30} because Azure requires /30 subnets. This range specifies the
+	// values supported by both cloud providers. Interconnect currently
+	// supports /29 and /30 IPv4 subnet lengths. If a remote cloud has no
+	// constraint on IPv4 subnet length, the range would thus be {min: 29,
+	// max: 30}.
+	SubnetLengthRange *InterconnectRemoteLocationConstraintsSubnetLengthRange `json:"subnetLengthRange,omitempty"`
 
-	// ForceSendFields is a list of field names (e.g. "CreationTimestamp")
-	// to unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
+	// ForceSendFields is a list of field names (e.g.
+	// "PortPairRemoteLocation") to unconditionally include in API requests.
+	// By default, fields with empty or default values are omitted from API
+	// requests. However, any non-pointer, non-interface field appearing in
+	// ForceSendFields will be sent to the server regardless of whether the
+	// field is empty or not. This may be used to include empty fields in
+	// Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "CreationTimestamp") to
-	// include in API requests with the JSON null value. By default, fields
-	// with empty values are omitted from API requests. However, any field
-	// with an empty value appearing in NullFields will be sent to the
+	// NullFields is a list of field names (e.g. "PortPairRemoteLocation")
+	// to include in API requests with the JSON null value. By default,
+	// fields with empty values are omitted from API requests. However, any
+	// field with an empty value appearing in NullFields will be sent to the
 	// server as null. It is an error if a field in this list has a
 	// non-empty value. This may be used to include null fields in Patch
 	// requests.
 	NullFields []string `json:"-"`
 }
 
-func (s *LicenseCode) MarshalJSON() ([]byte, error) {
-	type NoMethod LicenseCode
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-type LicenseCodeLicenseAlias struct {
-	// Description: [Output Only] Description of this License Code.
-	Description string `json:"description,omitempty"`
-
-	// SelfLink: [Output Only] URL of license corresponding to this License
-	// Code.
-	SelfLink string `json:"selfLink,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "Description") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "Description") to include
-	// in API requests with the JSON null value. By default, fields with
-	// empty values are omitted from API requests. However, any field with
-	// an empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *LicenseCodeLicenseAlias) MarshalJSON() ([]byte, error) {
-	type NoMethod LicenseCodeLicenseAlias
+func (s *InterconnectRemoteLocationConstraints) MarshalJSON() ([]byte, error) {
+	type NoMethod InterconnectRemoteLocationConstraints
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-// LicenseResourceCommitment: Commitment for a particular license
-// resource.
-type LicenseResourceCommitment struct {
-	// Amount: The number of licenses purchased.
-	Amount int64 `json:"amount,omitempty,string"`
-
-	// CoresPerLicense: Specifies the core range of the instance for which
-	// this license applies.
-	CoresPerLicense string `json:"coresPerLicense,omitempty"`
+type InterconnectRemoteLocationConstraintsSubnetLengthRange struct {
+	Max int64 `json:"max,omitempty"`
 
-	// License: Any applicable license URI.
-	License string `json:"license,omitempty"`
+	Min int64 `json:"min,omitempty"`
 
-	// ForceSendFields is a list of field names (e.g. "Amount") to
+	// ForceSendFields is a list of field names (e.g. "Max") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
 	// non-pointer, non-interface field appearing in ForceSendFields will be
@@ -24910,7 +25737,7 @@ type LicenseResourceCommitment struct {
 	// This may be used to include empty fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "Amount") to include in API
+	// NullFields is a list of field names (e.g. "Max") to include in API
 	// requests with the JSON null value. By default, fields with empty
 	// values are omitted from API requests. However, any field with an
 	// empty value appearing in NullFields will be sent to the server as
@@ -24919,66 +25746,537 @@ type LicenseResourceCommitment struct {
 	NullFields []string `json:"-"`
 }
 
-func (s *LicenseResourceCommitment) MarshalJSON() ([]byte, error) {
-	type NoMethod LicenseResourceCommitment
-	raw := NoMethod(*s)
-	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
-}
-
-type LicenseResourceRequirements struct {
-	// MinGuestCpuCount: Minimum number of guest cpus required to use the
-	// Instance. Enforced at Instance creation and Instance start.
-	MinGuestCpuCount int64 `json:"minGuestCpuCount,omitempty"`
-
-	// MinMemoryMb: Minimum memory required to use the Instance. Enforced at
-	// Instance creation and Instance start.
-	MinMemoryMb int64 `json:"minMemoryMb,omitempty"`
-
-	// ForceSendFields is a list of field names (e.g. "MinGuestCpuCount") to
-	// unconditionally include in API requests. By default, fields with
-	// empty or default values are omitted from API requests. However, any
-	// non-pointer, non-interface field appearing in ForceSendFields will be
-	// sent to the server regardless of whether the field is empty or not.
-	// This may be used to include empty fields in Patch requests.
-	ForceSendFields []string `json:"-"`
-
-	// NullFields is a list of field names (e.g. "MinGuestCpuCount") to
-	// include in API requests with the JSON null value. By default, fields
-	// with empty values are omitted from API requests. However, any field
-	// with an empty value appearing in NullFields will be sent to the
-	// server as null. It is an error if a field in this list has a
-	// non-empty value. This may be used to include null fields in Patch
-	// requests.
-	NullFields []string `json:"-"`
-}
-
-func (s *LicenseResourceRequirements) MarshalJSON() ([]byte, error) {
-	type NoMethod LicenseResourceRequirements
+func (s *InterconnectRemoteLocationConstraintsSubnetLengthRange) MarshalJSON() ([]byte, error) {
+	type NoMethod InterconnectRemoteLocationConstraintsSubnetLengthRange
 	raw := NoMethod(*s)
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
-type LicensesListResponse struct {
+// InterconnectRemoteLocationList: Response to the list request, and
+// contains a list of interconnect remote locations.
+type InterconnectRemoteLocationList struct {
 	// Id: [Output Only] Unique identifier for the resource; defined by the
 	// server.
 	Id string `json:"id,omitempty"`
 
-	// Items: A list of License resources.
-	Items []*License `json:"items,omitempty"`
+	// Items: A list of InterconnectRemoteLocation resources.
+	Items []*InterconnectRemoteLocation `json:"items,omitempty"`
 
-	// NextPageToken: [Output Only] This token allows you to get the next
-	// page of results for list requests. If the number of results is larger
-	// than maxResults, use the nextPageToken as a value for the query
-	// parameter pageToken in the next list request. Subsequent list
-	// requests will have their own nextPageToken to continue paging through
-	// the results.
+	// Kind: [Output Only] Type of resource. Always
+	// compute#interconnectRemoteLocationList for lists of interconnect
+	// remote locations.
+	Kind string `json:"kind,omitempty"`
+
+	// NextPageToken: [Output Only] This token lets you get the next page of
+	// results for list requests. If the number of results is larger than
+	// maxResults, use the nextPageToken as a value for the query parameter
+	// pageToken in the next list request. Subsequent list requests will
+	// have their own nextPageToken to continue paging through the results.
 	NextPageToken string `json:"nextPageToken,omitempty"`
 
 	// SelfLink: [Output Only] Server-defined URL for this resource.
 	SelfLink string `json:"selfLink,omitempty"`
 
 	// Warning: [Output Only] Informational warning message.
-	Warning *LicensesListResponseWarning `json:"warning,omitempty"`
+	Warning *InterconnectRemoteLocationListWarning `json:"warning,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "Id") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Id") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *InterconnectRemoteLocationList) MarshalJSON() ([]byte, error) {
+	type NoMethod InterconnectRemoteLocationList
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// InterconnectRemoteLocationListWarning: [Output Only] Informational
+// warning message.
+type InterconnectRemoteLocationListWarning struct {
+	// Code: [Output Only] A warning code, if applicable. For example,
+	// Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in
+	// the response.
+	//
+	// Possible values:
+	//   "CLEANUP_FAILED" - Warning about failed cleanup of transient
+	// changes made by a failed operation.
+	//   "DEPRECATED_RESOURCE_USED" - A link to a deprecated resource was
+	// created.
+	//   "DEPRECATED_TYPE_USED" - When deploying and at least one of the
+	// resources has a type marked as deprecated
+	//   "DISK_SIZE_LARGER_THAN_IMAGE_SIZE" - The user created a boot disk
+	// that is larger than image size.
+	//   "EXPERIMENTAL_TYPE_USED" - When deploying and at least one of the
+	// resources has a type marked as experimental
+	//   "EXTERNAL_API_WARNING" - Warning that is present in an external api
+	// call
+	//   "FIELD_VALUE_OVERRIDEN" - Warning that value of a field has been
+	// overridden. Deprecated unused field.
+	//   "INJECTED_KERNELS_DEPRECATED" - The operation involved use of an
+	// injected kernel, which is deprecated.
+	//   "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB" - A WEIGHTED_MAGLEV
+	// backend service is associated with a health check that is not of type
+	// HTTP/HTTPS/HTTP2.
+	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
+	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
+	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
+	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
+	// not assigned to an instance on the network.
+	//   "NEXT_HOP_CANNOT_IP_FORWARD" - The route's next hop instance cannot
+	// ip forward.
+	//   "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE" - The route's
+	// nextHopInstance URL refers to an instance that does not have an ipv6
+	// interface on the same network as the route.
+	//   "NEXT_HOP_INSTANCE_NOT_FOUND" - The route's nextHopInstance URL
+	// refers to an instance that does not exist.
+	//   "NEXT_HOP_INSTANCE_NOT_ON_NETWORK" - The route's nextHopInstance
+	// URL refers to an instance that is not on the same network as the
+	// route.
+	//   "NEXT_HOP_NOT_RUNNING" - The route's next hop instance does not
+	// have a status of RUNNING.
+	//   "NOT_CRITICAL_ERROR" - Error which is not critical. We decided to
+	// continue the process despite the mentioned error.
+	//   "NO_RESULTS_ON_PAGE" - No results are present on a particular list
+	// page.
+	//   "PARTIAL_SUCCESS" - Success is reported, but some results may be
+	// missing due to errors
+	//   "REQUIRED_TOS_AGREEMENT" - The user attempted to use a resource
+	// that requires a TOS they have not accepted.
+	//   "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING" - Warning that a
+	// resource is in use.
+	//   "RESOURCE_NOT_DELETED" - One or more of the resources set to
+	// auto-delete could not be deleted because they were in use.
+	//   "SCHEMA_VALIDATION_IGNORED" - When a resource schema validation is
+	// ignored.
+	//   "SINGLE_INSTANCE_PROPERTY_TEMPLATE" - Instance template used in
+	// instance group manager is valid as such, but its application does not
+	// make a lot of sense, because it allows only single instance in
+	// instance group.
+	//   "UNDECLARED_PROPERTIES" - When undeclared properties in the schema
+	// are present
+	//   "UNREACHABLE" - A given scope cannot be reached.
+	Code string `json:"code,omitempty"`
+
+	// Data: [Output Only] Metadata about this warning in key: value format.
+	// For example: "data": [ { "key": "scope", "value": "zones/us-east1-d"
+	// }
+	Data []*InterconnectRemoteLocationListWarningData `json:"data,omitempty"`
+
+	// Message: [Output Only] A human-readable description of the warning
+	// code.
+	Message string `json:"message,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Code") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Code") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *InterconnectRemoteLocationListWarning) MarshalJSON() ([]byte, error) {
+	type NoMethod InterconnectRemoteLocationListWarning
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type InterconnectRemoteLocationListWarningData struct {
+	// Key: [Output Only] A key that provides more detail on the warning
+	// being returned. For example, for warnings where there are no results
+	// in a list request for a particular zone, this key might be scope and
+	// the key value might be the zone name. Other examples might be a key
+	// indicating a deprecated resource and a suggested replacement, or a
+	// warning about invalid network settings (for example, if an instance
+	// attempts to perform IP forwarding but is not enabled for IP
+	// forwarding).
+	Key string `json:"key,omitempty"`
+
+	// Value: [Output Only] A warning data value corresponding to the key.
+	Value string `json:"value,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Key") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Key") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *InterconnectRemoteLocationListWarningData) MarshalJSON() ([]byte, error) {
+	type NoMethod InterconnectRemoteLocationListWarningData
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type InterconnectRemoteLocationPermittedConnections struct {
+	// InterconnectLocation: [Output Only] URL of an Interconnect location
+	// that is permitted to connect to this Interconnect remote location.
+	InterconnectLocation string `json:"interconnectLocation,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g.
+	// "InterconnectLocation") to unconditionally include in API requests.
+	// By default, fields with empty or default values are omitted from API
+	// requests. However, any non-pointer, non-interface field appearing in
+	// ForceSendFields will be sent to the server regardless of whether the
+	// field is empty or not. This may be used to include empty fields in
+	// Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "InterconnectLocation") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *InterconnectRemoteLocationPermittedConnections) MarshalJSON() ([]byte, error) {
+	type NoMethod InterconnectRemoteLocationPermittedConnections
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// InterconnectsGetDiagnosticsResponse: Response for the
+// InterconnectsGetDiagnosticsRequest.
+type InterconnectsGetDiagnosticsResponse struct {
+	Result *InterconnectDiagnostics `json:"result,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "Result") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Result") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *InterconnectsGetDiagnosticsResponse) MarshalJSON() ([]byte, error) {
+	type NoMethod InterconnectsGetDiagnosticsResponse
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// License: Represents a License resource. A License represents billing
+// and aggregate usage data for public and marketplace images. *Caution*
+// This resource is intended for use only by third-party partners who
+// are creating Cloud Marketplace images.
+type License struct {
+	// ChargesUseFee: [Output Only] Deprecated. This field no longer
+	// reflects whether a license charges a usage fee.
+	ChargesUseFee bool `json:"chargesUseFee,omitempty"`
+
+	// CreationTimestamp: [Output Only] Creation timestamp in RFC3339 text
+	// format.
+	CreationTimestamp string `json:"creationTimestamp,omitempty"`
+
+	// Description: An optional textual description of the resource;
+	// provided by the client when the resource is created.
+	Description string `json:"description,omitempty"`
+
+	// Id: [Output Only] The unique identifier for the resource. This
+	// identifier is defined by the server.
+	Id uint64 `json:"id,omitempty,string"`
+
+	// Kind: [Output Only] Type of resource. Always compute#license for
+	// licenses.
+	Kind string `json:"kind,omitempty"`
+
+	// LicenseCode: [Output Only] The unique code used to attach this
+	// license to images, snapshots, and disks.
+	LicenseCode uint64 `json:"licenseCode,omitempty,string"`
+
+	// Name: Name of the resource. The name must be 1-63 characters long and
+	// comply with RFC1035.
+	Name string `json:"name,omitempty"`
+
+	ResourceRequirements *LicenseResourceRequirements `json:"resourceRequirements,omitempty"`
+
+	// SelfLink: [Output Only] Server-defined URL for the resource.
+	SelfLink string `json:"selfLink,omitempty"`
+
+	// Transferable: If false, licenses will not be copied from the source
+	// resource when creating an image from a disk, disk from snapshot, or
+	// snapshot from disk.
+	Transferable bool `json:"transferable,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "ChargesUseFee") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "ChargesUseFee") to include
+	// in API requests with the JSON null value. By default, fields with
+	// empty values are omitted from API requests. However, any field with
+	// an empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *License) MarshalJSON() ([]byte, error) {
+	type NoMethod License
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// LicenseCode: Represents a License Code resource. A License Code is a
+// unique identifier used to represent a license resource. *Caution*
+// This resource is intended for use only by third-party partners who
+// are creating Cloud Marketplace images.
+type LicenseCode struct {
+	// CreationTimestamp: [Output Only] Creation timestamp in RFC3339 text
+	// format.
+	CreationTimestamp string `json:"creationTimestamp,omitempty"`
+
+	// Description: [Output Only] Description of this License Code.
+	Description string `json:"description,omitempty"`
+
+	// Id: [Output Only] The unique identifier for the resource. This
+	// identifier is defined by the server.
+	Id uint64 `json:"id,omitempty,string"`
+
+	// Kind: [Output Only] Type of resource. Always compute#licenseCode for
+	// licenses.
+	Kind string `json:"kind,omitempty"`
+
+	// LicenseAlias: [Output Only] URL and description aliases of Licenses
+	// with the same License Code.
+	LicenseAlias []*LicenseCodeLicenseAlias `json:"licenseAlias,omitempty"`
+
+	// Name: [Output Only] Name of the resource. The name is 1-20 characters
+	// long and must be a valid 64 bit integer.
+	Name string `json:"name,omitempty"`
+
+	// SelfLink: [Output Only] Server-defined URL for the resource.
+	SelfLink string `json:"selfLink,omitempty"`
+
+	// State: [Output Only] Current state of this License Code.
+	//
+	// Possible values:
+	//   "DISABLED" - Machines are not allowed to attach boot disks with
+	// this License Code. Requests to create new resources with this license
+	// will be rejected.
+	//   "ENABLED" - Use is allowed for anyone with USE_READ_ONLY access to
+	// this License Code.
+	//   "RESTRICTED" - Use of this license is limited to a project
+	// whitelist.
+	//   "STATE_UNSPECIFIED"
+	//   "TERMINATED" - Reserved state.
+	State string `json:"state,omitempty"`
+
+	// Transferable: [Output Only] If true, the license will remain attached
+	// when creating images or snapshots from disks. Otherwise, the license
+	// is not transferred.
+	Transferable bool `json:"transferable,omitempty"`
+
+	// ServerResponse contains the HTTP response code and headers from the
+	// server.
+	googleapi.ServerResponse `json:"-"`
+
+	// ForceSendFields is a list of field names (e.g. "CreationTimestamp")
+	// to unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "CreationTimestamp") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *LicenseCode) MarshalJSON() ([]byte, error) {
+	type NoMethod LicenseCode
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type LicenseCodeLicenseAlias struct {
+	// Description: [Output Only] Description of this License Code.
+	Description string `json:"description,omitempty"`
+
+	// SelfLink: [Output Only] URL of license corresponding to this License
+	// Code.
+	SelfLink string `json:"selfLink,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Description") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Description") to include
+	// in API requests with the JSON null value. By default, fields with
+	// empty values are omitted from API requests. However, any field with
+	// an empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *LicenseCodeLicenseAlias) MarshalJSON() ([]byte, error) {
+	type NoMethod LicenseCodeLicenseAlias
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// LicenseResourceCommitment: Commitment for a particular license
+// resource.
+type LicenseResourceCommitment struct {
+	// Amount: The number of licenses purchased.
+	Amount int64 `json:"amount,omitempty,string"`
+
+	// CoresPerLicense: Specifies the core range of the instance for which
+	// this license applies.
+	CoresPerLicense string `json:"coresPerLicense,omitempty"`
+
+	// License: Any applicable license URI.
+	License string `json:"license,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Amount") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Amount") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *LicenseResourceCommitment) MarshalJSON() ([]byte, error) {
+	type NoMethod LicenseResourceCommitment
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type LicenseResourceRequirements struct {
+	// MinGuestCpuCount: Minimum number of guest cpus required to use the
+	// Instance. Enforced at Instance creation and Instance start.
+	MinGuestCpuCount int64 `json:"minGuestCpuCount,omitempty"`
+
+	// MinMemoryMb: Minimum memory required to use the Instance. Enforced at
+	// Instance creation and Instance start.
+	MinMemoryMb int64 `json:"minMemoryMb,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "MinGuestCpuCount") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "MinGuestCpuCount") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *LicenseResourceRequirements) MarshalJSON() ([]byte, error) {
+	type NoMethod LicenseResourceRequirements
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type LicensesListResponse struct {
+	// Id: [Output Only] Unique identifier for the resource; defined by the
+	// server.
+	Id string `json:"id,omitempty"`
+
+	// Items: A list of License resources.
+	Items []*License `json:"items,omitempty"`
+
+	// NextPageToken: [Output Only] This token allows you to get the next
+	// page of results for list requests. If the number of results is larger
+	// than maxResults, use the nextPageToken as a value for the query
+	// parameter pageToken in the next list request. Subsequent list
+	// requests will have their own nextPageToken to continue paging through
+	// the results.
+	NextPageToken string `json:"nextPageToken,omitempty"`
+
+	// SelfLink: [Output Only] Server-defined URL for this resource.
+	SelfLink string `json:"selfLink,omitempty"`
+
+	// Warning: [Output Only] Informational warning message.
+	Warning *LicensesListResponseWarning `json:"warning,omitempty"`
 
 	// ServerResponse contains the HTTP response code and headers from the
 	// server.
@@ -25036,6 +26334,9 @@ type LicensesListResponseWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -25717,6 +27018,9 @@ type MachineImageListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -25924,7 +27228,7 @@ type MachineTypeAccelerators struct {
 	GuestAcceleratorCount int64 `json:"guestAcceleratorCount,omitempty"`
 
 	// GuestAcceleratorType: The accelerator type resource name, not a full
-	// URL, e.g. 'nvidia-tesla-k80'.
+	// URL, e.g. nvidia-tesla-t4.
 	GuestAcceleratorType string `json:"guestAcceleratorType,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g.
@@ -26065,6 +27369,9 @@ type MachineTypeAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -26254,6 +27561,9 @@ type MachineTypeListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -26422,6 +27732,9 @@ type MachineTypesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -26606,9 +27919,9 @@ type ManagedInstance struct {
 	// is empty when the instance does not exist.
 	//
 	// Possible values:
-	//   "DEPROVISIONING" - The Nanny is halted and we are performing tear
-	// down tasks like network deprogramming, releasing quota, IP, tearing
-	// down disks etc.
+	//   "DEPROVISIONING" - The instance is halted and we are performing
+	// tear down tasks like network deprogramming, releasing quota, IP,
+	// tearing down disks etc.
 	//   "PROVISIONING" - Resources are being allocated for the instance.
 	//   "REPAIRING" - The instance is in repair.
 	//   "RUNNING" - The instance is running.
@@ -27118,7 +28431,7 @@ type Network struct {
 	FirewallPolicy string `json:"firewallPolicy,omitempty"`
 
 	// GatewayIPv4: [Output Only] The gateway address for default routing
-	// out of the network, selected by GCP.
+	// out of the network, selected by Google Cloud.
 	GatewayIPv4 string `json:"gatewayIPv4,omitempty"`
 
 	// Id: [Output Only] The unique identifier for the resource. This
@@ -27230,10 +28543,9 @@ type NetworkAttachment struct {
 	// property when you create the resource.
 	Description string `json:"description,omitempty"`
 
-	// Fingerprint: [Output Only] Fingerprint of this resource. A hash of
-	// the contents stored in this object. This field is used in optimistic
-	// locking. An up-to-date fingerprint must be provided in order to
-	// patch.
+	// Fingerprint: Fingerprint of this resource. A hash of the contents
+	// stored in this object. This field is used in optimistic locking. An
+	// up-to-date fingerprint must be provided in order to patch.
 	Fingerprint string `json:"fingerprint,omitempty"`
 
 	// Id: [Output Only] The unique identifier for the resource type. The
@@ -27253,7 +28565,11 @@ type NetworkAttachment struct {
 	Name string `json:"name,omitempty"`
 
 	// Network: [Output Only] The URL of the network which the Network
-	// Attachment belongs to.
+	// Attachment belongs to. Practically it is inferred by fetching the
+	// network of the first subnetwork associated. Because it is required
+	// that all the subnetworks must be from the same network, it is assured
+	// that the Network Attachment belongs to the same network as all the
+	// subnetworks.
 	Network string `json:"network,omitempty"`
 
 	// ProducerAcceptLists: Projects that are allowed to connect to this
@@ -27394,6 +28710,9 @@ type NetworkAttachmentAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -27504,7 +28823,7 @@ func (s *NetworkAttachmentAggregatedListWarningData) MarshalJSON() ([]byte, erro
 // NetworkAttachmentConnectedEndpoint: [Output Only] A connection
 // connected to this network attachment.
 type NetworkAttachmentConnectedEndpoint struct {
-	// IpAddress: The IP address assigned to the producer instance network
+	// IpAddress: The IPv4 address assigned to the producer instance network
 	// interface. This value will be a range in case of Serverless.
 	IpAddress string `json:"ipAddress,omitempty"`
 
@@ -27512,7 +28831,7 @@ type NetworkAttachmentConnectedEndpoint struct {
 	// the IP was assigned.
 	ProjectIdOrNum string `json:"projectIdOrNum,omitempty"`
 
-	// SecondaryIpCidrRanges: Alias IP ranges from the same subnetwork
+	// SecondaryIpCidrRanges: Alias IP ranges from the same subnetwork.
 	SecondaryIpCidrRanges []string `json:"secondaryIpCidrRanges,omitempty"`
 
 	// Status: The status of a connected endpoint to this network
@@ -27638,6 +28957,9 @@ type NetworkAttachmentListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -27807,6 +29129,9 @@ type NetworkAttachmentsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -28083,6 +29408,9 @@ type NetworkEdgeSecurityServiceAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -28253,6 +29581,9 @@ type NetworkEdgeSecurityServicesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -28630,6 +29961,9 @@ type NetworkEndpointGroupAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -28962,6 +30296,9 @@ type NetworkEndpointGroupListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -29291,6 +30628,9 @@ type NetworkEndpointGroupsListNetworkEndpointsWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -29462,6 +30802,9 @@ type NetworkEndpointGroupsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -29643,9 +30986,9 @@ type NetworkInterface struct {
 
 	// Ipv6Address: An IPv6 internal network address for this network
 	// interface. To use a static internal IP address, it must be unused and
-	// in the same region as the instance's zone. If not specified, GCP will
-	// automatically assign an internal IPv6 address from the instance's
-	// subnetwork.
+	// in the same region as the instance's zone. If not specified, Google
+	// Cloud will automatically assign an internal IPv6 address from the
+	// instance's subnetwork.
 	Ipv6Address string `json:"ipv6Address,omitempty"`
 
 	// Kind: [Output Only] Type of the resource. Always
@@ -29696,10 +31039,11 @@ type NetworkInterface struct {
 	// number. It'll be empty if not specified by the users.
 	QueueCount int64 `json:"queueCount,omitempty"`
 
-	// StackType: The stack type for this network interface to identify
-	// whether the IPv6 feature is enabled or not. If not specified,
-	// IPV4_ONLY will be used. This field can be both set at instance
-	// creation and update network interface operations.
+	// StackType: The stack type for this network interface. To assign only
+	// IPv4 addresses, use IPV4_ONLY. To assign both IPv4 and IPv6
+	// addresses, use IPV4_IPV6. If not specified, IPV4_ONLY is used. This
+	// field can be both set at instance creation and update network
+	// interface operations.
 	//
 	// Possible values:
 	//   "IPV4_IPV6" - The network interface can have both IPv4 and IPv6
@@ -29823,6 +31167,9 @@ type NetworkListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -30494,6 +31841,9 @@ type NodeGroupAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -30725,6 +32075,9 @@ type NodeGroupListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -31083,6 +32436,9 @@ type NodeGroupsListNodesWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -31251,6 +32607,9 @@ type NodeGroupsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -31386,6 +32745,33 @@ func (s *NodeGroupsSetNodeTemplateRequest) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+type NodeGroupsSimulateMaintenanceEventRequest struct {
+	// Nodes: Names of the nodes to go under maintenance simulation.
+	Nodes []string `json:"nodes,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Nodes") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Nodes") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *NodeGroupsSimulateMaintenanceEventRequest) MarshalJSON() ([]byte, error) {
+	type NoMethod NodeGroupsSimulateMaintenanceEventRequest
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 // NodeTemplate: Represent a sole-tenant Node Template resource. You can
 // use a template to define properties for nodes in a node group. For
 // more information, read Creating node groups and instances.
@@ -31436,11 +32822,7 @@ type NodeTemplate struct {
 	// this template.
 	NodeType string `json:"nodeType,omitempty"`
 
-	// NodeTypeFlexibility: The flexible properties of the desired node
-	// type. Node groups that use this node template will create nodes of a
-	// type that matches these properties. This field is mutually exclusive
-	// with the node_type property; you can only define one or the other,
-	// but not both.
+	// NodeTypeFlexibility: Do not use. Instead, use the node_type property.
 	NodeTypeFlexibility *NodeTemplateNodeTypeFlexibility `json:"nodeTypeFlexibility,omitempty"`
 
 	// Region: [Output Only] The name of the region where the node template
@@ -31585,6 +32967,9 @@ type NodeTemplateAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -31774,6 +33159,9 @@ type NodeTemplateListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -31972,6 +33360,9 @@ type NodeTemplatesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -32243,6 +33634,9 @@ type NodeTypeAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -32432,6 +33826,9 @@ type NodeTypeListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -32600,6 +33997,9 @@ type NodeTypesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -32913,6 +34313,9 @@ type NotificationEndpointListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -33296,6 +34699,9 @@ type OperationWarnings struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -33488,6 +34894,9 @@ type OperationAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -33677,6 +35086,9 @@ type OperationListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -33845,6 +35257,9 @@ type OperationsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -33955,80 +35370,83 @@ func (s *OperationsScopedListWarningData) MarshalJSON() ([]byte, error) {
 // OutlierDetection: Settings controlling the eviction of unhealthy
 // hosts from the load balancing pool for the backend service.
 type OutlierDetection struct {
-	// BaseEjectionTime: The base time that a host is ejected for. The real
-	// ejection time is equal to the base ejection time multiplied by the
-	// number of times the host has been ejected. Defaults to 30000ms or
-	// 30s.
+	// BaseEjectionTime: The base time that a backend endpoint is ejected
+	// for. Defaults to 30000ms or 30s. After a backend endpoint is returned
+	// back to the load balancing pool, it can be ejected again in another
+	// ejection analysis. Thus, the total ejection time is equal to the base
+	// ejection time multiplied by the number of times the backend endpoint
+	// has been ejected. Defaults to 30000ms or 30s.
 	BaseEjectionTime *Duration `json:"baseEjectionTime,omitempty"`
 
-	// ConsecutiveErrors: Number of errors before a host is ejected from the
-	// connection pool. When the backend host is accessed over HTTP, a 5xx
-	// return code qualifies as an error. Defaults to 5. Not supported when
-	// the backend service is referenced by a URL map that is bound to
-	// target gRPC proxy that has validateForProxyless field set to true.
+	// ConsecutiveErrors: Number of consecutive errors before a backend
+	// endpoint is ejected from the load balancing pool. When the backend
+	// endpoint is accessed over HTTP, a 5xx return code qualifies as an
+	// error. Defaults to 5.
 	ConsecutiveErrors int64 `json:"consecutiveErrors,omitempty"`
 
 	// ConsecutiveGatewayFailure: The number of consecutive gateway failures
 	// (502, 503, 504 status or connection errors that are mapped to one of
 	// those status codes) before a consecutive gateway failure ejection
-	// occurs. Defaults to 3. Not supported when the backend service is
-	// referenced by a URL map that is bound to target gRPC proxy that has
-	// validateForProxyless field set to true.
+	// occurs. Defaults to 3.
 	ConsecutiveGatewayFailure int64 `json:"consecutiveGatewayFailure,omitempty"`
 
-	// EnforcingConsecutiveErrors: The percentage chance that a host will be
-	// actually ejected when an outlier status is detected through
+	// EnforcingConsecutiveErrors: The percentage chance that a backend
+	// endpoint will be ejected when an outlier status is detected through
 	// consecutive 5xx. This setting can be used to disable ejection or to
-	// ramp it up slowly. Defaults to 0. Not supported when the backend
-	// service is referenced by a URL map that is bound to target gRPC proxy
-	// that has validateForProxyless field set to true.
+	// ramp it up slowly. Defaults to 0.
 	EnforcingConsecutiveErrors int64 `json:"enforcingConsecutiveErrors,omitempty"`
 
-	// EnforcingConsecutiveGatewayFailure: The percentage chance that a host
-	// will be actually ejected when an outlier status is detected through
-	// consecutive gateway failures. This setting can be used to disable
-	// ejection or to ramp it up slowly. Defaults to 100. Not supported when
-	// the backend service is referenced by a URL map that is bound to
-	// target gRPC proxy that has validateForProxyless field set to true.
+	// EnforcingConsecutiveGatewayFailure: The percentage chance that a
+	// backend endpoint will be ejected when an outlier status is detected
+	// through consecutive gateway failures. This setting can be used to
+	// disable ejection or to ramp it up slowly. Defaults to 100.
 	EnforcingConsecutiveGatewayFailure int64 `json:"enforcingConsecutiveGatewayFailure,omitempty"`
 
-	// EnforcingSuccessRate: The percentage chance that a host will be
-	// actually ejected when an outlier status is detected through success
+	// EnforcingSuccessRate: The percentage chance that a backend endpoint
+	// will be ejected when an outlier status is detected through success
 	// rate statistics. This setting can be used to disable ejection or to
-	// ramp it up slowly. Defaults to 100.
+	// ramp it up slowly. Defaults to 100. Not supported when the backend
+	// service uses Serverless NEG.
 	EnforcingSuccessRate int64 `json:"enforcingSuccessRate,omitempty"`
 
 	// Interval: Time interval between ejection analysis sweeps. This can
-	// result in both new ejections as well as hosts being returned to
-	// service. Defaults to 1 second.
+	// result in both new ejections and backend endpoints being returned to
+	// service. The interval is equal to the number of seconds as defined in
+	// outlierDetection.interval.seconds plus the number of nanoseconds as
+	// defined in outlierDetection.interval.nanos. Defaults to 1 second.
 	Interval *Duration `json:"interval,omitempty"`
 
-	// MaxEjectionPercent: Maximum percentage of hosts in the load balancing
-	// pool for the backend service that can be ejected. Defaults to 50%.
+	// MaxEjectionPercent: Maximum percentage of backend endpoints in the
+	// load balancing pool for the backend service that can be ejected if
+	// the ejection conditions are met. Defaults to 50%.
 	MaxEjectionPercent int64 `json:"maxEjectionPercent,omitempty"`
 
-	// SuccessRateMinimumHosts: The number of hosts in a cluster that must
-	// have enough request volume to detect success rate outliers. If the
-	// number of hosts is less than this setting, outlier detection via
-	// success rate statistics is not performed for any host in the cluster.
-	// Defaults to 5.
+	// SuccessRateMinimumHosts: The number of backend endpoints in the load
+	// balancing pool that must have enough request volume to detect success
+	// rate outliers. If the number of backend endpoints is fewer than this
+	// setting, outlier detection via success rate statistics is not
+	// performed for any backend endpoint in the load balancing pool.
+	// Defaults to 5. Not supported when the backend service uses Serverless
+	// NEG.
 	SuccessRateMinimumHosts int64 `json:"successRateMinimumHosts,omitempty"`
 
 	// SuccessRateRequestVolume: The minimum number of total requests that
 	// must be collected in one interval (as defined by the interval
-	// duration above) to include this host in success rate based outlier
-	// detection. If the volume is lower than this setting, outlier
-	// detection via success rate statistics is not performed for that host.
-	// Defaults to 100.
+	// duration above) to include this backend endpoint in success rate
+	// based outlier detection. If the volume is lower than this setting,
+	// outlier detection via success rate statistics is not performed for
+	// that backend endpoint. Defaults to 100. Not supported when the
+	// backend service uses Serverless NEG.
 	SuccessRateRequestVolume int64 `json:"successRateRequestVolume,omitempty"`
 
 	// SuccessRateStdevFactor: This factor is used to determine the ejection
 	// threshold for success rate outlier ejection. The ejection threshold
 	// is the difference between the mean success rate, and the product of
 	// this factor and the standard deviation of the mean success rate: mean
-	// - (stdev * success_rate_stdev_factor). This factor is divided by a
+	// - (stdev * successRateStdevFactor). This factor is divided by a
 	// thousand to get a double. That is, if the desired factor is 1.9, the
-	// runtime value should be 1900. Defaults to 1900.
+	// runtime value should be 1900. Defaults to 1900. Not supported when
+	// the backend service uses Serverless NEG.
 	SuccessRateStdevFactor int64 `json:"successRateStdevFactor,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g. "BaseEjectionTime") to
@@ -34303,6 +35721,9 @@ type PacketMirroringAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -34571,6 +35992,9 @@ type PacketMirroringListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -34875,6 +36299,9 @@ type PacketMirroringsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -35721,7 +37148,7 @@ type PublicAdvertisedPrefix struct {
 	// property when you create the resource.
 	Description string `json:"description,omitempty"`
 
-	// DnsVerificationIp: The IPv4 address to be used for reverse DNS
+	// DnsVerificationIp: The address to be used for reverse DNS
 	// verification.
 	DnsVerificationIp string `json:"dnsVerificationIp,omitempty"`
 
@@ -35738,8 +37165,8 @@ type PublicAdvertisedPrefix struct {
 	// server generates this identifier.
 	Id uint64 `json:"id,omitempty,string"`
 
-	// IpCidrRange: The IPv4 address range, in CIDR format, represented by
-	// this public advertised prefix.
+	// IpCidrRange: The address range, in CIDR format, represented by this
+	// public advertised prefix.
 	IpCidrRange string `json:"ipCidrRange,omitempty"`
 
 	// Kind: [Output Only] Type of the resource. Always
@@ -35896,6 +37323,9 @@ type PublicAdvertisedPrefixListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -36076,7 +37506,7 @@ type PublicDelegatedPrefix struct {
 	// server generates this identifier.
 	Id uint64 `json:"id,omitempty,string"`
 
-	// IpCidrRange: The IPv4 address range, in CIDR format, represented by
+	// IpCidrRange: The IP address range, in CIDR format, represented by
 	// this public delegated prefix.
 	IpCidrRange string `json:"ipCidrRange,omitempty"`
 
@@ -36244,6 +37674,9 @@ type PublicDelegatedPrefixAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -36433,6 +37866,9 @@ type PublicDelegatedPrefixListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -36551,7 +37987,7 @@ type PublicDelegatedPrefixPublicDelegatedSubPrefix struct {
 	// property when you create the resource.
 	Description string `json:"description,omitempty"`
 
-	// IpCidrRange: The IPv4 address range, in CIDR format, represented by
+	// IpCidrRange: The IP address range, in CIDR format, represented by
 	// this sub public delegated prefix.
 	IpCidrRange string `json:"ipCidrRange,omitempty"`
 
@@ -36661,6 +38097,9 @@ type PublicDelegatedPrefixesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -36801,6 +38240,7 @@ type Quota struct {
 	//   "COMMITTED_NVIDIA_A100_80GB_GPUS"
 	//   "COMMITTED_NVIDIA_A100_GPUS"
 	//   "COMMITTED_NVIDIA_K80_GPUS"
+	//   "COMMITTED_NVIDIA_L4_GPUS"
 	//   "COMMITTED_NVIDIA_P100_GPUS"
 	//   "COMMITTED_NVIDIA_P4_GPUS"
 	//   "COMMITTED_NVIDIA_T4_GPUS"
@@ -36852,11 +38292,15 @@ type Quota struct {
 	//   "NETWORK_ATTACHMENTS"
 	//   "NETWORK_ENDPOINT_GROUPS"
 	//   "NETWORK_FIREWALL_POLICIES"
+	//   "NET_LB_SECURITY_POLICIES_PER_REGION"
+	//   "NET_LB_SECURITY_POLICY_RULES_PER_REGION"
+	//   "NET_LB_SECURITY_POLICY_RULE_ATTRIBUTES_PER_REGION"
 	//   "NODE_GROUPS"
 	//   "NODE_TEMPLATES"
 	//   "NVIDIA_A100_80GB_GPUS"
 	//   "NVIDIA_A100_GPUS"
 	//   "NVIDIA_K80_GPUS"
+	//   "NVIDIA_L4_GPUS"
 	//   "NVIDIA_P100_GPUS"
 	//   "NVIDIA_P100_VWS_GPUS"
 	//   "NVIDIA_P4_GPUS"
@@ -36871,6 +38315,7 @@ type Quota struct {
 	//   "PREEMPTIBLE_NVIDIA_A100_80GB_GPUS"
 	//   "PREEMPTIBLE_NVIDIA_A100_GPUS"
 	//   "PREEMPTIBLE_NVIDIA_K80_GPUS"
+	//   "PREEMPTIBLE_NVIDIA_L4_GPUS"
 	//   "PREEMPTIBLE_NVIDIA_P100_GPUS"
 	//   "PREEMPTIBLE_NVIDIA_P100_VWS_GPUS"
 	//   "PREEMPTIBLE_NVIDIA_P4_GPUS"
@@ -36894,6 +38339,7 @@ type Quota struct {
 	//   "ROUTES"
 	//   "SECURITY_POLICIES"
 	//   "SECURITY_POLICIES_PER_REGION"
+	//   "SECURITY_POLICY_ADVANCED_RULES_PER_REGION"
 	//   "SECURITY_POLICY_CEVAL_RULES"
 	//   "SECURITY_POLICY_RULES"
 	//   "SECURITY_POLICY_RULES_PER_REGION"
@@ -36973,6 +38419,10 @@ type QuotaExceededInfo struct {
 	// Dimensions: The map holding related quota dimensions.
 	Dimensions map[string]string `json:"dimensions,omitempty"`
 
+	// FutureLimit: Future quota limit being rolled out. The limit's unit
+	// depends on the quota type or metric.
+	FutureLimit float64 `json:"futureLimit,omitempty"`
+
 	// Limit: Current effective quota limit. The limit's unit depends on the
 	// quota type or metric.
 	Limit float64 `json:"limit,omitempty"`
@@ -36983,6 +38433,15 @@ type QuotaExceededInfo struct {
 	// MetricName: The Compute Engine quota metric name.
 	MetricName string `json:"metricName,omitempty"`
 
+	// RolloutStatus: Rollout status of the future quota limit.
+	//
+	// Possible values:
+	//   "IN_PROGRESS" - IN_PROGRESS - A rollout is in process which will
+	// change the limit value to future limit.
+	//   "ROLLOUT_STATUS_UNSPECIFIED" - ROLLOUT_STATUS_UNSPECIFIED - Rollout
+	// status is not specified. The default value.
+	RolloutStatus string `json:"rolloutStatus,omitempty"`
+
 	// ForceSendFields is a list of field names (e.g. "Dimensions") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
@@ -37009,13 +38468,15 @@ func (s *QuotaExceededInfo) MarshalJSON() ([]byte, error) {
 func (s *QuotaExceededInfo) UnmarshalJSON(data []byte) error {
 	type NoMethod QuotaExceededInfo
 	var s1 struct {
-		Limit gensupport.JSONFloat64 `json:"limit"`
+		FutureLimit gensupport.JSONFloat64 `json:"futureLimit"`
+		Limit       gensupport.JSONFloat64 `json:"limit"`
 		*NoMethod
 	}
 	s1.NoMethod = (*NoMethod)(s)
 	if err := json.Unmarshal(data, &s1); err != nil {
 		return err
 	}
+	s.FutureLimit = float64(s1.FutureLimit)
 	s.Limit = float64(s1.Limit)
 	return nil
 }
@@ -37133,6 +38594,44 @@ func (s *Region) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+type RegionAddressesMoveRequest struct {
+	// Description: An optional destination address description if intended
+	// to be different from the source.
+	Description string `json:"description,omitempty"`
+
+	// DestinationAddress: The URL of the destination address to move to.
+	// This can be a full or partial URL. For example, the following are all
+	// valid URLs to a address: -
+	// https://www.googleapis.com/compute/v1/projects/project/regions/region
+	// /addresses/address -
+	// projects/project/regions/region/addresses/address Note that
+	// destination project must be different from the source project. So
+	// /regions/region/addresses/address is not valid partial url.
+	DestinationAddress string `json:"destinationAddress,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Description") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Description") to include
+	// in API requests with the JSON null value. By default, fields with
+	// empty values are omitted from API requests. However, any field with
+	// an empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *RegionAddressesMoveRequest) MarshalJSON() ([]byte, error) {
+	type NoMethod RegionAddressesMoveRequest
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 // RegionAutoscalerList: Contains a list of autoscalers.
 type RegionAutoscalerList struct {
 	// Id: [Output Only] Unique identifier for the resource; defined by the
@@ -37215,6 +38714,9 @@ type RegionAutoscalerListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -37404,6 +38906,9 @@ type RegionDiskTypeListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -37595,6 +39100,42 @@ func (s *RegionDisksResizeRequest) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+type RegionDisksStartAsyncReplicationRequest struct {
+	// AsyncSecondaryDisk: The secondary disk to start asynchronous
+	// replication to. You can provide this as a partial or full URL to the
+	// resource. For example, the following are valid values: -
+	// https://www.googleapis.com/compute/v1/projects/project/zones/zone
+	// /disks/disk -
+	// https://www.googleapis.com/compute/v1/projects/project/regions/region
+	// /disks/disk - projects/project/zones/zone/disks/disk -
+	// projects/project/regions/region/disks/disk - zones/zone/disks/disk -
+	// regions/region/disks/disk
+	AsyncSecondaryDisk string `json:"asyncSecondaryDisk,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "AsyncSecondaryDisk")
+	// to unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "AsyncSecondaryDisk") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *RegionDisksStartAsyncReplicationRequest) MarshalJSON() ([]byte, error) {
+	type NoMethod RegionDisksStartAsyncReplicationRequest
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 // RegionInstanceGroupList: Contains a list of InstanceGroup resources.
 type RegionInstanceGroupList struct {
 	// Id: [Output Only] Unique identifier for the resource; defined by the
@@ -37677,6 +39218,9 @@ type RegionInstanceGroupListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -37899,6 +39443,9 @@ type RegionInstanceGroupManagerListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -38113,35 +39660,35 @@ type RegionInstanceGroupManagersApplyUpdatesRequest struct {
 	// MinimalAction: The minimal action that you want to perform on each
 	// instance during the update: - REPLACE: At minimum, delete the
 	// instance and create it again. - RESTART: Stop the instance and start
-	// it again. - REFRESH: Do not stop the instance. - NONE: Do not disrupt
-	// the instance at all. By default, the minimum action is NONE. If your
-	// update requires a more disruptive action than you set with this flag,
-	// the necessary action is performed to execute the update.
+	// it again. - REFRESH: Do not stop the instance and limit disruption as
+	// much as possible. - NONE: Do not disrupt the instance at all. By
+	// default, the minimum action is NONE. If your update requires a more
+	// disruptive action than you set with this flag, the necessary action
+	// is performed to execute the update.
 	//
 	// Possible values:
 	//   "NONE" - Do not perform any action.
-	//   "REFRESH" - Updates applied in runtime, instances will not be
-	// disrupted.
-	//   "REPLACE" - Old instances will be deleted. New instances will be
-	// created from the target template.
-	//   "RESTART" - Every instance will be restarted.
+	//   "REFRESH" - Do not stop the instance.
+	//   "REPLACE" - (Default.) Replace the instance according to the
+	// replacement method option.
+	//   "RESTART" - Stop the instance and start it again.
 	MinimalAction string `json:"minimalAction,omitempty"`
 
 	// MostDisruptiveAllowedAction: The most disruptive action that you want
 	// to perform on each instance during the update: - REPLACE: Delete the
 	// instance and create it again. - RESTART: Stop the instance and start
-	// it again. - REFRESH: Do not stop the instance. - NONE: Do not disrupt
-	// the instance at all. By default, the most disruptive allowed action
-	// is REPLACE. If your update requires a more disruptive action than you
-	// set with this flag, the update request will fail.
+	// it again. - REFRESH: Do not stop the instance and limit disruption as
+	// much as possible. - NONE: Do not disrupt the instance at all. By
+	// default, the most disruptive allowed action is REPLACE. If your
+	// update requires a more disruptive action than you set with this flag,
+	// the update request will fail.
 	//
 	// Possible values:
 	//   "NONE" - Do not perform any action.
-	//   "REFRESH" - Updates applied in runtime, instances will not be
-	// disrupted.
-	//   "REPLACE" - Old instances will be deleted. New instances will be
-	// created from the target template.
-	//   "RESTART" - Every instance will be restarted.
+	//   "REFRESH" - Do not stop the instance.
+	//   "REPLACE" - (Default.) Replace the instance according to the
+	// replacement method option.
+	//   "RESTART" - Stop the instance and start it again.
 	MostDisruptiveAllowedAction string `json:"mostDisruptiveAllowedAction,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g. "AllInstances") to
@@ -38346,6 +39893,9 @@ type RegionInstanceGroupManagersListInstanceConfigsRespWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -38666,6 +40216,9 @@ type RegionInstanceGroupsListInstancesWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -38929,6 +40482,9 @@ type RegionListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -39527,6 +41083,9 @@ type ReservationAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -39715,6 +41274,9 @@ type ReservationListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -39911,6 +41473,9 @@ type ReservationsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -40155,6 +41720,9 @@ type ResourcePoliciesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -40273,6 +41841,10 @@ type ResourcePolicy struct {
 
 	Description string `json:"description,omitempty"`
 
+	// DiskConsistencyGroupPolicy: Resource policy for disk consistency
+	// groups.
+	DiskConsistencyGroupPolicy *ResourcePolicyDiskConsistencyGroupPolicy `json:"diskConsistencyGroupPolicy,omitempty"`
+
 	// GroupPlacementPolicy: Resource policy for instances for placement
 	// configuration.
 	GroupPlacementPolicy *ResourcePolicyGroupPlacementPolicy `json:"groupPlacementPolicy,omitempty"`
@@ -40438,6 +42010,9 @@ type ResourcePolicyAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -40584,6 +42159,11 @@ func (s *ResourcePolicyDailyCycle) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+// ResourcePolicyDiskConsistencyGroupPolicy: Resource policy for disk
+// consistency groups.
+type ResourcePolicyDiskConsistencyGroupPolicy struct {
+}
+
 // ResourcePolicyGroupPlacementPolicy: A GroupPlacementPolicy specifies
 // resource placement configuration. It specifies the failure bucket
 // separation as well as network locality
@@ -40683,7 +42263,7 @@ type ResourcePolicyInstanceSchedulePolicy struct {
 
 	// TimeZone: Specifies the time zone to be used in interpreting
 	// Schedule.schedule. The value of this field must be a time zone name
-	// from the tz database: http://en.wikipedia.org/wiki/Tz_database.
+	// from the tz database: https://wikipedia.org/wiki/Tz_database.
 	TimeZone string `json:"timeZone,omitempty"`
 
 	// VmStartSchedule: Specifies the schedule for starting instances.
@@ -40830,6 +42410,9 @@ type ResourcePolicyListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -41314,6 +42897,10 @@ type Route struct {
 	// project/global/gateways/default-internet-gateway
 	NextHopGateway string `json:"nextHopGateway,omitempty"`
 
+	// NextHopHub: [Output Only] The full resource name of the Network
+	// Connectivity Center hub that will handle matching packets.
+	NextHopHub string `json:"nextHopHub,omitempty"`
+
 	// NextHopIlb: The URL to a forwarding rule of type
 	// loadBalancingScheme=INTERNAL that should handle matching packets or
 	// the IP address of the forwarding Rule. For example, the following are
@@ -41443,6 +43030,9 @@ type RouteWarnings struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -41674,6 +43264,9 @@ type RouteListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -41989,6 +43582,9 @@ type RouterAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -42173,9 +43769,9 @@ type RouterBgpPeer struct {
 	AdvertiseMode string `json:"advertiseMode,omitempty"`
 
 	// AdvertisedGroups: User-specified list of prefix groups to advertise
-	// in custom mode, which can take one of the following options: -
-	// ALL_SUBNETS: Advertises all available subnets, including peer VPC
-	// subnets. - ALL_VPC_SUBNETS: Advertises the router's own VPC subnets.
+	// in custom mode, which currently supports the following option: -
+	// ALL_SUBNETS: Advertises all of the router's own VPC subnets. This
+	// excludes any routes learned for subnets that use VPC Network Peering.
 	// Note that this field can only be populated if advertise_mode is
 	// CUSTOM and overrides the list defined for the router (in the "bgp"
 	// message). These groups are advertised in addition to any specified
@@ -42202,6 +43798,17 @@ type RouterBgpPeer struct {
 	// Bfd: BFD configuration for the BGP peering.
 	Bfd *RouterBgpPeerBfd `json:"bfd,omitempty"`
 
+	// CustomLearnedIpRanges: A list of user-defined custom learned route IP
+	// address ranges for a BGP session.
+	CustomLearnedIpRanges []*RouterBgpPeerCustomLearnedIpRange `json:"customLearnedIpRanges,omitempty"`
+
+	// CustomLearnedRoutePriority: The user-defined custom learned route
+	// priority for a BGP session. This value is applied to all custom
+	// learned route ranges for the session. You can choose a value from `0`
+	// to `65335`. If you don't provide a value, Google Cloud assigns a
+	// priority of `100` to the ranges.
+	CustomLearnedRoutePriority int64 `json:"customLearnedRoutePriority,omitempty"`
+
 	// Enable: The status of the BGP peer connection. If set to FALSE, any
 	// active session with the peer is terminated and all associated routing
 	// information is removed. If set to TRUE, the peer connection can be
@@ -42362,6 +43969,36 @@ func (s *RouterBgpPeerBfd) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+type RouterBgpPeerCustomLearnedIpRange struct {
+	// Range: The custom learned route IP address range. Must be a valid
+	// CIDR-formatted prefix. If an IP address is provided without a subnet
+	// mask, it is interpreted as, for IPv4, a `/32` singular IP address
+	// range, and, for IPv6, `/128`.
+	Range string `json:"range,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Range") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Range") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *RouterBgpPeerCustomLearnedIpRange) MarshalJSON() ([]byte, error) {
+	type NoMethod RouterBgpPeerCustomLearnedIpRange
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 type RouterInterface struct {
 	// IpRange: IP address and range of the interface. The IP range must be
 	// in the RFC3927 link-local IP address space. The value must be a
@@ -42542,6 +44179,9 @@ type RouterListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -42691,6 +44331,21 @@ func (s *RouterMd5AuthenticationKey) MarshalJSON() ([]byte, error) {
 // that would be used for NAT. GCP would auto-allocate ephemeral IPs if
 // no external IPs are provided.
 type RouterNat struct {
+	// AutoNetworkTier: The network tier to use when automatically reserving
+	// IP addresses. Must be one of: PREMIUM, STANDARD. If not specified,
+	// PREMIUM tier will be used.
+	//
+	// Possible values:
+	//   "FIXED_STANDARD" - Public internet quality with fixed bandwidth.
+	//   "PREMIUM" - High quality, Google-grade network tier, support for
+	// all networking products.
+	//   "STANDARD" - Public internet quality, only limited support for
+	// other networking products.
+	//   "STANDARD_OVERRIDES_FIXED_STANDARD" - (Output only) Temporary tier
+	// for FIXED_STANDARD when fixed standard tier is expired or not
+	// configured.
+	AutoNetworkTier string `json:"autoNetworkTier,omitempty"`
+
 	// DrainNatIps: A list of URLs of the IP resources to be drained. These
 	// IPs must be valid static external IPs that have been assigned to the
 	// NAT. These IPs should be used for updating/patching a NAT only.
@@ -42774,10 +44429,9 @@ type RouterNat struct {
 	// in every Subnetwork are allowed to Nat. - LIST_OF_SUBNETWORKS: A list
 	// of Subnetworks are allowed to Nat (specified in the field subnetwork
 	// below) The default is SUBNETWORK_IP_RANGE_TO_NAT_OPTION_UNSPECIFIED.
-	// Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES or
-	// ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any
-	// other Router.Nat section in any Router for this network in this
-	// region.
+	// Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES then
+	// there should not be any other Router.Nat section in any Router for
+	// this network in this region.
 	//
 	// Possible values:
 	//   "ALL_SUBNETWORKS_ALL_IP_RANGES" - All the IP ranges in every
@@ -42809,7 +44463,7 @@ type RouterNat struct {
 	// to 30s if not set.
 	UdpIdleTimeoutSec int64 `json:"udpIdleTimeoutSec,omitempty"`
 
-	// ForceSendFields is a list of field names (e.g. "DrainNatIps") to
+	// ForceSendFields is a list of field names (e.g. "AutoNetworkTier") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
 	// non-pointer, non-interface field appearing in ForceSendFields will be
@@ -42817,12 +44471,13 @@ type RouterNat struct {
 	// This may be used to include empty fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "DrainNatIps") to include
-	// in API requests with the JSON null value. By default, fields with
-	// empty values are omitted from API requests. However, any field with
-	// an empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
+	// NullFields is a list of field names (e.g. "AutoNetworkTier") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
 	NullFields []string `json:"-"`
 }
 
@@ -43369,6 +45024,9 @@ type RoutersScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -43853,6 +45511,12 @@ type Scheduling struct {
 	// action.
 	InstanceTerminationAction string `json:"instanceTerminationAction,omitempty"`
 
+	// LocalSsdRecoveryTimeout: Specifies the maximum amount of time a Local
+	// Ssd Vm should wait while recovery of the Local Ssd state is
+	// attempted. Its value should be in between 0 and 168 hours with hour
+	// granularity and the default value being 1 hour.
+	LocalSsdRecoveryTimeout *Duration `json:"localSsdRecoveryTimeout,omitempty"`
+
 	// LocationHint: An opaque location hint used to place the instance
 	// close to other resources. This field is for use by internal tools
 	// that use the public API.
@@ -44084,6 +45748,9 @@ type SecurityPoliciesAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -44284,6 +45951,9 @@ type SecurityPoliciesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -44454,6 +46124,20 @@ type SecurityPolicy struct {
 	// compute#securityPolicyfor security policies
 	Kind string `json:"kind,omitempty"`
 
+	// LabelFingerprint: A fingerprint for the labels being applied to this
+	// security policy, which is essentially a hash of the labels set used
+	// for optimistic locking. The fingerprint is initially generated by
+	// Compute Engine and changes after every request to modify or update
+	// labels. You must always provide an up-to-date fingerprint hash in
+	// order to update or change labels. To see the latest fingerprint, make
+	// get() request to the security policy.
+	LabelFingerprint string `json:"labelFingerprint,omitempty"`
+
+	// Labels: Labels for this resource. These can only be added or modified
+	// by the setLabels method. Each label key/value pair must comply with
+	// RFC1035. Label values may be empty.
+	Labels map[string]string `json:"labels,omitempty"`
+
 	// Name: Name of the resource. Provided by the client when the resource
 	// is created. The name must be 1-63 characters long, and comply with
 	// RFC1035. Specifically, the name must be 1-63 characters long and
@@ -44568,13 +46252,17 @@ func (s *SecurityPolicyAdaptiveProtectionConfig) MarshalJSON() ([]byte, error) {
 }
 
 // SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfig:
-// Configuration options for L7 DDoS detection.
+// Configuration options for L7 DDoS detection. This field is only
+// supported in Global Security Policies of type CLOUD_ARMOR.
 type SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfig struct {
-	// Enable: If set to true, enables CAAP for L7 DDoS detection.
+	// Enable: If set to true, enables CAAP for L7 DDoS detection. This
+	// field is only supported in Global Security Policies of type
+	// CLOUD_ARMOR.
 	Enable bool `json:"enable,omitempty"`
 
 	// RuleVisibility: Rule visibility can be one of the following: STANDARD
-	// - opaque rules. (default) PREMIUM - transparent rules.
+	// - opaque rules. (default) PREMIUM - transparent rules. This field is
+	// only supported in Global Security Policies of type CLOUD_ARMOR.
 	//
 	// Possible values:
 	//   "PREMIUM"
@@ -44784,6 +46472,9 @@ type SecurityPolicyListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -44897,7 +46588,8 @@ type SecurityPolicyRecaptchaOptionsConfig struct {
 	// GOOGLE_RECAPTCHA under the security policy. The specified site key
 	// needs to be created from the reCAPTCHA API. The user is responsible
 	// for the validity of the specified site key. If not specified, a
-	// Google-managed site key is used.
+	// Google-managed site key is used. This field is only supported in
+	// Global Security Policies of type CLOUD_ARMOR.
 	RedirectSiteKey string `json:"redirectSiteKey,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g. "RedirectSiteKey") to
@@ -44965,10 +46657,11 @@ type SecurityPolicyRule struct {
 	// rate_limit_options to be set. - redirect: redirect to a different
 	// target. This can either be an internal reCAPTCHA redirect, or an
 	// external URL-based redirect via a 302 response. Parameters for this
-	// action can be configured via redirectOptions. - throttle: limit
-	// client traffic to the configured threshold. Configure parameters for
-	// this action in rateLimitOptions. Requires rate_limit_options to be
-	// set for this.
+	// action can be configured via redirectOptions. This action is only
+	// supported in Global Security Policies of type CLOUD_ARMOR. -
+	// throttle: limit client traffic to the configured threshold. Configure
+	// parameters for this action in rateLimitOptions. Requires
+	// rate_limit_options to be set for this.
 	Action string `json:"action,omitempty"`
 
 	// Description: An optional description of this resource. Provide this
@@ -44976,7 +46669,8 @@ type SecurityPolicyRule struct {
 	Description string `json:"description,omitempty"`
 
 	// HeaderAction: Optional, additional actions that are performed on
-	// headers.
+	// headers. This field is only supported in Global Security Policies of
+	// type CLOUD_ARMOR.
 	HeaderAction *SecurityPolicyRuleHttpHeaderAction `json:"headerAction,omitempty"`
 
 	// Kind: [Output only] Type of the resource. Always
@@ -44987,6 +46681,12 @@ type SecurityPolicyRule struct {
 	// If it evaluates to true, the corresponding 'action' is enforced.
 	Match *SecurityPolicyRuleMatcher `json:"match,omitempty"`
 
+	// PreconfiguredWafConfig: Preconfigured WAF configuration to be applied
+	// for the rule. If the rule does not evaluate preconfigured WAF rules,
+	// i.e., if evaluatePreconfiguredWaf() is not used, this field will have
+	// no effect.
+	PreconfiguredWafConfig *SecurityPolicyRulePreconfiguredWafConfig `json:"preconfiguredWafConfig,omitempty"`
+
 	// Preview: If set to true, the specified action is not enforced.
 	Preview bool `json:"preview,omitempty"`
 
@@ -45001,7 +46701,8 @@ type SecurityPolicyRule struct {
 	RateLimitOptions *SecurityPolicyRuleRateLimitOptions `json:"rateLimitOptions,omitempty"`
 
 	// RedirectOptions: Parameters defining the redirect action. Cannot be
-	// specified for any other actions.
+	// specified for any other actions. This field is only supported in
+	// Global Security Policies of type CLOUD_ARMOR.
 	RedirectOptions *SecurityPolicyRuleRedirectOptions `json:"redirectOptions,omitempty"`
 
 	// ServerResponse contains the HTTP response code and headers from the
@@ -45101,7 +46802,13 @@ type SecurityPolicyRuleMatcher struct {
 
 	// Expr: User defined CEVAL expression. A CEVAL expression is used to
 	// specify match criteria such as origin.ip, source.region_code and
-	// contents in the request header.
+	// contents in the request header. Expressions containing
+	// `evaluateThreatIntelligence` require Cloud Armor Managed Protection
+	// Plus tier and are not supported in Edge Policies nor in Regional
+	// Policies. Expressions containing
+	// `evaluatePreconfiguredExpr('sourceiplist-*')` require Cloud Armor
+	// Managed Protection Plus tier and are only supported in Global
+	// Security Policies.
 	Expr *Expr `json:"expr,omitempty"`
 
 	// VersionedExpr: Preconfigured versioned expression. If this field is
@@ -45165,6 +46872,130 @@ func (s *SecurityPolicyRuleMatcherConfig) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+type SecurityPolicyRulePreconfiguredWafConfig struct {
+	// Exclusions: A list of exclusions to apply during preconfigured WAF
+	// evaluation.
+	Exclusions []*SecurityPolicyRulePreconfiguredWafConfigExclusion `json:"exclusions,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Exclusions") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Exclusions") to include in
+	// API requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *SecurityPolicyRulePreconfiguredWafConfig) MarshalJSON() ([]byte, error) {
+	type NoMethod SecurityPolicyRulePreconfiguredWafConfig
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type SecurityPolicyRulePreconfiguredWafConfigExclusion struct {
+	// RequestCookiesToExclude: A list of request cookie names whose value
+	// will be excluded from inspection during preconfigured WAF evaluation.
+	RequestCookiesToExclude []*SecurityPolicyRulePreconfiguredWafConfigExclusionFieldParams `json:"requestCookiesToExclude,omitempty"`
+
+	// RequestHeadersToExclude: A list of request header names whose value
+	// will be excluded from inspection during preconfigured WAF evaluation.
+	RequestHeadersToExclude []*SecurityPolicyRulePreconfiguredWafConfigExclusionFieldParams `json:"requestHeadersToExclude,omitempty"`
+
+	// RequestQueryParamsToExclude: A list of request query parameter names
+	// whose value will be excluded from inspection during preconfigured WAF
+	// evaluation. Note that the parameter can be in the query string or in
+	// the POST body.
+	RequestQueryParamsToExclude []*SecurityPolicyRulePreconfiguredWafConfigExclusionFieldParams `json:"requestQueryParamsToExclude,omitempty"`
+
+	// RequestUrisToExclude: A list of request URIs from the request line to
+	// be excluded from inspection during preconfigured WAF evaluation. When
+	// specifying this field, the query or fragment part should be excluded.
+	RequestUrisToExclude []*SecurityPolicyRulePreconfiguredWafConfigExclusionFieldParams `json:"requestUrisToExclude,omitempty"`
+
+	// TargetRuleIds: A list of target rule IDs under the WAF rule set to
+	// apply the preconfigured WAF exclusion. If omitted, it refers to all
+	// the rule IDs under the WAF rule set.
+	TargetRuleIds []string `json:"targetRuleIds,omitempty"`
+
+	// TargetRuleSet: Target WAF rule set to apply the preconfigured WAF
+	// exclusion.
+	TargetRuleSet string `json:"targetRuleSet,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g.
+	// "RequestCookiesToExclude") to unconditionally include in API
+	// requests. By default, fields with empty or default values are omitted
+	// from API requests. However, any non-pointer, non-interface field
+	// appearing in ForceSendFields will be sent to the server regardless of
+	// whether the field is empty or not. This may be used to include empty
+	// fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "RequestCookiesToExclude")
+	// to include in API requests with the JSON null value. By default,
+	// fields with empty values are omitted from API requests. However, any
+	// field with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *SecurityPolicyRulePreconfiguredWafConfigExclusion) MarshalJSON() ([]byte, error) {
+	type NoMethod SecurityPolicyRulePreconfiguredWafConfigExclusion
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+type SecurityPolicyRulePreconfiguredWafConfigExclusionFieldParams struct {
+	// Op: The match operator for the field.
+	//
+	// Possible values:
+	//   "CONTAINS" - The operator matches if the field value contains the
+	// specified value.
+	//   "ENDS_WITH" - The operator matches if the field value ends with the
+	// specified value.
+	//   "EQUALS" - The operator matches if the field value equals the
+	// specified value.
+	//   "EQUALS_ANY" - The operator matches if the field value is any
+	// value.
+	//   "STARTS_WITH" - The operator matches if the field value starts with
+	// the specified value.
+	Op string `json:"op,omitempty"`
+
+	// Val: The value of the field.
+	Val string `json:"val,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "Op") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "Op") to include in API
+	// requests with the JSON null value. By default, fields with empty
+	// values are omitted from API requests. However, any field with an
+	// empty value appearing in NullFields will be sent to the server as
+	// null. It is an error if a field in this list has a non-empty value.
+	// This may be used to include null fields in Patch requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *SecurityPolicyRulePreconfiguredWafConfigExclusionFieldParams) MarshalJSON() ([]byte, error) {
+	type NoMethod SecurityPolicyRulePreconfiguredWafConfigExclusionFieldParams
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 type SecurityPolicyRuleRateLimitOptions struct {
 	// BanDurationSec: Can only be specified if the action for the rule is
 	// "rate_based_ban". If specified, determines the time (in seconds) the
@@ -45216,6 +47047,13 @@ type SecurityPolicyRuleRateLimitOptions struct {
 	//   "XFF_IP"
 	EnforceOnKey string `json:"enforceOnKey,omitempty"`
 
+	// EnforceOnKeyConfigs: If specified, any combination of values of
+	// enforce_on_key_type/enforce_on_key_name is treated as the key on
+	// which ratelimit threshold/action is enforced. You can specify up to 3
+	// enforce_on_key_configs. If enforce_on_key_configs is specified,
+	// enforce_on_key must not be specified.
+	EnforceOnKeyConfigs []*SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig `json:"enforceOnKeyConfigs,omitempty"`
+
 	// EnforceOnKeyName: Rate limit key name applicable only for the
 	// following key types: HTTP_HEADER -- Name of the HTTP header whose
 	// value is taken as the key value. HTTP_COOKIE -- Name of the HTTP
@@ -45227,12 +47065,14 @@ type SecurityPolicyRuleRateLimitOptions struct {
 	// response code, or redirect to a different endpoint. Valid options are
 	// `deny(STATUS)`, where valid values for `STATUS` are 403, 404, 429,
 	// and 502, and `redirect`, where the redirect parameters come from
-	// `exceedRedirectOptions` below.
+	// `exceedRedirectOptions` below. The `redirect` action is only
+	// supported in Global Security Policies of type CLOUD_ARMOR.
 	ExceedAction string `json:"exceedAction,omitempty"`
 
 	// ExceedRedirectOptions: Parameters defining the redirect action that
 	// is used as the exceed action. Cannot be specified if the exceed
-	// action is not redirect.
+	// action is not redirect. This field is only supported in Global
+	// Security Policies of type CLOUD_ARMOR.
 	ExceedRedirectOptions *SecurityPolicyRuleRedirectOptions `json:"exceedRedirectOptions,omitempty"`
 
 	// RateLimitThreshold: Threshold at which to begin ratelimiting.
@@ -45262,6 +47102,71 @@ func (s *SecurityPolicyRuleRateLimitOptions) MarshalJSON() ([]byte, error) {
 	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
 }
 
+type SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig struct {
+	// EnforceOnKeyName: Rate limit key name applicable only for the
+	// following key types: HTTP_HEADER -- Name of the HTTP header whose
+	// value is taken as the key value. HTTP_COOKIE -- Name of the HTTP
+	// cookie whose value is taken as the key value.
+	EnforceOnKeyName string `json:"enforceOnKeyName,omitempty"`
+
+	// EnforceOnKeyType: Determines the key to enforce the
+	// rate_limit_threshold on. Possible values are: - ALL: A single rate
+	// limit threshold is applied to all the requests matching this rule.
+	// This is the default value if "enforceOnKeyConfigs" is not configured.
+	// - IP: The source IP address of the request is the key. Each IP has
+	// this limit enforced separately. - HTTP_HEADER: The value of the HTTP
+	// header whose name is configured under "enforceOnKeyName". The key
+	// value is truncated to the first 128 bytes of the header value. If no
+	// such header is present in the request, the key type defaults to ALL.
+	// - XFF_IP: The first IP address (i.e. the originating client IP
+	// address) specified in the list of IPs under X-Forwarded-For HTTP
+	// header. If no such header is present or the value is not a valid IP,
+	// the key defaults to the source IP address of the request i.e. key
+	// type IP. - HTTP_COOKIE: The value of the HTTP cookie whose name is
+	// configured under "enforceOnKeyName". The key value is truncated to
+	// the first 128 bytes of the cookie value. If no such cookie is present
+	// in the request, the key type defaults to ALL. - HTTP_PATH: The URL
+	// path of the HTTP request. The key value is truncated to the first 128
+	// bytes. - SNI: Server name indication in the TLS session of the HTTPS
+	// request. The key value is truncated to the first 128 bytes. The key
+	// type defaults to ALL on a HTTP session. - REGION_CODE: The
+	// country/region from which the request originates.
+	//
+	// Possible values:
+	//   "ALL"
+	//   "HTTP_COOKIE"
+	//   "HTTP_HEADER"
+	//   "HTTP_PATH"
+	//   "IP"
+	//   "REGION_CODE"
+	//   "SNI"
+	//   "XFF_IP"
+	EnforceOnKeyType string `json:"enforceOnKeyType,omitempty"`
+
+	// ForceSendFields is a list of field names (e.g. "EnforceOnKeyName") to
+	// unconditionally include in API requests. By default, fields with
+	// empty or default values are omitted from API requests. However, any
+	// non-pointer, non-interface field appearing in ForceSendFields will be
+	// sent to the server regardless of whether the field is empty or not.
+	// This may be used to include empty fields in Patch requests.
+	ForceSendFields []string `json:"-"`
+
+	// NullFields is a list of field names (e.g. "EnforceOnKeyName") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
+	NullFields []string `json:"-"`
+}
+
+func (s *SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig) MarshalJSON() ([]byte, error) {
+	type NoMethod SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig
+	raw := NoMethod(*s)
+	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
 type SecurityPolicyRuleRateLimitOptionsThreshold struct {
 	// Count: Number of HTTP(S) requests for calculating the threshold.
 	Count int64 `json:"count,omitempty"`
@@ -45335,7 +47240,7 @@ type SecuritySettings struct {
 	// should authenticate with this service's backends. clientTlsPolicy
 	// only applies to a global BackendService with the loadBalancingScheme
 	// set to INTERNAL_SELF_MANAGED. If left blank, communications are not
-	// encrypted. Note: This field currently has no impact.
+	// encrypted.
 	ClientTlsPolicy string `json:"clientTlsPolicy,omitempty"`
 
 	// SubjectAltNames: Optional. A list of Subject Alternative Names (SANs)
@@ -45350,8 +47255,7 @@ type SecuritySettings struct {
 	// Public Key Infrastructure which provisions server identities. Only
 	// applies to a global BackendService with loadBalancingScheme set to
 	// INTERNAL_SELF_MANAGED. Only applies when BackendService has an
-	// attached clientTlsPolicy with clientCertificate (mTLS mode). Note:
-	// This field currently has no impact.
+	// attached clientTlsPolicy with clientCertificate (mTLS mode).
 	SubjectAltNames []string `json:"subjectAltNames,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g. "ClientTlsPolicy") to
@@ -45500,7 +47404,7 @@ func (s *ServiceAccount) MarshalJSON() ([]byte, error) {
 // attachment represents a service that a producer has exposed. It
 // encapsulates the load balancer which fronts the service runs and a
 // list of NAT IP ranges that the producers uses to represent the
-// consumers connecting to the service. next tag = 20
+// consumers connecting to the service.
 type ServiceAttachment struct {
 	// ConnectedEndpoints: [Output Only] An array of connections for all the
 	// consumers connected to this service attachment.
@@ -45585,6 +47489,18 @@ type ServiceAttachment struct {
 	// the PSC service attachment.
 	PscServiceAttachmentId *Uint128 `json:"pscServiceAttachmentId,omitempty"`
 
+	// ReconcileConnections: This flag determines whether a consumer
+	// accept/reject list change can reconcile the statuses of existing
+	// ACCEPTED or REJECTED PSC endpoints. - If false, connection policy
+	// update will only affect existing PENDING PSC endpoints. Existing
+	// ACCEPTED/REJECTED endpoints will remain untouched regardless how the
+	// connection policy is modified . - If true, update will affect both
+	// PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED
+	// PSC endpoint will be moved to REJECTED if its project is added to the
+	// reject list. For newly created service attachment, this boolean
+	// defaults to true.
+	ReconcileConnections bool `json:"reconcileConnections,omitempty"`
+
 	// Region: [Output Only] URL of the region where the service attachment
 	// resides. This field applies only to the region resource. You must
 	// specify this field as part of the HTTP request URL. It is not
@@ -45712,6 +47628,9 @@ type ServiceAttachmentAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -45822,6 +47741,9 @@ func (s *ServiceAttachmentAggregatedListWarningData) MarshalJSON() ([]byte, erro
 // ServiceAttachmentConnectedEndpoint: [Output Only] A connection
 // connected to this service attachment.
 type ServiceAttachmentConnectedEndpoint struct {
+	// ConsumerNetwork: The url of the consumer network.
+	ConsumerNetwork string `json:"consumerNetwork,omitempty"`
+
 	// Endpoint: The url of a connected endpoint.
 	Endpoint string `json:"endpoint,omitempty"`
 
@@ -45843,7 +47765,7 @@ type ServiceAttachmentConnectedEndpoint struct {
 	//   "STATUS_UNSPECIFIED"
 	Status string `json:"status,omitempty"`
 
-	// ForceSendFields is a list of field names (e.g. "Endpoint") to
+	// ForceSendFields is a list of field names (e.g. "ConsumerNetwork") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
 	// non-pointer, non-interface field appearing in ForceSendFields will be
@@ -45851,12 +47773,13 @@ type ServiceAttachmentConnectedEndpoint struct {
 	// This may be used to include empty fields in Patch requests.
 	ForceSendFields []string `json:"-"`
 
-	// NullFields is a list of field names (e.g. "Endpoint") to include in
-	// API requests with the JSON null value. By default, fields with empty
-	// values are omitted from API requests. However, any field with an
-	// empty value appearing in NullFields will be sent to the server as
-	// null. It is an error if a field in this list has a non-empty value.
-	// This may be used to include null fields in Patch requests.
+	// NullFields is a list of field names (e.g. "ConsumerNetwork") to
+	// include in API requests with the JSON null value. By default, fields
+	// with empty values are omitted from API requests. However, any field
+	// with an empty value appearing in NullFields will be sent to the
+	// server as null. It is an error if a field in this list has a
+	// non-empty value. This may be used to include null fields in Patch
+	// requests.
 	NullFields []string `json:"-"`
 }
 
@@ -45983,6 +47906,9 @@ type ServiceAttachmentListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -46152,6 +48078,9 @@ type ServiceAttachmentsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -46787,6 +48716,9 @@ type SnapshotListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -47265,6 +49197,9 @@ type SslCertificateAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -47454,6 +49389,9 @@ type SslCertificateListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -47717,6 +49655,9 @@ type SslCertificatesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -47911,6 +49852,9 @@ type SslPoliciesAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -48099,6 +50043,9 @@ type SslPoliciesListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -48296,6 +50243,9 @@ type SslPoliciesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -48547,6 +50497,9 @@ type SslPolicyWarnings struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -48795,8 +50748,8 @@ type Subnetwork struct {
 	// If this field is not explicitly set, it will not appear in get
 	// listings. If not set the default behavior is determined by the org
 	// policy, if there is no org policy specified, then it will default to
-	// disabled. This field isn't supported with the purpose field set to
-	// INTERNAL_HTTPS_LOAD_BALANCER.
+	// disabled. This field isn't supported if the subnet purpose field is
+	// set to REGIONAL_MANAGED_PROXY.
 	EnableFlowLogs bool `json:"enableFlowLogs,omitempty"`
 
 	// ExternalIpv6Prefix: The external IPv6 address range that is owned by
@@ -48889,12 +50842,20 @@ type Subnetwork struct {
 	PrivateIpv6GoogleAccess string `json:"privateIpv6GoogleAccess,omitempty"`
 
 	// Purpose: The purpose of the resource. This field can be either
-	// PRIVATE_RFC_1918 or INTERNAL_HTTPS_LOAD_BALANCER. A subnetwork with
-	// purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a user-created
-	// subnetwork that is reserved for Internal HTTP(S) Load Balancing. If
-	// unspecified, the purpose defaults to PRIVATE_RFC_1918. The
-	// enableFlowLogs field isn't supported with the purpose field set to
-	// INTERNAL_HTTPS_LOAD_BALANCER.
+	// PRIVATE, REGIONAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT, or
+	// INTERNAL_HTTPS_LOAD_BALANCER. PRIVATE is the default purpose for
+	// user-created subnets or subnets that are automatically created in
+	// auto mode networks. A subnet with purpose set to
+	// REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved
+	// for regional Envoy-based load balancers. A subnet with purpose set to
+	// PRIVATE_SERVICE_CONNECT is used to publish services using Private
+	// Service Connect. A subnet with purpose set to
+	// INTERNAL_HTTPS_LOAD_BALANCER is a proxy-only subnet that can be used
+	// only by regional internal HTTP(S) load balancers. Note that
+	// REGIONAL_MANAGED_PROXY is the preferred setting for all regional
+	// Envoy load balancers. If unspecified, the subnet purpose defaults to
+	// PRIVATE. The enableFlowLogs field isn't supported if the subnet
+	// purpose field is set to REGIONAL_MANAGED_PROXY.
 	//
 	// Possible values:
 	//   "INTERNAL_HTTPS_LOAD_BALANCER" - Subnet reserved for Internal
@@ -48913,9 +50874,9 @@ type Subnetwork struct {
 	Region string `json:"region,omitempty"`
 
 	// Role: The role of subnetwork. Currently, this field is only used when
-	// purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to
-	// ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently being
-	// used for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one
+	// purpose = REGIONAL_MANAGED_PROXY. The value can be set to ACTIVE or
+	// BACKUP. An ACTIVE subnetwork is one that is currently being used for
+	// Envoy-based load balancers in a region. A BACKUP subnetwork is one
 	// that is ready to be promoted to ACTIVE or is currently draining. This
 	// field can be updated with a patch request.
 	//
@@ -49072,6 +51033,9 @@ type SubnetworkAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -49261,6 +51225,9 @@ type SubnetworkListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -49390,6 +51357,8 @@ type SubnetworkLogConfig struct {
 	// field is not explicitly set, it will not appear in get listings. If
 	// not set the default behavior is determined by the org policy, if
 	// there is no org policy specified, then it will default to disabled.
+	// Flow logging isn't supported if the subnet purpose field is set to
+	// REGIONAL_MANAGED_PROXY.
 	Enable bool `json:"enable,omitempty"`
 
 	// FilterExpr: Can only be specified if VPC flow logs for this
@@ -49589,6 +51558,9 @@ type SubnetworksScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -50067,6 +52039,9 @@ type TargetGrpcProxyListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -50236,6 +52211,9 @@ type TargetHttpProxiesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -50371,6 +52349,15 @@ type TargetHttpProxy struct {
 	// to retrieve the TargetHttpProxy.
 	Fingerprint string `json:"fingerprint,omitempty"`
 
+	// HttpKeepAliveTimeoutSec: Specifies how long to keep a connection
+	// open, after completing a response, while there is no matching traffic
+	// (in seconds). If an HTTP keep-alive is not specified, a default value
+	// (610 seconds) will be used. For Global external HTTP(S) load
+	// balancer, the minimum allowed value is 5 seconds and the maximum
+	// allowed value is 1200 seconds. For Global external HTTP(S) load
+	// balancer (classic), this option is not available publicly.
+	HttpKeepAliveTimeoutSec int64 `json:"httpKeepAliveTimeoutSec,omitempty"`
+
 	// Id: [Output Only] The unique identifier for the resource. This
 	// identifier is defined by the server.
 	Id uint64 `json:"id,omitempty,string"`
@@ -50576,6 +52563,9 @@ type TargetHttpProxyListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -50745,6 +52735,9 @@ type TargetHttpsProxiesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -50854,7 +52847,9 @@ func (s *TargetHttpsProxiesScopedListWarningData) MarshalJSON() ([]byte, error)
 
 type TargetHttpsProxiesSetCertificateMapRequest struct {
 	// CertificateMap: URL of the Certificate Map to associate with this
-	// TargetHttpsProxy.
+	// TargetHttpsProxy. Accepted format is
+	// //certificatemanager.googleapis.com/projects/{project
+	// }/locations/{location}/certificateMaps/{resourceName}.
 	CertificateMap string `json:"certificateMap,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g. "CertificateMap") to
@@ -50971,7 +52966,9 @@ type TargetHttpsProxy struct {
 	// CertificateMap: URL of a certificate map that identifies a
 	// certificate map associated with the given target proxy. This field
 	// can only be set for global target proxies. If set, sslCertificates
-	// will be ignored.
+	// will be ignored. Accepted format is
+	// //certificatemanager.googleapis.com/projects/{project
+	// }/locations/{location}/certificateMaps/{resourceName}.
 	CertificateMap string `json:"certificateMap,omitempty"`
 
 	// CreationTimestamp: [Output Only] Creation timestamp in RFC3339 text
@@ -50991,6 +52988,15 @@ type TargetHttpsProxy struct {
 	// to retrieve the TargetHttpsProxy.
 	Fingerprint string `json:"fingerprint,omitempty"`
 
+	// HttpKeepAliveTimeoutSec: Specifies how long to keep a connection
+	// open, after completing a response, while there is no matching traffic
+	// (in seconds). If an HTTP keep-alive is not specified, a default value
+	// (610 seconds) will be used. For Global external HTTP(S) load
+	// balancer, the minimum allowed value is 5 seconds and the maximum
+	// allowed value is 1200 seconds. For Global external HTTP(S) load
+	// balancer (classic), this option is not available publicly.
+	HttpKeepAliveTimeoutSec int64 `json:"httpKeepAliveTimeoutSec,omitempty"`
+
 	// Id: [Output Only] The unique identifier for the resource. This
 	// identifier is defined by the server.
 	Id uint64 `json:"id,omitempty,string"`
@@ -51049,9 +53055,11 @@ type TargetHttpsProxy struct {
 	// networksecurity.ServerTlsPolicy resource that describes how the proxy
 	// should authenticate inbound traffic. serverTlsPolicy only applies to
 	// a global TargetHttpsProxy attached to globalForwardingRules with the
-	// loadBalancingScheme set to INTERNAL_SELF_MANAGED. If left blank,
-	// communications are not encrypted. Note: This field currently has no
-	// impact.
+	// loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL or
+	// EXTERNAL_MANAGED. For details which ServerTlsPolicy resources are
+	// accepted with INTERNAL_SELF_MANAGED and which with EXTERNAL,
+	// EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy
+	// documentation. If left blank, communications are not encrypted.
 	ServerTlsPolicy string `json:"serverTlsPolicy,omitempty"`
 
 	// SslCertificates: URLs to SslCertificate resources that are used to
@@ -51188,6 +53196,9 @@ type TargetHttpsProxyAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -51378,6 +53389,9 @@ type TargetHttpsProxyListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -51658,6 +53672,9 @@ type TargetInstanceAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -51847,6 +53864,9 @@ type TargetInstanceListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -52015,6 +54035,9 @@ type TargetInstancesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -52364,6 +54387,9 @@ type TargetPoolAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -52588,6 +54614,9 @@ type TargetPoolListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -52874,6 +54903,9 @@ type TargetPoolsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -53037,7 +55069,9 @@ func (s *TargetSslProxiesSetBackendServiceRequest) MarshalJSON() ([]byte, error)
 
 type TargetSslProxiesSetCertificateMapRequest struct {
 	// CertificateMap: URL of the Certificate Map to associate with this
-	// TargetSslProxy.
+	// TargetSslProxy. Accepted format is
+	// //certificatemanager.googleapis.com/projects/{project
+	// }/locations/{location}/certificateMaps/{resourceName}.
 	CertificateMap string `json:"certificateMap,omitempty"`
 
 	// ForceSendFields is a list of field names (e.g. "CertificateMap") to
@@ -53135,7 +55169,9 @@ type TargetSslProxy struct {
 	// CertificateMap: URL of a certificate map that identifies a
 	// certificate map associated with the given target proxy. This field
 	// can only be set for global target proxies. If set, sslCertificates
-	// will be ignored.
+	// will be ignored. Accepted format is
+	// //certificatemanager.googleapis.com/projects/{project
+	// }/locations/{location}/certificateMaps/{resourceName}.
 	CertificateMap string `json:"certificateMap,omitempty"`
 
 	// CreationTimestamp: [Output Only] Creation timestamp in RFC3339 text
@@ -53300,6 +55336,9 @@ type TargetSslProxyListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -53468,6 +55507,9 @@ type TargetTcpProxiesScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -53809,6 +55851,9 @@ type TargetTcpProxyAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -53998,6 +56043,9 @@ type TargetTcpProxyListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -54130,6 +56178,21 @@ type TargetVpnGateway struct {
 	// for target VPN gateways.
 	Kind string `json:"kind,omitempty"`
 
+	// LabelFingerprint: A fingerprint for the labels being applied to this
+	// TargetVpnGateway, which is essentially a hash of the labels set used
+	// for optimistic locking. The fingerprint is initially generated by
+	// Compute Engine and changes after every request to modify or update
+	// labels. You must always provide an up-to-date fingerprint hash in
+	// order to update or change labels, otherwise the request will fail
+	// with error 412 conditionNotMet. To see the latest fingerprint, make a
+	// get() request to retrieve a TargetVpnGateway.
+	LabelFingerprint string `json:"labelFingerprint,omitempty"`
+
+	// Labels: Labels for this resource. These can only be added or modified
+	// by the setLabels method. Each label key/value pair must comply with
+	// RFC1035. Label values may be empty.
+	Labels map[string]string `json:"labels,omitempty"`
+
 	// Name: Name of the resource. Provided by the client when the resource
 	// is created. The name must be 1-63 characters long, and comply with
 	// RFC1035. Specifically, the name must be 1-63 characters long and
@@ -54279,6 +56342,9 @@ type TargetVpnGatewayAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -54469,6 +56535,9 @@ type TargetVpnGatewayListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -54638,6 +56707,9 @@ type TargetVpnGatewaysScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -55117,6 +57189,9 @@ type UrlMapListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -55470,6 +57545,9 @@ type UrlMapsAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -55637,6 +57715,9 @@ type UrlMapsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -55842,6 +57923,22 @@ type UrlRewrite struct {
 	// characters.
 	PathPrefixRewrite string `json:"pathPrefixRewrite,omitempty"`
 
+	// PathTemplateRewrite:  If specified, the pattern rewrites the URL path
+	// (based on the :path header) using the HTTP template syntax. A
+	// corresponding path_template_match must be specified. Any template
+	// variables must exist in the path_template_match field. - -At least
+	// one variable must be specified in the path_template_match field - You
+	// can omit variables from the rewritten URL - The * and ** operators
+	// cannot be matched unless they have a corresponding variable name -
+	// e.g. {format=*} or {var=**}. For example, a path_template_match of
+	// /static/{format=**} could be rewritten as /static/content/{format} to
+	// prefix /content to the URL. Variables can also be re-ordered in a
+	// rewrite, so that /{country}/{format}/{suffix=**} can be rewritten as
+	// /content/{format}/{country}/{suffix}. At least one non-empty
+	// routeRules[].matchRules[].path_template_match is required. Only one
+	// of path_prefix_rewrite or path_template_rewrite may be specified.
+	PathTemplateRewrite string `json:"pathTemplateRewrite,omitempty"`
+
 	// ForceSendFields is a list of field names (e.g. "HostRewrite") to
 	// unconditionally include in API requests. By default, fields with
 	// empty or default values are omitted from API requests. However, any
@@ -55895,12 +57992,20 @@ type UsableSubnetwork struct {
 	Network string `json:"network,omitempty"`
 
 	// Purpose: The purpose of the resource. This field can be either
-	// PRIVATE_RFC_1918 or INTERNAL_HTTPS_LOAD_BALANCER. A subnetwork with
-	// purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a user-created
-	// subnetwork that is reserved for Internal HTTP(S) Load Balancing. If
-	// unspecified, the purpose defaults to PRIVATE_RFC_1918. The
-	// enableFlowLogs field isn't supported with the purpose field set to
-	// INTERNAL_HTTPS_LOAD_BALANCER.
+	// PRIVATE, REGIONAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT, or
+	// INTERNAL_HTTPS_LOAD_BALANCER. PRIVATE is the default purpose for
+	// user-created subnets or subnets that are automatically created in
+	// auto mode networks. A subnet with purpose set to
+	// REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved
+	// for regional Envoy-based load balancers. A subnet with purpose set to
+	// PRIVATE_SERVICE_CONNECT is used to publish services using Private
+	// Service Connect. A subnet with purpose set to
+	// INTERNAL_HTTPS_LOAD_BALANCER is a proxy-only subnet that can be used
+	// only by regional internal HTTP(S) load balancers. Note that
+	// REGIONAL_MANAGED_PROXY is the preferred setting for all regional
+	// Envoy load balancers. If unspecified, the subnet purpose defaults to
+	// PRIVATE. The enableFlowLogs field isn't supported if the subnet
+	// purpose field is set to REGIONAL_MANAGED_PROXY.
 	//
 	// Possible values:
 	//   "INTERNAL_HTTPS_LOAD_BALANCER" - Subnet reserved for Internal
@@ -55915,9 +58020,9 @@ type UsableSubnetwork struct {
 	Purpose string `json:"purpose,omitempty"`
 
 	// Role: The role of subnetwork. Currently, this field is only used when
-	// purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to
-	// ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently being
-	// used for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one
+	// purpose = REGIONAL_MANAGED_PROXY. The value can be set to ACTIVE or
+	// BACKUP. An ACTIVE subnetwork is one that is currently being used for
+	// Envoy-based load balancers in a region. A BACKUP subnetwork is one
 	// that is ready to be promoted to ACTIVE or is currently draining. This
 	// field can be updated with a patch request.
 	//
@@ -56090,6 +58195,9 @@ type UsableSubnetworksAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -56471,6 +58579,9 @@ type VmEndpointNatMappingsListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -56762,6 +58873,9 @@ type VpnGatewayAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -56951,6 +59065,9 @@ type VpnGatewayListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -57146,7 +59263,7 @@ type VpnGatewayStatusTunnel struct {
 
 	// PeerGatewayInterface: The peer gateway interface this VPN tunnel is
 	// connected to, the peer gateway could either be an external VPN
-	// gateway or GCP VPN gateway.
+	// gateway or a Google Cloud VPN gateway.
 	PeerGatewayInterface int64 `json:"peerGatewayInterface,omitempty"`
 
 	// TunnelUrl: URL reference to the VPN tunnel.
@@ -57179,8 +59296,8 @@ func (s *VpnGatewayStatusTunnel) MarshalJSON() ([]byte, error) {
 
 // VpnGatewayStatusVpnConnection: A VPN connection contains all VPN
 // tunnels connected from this VpnGateway to the same peer gateway. The
-// peer gateway could either be a external VPN gateway or GCP VPN
-// gateway.
+// peer gateway could either be an external VPN gateway or a Google
+// Cloud VPN gateway.
 type VpnGatewayStatusVpnConnection struct {
 	// PeerExternalGateway: URL reference to the peer external VPN gateways
 	// to which the VPN tunnels in this VPN connection are connected. This
@@ -57362,6 +59479,9 @@ type VpnGatewaysScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -57497,6 +59617,21 @@ type VpnTunnel struct {
 	// VPN tunnels.
 	Kind string `json:"kind,omitempty"`
 
+	// LabelFingerprint: A fingerprint for the labels being applied to this
+	// VpnTunnel, which is essentially a hash of the labels set used for
+	// optimistic locking. The fingerprint is initially generated by Compute
+	// Engine and changes after every request to modify or update labels.
+	// You must always provide an up-to-date fingerprint hash in order to
+	// update or change labels, otherwise the request will fail with error
+	// 412 conditionNotMet. To see the latest fingerprint, make a get()
+	// request to retrieve a VpnTunnel.
+	LabelFingerprint string `json:"labelFingerprint,omitempty"`
+
+	// Labels: Labels for this resource. These can only be added or modified
+	// by the setLabels method. Each label key/value pair must comply with
+	// RFC1035. Label values may be empty.
+	Labels map[string]string `json:"labels,omitempty"`
+
 	// LocalTrafficSelector: Local traffic selector to use when establishing
 	// the VPN tunnel with the peer VPN gateway. The value should be a CIDR
 	// formatted string, for example: 192.168.0.0/16. The ranges must be
@@ -57735,6 +59870,9 @@ type VpnTunnelAggregatedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -57924,6 +60062,9 @@ type VpnTunnelListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -58091,6 +60232,9 @@ type VpnTunnelsScopedListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -58408,6 +60552,9 @@ type XpnHostListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -58710,6 +60857,9 @@ type ZoneListWarning struct {
 	// HTTP/HTTPS/HTTP2.
 	//   "LARGE_DEPLOYMENT_WARNING" - When deploying a deployment with a
 	// exceedingly large number of resources
+	//   "LIST_OVERHEAD_QUOTA_EXCEED" - Resource can't be retrieved due to
+	// list overhead quota exceed which captures the amount of resources
+	// filtered out by user-defined list filter.
 	//   "MISSING_TYPE_DEPENDENCY" - A resource depends on a missing type
 	//   "NEXT_HOP_ADDRESS_NOT_ASSIGNED" - The route's nextHopIp address is
 	// not assigned to an instance on the network.
@@ -60768,6 +62918,194 @@ func (c *AddressesListCall) Pages(ctx context.Context, f func(*AddressList) erro
 	}
 }
 
+// method id "compute.addresses.move":
+
+type AddressesMoveCall struct {
+	s                          *Service
+	project                    string
+	region                     string
+	address                    string
+	regionaddressesmoverequest *RegionAddressesMoveRequest
+	urlParams_                 gensupport.URLParams
+	ctx_                       context.Context
+	header_                    http.Header
+}
+
+// Move: Moves the specified address resource.
+//
+// - address: Name of the address resource to move.
+// - project: Source project ID which the Address is moved from.
+// - region: Name of the region for this request.
+func (r *AddressesService) Move(project string, region string, address string, regionaddressesmoverequest *RegionAddressesMoveRequest) *AddressesMoveCall {
+	c := &AddressesMoveCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.region = region
+	c.address = address
+	c.regionaddressesmoverequest = regionaddressesmoverequest
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *AddressesMoveCall) RequestId(requestId string) *AddressesMoveCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *AddressesMoveCall) Fields(s ...googleapi.Field) *AddressesMoveCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *AddressesMoveCall) Context(ctx context.Context) *AddressesMoveCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *AddressesMoveCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *AddressesMoveCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.regionaddressesmoverequest)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/addresses/{address}/move")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+		"region":  c.region,
+		"address": c.address,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.addresses.move" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *AddressesMoveCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Moves the specified address resource.",
+	//   "flatPath": "projects/{project}/regions/{region}/addresses/{address}/move",
+	//   "httpMethod": "POST",
+	//   "id": "compute.addresses.move",
+	//   "parameterOrder": [
+	//     "project",
+	//     "region",
+	//     "address"
+	//   ],
+	//   "parameters": {
+	//     "address": {
+	//       "description": "Name of the address resource to move.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Source project ID which the Address is moved from.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "region": {
+	//       "description": "Name of the region for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/regions/{region}/addresses/{address}/move",
+	//   "request": {
+	//     "$ref": "RegionAddressesMoveRequest"
+	//   },
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
 // method id "compute.addresses.setLabels":
 
 type AddressesSetLabelsCall struct {
@@ -61445,8 +63783,7 @@ type AutoscalersGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified autoscaler resource. Gets a list of
-// available autoscalers by making a list() request.
+// Get: Returns the specified autoscaler resource.
 //
 // - autoscaler: Name of the autoscaler to return.
 // - project: Project ID for this request.
@@ -61560,7 +63897,7 @@ func (c *AutoscalersGetCall) Do(opts ...googleapi.CallOption) (*Autoscaler, erro
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified autoscaler resource. Gets a list of available autoscalers by making a list() request.",
+	//   "description": "Returns the specified autoscaler resource.",
 	//   "flatPath": "projects/{project}/zones/{zone}/autoscalers/{autoscaler}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.autoscalers.get",
@@ -62986,8 +65323,7 @@ type BackendBucketsGetCall struct {
 	header_       http.Header
 }
 
-// Get: Returns the specified BackendBucket resource. Gets a list of
-// available backend buckets by making a list() request.
+// Get: Returns the specified BackendBucket resource.
 //
 // - backendBucket: Name of the BackendBucket resource to return.
 // - project: Project ID for this request.
@@ -63098,7 +65434,7 @@ func (c *BackendBucketsGetCall) Do(opts ...googleapi.CallOption) (*BackendBucket
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified BackendBucket resource. Gets a list of available backend buckets by making a list() request.",
+	//   "description": "Returns the specified BackendBucket resource.",
 	//   "flatPath": "projects/{project}/global/backendBuckets/{backendBucket}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.backendBuckets.get",
@@ -64941,8 +67277,7 @@ type BackendServicesGetCall struct {
 	header_        http.Header
 }
 
-// Get: Returns the specified BackendService resource. Gets a list of
-// available backend services.
+// Get: Returns the specified BackendService resource.
 //
 // - backendService: Name of the BackendService resource to return.
 // - project: Project ID for this request.
@@ -65053,7 +67388,7 @@ func (c *BackendServicesGetCall) Do(opts ...googleapi.CallOption) (*BackendServi
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified BackendService resource. Gets a list of available backend services.",
+	//   "description": "Returns the specified BackendService resource.",
 	//   "flatPath": "projects/{project}/global/backendServices/{backendService}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.backendServices.get",
@@ -67047,8 +69382,7 @@ type DiskTypesGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified disk type. Gets a list of available disk
-// types by making a list() request.
+// Get: Returns the specified disk type.
 //
 // - diskType: Name of the disk type to return.
 // - project: Project ID for this request.
@@ -67162,7 +69496,7 @@ func (c *DiskTypesGetCall) Do(opts ...googleapi.CallOption) (*DiskType, error) {
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified disk type. Gets a list of available disk types by making a list() request.",
+	//   "description": "Returns the specified disk type.",
 	//   "flatPath": "projects/{project}/zones/{zone}/diskTypes/{diskType}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.diskTypes.get",
@@ -67986,41 +70320,27 @@ func (c *DisksAggregatedListCall) Pages(ctx context.Context, f func(*DiskAggrega
 	}
 }
 
-// method id "compute.disks.createSnapshot":
+// method id "compute.disks.bulkInsert":
 
-type DisksCreateSnapshotCall struct {
-	s          *Service
-	project    string
-	zone       string
-	disk       string
-	snapshot   *Snapshot
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
+type DisksBulkInsertCall struct {
+	s                      *Service
+	project                string
+	zone                   string
+	bulkinsertdiskresource *BulkInsertDiskResource
+	urlParams_             gensupport.URLParams
+	ctx_                   context.Context
+	header_                http.Header
 }
 
-// CreateSnapshot: Creates a snapshot of a specified persistent disk.
-// For regular snapshot creation, consider using snapshots.insert
-// instead, as that method supports more features, such as creating
-// snapshots in a project different from the source disk project.
+// BulkInsert: Bulk create a set of disks.
 //
-// - disk: Name of the persistent disk to snapshot.
 // - project: Project ID for this request.
 // - zone: The name of the zone for this request.
-func (r *DisksService) CreateSnapshot(project string, zone string, disk string, snapshot *Snapshot) *DisksCreateSnapshotCall {
-	c := &DisksCreateSnapshotCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *DisksService) BulkInsert(project string, zone string, bulkinsertdiskresource *BulkInsertDiskResource) *DisksBulkInsertCall {
+	c := &DisksBulkInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.zone = zone
-	c.disk = disk
-	c.snapshot = snapshot
-	return c
-}
-
-// GuestFlush sets the optional parameter "guestFlush": [Input Only]
-// Whether to attempt an application consistent snapshot by informing
-// the OS to prepare for the snapshot process.
-func (c *DisksCreateSnapshotCall) GuestFlush(guestFlush bool) *DisksCreateSnapshotCall {
-	c.urlParams_.Set("guestFlush", fmt.Sprint(guestFlush))
+	c.bulkinsertdiskresource = bulkinsertdiskresource
 	return c
 }
 
@@ -68035,7 +70355,7 @@ func (c *DisksCreateSnapshotCall) GuestFlush(guestFlush bool) *DisksCreateSnapsh
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *DisksCreateSnapshotCall) RequestId(requestId string) *DisksCreateSnapshotCall {
+func (c *DisksBulkInsertCall) RequestId(requestId string) *DisksBulkInsertCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -68043,7 +70363,7 @@ func (c *DisksCreateSnapshotCall) RequestId(requestId string) *DisksCreateSnapsh
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *DisksCreateSnapshotCall) Fields(s ...googleapi.Field) *DisksCreateSnapshotCall {
+func (c *DisksBulkInsertCall) Fields(s ...googleapi.Field) *DisksBulkInsertCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -68051,21 +70371,21 @@ func (c *DisksCreateSnapshotCall) Fields(s ...googleapi.Field) *DisksCreateSnaps
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *DisksCreateSnapshotCall) Context(ctx context.Context) *DisksCreateSnapshotCall {
+func (c *DisksBulkInsertCall) Context(ctx context.Context) *DisksBulkInsertCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *DisksCreateSnapshotCall) Header() http.Header {
+func (c *DisksBulkInsertCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *DisksCreateSnapshotCall) doRequest(alt string) (*http.Response, error) {
+func (c *DisksBulkInsertCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -68073,14 +70393,14 @@ func (c *DisksCreateSnapshotCall) doRequest(alt string) (*http.Response, error)
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.snapshot)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.bulkinsertdiskresource)
 	if err != nil {
 		return nil, err
 	}
 	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/disks/{disk}/createSnapshot")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/disks/bulkInsert")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -68090,19 +70410,18 @@ func (c *DisksCreateSnapshotCall) doRequest(alt string) (*http.Response, error)
 	googleapi.Expand(req.URL, map[string]string{
 		"project": c.project,
 		"zone":    c.zone,
-		"disk":    c.disk,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.disks.createSnapshot" call.
+// Do executes the "compute.disks.bulkInsert" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *DisksCreateSnapshotCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *DisksBulkInsertCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -68133,28 +70452,15 @@ func (c *DisksCreateSnapshotCall) Do(opts ...googleapi.CallOption) (*Operation,
 	}
 	return ret, nil
 	// {
-	//   "description": "Creates a snapshot of a specified persistent disk. For regular snapshot creation, consider using snapshots.insert instead, as that method supports more features, such as creating snapshots in a project different from the source disk project.",
-	//   "flatPath": "projects/{project}/zones/{zone}/disks/{disk}/createSnapshot",
+	//   "description": "Bulk create a set of disks.",
+	//   "flatPath": "projects/{project}/zones/{zone}/disks/bulkInsert",
 	//   "httpMethod": "POST",
-	//   "id": "compute.disks.createSnapshot",
+	//   "id": "compute.disks.bulkInsert",
 	//   "parameterOrder": [
 	//     "project",
-	//     "zone",
-	//     "disk"
+	//     "zone"
 	//   ],
 	//   "parameters": {
-	//     "disk": {
-	//       "description": "Name of the persistent disk to snapshot.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "guestFlush": {
-	//       "description": "[Input Only] Whether to attempt an application consistent snapshot by informing the OS to prepare for the snapshot process.",
-	//       "location": "query",
-	//       "type": "boolean"
-	//     },
 	//     "project": {
 	//       "description": "Project ID for this request.",
 	//       "location": "path",
@@ -68175,9 +70481,9 @@ func (c *DisksCreateSnapshotCall) Do(opts ...googleapi.CallOption) (*Operation,
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/zones/{zone}/disks/{disk}/createSnapshot",
+	//   "path": "projects/{project}/zones/{zone}/disks/bulkInsert",
 	//   "request": {
-	//     "$ref": "Snapshot"
+	//     "$ref": "BulkInsertDiskResource"
 	//   },
 	//   "response": {
 	//     "$ref": "Operation"
@@ -68190,31 +70496,41 @@ func (c *DisksCreateSnapshotCall) Do(opts ...googleapi.CallOption) (*Operation,
 
 }
 
-// method id "compute.disks.delete":
+// method id "compute.disks.createSnapshot":
 
-type DisksDeleteCall struct {
+type DisksCreateSnapshotCall struct {
 	s          *Service
 	project    string
 	zone       string
 	disk       string
+	snapshot   *Snapshot
 	urlParams_ gensupport.URLParams
 	ctx_       context.Context
 	header_    http.Header
 }
 
-// Delete: Deletes the specified persistent disk. Deleting a disk
-// removes its data permanently and is irreversible. However, deleting a
-// disk does not delete any snapshots previously made from the disk. You
-// must separately delete snapshots.
+// CreateSnapshot: Creates a snapshot of a specified persistent disk.
+// For regular snapshot creation, consider using snapshots.insert
+// instead, as that method supports more features, such as creating
+// snapshots in a project different from the source disk project.
 //
-// - disk: Name of the persistent disk to delete.
+// - disk: Name of the persistent disk to snapshot.
 // - project: Project ID for this request.
 // - zone: The name of the zone for this request.
-func (r *DisksService) Delete(project string, zone string, disk string) *DisksDeleteCall {
-	c := &DisksDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *DisksService) CreateSnapshot(project string, zone string, disk string, snapshot *Snapshot) *DisksCreateSnapshotCall {
+	c := &DisksCreateSnapshotCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.zone = zone
 	c.disk = disk
+	c.snapshot = snapshot
+	return c
+}
+
+// GuestFlush sets the optional parameter "guestFlush": [Input Only]
+// Whether to attempt an application consistent snapshot by informing
+// the OS to prepare for the snapshot process.
+func (c *DisksCreateSnapshotCall) GuestFlush(guestFlush bool) *DisksCreateSnapshotCall {
+	c.urlParams_.Set("guestFlush", fmt.Sprint(guestFlush))
 	return c
 }
 
@@ -68229,7 +70545,7 @@ func (r *DisksService) Delete(project string, zone string, disk string) *DisksDe
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *DisksDeleteCall) RequestId(requestId string) *DisksDeleteCall {
+func (c *DisksCreateSnapshotCall) RequestId(requestId string) *DisksCreateSnapshotCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -68237,7 +70553,7 @@ func (c *DisksDeleteCall) RequestId(requestId string) *DisksDeleteCall {
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *DisksDeleteCall) Fields(s ...googleapi.Field) *DisksDeleteCall {
+func (c *DisksCreateSnapshotCall) Fields(s ...googleapi.Field) *DisksCreateSnapshotCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -68245,21 +70561,21 @@ func (c *DisksDeleteCall) Fields(s ...googleapi.Field) *DisksDeleteCall {
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *DisksDeleteCall) Context(ctx context.Context) *DisksDeleteCall {
+func (c *DisksCreateSnapshotCall) Context(ctx context.Context) *DisksCreateSnapshotCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *DisksDeleteCall) Header() http.Header {
+func (c *DisksCreateSnapshotCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *DisksDeleteCall) doRequest(alt string) (*http.Response, error) {
+func (c *DisksCreateSnapshotCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -68267,11 +70583,16 @@ func (c *DisksDeleteCall) doRequest(alt string) (*http.Response, error) {
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.snapshot)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/disks/{disk}")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/disks/{disk}/createSnapshot")
 	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("DELETE", urls, body)
+	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
 		return nil, err
 	}
@@ -68284,14 +70605,203 @@ func (c *DisksDeleteCall) doRequest(alt string) (*http.Response, error) {
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.disks.delete" call.
+// Do executes the "compute.disks.createSnapshot" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *DisksDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *DisksCreateSnapshotCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Creates a snapshot of a specified persistent disk. For regular snapshot creation, consider using snapshots.insert instead, as that method supports more features, such as creating snapshots in a project different from the source disk project.",
+	//   "flatPath": "projects/{project}/zones/{zone}/disks/{disk}/createSnapshot",
+	//   "httpMethod": "POST",
+	//   "id": "compute.disks.createSnapshot",
+	//   "parameterOrder": [
+	//     "project",
+	//     "zone",
+	//     "disk"
+	//   ],
+	//   "parameters": {
+	//     "disk": {
+	//       "description": "Name of the persistent disk to snapshot.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "guestFlush": {
+	//       "description": "[Input Only] Whether to attempt an application consistent snapshot by informing the OS to prepare for the snapshot process.",
+	//       "location": "query",
+	//       "type": "boolean"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "zone": {
+	//       "description": "The name of the zone for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/zones/{zone}/disks/{disk}/createSnapshot",
+	//   "request": {
+	//     "$ref": "Snapshot"
+	//   },
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.disks.delete":
+
+type DisksDeleteCall struct {
+	s          *Service
+	project    string
+	zone       string
+	disk       string
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// Delete: Deletes the specified persistent disk. Deleting a disk
+// removes its data permanently and is irreversible. However, deleting a
+// disk does not delete any snapshots previously made from the disk. You
+// must separately delete snapshots.
+//
+// - disk: Name of the persistent disk to delete.
+// - project: Project ID for this request.
+// - zone: The name of the zone for this request.
+func (r *DisksService) Delete(project string, zone string, disk string) *DisksDeleteCall {
+	c := &DisksDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.zone = zone
+	c.disk = disk
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *DisksDeleteCall) RequestId(requestId string) *DisksDeleteCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *DisksDeleteCall) Fields(s ...googleapi.Field) *DisksDeleteCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *DisksDeleteCall) Context(ctx context.Context) *DisksDeleteCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *DisksDeleteCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *DisksDeleteCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/disks/{disk}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("DELETE", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+		"zone":    c.zone,
+		"disk":    c.disk,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.disks.delete" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *DisksDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -68383,8 +70893,7 @@ type DisksGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns a specified persistent disk. Gets a list of available
-// persistent disks by making a list() request.
+// Get: Returns the specified persistent disk.
 //
 // - disk: Name of the persistent disk to return.
 // - project: Project ID for this request.
@@ -68498,7 +71007,7 @@ func (c *DisksGetCall) Do(opts ...googleapi.CallOption) (*Disk, error) {
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns a specified persistent disk. Gets a list of available persistent disks by making a list() request.",
+	//   "description": "Returns the specified persistent disk.",
 	//   "flatPath": "projects/{project}/zones/{zone}/disks/{disk}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.disks.get",
@@ -69948,38 +72457,54 @@ func (c *DisksSetLabelsCall) Do(opts ...googleapi.CallOption) (*Operation, error
 
 }
 
-// method id "compute.disks.testIamPermissions":
+// method id "compute.disks.startAsyncReplication":
 
-type DisksTestIamPermissionsCall struct {
-	s                      *Service
-	project                string
-	zone                   string
-	resource               string
-	testpermissionsrequest *TestPermissionsRequest
-	urlParams_             gensupport.URLParams
-	ctx_                   context.Context
-	header_                http.Header
+type DisksStartAsyncReplicationCall struct {
+	s                                 *Service
+	project                           string
+	zone                              string
+	disk                              string
+	disksstartasyncreplicationrequest *DisksStartAsyncReplicationRequest
+	urlParams_                        gensupport.URLParams
+	ctx_                              context.Context
+	header_                           http.Header
 }
 
-// TestIamPermissions: Returns permissions that a caller has on the
-// specified resource.
+// StartAsyncReplication: Starts asynchronous replication. Must be
+// invoked on the primary disk.
 //
+// - disk: The name of the persistent disk.
 // - project: Project ID for this request.
-// - resource: Name or id of the resource for this request.
 // - zone: The name of the zone for this request.
-func (r *DisksService) TestIamPermissions(project string, zone string, resource string, testpermissionsrequest *TestPermissionsRequest) *DisksTestIamPermissionsCall {
-	c := &DisksTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *DisksService) StartAsyncReplication(project string, zone string, disk string, disksstartasyncreplicationrequest *DisksStartAsyncReplicationRequest) *DisksStartAsyncReplicationCall {
+	c := &DisksStartAsyncReplicationCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.zone = zone
-	c.resource = resource
-	c.testpermissionsrequest = testpermissionsrequest
+	c.disk = disk
+	c.disksstartasyncreplicationrequest = disksstartasyncreplicationrequest
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *DisksStartAsyncReplicationCall) RequestId(requestId string) *DisksStartAsyncReplicationCall {
+	c.urlParams_.Set("requestId", requestId)
 	return c
 }
 
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *DisksTestIamPermissionsCall) Fields(s ...googleapi.Field) *DisksTestIamPermissionsCall {
+func (c *DisksStartAsyncReplicationCall) Fields(s ...googleapi.Field) *DisksStartAsyncReplicationCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -69987,21 +72512,21 @@ func (c *DisksTestIamPermissionsCall) Fields(s ...googleapi.Field) *DisksTestIam
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *DisksTestIamPermissionsCall) Context(ctx context.Context) *DisksTestIamPermissionsCall {
+func (c *DisksStartAsyncReplicationCall) Context(ctx context.Context) *DisksStartAsyncReplicationCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *DisksTestIamPermissionsCall) Header() http.Header {
+func (c *DisksStartAsyncReplicationCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *DisksTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
+func (c *DisksStartAsyncReplicationCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -70009,14 +72534,14 @@ func (c *DisksTestIamPermissionsCall) doRequest(alt string) (*http.Response, err
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.testpermissionsrequest)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.disksstartasyncreplicationrequest)
 	if err != nil {
 		return nil, err
 	}
 	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/disks/{resource}/testIamPermissions")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/disks/{disk}/startAsyncReplication")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -70024,21 +72549,21 @@ func (c *DisksTestIamPermissionsCall) doRequest(alt string) (*http.Response, err
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project":  c.project,
-		"zone":     c.zone,
-		"resource": c.resource,
+		"project": c.project,
+		"zone":    c.zone,
+		"disk":    c.disk,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.disks.testIamPermissions" call.
-// Exactly one of *TestPermissionsResponse or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *TestPermissionsResponse.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *DisksTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestPermissionsResponse, error) {
+// Do executes the "compute.disks.startAsyncReplication" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *DisksStartAsyncReplicationCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -70057,7 +72582,7 @@ func (c *DisksTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestPer
 	if err := googleapi.CheckResponse(res); err != nil {
 		return nil, gensupport.WrapError(err)
 	}
-	ret := &TestPermissionsResponse{
+	ret := &Operation{
 		ServerResponse: googleapi.ServerResponse{
 			Header:         res.Header,
 			HTTPStatusCode: res.StatusCode,
@@ -70069,16 +72594,23 @@ func (c *DisksTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestPer
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns permissions that a caller has on the specified resource.",
-	//   "flatPath": "projects/{project}/zones/{zone}/disks/{resource}/testIamPermissions",
+	//   "description": "Starts asynchronous replication. Must be invoked on the primary disk.",
+	//   "flatPath": "projects/{project}/zones/{zone}/disks/{disk}/startAsyncReplication",
 	//   "httpMethod": "POST",
-	//   "id": "compute.disks.testIamPermissions",
+	//   "id": "compute.disks.startAsyncReplication",
 	//   "parameterOrder": [
 	//     "project",
 	//     "zone",
-	//     "resource"
+	//     "disk"
 	//   ],
 	//   "parameters": {
+	//     "disk": {
+	//       "description": "The name of the persistent disk.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
 	//     "project": {
 	//       "description": "Project ID for this request.",
 	//       "location": "path",
@@ -70086,11 +72618,9 @@ func (c *DisksTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestPer
 	//       "required": true,
 	//       "type": "string"
 	//     },
-	//     "resource": {
-	//       "description": "Name or id of the resource for this request.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-	//       "required": true,
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
 	//       "type": "string"
 	//     },
 	//     "zone": {
@@ -70101,55 +72631,44 @@ func (c *DisksTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestPer
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/zones/{zone}/disks/{resource}/testIamPermissions",
+	//   "path": "projects/{project}/zones/{zone}/disks/{disk}/startAsyncReplication",
 	//   "request": {
-	//     "$ref": "TestPermissionsRequest"
+	//     "$ref": "DisksStartAsyncReplicationRequest"
 	//   },
 	//   "response": {
-	//     "$ref": "TestPermissionsResponse"
+	//     "$ref": "Operation"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/compute",
-	//     "https://www.googleapis.com/auth/compute.readonly"
+	//     "https://www.googleapis.com/auth/compute"
 	//   ]
 	// }
 
 }
 
-// method id "compute.disks.update":
+// method id "compute.disks.stopAsyncReplication":
 
-type DisksUpdateCall struct {
+type DisksStopAsyncReplicationCall struct {
 	s          *Service
 	project    string
 	zone       string
 	disk       string
-	disk2      *Disk
 	urlParams_ gensupport.URLParams
 	ctx_       context.Context
 	header_    http.Header
 }
 
-// Update: Updates the specified disk with the data included in the
-// request. The update is performed only on selected fields included as
-// part of update-mask. Only the following fields can be modified:
-// user_license.
+// StopAsyncReplication: Stops asynchronous replication. Can be invoked
+// either on the primary or on the secondary disk.
 //
-// - disk: The disk name for this request.
+// - disk: The name of the persistent disk.
 // - project: Project ID for this request.
 // - zone: The name of the zone for this request.
-func (r *DisksService) Update(project string, zone string, disk string, disk2 *Disk) *DisksUpdateCall {
-	c := &DisksUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *DisksService) StopAsyncReplication(project string, zone string, disk string) *DisksStopAsyncReplicationCall {
+	c := &DisksStopAsyncReplicationCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.zone = zone
 	c.disk = disk
-	c.disk2 = disk2
-	return c
-}
-
-// Paths sets the optional parameter "paths":
-func (c *DisksUpdateCall) Paths(paths ...string) *DisksUpdateCall {
-	c.urlParams_.SetMulti("paths", append([]string{}, paths...))
 	return c
 }
 
@@ -70164,22 +72683,15 @@ func (c *DisksUpdateCall) Paths(paths ...string) *DisksUpdateCall {
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *DisksUpdateCall) RequestId(requestId string) *DisksUpdateCall {
+func (c *DisksStopAsyncReplicationCall) RequestId(requestId string) *DisksStopAsyncReplicationCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
 
-// UpdateMask sets the optional parameter "updateMask": update_mask
-// indicates fields to be updated as part of this request.
-func (c *DisksUpdateCall) UpdateMask(updateMask string) *DisksUpdateCall {
-	c.urlParams_.Set("updateMask", updateMask)
-	return c
-}
-
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *DisksUpdateCall) Fields(s ...googleapi.Field) *DisksUpdateCall {
+func (c *DisksStopAsyncReplicationCall) Fields(s ...googleapi.Field) *DisksStopAsyncReplicationCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -70187,21 +72699,21 @@ func (c *DisksUpdateCall) Fields(s ...googleapi.Field) *DisksUpdateCall {
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *DisksUpdateCall) Context(ctx context.Context) *DisksUpdateCall {
+func (c *DisksStopAsyncReplicationCall) Context(ctx context.Context) *DisksStopAsyncReplicationCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *DisksUpdateCall) Header() http.Header {
+func (c *DisksStopAsyncReplicationCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *DisksUpdateCall) doRequest(alt string) (*http.Response, error) {
+func (c *DisksStopAsyncReplicationCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -70209,16 +72721,11 @@ func (c *DisksUpdateCall) doRequest(alt string) (*http.Response, error) {
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.disk2)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/disks/{disk}")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/disks/{disk}/stopAsyncReplication")
 	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("PATCH", urls, body)
+	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
 		return nil, err
 	}
@@ -70231,14 +72738,563 @@ func (c *DisksUpdateCall) doRequest(alt string) (*http.Response, error) {
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.disks.update" call.
+// Do executes the "compute.disks.stopAsyncReplication" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *DisksUpdateCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *DisksStopAsyncReplicationCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Stops asynchronous replication. Can be invoked either on the primary or on the secondary disk.",
+	//   "flatPath": "projects/{project}/zones/{zone}/disks/{disk}/stopAsyncReplication",
+	//   "httpMethod": "POST",
+	//   "id": "compute.disks.stopAsyncReplication",
+	//   "parameterOrder": [
+	//     "project",
+	//     "zone",
+	//     "disk"
+	//   ],
+	//   "parameters": {
+	//     "disk": {
+	//       "description": "The name of the persistent disk.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "zone": {
+	//       "description": "The name of the zone for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/zones/{zone}/disks/{disk}/stopAsyncReplication",
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.disks.stopGroupAsyncReplication":
+
+type DisksStopGroupAsyncReplicationCall struct {
+	s                                      *Service
+	project                                string
+	zone                                   string
+	disksstopgroupasyncreplicationresource *DisksStopGroupAsyncReplicationResource
+	urlParams_                             gensupport.URLParams
+	ctx_                                   context.Context
+	header_                                http.Header
+}
+
+// StopGroupAsyncReplication: Stops asynchronous replication for a
+// consistency group of disks. Can be invoked either in the primary or
+// secondary scope.
+//
+//   - project: Project ID for this request.
+//   - zone: The name of the zone for this request. This must be the zone
+//     of the primary or secondary disks in the consistency group.
+func (r *DisksService) StopGroupAsyncReplication(project string, zone string, disksstopgroupasyncreplicationresource *DisksStopGroupAsyncReplicationResource) *DisksStopGroupAsyncReplicationCall {
+	c := &DisksStopGroupAsyncReplicationCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.zone = zone
+	c.disksstopgroupasyncreplicationresource = disksstopgroupasyncreplicationresource
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *DisksStopGroupAsyncReplicationCall) RequestId(requestId string) *DisksStopGroupAsyncReplicationCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *DisksStopGroupAsyncReplicationCall) Fields(s ...googleapi.Field) *DisksStopGroupAsyncReplicationCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *DisksStopGroupAsyncReplicationCall) Context(ctx context.Context) *DisksStopGroupAsyncReplicationCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *DisksStopGroupAsyncReplicationCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *DisksStopGroupAsyncReplicationCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.disksstopgroupasyncreplicationresource)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/disks/stopGroupAsyncReplication")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+		"zone":    c.zone,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.disks.stopGroupAsyncReplication" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *DisksStopGroupAsyncReplicationCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Stops asynchronous replication for a consistency group of disks. Can be invoked either in the primary or secondary scope.",
+	//   "flatPath": "projects/{project}/zones/{zone}/disks/stopGroupAsyncReplication",
+	//   "httpMethod": "POST",
+	//   "id": "compute.disks.stopGroupAsyncReplication",
+	//   "parameterOrder": [
+	//     "project",
+	//     "zone"
+	//   ],
+	//   "parameters": {
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "zone": {
+	//       "description": "The name of the zone for this request. This must be the zone of the primary or secondary disks in the consistency group.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/zones/{zone}/disks/stopGroupAsyncReplication",
+	//   "request": {
+	//     "$ref": "DisksStopGroupAsyncReplicationResource"
+	//   },
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.disks.testIamPermissions":
+
+type DisksTestIamPermissionsCall struct {
+	s                      *Service
+	project                string
+	zone                   string
+	resource               string
+	testpermissionsrequest *TestPermissionsRequest
+	urlParams_             gensupport.URLParams
+	ctx_                   context.Context
+	header_                http.Header
+}
+
+// TestIamPermissions: Returns permissions that a caller has on the
+// specified resource.
+//
+// - project: Project ID for this request.
+// - resource: Name or id of the resource for this request.
+// - zone: The name of the zone for this request.
+func (r *DisksService) TestIamPermissions(project string, zone string, resource string, testpermissionsrequest *TestPermissionsRequest) *DisksTestIamPermissionsCall {
+	c := &DisksTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.zone = zone
+	c.resource = resource
+	c.testpermissionsrequest = testpermissionsrequest
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *DisksTestIamPermissionsCall) Fields(s ...googleapi.Field) *DisksTestIamPermissionsCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *DisksTestIamPermissionsCall) Context(ctx context.Context) *DisksTestIamPermissionsCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *DisksTestIamPermissionsCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *DisksTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.testpermissionsrequest)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/disks/{resource}/testIamPermissions")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":  c.project,
+		"zone":     c.zone,
+		"resource": c.resource,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.disks.testIamPermissions" call.
+// Exactly one of *TestPermissionsResponse or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *TestPermissionsResponse.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *DisksTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestPermissionsResponse, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &TestPermissionsResponse{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Returns permissions that a caller has on the specified resource.",
+	//   "flatPath": "projects/{project}/zones/{zone}/disks/{resource}/testIamPermissions",
+	//   "httpMethod": "POST",
+	//   "id": "compute.disks.testIamPermissions",
+	//   "parameterOrder": [
+	//     "project",
+	//     "zone",
+	//     "resource"
+	//   ],
+	//   "parameters": {
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "resource": {
+	//       "description": "Name or id of the resource for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "zone": {
+	//       "description": "The name of the zone for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/zones/{zone}/disks/{resource}/testIamPermissions",
+	//   "request": {
+	//     "$ref": "TestPermissionsRequest"
+	//   },
+	//   "response": {
+	//     "$ref": "TestPermissionsResponse"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
+	//   ]
+	// }
+
+}
+
+// method id "compute.disks.update":
+
+type DisksUpdateCall struct {
+	s          *Service
+	project    string
+	zone       string
+	disk       string
+	disk2      *Disk
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// Update: Updates the specified disk with the data included in the
+// request. The update is performed only on selected fields included as
+// part of update-mask. Only the following fields can be modified:
+// user_license.
+//
+// - disk: The disk name for this request.
+// - project: Project ID for this request.
+// - zone: The name of the zone for this request.
+func (r *DisksService) Update(project string, zone string, disk string, disk2 *Disk) *DisksUpdateCall {
+	c := &DisksUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.zone = zone
+	c.disk = disk
+	c.disk2 = disk2
+	return c
+}
+
+// Paths sets the optional parameter "paths":
+func (c *DisksUpdateCall) Paths(paths ...string) *DisksUpdateCall {
+	c.urlParams_.SetMulti("paths", append([]string{}, paths...))
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *DisksUpdateCall) RequestId(requestId string) *DisksUpdateCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// UpdateMask sets the optional parameter "updateMask": update_mask
+// indicates fields to be updated as part of this request.
+func (c *DisksUpdateCall) UpdateMask(updateMask string) *DisksUpdateCall {
+	c.urlParams_.Set("updateMask", updateMask)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *DisksUpdateCall) Fields(s ...googleapi.Field) *DisksUpdateCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *DisksUpdateCall) Context(ctx context.Context) *DisksUpdateCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *DisksUpdateCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *DisksUpdateCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.disk2)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/disks/{disk}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("PATCH", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+		"zone":    c.zone,
+		"disk":    c.disk,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.disks.update" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *DisksUpdateCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -72967,7 +76023,9 @@ func (c *FirewallPoliciesListCall) PageToken(pageToken string) *FirewallPolicies
 }
 
 // ParentId sets the optional parameter "parentId": Parent ID for this
-// request.
+// request. The ID can be either be "folders/[FOLDER_ID]" if the parent
+// is a folder or "organizations/[ORGANIZATION_ID]" if the parent is an
+// organization.
 func (c *FirewallPoliciesListCall) ParentId(parentId string) *FirewallPoliciesListCall {
 	c.urlParams_.Set("parentId", parentId)
 	return c
@@ -73107,7 +76165,7 @@ func (c *FirewallPoliciesListCall) Do(opts ...googleapi.CallOption) (*FirewallPo
 	//       "type": "string"
 	//     },
 	//     "parentId": {
-	//       "description": "Parent ID for this request.",
+	//       "description": "Parent ID for this request. The ID can be either be \"folders/[FOLDER_ID]\" if the parent is a folder or \"organizations/[ORGANIZATION_ID]\" if the parent is an organization.",
 	//       "location": "query",
 	//       "type": "string"
 	//     },
@@ -73318,7 +76376,9 @@ func (r *FirewallPoliciesService) Move(firewallPolicy string) *FirewallPoliciesM
 }
 
 // ParentId sets the optional parameter "parentId": The new parent of
-// the firewall policy.
+// the firewall policy. The ID can be either be "folders/[FOLDER_ID]" if
+// the parent is a folder or "organizations/[ORGANIZATION_ID]" if the
+// parent is an organization.
 func (c *FirewallPoliciesMoveCall) ParentId(parentId string) *FirewallPoliciesMoveCall {
 	c.urlParams_.Set("parentId", parentId)
 	return c
@@ -73442,7 +76502,7 @@ func (c *FirewallPoliciesMoveCall) Do(opts ...googleapi.CallOption) (*Operation,
 	//       "type": "string"
 	//     },
 	//     "parentId": {
-	//       "description": "The new parent of the firewall policy.",
+	//       "description": "The new parent of the firewall policy. The ID can be either be \"folders/[FOLDER_ID]\" if the parent is a folder or \"organizations/[ORGANIZATION_ID]\" if the parent is an organization.",
 	//       "location": "query",
 	//       "type": "string"
 	//     },
@@ -77421,8 +80481,7 @@ type GlobalAddressesGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified address resource. Gets a list of available
-// addresses by making a list() request.
+// Get: Returns the specified address resource.
 //
 // - address: Name of the address resource to return.
 // - project: Project ID for this request.
@@ -77533,7 +80592,7 @@ func (c *GlobalAddressesGetCall) Do(opts ...googleapi.CallOption) (*Address, err
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified address resource. Gets a list of available addresses by making a list() request.",
+	//   "description": "Returns the specified address resource.",
 	//   "flatPath": "projects/{project}/global/addresses/{address}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.globalAddresses.get",
@@ -78014,6 +81073,183 @@ func (c *GlobalAddressesListCall) Pages(ctx context.Context, f func(*AddressList
 	}
 }
 
+// method id "compute.globalAddresses.move":
+
+type GlobalAddressesMoveCall struct {
+	s                          *Service
+	project                    string
+	address                    string
+	globaladdressesmoverequest *GlobalAddressesMoveRequest
+	urlParams_                 gensupport.URLParams
+	ctx_                       context.Context
+	header_                    http.Header
+}
+
+// Move: Moves the specified address resource from one project to
+// another project.
+//
+// - address: Name of the address resource to move.
+// - project: Source project ID which the Address is moved from.
+func (r *GlobalAddressesService) Move(project string, address string, globaladdressesmoverequest *GlobalAddressesMoveRequest) *GlobalAddressesMoveCall {
+	c := &GlobalAddressesMoveCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.address = address
+	c.globaladdressesmoverequest = globaladdressesmoverequest
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *GlobalAddressesMoveCall) RequestId(requestId string) *GlobalAddressesMoveCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *GlobalAddressesMoveCall) Fields(s ...googleapi.Field) *GlobalAddressesMoveCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *GlobalAddressesMoveCall) Context(ctx context.Context) *GlobalAddressesMoveCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *GlobalAddressesMoveCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *GlobalAddressesMoveCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.globaladdressesmoverequest)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/addresses/{address}/move")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+		"address": c.address,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.globalAddresses.move" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *GlobalAddressesMoveCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Moves the specified address resource from one project to another project.",
+	//   "flatPath": "projects/{project}/global/addresses/{address}/move",
+	//   "httpMethod": "POST",
+	//   "id": "compute.globalAddresses.move",
+	//   "parameterOrder": [
+	//     "project",
+	//     "address"
+	//   ],
+	//   "parameters": {
+	//     "address": {
+	//       "description": "Name of the address resource to move.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Source project ID which the Address is moved from.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/global/addresses/{address}/move",
+	//   "request": {
+	//     "$ref": "GlobalAddressesMoveRequest"
+	//   },
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
 // method id "compute.globalAddresses.setLabels":
 
 type GlobalAddressesSetLabelsCall struct {
@@ -79989,8 +83225,7 @@ type GlobalNetworkEndpointGroupsGetCall struct {
 	header_              http.Header
 }
 
-// Get: Returns the specified network endpoint group. Gets a list of
-// available network endpoint groups by making a list() request.
+// Get: Returns the specified network endpoint group.
 //
 //   - networkEndpointGroup: The name of the network endpoint group. It
 //     should comply with RFC1035.
@@ -80102,7 +83337,7 @@ func (c *GlobalNetworkEndpointGroupsGetCall) Do(opts ...googleapi.CallOption) (*
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified network endpoint group. Gets a list of available network endpoint groups by making a list() request.",
+	//   "description": "Returns the specified network endpoint group.",
 	//   "flatPath": "projects/{project}/global/networkEndpointGroups/{networkEndpointGroup}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.globalNetworkEndpointGroups.get",
@@ -83855,8 +87090,7 @@ type HealthChecksGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified HealthCheck resource. Gets a list of
-// available health checks by making a list() request.
+// Get: Returns the specified HealthCheck resource.
 //
 // - healthCheck: Name of the HealthCheck resource to return.
 // - project: Project ID for this request.
@@ -83967,7 +87201,7 @@ func (c *HealthChecksGetCall) Do(opts ...googleapi.CallOption) (*HealthCheck, er
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified HealthCheck resource. Gets a list of available health checks by making a list() request.",
+	//   "description": "Returns the specified HealthCheck resource.",
 	//   "flatPath": "projects/{project}/global/healthChecks/{healthCheck}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.healthChecks.get",
@@ -84982,8 +88216,7 @@ type HttpHealthChecksGetCall struct {
 	header_         http.Header
 }
 
-// Get: Returns the specified HttpHealthCheck resource. Gets a list of
-// available HTTP health checks by making a list() request.
+// Get: Returns the specified HttpHealthCheck resource.
 //
 // - httpHealthCheck: Name of the HttpHealthCheck resource to return.
 // - project: Project ID for this request.
@@ -85094,7 +88327,7 @@ func (c *HttpHealthChecksGetCall) Do(opts ...googleapi.CallOption) (*HttpHealthC
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified HttpHealthCheck resource. Gets a list of available HTTP health checks by making a list() request.",
+	//   "description": "Returns the specified HttpHealthCheck resource.",
 	//   "flatPath": "projects/{project}/global/httpHealthChecks/{httpHealthCheck}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.httpHealthChecks.get",
@@ -86109,8 +89342,7 @@ type HttpsHealthChecksGetCall struct {
 	header_          http.Header
 }
 
-// Get: Returns the specified HttpsHealthCheck resource. Gets a list of
-// available HTTPS health checks by making a list() request.
+// Get: Returns the specified HttpsHealthCheck resource.
 //
 // - httpsHealthCheck: Name of the HttpsHealthCheck resource to return.
 // - project: Project ID for this request.
@@ -86221,7 +89453,7 @@ func (c *HttpsHealthChecksGetCall) Do(opts ...googleapi.CallOption) (*HttpsHealt
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified HttpsHealthCheck resource. Gets a list of available HTTPS health checks by making a list() request.",
+	//   "description": "Returns the specified HttpsHealthCheck resource.",
 	//   "flatPath": "projects/{project}/global/httpsHealthChecks/{httpsHealthCheck}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.httpsHealthChecks.get",
@@ -87586,8 +90818,7 @@ type ImagesGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified image. Gets a list of available images by
-// making a list() request.
+// Get: Returns the specified image.
 //
 // - image: Name of the image resource to return.
 // - project: Project ID for this request.
@@ -87698,7 +90929,7 @@ func (c *ImagesGetCall) Do(opts ...googleapi.CallOption) (*Image, error) {
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified image. Gets a list of available images by making a list() request.",
+	//   "description": "Returns the specified image.",
 	//   "flatPath": "projects/{project}/global/images/{image}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.images.get",
@@ -90604,8 +93835,7 @@ type InstanceGroupManagersGetCall struct {
 }
 
 // Get: Returns all of the details about the specified managed instance
-// group. Gets a list of available managed instance groups by making a
-// list() request.
+// group.
 //
 //   - instanceGroupManager: The name of the managed instance group.
 //   - project: Project ID for this request.
@@ -90720,7 +93950,7 @@ func (c *InstanceGroupManagersGetCall) Do(opts ...googleapi.CallOption) (*Instan
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns all of the details about the specified managed instance group. Gets a list of available managed instance groups by making a list() request.",
+	//   "description": "Returns all of the details about the specified managed instance group.",
 	//   "flatPath": "projects/{project}/zones/{zone}/instanceGroupManagers/{instanceGroupManager}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.instanceGroupManagers.get",
@@ -95970,8 +99200,7 @@ type InstanceTemplatesGetCall struct {
 	header_          http.Header
 }
 
-// Get: Returns the specified instance template. Gets a list of
-// available instance templates by making a list() request.
+// Get: Returns the specified instance template.
 //
 // - instanceTemplate: The name of the instance template.
 // - project: Project ID for this request.
@@ -96082,7 +99311,7 @@ func (c *InstanceTemplatesGetCall) Do(opts ...googleapi.CallOption) (*InstanceTe
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified instance template. Gets a list of available instance templates by making a list() request.",
+	//   "description": "Returns the specified instance template.",
 	//   "flatPath": "projects/{project}/global/instanceTemplates/{instanceTemplate}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.instanceTemplates.get",
@@ -98704,8 +101933,7 @@ type InstancesGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified Instance resource. Gets a list of
-// available instances by making a list() request.
+// Get: Returns the specified Instance resource.
 //
 // - instance: Name of the instance resource to return.
 // - project: Project ID for this request.
@@ -98819,7 +102047,7 @@ func (c *InstancesGetCall) Do(opts ...googleapi.CallOption) (*Instance, error) {
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified Instance resource. Gets a list of available instances by making a list() request.",
+	//   "description": "Returns the specified Instance resource.",
 	//   "flatPath": "projects/{project}/zones/{zone}/instances/{instance}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.instances.get",
@@ -103961,164 +107189,6 @@ func (r *InstancesService) SimulateMaintenanceEvent(project string, zone string,
 	return c
 }
 
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *InstancesSimulateMaintenanceEventCall) Fields(s ...googleapi.Field) *InstancesSimulateMaintenanceEventCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *InstancesSimulateMaintenanceEventCall) Context(ctx context.Context) *InstancesSimulateMaintenanceEventCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *InstancesSimulateMaintenanceEventCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *InstancesSimulateMaintenanceEventCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instances/{instance}/simulateMaintenanceEvent")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("POST", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"project":  c.project,
-		"zone":     c.zone,
-		"instance": c.instance,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "compute.instances.simulateMaintenanceEvent" call.
-// Exactly one of *Operation or error will be non-nil. Any non-2xx
-// status code is an error. Response headers are in either
-// *Operation.ServerResponse.Header or (if a response was returned at
-// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
-// to check whether the returned error was because
-// http.StatusNotModified was returned.
-func (c *InstancesSimulateMaintenanceEventCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &Operation{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Simulates a host maintenance event on a VM. For more information, see Simulate a host maintenance event.",
-	//   "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/simulateMaintenanceEvent",
-	//   "httpMethod": "POST",
-	//   "id": "compute.instances.simulateMaintenanceEvent",
-	//   "parameterOrder": [
-	//     "project",
-	//     "zone",
-	//     "instance"
-	//   ],
-	//   "parameters": {
-	//     "instance": {
-	//       "description": "Name of the instance scoping this request.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "project": {
-	//       "description": "Project ID for this request.",
-	//       "location": "path",
-	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "zone": {
-	//       "description": "The name of the zone for this request.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-	//       "required": true,
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "projects/{project}/zones/{zone}/instances/{instance}/simulateMaintenanceEvent",
-	//   "response": {
-	//     "$ref": "Operation"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/compute"
-	//   ]
-	// }
-
-}
-
-// method id "compute.instances.start":
-
-type InstancesStartCall struct {
-	s          *Service
-	project    string
-	zone       string
-	instance   string
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
-}
-
-// Start: Starts an instance that was stopped using the instances().stop
-// method. For more information, see Restart an instance.
-//
-// - instance: Name of the instance resource to start.
-// - project: Project ID for this request.
-// - zone: The name of the zone for this request.
-func (r *InstancesService) Start(project string, zone string, instance string) *InstancesStartCall {
-	c := &InstancesStartCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.project = project
-	c.zone = zone
-	c.instance = instance
-	return c
-}
-
 // RequestId sets the optional parameter "requestId": An optional
 // request ID to identify requests. Specify a unique request ID so that
 // if you must retry your request, the server will know to ignore the
@@ -104130,7 +107200,7 @@ func (r *InstancesService) Start(project string, zone string, instance string) *
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *InstancesStartCall) RequestId(requestId string) *InstancesStartCall {
+func (c *InstancesSimulateMaintenanceEventCall) RequestId(requestId string) *InstancesSimulateMaintenanceEventCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -104138,7 +107208,7 @@ func (c *InstancesStartCall) RequestId(requestId string) *InstancesStartCall {
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *InstancesStartCall) Fields(s ...googleapi.Field) *InstancesStartCall {
+func (c *InstancesSimulateMaintenanceEventCall) Fields(s ...googleapi.Field) *InstancesSimulateMaintenanceEventCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -104146,21 +107216,21 @@ func (c *InstancesStartCall) Fields(s ...googleapi.Field) *InstancesStartCall {
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *InstancesStartCall) Context(ctx context.Context) *InstancesStartCall {
+func (c *InstancesSimulateMaintenanceEventCall) Context(ctx context.Context) *InstancesSimulateMaintenanceEventCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *InstancesStartCall) Header() http.Header {
+func (c *InstancesSimulateMaintenanceEventCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *InstancesStartCall) doRequest(alt string) (*http.Response, error) {
+func (c *InstancesSimulateMaintenanceEventCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -104170,7 +107240,7 @@ func (c *InstancesStartCall) doRequest(alt string) (*http.Response, error) {
 	var body io.Reader = nil
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instances/{instance}/start")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instances/{instance}/simulateMaintenanceEvent")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -104185,14 +107255,193 @@ func (c *InstancesStartCall) doRequest(alt string) (*http.Response, error) {
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.instances.start" call.
+// Do executes the "compute.instances.simulateMaintenanceEvent" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *InstancesStartCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *InstancesSimulateMaintenanceEventCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Simulates a host maintenance event on a VM. For more information, see Simulate a host maintenance event.",
+	//   "flatPath": "projects/{project}/zones/{zone}/instances/{instance}/simulateMaintenanceEvent",
+	//   "httpMethod": "POST",
+	//   "id": "compute.instances.simulateMaintenanceEvent",
+	//   "parameterOrder": [
+	//     "project",
+	//     "zone",
+	//     "instance"
+	//   ],
+	//   "parameters": {
+	//     "instance": {
+	//       "description": "Name of the instance scoping this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "zone": {
+	//       "description": "The name of the zone for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/zones/{zone}/instances/{instance}/simulateMaintenanceEvent",
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.instances.start":
+
+type InstancesStartCall struct {
+	s          *Service
+	project    string
+	zone       string
+	instance   string
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// Start: Starts an instance that was stopped using the instances().stop
+// method. For more information, see Restart an instance.
+//
+// - instance: Name of the instance resource to start.
+// - project: Project ID for this request.
+// - zone: The name of the zone for this request.
+func (r *InstancesService) Start(project string, zone string, instance string) *InstancesStartCall {
+	c := &InstancesStartCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.zone = zone
+	c.instance = instance
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *InstancesStartCall) RequestId(requestId string) *InstancesStartCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *InstancesStartCall) Fields(s ...googleapi.Field) *InstancesStartCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *InstancesStartCall) Context(ctx context.Context) *InstancesStartCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *InstancesStartCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *InstancesStartCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/instances/{instance}/start")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":  c.project,
+		"zone":     c.zone,
+		"instance": c.instance,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.instances.start" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *InstancesStartCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -108023,6 +111272,449 @@ func (c *InterconnectLocationsListCall) Pages(ctx context.Context, f func(*Inter
 	}
 }
 
+// method id "compute.interconnectRemoteLocations.get":
+
+type InterconnectRemoteLocationsGetCall struct {
+	s                          *Service
+	project                    string
+	interconnectRemoteLocation string
+	urlParams_                 gensupport.URLParams
+	ifNoneMatch_               string
+	ctx_                       context.Context
+	header_                    http.Header
+}
+
+// Get: Returns the details for the specified interconnect remote
+// location. Gets a list of available interconnect remote locations by
+// making a list() request.
+//
+//   - interconnectRemoteLocation: Name of the interconnect remote
+//     location to return.
+//   - project: Project ID for this request.
+func (r *InterconnectRemoteLocationsService) Get(project string, interconnectRemoteLocation string) *InterconnectRemoteLocationsGetCall {
+	c := &InterconnectRemoteLocationsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.interconnectRemoteLocation = interconnectRemoteLocation
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *InterconnectRemoteLocationsGetCall) Fields(s ...googleapi.Field) *InterconnectRemoteLocationsGetCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *InterconnectRemoteLocationsGetCall) IfNoneMatch(entityTag string) *InterconnectRemoteLocationsGetCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *InterconnectRemoteLocationsGetCall) Context(ctx context.Context) *InterconnectRemoteLocationsGetCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *InterconnectRemoteLocationsGetCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *InterconnectRemoteLocationsGetCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/interconnectRemoteLocations/{interconnectRemoteLocation}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":                    c.project,
+		"interconnectRemoteLocation": c.interconnectRemoteLocation,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.interconnectRemoteLocations.get" call.
+// Exactly one of *InterconnectRemoteLocation or error will be non-nil.
+// Any non-2xx status code is an error. Response headers are in either
+// *InterconnectRemoteLocation.ServerResponse.Header or (if a response
+// was returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *InterconnectRemoteLocationsGetCall) Do(opts ...googleapi.CallOption) (*InterconnectRemoteLocation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &InterconnectRemoteLocation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Returns the details for the specified interconnect remote location. Gets a list of available interconnect remote locations by making a list() request.",
+	//   "flatPath": "projects/{project}/global/interconnectRemoteLocations/{interconnectRemoteLocation}",
+	//   "httpMethod": "GET",
+	//   "id": "compute.interconnectRemoteLocations.get",
+	//   "parameterOrder": [
+	//     "project",
+	//     "interconnectRemoteLocation"
+	//   ],
+	//   "parameters": {
+	//     "interconnectRemoteLocation": {
+	//       "description": "Name of the interconnect remote location to return.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/global/interconnectRemoteLocations/{interconnectRemoteLocation}",
+	//   "response": {
+	//     "$ref": "InterconnectRemoteLocation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
+	//   ]
+	// }
+
+}
+
+// method id "compute.interconnectRemoteLocations.list":
+
+type InterconnectRemoteLocationsListCall struct {
+	s            *Service
+	project      string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// List: Retrieves the list of interconnect remote locations available
+// to the specified project.
+//
+// - project: Project ID for this request.
+func (r *InterconnectRemoteLocationsService) List(project string) *InterconnectRemoteLocationsListCall {
+	c := &InterconnectRemoteLocationsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	return c
+}
+
+// Filter sets the optional parameter "filter": A filter expression that
+// filters resources listed in the response. Most Compute resources
+// support two types of filter expressions: expressions that support
+// regular expressions and expressions that follow API improvement
+// proposal AIP-160. If you want to use AIP-160, your expression must
+// specify the field name, an operator, and the value that you want to
+// use for filtering. The value must be a string, a number, or a
+// boolean. The operator must be either `=`, `!=`, `>`, `<`, `<=`, `>=`
+// or `:`. For example, if you are filtering Compute Engine instances,
+// you can exclude instances named `example-instance` by specifying
+// `name != example-instance`. The `:` operator can be used with string
+// fields to match substrings. For non-string fields it is equivalent to
+// the `=` operator. The `:*` comparison can be used to test whether a
+// key has been defined. For example, to find all objects with `owner`
+// label use: ``` labels.owner:* ``` You can also filter nested fields.
+// For example, you could specify `scheduling.automaticRestart = false`
+// to include instances only if they are not scheduled for automatic
+// restarts. You can use filtering on nested fields to filter based on
+// resource labels. To filter on multiple expressions, provide each
+// separate expression within parentheses. For example: ```
+// (scheduling.automaticRestart = true) (cpuPlatform = "Intel Skylake")
+// ``` By default, each expression is an `AND` expression. However, you
+// can include `AND` and `OR` expressions explicitly. For example: ```
+// (cpuPlatform = "Intel Skylake") OR (cpuPlatform = "Intel Broadwell")
+// AND (scheduling.automaticRestart = true) ``` If you want to use a
+// regular expression, use the `eq` (equal) or `ne` (not equal) operator
+// against a single un-parenthesized expression with or without quotes
+// or against multiple parenthesized expressions. Examples: `fieldname
+// eq unquoted literal` `fieldname eq 'single quoted literal'`
+// `fieldname eq "double quoted literal" `(fieldname1 eq literal)
+// (fieldname2 ne "literal")` The literal value is interpreted as a
+// regular expression using Google RE2 library syntax. The literal value
+// must match the entire field. For example, to filter for instances
+// that do not end with name "instance", you would use `name ne
+// .*instance`.
+func (c *InterconnectRemoteLocationsListCall) Filter(filter string) *InterconnectRemoteLocationsListCall {
+	c.urlParams_.Set("filter", filter)
+	return c
+}
+
+// MaxResults sets the optional parameter "maxResults": The maximum
+// number of results per page that should be returned. If the number of
+// available results is larger than `maxResults`, Compute Engine returns
+// a `nextPageToken` that can be used to get the next page of results in
+// subsequent list requests. Acceptable values are `0` to `500`,
+// inclusive. (Default: `500`)
+func (c *InterconnectRemoteLocationsListCall) MaxResults(maxResults int64) *InterconnectRemoteLocationsListCall {
+	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
+	return c
+}
+
+// OrderBy sets the optional parameter "orderBy": Sorts list results by
+// a certain order. By default, results are returned in alphanumerical
+// order based on the resource name. You can also sort results in
+// descending order based on the creation timestamp using
+// `orderBy="creationTimestamp desc". This sorts results based on the
+// `creationTimestamp` field in reverse chronological order (newest
+// result first). Use this to sort resources like operations so that the
+// newest operation is returned first. Currently, only sorting by `name`
+// or `creationTimestamp desc` is supported.
+func (c *InterconnectRemoteLocationsListCall) OrderBy(orderBy string) *InterconnectRemoteLocationsListCall {
+	c.urlParams_.Set("orderBy", orderBy)
+	return c
+}
+
+// PageToken sets the optional parameter "pageToken": Specifies a page
+// token to use. Set `pageToken` to the `nextPageToken` returned by a
+// previous list request to get the next page of results.
+func (c *InterconnectRemoteLocationsListCall) PageToken(pageToken string) *InterconnectRemoteLocationsListCall {
+	c.urlParams_.Set("pageToken", pageToken)
+	return c
+}
+
+// ReturnPartialSuccess sets the optional parameter
+// "returnPartialSuccess": Opt-in for partial success behavior which
+// provides partial results in case of failure. The default value is
+// false.
+func (c *InterconnectRemoteLocationsListCall) ReturnPartialSuccess(returnPartialSuccess bool) *InterconnectRemoteLocationsListCall {
+	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *InterconnectRemoteLocationsListCall) Fields(s ...googleapi.Field) *InterconnectRemoteLocationsListCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *InterconnectRemoteLocationsListCall) IfNoneMatch(entityTag string) *InterconnectRemoteLocationsListCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *InterconnectRemoteLocationsListCall) Context(ctx context.Context) *InterconnectRemoteLocationsListCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *InterconnectRemoteLocationsListCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *InterconnectRemoteLocationsListCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/global/interconnectRemoteLocations")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.interconnectRemoteLocations.list" call.
+// Exactly one of *InterconnectRemoteLocationList or error will be
+// non-nil. Any non-2xx status code is an error. Response headers are in
+// either *InterconnectRemoteLocationList.ServerResponse.Header or (if a
+// response was returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *InterconnectRemoteLocationsListCall) Do(opts ...googleapi.CallOption) (*InterconnectRemoteLocationList, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &InterconnectRemoteLocationList{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Retrieves the list of interconnect remote locations available to the specified project.",
+	//   "flatPath": "projects/{project}/global/interconnectRemoteLocations",
+	//   "httpMethod": "GET",
+	//   "id": "compute.interconnectRemoteLocations.list",
+	//   "parameterOrder": [
+	//     "project"
+	//   ],
+	//   "parameters": {
+	//     "filter": {
+	//       "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "maxResults": {
+	//       "default": "500",
+	//       "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+	//       "format": "uint32",
+	//       "location": "query",
+	//       "minimum": "0",
+	//       "type": "integer"
+	//     },
+	//     "orderBy": {
+	//       "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "pageToken": {
+	//       "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "returnPartialSuccess": {
+	//       "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+	//       "location": "query",
+	//       "type": "boolean"
+	//     }
+	//   },
+	//   "path": "projects/{project}/global/interconnectRemoteLocations",
+	//   "response": {
+	//     "$ref": "InterconnectRemoteLocationList"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
+	//   ]
+	// }
+
+}
+
+// Pages invokes f for each page of results.
+// A non-nil error returned from f will halt the iteration.
+// The provided context supersedes any context provided to the Context method.
+func (c *InterconnectRemoteLocationsListCall) Pages(ctx context.Context, f func(*InterconnectRemoteLocationList) error) error {
+	c.ctx_ = ctx
+	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
+	for {
+		x, err := c.Do()
+		if err != nil {
+			return err
+		}
+		if err := f(x); err != nil {
+			return err
+		}
+		if x.NextPageToken == "" {
+			return nil
+		}
+		c.PageToken(x.NextPageToken)
+	}
+}
+
 // method id "compute.interconnects.delete":
 
 type InterconnectsDeleteCall struct {
@@ -111069,8 +114761,7 @@ type MachineImagesGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified machine image. Gets a list of available
-// machine images by making a list() request.
+// Get: Returns the specified machine image.
 //
 // - machineImage: The name of the machine image.
 // - project: Project ID for this request.
@@ -111181,7 +114872,7 @@ func (c *MachineImagesGetCall) Do(opts ...googleapi.CallOption) (*MachineImage,
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified machine image. Gets a list of available machine images by making a list() request.",
+	//   "description": "Returns the specified machine image.",
 	//   "flatPath": "projects/{project}/global/machineImages/{machineImage}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.machineImages.get",
@@ -112476,8 +116167,7 @@ type MachineTypesGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified machine type. Gets a list of available
-// machine types by making a list() request.
+// Get: Returns the specified machine type.
 //
 // - machineType: Name of the machine type to return.
 // - project: Project ID for this request.
@@ -112591,7 +116281,7 @@ func (c *MachineTypesGetCall) Do(opts ...googleapi.CallOption) (*MachineType, er
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified machine type. Gets a list of available machine types by making a list() request.",
+	//   "description": "Returns the specified machine type.",
 	//   "flatPath": "projects/{project}/zones/{zone}/machineTypes/{machineType}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.machineTypes.get",
@@ -116499,8 +120189,7 @@ type NetworkEndpointGroupsGetCall struct {
 	header_              http.Header
 }
 
-// Get: Returns the specified network endpoint group. Gets a list of
-// available network endpoint groups by making a list() request.
+// Get: Returns the specified network endpoint group.
 //
 //   - networkEndpointGroup: The name of the network endpoint group. It
 //     should comply with RFC1035.
@@ -116616,7 +120305,7 @@ func (c *NetworkEndpointGroupsGetCall) Do(opts ...googleapi.CallOption) (*Networ
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified network endpoint group. Gets a list of available network endpoint groups by making a list() request.",
+	//   "description": "Returns the specified network endpoint group.",
 	//   "flatPath": "projects/{project}/zones/{zone}/networkEndpointGroups/{networkEndpointGroup}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.networkEndpointGroups.get",
@@ -120859,8 +124548,7 @@ type NetworksGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified network. Gets a list of available networks
-// by making a list() request.
+// Get: Returns the specified network.
 //
 // - network: Name of the network to return.
 // - project: Project ID for this request.
@@ -120971,7 +124659,7 @@ func (c *NetworksGetCall) Do(opts ...googleapi.CallOption) (*Network, error) {
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified network. Gets a list of available networks by making a list() request.",
+	//   "description": "Returns the specified network.",
 	//   "flatPath": "projects/{project}/global/networks/{network}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.networks.get",
@@ -125185,6 +128873,196 @@ func (c *NodeGroupsSetNodeTemplateCall) Do(opts ...googleapi.CallOption) (*Opera
 
 }
 
+// method id "compute.nodeGroups.simulateMaintenanceEvent":
+
+type NodeGroupsSimulateMaintenanceEventCall struct {
+	s                                         *Service
+	project                                   string
+	zone                                      string
+	nodeGroup                                 string
+	nodegroupssimulatemaintenanceeventrequest *NodeGroupsSimulateMaintenanceEventRequest
+	urlParams_                                gensupport.URLParams
+	ctx_                                      context.Context
+	header_                                   http.Header
+}
+
+// SimulateMaintenanceEvent: Simulates maintenance event on specified
+// nodes from the node group.
+//
+//   - nodeGroup: Name of the NodeGroup resource whose nodes will go under
+//     maintenance simulation.
+//   - project: Project ID for this request.
+//   - zone: The name of the zone for this request.
+func (r *NodeGroupsService) SimulateMaintenanceEvent(project string, zone string, nodeGroup string, nodegroupssimulatemaintenanceeventrequest *NodeGroupsSimulateMaintenanceEventRequest) *NodeGroupsSimulateMaintenanceEventCall {
+	c := &NodeGroupsSimulateMaintenanceEventCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.zone = zone
+	c.nodeGroup = nodeGroup
+	c.nodegroupssimulatemaintenanceeventrequest = nodegroupssimulatemaintenanceeventrequest
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *NodeGroupsSimulateMaintenanceEventCall) RequestId(requestId string) *NodeGroupsSimulateMaintenanceEventCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *NodeGroupsSimulateMaintenanceEventCall) Fields(s ...googleapi.Field) *NodeGroupsSimulateMaintenanceEventCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *NodeGroupsSimulateMaintenanceEventCall) Context(ctx context.Context) *NodeGroupsSimulateMaintenanceEventCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *NodeGroupsSimulateMaintenanceEventCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *NodeGroupsSimulateMaintenanceEventCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.nodegroupssimulatemaintenanceeventrequest)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/zones/{zone}/nodeGroups/{nodeGroup}/simulateMaintenanceEvent")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":   c.project,
+		"zone":      c.zone,
+		"nodeGroup": c.nodeGroup,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.nodeGroups.simulateMaintenanceEvent" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *NodeGroupsSimulateMaintenanceEventCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Simulates maintenance event on specified nodes from the node group.",
+	//   "flatPath": "projects/{project}/zones/{zone}/nodeGroups/{nodeGroup}/simulateMaintenanceEvent",
+	//   "httpMethod": "POST",
+	//   "id": "compute.nodeGroups.simulateMaintenanceEvent",
+	//   "parameterOrder": [
+	//     "project",
+	//     "zone",
+	//     "nodeGroup"
+	//   ],
+	//   "parameters": {
+	//     "nodeGroup": {
+	//       "description": "Name of the NodeGroup resource whose nodes will go under maintenance simulation.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "zone": {
+	//       "description": "The name of the zone for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/zones/{zone}/nodeGroups/{nodeGroup}/simulateMaintenanceEvent",
+	//   "request": {
+	//     "$ref": "NodeGroupsSimulateMaintenanceEventRequest"
+	//   },
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
 // method id "compute.nodeGroups.testIamPermissions":
 
 type NodeGroupsTestIamPermissionsCall struct {
@@ -125842,8 +129720,7 @@ type NodeTemplatesGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified node template. Gets a list of available
-// node templates by making a list() request.
+// Get: Returns the specified node template.
 //
 // - nodeTemplate: Name of the node template to return.
 // - project: Project ID for this request.
@@ -125957,7 +129834,7 @@ func (c *NodeTemplatesGetCall) Do(opts ...googleapi.CallOption) (*NodeTemplate,
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified node template. Gets a list of available node templates by making a list() request.",
+	//   "description": "Returns the specified node template.",
 	//   "flatPath": "projects/{project}/regions/{region}/nodeTemplates/{nodeTemplate}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.nodeTemplates.get",
@@ -127304,8 +131181,7 @@ type NodeTypesGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified node type. Gets a list of available node
-// types by making a list() request.
+// Get: Returns the specified node type.
 //
 // - nodeType: Name of the node type to return.
 // - project: Project ID for this request.
@@ -127419,7 +131295,7 @@ func (c *NodeTypesGetCall) Do(opts ...googleapi.CallOption) (*NodeType, error) {
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified node type. Gets a list of available node types by making a list() request.",
+	//   "description": "Returns the specified node type.",
 	//   "flatPath": "projects/{project}/zones/{zone}/nodeTypes/{nodeType}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.nodeTypes.get",
@@ -130907,7 +134783,9 @@ type ProjectsMoveInstanceCall struct {
 // method might cause unexpected behavior. For more information, see the
 // known issue
 // (/compute/docs/troubleshooting/known-issues#moving_vms_or_disks_using_
-// the_moveinstance_api_or_the_causes_unexpected_behavior).
+// the_moveinstance_api_or_the_causes_unexpected_behavior). [Deprecated]
+// This method is deprecated. See moving instance across zones
+// (/compute/docs/instances/moving-instance-across-zones) instead.
 //
 // - project: Project ID for this request.
 func (r *ProjectsService) MoveInstance(project string, instancemoverequest *InstanceMoveRequest) *ProjectsMoveInstanceCall {
@@ -131024,7 +134902,8 @@ func (c *ProjectsMoveInstanceCall) Do(opts ...googleapi.CallOption) (*Operation,
 	}
 	return ret, nil
 	// {
-	//   "description": "Moves an instance and its attached persistent disks from one zone to another. *Note*: Moving VMs or disks by using this method might cause unexpected behavior. For more information, see the [known issue](/compute/docs/troubleshooting/known-issues#moving_vms_or_disks_using_the_moveinstance_api_or_the_causes_unexpected_behavior).",
+	//   "deprecated": true,
+	//   "description": "Moves an instance and its attached persistent disks from one zone to another. *Note*: Moving VMs or disks by using this method might cause unexpected behavior. For more information, see the [known issue](/compute/docs/troubleshooting/known-issues#moving_vms_or_disks_using_the_moveinstance_api_or_the_causes_unexpected_behavior). [Deprecated] This method is deprecated. See [moving instance across zones](/compute/docs/instances/moving-instance-across-zones) instead.",
 	//   "flatPath": "projects/{project}/moveInstance",
 	//   "httpMethod": "POST",
 	//   "id": "compute.projects.moveInstance",
@@ -137062,8 +140941,7 @@ type RegionCommitmentsGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified commitment resource. Gets a list of
-// available commitments by making a list() request.
+// Get: Returns the specified commitment resource.
 //
 // - commitment: Name of the commitment to return.
 // - project: Project ID for this request.
@@ -137177,7 +141055,7 @@ func (c *RegionCommitmentsGetCall) Do(opts ...googleapi.CallOption) (*Commitment
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified commitment resource. Gets a list of available commitments by making a list() request.",
+	//   "description": "Returns the specified commitment resource.",
 	//   "flatPath": "projects/{project}/regions/{region}/commitments/{commitment}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.regionCommitments.get",
@@ -137920,8 +141798,7 @@ type RegionDiskTypesGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified regional disk type. Gets a list of
-// available disk types by making a list() request.
+// Get: Returns the specified regional disk type.
 //
 // - diskType: Name of the disk type to return.
 // - project: Project ID for this request.
@@ -138035,7 +141912,7 @@ func (c *RegionDiskTypesGetCall) Do(opts ...googleapi.CallOption) (*DiskType, er
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified regional disk type. Gets a list of available disk types by making a list() request.",
+	//   "description": "Returns the specified regional disk type.",
 	//   "flatPath": "projects/{project}/regions/{region}/diskTypes/{diskType}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.regionDiskTypes.get",
@@ -138562,33 +142439,27 @@ func (c *RegionDisksAddResourcePoliciesCall) Do(opts ...googleapi.CallOption) (*
 
 }
 
-// method id "compute.regionDisks.createSnapshot":
+// method id "compute.regionDisks.bulkInsert":
 
-type RegionDisksCreateSnapshotCall struct {
-	s          *Service
-	project    string
-	region     string
-	disk       string
-	snapshot   *Snapshot
-	urlParams_ gensupport.URLParams
-	ctx_       context.Context
-	header_    http.Header
+type RegionDisksBulkInsertCall struct {
+	s                      *Service
+	project                string
+	region                 string
+	bulkinsertdiskresource *BulkInsertDiskResource
+	urlParams_             gensupport.URLParams
+	ctx_                   context.Context
+	header_                http.Header
 }
 
-// CreateSnapshot: Creates a snapshot of a specified persistent disk.
-// For regular snapshot creation, consider using snapshots.insert
-// instead, as that method supports more features, such as creating
-// snapshots in a project different from the source disk project.
+// BulkInsert: Bulk create a set of disks.
 //
-// - disk: Name of the regional persistent disk to snapshot.
 // - project: Project ID for this request.
-// - region: Name of the region for this request.
-func (r *RegionDisksService) CreateSnapshot(project string, region string, disk string, snapshot *Snapshot) *RegionDisksCreateSnapshotCall {
-	c := &RegionDisksCreateSnapshotCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - region: The name of the region for this request.
+func (r *RegionDisksService) BulkInsert(project string, region string, bulkinsertdiskresource *BulkInsertDiskResource) *RegionDisksBulkInsertCall {
+	c := &RegionDisksBulkInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.region = region
-	c.disk = disk
-	c.snapshot = snapshot
+	c.bulkinsertdiskresource = bulkinsertdiskresource
 	return c
 }
 
@@ -138603,7 +142474,7 @@ func (r *RegionDisksService) CreateSnapshot(project string, region string, disk
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *RegionDisksCreateSnapshotCall) RequestId(requestId string) *RegionDisksCreateSnapshotCall {
+func (c *RegionDisksBulkInsertCall) RequestId(requestId string) *RegionDisksBulkInsertCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -138611,7 +142482,7 @@ func (c *RegionDisksCreateSnapshotCall) RequestId(requestId string) *RegionDisks
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *RegionDisksCreateSnapshotCall) Fields(s ...googleapi.Field) *RegionDisksCreateSnapshotCall {
+func (c *RegionDisksBulkInsertCall) Fields(s ...googleapi.Field) *RegionDisksBulkInsertCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -138619,21 +142490,21 @@ func (c *RegionDisksCreateSnapshotCall) Fields(s ...googleapi.Field) *RegionDisk
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *RegionDisksCreateSnapshotCall) Context(ctx context.Context) *RegionDisksCreateSnapshotCall {
+func (c *RegionDisksBulkInsertCall) Context(ctx context.Context) *RegionDisksBulkInsertCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *RegionDisksCreateSnapshotCall) Header() http.Header {
+func (c *RegionDisksBulkInsertCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *RegionDisksCreateSnapshotCall) doRequest(alt string) (*http.Response, error) {
+func (c *RegionDisksBulkInsertCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -138641,14 +142512,14 @@ func (c *RegionDisksCreateSnapshotCall) doRequest(alt string) (*http.Response, e
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.snapshot)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.bulkinsertdiskresource)
 	if err != nil {
 		return nil, err
 	}
 	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/disks/{disk}/createSnapshot")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/disks/bulkInsert")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -138658,19 +142529,18 @@ func (c *RegionDisksCreateSnapshotCall) doRequest(alt string) (*http.Response, e
 	googleapi.Expand(req.URL, map[string]string{
 		"project": c.project,
 		"region":  c.region,
-		"disk":    c.disk,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.regionDisks.createSnapshot" call.
+// Do executes the "compute.regionDisks.bulkInsert" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *RegionDisksCreateSnapshotCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *RegionDisksBulkInsertCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -138701,23 +142571,15 @@ func (c *RegionDisksCreateSnapshotCall) Do(opts ...googleapi.CallOption) (*Opera
 	}
 	return ret, nil
 	// {
-	//   "description": "Creates a snapshot of a specified persistent disk. For regular snapshot creation, consider using snapshots.insert instead, as that method supports more features, such as creating snapshots in a project different from the source disk project.",
-	//   "flatPath": "projects/{project}/regions/{region}/disks/{disk}/createSnapshot",
+	//   "description": "Bulk create a set of disks.",
+	//   "flatPath": "projects/{project}/regions/{region}/disks/bulkInsert",
 	//   "httpMethod": "POST",
-	//   "id": "compute.regionDisks.createSnapshot",
+	//   "id": "compute.regionDisks.bulkInsert",
 	//   "parameterOrder": [
 	//     "project",
-	//     "region",
-	//     "disk"
+	//     "region"
 	//   ],
 	//   "parameters": {
-	//     "disk": {
-	//       "description": "Name of the regional persistent disk to snapshot.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-	//       "required": true,
-	//       "type": "string"
-	//     },
 	//     "project": {
 	//       "description": "Project ID for this request.",
 	//       "location": "path",
@@ -138726,7 +142588,7 @@ func (c *RegionDisksCreateSnapshotCall) Do(opts ...googleapi.CallOption) (*Opera
 	//       "type": "string"
 	//     },
 	//     "region": {
-	//       "description": "Name of the region for this request.",
+	//       "description": "The name of the region for this request.",
 	//       "location": "path",
 	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
 	//       "required": true,
@@ -138738,9 +142600,9 @@ func (c *RegionDisksCreateSnapshotCall) Do(opts ...googleapi.CallOption) (*Opera
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/regions/{region}/disks/{disk}/createSnapshot",
+	//   "path": "projects/{project}/regions/{region}/disks/bulkInsert",
 	//   "request": {
-	//     "$ref": "Snapshot"
+	//     "$ref": "BulkInsertDiskResource"
 	//   },
 	//   "response": {
 	//     "$ref": "Operation"
@@ -138753,31 +142615,33 @@ func (c *RegionDisksCreateSnapshotCall) Do(opts ...googleapi.CallOption) (*Opera
 
 }
 
-// method id "compute.regionDisks.delete":
+// method id "compute.regionDisks.createSnapshot":
 
-type RegionDisksDeleteCall struct {
+type RegionDisksCreateSnapshotCall struct {
 	s          *Service
 	project    string
 	region     string
 	disk       string
+	snapshot   *Snapshot
 	urlParams_ gensupport.URLParams
 	ctx_       context.Context
 	header_    http.Header
 }
 
-// Delete: Deletes the specified regional persistent disk. Deleting a
-// regional disk removes all the replicas of its data permanently and is
-// irreversible. However, deleting a disk does not delete any snapshots
-// previously made from the disk. You must separately delete snapshots.
+// CreateSnapshot: Creates a snapshot of a specified persistent disk.
+// For regular snapshot creation, consider using snapshots.insert
+// instead, as that method supports more features, such as creating
+// snapshots in a project different from the source disk project.
 //
-// - disk: Name of the regional persistent disk to delete.
+// - disk: Name of the regional persistent disk to snapshot.
 // - project: Project ID for this request.
 // - region: Name of the region for this request.
-func (r *RegionDisksService) Delete(project string, region string, disk string) *RegionDisksDeleteCall {
-	c := &RegionDisksDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+func (r *RegionDisksService) CreateSnapshot(project string, region string, disk string, snapshot *Snapshot) *RegionDisksCreateSnapshotCall {
+	c := &RegionDisksCreateSnapshotCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.region = region
 	c.disk = disk
+	c.snapshot = snapshot
 	return c
 }
 
@@ -138792,7 +142656,7 @@ func (r *RegionDisksService) Delete(project string, region string, disk string)
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *RegionDisksDeleteCall) RequestId(requestId string) *RegionDisksDeleteCall {
+func (c *RegionDisksCreateSnapshotCall) RequestId(requestId string) *RegionDisksCreateSnapshotCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -138800,7 +142664,7 @@ func (c *RegionDisksDeleteCall) RequestId(requestId string) *RegionDisksDeleteCa
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *RegionDisksDeleteCall) Fields(s ...googleapi.Field) *RegionDisksDeleteCall {
+func (c *RegionDisksCreateSnapshotCall) Fields(s ...googleapi.Field) *RegionDisksCreateSnapshotCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -138808,21 +142672,21 @@ func (c *RegionDisksDeleteCall) Fields(s ...googleapi.Field) *RegionDisksDeleteC
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *RegionDisksDeleteCall) Context(ctx context.Context) *RegionDisksDeleteCall {
+func (c *RegionDisksCreateSnapshotCall) Context(ctx context.Context) *RegionDisksCreateSnapshotCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *RegionDisksDeleteCall) Header() http.Header {
+func (c *RegionDisksCreateSnapshotCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *RegionDisksDeleteCall) doRequest(alt string) (*http.Response, error) {
+func (c *RegionDisksCreateSnapshotCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -138830,11 +142694,16 @@ func (c *RegionDisksDeleteCall) doRequest(alt string) (*http.Response, error) {
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.snapshot)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/disks/{disk}")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/disks/{disk}/createSnapshot")
 	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("DELETE", urls, body)
+	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
 		return nil, err
 	}
@@ -138847,14 +142716,198 @@ func (c *RegionDisksDeleteCall) doRequest(alt string) (*http.Response, error) {
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.regionDisks.delete" call.
+// Do executes the "compute.regionDisks.createSnapshot" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *RegionDisksDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *RegionDisksCreateSnapshotCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Creates a snapshot of a specified persistent disk. For regular snapshot creation, consider using snapshots.insert instead, as that method supports more features, such as creating snapshots in a project different from the source disk project.",
+	//   "flatPath": "projects/{project}/regions/{region}/disks/{disk}/createSnapshot",
+	//   "httpMethod": "POST",
+	//   "id": "compute.regionDisks.createSnapshot",
+	//   "parameterOrder": [
+	//     "project",
+	//     "region",
+	//     "disk"
+	//   ],
+	//   "parameters": {
+	//     "disk": {
+	//       "description": "Name of the regional persistent disk to snapshot.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "region": {
+	//       "description": "Name of the region for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/regions/{region}/disks/{disk}/createSnapshot",
+	//   "request": {
+	//     "$ref": "Snapshot"
+	//   },
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.regionDisks.delete":
+
+type RegionDisksDeleteCall struct {
+	s          *Service
+	project    string
+	region     string
+	disk       string
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
+}
+
+// Delete: Deletes the specified regional persistent disk. Deleting a
+// regional disk removes all the replicas of its data permanently and is
+// irreversible. However, deleting a disk does not delete any snapshots
+// previously made from the disk. You must separately delete snapshots.
+//
+// - disk: Name of the regional persistent disk to delete.
+// - project: Project ID for this request.
+// - region: Name of the region for this request.
+func (r *RegionDisksService) Delete(project string, region string, disk string) *RegionDisksDeleteCall {
+	c := &RegionDisksDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.region = region
+	c.disk = disk
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *RegionDisksDeleteCall) RequestId(requestId string) *RegionDisksDeleteCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *RegionDisksDeleteCall) Fields(s ...googleapi.Field) *RegionDisksDeleteCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *RegionDisksDeleteCall) Context(ctx context.Context) *RegionDisksDeleteCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *RegionDisksDeleteCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *RegionDisksDeleteCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/disks/{disk}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("DELETE", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+		"region":  c.region,
+		"disk":    c.disk,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.regionDisks.delete" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *RegionDisksDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -139946,9 +143999,742 @@ func (c *RegionDisksRemoveResourcePoliciesCall) Do(opts ...googleapi.CallOption)
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/regions/{region}/disks/{disk}/removeResourcePolicies",
+	//   "path": "projects/{project}/regions/{region}/disks/{disk}/removeResourcePolicies",
+	//   "request": {
+	//     "$ref": "RegionDisksRemoveResourcePoliciesRequest"
+	//   },
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.regionDisks.resize":
+
+type RegionDisksResizeCall struct {
+	s                        *Service
+	project                  string
+	region                   string
+	disk                     string
+	regiondisksresizerequest *RegionDisksResizeRequest
+	urlParams_               gensupport.URLParams
+	ctx_                     context.Context
+	header_                  http.Header
+}
+
+// Resize: Resizes the specified regional persistent disk.
+//
+// - disk: Name of the regional persistent disk.
+// - project: The project ID for this request.
+// - region: Name of the region for this request.
+func (r *RegionDisksService) Resize(project string, region string, disk string, regiondisksresizerequest *RegionDisksResizeRequest) *RegionDisksResizeCall {
+	c := &RegionDisksResizeCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.region = region
+	c.disk = disk
+	c.regiondisksresizerequest = regiondisksresizerequest
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *RegionDisksResizeCall) RequestId(requestId string) *RegionDisksResizeCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *RegionDisksResizeCall) Fields(s ...googleapi.Field) *RegionDisksResizeCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *RegionDisksResizeCall) Context(ctx context.Context) *RegionDisksResizeCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *RegionDisksResizeCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *RegionDisksResizeCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.regiondisksresizerequest)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/disks/{disk}/resize")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+		"region":  c.region,
+		"disk":    c.disk,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.regionDisks.resize" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *RegionDisksResizeCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Resizes the specified regional persistent disk.",
+	//   "flatPath": "projects/{project}/regions/{region}/disks/{disk}/resize",
+	//   "httpMethod": "POST",
+	//   "id": "compute.regionDisks.resize",
+	//   "parameterOrder": [
+	//     "project",
+	//     "region",
+	//     "disk"
+	//   ],
+	//   "parameters": {
+	//     "disk": {
+	//       "description": "Name of the regional persistent disk.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "The project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "region": {
+	//       "description": "Name of the region for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/regions/{region}/disks/{disk}/resize",
+	//   "request": {
+	//     "$ref": "RegionDisksResizeRequest"
+	//   },
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.regionDisks.setIamPolicy":
+
+type RegionDisksSetIamPolicyCall struct {
+	s                      *Service
+	project                string
+	region                 string
+	resource               string
+	regionsetpolicyrequest *RegionSetPolicyRequest
+	urlParams_             gensupport.URLParams
+	ctx_                   context.Context
+	header_                http.Header
+}
+
+// SetIamPolicy: Sets the access control policy on the specified
+// resource. Replaces any existing policy.
+//
+// - project: Project ID for this request.
+// - region: The name of the region for this request.
+// - resource: Name or id of the resource for this request.
+func (r *RegionDisksService) SetIamPolicy(project string, region string, resource string, regionsetpolicyrequest *RegionSetPolicyRequest) *RegionDisksSetIamPolicyCall {
+	c := &RegionDisksSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.region = region
+	c.resource = resource
+	c.regionsetpolicyrequest = regionsetpolicyrequest
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *RegionDisksSetIamPolicyCall) Fields(s ...googleapi.Field) *RegionDisksSetIamPolicyCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *RegionDisksSetIamPolicyCall) Context(ctx context.Context) *RegionDisksSetIamPolicyCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *RegionDisksSetIamPolicyCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *RegionDisksSetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.regionsetpolicyrequest)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/disks/{resource}/setIamPolicy")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":  c.project,
+		"region":   c.region,
+		"resource": c.resource,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.regionDisks.setIamPolicy" call.
+// Exactly one of *Policy or error will be non-nil. Any non-2xx status
+// code is an error. Response headers are in either
+// *Policy.ServerResponse.Header or (if a response was returned at all)
+// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
+// check whether the returned error was because http.StatusNotModified
+// was returned.
+func (c *RegionDisksSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Policy{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Sets the access control policy on the specified resource. Replaces any existing policy.",
+	//   "flatPath": "projects/{project}/regions/{region}/disks/{resource}/setIamPolicy",
+	//   "httpMethod": "POST",
+	//   "id": "compute.regionDisks.setIamPolicy",
+	//   "parameterOrder": [
+	//     "project",
+	//     "region",
+	//     "resource"
+	//   ],
+	//   "parameters": {
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "region": {
+	//       "description": "The name of the region for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "resource": {
+	//       "description": "Name or id of the resource for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/regions/{region}/disks/{resource}/setIamPolicy",
+	//   "request": {
+	//     "$ref": "RegionSetPolicyRequest"
+	//   },
+	//   "response": {
+	//     "$ref": "Policy"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.regionDisks.setLabels":
+
+type RegionDisksSetLabelsCall struct {
+	s                      *Service
+	project                string
+	region                 string
+	resource               string
+	regionsetlabelsrequest *RegionSetLabelsRequest
+	urlParams_             gensupport.URLParams
+	ctx_                   context.Context
+	header_                http.Header
+}
+
+// SetLabels: Sets the labels on the target regional disk.
+//
+// - project: Project ID for this request.
+// - region: The region for this request.
+// - resource: Name or id of the resource for this request.
+func (r *RegionDisksService) SetLabels(project string, region string, resource string, regionsetlabelsrequest *RegionSetLabelsRequest) *RegionDisksSetLabelsCall {
+	c := &RegionDisksSetLabelsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.region = region
+	c.resource = resource
+	c.regionsetlabelsrequest = regionsetlabelsrequest
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *RegionDisksSetLabelsCall) RequestId(requestId string) *RegionDisksSetLabelsCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *RegionDisksSetLabelsCall) Fields(s ...googleapi.Field) *RegionDisksSetLabelsCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *RegionDisksSetLabelsCall) Context(ctx context.Context) *RegionDisksSetLabelsCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *RegionDisksSetLabelsCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *RegionDisksSetLabelsCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.regionsetlabelsrequest)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/disks/{resource}/setLabels")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":  c.project,
+		"region":   c.region,
+		"resource": c.resource,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.regionDisks.setLabels" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *RegionDisksSetLabelsCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Sets the labels on the target regional disk.",
+	//   "flatPath": "projects/{project}/regions/{region}/disks/{resource}/setLabels",
+	//   "httpMethod": "POST",
+	//   "id": "compute.regionDisks.setLabels",
+	//   "parameterOrder": [
+	//     "project",
+	//     "region",
+	//     "resource"
+	//   ],
+	//   "parameters": {
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "region": {
+	//       "description": "The region for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "resource": {
+	//       "description": "Name or id of the resource for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/regions/{region}/disks/{resource}/setLabels",
+	//   "request": {
+	//     "$ref": "RegionSetLabelsRequest"
+	//   },
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.regionDisks.startAsyncReplication":
+
+type RegionDisksStartAsyncReplicationCall struct {
+	s                                       *Service
+	project                                 string
+	region                                  string
+	disk                                    string
+	regiondisksstartasyncreplicationrequest *RegionDisksStartAsyncReplicationRequest
+	urlParams_                              gensupport.URLParams
+	ctx_                                    context.Context
+	header_                                 http.Header
+}
+
+// StartAsyncReplication: Starts asynchronous replication. Must be
+// invoked on the primary disk.
+//
+// - disk: The name of the persistent disk.
+// - project: Project ID for this request.
+// - region: The name of the region for this request.
+func (r *RegionDisksService) StartAsyncReplication(project string, region string, disk string, regiondisksstartasyncreplicationrequest *RegionDisksStartAsyncReplicationRequest) *RegionDisksStartAsyncReplicationCall {
+	c := &RegionDisksStartAsyncReplicationCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.region = region
+	c.disk = disk
+	c.regiondisksstartasyncreplicationrequest = regiondisksstartasyncreplicationrequest
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *RegionDisksStartAsyncReplicationCall) RequestId(requestId string) *RegionDisksStartAsyncReplicationCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *RegionDisksStartAsyncReplicationCall) Fields(s ...googleapi.Field) *RegionDisksStartAsyncReplicationCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *RegionDisksStartAsyncReplicationCall) Context(ctx context.Context) *RegionDisksStartAsyncReplicationCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *RegionDisksStartAsyncReplicationCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *RegionDisksStartAsyncReplicationCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.regiondisksstartasyncreplicationrequest)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/disks/{disk}/startAsyncReplication")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("POST", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+		"region":  c.region,
+		"disk":    c.disk,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.regionDisks.startAsyncReplication" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *RegionDisksStartAsyncReplicationCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Starts asynchronous replication. Must be invoked on the primary disk.",
+	//   "flatPath": "projects/{project}/regions/{region}/disks/{disk}/startAsyncReplication",
+	//   "httpMethod": "POST",
+	//   "id": "compute.regionDisks.startAsyncReplication",
+	//   "parameterOrder": [
+	//     "project",
+	//     "region",
+	//     "disk"
+	//   ],
+	//   "parameters": {
+	//     "disk": {
+	//       "description": "The name of the persistent disk.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "region": {
+	//       "description": "The name of the region for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/regions/{region}/disks/{disk}/startAsyncReplication",
 	//   "request": {
-	//     "$ref": "RegionDisksRemoveResourcePoliciesRequest"
+	//     "$ref": "RegionDisksStartAsyncReplicationRequest"
 	//   },
 	//   "response": {
 	//     "$ref": "Operation"
@@ -139961,30 +144747,29 @@ func (c *RegionDisksRemoveResourcePoliciesCall) Do(opts ...googleapi.CallOption)
 
 }
 
-// method id "compute.regionDisks.resize":
+// method id "compute.regionDisks.stopAsyncReplication":
 
-type RegionDisksResizeCall struct {
-	s                        *Service
-	project                  string
-	region                   string
-	disk                     string
-	regiondisksresizerequest *RegionDisksResizeRequest
-	urlParams_               gensupport.URLParams
-	ctx_                     context.Context
-	header_                  http.Header
+type RegionDisksStopAsyncReplicationCall struct {
+	s          *Service
+	project    string
+	region     string
+	disk       string
+	urlParams_ gensupport.URLParams
+	ctx_       context.Context
+	header_    http.Header
 }
 
-// Resize: Resizes the specified regional persistent disk.
+// StopAsyncReplication: Stops asynchronous replication. Can be invoked
+// either on the primary or on the secondary disk.
 //
-// - disk: Name of the regional persistent disk.
-// - project: The project ID for this request.
-// - region: Name of the region for this request.
-func (r *RegionDisksService) Resize(project string, region string, disk string, regiondisksresizerequest *RegionDisksResizeRequest) *RegionDisksResizeCall {
-	c := &RegionDisksResizeCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+// - disk: The name of the persistent disk.
+// - project: Project ID for this request.
+// - region: The name of the region for this request.
+func (r *RegionDisksService) StopAsyncReplication(project string, region string, disk string) *RegionDisksStopAsyncReplicationCall {
+	c := &RegionDisksStopAsyncReplicationCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.region = region
 	c.disk = disk
-	c.regiondisksresizerequest = regiondisksresizerequest
 	return c
 }
 
@@ -139999,7 +144784,7 @@ func (r *RegionDisksService) Resize(project string, region string, disk string,
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *RegionDisksResizeCall) RequestId(requestId string) *RegionDisksResizeCall {
+func (c *RegionDisksStopAsyncReplicationCall) RequestId(requestId string) *RegionDisksStopAsyncReplicationCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -140007,7 +144792,7 @@ func (c *RegionDisksResizeCall) RequestId(requestId string) *RegionDisksResizeCa
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *RegionDisksResizeCall) Fields(s ...googleapi.Field) *RegionDisksResizeCall {
+func (c *RegionDisksStopAsyncReplicationCall) Fields(s ...googleapi.Field) *RegionDisksStopAsyncReplicationCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -140015,21 +144800,21 @@ func (c *RegionDisksResizeCall) Fields(s ...googleapi.Field) *RegionDisksResizeC
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *RegionDisksResizeCall) Context(ctx context.Context) *RegionDisksResizeCall {
+func (c *RegionDisksStopAsyncReplicationCall) Context(ctx context.Context) *RegionDisksStopAsyncReplicationCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *RegionDisksResizeCall) Header() http.Header {
+func (c *RegionDisksStopAsyncReplicationCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *RegionDisksResizeCall) doRequest(alt string) (*http.Response, error) {
+func (c *RegionDisksStopAsyncReplicationCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -140037,14 +144822,9 @@ func (c *RegionDisksResizeCall) doRequest(alt string) (*http.Response, error) {
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.regiondisksresizerequest)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/disks/{disk}/resize")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/disks/{disk}/stopAsyncReplication")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -140059,14 +144839,14 @@ func (c *RegionDisksResizeCall) doRequest(alt string) (*http.Response, error) {
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.regionDisks.resize" call.
+// Do executes the "compute.regionDisks.stopAsyncReplication" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *RegionDisksResizeCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *RegionDisksStopAsyncReplicationCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -140097,10 +144877,10 @@ func (c *RegionDisksResizeCall) Do(opts ...googleapi.CallOption) (*Operation, er
 	}
 	return ret, nil
 	// {
-	//   "description": "Resizes the specified regional persistent disk.",
-	//   "flatPath": "projects/{project}/regions/{region}/disks/{disk}/resize",
+	//   "description": "Stops asynchronous replication. Can be invoked either on the primary or on the secondary disk.",
+	//   "flatPath": "projects/{project}/regions/{region}/disks/{disk}/stopAsyncReplication",
 	//   "httpMethod": "POST",
-	//   "id": "compute.regionDisks.resize",
+	//   "id": "compute.regionDisks.stopAsyncReplication",
 	//   "parameterOrder": [
 	//     "project",
 	//     "region",
@@ -140108,21 +144888,21 @@ func (c *RegionDisksResizeCall) Do(opts ...googleapi.CallOption) (*Operation, er
 	//   ],
 	//   "parameters": {
 	//     "disk": {
-	//       "description": "Name of the regional persistent disk.",
+	//       "description": "The name of the persistent disk.",
 	//       "location": "path",
 	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 	//       "required": true,
 	//       "type": "string"
 	//     },
 	//     "project": {
-	//       "description": "The project ID for this request.",
+	//       "description": "Project ID for this request.",
 	//       "location": "path",
 	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
 	//       "required": true,
 	//       "type": "string"
 	//     },
 	//     "region": {
-	//       "description": "Name of the region for this request.",
+	//       "description": "The name of the region for this request.",
 	//       "location": "path",
 	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
 	//       "required": true,
@@ -140134,10 +144914,7 @@ func (c *RegionDisksResizeCall) Do(opts ...googleapi.CallOption) (*Operation, er
 	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/regions/{region}/disks/{disk}/resize",
-	//   "request": {
-	//     "$ref": "RegionDisksResizeRequest"
-	//   },
+	//   "path": "projects/{project}/regions/{region}/disks/{disk}/stopAsyncReplication",
 	//   "response": {
 	//     "$ref": "Operation"
 	//   },
@@ -140149,198 +144926,30 @@ func (c *RegionDisksResizeCall) Do(opts ...googleapi.CallOption) (*Operation, er
 
 }
 
-// method id "compute.regionDisks.setIamPolicy":
+// method id "compute.regionDisks.stopGroupAsyncReplication":
 
-type RegionDisksSetIamPolicyCall struct {
-	s                      *Service
-	project                string
-	region                 string
-	resource               string
-	regionsetpolicyrequest *RegionSetPolicyRequest
-	urlParams_             gensupport.URLParams
-	ctx_                   context.Context
-	header_                http.Header
-}
-
-// SetIamPolicy: Sets the access control policy on the specified
-// resource. Replaces any existing policy.
-//
-// - project: Project ID for this request.
-// - region: The name of the region for this request.
-// - resource: Name or id of the resource for this request.
-func (r *RegionDisksService) SetIamPolicy(project string, region string, resource string, regionsetpolicyrequest *RegionSetPolicyRequest) *RegionDisksSetIamPolicyCall {
-	c := &RegionDisksSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.project = project
-	c.region = region
-	c.resource = resource
-	c.regionsetpolicyrequest = regionsetpolicyrequest
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *RegionDisksSetIamPolicyCall) Fields(s ...googleapi.Field) *RegionDisksSetIamPolicyCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *RegionDisksSetIamPolicyCall) Context(ctx context.Context) *RegionDisksSetIamPolicyCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *RegionDisksSetIamPolicyCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *RegionDisksSetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.regionsetpolicyrequest)
-	if err != nil {
-		return nil, err
-	}
-	reqHeaders.Set("Content-Type", "application/json")
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/disks/{resource}/setIamPolicy")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("POST", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"project":  c.project,
-		"region":   c.region,
-		"resource": c.resource,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "compute.regionDisks.setIamPolicy" call.
-// Exactly one of *Policy or error will be non-nil. Any non-2xx status
-// code is an error. Response headers are in either
-// *Policy.ServerResponse.Header or (if a response was returned at all)
-// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
-// check whether the returned error was because http.StatusNotModified
-// was returned.
-func (c *RegionDisksSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &Policy{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "Sets the access control policy on the specified resource. Replaces any existing policy.",
-	//   "flatPath": "projects/{project}/regions/{region}/disks/{resource}/setIamPolicy",
-	//   "httpMethod": "POST",
-	//   "id": "compute.regionDisks.setIamPolicy",
-	//   "parameterOrder": [
-	//     "project",
-	//     "region",
-	//     "resource"
-	//   ],
-	//   "parameters": {
-	//     "project": {
-	//       "description": "Project ID for this request.",
-	//       "location": "path",
-	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "region": {
-	//       "description": "The name of the region for this request.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-	//       "required": true,
-	//       "type": "string"
-	//     },
-	//     "resource": {
-	//       "description": "Name or id of the resource for this request.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-	//       "required": true,
-	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "projects/{project}/regions/{region}/disks/{resource}/setIamPolicy",
-	//   "request": {
-	//     "$ref": "RegionSetPolicyRequest"
-	//   },
-	//   "response": {
-	//     "$ref": "Policy"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/compute"
-	//   ]
-	// }
-
-}
-
-// method id "compute.regionDisks.setLabels":
-
-type RegionDisksSetLabelsCall struct {
-	s                      *Service
-	project                string
-	region                 string
-	resource               string
-	regionsetlabelsrequest *RegionSetLabelsRequest
-	urlParams_             gensupport.URLParams
-	ctx_                   context.Context
-	header_                http.Header
+type RegionDisksStopGroupAsyncReplicationCall struct {
+	s                                      *Service
+	project                                string
+	region                                 string
+	disksstopgroupasyncreplicationresource *DisksStopGroupAsyncReplicationResource
+	urlParams_                             gensupport.URLParams
+	ctx_                                   context.Context
+	header_                                http.Header
 }
 
-// SetLabels: Sets the labels on the target regional disk.
+// StopGroupAsyncReplication: Stops asynchronous replication for a
+// consistency group of disks. Can be invoked either in the primary or
+// secondary scope.
 //
-// - project: Project ID for this request.
-// - region: The region for this request.
-// - resource: Name or id of the resource for this request.
-func (r *RegionDisksService) SetLabels(project string, region string, resource string, regionsetlabelsrequest *RegionSetLabelsRequest) *RegionDisksSetLabelsCall {
-	c := &RegionDisksSetLabelsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+//   - project: Project ID for this request.
+//   - region: The name of the region for this request. This must be the
+//     region of the primary or secondary disks in the consistency group.
+func (r *RegionDisksService) StopGroupAsyncReplication(project string, region string, disksstopgroupasyncreplicationresource *DisksStopGroupAsyncReplicationResource) *RegionDisksStopGroupAsyncReplicationCall {
+	c := &RegionDisksStopGroupAsyncReplicationCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 	c.project = project
 	c.region = region
-	c.resource = resource
-	c.regionsetlabelsrequest = regionsetlabelsrequest
+	c.disksstopgroupasyncreplicationresource = disksstopgroupasyncreplicationresource
 	return c
 }
 
@@ -140355,7 +144964,7 @@ func (r *RegionDisksService) SetLabels(project string, region string, resource s
 // clients from accidentally creating duplicate commitments. The request
 // ID must be a valid UUID with the exception that zero UUID is not
 // supported ( 00000000-0000-0000-0000-000000000000).
-func (c *RegionDisksSetLabelsCall) RequestId(requestId string) *RegionDisksSetLabelsCall {
+func (c *RegionDisksStopGroupAsyncReplicationCall) RequestId(requestId string) *RegionDisksStopGroupAsyncReplicationCall {
 	c.urlParams_.Set("requestId", requestId)
 	return c
 }
@@ -140363,7 +144972,7 @@ func (c *RegionDisksSetLabelsCall) RequestId(requestId string) *RegionDisksSetLa
 // Fields allows partial responses to be retrieved. See
 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
 // for more information.
-func (c *RegionDisksSetLabelsCall) Fields(s ...googleapi.Field) *RegionDisksSetLabelsCall {
+func (c *RegionDisksStopGroupAsyncReplicationCall) Fields(s ...googleapi.Field) *RegionDisksStopGroupAsyncReplicationCall {
 	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 	return c
 }
@@ -140371,21 +144980,21 @@ func (c *RegionDisksSetLabelsCall) Fields(s ...googleapi.Field) *RegionDisksSetL
 // Context sets the context to be used in this call's Do method. Any
 // pending HTTP request will be aborted if the provided context is
 // canceled.
-func (c *RegionDisksSetLabelsCall) Context(ctx context.Context) *RegionDisksSetLabelsCall {
+func (c *RegionDisksStopGroupAsyncReplicationCall) Context(ctx context.Context) *RegionDisksStopGroupAsyncReplicationCall {
 	c.ctx_ = ctx
 	return c
 }
 
 // Header returns an http.Header that can be modified by the caller to
 // add HTTP headers to the request.
-func (c *RegionDisksSetLabelsCall) Header() http.Header {
+func (c *RegionDisksStopGroupAsyncReplicationCall) Header() http.Header {
 	if c.header_ == nil {
 		c.header_ = make(http.Header)
 	}
 	return c.header_
 }
 
-func (c *RegionDisksSetLabelsCall) doRequest(alt string) (*http.Response, error) {
+func (c *RegionDisksStopGroupAsyncReplicationCall) doRequest(alt string) (*http.Response, error) {
 	reqHeaders := make(http.Header)
 	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
 	for k, v := range c.header_ {
@@ -140393,14 +145002,14 @@ func (c *RegionDisksSetLabelsCall) doRequest(alt string) (*http.Response, error)
 	}
 	reqHeaders.Set("User-Agent", c.s.userAgent())
 	var body io.Reader = nil
-	body, err := googleapi.WithoutDataWrapper.JSONReader(c.regionsetlabelsrequest)
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.disksstopgroupasyncreplicationresource)
 	if err != nil {
 		return nil, err
 	}
 	reqHeaders.Set("Content-Type", "application/json")
 	c.urlParams_.Set("alt", alt)
 	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/disks/{resource}/setLabels")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/disks/stopGroupAsyncReplication")
 	urls += "?" + c.urlParams_.Encode()
 	req, err := http.NewRequest("POST", urls, body)
 	if err != nil {
@@ -140408,21 +145017,20 @@ func (c *RegionDisksSetLabelsCall) doRequest(alt string) (*http.Response, error)
 	}
 	req.Header = reqHeaders
 	googleapi.Expand(req.URL, map[string]string{
-		"project":  c.project,
-		"region":   c.region,
-		"resource": c.resource,
+		"project": c.project,
+		"region":  c.region,
 	})
 	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 }
 
-// Do executes the "compute.regionDisks.setLabels" call.
+// Do executes the "compute.regionDisks.stopGroupAsyncReplication" call.
 // Exactly one of *Operation or error will be non-nil. Any non-2xx
 // status code is an error. Response headers are in either
 // *Operation.ServerResponse.Header or (if a response was returned at
 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
 // to check whether the returned error was because
 // http.StatusNotModified was returned.
-func (c *RegionDisksSetLabelsCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+func (c *RegionDisksStopGroupAsyncReplicationCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 	gensupport.SetOptions(c.urlParams_, opts...)
 	res, err := c.doRequest("json")
 	if res != nil && res.StatusCode == http.StatusNotModified {
@@ -140453,14 +145061,13 @@ func (c *RegionDisksSetLabelsCall) Do(opts ...googleapi.CallOption) (*Operation,
 	}
 	return ret, nil
 	// {
-	//   "description": "Sets the labels on the target regional disk.",
-	//   "flatPath": "projects/{project}/regions/{region}/disks/{resource}/setLabels",
+	//   "description": "Stops asynchronous replication for a consistency group of disks. Can be invoked either in the primary or secondary scope.",
+	//   "flatPath": "projects/{project}/regions/{region}/disks/stopGroupAsyncReplication",
 	//   "httpMethod": "POST",
-	//   "id": "compute.regionDisks.setLabels",
+	//   "id": "compute.regionDisks.stopGroupAsyncReplication",
 	//   "parameterOrder": [
 	//     "project",
-	//     "region",
-	//     "resource"
+	//     "region"
 	//   ],
 	//   "parameters": {
 	//     "project": {
@@ -140471,7 +145078,7 @@ func (c *RegionDisksSetLabelsCall) Do(opts ...googleapi.CallOption) (*Operation,
 	//       "type": "string"
 	//     },
 	//     "region": {
-	//       "description": "The region for this request.",
+	//       "description": "The name of the region for this request. This must be the region of the primary or secondary disks in the consistency group.",
 	//       "location": "path",
 	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
 	//       "required": true,
@@ -140481,18 +145088,11 @@ func (c *RegionDisksSetLabelsCall) Do(opts ...googleapi.CallOption) (*Operation,
 	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
 	//       "location": "query",
 	//       "type": "string"
-	//     },
-	//     "resource": {
-	//       "description": "Name or id of the resource for this request.",
-	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-	//       "required": true,
-	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/regions/{region}/disks/{resource}/setLabels",
+	//   "path": "projects/{project}/regions/{region}/disks/stopGroupAsyncReplication",
 	//   "request": {
-	//     "$ref": "RegionSetLabelsRequest"
+	//     "$ref": "DisksStopGroupAsyncReplicationResource"
 	//   },
 	//   "response": {
 	//     "$ref": "Operation"
@@ -142089,8 +146689,7 @@ type RegionHealthChecksGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified HealthCheck resource. Gets a list of
-// available health checks by making a list() request.
+// Get: Returns the specified HealthCheck resource.
 //
 // - healthCheck: Name of the HealthCheck resource to return.
 // - project: Project ID for this request.
@@ -142204,7 +146803,7 @@ func (c *RegionHealthChecksGetCall) Do(opts ...googleapi.CallOption) (*HealthChe
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified HealthCheck resource. Gets a list of available health checks by making a list() request.",
+	//   "description": "Returns the specified HealthCheck resource.",
 	//   "flatPath": "projects/{project}/regions/{region}/healthChecks/{healthCheck}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.regionHealthChecks.get",
@@ -148232,8 +152831,7 @@ type RegionInstanceTemplatesGetCall struct {
 	header_          http.Header
 }
 
-// Get: Returns the specified instance template. Gets a list of
-// available instance templates by making a list() request.
+// Get: Returns the specified instance template.
 //
 // - instanceTemplate: The name of the instance template.
 // - project: Project ID for this request.
@@ -148347,7 +152945,7 @@ func (c *RegionInstanceTemplatesGetCall) Do(opts ...googleapi.CallOption) (*Inst
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified instance template. Gets a list of available instance templates by making a list() request.",
+	//   "description": "Returns the specified instance template.",
 	//   "flatPath": "projects/{project}/regions/{region}/instanceTemplates/{instanceTemplate}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.regionInstanceTemplates.get",
@@ -149232,8 +153830,7 @@ type RegionNetworkEndpointGroupsGetCall struct {
 	header_              http.Header
 }
 
-// Get: Returns the specified network endpoint group. Gets a list of
-// available network endpoint groups by making a list() request.
+// Get: Returns the specified network endpoint group.
 //
 //   - networkEndpointGroup: The name of the network endpoint group. It
 //     should comply with RFC1035.
@@ -149349,7 +153946,7 @@ func (c *RegionNetworkEndpointGroupsGetCall) Do(opts ...googleapi.CallOption) (*
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified network endpoint group. Gets a list of available network endpoint groups by making a list() request.",
+	//   "description": "Returns the specified network endpoint group.",
 	//   "flatPath": "projects/{project}/regions/{region}/networkEndpointGroups/{networkEndpointGroup}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.regionNetworkEndpointGroups.get",
@@ -155560,7 +160157,7 @@ type RegionSecurityPoliciesPatchCall struct {
 }
 
 // Patch: Patches the specified policy with the data included in the
-// request. To clear fields in the rule, leave the fields empty and
+// request. To clear fields in the policy, leave the fields empty and
 // specify them in the updateMask. This cannot be used to be update the
 // rules in the policy. Please use the per rule methods like addRule,
 // patchRule, and removeRule instead.
@@ -155686,7 +160283,7 @@ func (c *RegionSecurityPoliciesPatchCall) Do(opts ...googleapi.CallOption) (*Ope
 	}
 	return ret, nil
 	// {
-	//   "description": "Patches the specified policy with the data included in the request. To clear fields in the rule, leave the fields empty and specify them in the updateMask. This cannot be used to be update the rules in the policy. Please use the per rule methods like addRule, patchRule, and removeRule instead.",
+	//   "description": "Patches the specified policy with the data included in the request. To clear fields in the policy, leave the fields empty and specify them in the updateMask. This cannot be used to be update the rules in the policy. Please use the per rule methods like addRule, patchRule, and removeRule instead.",
 	//   "flatPath": "projects/{project}/regions/{region}/securityPolicies/{securityPolicy}",
 	//   "httpMethod": "PATCH",
 	//   "id": "compute.regionSecurityPolicies.patch",
@@ -158035,8 +162632,7 @@ type RegionTargetHttpProxiesGetCall struct {
 }
 
 // Get: Returns the specified TargetHttpProxy resource in the specified
-// region. Gets a list of available target HTTP proxies by making a
-// list() request.
+// region.
 //
 // - project: Project ID for this request.
 // - region: Name of the region scoping this request.
@@ -158150,7 +162746,7 @@ func (c *RegionTargetHttpProxiesGetCall) Do(opts ...googleapi.CallOption) (*Targ
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified TargetHttpProxy resource in the specified region. Gets a list of available target HTTP proxies by making a list() request.",
+	//   "description": "Returns the specified TargetHttpProxy resource in the specified region.",
 	//   "flatPath": "projects/{project}/regions/{region}/targetHttpProxies/{targetHttpProxy}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.regionTargetHttpProxies.get",
@@ -159044,8 +163640,7 @@ type RegionTargetHttpsProxiesGetCall struct {
 }
 
 // Get: Returns the specified TargetHttpsProxy resource in the specified
-// region. Gets a list of available target HTTP proxies by making a
-// list() request.
+// region.
 //
 // - project: Project ID for this request.
 // - region: Name of the region scoping this request.
@@ -159159,7 +163754,7 @@ func (c *RegionTargetHttpsProxiesGetCall) Do(opts ...googleapi.CallOption) (*Tar
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified TargetHttpsProxy resource in the specified region. Gets a list of available target HTTP proxies by making a list() request.",
+	//   "description": "Returns the specified TargetHttpsProxy resource in the specified region.",
 	//   "flatPath": "projects/{project}/regions/{region}/targetHttpsProxies/{targetHttpsProxy}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.regionTargetHttpsProxies.get",
@@ -161242,8 +165837,7 @@ type RegionUrlMapsGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified UrlMap resource. Gets a list of available
-// URL maps by making a list() request.
+// Get: Returns the specified UrlMap resource.
 //
 // - project: Project ID for this request.
 // - region: Name of the region scoping this request.
@@ -161357,7 +165951,7 @@ func (c *RegionUrlMapsGetCall) Do(opts ...googleapi.CallOption) (*UrlMap, error)
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified UrlMap resource. Gets a list of available URL maps by making a list() request.",
+	//   "description": "Returns the specified UrlMap resource.",
 	//   "flatPath": "projects/{project}/regions/{region}/urlMaps/{urlMap}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.regionUrlMaps.get",
@@ -162404,10 +166998,9 @@ type RegionsGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified Region resource. Gets a list of available
-// regions by making a list() request. To decrease latency for this
-// method, you can optionally omit any unneeded information from the
-// response by using a field mask. This practice is especially
+// Get: Returns the specified Region resource. To decrease latency for
+// this method, you can optionally omit any unneeded information from
+// the response by using a field mask. This practice is especially
 // recommended for unused quota information (the `quotas` field). To
 // exclude one or more fields, set your request's `fields` query
 // parameter to only include the fields you need. For example, to only
@@ -162523,7 +167116,7 @@ func (c *RegionsGetCall) Do(opts ...googleapi.CallOption) (*Region, error) {
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified Region resource. Gets a list of available regions by making a list() request. To decrease latency for this method, you can optionally omit any unneeded information from the response by using a field mask. This practice is especially recommended for unused quota information (the `quotas` field). To exclude one or more fields, set your request's `fields` query parameter to only include the fields you need. For example, to only include the `id` and `selfLink` fields, add the query parameter `?fields=id,selfLink` to your request.",
+	//   "description": "Returns the specified Region resource. To decrease latency for this method, you can optionally omit any unneeded information from the response by using a field mask. This practice is especially recommended for unused quota information (the `quotas` field). To exclude one or more fields, set your request's `fields` query parameter to only include the fields you need. For example, to only include the `id` and `selfLink` fields, add the query parameter `?fields=id,selfLink` to your request.",
 	//   "flatPath": "projects/{project}/regions/{region}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.regions.get",
@@ -165853,13 +170446,493 @@ func (c *ResourcePoliciesInsertCall) Do(opts ...googleapi.CallOption) (*Operatio
 	}
 	return ret, nil
 	// {
-	//   "description": "Creates a new resource policy.",
-	//   "flatPath": "projects/{project}/regions/{region}/resourcePolicies",
-	//   "httpMethod": "POST",
-	//   "id": "compute.resourcePolicies.insert",
+	//   "description": "Creates a new resource policy.",
+	//   "flatPath": "projects/{project}/regions/{region}/resourcePolicies",
+	//   "httpMethod": "POST",
+	//   "id": "compute.resourcePolicies.insert",
+	//   "parameterOrder": [
+	//     "project",
+	//     "region"
+	//   ],
+	//   "parameters": {
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "region": {
+	//       "description": "Name of the region for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "requestId": {
+	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+	//       "location": "query",
+	//       "type": "string"
+	//     }
+	//   },
+	//   "path": "projects/{project}/regions/{region}/resourcePolicies",
+	//   "request": {
+	//     "$ref": "ResourcePolicy"
+	//   },
+	//   "response": {
+	//     "$ref": "Operation"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute"
+	//   ]
+	// }
+
+}
+
+// method id "compute.resourcePolicies.list":
+
+type ResourcePoliciesListCall struct {
+	s            *Service
+	project      string
+	region       string
+	urlParams_   gensupport.URLParams
+	ifNoneMatch_ string
+	ctx_         context.Context
+	header_      http.Header
+}
+
+// List: A list all the resource policies that have been configured for
+// the specified project in specified region.
+//
+// - project: Project ID for this request.
+// - region: Name of the region for this request.
+func (r *ResourcePoliciesService) List(project string, region string) *ResourcePoliciesListCall {
+	c := &ResourcePoliciesListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.region = region
+	return c
+}
+
+// Filter sets the optional parameter "filter": A filter expression that
+// filters resources listed in the response. Most Compute resources
+// support two types of filter expressions: expressions that support
+// regular expressions and expressions that follow API improvement
+// proposal AIP-160. If you want to use AIP-160, your expression must
+// specify the field name, an operator, and the value that you want to
+// use for filtering. The value must be a string, a number, or a
+// boolean. The operator must be either `=`, `!=`, `>`, `<`, `<=`, `>=`
+// or `:`. For example, if you are filtering Compute Engine instances,
+// you can exclude instances named `example-instance` by specifying
+// `name != example-instance`. The `:` operator can be used with string
+// fields to match substrings. For non-string fields it is equivalent to
+// the `=` operator. The `:*` comparison can be used to test whether a
+// key has been defined. For example, to find all objects with `owner`
+// label use: ``` labels.owner:* ``` You can also filter nested fields.
+// For example, you could specify `scheduling.automaticRestart = false`
+// to include instances only if they are not scheduled for automatic
+// restarts. You can use filtering on nested fields to filter based on
+// resource labels. To filter on multiple expressions, provide each
+// separate expression within parentheses. For example: ```
+// (scheduling.automaticRestart = true) (cpuPlatform = "Intel Skylake")
+// ``` By default, each expression is an `AND` expression. However, you
+// can include `AND` and `OR` expressions explicitly. For example: ```
+// (cpuPlatform = "Intel Skylake") OR (cpuPlatform = "Intel Broadwell")
+// AND (scheduling.automaticRestart = true) ``` If you want to use a
+// regular expression, use the `eq` (equal) or `ne` (not equal) operator
+// against a single un-parenthesized expression with or without quotes
+// or against multiple parenthesized expressions. Examples: `fieldname
+// eq unquoted literal` `fieldname eq 'single quoted literal'`
+// `fieldname eq "double quoted literal" `(fieldname1 eq literal)
+// (fieldname2 ne "literal")` The literal value is interpreted as a
+// regular expression using Google RE2 library syntax. The literal value
+// must match the entire field. For example, to filter for instances
+// that do not end with name "instance", you would use `name ne
+// .*instance`.
+func (c *ResourcePoliciesListCall) Filter(filter string) *ResourcePoliciesListCall {
+	c.urlParams_.Set("filter", filter)
+	return c
+}
+
+// MaxResults sets the optional parameter "maxResults": The maximum
+// number of results per page that should be returned. If the number of
+// available results is larger than `maxResults`, Compute Engine returns
+// a `nextPageToken` that can be used to get the next page of results in
+// subsequent list requests. Acceptable values are `0` to `500`,
+// inclusive. (Default: `500`)
+func (c *ResourcePoliciesListCall) MaxResults(maxResults int64) *ResourcePoliciesListCall {
+	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
+	return c
+}
+
+// OrderBy sets the optional parameter "orderBy": Sorts list results by
+// a certain order. By default, results are returned in alphanumerical
+// order based on the resource name. You can also sort results in
+// descending order based on the creation timestamp using
+// `orderBy="creationTimestamp desc". This sorts results based on the
+// `creationTimestamp` field in reverse chronological order (newest
+// result first). Use this to sort resources like operations so that the
+// newest operation is returned first. Currently, only sorting by `name`
+// or `creationTimestamp desc` is supported.
+func (c *ResourcePoliciesListCall) OrderBy(orderBy string) *ResourcePoliciesListCall {
+	c.urlParams_.Set("orderBy", orderBy)
+	return c
+}
+
+// PageToken sets the optional parameter "pageToken": Specifies a page
+// token to use. Set `pageToken` to the `nextPageToken` returned by a
+// previous list request to get the next page of results.
+func (c *ResourcePoliciesListCall) PageToken(pageToken string) *ResourcePoliciesListCall {
+	c.urlParams_.Set("pageToken", pageToken)
+	return c
+}
+
+// ReturnPartialSuccess sets the optional parameter
+// "returnPartialSuccess": Opt-in for partial success behavior which
+// provides partial results in case of failure. The default value is
+// false.
+func (c *ResourcePoliciesListCall) ReturnPartialSuccess(returnPartialSuccess bool) *ResourcePoliciesListCall {
+	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ResourcePoliciesListCall) Fields(s ...googleapi.Field) *ResourcePoliciesListCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// IfNoneMatch sets the optional parameter which makes the operation
+// fail if the object's ETag matches the given value. This is useful for
+// getting updates only after the object has changed since the last
+// request. Use googleapi.IsNotModified to check whether the response
+// error from Do is the result of In-None-Match.
+func (c *ResourcePoliciesListCall) IfNoneMatch(entityTag string) *ResourcePoliciesListCall {
+	c.ifNoneMatch_ = entityTag
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *ResourcePoliciesListCall) Context(ctx context.Context) *ResourcePoliciesListCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ResourcePoliciesListCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ResourcePoliciesListCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	if c.ifNoneMatch_ != "" {
+		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
+	}
+	var body io.Reader = nil
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/resourcePolicies")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("GET", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project": c.project,
+		"region":  c.region,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.resourcePolicies.list" call.
+// Exactly one of *ResourcePolicyList or error will be non-nil. Any
+// non-2xx status code is an error. Response headers are in either
+// *ResourcePolicyList.ServerResponse.Header or (if a response was
+// returned at all) in error.(*googleapi.Error).Header. Use
+// googleapi.IsNotModified to check whether the returned error was
+// because http.StatusNotModified was returned.
+func (c *ResourcePoliciesListCall) Do(opts ...googleapi.CallOption) (*ResourcePolicyList, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &ResourcePolicyList{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "A list all the resource policies that have been configured for the specified project in specified region.",
+	//   "flatPath": "projects/{project}/regions/{region}/resourcePolicies",
+	//   "httpMethod": "GET",
+	//   "id": "compute.resourcePolicies.list",
+	//   "parameterOrder": [
+	//     "project",
+	//     "region"
+	//   ],
+	//   "parameters": {
+	//     "filter": {
+	//       "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "maxResults": {
+	//       "default": "500",
+	//       "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+	//       "format": "uint32",
+	//       "location": "query",
+	//       "minimum": "0",
+	//       "type": "integer"
+	//     },
+	//     "orderBy": {
+	//       "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "pageToken": {
+	//       "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
+	//     "project": {
+	//       "description": "Project ID for this request.",
+	//       "location": "path",
+	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "region": {
+	//       "description": "Name of the region for this request.",
+	//       "location": "path",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "required": true,
+	//       "type": "string"
+	//     },
+	//     "returnPartialSuccess": {
+	//       "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+	//       "location": "query",
+	//       "type": "boolean"
+	//     }
+	//   },
+	//   "path": "projects/{project}/regions/{region}/resourcePolicies",
+	//   "response": {
+	//     "$ref": "ResourcePolicyList"
+	//   },
+	//   "scopes": [
+	//     "https://www.googleapis.com/auth/cloud-platform",
+	//     "https://www.googleapis.com/auth/compute",
+	//     "https://www.googleapis.com/auth/compute.readonly"
+	//   ]
+	// }
+
+}
+
+// Pages invokes f for each page of results.
+// A non-nil error returned from f will halt the iteration.
+// The provided context supersedes any context provided to the Context method.
+func (c *ResourcePoliciesListCall) Pages(ctx context.Context, f func(*ResourcePolicyList) error) error {
+	c.ctx_ = ctx
+	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
+	for {
+		x, err := c.Do()
+		if err != nil {
+			return err
+		}
+		if err := f(x); err != nil {
+			return err
+		}
+		if x.NextPageToken == "" {
+			return nil
+		}
+		c.PageToken(x.NextPageToken)
+	}
+}
+
+// method id "compute.resourcePolicies.patch":
+
+type ResourcePoliciesPatchCall struct {
+	s              *Service
+	project        string
+	region         string
+	resourcePolicy string
+	resourcepolicy *ResourcePolicy
+	urlParams_     gensupport.URLParams
+	ctx_           context.Context
+	header_        http.Header
+}
+
+// Patch: Modify the specified resource policy.
+//
+// - project: Project ID for this request.
+// - region: Name of the region for this request.
+// - resourcePolicy: Id of the resource policy to patch.
+func (r *ResourcePoliciesService) Patch(project string, region string, resourcePolicy string, resourcepolicy *ResourcePolicy) *ResourcePoliciesPatchCall {
+	c := &ResourcePoliciesPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
+	c.project = project
+	c.region = region
+	c.resourcePolicy = resourcePolicy
+	c.resourcepolicy = resourcepolicy
+	return c
+}
+
+// RequestId sets the optional parameter "requestId": An optional
+// request ID to identify requests. Specify a unique request ID so that
+// if you must retry your request, the server will know to ignore the
+// request if it has already been completed. For example, consider a
+// situation where you make an initial request and the request times
+// out. If you make the request again with the same request ID, the
+// server can check if original operation with the same request ID was
+// received, and if so, will ignore the second request. This prevents
+// clients from accidentally creating duplicate commitments. The request
+// ID must be a valid UUID with the exception that zero UUID is not
+// supported ( 00000000-0000-0000-0000-000000000000).
+func (c *ResourcePoliciesPatchCall) RequestId(requestId string) *ResourcePoliciesPatchCall {
+	c.urlParams_.Set("requestId", requestId)
+	return c
+}
+
+// UpdateMask sets the optional parameter "updateMask": update_mask
+// indicates fields to be updated as part of this request.
+func (c *ResourcePoliciesPatchCall) UpdateMask(updateMask string) *ResourcePoliciesPatchCall {
+	c.urlParams_.Set("updateMask", updateMask)
+	return c
+}
+
+// Fields allows partial responses to be retrieved. See
+// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
+// for more information.
+func (c *ResourcePoliciesPatchCall) Fields(s ...googleapi.Field) *ResourcePoliciesPatchCall {
+	c.urlParams_.Set("fields", googleapi.CombineFields(s))
+	return c
+}
+
+// Context sets the context to be used in this call's Do method. Any
+// pending HTTP request will be aborted if the provided context is
+// canceled.
+func (c *ResourcePoliciesPatchCall) Context(ctx context.Context) *ResourcePoliciesPatchCall {
+	c.ctx_ = ctx
+	return c
+}
+
+// Header returns an http.Header that can be modified by the caller to
+// add HTTP headers to the request.
+func (c *ResourcePoliciesPatchCall) Header() http.Header {
+	if c.header_ == nil {
+		c.header_ = make(http.Header)
+	}
+	return c.header_
+}
+
+func (c *ResourcePoliciesPatchCall) doRequest(alt string) (*http.Response, error) {
+	reqHeaders := make(http.Header)
+	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
+	for k, v := range c.header_ {
+		reqHeaders[k] = v
+	}
+	reqHeaders.Set("User-Agent", c.s.userAgent())
+	var body io.Reader = nil
+	body, err := googleapi.WithoutDataWrapper.JSONReader(c.resourcepolicy)
+	if err != nil {
+		return nil, err
+	}
+	reqHeaders.Set("Content-Type", "application/json")
+	c.urlParams_.Set("alt", alt)
+	c.urlParams_.Set("prettyPrint", "false")
+	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/resourcePolicies/{resourcePolicy}")
+	urls += "?" + c.urlParams_.Encode()
+	req, err := http.NewRequest("PATCH", urls, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header = reqHeaders
+	googleapi.Expand(req.URL, map[string]string{
+		"project":        c.project,
+		"region":         c.region,
+		"resourcePolicy": c.resourcePolicy,
+	})
+	return gensupport.SendRequest(c.ctx_, c.s.client, req)
+}
+
+// Do executes the "compute.resourcePolicies.patch" call.
+// Exactly one of *Operation or error will be non-nil. Any non-2xx
+// status code is an error. Response headers are in either
+// *Operation.ServerResponse.Header or (if a response was returned at
+// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
+// to check whether the returned error was because
+// http.StatusNotModified was returned.
+func (c *ResourcePoliciesPatchCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
+	gensupport.SetOptions(c.urlParams_, opts...)
+	res, err := c.doRequest("json")
+	if res != nil && res.StatusCode == http.StatusNotModified {
+		if res.Body != nil {
+			res.Body.Close()
+		}
+		return nil, gensupport.WrapError(&googleapi.Error{
+			Code:   res.StatusCode,
+			Header: res.Header,
+		})
+	}
+	if err != nil {
+		return nil, err
+	}
+	defer googleapi.CloseBody(res)
+	if err := googleapi.CheckResponse(res); err != nil {
+		return nil, gensupport.WrapError(err)
+	}
+	ret := &Operation{
+		ServerResponse: googleapi.ServerResponse{
+			Header:         res.Header,
+			HTTPStatusCode: res.StatusCode,
+		},
+	}
+	target := &ret
+	if err := gensupport.DecodeResponse(target, res); err != nil {
+		return nil, err
+	}
+	return ret, nil
+	// {
+	//   "description": "Modify the specified resource policy.",
+	//   "flatPath": "projects/{project}/regions/{region}/resourcePolicies/{resourcePolicy}",
+	//   "httpMethod": "PATCH",
+	//   "id": "compute.resourcePolicies.patch",
 	//   "parameterOrder": [
 	//     "project",
-	//     "region"
+	//     "region",
+	//     "resourcePolicy"
 	//   ],
 	//   "parameters": {
 	//     "project": {
@@ -165880,315 +170953,36 @@ func (c *ResourcePoliciesInsertCall) Do(opts ...googleapi.CallOption) (*Operatio
 	//       "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
 	//       "location": "query",
 	//       "type": "string"
-	//     }
-	//   },
-	//   "path": "projects/{project}/regions/{region}/resourcePolicies",
-	//   "request": {
-	//     "$ref": "ResourcePolicy"
-	//   },
-	//   "response": {
-	//     "$ref": "Operation"
-	//   },
-	//   "scopes": [
-	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/compute"
-	//   ]
-	// }
-
-}
-
-// method id "compute.resourcePolicies.list":
-
-type ResourcePoliciesListCall struct {
-	s            *Service
-	project      string
-	region       string
-	urlParams_   gensupport.URLParams
-	ifNoneMatch_ string
-	ctx_         context.Context
-	header_      http.Header
-}
-
-// List: A list all the resource policies that have been configured for
-// the specified project in specified region.
-//
-// - project: Project ID for this request.
-// - region: Name of the region for this request.
-func (r *ResourcePoliciesService) List(project string, region string) *ResourcePoliciesListCall {
-	c := &ResourcePoliciesListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
-	c.project = project
-	c.region = region
-	return c
-}
-
-// Filter sets the optional parameter "filter": A filter expression that
-// filters resources listed in the response. Most Compute resources
-// support two types of filter expressions: expressions that support
-// regular expressions and expressions that follow API improvement
-// proposal AIP-160. If you want to use AIP-160, your expression must
-// specify the field name, an operator, and the value that you want to
-// use for filtering. The value must be a string, a number, or a
-// boolean. The operator must be either `=`, `!=`, `>`, `<`, `<=`, `>=`
-// or `:`. For example, if you are filtering Compute Engine instances,
-// you can exclude instances named `example-instance` by specifying
-// `name != example-instance`. The `:` operator can be used with string
-// fields to match substrings. For non-string fields it is equivalent to
-// the `=` operator. The `:*` comparison can be used to test whether a
-// key has been defined. For example, to find all objects with `owner`
-// label use: ``` labels.owner:* ``` You can also filter nested fields.
-// For example, you could specify `scheduling.automaticRestart = false`
-// to include instances only if they are not scheduled for automatic
-// restarts. You can use filtering on nested fields to filter based on
-// resource labels. To filter on multiple expressions, provide each
-// separate expression within parentheses. For example: ```
-// (scheduling.automaticRestart = true) (cpuPlatform = "Intel Skylake")
-// ``` By default, each expression is an `AND` expression. However, you
-// can include `AND` and `OR` expressions explicitly. For example: ```
-// (cpuPlatform = "Intel Skylake") OR (cpuPlatform = "Intel Broadwell")
-// AND (scheduling.automaticRestart = true) ``` If you want to use a
-// regular expression, use the `eq` (equal) or `ne` (not equal) operator
-// against a single un-parenthesized expression with or without quotes
-// or against multiple parenthesized expressions. Examples: `fieldname
-// eq unquoted literal` `fieldname eq 'single quoted literal'`
-// `fieldname eq "double quoted literal" `(fieldname1 eq literal)
-// (fieldname2 ne "literal")` The literal value is interpreted as a
-// regular expression using Google RE2 library syntax. The literal value
-// must match the entire field. For example, to filter for instances
-// that do not end with name "instance", you would use `name ne
-// .*instance`.
-func (c *ResourcePoliciesListCall) Filter(filter string) *ResourcePoliciesListCall {
-	c.urlParams_.Set("filter", filter)
-	return c
-}
-
-// MaxResults sets the optional parameter "maxResults": The maximum
-// number of results per page that should be returned. If the number of
-// available results is larger than `maxResults`, Compute Engine returns
-// a `nextPageToken` that can be used to get the next page of results in
-// subsequent list requests. Acceptable values are `0` to `500`,
-// inclusive. (Default: `500`)
-func (c *ResourcePoliciesListCall) MaxResults(maxResults int64) *ResourcePoliciesListCall {
-	c.urlParams_.Set("maxResults", fmt.Sprint(maxResults))
-	return c
-}
-
-// OrderBy sets the optional parameter "orderBy": Sorts list results by
-// a certain order. By default, results are returned in alphanumerical
-// order based on the resource name. You can also sort results in
-// descending order based on the creation timestamp using
-// `orderBy="creationTimestamp desc". This sorts results based on the
-// `creationTimestamp` field in reverse chronological order (newest
-// result first). Use this to sort resources like operations so that the
-// newest operation is returned first. Currently, only sorting by `name`
-// or `creationTimestamp desc` is supported.
-func (c *ResourcePoliciesListCall) OrderBy(orderBy string) *ResourcePoliciesListCall {
-	c.urlParams_.Set("orderBy", orderBy)
-	return c
-}
-
-// PageToken sets the optional parameter "pageToken": Specifies a page
-// token to use. Set `pageToken` to the `nextPageToken` returned by a
-// previous list request to get the next page of results.
-func (c *ResourcePoliciesListCall) PageToken(pageToken string) *ResourcePoliciesListCall {
-	c.urlParams_.Set("pageToken", pageToken)
-	return c
-}
-
-// ReturnPartialSuccess sets the optional parameter
-// "returnPartialSuccess": Opt-in for partial success behavior which
-// provides partial results in case of failure. The default value is
-// false.
-func (c *ResourcePoliciesListCall) ReturnPartialSuccess(returnPartialSuccess bool) *ResourcePoliciesListCall {
-	c.urlParams_.Set("returnPartialSuccess", fmt.Sprint(returnPartialSuccess))
-	return c
-}
-
-// Fields allows partial responses to be retrieved. See
-// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
-// for more information.
-func (c *ResourcePoliciesListCall) Fields(s ...googleapi.Field) *ResourcePoliciesListCall {
-	c.urlParams_.Set("fields", googleapi.CombineFields(s))
-	return c
-}
-
-// IfNoneMatch sets the optional parameter which makes the operation
-// fail if the object's ETag matches the given value. This is useful for
-// getting updates only after the object has changed since the last
-// request. Use googleapi.IsNotModified to check whether the response
-// error from Do is the result of In-None-Match.
-func (c *ResourcePoliciesListCall) IfNoneMatch(entityTag string) *ResourcePoliciesListCall {
-	c.ifNoneMatch_ = entityTag
-	return c
-}
-
-// Context sets the context to be used in this call's Do method. Any
-// pending HTTP request will be aborted if the provided context is
-// canceled.
-func (c *ResourcePoliciesListCall) Context(ctx context.Context) *ResourcePoliciesListCall {
-	c.ctx_ = ctx
-	return c
-}
-
-// Header returns an http.Header that can be modified by the caller to
-// add HTTP headers to the request.
-func (c *ResourcePoliciesListCall) Header() http.Header {
-	if c.header_ == nil {
-		c.header_ = make(http.Header)
-	}
-	return c.header_
-}
-
-func (c *ResourcePoliciesListCall) doRequest(alt string) (*http.Response, error) {
-	reqHeaders := make(http.Header)
-	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version)
-	for k, v := range c.header_ {
-		reqHeaders[k] = v
-	}
-	reqHeaders.Set("User-Agent", c.s.userAgent())
-	if c.ifNoneMatch_ != "" {
-		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
-	}
-	var body io.Reader = nil
-	c.urlParams_.Set("alt", alt)
-	c.urlParams_.Set("prettyPrint", "false")
-	urls := googleapi.ResolveRelative(c.s.BasePath, "projects/{project}/regions/{region}/resourcePolicies")
-	urls += "?" + c.urlParams_.Encode()
-	req, err := http.NewRequest("GET", urls, body)
-	if err != nil {
-		return nil, err
-	}
-	req.Header = reqHeaders
-	googleapi.Expand(req.URL, map[string]string{
-		"project": c.project,
-		"region":  c.region,
-	})
-	return gensupport.SendRequest(c.ctx_, c.s.client, req)
-}
-
-// Do executes the "compute.resourcePolicies.list" call.
-// Exactly one of *ResourcePolicyList or error will be non-nil. Any
-// non-2xx status code is an error. Response headers are in either
-// *ResourcePolicyList.ServerResponse.Header or (if a response was
-// returned at all) in error.(*googleapi.Error).Header. Use
-// googleapi.IsNotModified to check whether the returned error was
-// because http.StatusNotModified was returned.
-func (c *ResourcePoliciesListCall) Do(opts ...googleapi.CallOption) (*ResourcePolicyList, error) {
-	gensupport.SetOptions(c.urlParams_, opts...)
-	res, err := c.doRequest("json")
-	if res != nil && res.StatusCode == http.StatusNotModified {
-		if res.Body != nil {
-			res.Body.Close()
-		}
-		return nil, gensupport.WrapError(&googleapi.Error{
-			Code:   res.StatusCode,
-			Header: res.Header,
-		})
-	}
-	if err != nil {
-		return nil, err
-	}
-	defer googleapi.CloseBody(res)
-	if err := googleapi.CheckResponse(res); err != nil {
-		return nil, gensupport.WrapError(err)
-	}
-	ret := &ResourcePolicyList{
-		ServerResponse: googleapi.ServerResponse{
-			Header:         res.Header,
-			HTTPStatusCode: res.StatusCode,
-		},
-	}
-	target := &ret
-	if err := gensupport.DecodeResponse(target, res); err != nil {
-		return nil, err
-	}
-	return ret, nil
-	// {
-	//   "description": "A list all the resource policies that have been configured for the specified project in specified region.",
-	//   "flatPath": "projects/{project}/regions/{region}/resourcePolicies",
-	//   "httpMethod": "GET",
-	//   "id": "compute.resourcePolicies.list",
-	//   "parameterOrder": [
-	//     "project",
-	//     "region"
-	//   ],
-	//   "parameters": {
-	//     "filter": {
-	//       "description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `\u003e`, `\u003c`, `\u003c=`, `\u003e=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:` operator can be used with string fields to match substrings. For non-string fields it is equivalent to the `=` operator. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "maxResults": {
-	//       "default": "500",
-	//       "description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
-	//       "format": "uint32",
-	//       "location": "query",
-	//       "minimum": "0",
-	//       "type": "integer"
-	//     },
-	//     "orderBy": {
-	//       "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "pageToken": {
-	//       "description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
-	//       "location": "query",
-	//       "type": "string"
-	//     },
-	//     "project": {
-	//       "description": "Project ID for this request.",
-	//       "location": "path",
-	//       "pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-	//       "required": true,
-	//       "type": "string"
 	//     },
-	//     "region": {
-	//       "description": "Name of the region for this request.",
+	//     "resourcePolicy": {
+	//       "description": "Id of the resource policy to patch.",
 	//       "location": "path",
-	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+	//       "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 	//       "required": true,
 	//       "type": "string"
 	//     },
-	//     "returnPartialSuccess": {
-	//       "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.",
+	//     "updateMask": {
+	//       "description": "update_mask indicates fields to be updated as part of this request.",
+	//       "format": "google-fieldmask",
 	//       "location": "query",
-	//       "type": "boolean"
+	//       "type": "string"
 	//     }
 	//   },
-	//   "path": "projects/{project}/regions/{region}/resourcePolicies",
+	//   "path": "projects/{project}/regions/{region}/resourcePolicies/{resourcePolicy}",
+	//   "request": {
+	//     "$ref": "ResourcePolicy"
+	//   },
 	//   "response": {
-	//     "$ref": "ResourcePolicyList"
+	//     "$ref": "Operation"
 	//   },
 	//   "scopes": [
 	//     "https://www.googleapis.com/auth/cloud-platform",
-	//     "https://www.googleapis.com/auth/compute",
-	//     "https://www.googleapis.com/auth/compute.readonly"
+	//     "https://www.googleapis.com/auth/compute"
 	//   ]
 	// }
 
 }
 
-// Pages invokes f for each page of results.
-// A non-nil error returned from f will halt the iteration.
-// The provided context supersedes any context provided to the Context method.
-func (c *ResourcePoliciesListCall) Pages(ctx context.Context, f func(*ResourcePolicyList) error) error {
-	c.ctx_ = ctx
-	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
-	for {
-		x, err := c.Do()
-		if err != nil {
-			return err
-		}
-		if err := f(x); err != nil {
-			return err
-		}
-		if x.NextPageToken == "" {
-			return nil
-		}
-		c.PageToken(x.NextPageToken)
-	}
-}
-
 // method id "compute.resourcePolicies.setIamPolicy":
 
 type ResourcePoliciesSetIamPolicyCall struct {
@@ -167014,8 +171808,7 @@ type RoutersGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified Router resource. Gets a list of available
-// routers by making a list() request.
+// Get: Returns the specified Router resource.
 //
 // - project: Project ID for this request.
 // - region: Name of the region for this request.
@@ -167129,7 +171922,7 @@ func (c *RoutersGetCall) Do(opts ...googleapi.CallOption) (*Router, error) {
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified Router resource. Gets a list of available routers by making a list() request.",
+	//   "description": "Returns the specified Router resource.",
 	//   "flatPath": "projects/{project}/regions/{region}/routers/{router}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.routers.get",
@@ -167253,6 +172046,15 @@ func (c *RoutersGetNatMappingInfoCall) MaxResults(maxResults int64) *RoutersGetN
 	return c
 }
 
+// NatName sets the optional parameter "natName": Name of the nat
+// service to filter the Nat Mapping information. If it is omitted, all
+// nats for this router will be returned. Name should conform to
+// RFC1035.
+func (c *RoutersGetNatMappingInfoCall) NatName(natName string) *RoutersGetNatMappingInfoCall {
+	c.urlParams_.Set("natName", natName)
+	return c
+}
+
 // OrderBy sets the optional parameter "orderBy": Sorts list results by
 // a certain order. By default, results are returned in alphanumerical
 // order based on the resource name. You can also sort results in
@@ -167408,6 +172210,11 @@ func (c *RoutersGetNatMappingInfoCall) Do(opts ...googleapi.CallOption) (*VmEndp
 	//       "minimum": "0",
 	//       "type": "integer"
 	//     },
+	//     "natName": {
+	//       "description": "Name of the nat service to filter the Nat Mapping information. If it is omitted, all nats for this router will be returned. Name should conform to RFC1035.",
+	//       "location": "query",
+	//       "type": "string"
+	//     },
 	//     "orderBy": {
 	//       "description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
 	//       "location": "query",
@@ -168851,8 +173658,7 @@ type RoutesGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified Route resource. Gets a list of available
-// routes by making a list() request.
+// Get: Returns the specified Route resource.
 //
 // - project: Project ID for this request.
 // - route: Name of the Route resource to return.
@@ -168963,7 +173769,7 @@ func (c *RoutesGetCall) Do(opts ...googleapi.CallOption) (*Route, error) {
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified Route resource. Gets a list of available routes by making a list() request.",
+	//   "description": "Returns the specified Route resource.",
 	//   "flatPath": "projects/{project}/global/routes/{route}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.routes.get",
@@ -171143,7 +175949,7 @@ type SecurityPoliciesPatchCall struct {
 }
 
 // Patch: Patches the specified policy with the data included in the
-// request. To clear fields in the rule, leave the fields empty and
+// request. To clear fields in the policy, leave the fields empty and
 // specify them in the updateMask. This cannot be used to be update the
 // rules in the policy. Please use the per rule methods like addRule,
 // patchRule, and removeRule instead.
@@ -171266,7 +176072,7 @@ func (c *SecurityPoliciesPatchCall) Do(opts ...googleapi.CallOption) (*Operation
 	}
 	return ret, nil
 	// {
-	//   "description": "Patches the specified policy with the data included in the request. To clear fields in the rule, leave the fields empty and specify them in the updateMask. This cannot be used to be update the rules in the policy. Please use the per rule methods like addRule, patchRule, and removeRule instead.",
+	//   "description": "Patches the specified policy with the data included in the request. To clear fields in the policy, leave the fields empty and specify them in the updateMask. This cannot be used to be update the rules in the policy. Please use the per rule methods like addRule, patchRule, and removeRule instead.",
 	//   "flatPath": "projects/{project}/global/securityPolicies/{securityPolicy}",
 	//   "httpMethod": "PATCH",
 	//   "id": "compute.securityPolicies.patch",
@@ -171322,7 +176128,9 @@ type SecurityPoliciesPatchRuleCall struct {
 	header_            http.Header
 }
 
-// PatchRule: Patches a rule at the specified priority.
+// PatchRule: Patches a rule at the specified priority. To clear fields
+// in the rule, leave the fields empty and specify them in the
+// updateMask.
 //
 // - project: Project ID for this request.
 // - securityPolicy: Name of the security policy to update.
@@ -171440,7 +176248,7 @@ func (c *SecurityPoliciesPatchRuleCall) Do(opts ...googleapi.CallOption) (*Opera
 	}
 	return ret, nil
 	// {
-	//   "description": "Patches a rule at the specified priority.",
+	//   "description": "Patches a rule at the specified priority. To clear fields in the rule, leave the fields empty and specify them in the updateMask.",
 	//   "flatPath": "projects/{project}/global/securityPolicies/{securityPolicy}/patchRule",
 	//   "httpMethod": "POST",
 	//   "id": "compute.securityPolicies.patchRule",
@@ -173820,8 +178628,7 @@ type SnapshotsGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified Snapshot resource. Gets a list of
-// available snapshots by making a list() request.
+// Get: Returns the specified Snapshot resource.
 //
 // - project: Project ID for this request.
 // - snapshot: Name of the Snapshot resource to return.
@@ -173932,7 +178739,7 @@ func (c *SnapshotsGetCall) Do(opts ...googleapi.CallOption) (*Snapshot, error) {
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified Snapshot resource. Gets a list of available snapshots by making a list() request.",
+	//   "description": "Returns the specified Snapshot resource.",
 	//   "flatPath": "projects/{project}/global/snapshots/{snapshot}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.snapshots.get",
@@ -175536,8 +180343,7 @@ type SslCertificatesGetCall struct {
 	header_        http.Header
 }
 
-// Get: Returns the specified SslCertificate resource. Gets a list of
-// available SSL certificates by making a list() request.
+// Get: Returns the specified SslCertificate resource.
 //
 // - project: Project ID for this request.
 // - sslCertificate: Name of the SslCertificate resource to return.
@@ -175648,7 +180454,7 @@ func (c *SslCertificatesGetCall) Do(opts ...googleapi.CallOption) (*SslCertifica
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified SslCertificate resource. Gets a list of available SSL certificates by making a list() request.",
+	//   "description": "Returns the specified SslCertificate resource.",
 	//   "flatPath": "projects/{project}/global/sslCertificates/{sslCertificate}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.sslCertificates.get",
@@ -176768,8 +181574,7 @@ type SslPoliciesInsertCall struct {
 	header_    http.Header
 }
 
-// Insert: Returns the specified SSL policy resource. Gets a list of
-// available SSL policies by making a list() request.
+// Insert: Returns the specified SSL policy resource.
 //
 // - project: Project ID for this request.
 func (r *SslPoliciesService) Insert(project string, sslpolicy *SslPolicy) *SslPoliciesInsertCall {
@@ -176886,7 +181691,7 @@ func (c *SslPoliciesInsertCall) Do(opts ...googleapi.CallOption) (*Operation, er
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified SSL policy resource. Gets a list of available SSL policies by making a list() request.",
+	//   "description": "Returns the specified SSL policy resource.",
 	//   "flatPath": "projects/{project}/global/sslPolicies",
 	//   "httpMethod": "POST",
 	//   "id": "compute.sslPolicies.insert",
@@ -178317,8 +183122,7 @@ type SubnetworksGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified subnetwork. Gets a list of available
-// subnetworks list() request.
+// Get: Returns the specified subnetwork.
 //
 // - project: Project ID for this request.
 // - region: Name of the region scoping this request.
@@ -178432,7 +183236,7 @@ func (c *SubnetworksGetCall) Do(opts ...googleapi.CallOption) (*Subnetwork, erro
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified subnetwork. Gets a list of available subnetworks list() request.",
+	//   "description": "Returns the specified subnetwork.",
 	//   "flatPath": "projects/{project}/regions/{region}/subnetworks/{subnetwork}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.subnetworks.get",
@@ -181576,8 +186380,7 @@ type TargetHttpProxiesGetCall struct {
 	header_         http.Header
 }
 
-// Get: Returns the specified TargetHttpProxy resource. Gets a list of
-// available target HTTP proxies by making a list() request.
+// Get: Returns the specified TargetHttpProxy resource.
 //
 // - project: Project ID for this request.
 // - targetHttpProxy: Name of the TargetHttpProxy resource to return.
@@ -181688,7 +186491,7 @@ func (c *TargetHttpProxiesGetCall) Do(opts ...googleapi.CallOption) (*TargetHttp
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified TargetHttpProxy resource. Gets a list of available target HTTP proxies by making a list() request.",
+	//   "description": "Returns the specified TargetHttpProxy resource.",
 	//   "flatPath": "projects/{project}/global/targetHttpProxies/{targetHttpProxy}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.targetHttpProxies.get",
@@ -183000,8 +187803,7 @@ type TargetHttpsProxiesGetCall struct {
 	header_          http.Header
 }
 
-// Get: Returns the specified TargetHttpsProxy resource. Gets a list of
-// available target HTTPS proxies by making a list() request.
+// Get: Returns the specified TargetHttpsProxy resource.
 //
 // - project: Project ID for this request.
 // - targetHttpsProxy: Name of the TargetHttpsProxy resource to return.
@@ -183112,7 +187914,7 @@ func (c *TargetHttpsProxiesGetCall) Do(opts ...googleapi.CallOption) (*TargetHtt
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified TargetHttpsProxy resource. Gets a list of available target HTTPS proxies by making a list() request.",
+	//   "description": "Returns the specified TargetHttpsProxy resource.",
 	//   "flatPath": "projects/{project}/global/targetHttpsProxies/{targetHttpsProxy}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.targetHttpsProxies.get",
@@ -185148,8 +189950,7 @@ type TargetInstancesGetCall struct {
 	header_        http.Header
 }
 
-// Get: Returns the specified TargetInstance resource. Gets a list of
-// available target instances by making a list() request.
+// Get: Returns the specified TargetInstance resource.
 //
 // - project: Project ID for this request.
 // - targetInstance: Name of the TargetInstance resource to return.
@@ -185263,7 +190064,7 @@ func (c *TargetInstancesGetCall) Do(opts ...googleapi.CallOption) (*TargetInstan
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified TargetInstance resource. Gets a list of available target instances by making a list() request.",
+	//   "description": "Returns the specified TargetInstance resource.",
 	//   "flatPath": "projects/{project}/zones/{zone}/targetInstances/{targetInstance}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.targetInstances.get",
@@ -186641,8 +191442,7 @@ type TargetPoolsGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified target pool. Gets a list of available
-// target pools by making a list() request.
+// Get: Returns the specified target pool.
 //
 // - project: Project ID for this request.
 // - region: Name of the region scoping this request.
@@ -186756,7 +191556,7 @@ func (c *TargetPoolsGetCall) Do(opts ...googleapi.CallOption) (*TargetPool, erro
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified target pool. Gets a list of available target pools by making a list() request.",
+	//   "description": "Returns the specified target pool.",
 	//   "flatPath": "projects/{project}/regions/{region}/targetPools/{targetPool}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.targetPools.get",
@@ -188197,8 +192997,7 @@ type TargetSslProxiesGetCall struct {
 	header_        http.Header
 }
 
-// Get: Returns the specified TargetSslProxy resource. Gets a list of
-// available target SSL proxies by making a list() request.
+// Get: Returns the specified TargetSslProxy resource.
 //
 // - project: Project ID for this request.
 // - targetSslProxy: Name of the TargetSslProxy resource to return.
@@ -188309,7 +193108,7 @@ func (c *TargetSslProxiesGetCall) Do(opts ...googleapi.CallOption) (*TargetSslPr
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified TargetSslProxy resource. Gets a list of available target SSL proxies by making a list() request.",
+	//   "description": "Returns the specified TargetSslProxy resource.",
 	//   "flatPath": "projects/{project}/global/targetSslProxies/{targetSslProxy}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.targetSslProxies.get",
@@ -190155,8 +194954,7 @@ type TargetTcpProxiesGetCall struct {
 	header_        http.Header
 }
 
-// Get: Returns the specified TargetTcpProxy resource. Gets a list of
-// available target TCP proxies by making a list() request.
+// Get: Returns the specified TargetTcpProxy resource.
 //
 // - project: Project ID for this request.
 // - targetTcpProxy: Name of the TargetTcpProxy resource to return.
@@ -190267,7 +195065,7 @@ func (c *TargetTcpProxiesGetCall) Do(opts ...googleapi.CallOption) (*TargetTcpPr
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified TargetTcpProxy resource. Gets a list of available target TCP proxies by making a list() request.",
+	//   "description": "Returns the specified TargetTcpProxy resource.",
 	//   "flatPath": "projects/{project}/global/targetTcpProxies/{targetTcpProxy}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.targetTcpProxies.get",
@@ -191591,8 +196389,7 @@ type TargetVpnGatewaysGetCall struct {
 	header_          http.Header
 }
 
-// Get: Returns the specified target VPN gateway. Gets a list of
-// available target VPN gateways by making a list() request.
+// Get: Returns the specified target VPN gateway.
 //
 // - project: Project ID for this request.
 // - region: Name of the region for this request.
@@ -191706,7 +196503,7 @@ func (c *TargetVpnGatewaysGetCall) Do(opts ...googleapi.CallOption) (*TargetVpnG
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified target VPN gateway. Gets a list of available target VPN gateways by making a list() request.",
+	//   "description": "Returns the specified target VPN gateway.",
 	//   "flatPath": "projects/{project}/regions/{region}/targetVpnGateways/{targetVpnGateway}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.targetVpnGateways.get",
@@ -192885,8 +197682,7 @@ type UrlMapsGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified UrlMap resource. Gets a list of available
-// URL maps by making a list() request.
+// Get: Returns the specified UrlMap resource.
 //
 // - project: Project ID for this request.
 // - urlMap: Name of the UrlMap resource to return.
@@ -192997,7 +197793,7 @@ func (c *UrlMapsGetCall) Do(opts ...googleapi.CallOption) (*UrlMap, error) {
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified UrlMap resource. Gets a list of available URL maps by making a list() request.",
+	//   "description": "Returns the specified UrlMap resource.",
 	//   "flatPath": "projects/{project}/global/urlMaps/{urlMap}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.urlMaps.get",
@@ -194658,8 +199454,7 @@ type VpnGatewaysGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified VPN gateway. Gets a list of available VPN
-// gateways by making a list() request.
+// Get: Returns the specified VPN gateway.
 //
 // - project: Project ID for this request.
 // - region: Name of the region for this request.
@@ -194773,7 +199568,7 @@ func (c *VpnGatewaysGetCall) Do(opts ...googleapi.CallOption) (*VpnGateway, erro
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified VPN gateway. Gets a list of available VPN gateways by making a list() request.",
+	//   "description": "Returns the specified VPN gateway.",
 	//   "flatPath": "projects/{project}/regions/{region}/vpnGateways/{vpnGateway}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.vpnGateways.get",
@@ -196305,8 +201100,7 @@ type VpnTunnelsGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified VpnTunnel resource. Gets a list of
-// available VPN tunnels by making a list() request.
+// Get: Returns the specified VpnTunnel resource.
 //
 // - project: Project ID for this request.
 // - region: Name of the region for this request.
@@ -196420,7 +201214,7 @@ func (c *VpnTunnelsGetCall) Do(opts ...googleapi.CallOption) (*VpnTunnel, error)
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified VpnTunnel resource. Gets a list of available VPN tunnels by making a list() request.",
+	//   "description": "Returns the specified VpnTunnel resource.",
 	//   "flatPath": "projects/{project}/regions/{region}/vpnTunnels/{vpnTunnel}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.vpnTunnels.get",
@@ -197896,8 +202690,7 @@ type ZonesGetCall struct {
 	header_      http.Header
 }
 
-// Get: Returns the specified Zone resource. Gets a list of available
-// zones by making a list() request.
+// Get: Returns the specified Zone resource.
 //
 // - project: Project ID for this request.
 // - zone: Name of the zone resource to return.
@@ -198008,7 +202801,7 @@ func (c *ZonesGetCall) Do(opts ...googleapi.CallOption) (*Zone, error) {
 	}
 	return ret, nil
 	// {
-	//   "description": "Returns the specified Zone resource. Gets a list of available zones by making a list() request.",
+	//   "description": "Returns the specified Zone resource.",
 	//   "flatPath": "projects/{project}/zones/{zone}",
 	//   "httpMethod": "GET",
 	//   "id": "compute.zones.get",
diff --git a/vendor/google.golang.org/api/googleapi/googleapi.go b/vendor/google.golang.org/api/googleapi/googleapi.go
index b328a7976..b5e38c662 100644
--- a/vendor/google.golang.org/api/googleapi/googleapi.go
+++ b/vendor/google.golang.org/api/googleapi/googleapi.go
@@ -11,7 +11,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"net/url"
 	"strings"
@@ -144,7 +143,7 @@ func CheckResponse(res *http.Response) error {
 	if res.StatusCode >= 200 && res.StatusCode <= 299 {
 		return nil
 	}
-	slurp, err := ioutil.ReadAll(res.Body)
+	slurp, err := io.ReadAll(res.Body)
 	if err == nil {
 		jerr := new(errorReply)
 		err = json.Unmarshal(slurp, jerr)
@@ -184,7 +183,7 @@ func CheckMediaResponse(res *http.Response) error {
 	if res.StatusCode >= 200 && res.StatusCode <= 299 {
 		return nil
 	}
-	slurp, _ := ioutil.ReadAll(io.LimitReader(res.Body, 1<<20))
+	slurp, _ := io.ReadAll(io.LimitReader(res.Body, 1<<20))
 	return &Error{
 		Code:   res.StatusCode,
 		Body:   string(slurp),
diff --git a/vendor/google.golang.org/api/internal/cba.go b/vendor/google.golang.org/api/internal/cba.go
new file mode 100644
index 000000000..cecbb9ba1
--- /dev/null
+++ b/vendor/google.golang.org/api/internal/cba.go
@@ -0,0 +1,282 @@
+// Copyright 2020 Google LLC.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// cba.go (certificate-based access) contains utils for implementing Device Certificate
+// Authentication according to https://google.aip.dev/auth/4114 and Default Credentials
+// for Google Cloud Virtual Environments according to https://google.aip.dev/auth/4115.
+//
+// The overall logic for DCA is as follows:
+//  1. If both endpoint override and client certificate are specified, use them as is.
+//  2. If user does not specify client certificate, we will attempt to use default
+//     client certificate.
+//  3. If user does not specify endpoint override, we will use defaultMtlsEndpoint if
+//     client certificate is available and defaultEndpoint otherwise.
+//
+// Implications of the above logic:
+//  1. If the user specifies a non-mTLS endpoint override but client certificate is
+//     available, we will pass along the cert anyway and let the server decide what to do.
+//  2. If the user specifies an mTLS endpoint override but client certificate is not
+//     available, we will not fail-fast, but let backend throw error when connecting.
+//
+// If running within Google's cloud environment, and client certificate is not specified
+// and not available through DCA, we will try mTLS with credentials held by
+// the Secure Session Agent, which is part of Google's cloud infrastructure.
+//
+// We would like to avoid introducing client-side logic that parses whether the
+// endpoint override is an mTLS url, since the url pattern may change at anytime.
+//
+// This package is not intended for use by end developers. Use the
+// google.golang.org/api/option package to configure API clients.
+
+// Package internal supports the options and transport packages.
+package internal
+
+import (
+	"context"
+	"crypto/tls"
+	"net"
+	"net/url"
+	"os"
+	"strings"
+
+	"github.com/google/s2a-go"
+	"github.com/google/s2a-go/fallback"
+	"google.golang.org/api/internal/cert"
+	"google.golang.org/grpc/credentials"
+)
+
+const (
+	mTLSModeAlways = "always"
+	mTLSModeNever  = "never"
+	mTLSModeAuto   = "auto"
+
+	// Experimental: if true, the code will try MTLS with S2A as the default for transport security. Default value is false.
+	googleAPIUseS2AEnv = "EXPERIMENTAL_GOOGLE_API_USE_S2A"
+)
+
+// getClientCertificateSourceAndEndpoint is a convenience function that invokes
+// getClientCertificateSource and getEndpoint sequentially and returns the client
+// cert source and endpoint as a tuple.
+func getClientCertificateSourceAndEndpoint(settings *DialSettings) (cert.Source, string, error) {
+	clientCertSource, err := getClientCertificateSource(settings)
+	if err != nil {
+		return nil, "", err
+	}
+	endpoint, err := getEndpoint(settings, clientCertSource)
+	if err != nil {
+		return nil, "", err
+	}
+	return clientCertSource, endpoint, nil
+}
+
+type transportConfig struct {
+	clientCertSource cert.Source // The client certificate source.
+	endpoint         string      // The corresponding endpoint to use based on client certificate source.
+	s2aAddress       string      // The S2A address if it can be used, otherwise an empty string.
+	s2aMTLSEndpoint  string      // The MTLS endpoint to use with S2A.
+}
+
+func getTransportConfig(settings *DialSettings) (*transportConfig, error) {
+	clientCertSource, endpoint, err := getClientCertificateSourceAndEndpoint(settings)
+	if err != nil {
+		return &transportConfig{
+			clientCertSource: nil, endpoint: "", s2aAddress: "", s2aMTLSEndpoint: "",
+		}, err
+	}
+	defaultTransportConfig := transportConfig{
+		clientCertSource: clientCertSource,
+		endpoint:         endpoint,
+		s2aAddress:       "",
+		s2aMTLSEndpoint:  "",
+	}
+
+	// Check the env to determine whether to use S2A.
+	if !isGoogleS2AEnabled() {
+		return &defaultTransportConfig, nil
+	}
+
+	// If client cert is found, use that over S2A.
+	// If MTLS is not enabled for the endpoint, skip S2A.
+	if clientCertSource != nil || !mtlsEndpointEnabledForS2A() {
+		return &defaultTransportConfig, nil
+	}
+	s2aMTLSEndpoint := settings.DefaultMTLSEndpoint
+	// If there is endpoint override, honor it.
+	if settings.Endpoint != "" {
+		s2aMTLSEndpoint = endpoint
+	}
+	s2aAddress := GetS2AAddress()
+	if s2aAddress == "" {
+		return &defaultTransportConfig, nil
+	}
+	return &transportConfig{
+		clientCertSource: clientCertSource,
+		endpoint:         endpoint,
+		s2aAddress:       s2aAddress,
+		s2aMTLSEndpoint:  s2aMTLSEndpoint,
+	}, nil
+}
+
+func isGoogleS2AEnabled() bool {
+	return strings.ToLower(os.Getenv(googleAPIUseS2AEnv)) == "true"
+}
+
+// getClientCertificateSource returns a default client certificate source, if
+// not provided by the user.
+//
+// A nil default source can be returned if the source does not exist. Any exceptions
+// encountered while initializing the default source will be reported as client
+// error (ex. corrupt metadata file).
+//
+// Important Note: For now, the environment variable GOOGLE_API_USE_CLIENT_CERTIFICATE
+// must be set to "true" to allow certificate to be used (including user provided
+// certificates). For details, see AIP-4114.
+func getClientCertificateSource(settings *DialSettings) (cert.Source, error) {
+	if !isClientCertificateEnabled() {
+		return nil, nil
+	} else if settings.ClientCertSource != nil {
+		return settings.ClientCertSource, nil
+	} else {
+		return cert.DefaultSource()
+	}
+}
+
+func isClientCertificateEnabled() bool {
+	useClientCert := os.Getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE")
+	// TODO(andyrzhao): Update default to return "true" after DCA feature is fully released.
+	return strings.ToLower(useClientCert) == "true"
+}
+
+// getEndpoint returns the endpoint for the service, taking into account the
+// user-provided endpoint override "settings.Endpoint".
+//
+// If no endpoint override is specified, we will either return the default endpoint or
+// the default mTLS endpoint if a client certificate is available.
+//
+// You can override the default endpoint choice (mtls vs. regular) by setting the
+// GOOGLE_API_USE_MTLS_ENDPOINT environment variable.
+//
+// If the endpoint override is an address (host:port) rather than full base
+// URL (ex. https://...), then the user-provided address will be merged into
+// the default endpoint. For example, WithEndpoint("myhost:8000") and
+// WithDefaultEndpoint("https://foo.com/bar/baz") will return "https://myhost:8080/bar/baz"
+func getEndpoint(settings *DialSettings, clientCertSource cert.Source) (string, error) {
+	if settings.Endpoint == "" {
+		mtlsMode := getMTLSMode()
+		if mtlsMode == mTLSModeAlways || (clientCertSource != nil && mtlsMode == mTLSModeAuto) {
+			return settings.DefaultMTLSEndpoint, nil
+		}
+		return settings.DefaultEndpoint, nil
+	}
+	if strings.Contains(settings.Endpoint, "://") {
+		// User passed in a full URL path, use it verbatim.
+		return settings.Endpoint, nil
+	}
+	if settings.DefaultEndpoint == "" {
+		// If DefaultEndpoint is not configured, use the user provided endpoint verbatim.
+		// This allows a naked "host[:port]" URL to be used with GRPC Direct Path.
+		return settings.Endpoint, nil
+	}
+
+	// Assume user-provided endpoint is host[:port], merge it with the default endpoint.
+	return mergeEndpoints(settings.DefaultEndpoint, settings.Endpoint)
+}
+
+func getMTLSMode() string {
+	mode := os.Getenv("GOOGLE_API_USE_MTLS_ENDPOINT")
+	if mode == "" {
+		mode = os.Getenv("GOOGLE_API_USE_MTLS") // Deprecated.
+	}
+	if mode == "" {
+		return mTLSModeAuto
+	}
+	return strings.ToLower(mode)
+}
+
+func mergeEndpoints(baseURL, newHost string) (string, error) {
+	u, err := url.Parse(fixScheme(baseURL))
+	if err != nil {
+		return "", err
+	}
+	return strings.Replace(baseURL, u.Host, newHost, 1), nil
+}
+
+func fixScheme(baseURL string) string {
+	if !strings.Contains(baseURL, "://") {
+		return "https://" + baseURL
+	}
+	return baseURL
+}
+
+// GetGRPCTransportConfigAndEndpoint returns an instance of credentials.TransportCredentials, and the
+// corresponding endpoint to use for GRPC client.
+func GetGRPCTransportConfigAndEndpoint(settings *DialSettings) (credentials.TransportCredentials, string, error) {
+	config, err := getTransportConfig(settings)
+	if err != nil {
+		return nil, "", err
+	}
+
+	defaultTransportCreds := credentials.NewTLS(&tls.Config{
+		GetClientCertificate: config.clientCertSource,
+	})
+	if config.s2aAddress == "" {
+		return defaultTransportCreds, config.endpoint, nil
+	}
+
+	var fallbackOpts *s2a.FallbackOptions
+	// In case of S2A failure, fall back to the endpoint that would've been used without S2A.
+	if fallbackHandshake, err := fallback.DefaultFallbackClientHandshakeFunc(config.endpoint); err == nil {
+		fallbackOpts = &s2a.FallbackOptions{
+			FallbackClientHandshakeFunc: fallbackHandshake,
+		}
+	}
+
+	s2aTransportCreds, err := s2a.NewClientCreds(&s2a.ClientOptions{
+		S2AAddress:   config.s2aAddress,
+		FallbackOpts: fallbackOpts,
+	})
+	if err != nil {
+		// Use default if we cannot initialize S2A client transport credentials.
+		return defaultTransportCreds, config.endpoint, nil
+	}
+	return s2aTransportCreds, config.s2aMTLSEndpoint, nil
+}
+
+// GetHTTPTransportConfigAndEndpoint returns a client certificate source, a function for dialing MTLS with S2A,
+// and the endpoint to use for HTTP client.
+func GetHTTPTransportConfigAndEndpoint(settings *DialSettings) (cert.Source, func(context.Context, string, string) (net.Conn, error), string, error) {
+	config, err := getTransportConfig(settings)
+	if err != nil {
+		return nil, nil, "", err
+	}
+
+	if config.s2aAddress == "" {
+		return config.clientCertSource, nil, config.endpoint, nil
+	}
+
+	var fallbackOpts *s2a.FallbackOptions
+	// In case of S2A failure, fall back to the endpoint that would've been used without S2A.
+	if fallbackURL, err := url.Parse(config.endpoint); err == nil {
+		if fallbackDialer, fallbackServerAddr, err := fallback.DefaultFallbackDialerAndAddress(fallbackURL.Hostname()); err == nil {
+			fallbackOpts = &s2a.FallbackOptions{
+				FallbackDialer: &s2a.FallbackDialer{
+					Dialer:     fallbackDialer,
+					ServerAddr: fallbackServerAddr,
+				},
+			}
+		}
+	}
+
+	dialTLSContextFunc := s2a.NewS2ADialTLSContextFunc(&s2a.ClientOptions{
+		S2AAddress:   config.s2aAddress,
+		FallbackOpts: fallbackOpts,
+	})
+	return nil, dialTLSContextFunc, config.s2aMTLSEndpoint, nil
+}
+
+// mtlsEndpointEnabledForS2A checks if the endpoint is indeed MTLS-enabled, so that we can use S2A for MTLS connection.
+var mtlsEndpointEnabledForS2A = func() bool {
+	// TODO(xmenxk): determine this via discovery config.
+	return true
+}
diff --git a/vendor/google.golang.org/api/transport/cert/default_cert.go b/vendor/google.golang.org/api/internal/cert/default_cert.go
similarity index 100%
rename from vendor/google.golang.org/api/transport/cert/default_cert.go
rename to vendor/google.golang.org/api/internal/cert/default_cert.go
diff --git a/vendor/google.golang.org/api/transport/cert/enterprise_cert.go b/vendor/google.golang.org/api/internal/cert/enterprise_cert.go
similarity index 100%
rename from vendor/google.golang.org/api/transport/cert/enterprise_cert.go
rename to vendor/google.golang.org/api/internal/cert/enterprise_cert.go
diff --git a/vendor/google.golang.org/api/transport/cert/secureconnect_cert.go b/vendor/google.golang.org/api/internal/cert/secureconnect_cert.go
similarity index 98%
rename from vendor/google.golang.org/api/transport/cert/secureconnect_cert.go
rename to vendor/google.golang.org/api/internal/cert/secureconnect_cert.go
index 5913cab80..afd79ffe2 100644
--- a/vendor/google.golang.org/api/transport/cert/secureconnect_cert.go
+++ b/vendor/google.golang.org/api/internal/cert/secureconnect_cert.go
@@ -18,7 +18,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"os/user"
@@ -59,7 +58,7 @@ func NewSecureConnectSource(configFilePath string) (Source, error) {
 		configFilePath = filepath.Join(user.HomeDir, metadataPath, metadataFile)
 	}
 
-	file, err := ioutil.ReadFile(configFilePath)
+	file, err := os.ReadFile(configFilePath)
 	if err != nil {
 		if errors.Is(err, os.ErrNotExist) {
 			// Config file missing means Secure Connect is not supported.
diff --git a/vendor/google.golang.org/api/internal/creds.go b/vendor/google.golang.org/api/internal/creds.go
index 32d52413b..92b3acf6e 100644
--- a/vendor/google.golang.org/api/internal/creds.go
+++ b/vendor/google.golang.org/api/internal/creds.go
@@ -6,10 +6,14 @@ package internal
 
 import (
 	"context"
+	"crypto/tls"
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"net"
+	"net/http"
+	"os"
+	"time"
 
 	"golang.org/x/oauth2"
 	"google.golang.org/api/internal/impersonate"
@@ -17,6 +21,8 @@ import (
 	"golang.org/x/oauth2/google"
 )
 
+const quotaProjectEnvVar = "GOOGLE_CLOUD_QUOTA_PROJECT"
+
 // Creds returns credential information obtained from DialSettings, or if none, then
 // it returns default credential information.
 func Creds(ctx context.Context, ds *DialSettings) (*google.Credentials, error) {
@@ -41,7 +47,7 @@ func baseCreds(ctx context.Context, ds *DialSettings) (*google.Credentials, erro
 		return credentialsFromJSON(ctx, ds.CredentialsJSON, ds)
 	}
 	if ds.CredentialsFile != "" {
-		data, err := ioutil.ReadFile(ds.CredentialsFile)
+		data, err := os.ReadFile(ds.CredentialsFile)
 		if err != nil {
 			return nil, fmt.Errorf("cannot read credentials file: %v", err)
 		}
@@ -80,8 +86,25 @@ const (
 // - Otherwise, executes standard OAuth 2.0 flow
 // More details: google.aip.dev/auth/4111
 func credentialsFromJSON(ctx context.Context, data []byte, ds *DialSettings) (*google.Credentials, error) {
+	var params google.CredentialsParams
+	params.Scopes = ds.GetScopes()
+
+	// Determine configurations for the OAuth2 transport, which is separate from the API transport.
+	// The OAuth2 transport and endpoint will be configured for mTLS if applicable.
+	clientCertSource, oauth2Endpoint, err := getClientCertificateSourceAndEndpoint(oauth2DialSettings(ds))
+	if err != nil {
+		return nil, err
+	}
+	params.TokenURL = oauth2Endpoint
+	if clientCertSource != nil {
+		tlsConfig := &tls.Config{
+			GetClientCertificate: clientCertSource,
+		}
+		ctx = context.WithValue(ctx, oauth2.HTTPClient, customHTTPClient(tlsConfig))
+	}
+
 	// By default, a standard OAuth 2.0 token source is created
-	cred, err := google.CredentialsFromJSON(ctx, data, ds.GetScopes()...)
+	cred, err := google.CredentialsFromJSONWithParams(ctx, data, params)
 	if err != nil {
 		return nil, err
 	}
@@ -131,14 +154,22 @@ func selfSignedJWTTokenSource(data []byte, ds *DialSettings) (oauth2.TokenSource
 	}
 }
 
-// QuotaProjectFromCreds returns the quota project from the JSON blob in the provided credentials.
-//
-// NOTE(cbro): consider promoting this to a field on google.Credentials.
-func QuotaProjectFromCreds(cred *google.Credentials) string {
+// GetQuotaProject retrieves quota project with precedence being: client option,
+// environment variable, creds file.
+func GetQuotaProject(creds *google.Credentials, clientOpt string) string {
+	if clientOpt != "" {
+		return clientOpt
+	}
+	if env := os.Getenv(quotaProjectEnvVar); env != "" {
+		return env
+	}
+	if creds == nil {
+		return ""
+	}
 	var v struct {
 		QuotaProject string `json:"quota_project_id"`
 	}
-	if err := json.Unmarshal(cred.JSON, &v); err != nil {
+	if err := json.Unmarshal(creds.JSON, &v); err != nil {
 		return ""
 	}
 	return v.QuotaProject
@@ -157,3 +188,35 @@ func impersonateCredentials(ctx context.Context, creds *google.Credentials, ds *
 		ProjectID:   creds.ProjectID,
 	}, nil
 }
+
+// oauth2DialSettings returns the settings to be used by the OAuth2 transport, which is separate from the API transport.
+func oauth2DialSettings(ds *DialSettings) *DialSettings {
+	var ods DialSettings
+	ods.DefaultEndpoint = google.Endpoint.TokenURL
+	ods.DefaultMTLSEndpoint = google.MTLSTokenURL
+	ods.ClientCertSource = ds.ClientCertSource
+	return &ods
+}
+
+// customHTTPClient constructs an HTTPClient using the provided tlsConfig, to support mTLS.
+func customHTTPClient(tlsConfig *tls.Config) *http.Client {
+	trans := baseTransport()
+	trans.TLSClientConfig = tlsConfig
+	return &http.Client{Transport: trans}
+}
+
+func baseTransport() *http.Transport {
+	return &http.Transport{
+		Proxy: http.ProxyFromEnvironment,
+		DialContext: (&net.Dialer{
+			Timeout:   30 * time.Second,
+			KeepAlive: 30 * time.Second,
+			DualStack: true,
+		}).DialContext,
+		MaxIdleConns:          100,
+		MaxIdleConnsPerHost:   100,
+		IdleConnTimeout:       90 * time.Second,
+		TLSHandshakeTimeout:   10 * time.Second,
+		ExpectContinueTimeout: 1 * time.Second,
+	}
+}
diff --git a/vendor/google.golang.org/api/internal/gensupport/media.go b/vendor/google.golang.org/api/internal/gensupport/media.go
index 8356e7f27..c048a5708 100644
--- a/vendor/google.golang.org/api/internal/gensupport/media.go
+++ b/vendor/google.golang.org/api/internal/gensupport/media.go
@@ -8,7 +8,6 @@ import (
 	"bytes"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"mime"
 	"mime/multipart"
 	"net/http"
@@ -222,8 +221,8 @@ func (mi *MediaInfo) UploadRequest(reqHeaders http.Header, body io.Reader) (newB
 		toCleanup = append(toCleanup, combined)
 		if fb != nil && fm != nil {
 			getBody = func() (io.ReadCloser, error) {
-				rb := ioutil.NopCloser(fb())
-				rm := ioutil.NopCloser(fm())
+				rb := io.NopCloser(fb())
+				rm := io.NopCloser(fm())
 				var mimeBoundary string
 				if _, params, err := mime.ParseMediaType(ctype); err == nil {
 					mimeBoundary = params["boundary"]
@@ -243,7 +242,7 @@ func (mi *MediaInfo) UploadRequest(reqHeaders http.Header, body io.Reader) (newB
 		fb := readerFunc(body)
 		if fb != nil {
 			getBody = func() (io.ReadCloser, error) {
-				rb := ioutil.NopCloser(fb())
+				rb := io.NopCloser(fb())
 				toCleanup = append(toCleanup, rb)
 				return rb, nil
 			}
diff --git a/vendor/google.golang.org/api/internal/gensupport/resumable.go b/vendor/google.golang.org/api/internal/gensupport/resumable.go
index f168ea6d2..08e7aacef 100644
--- a/vendor/google.golang.org/api/internal/gensupport/resumable.go
+++ b/vendor/google.golang.org/api/internal/gensupport/resumable.go
@@ -43,8 +43,8 @@ type ResumableUpload struct {
 	// retries should happen.
 	ChunkRetryDeadline time.Duration
 
-	// Track current request invocation ID and attempt count for retry metric
-	// headers.
+	// Track current request invocation ID and attempt count for retry metrics
+	// and idempotency headers.
 	invocationID string
 	attempts     int
 }
@@ -81,10 +81,15 @@ func (rx *ResumableUpload) doUploadRequest(ctx context.Context, data io.Reader,
 	req.Header.Set("Content-Type", rx.MediaType)
 	req.Header.Set("User-Agent", rx.UserAgent)
 
+	// TODO(b/274504690): Consider dropping gccl-invocation-id key since it
+	// duplicates the X-Goog-Gcs-Idempotency-Token header (added in v0.115.0).
 	baseXGoogHeader := "gl-go/" + GoVersion() + " gdcl/" + internal.Version
 	invocationHeader := fmt.Sprintf("gccl-invocation-id/%s gccl-attempt-count/%d", rx.invocationID, rx.attempts)
 	req.Header.Set("X-Goog-Api-Client", strings.Join([]string{baseXGoogHeader, invocationHeader}, " "))
 
+	// Set idempotency token header which is used by GCS uploads.
+	req.Header.Set("X-Goog-Gcs-Idempotency-Token", rx.invocationID)
+
 	// Google's upload endpoint uses status code 308 for a
 	// different purpose than the "308 Permanent Redirect"
 	// since-standardized in RFC 7238. Because of the conflict in
diff --git a/vendor/google.golang.org/api/internal/gensupport/send.go b/vendor/google.golang.org/api/internal/gensupport/send.go
index 85c7bcbfd..f39dd00d9 100644
--- a/vendor/google.golang.org/api/internal/gensupport/send.go
+++ b/vendor/google.golang.org/api/internal/gensupport/send.go
@@ -15,6 +15,7 @@ import (
 
 	"github.com/google/uuid"
 	"github.com/googleapis/gax-go/v2"
+	"github.com/googleapis/gax-go/v2/callctx"
 )
 
 // Use this error type to return an error which allows introspection of both
@@ -43,6 +44,16 @@ func (e wrappedCallErr) Is(target error) bool {
 // req.WithContext, then calls any functions returned by the hooks in
 // reverse order.
 func SendRequest(ctx context.Context, client *http.Client, req *http.Request) (*http.Response, error) {
+	// Add headers set in context metadata.
+	if ctx != nil {
+		headers := callctx.HeadersFromContext(ctx)
+		for k, vals := range headers {
+			for _, v := range vals {
+				req.Header.Add(k, v)
+			}
+		}
+	}
+
 	// Disallow Accept-Encoding because it interferes with the automatic gzip handling
 	// done by the default http.Transport. See https://github.com/google/google-api-go-client/issues/219.
 	if _, ok := req.Header["Accept-Encoding"]; ok {
@@ -77,6 +88,16 @@ func send(ctx context.Context, client *http.Client, req *http.Request) (*http.Re
 // req.WithContext, then calls any functions returned by the hooks in
 // reverse order.
 func SendRequestWithRetry(ctx context.Context, client *http.Client, req *http.Request, retry *RetryConfig) (*http.Response, error) {
+	// Add headers set in context metadata.
+	if ctx != nil {
+		headers := callctx.HeadersFromContext(ctx)
+		for k, vals := range headers {
+			for _, v := range vals {
+				req.Header.Add(k, v)
+			}
+		}
+	}
+
 	// Disallow Accept-Encoding because it interferes with the automatic gzip handling
 	// done by the default http.Transport. See https://github.com/google/google-api-go-client/issues/219.
 	if _, ok := req.Header["Accept-Encoding"]; ok {
@@ -138,9 +159,14 @@ func sendAndRetry(ctx context.Context, client *http.Client, req *http.Request, r
 			}
 			return resp, ctx.Err()
 		}
+
+		// Set retry metrics and idempotency headers for GCS.
+		// TODO(b/274504690): Consider dropping gccl-invocation-id key since it
+		// duplicates the X-Goog-Gcs-Idempotency-Token header (added in v0.115.0).
 		invocationHeader := fmt.Sprintf("gccl-invocation-id/%s gccl-attempt-count/%d", invocationID, attempts)
 		xGoogHeader := strings.Join([]string{invocationHeader, baseXGoogHeader}, " ")
 		req.Header.Set("X-Goog-Api-Client", xGoogHeader)
+		req.Header.Set("X-Goog-Gcs-Idempotency-Token", invocationID)
 
 		resp, err = client.Do(req.WithContext(ctx))
 
diff --git a/vendor/google.golang.org/api/internal/impersonate/impersonate.go b/vendor/google.golang.org/api/internal/impersonate/impersonate.go
index b465bbcd1..4b2c775f2 100644
--- a/vendor/google.golang.org/api/internal/impersonate/impersonate.go
+++ b/vendor/google.golang.org/api/internal/impersonate/impersonate.go
@@ -11,7 +11,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"time"
 
@@ -105,7 +104,7 @@ func (i impersonatedTokenSource) Token() (*oauth2.Token, error) {
 		return nil, fmt.Errorf("impersonate: unable to generate access token: %v", err)
 	}
 	defer resp.Body.Close()
-	body, err := ioutil.ReadAll(io.LimitReader(resp.Body, 1<<20))
+	body, err := io.ReadAll(io.LimitReader(resp.Body, 1<<20))
 	if err != nil {
 		return nil, fmt.Errorf("impersonate: unable to read body: %v", err)
 	}
diff --git a/vendor/google.golang.org/api/internal/s2a.go b/vendor/google.golang.org/api/internal/s2a.go
new file mode 100644
index 000000000..c5b421f55
--- /dev/null
+++ b/vendor/google.golang.org/api/internal/s2a.go
@@ -0,0 +1,136 @@
+// Copyright 2023 Google LLC.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package internal
+
+import (
+	"encoding/json"
+	"log"
+	"sync"
+	"time"
+
+	"cloud.google.com/go/compute/metadata"
+)
+
+const configEndpointSuffix = "googleAutoMtlsConfiguration"
+
+// The period an MTLS config can be reused before needing refresh.
+var configExpiry = time.Hour
+
+// GetS2AAddress returns the S2A address to be reached via plaintext connection.
+func GetS2AAddress() string {
+	c, err := getMetadataMTLSAutoConfig().Config()
+	if err != nil {
+		return ""
+	}
+	if !c.Valid() {
+		return ""
+	}
+	return c.S2A.PlaintextAddress
+}
+
+type mtlsConfigSource interface {
+	Config() (*mtlsConfig, error)
+}
+
+// mdsMTLSAutoConfigSource is an instance of reuseMTLSConfigSource, with metadataMTLSAutoConfig as its config source.
+var (
+	mdsMTLSAutoConfigSource mtlsConfigSource
+	once                    sync.Once
+)
+
+// getMetadataMTLSAutoConfig returns mdsMTLSAutoConfigSource, which is backed by config from MDS with auto-refresh.
+func getMetadataMTLSAutoConfig() mtlsConfigSource {
+	once.Do(func() {
+		mdsMTLSAutoConfigSource = &reuseMTLSConfigSource{
+			src: &metadataMTLSAutoConfig{},
+		}
+	})
+	return mdsMTLSAutoConfigSource
+}
+
+// reuseMTLSConfigSource caches a valid version of mtlsConfig, and uses `src` to refresh upon config expiry.
+// It implements the mtlsConfigSource interface, so calling Config() on it returns an mtlsConfig.
+type reuseMTLSConfigSource struct {
+	src    mtlsConfigSource // src.Config() is called when config is expired
+	mu     sync.Mutex       // mutex guards config
+	config *mtlsConfig      // cached config
+}
+
+func (cs *reuseMTLSConfigSource) Config() (*mtlsConfig, error) {
+	cs.mu.Lock()
+	defer cs.mu.Unlock()
+
+	if cs.config.Valid() {
+		return cs.config, nil
+	}
+	c, err := cs.src.Config()
+	if err != nil {
+		return nil, err
+	}
+	cs.config = c
+	return c, nil
+}
+
+// metadataMTLSAutoConfig is an implementation of the interface mtlsConfigSource
+// It has the logic to query MDS and return an mtlsConfig
+type metadataMTLSAutoConfig struct{}
+
+var httpGetMetadataMTLSConfig = func() (string, error) {
+	return metadata.Get(configEndpointSuffix)
+}
+
+func (cs *metadataMTLSAutoConfig) Config() (*mtlsConfig, error) {
+	resp, err := httpGetMetadataMTLSConfig()
+	if err != nil {
+		log.Printf("querying MTLS config from MDS endpoint failed: %v", err)
+		return defaultMTLSConfig(), nil
+	}
+	var config mtlsConfig
+	err = json.Unmarshal([]byte(resp), &config)
+	if err != nil {
+		log.Printf("unmarshalling MTLS config from MDS endpoint failed: %v", err)
+		return defaultMTLSConfig(), nil
+	}
+
+	if config.S2A == nil {
+		log.Printf("returned MTLS config from MDS endpoint is invalid: %v", config)
+		return defaultMTLSConfig(), nil
+	}
+
+	// set new expiry
+	config.Expiry = time.Now().Add(configExpiry)
+	return &config, nil
+}
+
+func defaultMTLSConfig() *mtlsConfig {
+	return &mtlsConfig{
+		S2A: &s2aAddresses{
+			PlaintextAddress: "",
+			MTLSAddress:      "",
+		},
+		Expiry: time.Now().Add(configExpiry),
+	}
+}
+
+// s2aAddresses contains the plaintext and/or MTLS S2A addresses.
+type s2aAddresses struct {
+	// PlaintextAddress is the plaintext address to reach S2A
+	PlaintextAddress string `json:"plaintext_address"`
+	// MTLSAddress is the MTLS address to reach S2A
+	MTLSAddress string `json:"mtls_address"`
+}
+
+// mtlsConfig contains the configuration for establishing MTLS connections with Google APIs.
+type mtlsConfig struct {
+	S2A    *s2aAddresses `json:"s2a"`
+	Expiry time.Time
+}
+
+func (c *mtlsConfig) Valid() bool {
+	return c != nil && c.S2A != nil && !c.expired()
+}
+func (c *mtlsConfig) expired() bool {
+	return c.Expiry.Before(time.Now())
+}
diff --git a/vendor/google.golang.org/api/internal/settings.go b/vendor/google.golang.org/api/internal/settings.go
index 76efdb227..3a3874df1 100644
--- a/vendor/google.golang.org/api/internal/settings.go
+++ b/vendor/google.golang.org/api/internal/settings.go
@@ -46,6 +46,7 @@ type DialSettings struct {
 	SkipValidation                bool
 	ImpersonationConfig           *impersonate.Config
 	EnableDirectPath              bool
+	EnableDirectPathXds           bool
 	AllowNonDefaultServiceAccount bool
 
 	// Google API system parameters. For more information please read:
diff --git a/vendor/google.golang.org/api/internal/version.go b/vendor/google.golang.org/api/internal/version.go
index ea6cf7ff8..6fdda3b79 100644
--- a/vendor/google.golang.org/api/internal/version.go
+++ b/vendor/google.golang.org/api/internal/version.go
@@ -5,4 +5,4 @@
 package internal
 
 // Version is the current tagged release of the library.
-const Version = "0.111.0"
+const Version = "0.134.0"
diff --git a/vendor/google.golang.org/api/option/internaloption/internaloption.go b/vendor/google.golang.org/api/option/internaloption/internaloption.go
index cc7ebfe27..3b8461d1d 100644
--- a/vendor/google.golang.org/api/option/internaloption/internaloption.go
+++ b/vendor/google.golang.org/api/option/internaloption/internaloption.go
@@ -67,6 +67,21 @@ func (e enableDirectPath) Apply(o *internal.DialSettings) {
 	o.EnableDirectPath = bool(e)
 }
 
+// EnableDirectPathXds returns a ClientOption that overrides the default
+// DirectPath type. It is only valid when DirectPath is enabled.
+//
+// It should only be used internally by generated clients.
+// This is an EXPERIMENTAL API and may be changed or removed in the future.
+func EnableDirectPathXds() option.ClientOption {
+	return enableDirectPathXds(true)
+}
+
+type enableDirectPathXds bool
+
+func (x enableDirectPathXds) Apply(o *internal.DialSettings) {
+	o.EnableDirectPathXds = bool(x)
+}
+
 // AllowNonDefaultServiceAccount returns a ClientOption that overrides the default
 // requirement for using the default service account for DirectPath.
 //
diff --git a/vendor/google.golang.org/api/transport/grpc/dial.go b/vendor/google.golang.org/api/transport/grpc/dial.go
index efcc8e6c6..e1403e08e 100644
--- a/vendor/google.golang.org/api/transport/grpc/dial.go
+++ b/vendor/google.golang.org/api/transport/grpc/dial.go
@@ -9,7 +9,6 @@ package grpc
 
 import (
 	"context"
-	"crypto/tls"
 	"errors"
 	"log"
 	"net"
@@ -21,9 +20,7 @@ import (
 	"golang.org/x/oauth2"
 	"google.golang.org/api/internal"
 	"google.golang.org/api/option"
-	"google.golang.org/api/transport/internal/dca"
 	"google.golang.org/grpc"
-	"google.golang.org/grpc/credentials"
 	grpcgoogle "google.golang.org/grpc/credentials/google"
 	grpcinsecure "google.golang.org/grpc/credentials/insecure"
 	"google.golang.org/grpc/credentials/oauth"
@@ -123,18 +120,13 @@ func dial(ctx context.Context, insecure bool, o *internal.DialSettings) (*grpc.C
 	if o.GRPCConn != nil {
 		return o.GRPCConn, nil
 	}
-	clientCertSource, endpoint, err := dca.GetClientCertificateSourceAndEndpoint(o)
+	transportCreds, endpoint, err := internal.GetGRPCTransportConfigAndEndpoint(o)
 	if err != nil {
 		return nil, err
 	}
 
-	var transportCreds credentials.TransportCredentials
 	if insecure {
 		transportCreds = grpcinsecure.NewCredentials()
-	} else {
-		transportCreds = credentials.NewTLS(&tls.Config{
-			GetClientCertificate: clientCertSource,
-		})
 	}
 
 	// Initialize gRPC dial options with transport-level security options.
@@ -155,14 +147,10 @@ func dial(ctx context.Context, insecure bool, o *internal.DialSettings) (*grpc.C
 			return nil, err
 		}
 
-		if o.QuotaProject == "" {
-			o.QuotaProject = internal.QuotaProjectFromCreds(creds)
-		}
-
 		grpcOpts = append(grpcOpts,
 			grpc.WithPerRPCCredentials(grpcTokenSource{
 				TokenSource:   oauth.TokenSource{creds.TokenSource},
-				quotaProject:  o.QuotaProject,
+				quotaProject:  internal.GetQuotaProject(creds, o.QuotaProject),
 				requestReason: o.RequestReason,
 			}),
 		)
@@ -176,7 +164,7 @@ func dial(ctx context.Context, insecure bool, o *internal.DialSettings) (*grpc.C
 				grpcOpts = append(grpcOpts, timeoutDialerOption)
 			}
 			// Check if google-c2p resolver is enabled for DirectPath
-			if strings.EqualFold(os.Getenv(enableDirectPathXds), "true") {
+			if isDirectPathXdsUsed(o) {
 				// google-c2p resolver target must not have a port number
 				if addr, _, err := net.SplitHostPort(endpoint); err == nil {
 					endpoint = "google-c2p:///" + addr
@@ -263,6 +251,19 @@ func isDirectPathEnabled(endpoint string, o *internal.DialSettings) bool {
 	return true
 }
 
+func isDirectPathXdsUsed(o *internal.DialSettings) bool {
+	// Method 1: Enable DirectPath xDS by env;
+	if strings.EqualFold(os.Getenv(enableDirectPathXds), "true") {
+		return true
+	}
+	// Method 2: Enable DirectPath xDS by option;
+	if o.EnableDirectPathXds {
+		return true
+	}
+	return false
+
+}
+
 func isTokenSourceDirectPathCompatible(ts oauth2.TokenSource, o *internal.DialSettings) bool {
 	if ts == nil {
 		return false
diff --git a/vendor/google.golang.org/api/transport/http/dial.go b/vendor/google.golang.org/api/transport/http/dial.go
index 47568a406..eca0c3ba7 100644
--- a/vendor/google.golang.org/api/transport/http/dial.go
+++ b/vendor/google.golang.org/api/transport/http/dial.go
@@ -20,10 +20,9 @@ import (
 	"golang.org/x/oauth2"
 	"google.golang.org/api/googleapi/transport"
 	"google.golang.org/api/internal"
+	"google.golang.org/api/internal/cert"
 	"google.golang.org/api/option"
-	"google.golang.org/api/transport/cert"
 	"google.golang.org/api/transport/http/internal/propagation"
-	"google.golang.org/api/transport/internal/dca"
 )
 
 // NewClient returns an HTTP client for use communicating with a Google cloud
@@ -34,7 +33,7 @@ func NewClient(ctx context.Context, opts ...option.ClientOption) (*http.Client,
 	if err != nil {
 		return nil, "", err
 	}
-	clientCertSource, endpoint, err := dca.GetClientCertificateSourceAndEndpoint(settings)
+	clientCertSource, dialTLSContext, endpoint, err := internal.GetHTTPTransportConfigAndEndpoint(settings)
 	if err != nil {
 		return nil, "", err
 	}
@@ -42,7 +41,8 @@ func NewClient(ctx context.Context, opts ...option.ClientOption) (*http.Client,
 	if settings.HTTPClient != nil {
 		return settings.HTTPClient, endpoint, nil
 	}
-	trans, err := newTransport(ctx, defaultBaseTransport(ctx, clientCertSource), settings)
+
+	trans, err := newTransport(ctx, defaultBaseTransport(ctx, clientCertSource, dialTLSContext), settings)
 	if err != nil {
 		return nil, "", err
 	}
@@ -66,7 +66,6 @@ func newTransport(ctx context.Context, base http.RoundTripper, settings *interna
 	paramTransport := &parameterTransport{
 		base:          base,
 		userAgent:     settings.UserAgent,
-		quotaProject:  settings.QuotaProject,
 		requestReason: settings.RequestReason,
 	}
 	var trans http.RoundTripper = paramTransport
@@ -75,6 +74,7 @@ func newTransport(ctx context.Context, base http.RoundTripper, settings *interna
 	case settings.NoAuth:
 		// Do nothing.
 	case settings.APIKey != "":
+		paramTransport.quotaProject = internal.GetQuotaProject(nil, settings.QuotaProject)
 		trans = &transport.APIKey{
 			Transport: trans,
 			Key:       settings.APIKey,
@@ -84,10 +84,7 @@ func newTransport(ctx context.Context, base http.RoundTripper, settings *interna
 		if err != nil {
 			return nil, err
 		}
-		if paramTransport.quotaProject == "" {
-			paramTransport.quotaProject = internal.QuotaProjectFromCreds(creds)
-		}
-
+		paramTransport.quotaProject = internal.GetQuotaProject(creds, settings.QuotaProject)
 		ts := creds.TokenSource
 		if settings.ImpersonationConfig == nil && settings.TokenSource != nil {
 			ts = settings.TokenSource
@@ -156,7 +153,7 @@ var appengineUrlfetchHook func(context.Context) http.RoundTripper
 // Otherwise, use a default transport, taking most defaults from
 // http.DefaultTransport.
 // If TLSCertificate is available, set TLSClientConfig as well.
-func defaultBaseTransport(ctx context.Context, clientCertSource cert.Source) http.RoundTripper {
+func defaultBaseTransport(ctx context.Context, clientCertSource cert.Source, dialTLSContext func(context.Context, string, string) (net.Conn, error)) http.RoundTripper {
 	if appengineUrlfetchHook != nil {
 		return appengineUrlfetchHook(ctx)
 	}
@@ -175,6 +172,10 @@ func defaultBaseTransport(ctx context.Context, clientCertSource cert.Source) htt
 			GetClientCertificate: clientCertSource,
 		}
 	}
+	if dialTLSContext != nil {
+		// If DialTLSContext is set, TLSClientConfig wil be ignored
+		trans.DialTLSContext = dialTLSContext
+	}
 
 	configureHTTP2(trans)
 
diff --git a/vendor/google.golang.org/api/transport/internal/dca/dca.go b/vendor/google.golang.org/api/transport/internal/dca/dca.go
deleted file mode 100644
index 78004f047..000000000
--- a/vendor/google.golang.org/api/transport/internal/dca/dca.go
+++ /dev/null
@@ -1,143 +0,0 @@
-// Copyright 2020 Google LLC.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package dca contains utils for implementing Device Certificate
-// Authentication according to https://google.aip.dev/auth/4114
-//
-// The overall logic for DCA is as follows:
-//  1. If both endpoint override and client certificate are specified, use them as is.
-//  2. If user does not specify client certificate, we will attempt to use default
-//     client certificate.
-//  3. If user does not specify endpoint override, we will use defaultMtlsEndpoint if
-//     client certificate is available and defaultEndpoint otherwise.
-//
-// Implications of the above logic:
-//  1. If the user specifies a non-mTLS endpoint override but client certificate is
-//     available, we will pass along the cert anyway and let the server decide what to do.
-//  2. If the user specifies an mTLS endpoint override but client certificate is not
-//     available, we will not fail-fast, but let backend throw error when connecting.
-//
-// We would like to avoid introducing client-side logic that parses whether the
-// endpoint override is an mTLS url, since the url pattern may change at anytime.
-//
-// This package is not intended for use by end developers. Use the
-// google.golang.org/api/option package to configure API clients.
-package dca
-
-import (
-	"net/url"
-	"os"
-	"strings"
-
-	"google.golang.org/api/internal"
-	"google.golang.org/api/transport/cert"
-)
-
-const (
-	mTLSModeAlways = "always"
-	mTLSModeNever  = "never"
-	mTLSModeAuto   = "auto"
-)
-
-// GetClientCertificateSourceAndEndpoint is a convenience function that invokes
-// getClientCertificateSource and getEndpoint sequentially and returns the client
-// cert source and endpoint as a tuple.
-func GetClientCertificateSourceAndEndpoint(settings *internal.DialSettings) (cert.Source, string, error) {
-	clientCertSource, err := getClientCertificateSource(settings)
-	if err != nil {
-		return nil, "", err
-	}
-	endpoint, err := getEndpoint(settings, clientCertSource)
-	if err != nil {
-		return nil, "", err
-	}
-	return clientCertSource, endpoint, nil
-}
-
-// getClientCertificateSource returns a default client certificate source, if
-// not provided by the user.
-//
-// A nil default source can be returned if the source does not exist. Any exceptions
-// encountered while initializing the default source will be reported as client
-// error (ex. corrupt metadata file).
-//
-// Important Note: For now, the environment variable GOOGLE_API_USE_CLIENT_CERTIFICATE
-// must be set to "true" to allow certificate to be used (including user provided
-// certificates). For details, see AIP-4114.
-func getClientCertificateSource(settings *internal.DialSettings) (cert.Source, error) {
-	if !isClientCertificateEnabled() {
-		return nil, nil
-	} else if settings.ClientCertSource != nil {
-		return settings.ClientCertSource, nil
-	} else {
-		return cert.DefaultSource()
-	}
-}
-
-func isClientCertificateEnabled() bool {
-	useClientCert := os.Getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE")
-	// TODO(andyrzhao): Update default to return "true" after DCA feature is fully released.
-	return strings.ToLower(useClientCert) == "true"
-}
-
-// getEndpoint returns the endpoint for the service, taking into account the
-// user-provided endpoint override "settings.Endpoint".
-//
-// If no endpoint override is specified, we will either return the default endpoint or
-// the default mTLS endpoint if a client certificate is available.
-//
-// You can override the default endpoint choice (mtls vs. regular) by setting the
-// GOOGLE_API_USE_MTLS_ENDPOINT environment variable.
-//
-// If the endpoint override is an address (host:port) rather than full base
-// URL (ex. https://...), then the user-provided address will be merged into
-// the default endpoint. For example, WithEndpoint("myhost:8000") and
-// WithDefaultEndpoint("https://foo.com/bar/baz") will return "https://myhost:8080/bar/baz"
-func getEndpoint(settings *internal.DialSettings, clientCertSource cert.Source) (string, error) {
-	if settings.Endpoint == "" {
-		mtlsMode := getMTLSMode()
-		if mtlsMode == mTLSModeAlways || (clientCertSource != nil && mtlsMode == mTLSModeAuto) {
-			return settings.DefaultMTLSEndpoint, nil
-		}
-		return settings.DefaultEndpoint, nil
-	}
-	if strings.Contains(settings.Endpoint, "://") {
-		// User passed in a full URL path, use it verbatim.
-		return settings.Endpoint, nil
-	}
-	if settings.DefaultEndpoint == "" {
-		// If DefaultEndpoint is not configured, use the user provided endpoint verbatim.
-		// This allows a naked "host[:port]" URL to be used with GRPC Direct Path.
-		return settings.Endpoint, nil
-	}
-
-	// Assume user-provided endpoint is host[:port], merge it with the default endpoint.
-	return mergeEndpoints(settings.DefaultEndpoint, settings.Endpoint)
-}
-
-func getMTLSMode() string {
-	mode := os.Getenv("GOOGLE_API_USE_MTLS_ENDPOINT")
-	if mode == "" {
-		mode = os.Getenv("GOOGLE_API_USE_MTLS") // Deprecated.
-	}
-	if mode == "" {
-		return mTLSModeAuto
-	}
-	return strings.ToLower(mode)
-}
-
-func mergeEndpoints(baseURL, newHost string) (string, error) {
-	u, err := url.Parse(fixScheme(baseURL))
-	if err != nil {
-		return "", err
-	}
-	return strings.Replace(baseURL, u.Host, newHost, 1), nil
-}
-
-func fixScheme(baseURL string) string {
-	if !strings.Contains(baseURL, "://") {
-		return "https://" + baseURL
-	}
-	return baseURL
-}
diff --git a/vendor/google.golang.org/genproto/googleapis/api/LICENSE b/vendor/google.golang.org/genproto/googleapis/api/LICENSE
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/vendor/google.golang.org/genproto/googleapis/api/LICENSE
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/client.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/client.pb.go
index 4c91534d5..83774fbcb 100644
--- a/vendor/google.golang.org/genproto/googleapis/api/annotations/client.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/client.pb.go
@@ -1,4 +1,4 @@
-// Copyright 2018 Google LLC
+// Copyright 2023 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -15,7 +15,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v3.21.9
+// 	protoc        v3.21.12
 // source: google/api/client.proto
 
 package annotations
@@ -53,6 +53,12 @@ const (
 	ClientLibraryOrganization_PHOTOS ClientLibraryOrganization = 3
 	// Street View Org.
 	ClientLibraryOrganization_STREET_VIEW ClientLibraryOrganization = 4
+	// Shopping Org.
+	ClientLibraryOrganization_SHOPPING ClientLibraryOrganization = 5
+	// Geo Org.
+	ClientLibraryOrganization_GEO ClientLibraryOrganization = 6
+	// Generative AI - https://developers.generativeai.google
+	ClientLibraryOrganization_GENERATIVE_AI ClientLibraryOrganization = 7
 )
 
 // Enum value maps for ClientLibraryOrganization.
@@ -63,13 +69,19 @@ var (
 		2: "ADS",
 		3: "PHOTOS",
 		4: "STREET_VIEW",
+		5: "SHOPPING",
+		6: "GEO",
+		7: "GENERATIVE_AI",
 	}
 	ClientLibraryOrganization_value = map[string]int32{
 		"CLIENT_LIBRARY_ORGANIZATION_UNSPECIFIED": 0,
-		"CLOUD":       1,
-		"ADS":         2,
-		"PHOTOS":      3,
-		"STREET_VIEW": 4,
+		"CLOUD":         1,
+		"ADS":           2,
+		"PHOTOS":        3,
+		"STREET_VIEW":   4,
+		"SHOPPING":      5,
+		"GEO":           6,
+		"GENERATIVE_AI": 7,
 	}
 )
 
@@ -223,7 +235,9 @@ type ClientLibrarySettings struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	// Version of the API to apply these settings to.
+	// Version of the API to apply these settings to. This is the full protobuf
+	// package for the API, ending in the version element.
+	// Examples: "google.cloud.speech.v1" and "google.spanner.admin.database.v1".
 	Version string `protobuf:"bytes,1,opt,name=version,proto3" json:"version,omitempty"`
 	// Launch stage of this version of the API.
 	LaunchStage api.LaunchStage `protobuf:"varint,2,opt,name=launch_stage,json=launchStage,proto3,enum=google.api.LaunchStage" json:"launch_stage,omitempty"`
@@ -368,7 +382,7 @@ type Publishing struct {
 	// A list of API method settings, e.g. the behavior for methods that use the
 	// long-running operation pattern.
 	MethodSettings []*MethodSettings `protobuf:"bytes,2,rep,name=method_settings,json=methodSettings,proto3" json:"method_settings,omitempty"`
-	// Link to a place that API users can report issues.  Example:
+	// Link to a *public* URI where users can report issues.  Example:
 	// https://issuetracker.google.com/issues/new?component=190865&template=1161103
 	NewIssueUri string `protobuf:"bytes,101,opt,name=new_issue_uri,json=newIssueUri,proto3" json:"new_issue_uri,omitempty"`
 	// Link to product home page.  Example:
@@ -392,6 +406,9 @@ type Publishing struct {
 	// times in this list, then the last one wins.  Settings from earlier
 	// settings with the same version string are discarded.
 	LibrarySettings []*ClientLibrarySettings `protobuf:"bytes,109,rep,name=library_settings,json=librarySettings,proto3" json:"library_settings,omitempty"`
+	// Optional link to proto reference documentation.  Example:
+	// https://cloud.google.com/pubsub/lite/docs/reference/rpc
+	ProtoReferenceDocumentationUri string `protobuf:"bytes,110,opt,name=proto_reference_documentation_uri,json=protoReferenceDocumentationUri,proto3" json:"proto_reference_documentation_uri,omitempty"`
 }
 
 func (x *Publishing) Reset() {
@@ -489,6 +506,13 @@ func (x *Publishing) GetLibrarySettings() []*ClientLibrarySettings {
 	return nil
 }
 
+func (x *Publishing) GetProtoReferenceDocumentationUri() string {
+	if x != nil {
+		return x.ProtoReferenceDocumentationUri
+	}
+	return ""
+}
+
 // Settings for Java client libraries.
 type JavaSettings struct {
 	state         protoimpl.MessageState
@@ -783,6 +807,31 @@ type DotnetSettings struct {
 
 	// Some settings.
 	Common *CommonLanguageSettings `protobuf:"bytes,1,opt,name=common,proto3" json:"common,omitempty"`
+	// Map from original service names to renamed versions.
+	// This is used when the default generated types
+	// would cause a naming conflict. (Neither name is
+	// fully-qualified.)
+	// Example: Subscriber to SubscriberServiceApi.
+	RenamedServices map[string]string `protobuf:"bytes,2,rep,name=renamed_services,json=renamedServices,proto3" json:"renamed_services,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	// Map from full resource types to the effective short name
+	// for the resource. This is used when otherwise resource
+	// named from different services would cause naming collisions.
+	// Example entry:
+	// "datalabeling.googleapis.com/Dataset": "DataLabelingDataset"
+	RenamedResources map[string]string `protobuf:"bytes,3,rep,name=renamed_resources,json=renamedResources,proto3" json:"renamed_resources,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	// List of full resource types to ignore during generation.
+	// This is typically used for API-specific Location resources,
+	// which should be handled by the generator as if they were actually
+	// the common Location resources.
+	// Example entry: "documentai.googleapis.com/Location"
+	IgnoredResources []string `protobuf:"bytes,4,rep,name=ignored_resources,json=ignoredResources,proto3" json:"ignored_resources,omitempty"`
+	// Namespaces which must be aliased in snippets due to
+	// a known (but non-generator-predictable) naming collision
+	ForcedNamespaceAliases []string `protobuf:"bytes,5,rep,name=forced_namespace_aliases,json=forcedNamespaceAliases,proto3" json:"forced_namespace_aliases,omitempty"`
+	// Method signatures (in the form "service.method(signature)")
+	// which are provided separately, so shouldn't be generated.
+	// Snippets *calling* these methods are still generated, however.
+	HandwrittenSignatures []string `protobuf:"bytes,6,rep,name=handwritten_signatures,json=handwrittenSignatures,proto3" json:"handwritten_signatures,omitempty"`
 }
 
 func (x *DotnetSettings) Reset() {
@@ -824,6 +873,41 @@ func (x *DotnetSettings) GetCommon() *CommonLanguageSettings {
 	return nil
 }
 
+func (x *DotnetSettings) GetRenamedServices() map[string]string {
+	if x != nil {
+		return x.RenamedServices
+	}
+	return nil
+}
+
+func (x *DotnetSettings) GetRenamedResources() map[string]string {
+	if x != nil {
+		return x.RenamedResources
+	}
+	return nil
+}
+
+func (x *DotnetSettings) GetIgnoredResources() []string {
+	if x != nil {
+		return x.IgnoredResources
+	}
+	return nil
+}
+
+func (x *DotnetSettings) GetForcedNamespaceAliases() []string {
+	if x != nil {
+		return x.ForcedNamespaceAliases
+	}
+	return nil
+}
+
+func (x *DotnetSettings) GetHandwrittenSignatures() []string {
+	if x != nil {
+		return x.HandwrittenSignatures
+	}
+	return nil
+}
+
 // Settings for Ruby client libraries.
 type RubySettings struct {
 	state         protoimpl.MessageState
@@ -938,8 +1022,8 @@ type MethodSettings struct {
 	// Example of a YAML configuration::
 	//
 	//	publishing:
-	//	  method_behavior:
-	//	    - selector: CreateAdDomain
+	//	  method_settings:
+	//	    - selector: google.cloud.speech.v2.Speech.BatchRecognize
 	//	      long_running:
 	//	        initial_poll_delay:
 	//	          seconds: 60 # 1 minute
@@ -1025,7 +1109,7 @@ type MethodSettings_LongRunning struct {
 func (x *MethodSettings_LongRunning) Reset() {
 	*x = MethodSettings_LongRunning{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_google_api_client_proto_msgTypes[13]
+		mi := &file_google_api_client_proto_msgTypes[15]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1038,7 +1122,7 @@ func (x *MethodSettings_LongRunning) String() string {
 func (*MethodSettings_LongRunning) ProtoMessage() {}
 
 func (x *MethodSettings_LongRunning) ProtoReflect() protoreflect.Message {
-	mi := &file_google_api_client_proto_msgTypes[13]
+	mi := &file_google_api_client_proto_msgTypes[15]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1252,7 +1336,7 @@ var file_google_api_client_proto_rawDesc = []byte{
 	0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x1c, 0x20, 0x01, 0x28, 0x0b, 0x32,
 	0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x47, 0x6f, 0x53,
 	0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0a, 0x67, 0x6f, 0x53, 0x65, 0x74, 0x74, 0x69,
-	0x6e, 0x67, 0x73, 0x22, 0xe0, 0x03, 0x0a, 0x0a, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x69,
+	0x6e, 0x67, 0x73, 0x22, 0xab, 0x04, 0x0a, 0x0a, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x69,
 	0x6e, 0x67, 0x12, 0x43, 0x0a, 0x0f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x5f, 0x73, 0x65, 0x74,
 	0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f,
 	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53,
@@ -1282,118 +1366,155 @@ var file_google_api_client_proto_rawDesc = []byte{
 	0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e,
 	0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x53, 0x65, 0x74,
 	0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0f, 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x53, 0x65,
-	0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x22, 0x9a, 0x02, 0x0a, 0x0c, 0x4a, 0x61, 0x76, 0x61, 0x53,
-	0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x6c, 0x69, 0x62, 0x72, 0x61,
-	0x72, 0x79, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x0e, 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65,
-	0x12, 0x5f, 0x0a, 0x13, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x63, 0x6c, 0x61, 0x73,
-	0x73, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4a, 0x61, 0x76, 0x61, 0x53,
-	0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43,
-	0x6c, 0x61, 0x73, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x11,
-	0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x4e, 0x61, 0x6d, 0x65,
-	0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43,
-	0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74,
-	0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x1a, 0x44, 0x0a,
-	0x16, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x4e, 0x61, 0x6d,
-	0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c,
-	0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a,
-	0x02, 0x38, 0x01, 0x22, 0x49, 0x0a, 0x0b, 0x43, 0x70, 0x70, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e,
-	0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e,
-	0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65,
-	0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x49,
-	0x0a, 0x0b, 0x50, 0x68, 0x70, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a,
+	0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x49, 0x0a, 0x21, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x5f,
+	0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x5f, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65,
+	0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x6e, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x1e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63,
+	0x65, 0x44, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x72,
+	0x69, 0x22, 0x9a, 0x02, 0x0a, 0x0c, 0x4a, 0x61, 0x76, 0x61, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e,
+	0x67, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x5f, 0x70, 0x61,
+	0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x6c, 0x69, 0x62,
+	0x72, 0x61, 0x72, 0x79, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x5f, 0x0a, 0x13, 0x73,
+	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x5f, 0x6e, 0x61, 0x6d,
+	0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4a, 0x61, 0x76, 0x61, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e,
+	0x67, 0x73, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x4e,
+	0x61, 0x6d, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x11, 0x73, 0x65, 0x72, 0x76, 0x69,
+	0x63, 0x65, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x06,
+	0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e,
+	0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73,
+	0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x1a, 0x44, 0x0a, 0x16, 0x53, 0x65, 0x72, 0x76,
+	0x69, 0x63, 0x65, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x45, 0x6e, 0x74,
+	0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x49,
+	0x0a, 0x0b, 0x43, 0x70, 0x70, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a,
 	0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e,
 	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f,
 	0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67,
-	0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x4c, 0x0a, 0x0e, 0x50, 0x79, 0x74,
-	0x68, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63,
-	0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c,
-	0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52,
-	0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x4a, 0x0a, 0x0c, 0x4e, 0x6f, 0x64, 0x65, 0x53,
-	0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f,
-	0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75,
-	0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d,
-	0x6d, 0x6f, 0x6e, 0x22, 0x4c, 0x0a, 0x0e, 0x44, 0x6f, 0x74, 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74,
-	0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61,
-	0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67,
-	0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f,
-	0x6e, 0x22, 0x4a, 0x0a, 0x0c, 0x52, 0x75, 0x62, 0x79, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67,
+	0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x49, 0x0a, 0x0b, 0x50, 0x68, 0x70,
+	0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d,
+	0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67,
+	0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f,
+	0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x4c, 0x0a, 0x0e, 0x50, 0x79, 0x74, 0x68, 0x6f, 0x6e, 0x53, 0x65,
+	0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61,
+	0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d,
+	0x6f, 0x6e, 0x22, 0x4a, 0x0a, 0x0c, 0x4e, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e,
+	0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e,
+	0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65,
+	0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0xae,
+	0x04, 0x0a, 0x0e, 0x44, 0x6f, 0x74, 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67,
 	0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28,
 	0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43,
 	0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74,
-	0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x48, 0x0a,
-	0x0a, 0x47, 0x6f, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63,
-	0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c,
-	0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52,
-	0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x8e, 0x03, 0x0a, 0x0e, 0x4d, 0x65, 0x74, 0x68,
-	0x6f, 0x64, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x65,
-	0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x65,
-	0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x49, 0x0a, 0x0c, 0x6c, 0x6f, 0x6e, 0x67, 0x5f, 0x72,
-	0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64,
-	0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x4c, 0x6f, 0x6e, 0x67, 0x52, 0x75, 0x6e,
-	0x6e, 0x69, 0x6e, 0x67, 0x52, 0x0b, 0x6c, 0x6f, 0x6e, 0x67, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e,
-	0x67, 0x1a, 0x94, 0x02, 0x0a, 0x0b, 0x4c, 0x6f, 0x6e, 0x67, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e,
-	0x67, 0x12, 0x47, 0x0a, 0x12, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x70, 0x6f, 0x6c,
-	0x6c, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
-	0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61,
-	0x6c, 0x50, 0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x32, 0x0a, 0x15, 0x70, 0x6f,
-	0x6c, 0x6c, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x5f, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c,
-	0x69, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x02, 0x52, 0x13, 0x70, 0x6f, 0x6c, 0x6c, 0x44,
-	0x65, 0x6c, 0x61, 0x79, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x69, 0x65, 0x72, 0x12, 0x3f,
-	0x0a, 0x0e, 0x6d, 0x61, 0x78, 0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x52, 0x0c, 0x6d, 0x61, 0x78, 0x50, 0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12,
-	0x47, 0x0a, 0x12, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x74, 0x69,
-	0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f,
+	0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x12, 0x5a, 0x0a,
+	0x10, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
+	0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x61, 0x70, 0x69, 0x2e, 0x44, 0x6f, 0x74, 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69,
+	0x6e, 0x67, 0x73, 0x2e, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69,
+	0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0f, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65,
+	0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x5d, 0x0a, 0x11, 0x72, 0x65, 0x6e,
+	0x61, 0x6d, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x03,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70,
+	0x69, 0x2e, 0x44, 0x6f, 0x74, 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73,
+	0x2e, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
+	0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x10, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x52,
+	0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x69, 0x67, 0x6e, 0x6f,
+	0x72, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x04, 0x20,
+	0x03, 0x28, 0x09, 0x52, 0x10, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f,
+	0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x38, 0x0a, 0x18, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x64, 0x5f,
+	0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x61, 0x6c, 0x69, 0x61, 0x73, 0x65,
+	0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x16, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x64, 0x4e,
+	0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x65, 0x73, 0x12,
+	0x35, 0x0a, 0x16, 0x68, 0x61, 0x6e, 0x64, 0x77, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x5f, 0x73,
+	0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52,
+	0x15, 0x68, 0x61, 0x6e, 0x64, 0x77, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x53, 0x69, 0x67, 0x6e,
+	0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x1a, 0x42, 0x0a, 0x14, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65,
+	0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10,
+	0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79,
+	0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x43, 0x0a, 0x15, 0x52, 0x65,
+	0x6e, 0x61, 0x6d, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x45, 0x6e,
+	0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22,
+	0x4a, 0x0a, 0x0c, 0x52, 0x75, 0x62, 0x79, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12,
+	0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d,
+	0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69,
+	0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x48, 0x0a, 0x0a, 0x47,
+	0x6f, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d,
+	0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e,
+	0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63,
+	0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x8e, 0x03, 0x0a, 0x0e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64,
+	0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x65, 0x6c, 0x65,
+	0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x65, 0x6c, 0x65,
+	0x63, 0x74, 0x6f, 0x72, 0x12, 0x49, 0x0a, 0x0c, 0x6c, 0x6f, 0x6e, 0x67, 0x5f, 0x72, 0x75, 0x6e,
+	0x6e, 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, 0x65,
+	0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x4c, 0x6f, 0x6e, 0x67, 0x52, 0x75, 0x6e, 0x6e, 0x69,
+	0x6e, 0x67, 0x52, 0x0b, 0x6c, 0x6f, 0x6e, 0x67, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x1a,
+	0x94, 0x02, 0x0a, 0x0b, 0x4c, 0x6f, 0x6e, 0x67, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x12,
+	0x47, 0x0a, 0x12, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f,
+	0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f,
 	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75,
-	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x50, 0x6f, 0x6c,
-	0x6c, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x2a, 0x79, 0x0a, 0x19, 0x43, 0x6c, 0x69, 0x65,
-	0x6e, 0x74, 0x4c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2b, 0x0a, 0x27, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f,
-	0x4c, 0x49, 0x42, 0x52, 0x41, 0x52, 0x59, 0x5f, 0x4f, 0x52, 0x47, 0x41, 0x4e, 0x49, 0x5a, 0x41,
-	0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44,
-	0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x43, 0x4c, 0x4f, 0x55, 0x44, 0x10, 0x01, 0x12, 0x07, 0x0a,
-	0x03, 0x41, 0x44, 0x53, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x50, 0x48, 0x4f, 0x54, 0x4f, 0x53,
-	0x10, 0x03, 0x12, 0x0f, 0x0a, 0x0b, 0x53, 0x54, 0x52, 0x45, 0x45, 0x54, 0x5f, 0x56, 0x49, 0x45,
-	0x57, 0x10, 0x04, 0x2a, 0x67, 0x0a, 0x18, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x62,
-	0x72, 0x61, 0x72, 0x79, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12,
-	0x2a, 0x0a, 0x26, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x4c, 0x49, 0x42, 0x52, 0x41, 0x52,
-	0x59, 0x5f, 0x44, 0x45, 0x53, 0x54, 0x49, 0x4e, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e,
-	0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x47,
-	0x49, 0x54, 0x48, 0x55, 0x42, 0x10, 0x0a, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x41, 0x43, 0x4b, 0x41,
-	0x47, 0x45, 0x5f, 0x4d, 0x41, 0x4e, 0x41, 0x47, 0x45, 0x52, 0x10, 0x14, 0x3a, 0x4a, 0x0a, 0x10,
-	0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65,
-	0x12, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
-	0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x18, 0x9b, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53,
-	0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x3a, 0x43, 0x0a, 0x0c, 0x64, 0x65, 0x66, 0x61,
-	0x75, 0x6c, 0x74, 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69,
-	0x63, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x99, 0x08, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x0b, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x3a, 0x43, 0x0a,
-	0x0c, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x12, 0x1f, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
-	0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9a,
-	0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x53, 0x63, 0x6f, 0x70,
-	0x65, 0x73, 0x42, 0x69, 0x0a, 0x0e, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x61, 0x70, 0x69, 0x42, 0x0b, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x74,
-	0x6f, 0x50, 0x01, 0x5a, 0x41, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61,
-	0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61,
-	0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x3b, 0x61, 0x6e, 0x6e, 0x6f, 0x74,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0xa2, 0x02, 0x04, 0x47, 0x41, 0x50, 0x49, 0x62, 0x06, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x50,
+	0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x32, 0x0a, 0x15, 0x70, 0x6f, 0x6c, 0x6c,
+	0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x5f, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x69, 0x65,
+	0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x02, 0x52, 0x13, 0x70, 0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x6c,
+	0x61, 0x79, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x69, 0x65, 0x72, 0x12, 0x3f, 0x0a, 0x0e,
+	0x6d, 0x61, 0x78, 0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
+	0x0c, 0x6d, 0x61, 0x78, 0x50, 0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x47, 0x0a,
+	0x12, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x74, 0x69, 0x6d, 0x65,
+	0x6f, 0x75, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x50, 0x6f, 0x6c, 0x6c, 0x54,
+	0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x2a, 0xa3, 0x01, 0x0a, 0x19, 0x43, 0x6c, 0x69, 0x65, 0x6e,
+	0x74, 0x4c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2b, 0x0a, 0x27, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x4c,
+	0x49, 0x42, 0x52, 0x41, 0x52, 0x59, 0x5f, 0x4f, 0x52, 0x47, 0x41, 0x4e, 0x49, 0x5a, 0x41, 0x54,
+	0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10,
+	0x00, 0x12, 0x09, 0x0a, 0x05, 0x43, 0x4c, 0x4f, 0x55, 0x44, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03,
+	0x41, 0x44, 0x53, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x50, 0x48, 0x4f, 0x54, 0x4f, 0x53, 0x10,
+	0x03, 0x12, 0x0f, 0x0a, 0x0b, 0x53, 0x54, 0x52, 0x45, 0x45, 0x54, 0x5f, 0x56, 0x49, 0x45, 0x57,
+	0x10, 0x04, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x4f, 0x50, 0x50, 0x49, 0x4e, 0x47, 0x10, 0x05,
+	0x12, 0x07, 0x0a, 0x03, 0x47, 0x45, 0x4f, 0x10, 0x06, 0x12, 0x11, 0x0a, 0x0d, 0x47, 0x45, 0x4e,
+	0x45, 0x52, 0x41, 0x54, 0x49, 0x56, 0x45, 0x5f, 0x41, 0x49, 0x10, 0x07, 0x2a, 0x67, 0x0a, 0x18,
+	0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x44, 0x65, 0x73,
+	0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2a, 0x0a, 0x26, 0x43, 0x4c, 0x49, 0x45,
+	0x4e, 0x54, 0x5f, 0x4c, 0x49, 0x42, 0x52, 0x41, 0x52, 0x59, 0x5f, 0x44, 0x45, 0x53, 0x54, 0x49,
+	0x4e, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49,
+	0x45, 0x44, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x47, 0x49, 0x54, 0x48, 0x55, 0x42, 0x10, 0x0a,
+	0x12, 0x13, 0x0a, 0x0f, 0x50, 0x41, 0x43, 0x4b, 0x41, 0x47, 0x45, 0x5f, 0x4d, 0x41, 0x4e, 0x41,
+	0x47, 0x45, 0x52, 0x10, 0x14, 0x3a, 0x4a, 0x0a, 0x10, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x5f,
+	0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x12, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68,
+	0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9b, 0x08, 0x20, 0x03, 0x28, 0x09,
+	0x52, 0x0f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72,
+	0x65, 0x3a, 0x43, 0x0a, 0x0c, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x68, 0x6f, 0x73,
+	0x74, 0x12, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x73, 0x18, 0x99, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x66, 0x61, 0x75,
+	0x6c, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x3a, 0x43, 0x0a, 0x0c, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x5f,
+	0x73, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x12, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
+	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9a, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b,
+	0x6f, 0x61, 0x75, 0x74, 0x68, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x42, 0x69, 0x0a, 0x0e, 0x63,
+	0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x42, 0x0b, 0x43,
+	0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x41, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f,
+	0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61,
+	0x70, 0x69, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x3b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0xa2,
+	0x02, 0x04, 0x47, 0x41, 0x50, 0x49, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -1409,7 +1530,7 @@ func file_google_api_client_proto_rawDescGZIP() []byte {
 }
 
 var file_google_api_client_proto_enumTypes = make([]protoimpl.EnumInfo, 2)
-var file_google_api_client_proto_msgTypes = make([]protoimpl.MessageInfo, 14)
+var file_google_api_client_proto_msgTypes = make([]protoimpl.MessageInfo, 16)
 var file_google_api_client_proto_goTypes = []interface{}{
 	(ClientLibraryOrganization)(0),      // 0: google.api.ClientLibraryOrganization
 	(ClientLibraryDestination)(0),       // 1: google.api.ClientLibraryDestination
@@ -1426,15 +1547,17 @@ var file_google_api_client_proto_goTypes = []interface{}{
 	(*GoSettings)(nil),                  // 12: google.api.GoSettings
 	(*MethodSettings)(nil),              // 13: google.api.MethodSettings
 	nil,                                 // 14: google.api.JavaSettings.ServiceClassNamesEntry
-	(*MethodSettings_LongRunning)(nil),  // 15: google.api.MethodSettings.LongRunning
-	(api.LaunchStage)(0),                // 16: google.api.LaunchStage
-	(*durationpb.Duration)(nil),         // 17: google.protobuf.Duration
-	(*descriptorpb.MethodOptions)(nil),  // 18: google.protobuf.MethodOptions
-	(*descriptorpb.ServiceOptions)(nil), // 19: google.protobuf.ServiceOptions
+	nil,                                 // 15: google.api.DotnetSettings.RenamedServicesEntry
+	nil,                                 // 16: google.api.DotnetSettings.RenamedResourcesEntry
+	(*MethodSettings_LongRunning)(nil),  // 17: google.api.MethodSettings.LongRunning
+	(api.LaunchStage)(0),                // 18: google.api.LaunchStage
+	(*durationpb.Duration)(nil),         // 19: google.protobuf.Duration
+	(*descriptorpb.MethodOptions)(nil),  // 20: google.protobuf.MethodOptions
+	(*descriptorpb.ServiceOptions)(nil), // 21: google.protobuf.ServiceOptions
 }
 var file_google_api_client_proto_depIdxs = []int32{
 	1,  // 0: google.api.CommonLanguageSettings.destinations:type_name -> google.api.ClientLibraryDestination
-	16, // 1: google.api.ClientLibrarySettings.launch_stage:type_name -> google.api.LaunchStage
+	18, // 1: google.api.ClientLibrarySettings.launch_stage:type_name -> google.api.LaunchStage
 	5,  // 2: google.api.ClientLibrarySettings.java_settings:type_name -> google.api.JavaSettings
 	6,  // 3: google.api.ClientLibrarySettings.cpp_settings:type_name -> google.api.CppSettings
 	7,  // 4: google.api.ClientLibrarySettings.php_settings:type_name -> google.api.PhpSettings
@@ -1453,20 +1576,22 @@ var file_google_api_client_proto_depIdxs = []int32{
 	2,  // 17: google.api.PythonSettings.common:type_name -> google.api.CommonLanguageSettings
 	2,  // 18: google.api.NodeSettings.common:type_name -> google.api.CommonLanguageSettings
 	2,  // 19: google.api.DotnetSettings.common:type_name -> google.api.CommonLanguageSettings
-	2,  // 20: google.api.RubySettings.common:type_name -> google.api.CommonLanguageSettings
-	2,  // 21: google.api.GoSettings.common:type_name -> google.api.CommonLanguageSettings
-	15, // 22: google.api.MethodSettings.long_running:type_name -> google.api.MethodSettings.LongRunning
-	17, // 23: google.api.MethodSettings.LongRunning.initial_poll_delay:type_name -> google.protobuf.Duration
-	17, // 24: google.api.MethodSettings.LongRunning.max_poll_delay:type_name -> google.protobuf.Duration
-	17, // 25: google.api.MethodSettings.LongRunning.total_poll_timeout:type_name -> google.protobuf.Duration
-	18, // 26: google.api.method_signature:extendee -> google.protobuf.MethodOptions
-	19, // 27: google.api.default_host:extendee -> google.protobuf.ServiceOptions
-	19, // 28: google.api.oauth_scopes:extendee -> google.protobuf.ServiceOptions
-	29, // [29:29] is the sub-list for method output_type
-	29, // [29:29] is the sub-list for method input_type
-	29, // [29:29] is the sub-list for extension type_name
-	26, // [26:29] is the sub-list for extension extendee
-	0,  // [0:26] is the sub-list for field type_name
+	15, // 20: google.api.DotnetSettings.renamed_services:type_name -> google.api.DotnetSettings.RenamedServicesEntry
+	16, // 21: google.api.DotnetSettings.renamed_resources:type_name -> google.api.DotnetSettings.RenamedResourcesEntry
+	2,  // 22: google.api.RubySettings.common:type_name -> google.api.CommonLanguageSettings
+	2,  // 23: google.api.GoSettings.common:type_name -> google.api.CommonLanguageSettings
+	17, // 24: google.api.MethodSettings.long_running:type_name -> google.api.MethodSettings.LongRunning
+	19, // 25: google.api.MethodSettings.LongRunning.initial_poll_delay:type_name -> google.protobuf.Duration
+	19, // 26: google.api.MethodSettings.LongRunning.max_poll_delay:type_name -> google.protobuf.Duration
+	19, // 27: google.api.MethodSettings.LongRunning.total_poll_timeout:type_name -> google.protobuf.Duration
+	20, // 28: google.api.method_signature:extendee -> google.protobuf.MethodOptions
+	21, // 29: google.api.default_host:extendee -> google.protobuf.ServiceOptions
+	21, // 30: google.api.oauth_scopes:extendee -> google.protobuf.ServiceOptions
+	31, // [31:31] is the sub-list for method output_type
+	31, // [31:31] is the sub-list for method input_type
+	31, // [31:31] is the sub-list for extension type_name
+	28, // [28:31] is the sub-list for extension extendee
+	0,  // [0:28] is the sub-list for field type_name
 }
 
 func init() { file_google_api_client_proto_init() }
@@ -1619,7 +1744,7 @@ func file_google_api_client_proto_init() {
 				return nil
 			}
 		}
-		file_google_api_client_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
+		file_google_api_client_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*MethodSettings_LongRunning); i {
 			case 0:
 				return &v.state
@@ -1638,7 +1763,7 @@ func file_google_api_client_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_google_api_client_proto_rawDesc,
 			NumEnums:      2,
-			NumMessages:   14,
+			NumMessages:   16,
 			NumExtensions: 3,
 			NumServices:   0,
 		},
diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/field_behavior.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/field_behavior.pb.go
index 164e0df0b..dbe2e2d0c 100644
--- a/vendor/google.golang.org/genproto/googleapis/api/annotations/field_behavior.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/field_behavior.pb.go
@@ -1,4 +1,4 @@
-// Copyright 2018 Google LLC
+// Copyright 2023 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -14,8 +14,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
-// 	protoc        v3.12.2
+// 	protoc-gen-go v1.26.0
+// 	protoc        v3.21.9
 // source: google/api/field_behavior.proto
 
 package annotations
@@ -149,13 +149,13 @@ var (
 	//
 	// Examples:
 	//
-	//   string name = 1 [(google.api.field_behavior) = REQUIRED];
-	//   State state = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
-	//   google.protobuf.Duration ttl = 1
-	//     [(google.api.field_behavior) = INPUT_ONLY];
-	//   google.protobuf.Timestamp expire_time = 1
-	//     [(google.api.field_behavior) = OUTPUT_ONLY,
-	//      (google.api.field_behavior) = IMMUTABLE];
+	//	string name = 1 [(google.api.field_behavior) = REQUIRED];
+	//	State state = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
+	//	google.protobuf.Duration ttl = 1
+	//	  [(google.api.field_behavior) = INPUT_ONLY];
+	//	google.protobuf.Timestamp expire_time = 1
+	//	  [(google.api.field_behavior) = OUTPUT_ONLY,
+	//	   (google.api.field_behavior) = IMMUTABLE];
 	//
 	// repeated google.api.FieldBehavior field_behavior = 1052;
 	E_FieldBehavior = &file_google_api_field_behavior_proto_extTypes[0]
diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/http.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/http.pb.go
index 6f11b7c50..8a0e1c345 100644
--- a/vendor/google.golang.org/genproto/googleapis/api/annotations/http.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/http.pb.go
@@ -1,4 +1,4 @@
-// Copyright 2015 Google LLC
+// Copyright 2023 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -15,7 +15,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v3.12.2
+// 	protoc        v3.21.9
 // source: google/api/http.proto
 
 package annotations
@@ -270,15 +270,18 @@ func (x *Http) GetFullyDecodeReservedExpansion() bool {
 //  1. Leaf request fields (recursive expansion nested messages in the request
 //     message) are classified into three categories:
 //     - Fields referred by the path template. They are passed via the URL path.
-//     - Fields referred by the [HttpRule.body][google.api.HttpRule.body]. They are passed via the HTTP
+//     - Fields referred by the [HttpRule.body][google.api.HttpRule.body]. They
+//     are passed via the HTTP
 //     request body.
 //     - All other fields are passed via the URL query parameters, and the
 //     parameter name is the field path in the request message. A repeated
 //     field can be represented as multiple query parameters under the same
 //     name.
-//  2. If [HttpRule.body][google.api.HttpRule.body] is "*", there is no URL query parameter, all fields
+//  2. If [HttpRule.body][google.api.HttpRule.body] is "*", there is no URL
+//     query parameter, all fields
 //     are passed via URL path and HTTP request body.
-//  3. If [HttpRule.body][google.api.HttpRule.body] is omitted, there is no HTTP request body, all
+//  3. If [HttpRule.body][google.api.HttpRule.body] is omitted, there is no HTTP
+//     request body, all
 //     fields are passed via URL path and URL query parameters.
 //
 // ### Path template syntax
@@ -377,13 +380,15 @@ type HttpRule struct {
 
 	// Selects a method to which this rule applies.
 	//
-	// Refer to [selector][google.api.DocumentationRule.selector] for syntax details.
+	// Refer to [selector][google.api.DocumentationRule.selector] for syntax
+	// details.
 	Selector string `protobuf:"bytes,1,opt,name=selector,proto3" json:"selector,omitempty"`
 	// Determines the URL pattern is matched by this rules. This pattern can be
 	// used with any of the {get|put|post|delete|patch} methods. A custom method
 	// can be defined using the 'custom' field.
 	//
 	// Types that are assignable to Pattern:
+	//
 	//	*HttpRule_Get
 	//	*HttpRule_Put
 	//	*HttpRule_Post
diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/resource.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/resource.pb.go
index 13ea54b29..bbcc12d29 100644
--- a/vendor/google.golang.org/genproto/googleapis/api/annotations/resource.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/resource.pb.go
@@ -1,4 +1,4 @@
-// Copyright 2018 Google LLC
+// Copyright 2023 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -15,7 +15,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v3.12.2
+// 	protoc        v3.21.9
 // source: google/api/resource.proto
 
 package annotations
@@ -218,14 +218,14 @@ type ResourceDescriptor struct {
 	// The path pattern must follow the syntax, which aligns with HTTP binding
 	// syntax:
 	//
-	//     Template = Segment { "/" Segment } ;
-	//     Segment = LITERAL | Variable ;
-	//     Variable = "{" LITERAL "}" ;
+	//	Template = Segment { "/" Segment } ;
+	//	Segment = LITERAL | Variable ;
+	//	Variable = "{" LITERAL "}" ;
 	//
 	// Examples:
 	//
-	//     - "projects/{project}/topics/{topic}"
-	//     - "projects/{project}/knowledgeBases/{knowledge_base}"
+	//   - "projects/{project}/topics/{topic}"
+	//   - "projects/{project}/knowledgeBases/{knowledge_base}"
 	//
 	// The components in braces correspond to the IDs for each resource in the
 	// hierarchy. It is expected that, if multiple patterns are provided,
@@ -239,17 +239,17 @@ type ResourceDescriptor struct {
 	//
 	// Example:
 	//
-	//     // The InspectTemplate message originally only supported resource
-	//     // names with organization, and project was added later.
-	//     message InspectTemplate {
-	//       option (google.api.resource) = {
-	//         type: "dlp.googleapis.com/InspectTemplate"
-	//         pattern:
-	//         "organizations/{organization}/inspectTemplates/{inspect_template}"
-	//         pattern: "projects/{project}/inspectTemplates/{inspect_template}"
-	//         history: ORIGINALLY_SINGLE_PATTERN
-	//       };
-	//     }
+	//	// The InspectTemplate message originally only supported resource
+	//	// names with organization, and project was added later.
+	//	message InspectTemplate {
+	//	  option (google.api.resource) = {
+	//	    type: "dlp.googleapis.com/InspectTemplate"
+	//	    pattern:
+	//	    "organizations/{organization}/inspectTemplates/{inspect_template}"
+	//	    pattern: "projects/{project}/inspectTemplates/{inspect_template}"
+	//	    history: ORIGINALLY_SINGLE_PATTERN
+	//	  };
+	//	}
 	History ResourceDescriptor_History `protobuf:"varint,4,opt,name=history,proto3,enum=google.api.ResourceDescriptor_History" json:"history,omitempty"`
 	// The plural name used in the resource name and permission names, such as
 	// 'projects' for the resource name of 'projects/{project}' and the permission
@@ -362,22 +362,22 @@ type ResourceReference struct {
 	//
 	// Example:
 	//
-	//     message Subscription {
-	//       string topic = 2 [(google.api.resource_reference) = {
-	//         type: "pubsub.googleapis.com/Topic"
-	//       }];
-	//     }
+	//	message Subscription {
+	//	  string topic = 2 [(google.api.resource_reference) = {
+	//	    type: "pubsub.googleapis.com/Topic"
+	//	  }];
+	//	}
 	//
 	// Occasionally, a field may reference an arbitrary resource. In this case,
 	// APIs use the special value * in their resource reference.
 	//
 	// Example:
 	//
-	//     message GetIamPolicyRequest {
-	//       string resource = 2 [(google.api.resource_reference) = {
-	//         type: "*"
-	//       }];
-	//     }
+	//	message GetIamPolicyRequest {
+	//	  string resource = 2 [(google.api.resource_reference) = {
+	//	    type: "*"
+	//	  }];
+	//	}
 	Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
 	// The resource type of a child collection that the annotated field
 	// references. This is useful for annotating the `parent` field that
@@ -385,11 +385,11 @@ type ResourceReference struct {
 	//
 	// Example:
 	//
-	//     message ListLogEntriesRequest {
-	//       string parent = 1 [(google.api.resource_reference) = {
-	//         child_type: "logging.googleapis.com/LogEntry"
-	//       };
-	//     }
+	//	message ListLogEntriesRequest {
+	//	  string parent = 1 [(google.api.resource_reference) = {
+	//	    child_type: "logging.googleapis.com/LogEntry"
+	//	  };
+	//	}
 	ChildType string `protobuf:"bytes,2,opt,name=child_type,json=childType,proto3" json:"child_type,omitempty"`
 }
 
diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/routing.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/routing.pb.go
index 6707a7b1c..9a9ae04c2 100644
--- a/vendor/google.golang.org/genproto/googleapis/api/annotations/routing.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/routing.pb.go
@@ -1,4 +1,4 @@
-// Copyright 2021 Google LLC
+// Copyright 2023 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -15,7 +15,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v3.12.2
+// 	protoc        v3.21.9
 // source: google/api/routing.proto
 
 package annotations
@@ -468,46 +468,46 @@ type RoutingParameter struct {
 	//
 	// Example:
 	//
-	//               -- This is a field in the request message
-	//              |   that the header value will be extracted from.
-	//              |
-	//              |                     -- This is the key name in the
-	//              |                    |   routing header.
-	//              V                    |
-	//     field: "table_name"           v
-	//     path_template: "projects/*/{table_location=instances/*}/tables/*"
-	//                                                ^            ^
-	//                                                |            |
-	//       In the {} brackets is the pattern that --             |
-	//       specifies what to extract from the                    |
-	//       field as a value to be sent.                          |
-	//                                                             |
-	//      The string in the field must match the whole pattern --
-	//      before brackets, inside brackets, after brackets.
+	//	          -- This is a field in the request message
+	//	         |   that the header value will be extracted from.
+	//	         |
+	//	         |                     -- This is the key name in the
+	//	         |                    |   routing header.
+	//	         V                    |
+	//	field: "table_name"           v
+	//	path_template: "projects/*/{table_location=instances/*}/tables/*"
+	//	                                           ^            ^
+	//	                                           |            |
+	//	  In the {} brackets is the pattern that --             |
+	//	  specifies what to extract from the                    |
+	//	  field as a value to be sent.                          |
+	//	                                                        |
+	//	 The string in the field must match the whole pattern --
+	//	 before brackets, inside brackets, after brackets.
 	//
 	// When looking at this specific example, we can see that:
-	// - A key-value pair with the key `table_location`
-	//   and the value matching `instances/*` should be added
-	//   to the x-goog-request-params routing header.
-	// - The value is extracted from the request message's `table_name` field
-	//   if it matches the full pattern specified:
-	//   `projects/*/instances/*/tables/*`.
+	//   - A key-value pair with the key `table_location`
+	//     and the value matching `instances/*` should be added
+	//     to the x-goog-request-params routing header.
+	//   - The value is extracted from the request message's `table_name` field
+	//     if it matches the full pattern specified:
+	//     `projects/*/instances/*/tables/*`.
 	//
 	// **NB:** If the `path_template` field is not provided, the key name is
 	// equal to the field name, and the whole field should be sent as a value.
 	// This makes the pattern for the field and the value functionally equivalent
 	// to `**`, and the configuration
 	//
-	//     {
-	//       field: "table_name"
-	//     }
+	//	{
+	//	  field: "table_name"
+	//	}
 	//
 	// is a functionally equivalent shorthand to:
 	//
-	//     {
-	//       field: "table_name"
-	//       path_template: "{table_name=**}"
-	//     }
+	//	{
+	//	  field: "table_name"
+	//	  path_template: "{table_name=**}"
+	//	}
 	//
 	// See Example 1 for more details.
 	PathTemplate string `protobuf:"bytes,2,opt,name=path_template,json=pathTemplate,proto3" json:"path_template,omitempty"`
diff --git a/vendor/google.golang.org/genproto/googleapis/api/launch_stage.pb.go b/vendor/google.golang.org/genproto/googleapis/api/launch_stage.pb.go
index 710753137..454948669 100644
--- a/vendor/google.golang.org/genproto/googleapis/api/launch_stage.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/api/launch_stage.pb.go
@@ -1,4 +1,4 @@
-// Copyright 2015 Google LLC
+// Copyright 2023 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -15,7 +15,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v3.18.1
+// 	protoc        v3.21.9
 // source: google/api/launch_stage.proto
 
 package api
diff --git a/vendor/google.golang.org/genproto/googleapis/api/tidyfix.go b/vendor/google.golang.org/genproto/googleapis/api/tidyfix.go
new file mode 100644
index 000000000..1d3f1b5b7
--- /dev/null
+++ b/vendor/google.golang.org/genproto/googleapis/api/tidyfix.go
@@ -0,0 +1,23 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// This file, and the {{.RootMod}} import, won't actually become part of
+// the resultant binary.
+//go:build modhack
+// +build modhack
+
+package api
+
+// Necessary for safely adding multi-module repo. See: https://github.com/golang/go/wiki/Modules#is-it-possible-to-add-a-module-to-a-multi-module-repository
+import _ "google.golang.org/genproto/internal"
diff --git a/vendor/google.golang.org/genproto/googleapis/iam/v1/alias.go b/vendor/google.golang.org/genproto/googleapis/iam/v1/alias.go
deleted file mode 100644
index 9fb745926..000000000
--- a/vendor/google.golang.org/genproto/googleapis/iam/v1/alias.go
+++ /dev/null
@@ -1,208 +0,0 @@
-// Copyright 2022 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Code generated by aliasgen. DO NOT EDIT.
-
-// Package iam aliases all exported identifiers in package
-// "cloud.google.com/go/iam/apiv1/iampb".
-//
-// Deprecated: Please use types in: cloud.google.com/go/iam/apiv1/iampb.
-// Please read https://github.com/googleapis/google-cloud-go/blob/main/migration.md
-// for more details.
-package iam
-
-import (
-	src "cloud.google.com/go/iam/apiv1/iampb"
-	grpc "google.golang.org/grpc"
-)
-
-// Deprecated: Please use consts in: cloud.google.com/go/iam/apiv1/iampb
-const (
-	AuditConfigDelta_ACTION_UNSPECIFIED = src.AuditConfigDelta_ACTION_UNSPECIFIED
-	AuditConfigDelta_ADD                = src.AuditConfigDelta_ADD
-	AuditConfigDelta_REMOVE             = src.AuditConfigDelta_REMOVE
-	AuditLogConfig_ADMIN_READ           = src.AuditLogConfig_ADMIN_READ
-	AuditLogConfig_DATA_READ            = src.AuditLogConfig_DATA_READ
-	AuditLogConfig_DATA_WRITE           = src.AuditLogConfig_DATA_WRITE
-	AuditLogConfig_LOG_TYPE_UNSPECIFIED = src.AuditLogConfig_LOG_TYPE_UNSPECIFIED
-	BindingDelta_ACTION_UNSPECIFIED     = src.BindingDelta_ACTION_UNSPECIFIED
-	BindingDelta_ADD                    = src.BindingDelta_ADD
-	BindingDelta_REMOVE                 = src.BindingDelta_REMOVE
-)
-
-// Deprecated: Please use vars in: cloud.google.com/go/iam/apiv1/iampb
-var (
-	AuditConfigDelta_Action_name        = src.AuditConfigDelta_Action_name
-	AuditConfigDelta_Action_value       = src.AuditConfigDelta_Action_value
-	AuditLogConfig_LogType_name         = src.AuditLogConfig_LogType_name
-	AuditLogConfig_LogType_value        = src.AuditLogConfig_LogType_value
-	BindingDelta_Action_name            = src.BindingDelta_Action_name
-	BindingDelta_Action_value           = src.BindingDelta_Action_value
-	File_google_iam_v1_iam_policy_proto = src.File_google_iam_v1_iam_policy_proto
-	File_google_iam_v1_options_proto    = src.File_google_iam_v1_options_proto
-	File_google_iam_v1_policy_proto     = src.File_google_iam_v1_policy_proto
-)
-
-// Specifies the audit configuration for a service. The configuration
-// determines which permission types are logged, and what identities, if any,
-// are exempted from logging. An AuditConfig must have one or more
-// AuditLogConfigs. If there are AuditConfigs for both `allServices` and a
-// specific service, the union of the two AuditConfigs is used for that
-// service: the log_types specified in each AuditConfig are enabled, and the
-// exempted_members in each AuditLogConfig are exempted. Example Policy with
-// multiple AuditConfigs: { "audit_configs": [ { "service": "allServices",
-// "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [
-// "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type":
-// "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com",
-// "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type":
-// "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For
-// sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
-// logging. It also exempts jose@example.com from DATA_READ logging, and
-// aliya@example.com from DATA_WRITE logging.
-//
-// Deprecated: Please use types in: cloud.google.com/go/iam/apiv1/iampb
-type AuditConfig = src.AuditConfig
-
-// One delta entry for AuditConfig. Each individual change (only one
-// exempted_member in each entry) to a AuditConfig will be a separate entry.
-//
-// Deprecated: Please use types in: cloud.google.com/go/iam/apiv1/iampb
-type AuditConfigDelta = src.AuditConfigDelta
-
-// The type of action performed on an audit configuration in a policy.
-//
-// Deprecated: Please use types in: cloud.google.com/go/iam/apiv1/iampb
-type AuditConfigDelta_Action = src.AuditConfigDelta_Action
-
-// Provides the configuration for logging a type of permissions. Example: {
-// "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [
-// "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables
-// 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from
-// DATA_READ logging.
-//
-// Deprecated: Please use types in: cloud.google.com/go/iam/apiv1/iampb
-type AuditLogConfig = src.AuditLogConfig
-
-// The list of valid permission types for which logging can be configured.
-// Admin writes are always logged, and are not configurable.
-//
-// Deprecated: Please use types in: cloud.google.com/go/iam/apiv1/iampb
-type AuditLogConfig_LogType = src.AuditLogConfig_LogType
-
-// Associates `members`, or principals, with a `role`.
-//
-// Deprecated: Please use types in: cloud.google.com/go/iam/apiv1/iampb
-type Binding = src.Binding
-
-// One delta entry for Binding. Each individual change (only one member in
-// each entry) to a binding will be a separate entry.
-//
-// Deprecated: Please use types in: cloud.google.com/go/iam/apiv1/iampb
-type BindingDelta = src.BindingDelta
-
-// The type of action performed on a Binding in a policy.
-//
-// Deprecated: Please use types in: cloud.google.com/go/iam/apiv1/iampb
-type BindingDelta_Action = src.BindingDelta_Action
-
-// Request message for `GetIamPolicy` method.
-//
-// Deprecated: Please use types in: cloud.google.com/go/iam/apiv1/iampb
-type GetIamPolicyRequest = src.GetIamPolicyRequest
-
-// Encapsulates settings provided to GetIamPolicy.
-//
-// Deprecated: Please use types in: cloud.google.com/go/iam/apiv1/iampb
-type GetPolicyOptions = src.GetPolicyOptions
-
-// IAMPolicyClient is the client API for IAMPolicy service. For semantics
-// around ctx use and closing/ending streaming RPCs, please refer to
-// https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
-//
-// Deprecated: Please use types in: cloud.google.com/go/iam/apiv1/iampb
-type IAMPolicyClient = src.IAMPolicyClient
-
-// IAMPolicyServer is the server API for IAMPolicy service.
-//
-// Deprecated: Please use types in: cloud.google.com/go/iam/apiv1/iampb
-type IAMPolicyServer = src.IAMPolicyServer
-
-// An Identity and Access Management (IAM) policy, which specifies access
-// controls for Google Cloud resources. A `Policy` is a collection of
-// `bindings`. A `binding` binds one or more `members`, or principals, to a
-// single `role`. Principals can be user accounts, service accounts, Google
-// groups, and domains (such as G Suite). A `role` is a named list of
-// permissions; each `role` can be an IAM predefined role or a user-created
-// custom role. For some types of Google Cloud resources, a `binding` can also
-// specify a `condition`, which is a logical expression that allows access to a
-// resource only if the expression evaluates to `true`. A condition can add
-// constraints based on attributes of the request, the resource, or both. To
-// learn which resources support conditions in their IAM policies, see the [IAM
-// documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
-// **JSON example:** { "bindings": [ { "role":
-// "roles/resourcemanager.organizationAdmin", "members": [
-// "user:mike@example.com", "group:admins@example.com", "domain:google.com",
-// "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role":
-// "roles/resourcemanager.organizationViewer", "members": [
-// "user:eve@example.com" ], "condition": { "title": "expirable access",
-// "description": "Does not grant access after Sep 2020", "expression":
-// "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag":
-// "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: -
-// user:mike@example.com - group:admins@example.com - domain:google.com -
-// serviceAccount:my-project-id@appspot.gserviceaccount.com role:
-// roles/resourcemanager.organizationAdmin - members: - user:eve@example.com
-// role: roles/resourcemanager.organizationViewer condition: title: expirable
-// access description: Does not grant access after Sep 2020 expression:
-// request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA=
-// version: 3 For a description of IAM and its features, see the [IAM
-// documentation](https://cloud.google.com/iam/docs/).
-//
-// Deprecated: Please use types in: cloud.google.com/go/iam/apiv1/iampb
-type Policy = src.Policy
-
-// The difference delta between two policies.
-//
-// Deprecated: Please use types in: cloud.google.com/go/iam/apiv1/iampb
-type PolicyDelta = src.PolicyDelta
-
-// Request message for `SetIamPolicy` method.
-//
-// Deprecated: Please use types in: cloud.google.com/go/iam/apiv1/iampb
-type SetIamPolicyRequest = src.SetIamPolicyRequest
-
-// Request message for `TestIamPermissions` method.
-//
-// Deprecated: Please use types in: cloud.google.com/go/iam/apiv1/iampb
-type TestIamPermissionsRequest = src.TestIamPermissionsRequest
-
-// Response message for `TestIamPermissions` method.
-//
-// Deprecated: Please use types in: cloud.google.com/go/iam/apiv1/iampb
-type TestIamPermissionsResponse = src.TestIamPermissionsResponse
-
-// UnimplementedIAMPolicyServer can be embedded to have forward compatible
-// implementations.
-//
-// Deprecated: Please use types in: cloud.google.com/go/iam/apiv1/iampb
-type UnimplementedIAMPolicyServer = src.UnimplementedIAMPolicyServer
-
-// Deprecated: Please use funcs in: cloud.google.com/go/iam/apiv1/iampb
-func NewIAMPolicyClient(cc grpc.ClientConnInterface) IAMPolicyClient {
-	return src.NewIAMPolicyClient(cc)
-}
-
-// Deprecated: Please use funcs in: cloud.google.com/go/iam/apiv1/iampb
-func RegisterIAMPolicyServer(s *grpc.Server, srv IAMPolicyServer) {
-	src.RegisterIAMPolicyServer(s, srv)
-}
diff --git a/vendor/google.golang.org/genproto/googleapis/rpc/LICENSE b/vendor/google.golang.org/genproto/googleapis/rpc/LICENSE
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/vendor/google.golang.org/genproto/googleapis/rpc/LICENSE
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/google.golang.org/genproto/internal/doc.go b/vendor/google.golang.org/genproto/internal/doc.go
new file mode 100644
index 000000000..90e89b4aa
--- /dev/null
+++ b/vendor/google.golang.org/genproto/internal/doc.go
@@ -0,0 +1,17 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// This file makes internal an importable go package
+// for use with backreferences from submodules.
+package internal
diff --git a/vendor/google.golang.org/grpc/CONTRIBUTING.md b/vendor/google.golang.org/grpc/CONTRIBUTING.md
index 52338d004..608aa6e1a 100644
--- a/vendor/google.golang.org/grpc/CONTRIBUTING.md
+++ b/vendor/google.golang.org/grpc/CONTRIBUTING.md
@@ -20,6 +20,15 @@ How to get your contributions merged smoothly and quickly.
   both author's & review's time is wasted. Create more PRs to address different
   concerns and everyone will be happy.
 
+- If you are searching for features to work on, issues labeled [Status: Help
+  Wanted](https://github.com/grpc/grpc-go/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc+label%3A%22Status%3A+Help+Wanted%22)
+  is a great place to start. These issues are well-documented and usually can be
+  resolved with a single pull request.
+
+- If you are adding a new file, make sure it has the copyright message template 
+  at the top as a comment. You can copy over the message from an existing file 
+  and update the year.
+
 - The grpc package should only depend on standard Go packages and a small number
   of exceptions. If your contribution introduces new dependencies which are NOT
   in the [list](https://godoc.org/google.golang.org/grpc?imports), you need a
@@ -32,14 +41,18 @@ How to get your contributions merged smoothly and quickly.
 - Provide a good **PR description** as a record of **what** change is being made
   and **why** it was made. Link to a github issue if it exists.
 
-- Don't fix code style and formatting unless you are already changing that line
-  to address an issue. PRs with irrelevant changes won't be merged. If you do
-  want to fix formatting or style, do that in a separate PR.
+- If you want to fix formatting or style, consider whether your changes are an 
+  obvious improvement or might be considered a personal preference. If a style 
+  change is based on preference, it likely will not be accepted. If it corrects 
+  widely agreed-upon anti-patterns, then please do create a PR and explain the 
+  benefits of the change.
 
 - Unless your PR is trivial, you should expect there will be reviewer comments
-  that you'll need to address before merging. We expect you to be reasonably
-  responsive to those comments, otherwise the PR will be closed after 2-3 weeks
-  of inactivity.
+  that you'll need to address before merging. We'll mark it as `Status: Requires
+  Reporter Clarification` if we expect you to respond to these comments in a
+  timely manner. If the PR remains inactive for 6 days, it will be marked as
+  `stale` and automatically close 7 days after that if we don't hear back from
+  you.
 
 - Maintain **clean commit history** and use **meaningful commit messages**. PRs
   with messy commit history are difficult to review and won't be merged. Use
diff --git a/vendor/google.golang.org/grpc/attributes/attributes.go b/vendor/google.golang.org/grpc/attributes/attributes.go
index 02f5dc531..3efca4591 100644
--- a/vendor/google.golang.org/grpc/attributes/attributes.go
+++ b/vendor/google.golang.org/grpc/attributes/attributes.go
@@ -25,6 +25,11 @@
 // later release.
 package attributes
 
+import (
+	"fmt"
+	"strings"
+)
+
 // Attributes is an immutable struct for storing and retrieving generic
 // key/value pairs.  Keys must be hashable, and users should define their own
 // types for keys.  Values should not be modified after they are added to an
@@ -99,3 +104,27 @@ func (a *Attributes) Equal(o *Attributes) bool {
 	}
 	return true
 }
+
+// String prints the attribute map. If any key or values throughout the map
+// implement fmt.Stringer, it calls that method and appends.
+func (a *Attributes) String() string {
+	var sb strings.Builder
+	sb.WriteString("{")
+	first := true
+	for k, v := range a.m {
+		var key, val string
+		if str, ok := k.(interface{ String() string }); ok {
+			key = str.String()
+		}
+		if str, ok := v.(interface{ String() string }); ok {
+			val = str.String()
+		}
+		if !first {
+			sb.WriteString(", ")
+		}
+		sb.WriteString(fmt.Sprintf("%q: %q, ", key, val))
+		first = false
+	}
+	sb.WriteString("}")
+	return sb.String()
+}
diff --git a/vendor/google.golang.org/grpc/balancer/balancer.go b/vendor/google.golang.org/grpc/balancer/balancer.go
index 09d61dd1b..8f00523c0 100644
--- a/vendor/google.golang.org/grpc/balancer/balancer.go
+++ b/vendor/google.golang.org/grpc/balancer/balancer.go
@@ -286,7 +286,7 @@ type PickResult struct {
 	//
 	// LB policies with child policies are responsible for propagating metadata
 	// injected by their children to the ClientConn, as part of Pick().
-	Metatada metadata.MD
+	Metadata metadata.MD
 }
 
 // TransientFailureError returns e.  It exists for backward compatibility and
diff --git a/vendor/google.golang.org/grpc/balancer/grpclb/grpc_lb_v1/load_balancer.pb.go b/vendor/google.golang.org/grpc/balancer/grpclb/grpc_lb_v1/load_balancer.pb.go
index 1205aff23..f070878bd 100644
--- a/vendor/google.golang.org/grpc/balancer/grpclb/grpc_lb_v1/load_balancer.pb.go
+++ b/vendor/google.golang.org/grpc/balancer/grpclb/grpc_lb_v1/load_balancer.pb.go
@@ -19,8 +19,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.28.1
-// 	protoc        v3.14.0
+// 	protoc-gen-go v1.30.0
+// 	protoc        v4.22.0
 // source: grpc/lb/v1/load_balancer.proto
 
 package grpc_lb_v1
diff --git a/vendor/google.golang.org/grpc/balancer/grpclb/grpc_lb_v1/load_balancer_grpc.pb.go b/vendor/google.golang.org/grpc/balancer/grpclb/grpc_lb_v1/load_balancer_grpc.pb.go
index cf1034830..00d0954b3 100644
--- a/vendor/google.golang.org/grpc/balancer/grpclb/grpc_lb_v1/load_balancer_grpc.pb.go
+++ b/vendor/google.golang.org/grpc/balancer/grpclb/grpc_lb_v1/load_balancer_grpc.pb.go
@@ -19,8 +19,8 @@
 
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
-// - protoc-gen-go-grpc v1.2.0
-// - protoc             v3.14.0
+// - protoc-gen-go-grpc v1.3.0
+// - protoc             v4.22.0
 // source: grpc/lb/v1/load_balancer.proto
 
 package grpc_lb_v1
@@ -37,6 +37,10 @@ import (
 // Requires gRPC-Go v1.32.0 or later.
 const _ = grpc.SupportPackageIsVersion7
 
+const (
+	LoadBalancer_BalanceLoad_FullMethodName = "/grpc.lb.v1.LoadBalancer/BalanceLoad"
+)
+
 // LoadBalancerClient is the client API for LoadBalancer service.
 //
 // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
@@ -54,7 +58,7 @@ func NewLoadBalancerClient(cc grpc.ClientConnInterface) LoadBalancerClient {
 }
 
 func (c *loadBalancerClient) BalanceLoad(ctx context.Context, opts ...grpc.CallOption) (LoadBalancer_BalanceLoadClient, error) {
-	stream, err := c.cc.NewStream(ctx, &LoadBalancer_ServiceDesc.Streams[0], "/grpc.lb.v1.LoadBalancer/BalanceLoad", opts...)
+	stream, err := c.cc.NewStream(ctx, &LoadBalancer_ServiceDesc.Streams[0], LoadBalancer_BalanceLoad_FullMethodName, opts...)
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/google.golang.org/grpc/balancer_conn_wrappers.go b/vendor/google.golang.org/grpc/balancer_conn_wrappers.go
index 0359956d3..04b9ad411 100644
--- a/vendor/google.golang.org/grpc/balancer_conn_wrappers.go
+++ b/vendor/google.golang.org/grpc/balancer_conn_wrappers.go
@@ -25,14 +25,20 @@ import (
 	"sync"
 
 	"google.golang.org/grpc/balancer"
-	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/connectivity"
 	"google.golang.org/grpc/internal/balancer/gracefulswitch"
-	"google.golang.org/grpc/internal/buffer"
 	"google.golang.org/grpc/internal/channelz"
 	"google.golang.org/grpc/internal/grpcsync"
 	"google.golang.org/grpc/resolver"
-	"google.golang.org/grpc/status"
+)
+
+type ccbMode int
+
+const (
+	ccbModeActive = iota
+	ccbModeIdle
+	ccbModeClosed
+	ccbModeExitingIdle
 )
 
 // ccBalancerWrapper sits between the ClientConn and the Balancer.
@@ -49,192 +55,101 @@ import (
 // It uses the gracefulswitch.Balancer internally to ensure that balancer
 // switches happen in a graceful manner.
 type ccBalancerWrapper struct {
-	cc *ClientConn
-
-	// Since these fields are accessed only from handleXxx() methods which are
-	// synchronized by the watcher goroutine, we do not need a mutex to protect
-	// these fields.
+	// The following fields are initialized when the wrapper is created and are
+	// read-only afterwards, and therefore can be accessed without a mutex.
+	cc   *ClientConn
+	opts balancer.BuildOptions
+
+	// Outgoing (gRPC --> balancer) calls are guaranteed to execute in a
+	// mutually exclusive manner as they are scheduled in the serializer. Fields
+	// accessed *only* in these serializer callbacks, can therefore be accessed
+	// without a mutex.
 	balancer        *gracefulswitch.Balancer
 	curBalancerName string
 
-	updateCh *buffer.Unbounded // Updates written on this channel are processed by watcher().
-	resultCh *buffer.Unbounded // Results of calls to UpdateClientConnState() are pushed here.
-	closed   *grpcsync.Event   // Indicates if close has been called.
-	done     *grpcsync.Event   // Indicates if close has completed its work.
+	// mu guards access to the below fields. Access to the serializer and its
+	// cancel function needs to be mutex protected because they are overwritten
+	// when the wrapper exits idle mode.
+	mu               sync.Mutex
+	serializer       *grpcsync.CallbackSerializer // To serialize all outoing calls.
+	serializerCancel context.CancelFunc           // To close the seralizer at close/enterIdle time.
+	mode             ccbMode                      // Tracks the current mode of the wrapper.
 }
 
 // newCCBalancerWrapper creates a new balancer wrapper. The underlying balancer
 // is not created until the switchTo() method is invoked.
 func newCCBalancerWrapper(cc *ClientConn, bopts balancer.BuildOptions) *ccBalancerWrapper {
+	ctx, cancel := context.WithCancel(context.Background())
 	ccb := &ccBalancerWrapper{
-		cc:       cc,
-		updateCh: buffer.NewUnbounded(),
-		resultCh: buffer.NewUnbounded(),
-		closed:   grpcsync.NewEvent(),
-		done:     grpcsync.NewEvent(),
+		cc:               cc,
+		opts:             bopts,
+		serializer:       grpcsync.NewCallbackSerializer(ctx),
+		serializerCancel: cancel,
 	}
-	go ccb.watcher()
 	ccb.balancer = gracefulswitch.NewBalancer(ccb, bopts)
 	return ccb
 }
 
-// The following xxxUpdate structs wrap the arguments received as part of the
-// corresponding update. The watcher goroutine uses the 'type' of the update to
-// invoke the appropriate handler routine to handle the update.
-
-type ccStateUpdate struct {
-	ccs *balancer.ClientConnState
-}
-
-type scStateUpdate struct {
-	sc    balancer.SubConn
-	state connectivity.State
-	err   error
-}
-
-type exitIdleUpdate struct{}
-
-type resolverErrorUpdate struct {
-	err error
-}
-
-type switchToUpdate struct {
-	name string
-}
-
-type subConnUpdate struct {
-	acbw *acBalancerWrapper
-}
-
-// watcher is a long-running goroutine which reads updates from a channel and
-// invokes corresponding methods on the underlying balancer. It ensures that
-// these methods are invoked in a synchronous fashion. It also ensures that
-// these methods are invoked in the order in which the updates were received.
-func (ccb *ccBalancerWrapper) watcher() {
-	for {
-		select {
-		case u := <-ccb.updateCh.Get():
-			ccb.updateCh.Load()
-			if ccb.closed.HasFired() {
-				break
-			}
-			switch update := u.(type) {
-			case *ccStateUpdate:
-				ccb.handleClientConnStateChange(update.ccs)
-			case *scStateUpdate:
-				ccb.handleSubConnStateChange(update)
-			case *exitIdleUpdate:
-				ccb.handleExitIdle()
-			case *resolverErrorUpdate:
-				ccb.handleResolverError(update.err)
-			case *switchToUpdate:
-				ccb.handleSwitchTo(update.name)
-			case *subConnUpdate:
-				ccb.handleRemoveSubConn(update.acbw)
-			default:
-				logger.Errorf("ccBalancerWrapper.watcher: unknown update %+v, type %T", update, update)
-			}
-		case <-ccb.closed.Done():
-		}
-
-		if ccb.closed.HasFired() {
-			ccb.handleClose()
-			return
-		}
-	}
-}
-
 // updateClientConnState is invoked by grpc to push a ClientConnState update to
 // the underlying balancer.
-//
-// Unlike other methods invoked by grpc to push updates to the underlying
-// balancer, this method cannot simply push the update onto the update channel
-// and return. It needs to return the error returned by the underlying balancer
-// back to grpc which propagates that to the resolver.
 func (ccb *ccBalancerWrapper) updateClientConnState(ccs *balancer.ClientConnState) error {
-	ccb.updateCh.Put(&ccStateUpdate{ccs: ccs})
-
-	var res interface{}
-	select {
-	case res = <-ccb.resultCh.Get():
-		ccb.resultCh.Load()
-	case <-ccb.closed.Done():
-		// Return early if the balancer wrapper is closed while we are waiting for
-		// the underlying balancer to process a ClientConnState update.
-		return nil
-	}
-	// If the returned error is nil, attempting to type assert to error leads to
-	// panic. So, this needs to handled separately.
-	if res == nil {
-		return nil
-	}
-	return res.(error)
-}
-
-// handleClientConnStateChange handles a ClientConnState update from the update
-// channel and invokes the appropriate method on the underlying balancer.
-//
-// If the addresses specified in the update contain addresses of type "grpclb"
-// and the selected LB policy is not "grpclb", these addresses will be filtered
-// out and ccs will be modified with the updated address list.
-func (ccb *ccBalancerWrapper) handleClientConnStateChange(ccs *balancer.ClientConnState) {
-	if ccb.curBalancerName != grpclbName {
-		// Filter any grpclb addresses since we don't have the grpclb balancer.
-		var addrs []resolver.Address
-		for _, addr := range ccs.ResolverState.Addresses {
-			if addr.Type == resolver.GRPCLB {
-				continue
+	ccb.mu.Lock()
+	errCh := make(chan error, 1)
+	// Here and everywhere else where Schedule() is called, it is done with the
+	// lock held. But the lock guards only the scheduling part. The actual
+	// callback is called asynchronously without the lock being held.
+	ok := ccb.serializer.Schedule(func(_ context.Context) {
+		// If the addresses specified in the update contain addresses of type
+		// "grpclb" and the selected LB policy is not "grpclb", these addresses
+		// will be filtered out and ccs will be modified with the updated
+		// address list.
+		if ccb.curBalancerName != grpclbName {
+			var addrs []resolver.Address
+			for _, addr := range ccs.ResolverState.Addresses {
+				if addr.Type == resolver.GRPCLB {
+					continue
+				}
+				addrs = append(addrs, addr)
 			}
-			addrs = append(addrs, addr)
+			ccs.ResolverState.Addresses = addrs
 		}
-		ccs.ResolverState.Addresses = addrs
+		errCh <- ccb.balancer.UpdateClientConnState(*ccs)
+	})
+	if !ok {
+		// If we are unable to schedule a function with the serializer, it
+		// indicates that it has been closed. A serializer is only closed when
+		// the wrapper is closed or is in idle.
+		ccb.mu.Unlock()
+		return fmt.Errorf("grpc: cannot send state update to a closed or idle balancer")
 	}
-	ccb.resultCh.Put(ccb.balancer.UpdateClientConnState(*ccs))
+	ccb.mu.Unlock()
+
+	// We get here only if the above call to Schedule succeeds, in which case it
+	// is guaranteed that the scheduled function will run. Therefore it is safe
+	// to block on this channel.
+	err := <-errCh
+	if logger.V(2) && err != nil {
+		logger.Infof("error from balancer.UpdateClientConnState: %v", err)
+	}
+	return err
 }
 
 // updateSubConnState is invoked by grpc to push a subConn state update to the
 // underlying balancer.
 func (ccb *ccBalancerWrapper) updateSubConnState(sc balancer.SubConn, s connectivity.State, err error) {
-	// When updating addresses for a SubConn, if the address in use is not in
-	// the new addresses, the old ac will be tearDown() and a new ac will be
-	// created. tearDown() generates a state change with Shutdown state, we
-	// don't want the balancer to receive this state change. So before
-	// tearDown() on the old ac, ac.acbw (acWrapper) will be set to nil, and
-	// this function will be called with (nil, Shutdown). We don't need to call
-	// balancer method in this case.
-	if sc == nil {
-		return
-	}
-	ccb.updateCh.Put(&scStateUpdate{
-		sc:    sc,
-		state: s,
-		err:   err,
+	ccb.mu.Lock()
+	ccb.serializer.Schedule(func(_ context.Context) {
+		ccb.balancer.UpdateSubConnState(sc, balancer.SubConnState{ConnectivityState: s, ConnectionError: err})
 	})
-}
-
-// handleSubConnStateChange handles a SubConnState update from the update
-// channel and invokes the appropriate method on the underlying balancer.
-func (ccb *ccBalancerWrapper) handleSubConnStateChange(update *scStateUpdate) {
-	ccb.balancer.UpdateSubConnState(update.sc, balancer.SubConnState{ConnectivityState: update.state, ConnectionError: update.err})
-}
-
-func (ccb *ccBalancerWrapper) exitIdle() {
-	ccb.updateCh.Put(&exitIdleUpdate{})
-}
-
-func (ccb *ccBalancerWrapper) handleExitIdle() {
-	if ccb.cc.GetState() != connectivity.Idle {
-		return
-	}
-	ccb.balancer.ExitIdle()
+	ccb.mu.Unlock()
 }
 
 func (ccb *ccBalancerWrapper) resolverError(err error) {
-	ccb.updateCh.Put(&resolverErrorUpdate{err: err})
-}
-
-func (ccb *ccBalancerWrapper) handleResolverError(err error) {
-	ccb.balancer.ResolverError(err)
+	ccb.mu.Lock()
+	ccb.serializer.Schedule(func(_ context.Context) {
+		ccb.balancer.ResolverError(err)
+	})
+	ccb.mu.Unlock()
 }
 
 // switchTo is invoked by grpc to instruct the balancer wrapper to switch to the
@@ -248,24 +163,27 @@ func (ccb *ccBalancerWrapper) handleResolverError(err error) {
 // the ccBalancerWrapper keeps track of the current LB policy name, and skips
 // the graceful balancer switching process if the name does not change.
 func (ccb *ccBalancerWrapper) switchTo(name string) {
-	ccb.updateCh.Put(&switchToUpdate{name: name})
+	ccb.mu.Lock()
+	ccb.serializer.Schedule(func(_ context.Context) {
+		// TODO: Other languages use case-sensitive balancer registries. We should
+		// switch as well. See: https://github.com/grpc/grpc-go/issues/5288.
+		if strings.EqualFold(ccb.curBalancerName, name) {
+			return
+		}
+		ccb.buildLoadBalancingPolicy(name)
+	})
+	ccb.mu.Unlock()
 }
 
-// handleSwitchTo handles a balancer switch update from the update channel. It
-// calls the SwitchTo() method on the gracefulswitch.Balancer with a
-// balancer.Builder corresponding to name. If no balancer.Builder is registered
-// for the given name, it uses the default LB policy which is "pick_first".
-func (ccb *ccBalancerWrapper) handleSwitchTo(name string) {
-	// TODO: Other languages use case-insensitive balancer registries. We should
-	// switch as well. See: https://github.com/grpc/grpc-go/issues/5288.
-	if strings.EqualFold(ccb.curBalancerName, name) {
-		return
-	}
-
-	// TODO: Ensure that name is a registered LB policy when we get here.
-	// We currently only validate the `loadBalancingConfig` field. We need to do
-	// the same for the `loadBalancingPolicy` field and reject the service config
-	// if the specified policy is not registered.
+// buildLoadBalancingPolicy performs the following:
+//   - retrieve a balancer builder for the given name. Use the default LB
+//     policy, pick_first, if no LB policy with name is found in the registry.
+//   - instruct the gracefulswitch balancer to switch to the above builder. This
+//     will actually build the new balancer.
+//   - update the `curBalancerName` field
+//
+// Must be called from a serializer callback.
+func (ccb *ccBalancerWrapper) buildLoadBalancingPolicy(name string) {
 	builder := balancer.Get(name)
 	if builder == nil {
 		channelz.Warningf(logger, ccb.cc.channelzID, "Channel switches to new LB policy %q, since the specified LB policy %q was not registered", PickFirstBalancerName, name)
@@ -281,26 +199,114 @@ func (ccb *ccBalancerWrapper) handleSwitchTo(name string) {
 	ccb.curBalancerName = builder.Name()
 }
 
-// handleRemoveSucConn handles a request from the underlying balancer to remove
-// a subConn.
-//
-// See comments in RemoveSubConn() for more details.
-func (ccb *ccBalancerWrapper) handleRemoveSubConn(acbw *acBalancerWrapper) {
-	ccb.cc.removeAddrConn(acbw.getAddrConn(), errConnDrain)
+func (ccb *ccBalancerWrapper) close() {
+	channelz.Info(logger, ccb.cc.channelzID, "ccBalancerWrapper: closing")
+	ccb.closeBalancer(ccbModeClosed)
 }
 
-func (ccb *ccBalancerWrapper) close() {
-	ccb.closed.Fire()
-	<-ccb.done.Done()
+// enterIdleMode is invoked by grpc when the channel enters idle mode upon
+// expiry of idle_timeout. This call blocks until the balancer is closed.
+func (ccb *ccBalancerWrapper) enterIdleMode() {
+	channelz.Info(logger, ccb.cc.channelzID, "ccBalancerWrapper: entering idle mode")
+	ccb.closeBalancer(ccbModeIdle)
+}
+
+// closeBalancer is invoked when the channel is being closed or when it enters
+// idle mode upon expiry of idle_timeout.
+func (ccb *ccBalancerWrapper) closeBalancer(m ccbMode) {
+	ccb.mu.Lock()
+	if ccb.mode == ccbModeClosed || ccb.mode == ccbModeIdle {
+		ccb.mu.Unlock()
+		return
+	}
+
+	ccb.mode = m
+	done := ccb.serializer.Done
+	b := ccb.balancer
+	ok := ccb.serializer.Schedule(func(_ context.Context) {
+		// Close the serializer to ensure that no more calls from gRPC are sent
+		// to the balancer.
+		ccb.serializerCancel()
+		// Empty the current balancer name because we don't have a balancer
+		// anymore and also so that we act on the next call to switchTo by
+		// creating a new balancer specified by the new resolver.
+		ccb.curBalancerName = ""
+	})
+	if !ok {
+		ccb.mu.Unlock()
+		return
+	}
+	ccb.mu.Unlock()
+
+	// Give enqueued callbacks a chance to finish.
+	<-done
+	// Spawn a goroutine to close the balancer (since it may block trying to
+	// cleanup all allocated resources) and return early.
+	go b.Close()
 }
 
-func (ccb *ccBalancerWrapper) handleClose() {
-	ccb.balancer.Close()
-	ccb.done.Fire()
+// exitIdleMode is invoked by grpc when the channel exits idle mode either
+// because of an RPC or because of an invocation of the Connect() API. This
+// recreates the balancer that was closed previously when entering idle mode.
+//
+// If the channel is not in idle mode, we know for a fact that we are here as a
+// result of the user calling the Connect() method on the ClientConn. In this
+// case, we can simply forward the call to the underlying balancer, instructing
+// it to reconnect to the backends.
+func (ccb *ccBalancerWrapper) exitIdleMode() {
+	ccb.mu.Lock()
+	if ccb.mode == ccbModeClosed {
+		// Request to exit idle is a no-op when wrapper is already closed.
+		ccb.mu.Unlock()
+		return
+	}
+
+	if ccb.mode == ccbModeIdle {
+		// Recreate the serializer which was closed when we entered idle.
+		ctx, cancel := context.WithCancel(context.Background())
+		ccb.serializer = grpcsync.NewCallbackSerializer(ctx)
+		ccb.serializerCancel = cancel
+	}
+
+	// The ClientConn guarantees that mutual exclusion between close() and
+	// exitIdleMode(), and since we just created a new serializer, we can be
+	// sure that the below function will be scheduled.
+	done := make(chan struct{})
+	ccb.serializer.Schedule(func(_ context.Context) {
+		defer close(done)
+
+		ccb.mu.Lock()
+		defer ccb.mu.Unlock()
+
+		if ccb.mode != ccbModeIdle {
+			ccb.balancer.ExitIdle()
+			return
+		}
+
+		// Gracefulswitch balancer does not support a switchTo operation after
+		// being closed. Hence we need to create a new one here.
+		ccb.balancer = gracefulswitch.NewBalancer(ccb, ccb.opts)
+		ccb.mode = ccbModeActive
+		channelz.Info(logger, ccb.cc.channelzID, "ccBalancerWrapper: exiting idle mode")
+
+	})
+	ccb.mu.Unlock()
+
+	<-done
+}
+
+func (ccb *ccBalancerWrapper) isIdleOrClosed() bool {
+	ccb.mu.Lock()
+	defer ccb.mu.Unlock()
+	return ccb.mode == ccbModeIdle || ccb.mode == ccbModeClosed
 }
 
 func (ccb *ccBalancerWrapper) NewSubConn(addrs []resolver.Address, opts balancer.NewSubConnOptions) (balancer.SubConn, error) {
-	if len(addrs) <= 0 {
+	if ccb.isIdleOrClosed() {
+		return nil, fmt.Errorf("grpc: cannot create SubConn when balancer is closed or idle")
+	}
+
+	if len(addrs) == 0 {
 		return nil, fmt.Errorf("grpc: cannot create SubConn with empty address list")
 	}
 	ac, err := ccb.cc.newAddrConn(addrs, opts)
@@ -309,31 +315,35 @@ func (ccb *ccBalancerWrapper) NewSubConn(addrs []resolver.Address, opts balancer
 		return nil, err
 	}
 	acbw := &acBalancerWrapper{ac: ac, producers: make(map[balancer.ProducerBuilder]*refCountedProducer)}
-	acbw.ac.mu.Lock()
 	ac.acbw = acbw
-	acbw.ac.mu.Unlock()
 	return acbw, nil
 }
 
 func (ccb *ccBalancerWrapper) RemoveSubConn(sc balancer.SubConn) {
-	// Before we switched the ccBalancerWrapper to use gracefulswitch.Balancer, it
-	// was required to handle the RemoveSubConn() method asynchronously by pushing
-	// the update onto the update channel. This was done to avoid a deadlock as
-	// switchBalancer() was holding cc.mu when calling Close() on the old
-	// balancer, which would in turn call RemoveSubConn().
-	//
-	// With the use of gracefulswitch.Balancer in ccBalancerWrapper, handling this
-	// asynchronously is probably not required anymore since the switchTo() method
-	// handles the balancer switch by pushing the update onto the channel.
-	// TODO(easwars): Handle this inline.
+	if ccb.isIdleOrClosed() {
+		// It it safe to ignore this call when the balancer is closed or in idle
+		// because the ClientConn takes care of closing the connections.
+		//
+		// Not returning early from here when the balancer is closed or in idle
+		// leads to a deadlock though, because of the following sequence of
+		// calls when holding cc.mu:
+		// cc.exitIdleMode --> ccb.enterIdleMode --> gsw.Close -->
+		// ccb.RemoveAddrConn --> cc.removeAddrConn
+		return
+	}
+
 	acbw, ok := sc.(*acBalancerWrapper)
 	if !ok {
 		return
 	}
-	ccb.updateCh.Put(&subConnUpdate{acbw: acbw})
+	ccb.cc.removeAddrConn(acbw.ac, errConnDrain)
 }
 
 func (ccb *ccBalancerWrapper) UpdateAddresses(sc balancer.SubConn, addrs []resolver.Address) {
+	if ccb.isIdleOrClosed() {
+		return
+	}
+
 	acbw, ok := sc.(*acBalancerWrapper)
 	if !ok {
 		return
@@ -342,6 +352,10 @@ func (ccb *ccBalancerWrapper) UpdateAddresses(sc balancer.SubConn, addrs []resol
 }
 
 func (ccb *ccBalancerWrapper) UpdateState(s balancer.State) {
+	if ccb.isIdleOrClosed() {
+		return
+	}
+
 	// Update picker before updating state.  Even though the ordering here does
 	// not matter, it can lead to multiple calls of Pick in the common start-up
 	// case where we wait for ready and then perform an RPC.  If the picker is
@@ -352,6 +366,10 @@ func (ccb *ccBalancerWrapper) UpdateState(s balancer.State) {
 }
 
 func (ccb *ccBalancerWrapper) ResolveNow(o resolver.ResolveNowOptions) {
+	if ccb.isIdleOrClosed() {
+		return
+	}
+
 	ccb.cc.resolveNow(o)
 }
 
@@ -362,71 +380,31 @@ func (ccb *ccBalancerWrapper) Target() string {
 // acBalancerWrapper is a wrapper on top of ac for balancers.
 // It implements balancer.SubConn interface.
 type acBalancerWrapper struct {
+	ac *addrConn // read-only
+
 	mu        sync.Mutex
-	ac        *addrConn
 	producers map[balancer.ProducerBuilder]*refCountedProducer
 }
 
-func (acbw *acBalancerWrapper) UpdateAddresses(addrs []resolver.Address) {
-	acbw.mu.Lock()
-	defer acbw.mu.Unlock()
-	if len(addrs) <= 0 {
-		acbw.ac.cc.removeAddrConn(acbw.ac, errConnDrain)
-		return
-	}
-	if !acbw.ac.tryUpdateAddrs(addrs) {
-		cc := acbw.ac.cc
-		opts := acbw.ac.scopts
-		acbw.ac.mu.Lock()
-		// Set old ac.acbw to nil so the Shutdown state update will be ignored
-		// by balancer.
-		//
-		// TODO(bar) the state transition could be wrong when tearDown() old ac
-		// and creating new ac, fix the transition.
-		acbw.ac.acbw = nil
-		acbw.ac.mu.Unlock()
-		acState := acbw.ac.getState()
-		acbw.ac.cc.removeAddrConn(acbw.ac, errConnDrain)
-
-		if acState == connectivity.Shutdown {
-			return
-		}
+func (acbw *acBalancerWrapper) String() string {
+	return fmt.Sprintf("SubConn(id:%d)", acbw.ac.channelzID.Int())
+}
 
-		newAC, err := cc.newAddrConn(addrs, opts)
-		if err != nil {
-			channelz.Warningf(logger, acbw.ac.channelzID, "acBalancerWrapper: UpdateAddresses: failed to newAddrConn: %v", err)
-			return
-		}
-		acbw.ac = newAC
-		newAC.mu.Lock()
-		newAC.acbw = acbw
-		newAC.mu.Unlock()
-		if acState != connectivity.Idle {
-			go newAC.connect()
-		}
-	}
+func (acbw *acBalancerWrapper) UpdateAddresses(addrs []resolver.Address) {
+	acbw.ac.updateAddrs(addrs)
 }
 
 func (acbw *acBalancerWrapper) Connect() {
-	acbw.mu.Lock()
-	defer acbw.mu.Unlock()
 	go acbw.ac.connect()
 }
 
-func (acbw *acBalancerWrapper) getAddrConn() *addrConn {
-	acbw.mu.Lock()
-	defer acbw.mu.Unlock()
-	return acbw.ac
-}
-
-var errSubConnNotReady = status.Error(codes.Unavailable, "SubConn not currently connected")
-
 // NewStream begins a streaming RPC on the addrConn.  If the addrConn is not
-// ready, returns errSubConnNotReady.
+// ready, blocks until it is or ctx expires.  Returns an error when the context
+// expires or the addrConn is shut down.
 func (acbw *acBalancerWrapper) NewStream(ctx context.Context, desc *StreamDesc, method string, opts ...CallOption) (ClientStream, error) {
-	transport := acbw.ac.getReadyTransport()
-	if transport == nil {
-		return nil, errSubConnNotReady
+	transport, err := acbw.ac.getTransport(ctx)
+	if err != nil {
+		return nil, err
 	}
 	return newNonRetryClientStream(ctx, desc, method, transport, acbw.ac, opts...)
 }
diff --git a/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go b/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go
index 66d141fce..ec2c2fa14 100644
--- a/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go
+++ b/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go
@@ -18,8 +18,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.28.1
-// 	protoc        v3.14.0
+// 	protoc-gen-go v1.30.0
+// 	protoc        v4.22.0
 // source: grpc/binlog/v1/binarylog.proto
 
 package grpc_binarylog_v1
diff --git a/vendor/google.golang.org/grpc/call.go b/vendor/google.golang.org/grpc/call.go
index 9e20e4d38..e6a1dc5d7 100644
--- a/vendor/google.golang.org/grpc/call.go
+++ b/vendor/google.golang.org/grpc/call.go
@@ -27,6 +27,11 @@ import (
 //
 // All errors returned by Invoke are compatible with the status package.
 func (cc *ClientConn) Invoke(ctx context.Context, method string, args, reply interface{}, opts ...CallOption) error {
+	if err := cc.idlenessMgr.onCallBegin(); err != nil {
+		return err
+	}
+	defer cc.idlenessMgr.onCallEnd()
+
 	// allow interceptor to see all applicable call options, which means those
 	// configured as defaults from dial option as well as per-call options
 	opts = combine(cc.dopts.callOptions, opts)
diff --git a/vendor/google.golang.org/grpc/clientconn.go b/vendor/google.golang.org/grpc/clientconn.go
index d607d4e9e..95a7459b0 100644
--- a/vendor/google.golang.org/grpc/clientconn.go
+++ b/vendor/google.golang.org/grpc/clientconn.go
@@ -24,7 +24,6 @@ import (
 	"fmt"
 	"math"
 	"net/url"
-	"reflect"
 	"strings"
 	"sync"
 	"sync/atomic"
@@ -69,6 +68,9 @@ var (
 	errConnDrain = errors.New("grpc: the connection is drained")
 	// errConnClosing indicates that the connection is closing.
 	errConnClosing = errors.New("grpc: the connection is closing")
+	// errConnIdling indicates the the connection is being closed as the channel
+	// is moving to an idle mode due to inactivity.
+	errConnIdling = errors.New("grpc: the connection is closing due to channel idleness")
 	// invalidDefaultServiceConfigErrPrefix is used to prefix the json parsing error for the default
 	// service config.
 	invalidDefaultServiceConfigErrPrefix = "grpc: the provided default service config is invalid"
@@ -134,20 +136,42 @@ func (dcs *defaultConfigSelector) SelectConfig(rpcInfo iresolver.RPCInfo) (*ires
 // e.g. to use dns resolver, a "dns:///" prefix should be applied to the target.
 func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *ClientConn, err error) {
 	cc := &ClientConn{
-		target:            target,
-		csMgr:             &connectivityStateManager{},
-		conns:             make(map[*addrConn]struct{}),
-		dopts:             defaultDialOptions(),
-		blockingpicker:    newPickerWrapper(),
-		czData:            new(channelzData),
-		firstResolveEvent: grpcsync.NewEvent(),
-	}
+		target: target,
+		csMgr:  &connectivityStateManager{},
+		conns:  make(map[*addrConn]struct{}),
+		dopts:  defaultDialOptions(),
+		czData: new(channelzData),
+	}
+
+	// We start the channel off in idle mode, but kick it out of idle at the end
+	// of this method, instead of waiting for the first RPC. Other gRPC
+	// implementations do wait for the first RPC to kick the channel out of
+	// idle. But doing so would be a major behavior change for our users who are
+	// used to seeing the channel active after Dial.
+	//
+	// Taking this approach of kicking it out of idle at the end of this method
+	// allows us to share the code between channel creation and exiting idle
+	// mode. This will also make it easy for us to switch to starting the
+	// channel off in idle, if at all we ever get to do that.
+	cc.idlenessState = ccIdlenessStateIdle
+
 	cc.retryThrottler.Store((*retryThrottler)(nil))
 	cc.safeConfigSelector.UpdateConfigSelector(&defaultConfigSelector{nil})
 	cc.ctx, cc.cancel = context.WithCancel(context.Background())
+	cc.exitIdleCond = sync.NewCond(&cc.mu)
 
-	for _, opt := range extraDialOptions {
-		opt.apply(&cc.dopts)
+	disableGlobalOpts := false
+	for _, opt := range opts {
+		if _, ok := opt.(*disableGlobalDialOptions); ok {
+			disableGlobalOpts = true
+			break
+		}
+	}
+
+	if !disableGlobalOpts {
+		for _, opt := range globalDialOptions {
+			opt.apply(&cc.dopts)
+		}
 	}
 
 	for _, opt := range opts {
@@ -163,40 +187,11 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *
 		}
 	}()
 
-	pid := cc.dopts.channelzParentID
-	cc.channelzID = channelz.RegisterChannel(&channelzChannel{cc}, pid, target)
-	ted := &channelz.TraceEventDesc{
-		Desc:     "Channel created",
-		Severity: channelz.CtInfo,
-	}
-	if cc.dopts.channelzParentID != nil {
-		ted.Parent = &channelz.TraceEventDesc{
-			Desc:     fmt.Sprintf("Nested Channel(id:%d) created", cc.channelzID.Int()),
-			Severity: channelz.CtInfo,
-		}
-	}
-	channelz.AddTraceEvent(logger, cc.channelzID, 1, ted)
-	cc.csMgr.channelzID = cc.channelzID
+	// Register ClientConn with channelz.
+	cc.channelzRegistration(target)
 
-	if cc.dopts.copts.TransportCredentials == nil && cc.dopts.copts.CredsBundle == nil {
-		return nil, errNoTransportSecurity
-	}
-	if cc.dopts.copts.TransportCredentials != nil && cc.dopts.copts.CredsBundle != nil {
-		return nil, errTransportCredsAndBundle
-	}
-	if cc.dopts.copts.CredsBundle != nil && cc.dopts.copts.CredsBundle.TransportCredentials() == nil {
-		return nil, errNoTransportCredsInBundle
-	}
-	transportCreds := cc.dopts.copts.TransportCredentials
-	if transportCreds == nil {
-		transportCreds = cc.dopts.copts.CredsBundle.TransportCredentials()
-	}
-	if transportCreds.Info().SecurityProtocol == "insecure" {
-		for _, cd := range cc.dopts.copts.PerRPCCredentials {
-			if cd.RequireTransportSecurity() {
-				return nil, errTransportCredentialsMissing
-			}
-		}
+	if err := cc.validateTransportCredentials(); err != nil {
+		return nil, err
 	}
 
 	if cc.dopts.defaultServiceConfigRawJSON != nil {
@@ -234,35 +229,19 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *
 		}
 	}()
 
-	scSet := false
-	if cc.dopts.scChan != nil {
-		// Try to get an initial service config.
-		select {
-		case sc, ok := <-cc.dopts.scChan:
-			if ok {
-				cc.sc = &sc
-				cc.safeConfigSelector.UpdateConfigSelector(&defaultConfigSelector{&sc})
-				scSet = true
-			}
-		default:
-		}
-	}
 	if cc.dopts.bs == nil {
 		cc.dopts.bs = backoff.DefaultExponential
 	}
 
 	// Determine the resolver to use.
-	resolverBuilder, err := cc.parseTargetAndFindResolver()
-	if err != nil {
+	if err := cc.parseTargetAndFindResolver(); err != nil {
 		return nil, err
 	}
-	cc.authority, err = determineAuthority(cc.parsedTarget.Endpoint(), cc.target, cc.dopts)
-	if err != nil {
+	if err = cc.determineAuthority(); err != nil {
 		return nil, err
 	}
-	channelz.Infof(logger, cc.channelzID, "Channel authority set to %q", cc.authority)
 
-	if cc.dopts.scChan != nil && !scSet {
+	if cc.dopts.scChan != nil {
 		// Blocking wait for the initial service config.
 		select {
 		case sc, ok := <-cc.dopts.scChan:
@@ -278,57 +257,224 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *
 		go cc.scWatcher()
 	}
 
+	// This creates the name resolver, load balancer, blocking picker etc.
+	if err := cc.exitIdleMode(); err != nil {
+		return nil, err
+	}
+
+	// Configure idleness support with configured idle timeout or default idle
+	// timeout duration. Idleness can be explicitly disabled by the user, by
+	// setting the dial option to 0.
+	cc.idlenessMgr = newIdlenessManager(cc, cc.dopts.idleTimeout)
+
+	// Return early for non-blocking dials.
+	if !cc.dopts.block {
+		return cc, nil
+	}
+
+	// A blocking dial blocks until the clientConn is ready.
+	for {
+		s := cc.GetState()
+		if s == connectivity.Idle {
+			cc.Connect()
+		}
+		if s == connectivity.Ready {
+			return cc, nil
+		} else if cc.dopts.copts.FailOnNonTempDialError && s == connectivity.TransientFailure {
+			if err = cc.connectionError(); err != nil {
+				terr, ok := err.(interface {
+					Temporary() bool
+				})
+				if ok && !terr.Temporary() {
+					return nil, err
+				}
+			}
+		}
+		if !cc.WaitForStateChange(ctx, s) {
+			// ctx got timeout or canceled.
+			if err = cc.connectionError(); err != nil && cc.dopts.returnLastError {
+				return nil, err
+			}
+			return nil, ctx.Err()
+		}
+	}
+}
+
+// addTraceEvent is a helper method to add a trace event on the channel. If the
+// channel is a nested one, the same event is also added on the parent channel.
+func (cc *ClientConn) addTraceEvent(msg string) {
+	ted := &channelz.TraceEventDesc{
+		Desc:     fmt.Sprintf("Channel %s", msg),
+		Severity: channelz.CtInfo,
+	}
+	if cc.dopts.channelzParentID != nil {
+		ted.Parent = &channelz.TraceEventDesc{
+			Desc:     fmt.Sprintf("Nested channel(id:%d) %s", cc.channelzID.Int(), msg),
+			Severity: channelz.CtInfo,
+		}
+	}
+	channelz.AddTraceEvent(logger, cc.channelzID, 0, ted)
+}
+
+// exitIdleMode moves the channel out of idle mode by recreating the name
+// resolver and load balancer.
+func (cc *ClientConn) exitIdleMode() error {
+	cc.mu.Lock()
+	if cc.conns == nil {
+		cc.mu.Unlock()
+		return errConnClosing
+	}
+	if cc.idlenessState != ccIdlenessStateIdle {
+		cc.mu.Unlock()
+		logger.Info("ClientConn asked to exit idle mode when not in idle mode")
+		return nil
+	}
+
+	defer func() {
+		// When Close() and exitIdleMode() race against each other, one of the
+		// following two can happen:
+		// - Close() wins the race and runs first. exitIdleMode() runs after, and
+		//   sees that the ClientConn is already closed and hence returns early.
+		// - exitIdleMode() wins the race and runs first and recreates the balancer
+		//   and releases the lock before recreating the resolver. If Close() runs
+		//   in this window, it will wait for exitIdleMode to complete.
+		//
+		// We achieve this synchronization using the below condition variable.
+		cc.mu.Lock()
+		cc.idlenessState = ccIdlenessStateActive
+		cc.exitIdleCond.Signal()
+		cc.mu.Unlock()
+	}()
+
+	cc.idlenessState = ccIdlenessStateExitingIdle
+	exitedIdle := false
+	if cc.blockingpicker == nil {
+		cc.blockingpicker = newPickerWrapper()
+	} else {
+		cc.blockingpicker.exitIdleMode()
+		exitedIdle = true
+	}
+
 	var credsClone credentials.TransportCredentials
 	if creds := cc.dopts.copts.TransportCredentials; creds != nil {
 		credsClone = creds.Clone()
 	}
-	cc.balancerWrapper = newCCBalancerWrapper(cc, balancer.BuildOptions{
-		DialCreds:        credsClone,
-		CredsBundle:      cc.dopts.copts.CredsBundle,
-		Dialer:           cc.dopts.copts.Dialer,
-		Authority:        cc.authority,
-		CustomUserAgent:  cc.dopts.copts.UserAgent,
-		ChannelzParentID: cc.channelzID,
-		Target:           cc.parsedTarget,
-	})
+	if cc.balancerWrapper == nil {
+		cc.balancerWrapper = newCCBalancerWrapper(cc, balancer.BuildOptions{
+			DialCreds:        credsClone,
+			CredsBundle:      cc.dopts.copts.CredsBundle,
+			Dialer:           cc.dopts.copts.Dialer,
+			Authority:        cc.authority,
+			CustomUserAgent:  cc.dopts.copts.UserAgent,
+			ChannelzParentID: cc.channelzID,
+			Target:           cc.parsedTarget,
+		})
+	} else {
+		cc.balancerWrapper.exitIdleMode()
+	}
+	cc.firstResolveEvent = grpcsync.NewEvent()
+	cc.mu.Unlock()
 
-	// Build the resolver.
-	rWrapper, err := newCCResolverWrapper(cc, resolverBuilder)
-	if err != nil {
-		return nil, fmt.Errorf("failed to build resolver: %v", err)
+	// This needs to be called without cc.mu because this builds a new resolver
+	// which might update state or report error inline which needs to be handled
+	// by cc.updateResolverState() which also grabs cc.mu.
+	if err := cc.initResolverWrapper(credsClone); err != nil {
+		return err
 	}
+
+	if exitedIdle {
+		cc.addTraceEvent("exiting idle mode")
+	}
+	return nil
+}
+
+// enterIdleMode puts the channel in idle mode, and as part of it shuts down the
+// name resolver, load balancer and any subchannels.
+func (cc *ClientConn) enterIdleMode() error {
 	cc.mu.Lock()
-	cc.resolverWrapper = rWrapper
+	if cc.conns == nil {
+		cc.mu.Unlock()
+		return ErrClientConnClosing
+	}
+	if cc.idlenessState != ccIdlenessStateActive {
+		logger.Error("ClientConn asked to enter idle mode when not active")
+		return nil
+	}
+
+	// cc.conns == nil is a proxy for the ClientConn being closed. So, instead
+	// of setting it to nil here, we recreate the map. This also means that we
+	// don't have to do this when exiting idle mode.
+	conns := cc.conns
+	cc.conns = make(map[*addrConn]struct{})
+
+	// TODO: Currently, we close the resolver wrapper upon entering idle mode
+	// and create a new one upon exiting idle mode. This means that the
+	// `cc.resolverWrapper` field would be overwritten everytime we exit idle
+	// mode. While this means that we need to hold `cc.mu` when accessing
+	// `cc.resolverWrapper`, it makes the code simpler in the wrapper. We should
+	// try to do the same for the balancer and picker wrappers too.
+	cc.resolverWrapper.close()
+	cc.blockingpicker.enterIdleMode()
+	cc.balancerWrapper.enterIdleMode()
+	cc.csMgr.updateState(connectivity.Idle)
+	cc.idlenessState = ccIdlenessStateIdle
 	cc.mu.Unlock()
 
-	// A blocking dial blocks until the clientConn is ready.
-	if cc.dopts.block {
-		for {
-			cc.Connect()
-			s := cc.GetState()
-			if s == connectivity.Ready {
-				break
-			} else if cc.dopts.copts.FailOnNonTempDialError && s == connectivity.TransientFailure {
-				if err = cc.connectionError(); err != nil {
-					terr, ok := err.(interface {
-						Temporary() bool
-					})
-					if ok && !terr.Temporary() {
-						return nil, err
-					}
-				}
-			}
-			if !cc.WaitForStateChange(ctx, s) {
-				// ctx got timeout or canceled.
-				if err = cc.connectionError(); err != nil && cc.dopts.returnLastError {
-					return nil, err
-				}
-				return nil, ctx.Err()
+	go func() {
+		cc.addTraceEvent("entering idle mode")
+		for ac := range conns {
+			ac.tearDown(errConnIdling)
+		}
+	}()
+	return nil
+}
+
+// validateTransportCredentials performs a series of checks on the configured
+// transport credentials. It returns a non-nil error if any of these conditions
+// are met:
+//   - no transport creds and no creds bundle is configured
+//   - both transport creds and creds bundle are configured
+//   - creds bundle is configured, but it lacks a transport credentials
+//   - insecure transport creds configured alongside call creds that require
+//     transport level security
+//
+// If none of the above conditions are met, the configured credentials are
+// deemed valid and a nil error is returned.
+func (cc *ClientConn) validateTransportCredentials() error {
+	if cc.dopts.copts.TransportCredentials == nil && cc.dopts.copts.CredsBundle == nil {
+		return errNoTransportSecurity
+	}
+	if cc.dopts.copts.TransportCredentials != nil && cc.dopts.copts.CredsBundle != nil {
+		return errTransportCredsAndBundle
+	}
+	if cc.dopts.copts.CredsBundle != nil && cc.dopts.copts.CredsBundle.TransportCredentials() == nil {
+		return errNoTransportCredsInBundle
+	}
+	transportCreds := cc.dopts.copts.TransportCredentials
+	if transportCreds == nil {
+		transportCreds = cc.dopts.copts.CredsBundle.TransportCredentials()
+	}
+	if transportCreds.Info().SecurityProtocol == "insecure" {
+		for _, cd := range cc.dopts.copts.PerRPCCredentials {
+			if cd.RequireTransportSecurity() {
+				return errTransportCredentialsMissing
 			}
 		}
 	}
+	return nil
+}
 
-	return cc, nil
+// channelzRegistration registers the newly created ClientConn with channelz and
+// stores the returned identifier in `cc.channelzID` and `cc.csMgr.channelzID`.
+// A channelz trace event is emitted for ClientConn creation. If the newly
+// created ClientConn is a nested one, i.e a valid parent ClientConn ID is
+// specified via a dial option, the trace event is also added to the parent.
+//
+// Doesn't grab cc.mu as this method is expected to be called only at Dial time.
+func (cc *ClientConn) channelzRegistration(target string) {
+	cc.channelzID = channelz.RegisterChannel(&channelzChannel{cc}, cc.dopts.channelzParentID, target)
+	cc.addTraceEvent("created")
+	cc.csMgr.channelzID = cc.channelzID
 }
 
 // chainUnaryClientInterceptors chains all unary client interceptors into one.
@@ -474,7 +620,9 @@ type ClientConn struct {
 	authority       string               // See determineAuthority().
 	dopts           dialOptions          // Default and user specified dial options.
 	channelzID      *channelz.Identifier // Channelz identifier for the channel.
+	resolverBuilder resolver.Builder     // See parseTargetAndFindResolver().
 	balancerWrapper *ccBalancerWrapper   // Uses gracefulswitch.balancer underneath.
+	idlenessMgr     idlenessManager
 
 	// The following provide their own synchronization, and therefore don't
 	// require cc.mu to be held to access them.
@@ -495,11 +643,31 @@ type ClientConn struct {
 	sc              *ServiceConfig             // Latest service config received from the resolver.
 	conns           map[*addrConn]struct{}     // Set to nil on close.
 	mkp             keepalive.ClientParameters // May be updated upon receipt of a GoAway.
+	idlenessState   ccIdlenessState            // Tracks idleness state of the channel.
+	exitIdleCond    *sync.Cond                 // Signalled when channel exits idle.
 
 	lceMu               sync.Mutex // protects lastConnectionError
 	lastConnectionError error
 }
 
+// ccIdlenessState tracks the idleness state of the channel.
+//
+// Channels start off in `active` and move to `idle` after a period of
+// inactivity. When moving back to `active` upon an incoming RPC, they
+// transition through `exiting_idle`. This state is useful for synchronization
+// with Close().
+//
+// This state tracking is mostly for self-protection. The idlenessManager is
+// expected to keep track of the state as well, and is expected not to call into
+// the ClientConn unnecessarily.
+type ccIdlenessState int8
+
+const (
+	ccIdlenessStateActive ccIdlenessState = iota
+	ccIdlenessStateIdle
+	ccIdlenessStateExitingIdle
+)
+
 // WaitForStateChange waits until the connectivity.State of ClientConn changes from sourceState or
 // ctx expires. A true value is returned in former case and false in latter.
 //
@@ -539,7 +707,10 @@ func (cc *ClientConn) GetState() connectivity.State {
 // Notice: This API is EXPERIMENTAL and may be changed or removed in a later
 // release.
 func (cc *ClientConn) Connect() {
-	cc.balancerWrapper.exitIdle()
+	cc.exitIdleMode()
+	// If the ClientConn was not in idle mode, we need to call ExitIdle on the
+	// LB policy so that connections can be created.
+	cc.balancerWrapper.exitIdleMode()
 }
 
 func (cc *ClientConn) scWatcher() {
@@ -708,6 +879,7 @@ func (cc *ClientConn) newAddrConn(addrs []resolver.Address, opts balancer.NewSub
 		dopts:        cc.dopts,
 		czData:       new(channelzData),
 		resetBackoff: make(chan struct{}),
+		stateChan:    make(chan struct{}),
 	}
 	ac.ctx, ac.cancel = context.WithCancel(cc.ctx)
 	// Track ac in cc. This needs to be done before any getTransport(...) is called.
@@ -801,9 +973,6 @@ func (ac *addrConn) connect() error {
 		ac.mu.Unlock()
 		return nil
 	}
-	// Update connectivity state within the lock to prevent subsequent or
-	// concurrent calls from resetting the transport more than once.
-	ac.updateConnectivityState(connectivity.Connecting, nil)
 	ac.mu.Unlock()
 
 	ac.resetTransport()
@@ -822,58 +991,62 @@ func equalAddresses(a, b []resolver.Address) bool {
 	return true
 }
 
-// tryUpdateAddrs tries to update ac.addrs with the new addresses list.
-//
-// If ac is TransientFailure, it updates ac.addrs and returns true. The updated
-// addresses will be picked up by retry in the next iteration after backoff.
-//
-// If ac is Shutdown or Idle, it updates ac.addrs and returns true.
-//
-// If the addresses is the same as the old list, it does nothing and returns
-// true.
-//
-// If ac is Connecting, it returns false. The caller should tear down the ac and
-// create a new one. Note that the backoff will be reset when this happens.
-//
-// If ac is Ready, it checks whether current connected address of ac is in the
-// new addrs list.
-//   - If true, it updates ac.addrs and returns true. The ac will keep using
-//     the existing connection.
-//   - If false, it does nothing and returns false.
-func (ac *addrConn) tryUpdateAddrs(addrs []resolver.Address) bool {
+// updateAddrs updates ac.addrs with the new addresses list and handles active
+// connections or connection attempts.
+func (ac *addrConn) updateAddrs(addrs []resolver.Address) {
 	ac.mu.Lock()
-	defer ac.mu.Unlock()
-	channelz.Infof(logger, ac.channelzID, "addrConn: tryUpdateAddrs curAddr: %v, addrs: %v", ac.curAddr, addrs)
+	channelz.Infof(logger, ac.channelzID, "addrConn: updateAddrs curAddr: %v, addrs: %v", ac.curAddr, addrs)
+
+	if equalAddresses(ac.addrs, addrs) {
+		ac.mu.Unlock()
+		return
+	}
+
+	ac.addrs = addrs
+
 	if ac.state == connectivity.Shutdown ||
 		ac.state == connectivity.TransientFailure ||
 		ac.state == connectivity.Idle {
-		ac.addrs = addrs
-		return true
+		// We were not connecting, so do nothing but update the addresses.
+		ac.mu.Unlock()
+		return
 	}
 
-	if equalAddresses(ac.addrs, addrs) {
-		return true
+	if ac.state == connectivity.Ready {
+		// Try to find the connected address.
+		for _, a := range addrs {
+			a.ServerName = ac.cc.getServerName(a)
+			if a.Equal(ac.curAddr) {
+				// We are connected to a valid address, so do nothing but
+				// update the addresses.
+				ac.mu.Unlock()
+				return
+			}
+		}
 	}
 
-	if ac.state == connectivity.Connecting {
-		return false
-	}
+	// We are either connected to the wrong address or currently connecting.
+	// Stop the current iteration and restart.
 
-	// ac.state is Ready, try to find the connected address.
-	var curAddrFound bool
-	for _, a := range addrs {
-		a.ServerName = ac.cc.getServerName(a)
-		if reflect.DeepEqual(ac.curAddr, a) {
-			curAddrFound = true
-			break
-		}
+	ac.cancel()
+	ac.ctx, ac.cancel = context.WithCancel(ac.cc.ctx)
+
+	// We have to defer here because GracefulClose => Close => onClose, which
+	// requires locking ac.mu.
+	if ac.transport != nil {
+		defer ac.transport.GracefulClose()
+		ac.transport = nil
 	}
-	channelz.Infof(logger, ac.channelzID, "addrConn: tryUpdateAddrs curAddrFound: %v", curAddrFound)
-	if curAddrFound {
-		ac.addrs = addrs
+
+	if len(addrs) == 0 {
+		ac.updateConnectivityState(connectivity.Idle, nil)
 	}
 
-	return curAddrFound
+	ac.mu.Unlock()
+
+	// Since we were connecting/connected, we should start a new connection
+	// attempt.
+	go ac.resetTransport()
 }
 
 // getServerName determines the serverName to be used in the connection
@@ -1026,39 +1199,40 @@ func (cc *ClientConn) Close() error {
 		cc.mu.Unlock()
 		return ErrClientConnClosing
 	}
+
+	for cc.idlenessState == ccIdlenessStateExitingIdle {
+		cc.exitIdleCond.Wait()
+	}
+
 	conns := cc.conns
 	cc.conns = nil
 	cc.csMgr.updateState(connectivity.Shutdown)
 
+	pWrapper := cc.blockingpicker
 	rWrapper := cc.resolverWrapper
-	cc.resolverWrapper = nil
 	bWrapper := cc.balancerWrapper
+	idlenessMgr := cc.idlenessMgr
 	cc.mu.Unlock()
 
 	// The order of closing matters here since the balancer wrapper assumes the
 	// picker is closed before it is closed.
-	cc.blockingpicker.close()
+	if pWrapper != nil {
+		pWrapper.close()
+	}
 	if bWrapper != nil {
 		bWrapper.close()
 	}
 	if rWrapper != nil {
 		rWrapper.close()
 	}
+	if idlenessMgr != nil {
+		idlenessMgr.close()
+	}
 
 	for ac := range conns {
 		ac.tearDown(ErrClientConnClosing)
 	}
-	ted := &channelz.TraceEventDesc{
-		Desc:     "Channel deleted",
-		Severity: channelz.CtInfo,
-	}
-	if cc.dopts.channelzParentID != nil {
-		ted.Parent = &channelz.TraceEventDesc{
-			Desc:     fmt.Sprintf("Nested channel(id:%d) deleted", cc.channelzID.Int()),
-			Severity: channelz.CtInfo,
-		}
-	}
-	channelz.AddTraceEvent(logger, cc.channelzID, 0, ted)
+	cc.addTraceEvent("deleted")
 	// TraceEvent needs to be called before RemoveEntry, as TraceEvent may add
 	// trace reference to the entity being deleted, and thus prevent it from being
 	// deleted right away.
@@ -1088,7 +1262,8 @@ type addrConn struct {
 	addrs   []resolver.Address // All addresses that the resolver resolved to.
 
 	// Use updateConnectivityState for updating addrConn's connectivity state.
-	state connectivity.State
+	state     connectivity.State
+	stateChan chan struct{} // closed and recreated on every state change.
 
 	backoffIdx   int // Needs to be stateful for resetConnectBackoff.
 	resetBackoff chan struct{}
@@ -1102,8 +1277,15 @@ func (ac *addrConn) updateConnectivityState(s connectivity.State, lastErr error)
 	if ac.state == s {
 		return
 	}
+	// When changing states, reset the state change channel.
+	close(ac.stateChan)
+	ac.stateChan = make(chan struct{})
 	ac.state = s
-	channelz.Infof(logger, ac.channelzID, "Subchannel Connectivity change to %v", s)
+	if lastErr == nil {
+		channelz.Infof(logger, ac.channelzID, "Subchannel Connectivity change to %v", s)
+	} else {
+		channelz.Infof(logger, ac.channelzID, "Subchannel Connectivity change to %v, last error: %s", s, lastErr)
+	}
 	ac.cc.handleSubConnStateChange(ac.acbw, s, lastErr)
 }
 
@@ -1123,7 +1305,8 @@ func (ac *addrConn) adjustParams(r transport.GoAwayReason) {
 
 func (ac *addrConn) resetTransport() {
 	ac.mu.Lock()
-	if ac.state == connectivity.Shutdown {
+	acCtx := ac.ctx
+	if acCtx.Err() != nil {
 		ac.mu.Unlock()
 		return
 	}
@@ -1151,15 +1334,14 @@ func (ac *addrConn) resetTransport() {
 	ac.updateConnectivityState(connectivity.Connecting, nil)
 	ac.mu.Unlock()
 
-	if err := ac.tryAllAddrs(addrs, connectDeadline); err != nil {
+	if err := ac.tryAllAddrs(acCtx, addrs, connectDeadline); err != nil {
 		ac.cc.resolveNow(resolver.ResolveNowOptions{})
 		// After exhausting all addresses, the addrConn enters
 		// TRANSIENT_FAILURE.
-		ac.mu.Lock()
-		if ac.state == connectivity.Shutdown {
-			ac.mu.Unlock()
+		if acCtx.Err() != nil {
 			return
 		}
+		ac.mu.Lock()
 		ac.updateConnectivityState(connectivity.TransientFailure, err)
 
 		// Backoff.
@@ -1174,13 +1356,13 @@ func (ac *addrConn) resetTransport() {
 			ac.mu.Unlock()
 		case <-b:
 			timer.Stop()
-		case <-ac.ctx.Done():
+		case <-acCtx.Done():
 			timer.Stop()
 			return
 		}
 
 		ac.mu.Lock()
-		if ac.state != connectivity.Shutdown {
+		if acCtx.Err() == nil {
 			ac.updateConnectivityState(connectivity.Idle, err)
 		}
 		ac.mu.Unlock()
@@ -1195,14 +1377,13 @@ func (ac *addrConn) resetTransport() {
 // tryAllAddrs tries to creates a connection to the addresses, and stop when at
 // the first successful one. It returns an error if no address was successfully
 // connected, or updates ac appropriately with the new transport.
-func (ac *addrConn) tryAllAddrs(addrs []resolver.Address, connectDeadline time.Time) error {
+func (ac *addrConn) tryAllAddrs(ctx context.Context, addrs []resolver.Address, connectDeadline time.Time) error {
 	var firstConnErr error
 	for _, addr := range addrs {
-		ac.mu.Lock()
-		if ac.state == connectivity.Shutdown {
-			ac.mu.Unlock()
+		if ctx.Err() != nil {
 			return errConnClosing
 		}
+		ac.mu.Lock()
 
 		ac.cc.mu.RLock()
 		ac.dopts.copts.KeepaliveParams = ac.cc.mkp
@@ -1216,7 +1397,7 @@ func (ac *addrConn) tryAllAddrs(addrs []resolver.Address, connectDeadline time.T
 
 		channelz.Infof(logger, ac.channelzID, "Subchannel picks a new address %q to connect", addr.Addr)
 
-		err := ac.createTransport(addr, copts, connectDeadline)
+		err := ac.createTransport(ctx, addr, copts, connectDeadline)
 		if err == nil {
 			return nil
 		}
@@ -1233,19 +1414,20 @@ func (ac *addrConn) tryAllAddrs(addrs []resolver.Address, connectDeadline time.T
 // createTransport creates a connection to addr. It returns an error if the
 // address was not successfully connected, or updates ac appropriately with the
 // new transport.
-func (ac *addrConn) createTransport(addr resolver.Address, copts transport.ConnectOptions, connectDeadline time.Time) error {
+func (ac *addrConn) createTransport(ctx context.Context, addr resolver.Address, copts transport.ConnectOptions, connectDeadline time.Time) error {
 	addr.ServerName = ac.cc.getServerName(addr)
-	hctx, hcancel := context.WithCancel(ac.ctx)
+	hctx, hcancel := context.WithCancel(ctx)
 
 	onClose := func(r transport.GoAwayReason) {
 		ac.mu.Lock()
 		defer ac.mu.Unlock()
 		// adjust params based on GoAwayReason
 		ac.adjustParams(r)
-		if ac.state == connectivity.Shutdown {
-			// Already shut down.  tearDown() already cleared the transport and
-			// canceled hctx via ac.ctx, and we expected this connection to be
-			// closed, so do nothing here.
+		if ctx.Err() != nil {
+			// Already shut down or connection attempt canceled.  tearDown() or
+			// updateAddrs() already cleared the transport and canceled hctx
+			// via ac.ctx, and we expected this connection to be closed, so do
+			// nothing here.
 			return
 		}
 		hcancel()
@@ -1264,7 +1446,7 @@ func (ac *addrConn) createTransport(addr resolver.Address, copts transport.Conne
 		ac.updateConnectivityState(connectivity.Idle, nil)
 	}
 
-	connectCtx, cancel := context.WithDeadline(ac.ctx, connectDeadline)
+	connectCtx, cancel := context.WithDeadline(ctx, connectDeadline)
 	defer cancel()
 	copts.ChannelzParentID = ac.channelzID
 
@@ -1281,7 +1463,7 @@ func (ac *addrConn) createTransport(addr resolver.Address, copts transport.Conne
 
 	ac.mu.Lock()
 	defer ac.mu.Unlock()
-	if ac.state == connectivity.Shutdown {
+	if ctx.Err() != nil {
 		// This can happen if the subConn was removed while in `Connecting`
 		// state. tearDown() would have set the state to `Shutdown`, but
 		// would not have closed the transport since ac.transport would not
@@ -1293,6 +1475,9 @@ func (ac *addrConn) createTransport(addr resolver.Address, copts transport.Conne
 		// The error we pass to Close() is immaterial since there are no open
 		// streams at this point, so no trailers with error details will be sent
 		// out. We just need to pass a non-nil error.
+		//
+		// This can also happen when updateAddrs is called during a connection
+		// attempt.
 		go newTr.Close(transport.ErrConnClosing)
 		return nil
 	}
@@ -1400,6 +1585,29 @@ func (ac *addrConn) getReadyTransport() transport.ClientTransport {
 	return nil
 }
 
+// getTransport waits until the addrconn is ready and returns the transport.
+// If the context expires first, returns an appropriate status.  If the
+// addrConn is stopped first, returns an Unavailable status error.
+func (ac *addrConn) getTransport(ctx context.Context) (transport.ClientTransport, error) {
+	for ctx.Err() == nil {
+		ac.mu.Lock()
+		t, state, sc := ac.transport, ac.state, ac.stateChan
+		ac.mu.Unlock()
+		if state == connectivity.Ready {
+			return t, nil
+		}
+		if state == connectivity.Shutdown {
+			return nil, status.Errorf(codes.Unavailable, "SubConn shutting down")
+		}
+
+		select {
+		case <-ctx.Done():
+		case <-sc:
+		}
+	}
+	return nil, status.FromContextError(ctx.Err()).Err()
+}
+
 // tearDown starts to tear down the addrConn.
 //
 // Note that tearDown doesn't remove ac from ac.cc.conns, so the addrConn struct
@@ -1527,6 +1735,9 @@ func (c *channelzChannel) ChannelzMetric() *channelz.ChannelInternalMetric {
 // referenced by users.
 var ErrClientConnTimeout = errors.New("grpc: timed out when dialing")
 
+// getResolver finds the scheme in the cc's resolvers or the global registry.
+// scheme should always be lowercase (typically by virtue of url.Parse()
+// performing proper RFC3986 behavior).
 func (cc *ClientConn) getResolver(scheme string) resolver.Builder {
 	for _, rb := range cc.dopts.resolvers {
 		if scheme == rb.Scheme() {
@@ -1548,7 +1759,14 @@ func (cc *ClientConn) connectionError() error {
 	return cc.lastConnectionError
 }
 
-func (cc *ClientConn) parseTargetAndFindResolver() (resolver.Builder, error) {
+// parseTargetAndFindResolver parses the user's dial target and stores the
+// parsed target in `cc.parsedTarget`.
+//
+// The resolver to use is determined based on the scheme in the parsed target
+// and the same is stored in `cc.resolverBuilder`.
+//
+// Doesn't grab cc.mu as this method is expected to be called only at Dial time.
+func (cc *ClientConn) parseTargetAndFindResolver() error {
 	channelz.Infof(logger, cc.channelzID, "original dial target is: %q", cc.target)
 
 	var rb resolver.Builder
@@ -1560,7 +1778,8 @@ func (cc *ClientConn) parseTargetAndFindResolver() (resolver.Builder, error) {
 		rb = cc.getResolver(parsedTarget.URL.Scheme)
 		if rb != nil {
 			cc.parsedTarget = parsedTarget
-			return rb, nil
+			cc.resolverBuilder = rb
+			return nil
 		}
 	}
 
@@ -1575,15 +1794,16 @@ func (cc *ClientConn) parseTargetAndFindResolver() (resolver.Builder, error) {
 	parsedTarget, err = parseTarget(canonicalTarget)
 	if err != nil {
 		channelz.Infof(logger, cc.channelzID, "dial target %q parse failed: %v", canonicalTarget, err)
-		return nil, err
+		return err
 	}
 	channelz.Infof(logger, cc.channelzID, "parsed dial target is: %+v", parsedTarget)
 	rb = cc.getResolver(parsedTarget.URL.Scheme)
 	if rb == nil {
-		return nil, fmt.Errorf("could not get resolver for default scheme: %q", parsedTarget.URL.Scheme)
+		return fmt.Errorf("could not get resolver for default scheme: %q", parsedTarget.URL.Scheme)
 	}
 	cc.parsedTarget = parsedTarget
-	return rb, nil
+	cc.resolverBuilder = rb
+	return nil
 }
 
 // parseTarget uses RFC 3986 semantics to parse the given target into a
@@ -1606,7 +1826,15 @@ func parseTarget(target string) (resolver.Target, error) {
 // - user specified authority override using `WithAuthority` dial option
 // - creds' notion of server name for the authentication handshake
 // - endpoint from dial target of the form "scheme://[authority]/endpoint"
-func determineAuthority(endpoint, target string, dopts dialOptions) (string, error) {
+//
+// Stores the determined authority in `cc.authority`.
+//
+// Returns a non-nil error if the authority returned by the transport
+// credentials do not match the authority configured through the dial option.
+//
+// Doesn't grab cc.mu as this method is expected to be called only at Dial time.
+func (cc *ClientConn) determineAuthority() error {
+	dopts := cc.dopts
 	// Historically, we had two options for users to specify the serverName or
 	// authority for a channel. One was through the transport credentials
 	// (either in its constructor, or through the OverrideServerName() method).
@@ -1623,25 +1851,58 @@ func determineAuthority(endpoint, target string, dopts dialOptions) (string, err
 	}
 	authorityFromDialOption := dopts.authority
 	if (authorityFromCreds != "" && authorityFromDialOption != "") && authorityFromCreds != authorityFromDialOption {
-		return "", fmt.Errorf("ClientConn's authority from transport creds %q and dial option %q don't match", authorityFromCreds, authorityFromDialOption)
+		return fmt.Errorf("ClientConn's authority from transport creds %q and dial option %q don't match", authorityFromCreds, authorityFromDialOption)
 	}
 
+	endpoint := cc.parsedTarget.Endpoint()
+	target := cc.target
 	switch {
 	case authorityFromDialOption != "":
-		return authorityFromDialOption, nil
+		cc.authority = authorityFromDialOption
 	case authorityFromCreds != "":
-		return authorityFromCreds, nil
+		cc.authority = authorityFromCreds
 	case strings.HasPrefix(target, "unix:") || strings.HasPrefix(target, "unix-abstract:"):
 		// TODO: remove when the unix resolver implements optional interface to
 		// return channel authority.
-		return "localhost", nil
+		cc.authority = "localhost"
 	case strings.HasPrefix(endpoint, ":"):
-		return "localhost" + endpoint, nil
+		cc.authority = "localhost" + endpoint
 	default:
 		// TODO: Define an optional interface on the resolver builder to return
 		// the channel authority given the user's dial target. For resolvers
 		// which don't implement this interface, we will use the endpoint from
 		// "scheme://authority/endpoint" as the default authority.
-		return endpoint, nil
+		cc.authority = endpoint
 	}
+	channelz.Infof(logger, cc.channelzID, "Channel authority set to %q", cc.authority)
+	return nil
+}
+
+// initResolverWrapper creates a ccResolverWrapper, which builds the name
+// resolver. This method grabs the lock to assign the newly built resolver
+// wrapper to the cc.resolverWrapper field.
+func (cc *ClientConn) initResolverWrapper(creds credentials.TransportCredentials) error {
+	rw, err := newCCResolverWrapper(cc, ccResolverWrapperOpts{
+		target:  cc.parsedTarget,
+		builder: cc.resolverBuilder,
+		bOpts: resolver.BuildOptions{
+			DisableServiceConfig: cc.dopts.disableServiceConfig,
+			DialCreds:            creds,
+			CredsBundle:          cc.dopts.copts.CredsBundle,
+			Dialer:               cc.dopts.copts.Dialer,
+		},
+		channelzID: cc.channelzID,
+	})
+	if err != nil {
+		return fmt.Errorf("failed to build resolver: %v", err)
+	}
+	// Resolver implementations may report state update or error inline when
+	// built (or right after), and this is handled in cc.updateResolverState.
+	// Also, an error from the resolver might lead to a re-resolution request
+	// from the balancer, which is handled in resolveNow() where
+	// `cc.resolverWrapper` is accessed. Hence, we need to hold the lock here.
+	cc.mu.Lock()
+	cc.resolverWrapper = rw
+	cc.mu.Unlock()
+	return nil
 }
diff --git a/vendor/google.golang.org/grpc/codes/code_string.go b/vendor/google.golang.org/grpc/codes/code_string.go
index 0b206a578..934fac2b0 100644
--- a/vendor/google.golang.org/grpc/codes/code_string.go
+++ b/vendor/google.golang.org/grpc/codes/code_string.go
@@ -18,7 +18,15 @@
 
 package codes
 
-import "strconv"
+import (
+	"strconv"
+
+	"google.golang.org/grpc/internal"
+)
+
+func init() {
+	internal.CanonicalString = canonicalString
+}
 
 func (c Code) String() string {
 	switch c {
@@ -60,3 +68,44 @@ func (c Code) String() string {
 		return "Code(" + strconv.FormatInt(int64(c), 10) + ")"
 	}
 }
+
+func canonicalString(c Code) string {
+	switch c {
+	case OK:
+		return "OK"
+	case Canceled:
+		return "CANCELLED"
+	case Unknown:
+		return "UNKNOWN"
+	case InvalidArgument:
+		return "INVALID_ARGUMENT"
+	case DeadlineExceeded:
+		return "DEADLINE_EXCEEDED"
+	case NotFound:
+		return "NOT_FOUND"
+	case AlreadyExists:
+		return "ALREADY_EXISTS"
+	case PermissionDenied:
+		return "PERMISSION_DENIED"
+	case ResourceExhausted:
+		return "RESOURCE_EXHAUSTED"
+	case FailedPrecondition:
+		return "FAILED_PRECONDITION"
+	case Aborted:
+		return "ABORTED"
+	case OutOfRange:
+		return "OUT_OF_RANGE"
+	case Unimplemented:
+		return "UNIMPLEMENTED"
+	case Internal:
+		return "INTERNAL"
+	case Unavailable:
+		return "UNAVAILABLE"
+	case DataLoss:
+		return "DATA_LOSS"
+	case Unauthenticated:
+		return "UNAUTHENTICATED"
+	default:
+		return "CODE(" + strconv.FormatInt(int64(c), 10) + ")"
+	}
+}
diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/handshaker.go b/vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/handshaker.go
index 7b953a520..150ae5576 100644
--- a/vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/handshaker.go
+++ b/vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/handshaker.go
@@ -138,7 +138,7 @@ func DefaultServerHandshakerOptions() *ServerHandshakerOptions {
 //       and server options (server options struct does not exist now. When
 //       caller can provide endpoints, it should be created.
 
-// altsHandshaker is used to complete a ALTS handshaking between client and
+// altsHandshaker is used to complete an ALTS handshake between client and
 // server. This handshaker talks to the ALTS handshaker service in the metadata
 // server.
 type altsHandshaker struct {
@@ -146,6 +146,8 @@ type altsHandshaker struct {
 	stream altsgrpc.HandshakerService_DoHandshakeClient
 	// the connection to the peer.
 	conn net.Conn
+	// a virtual connection to the ALTS handshaker service.
+	clientConn *grpc.ClientConn
 	// client handshake options.
 	clientOpts *ClientHandshakerOptions
 	// server handshake options.
@@ -154,39 +156,33 @@ type altsHandshaker struct {
 	side core.Side
 }
 
-// NewClientHandshaker creates a ALTS handshaker for GCP which contains an RPC
-// stub created using the passed conn and used to talk to the ALTS Handshaker
+// NewClientHandshaker creates a core.Handshaker that performs a client-side
+// ALTS handshake by acting as a proxy between the peer and the ALTS handshaker
 // service in the metadata server.
 func NewClientHandshaker(ctx context.Context, conn *grpc.ClientConn, c net.Conn, opts *ClientHandshakerOptions) (core.Handshaker, error) {
-	stream, err := altsgrpc.NewHandshakerServiceClient(conn).DoHandshake(ctx)
-	if err != nil {
-		return nil, err
-	}
 	return &altsHandshaker{
-		stream:     stream,
+		stream:     nil,
 		conn:       c,
+		clientConn: conn,
 		clientOpts: opts,
 		side:       core.ClientSide,
 	}, nil
 }
 
-// NewServerHandshaker creates a ALTS handshaker for GCP which contains an RPC
-// stub created using the passed conn and used to talk to the ALTS Handshaker
+// NewServerHandshaker creates a core.Handshaker that performs a server-side
+// ALTS handshake by acting as a proxy between the peer and the ALTS handshaker
 // service in the metadata server.
 func NewServerHandshaker(ctx context.Context, conn *grpc.ClientConn, c net.Conn, opts *ServerHandshakerOptions) (core.Handshaker, error) {
-	stream, err := altsgrpc.NewHandshakerServiceClient(conn).DoHandshake(ctx)
-	if err != nil {
-		return nil, err
-	}
 	return &altsHandshaker{
-		stream:     stream,
+		stream:     nil,
 		conn:       c,
+		clientConn: conn,
 		serverOpts: opts,
 		side:       core.ServerSide,
 	}, nil
 }
 
-// ClientHandshake starts and completes a client ALTS handshaking for GCP. Once
+// ClientHandshake starts and completes a client ALTS handshake for GCP. Once
 // done, ClientHandshake returns a secure connection.
 func (h *altsHandshaker) ClientHandshake(ctx context.Context) (net.Conn, credentials.AuthInfo, error) {
 	if !acquire() {
@@ -198,6 +194,16 @@ func (h *altsHandshaker) ClientHandshake(ctx context.Context) (net.Conn, credent
 		return nil, nil, errors.New("only handshakers created using NewClientHandshaker can perform a client handshaker")
 	}
 
+	// TODO(matthewstevenson88): Change unit tests to use public APIs so
+	// that h.stream can unconditionally be set based on h.clientConn.
+	if h.stream == nil {
+		stream, err := altsgrpc.NewHandshakerServiceClient(h.clientConn).DoHandshake(ctx)
+		if err != nil {
+			return nil, nil, fmt.Errorf("failed to establish stream to ALTS handshaker service: %v", err)
+		}
+		h.stream = stream
+	}
+
 	// Create target identities from service account list.
 	targetIdentities := make([]*altspb.Identity, 0, len(h.clientOpts.TargetServiceAccounts))
 	for _, account := range h.clientOpts.TargetServiceAccounts {
@@ -229,7 +235,7 @@ func (h *altsHandshaker) ClientHandshake(ctx context.Context) (net.Conn, credent
 	return conn, authInfo, nil
 }
 
-// ServerHandshake starts and completes a server ALTS handshaking for GCP. Once
+// ServerHandshake starts and completes a server ALTS handshake for GCP. Once
 // done, ServerHandshake returns a secure connection.
 func (h *altsHandshaker) ServerHandshake(ctx context.Context) (net.Conn, credentials.AuthInfo, error) {
 	if !acquire() {
@@ -241,6 +247,16 @@ func (h *altsHandshaker) ServerHandshake(ctx context.Context) (net.Conn, credent
 		return nil, nil, errors.New("only handshakers created using NewServerHandshaker can perform a server handshaker")
 	}
 
+	// TODO(matthewstevenson88): Change unit tests to use public APIs so
+	// that h.stream can unconditionally be set based on h.clientConn.
+	if h.stream == nil {
+		stream, err := altsgrpc.NewHandshakerServiceClient(h.clientConn).DoHandshake(ctx)
+		if err != nil {
+			return nil, nil, fmt.Errorf("failed to establish stream to ALTS handshaker service: %v", err)
+		}
+		h.stream = stream
+	}
+
 	p := make([]byte, frameLimit)
 	n, err := h.conn.Read(p)
 	if err != nil {
@@ -371,5 +387,7 @@ func (h *altsHandshaker) processUntilDone(resp *altspb.HandshakerResp, extra []b
 // Close terminates the Handshaker. It should be called when the caller obtains
 // the secure connection.
 func (h *altsHandshaker) Close() {
-	h.stream.CloseSend()
+	if h.stream != nil {
+		h.stream.CloseSend()
+	}
 }
diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/service/service.go b/vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/service/service.go
index 2de2c4aff..e1cdafb98 100644
--- a/vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/service/service.go
+++ b/vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/service/service.go
@@ -58,3 +58,21 @@ func Dial(hsAddress string) (*grpc.ClientConn, error) {
 	}
 	return hsConn, nil
 }
+
+// CloseForTesting closes all open connections to the handshaker service.
+//
+// For testing purposes only.
+func CloseForTesting() error {
+	for _, hsConn := range hsConnMap {
+		if hsConn == nil {
+			continue
+		}
+		if err := hsConn.Close(); err != nil {
+			return err
+		}
+	}
+
+	// Reset the connection map.
+	hsConnMap = make(map[string]*grpc.ClientConn)
+	return nil
+}
diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/altscontext.pb.go b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/altscontext.pb.go
index 1a40e17e8..83e3bae37 100644
--- a/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/altscontext.pb.go
+++ b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/altscontext.pb.go
@@ -17,8 +17,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.28.1
-// 	protoc        v3.14.0
+// 	protoc-gen-go v1.30.0
+// 	protoc        v4.22.0
 // source: grpc/gcp/altscontext.proto
 
 package grpc_gcp
diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/handshaker.pb.go b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/handshaker.pb.go
index 50eefa538..0b0093328 100644
--- a/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/handshaker.pb.go
+++ b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/handshaker.pb.go
@@ -17,8 +17,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.28.1
-// 	protoc        v3.14.0
+// 	protoc-gen-go v1.30.0
+// 	protoc        v4.22.0
 // source: grpc/gcp/handshaker.proto
 
 package grpc_gcp
diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/handshaker_grpc.pb.go b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/handshaker_grpc.pb.go
index d3562c6d5..39ecccf87 100644
--- a/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/handshaker_grpc.pb.go
+++ b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/handshaker_grpc.pb.go
@@ -17,8 +17,8 @@
 
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
-// - protoc-gen-go-grpc v1.2.0
-// - protoc             v3.14.0
+// - protoc-gen-go-grpc v1.3.0
+// - protoc             v4.22.0
 // source: grpc/gcp/handshaker.proto
 
 package grpc_gcp
@@ -35,6 +35,10 @@ import (
 // Requires gRPC-Go v1.32.0 or later.
 const _ = grpc.SupportPackageIsVersion7
 
+const (
+	HandshakerService_DoHandshake_FullMethodName = "/grpc.gcp.HandshakerService/DoHandshake"
+)
+
 // HandshakerServiceClient is the client API for HandshakerService service.
 //
 // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
@@ -57,7 +61,7 @@ func NewHandshakerServiceClient(cc grpc.ClientConnInterface) HandshakerServiceCl
 }
 
 func (c *handshakerServiceClient) DoHandshake(ctx context.Context, opts ...grpc.CallOption) (HandshakerService_DoHandshakeClient, error) {
-	stream, err := c.cc.NewStream(ctx, &HandshakerService_ServiceDesc.Streams[0], "/grpc.gcp.HandshakerService/DoHandshake", opts...)
+	stream, err := c.cc.NewStream(ctx, &HandshakerService_ServiceDesc.Streams[0], HandshakerService_DoHandshake_FullMethodName, opts...)
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/transport_security_common.pb.go b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/transport_security_common.pb.go
index b07412f18..c2e564c7d 100644
--- a/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/transport_security_common.pb.go
+++ b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/transport_security_common.pb.go
@@ -17,8 +17,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.28.1
-// 	protoc        v3.14.0
+// 	protoc-gen-go v1.30.0
+// 	protoc        v4.22.0
 // source: grpc/gcp/transport_security_common.proto
 
 package grpc_gcp
diff --git a/vendor/google.golang.org/grpc/dialoptions.go b/vendor/google.golang.org/grpc/dialoptions.go
index 4866da101..15a3d5102 100644
--- a/vendor/google.golang.org/grpc/dialoptions.go
+++ b/vendor/google.golang.org/grpc/dialoptions.go
@@ -38,13 +38,14 @@ import (
 
 func init() {
 	internal.AddGlobalDialOptions = func(opt ...DialOption) {
-		extraDialOptions = append(extraDialOptions, opt...)
+		globalDialOptions = append(globalDialOptions, opt...)
 	}
 	internal.ClearGlobalDialOptions = func() {
-		extraDialOptions = nil
+		globalDialOptions = nil
 	}
 	internal.WithBinaryLogger = withBinaryLogger
 	internal.JoinDialOptions = newJoinDialOption
+	internal.DisableGlobalDialOptions = newDisableGlobalDialOptions
 }
 
 // dialOptions configure a Dial call. dialOptions are set by the DialOption
@@ -76,6 +77,7 @@ type dialOptions struct {
 	defaultServiceConfig        *ServiceConfig // defaultServiceConfig is parsed from defaultServiceConfigRawJSON.
 	defaultServiceConfigRawJSON *string
 	resolvers                   []resolver.Builder
+	idleTimeout                 time.Duration
 }
 
 // DialOption configures how we set up the connection.
@@ -83,7 +85,7 @@ type DialOption interface {
 	apply(*dialOptions)
 }
 
-var extraDialOptions []DialOption
+var globalDialOptions []DialOption
 
 // EmptyDialOption does not alter the dial configuration. It can be embedded in
 // another structure to build custom dial options.
@@ -96,6 +98,16 @@ type EmptyDialOption struct{}
 
 func (EmptyDialOption) apply(*dialOptions) {}
 
+type disableGlobalDialOptions struct{}
+
+func (disableGlobalDialOptions) apply(*dialOptions) {}
+
+// newDisableGlobalDialOptions returns a DialOption that prevents the ClientConn
+// from applying the global DialOptions (set via AddGlobalDialOptions).
+func newDisableGlobalDialOptions() DialOption {
+	return &disableGlobalDialOptions{}
+}
+
 // funcDialOption wraps a function that modifies dialOptions into an
 // implementation of the DialOption interface.
 type funcDialOption struct {
@@ -284,6 +296,9 @@ func withBackoff(bs internalbackoff.Strategy) DialOption {
 // WithBlock returns a DialOption which makes callers of Dial block until the
 // underlying connection is up. Without this, Dial returns immediately and
 // connecting the server happens in background.
+//
+// Use of this feature is not recommended.  For more information, please see:
+// https://github.com/grpc/grpc-go/blob/master/Documentation/anti-patterns.md
 func WithBlock() DialOption {
 	return newFuncDialOption(func(o *dialOptions) {
 		o.block = true
@@ -295,6 +310,9 @@ func WithBlock() DialOption {
 // the context.DeadlineExceeded error.
 // Implies WithBlock()
 //
+// Use of this feature is not recommended.  For more information, please see:
+// https://github.com/grpc/grpc-go/blob/master/Documentation/anti-patterns.md
+//
 // # Experimental
 //
 // Notice: This API is EXPERIMENTAL and may be changed or removed in a
@@ -437,6 +455,9 @@ func withBinaryLogger(bl binarylog.Logger) DialOption {
 // FailOnNonTempDialError only affects the initial dial, and does not do
 // anything useful unless you are also using WithBlock().
 //
+// Use of this feature is not recommended.  For more information, please see:
+// https://github.com/grpc/grpc-go/blob/master/Documentation/anti-patterns.md
+//
 // # Experimental
 //
 // Notice: This API is EXPERIMENTAL and may be changed or removed in a
@@ -635,3 +656,23 @@ func WithResolvers(rs ...resolver.Builder) DialOption {
 		o.resolvers = append(o.resolvers, rs...)
 	})
 }
+
+// WithIdleTimeout returns a DialOption that configures an idle timeout for the
+// channel. If the channel is idle for the configured timeout, i.e there are no
+// ongoing RPCs and no new RPCs are initiated, the channel will enter idle mode
+// and as a result the name resolver and load balancer will be shut down. The
+// channel will exit idle mode when the Connect() method is called or when an
+// RPC is initiated.
+//
+// By default this feature is disabled, which can also be explicitly configured
+// by passing zero to this function.
+//
+// # Experimental
+//
+// Notice: This API is EXPERIMENTAL and may be changed or removed in a
+// later release.
+func WithIdleTimeout(d time.Duration) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.idleTimeout = d
+	})
+}
diff --git a/vendor/google.golang.org/grpc/idle.go b/vendor/google.golang.org/grpc/idle.go
new file mode 100644
index 000000000..dc3dc72f6
--- /dev/null
+++ b/vendor/google.golang.org/grpc/idle.go
@@ -0,0 +1,287 @@
+/*
+ *
+ * Copyright 2023 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package grpc
+
+import (
+	"fmt"
+	"math"
+	"sync"
+	"sync/atomic"
+	"time"
+)
+
+// For overriding in unit tests.
+var timeAfterFunc = func(d time.Duration, f func()) *time.Timer {
+	return time.AfterFunc(d, f)
+}
+
+// idlenessEnforcer is the functionality provided by grpc.ClientConn to enter
+// and exit from idle mode.
+type idlenessEnforcer interface {
+	exitIdleMode() error
+	enterIdleMode() error
+}
+
+// idlenessManager defines the functionality required to track RPC activity on a
+// channel.
+type idlenessManager interface {
+	onCallBegin() error
+	onCallEnd()
+	close()
+}
+
+type noopIdlenessManager struct{}
+
+func (noopIdlenessManager) onCallBegin() error { return nil }
+func (noopIdlenessManager) onCallEnd()         {}
+func (noopIdlenessManager) close()             {}
+
+// idlenessManagerImpl implements the idlenessManager interface. It uses atomic
+// operations to synchronize access to shared state and a mutex to guarantee
+// mutual exclusion in a critical section.
+type idlenessManagerImpl struct {
+	// State accessed atomically.
+	lastCallEndTime           int64 // Unix timestamp in nanos; time when the most recent RPC completed.
+	activeCallsCount          int32 // Count of active RPCs; -math.MaxInt32 means channel is idle or is trying to get there.
+	activeSinceLastTimerCheck int32 // Boolean; True if there was an RPC since the last timer callback.
+	closed                    int32 // Boolean; True when the manager is closed.
+
+	// Can be accessed without atomics or mutex since these are set at creation
+	// time and read-only after that.
+	enforcer idlenessEnforcer // Functionality provided by grpc.ClientConn.
+	timeout  int64            // Idle timeout duration nanos stored as an int64.
+
+	// idleMu is used to guarantee mutual exclusion in two scenarios:
+	// - Opposing intentions:
+	//   - a: Idle timeout has fired and handleIdleTimeout() is trying to put
+	//     the channel in idle mode because the channel has been inactive.
+	//   - b: At the same time an RPC is made on the channel, and onCallBegin()
+	//     is trying to prevent the channel from going idle.
+	// - Competing intentions:
+	//   - The channel is in idle mode and there are multiple RPCs starting at
+	//     the same time, all trying to move the channel out of idle. Only one
+	//     of them should succeed in doing so, while the other RPCs should
+	//     piggyback on the first one and be successfully handled.
+	idleMu       sync.RWMutex
+	actuallyIdle bool
+	timer        *time.Timer
+}
+
+// newIdlenessManager creates a new idleness manager implementation for the
+// given idle timeout.
+func newIdlenessManager(enforcer idlenessEnforcer, idleTimeout time.Duration) idlenessManager {
+	if idleTimeout == 0 {
+		return noopIdlenessManager{}
+	}
+
+	i := &idlenessManagerImpl{
+		enforcer: enforcer,
+		timeout:  int64(idleTimeout),
+	}
+	i.timer = timeAfterFunc(idleTimeout, i.handleIdleTimeout)
+	return i
+}
+
+// resetIdleTimer resets the idle timer to the given duration. This method
+// should only be called from the timer callback.
+func (i *idlenessManagerImpl) resetIdleTimer(d time.Duration) {
+	i.idleMu.Lock()
+	defer i.idleMu.Unlock()
+
+	if i.timer == nil {
+		// Only close sets timer to nil. We are done.
+		return
+	}
+
+	// It is safe to ignore the return value from Reset() because this method is
+	// only ever called from the timer callback, which means the timer has
+	// already fired.
+	i.timer.Reset(d)
+}
+
+// handleIdleTimeout is the timer callback that is invoked upon expiry of the
+// configured idle timeout. The channel is considered inactive if there are no
+// ongoing calls and no RPC activity since the last time the timer fired.
+func (i *idlenessManagerImpl) handleIdleTimeout() {
+	if i.isClosed() {
+		return
+	}
+
+	if atomic.LoadInt32(&i.activeCallsCount) > 0 {
+		i.resetIdleTimer(time.Duration(i.timeout))
+		return
+	}
+
+	// There has been activity on the channel since we last got here. Reset the
+	// timer and return.
+	if atomic.LoadInt32(&i.activeSinceLastTimerCheck) == 1 {
+		// Set the timer to fire after a duration of idle timeout, calculated
+		// from the time the most recent RPC completed.
+		atomic.StoreInt32(&i.activeSinceLastTimerCheck, 0)
+		i.resetIdleTimer(time.Duration(atomic.LoadInt64(&i.lastCallEndTime) + i.timeout - time.Now().UnixNano()))
+		return
+	}
+
+	// This CAS operation is extremely likely to succeed given that there has
+	// been no activity since the last time we were here.  Setting the
+	// activeCallsCount to -math.MaxInt32 indicates to onCallBegin() that the
+	// channel is either in idle mode or is trying to get there.
+	if !atomic.CompareAndSwapInt32(&i.activeCallsCount, 0, -math.MaxInt32) {
+		// This CAS operation can fail if an RPC started after we checked for
+		// activity at the top of this method, or one was ongoing from before
+		// the last time we were here. In both case, reset the timer and return.
+		i.resetIdleTimer(time.Duration(i.timeout))
+		return
+	}
+
+	// Now that we've set the active calls count to -math.MaxInt32, it's time to
+	// actually move to idle mode.
+	if i.tryEnterIdleMode() {
+		// Successfully entered idle mode. No timer needed until we exit idle.
+		return
+	}
+
+	// Failed to enter idle mode due to a concurrent RPC that kept the channel
+	// active, or because of an error from the channel. Undo the attempt to
+	// enter idle, and reset the timer to try again later.
+	atomic.AddInt32(&i.activeCallsCount, math.MaxInt32)
+	i.resetIdleTimer(time.Duration(i.timeout))
+}
+
+// tryEnterIdleMode instructs the channel to enter idle mode. But before
+// that, it performs a last minute check to ensure that no new RPC has come in,
+// making the channel active.
+//
+// Return value indicates whether or not the channel moved to idle mode.
+//
+// Holds idleMu which ensures mutual exclusion with exitIdleMode.
+func (i *idlenessManagerImpl) tryEnterIdleMode() bool {
+	i.idleMu.Lock()
+	defer i.idleMu.Unlock()
+
+	if atomic.LoadInt32(&i.activeCallsCount) != -math.MaxInt32 {
+		// We raced and lost to a new RPC. Very rare, but stop entering idle.
+		return false
+	}
+	if atomic.LoadInt32(&i.activeSinceLastTimerCheck) == 1 {
+		// An very short RPC could have come in (and also finished) after we
+		// checked for calls count and activity in handleIdleTimeout(), but
+		// before the CAS operation. So, we need to check for activity again.
+		return false
+	}
+
+	// No new RPCs have come in since we last set the active calls count value
+	// -math.MaxInt32 in the timer callback. And since we have the lock, it is
+	// safe to enter idle mode now.
+	if err := i.enforcer.enterIdleMode(); err != nil {
+		logger.Errorf("Failed to enter idle mode: %v", err)
+		return false
+	}
+
+	// Successfully entered idle mode.
+	i.actuallyIdle = true
+	return true
+}
+
+// onCallBegin is invoked at the start of every RPC.
+func (i *idlenessManagerImpl) onCallBegin() error {
+	if i.isClosed() {
+		return nil
+	}
+
+	if atomic.AddInt32(&i.activeCallsCount, 1) > 0 {
+		// Channel is not idle now. Set the activity bit and allow the call.
+		atomic.StoreInt32(&i.activeSinceLastTimerCheck, 1)
+		return nil
+	}
+
+	// Channel is either in idle mode or is in the process of moving to idle
+	// mode. Attempt to exit idle mode to allow this RPC.
+	if err := i.exitIdleMode(); err != nil {
+		// Undo the increment to calls count, and return an error causing the
+		// RPC to fail.
+		atomic.AddInt32(&i.activeCallsCount, -1)
+		return err
+	}
+
+	atomic.StoreInt32(&i.activeSinceLastTimerCheck, 1)
+	return nil
+}
+
+// exitIdleMode instructs the channel to exit idle mode.
+//
+// Holds idleMu which ensures mutual exclusion with tryEnterIdleMode.
+func (i *idlenessManagerImpl) exitIdleMode() error {
+	i.idleMu.Lock()
+	defer i.idleMu.Unlock()
+
+	if !i.actuallyIdle {
+		// This can happen in two scenarios:
+		// - handleIdleTimeout() set the calls count to -math.MaxInt32 and called
+		//   tryEnterIdleMode(). But before the latter could grab the lock, an RPC
+		//   came in and onCallBegin() noticed that the calls count is negative.
+		// - Channel is in idle mode, and multiple new RPCs come in at the same
+		//   time, all of them notice a negative calls count in onCallBegin and get
+		//   here. The first one to get the lock would got the channel to exit idle.
+		//
+		// Either way, nothing to do here.
+		return nil
+	}
+
+	if err := i.enforcer.exitIdleMode(); err != nil {
+		return fmt.Errorf("channel failed to exit idle mode: %v", err)
+	}
+
+	// Undo the idle entry process. This also respects any new RPC attempts.
+	atomic.AddInt32(&i.activeCallsCount, math.MaxInt32)
+	i.actuallyIdle = false
+
+	// Start a new timer to fire after the configured idle timeout.
+	i.timer = timeAfterFunc(time.Duration(i.timeout), i.handleIdleTimeout)
+	return nil
+}
+
+// onCallEnd is invoked at the end of every RPC.
+func (i *idlenessManagerImpl) onCallEnd() {
+	if i.isClosed() {
+		return
+	}
+
+	// Record the time at which the most recent call finished.
+	atomic.StoreInt64(&i.lastCallEndTime, time.Now().UnixNano())
+
+	// Decrement the active calls count. This count can temporarily go negative
+	// when the timer callback is in the process of moving the channel to idle
+	// mode, but one or more RPCs come in and complete before the timer callback
+	// can get done with the process of moving to idle mode.
+	atomic.AddInt32(&i.activeCallsCount, -1)
+}
+
+func (i *idlenessManagerImpl) isClosed() bool {
+	return atomic.LoadInt32(&i.closed) == 1
+}
+
+func (i *idlenessManagerImpl) close() {
+	atomic.StoreInt32(&i.closed, 1)
+
+	i.idleMu.Lock()
+	i.timer.Stop()
+	i.timer = nil
+	i.idleMu.Unlock()
+}
diff --git a/vendor/google.golang.org/grpc/internal/binarylog/binarylog.go b/vendor/google.golang.org/grpc/internal/binarylog/binarylog.go
index 809d73cca..755fdebc1 100644
--- a/vendor/google.golang.org/grpc/internal/binarylog/binarylog.go
+++ b/vendor/google.golang.org/grpc/internal/binarylog/binarylog.go
@@ -28,8 +28,13 @@ import (
 	"google.golang.org/grpc/internal/grpcutil"
 )
 
-// Logger is the global binary logger. It can be used to get binary logger for
-// each method.
+var grpclogLogger = grpclog.Component("binarylog")
+
+// Logger specifies MethodLoggers for method names with a Log call that
+// takes a context.
+//
+// This is used in the 1.0 release of gcp/observability, and thus must not be
+// deleted or changed.
 type Logger interface {
 	GetMethodLogger(methodName string) MethodLogger
 }
@@ -40,8 +45,6 @@ type Logger interface {
 // It is used to get a MethodLogger for each individual method.
 var binLogger Logger
 
-var grpclogLogger = grpclog.Component("binarylog")
-
 // SetLogger sets the binary logger.
 //
 // Only call this at init time.
diff --git a/vendor/google.golang.org/grpc/internal/binarylog/method_logger.go b/vendor/google.golang.org/grpc/internal/binarylog/method_logger.go
index d71e44177..6c3f63221 100644
--- a/vendor/google.golang.org/grpc/internal/binarylog/method_logger.go
+++ b/vendor/google.golang.org/grpc/internal/binarylog/method_logger.go
@@ -19,6 +19,7 @@
 package binarylog
 
 import (
+	"context"
 	"net"
 	"strings"
 	"sync/atomic"
@@ -48,8 +49,11 @@ func (g *callIDGenerator) reset() {
 var idGen callIDGenerator
 
 // MethodLogger is the sub-logger for each method.
+//
+// This is used in the 1.0 release of gcp/observability, and thus must not be
+// deleted or changed.
 type MethodLogger interface {
-	Log(LogEntryConfig)
+	Log(context.Context, LogEntryConfig)
 }
 
 // TruncatingMethodLogger is a method logger that truncates headers and messages
@@ -64,6 +68,9 @@ type TruncatingMethodLogger struct {
 }
 
 // NewTruncatingMethodLogger returns a new truncating method logger.
+//
+// This is used in the 1.0 release of gcp/observability, and thus must not be
+// deleted or changed.
 func NewTruncatingMethodLogger(h, m uint64) *TruncatingMethodLogger {
 	return &TruncatingMethodLogger{
 		headerMaxLen:  h,
@@ -98,7 +105,7 @@ func (ml *TruncatingMethodLogger) Build(c LogEntryConfig) *binlogpb.GrpcLogEntry
 }
 
 // Log creates a proto binary log entry, and logs it to the sink.
-func (ml *TruncatingMethodLogger) Log(c LogEntryConfig) {
+func (ml *TruncatingMethodLogger) Log(ctx context.Context, c LogEntryConfig) {
 	ml.sink.Write(ml.Build(c))
 }
 
@@ -144,6 +151,9 @@ func (ml *TruncatingMethodLogger) truncateMessage(msgPb *binlogpb.Message) (trun
 }
 
 // LogEntryConfig represents the configuration for binary log entry.
+//
+// This is used in the 1.0 release of gcp/observability, and thus must not be
+// deleted or changed.
 type LogEntryConfig interface {
 	toProto() *binlogpb.GrpcLogEntry
 }
diff --git a/vendor/google.golang.org/grpc/internal/buffer/unbounded.go b/vendor/google.golang.org/grpc/internal/buffer/unbounded.go
index 9f6a0c120..81c2f5fd7 100644
--- a/vendor/google.golang.org/grpc/internal/buffer/unbounded.go
+++ b/vendor/google.golang.org/grpc/internal/buffer/unbounded.go
@@ -35,6 +35,7 @@ import "sync"
 // internal/transport/transport.go for an example of this.
 type Unbounded struct {
 	c       chan interface{}
+	closed  bool
 	mu      sync.Mutex
 	backlog []interface{}
 }
@@ -47,16 +48,18 @@ func NewUnbounded() *Unbounded {
 // Put adds t to the unbounded buffer.
 func (b *Unbounded) Put(t interface{}) {
 	b.mu.Lock()
+	defer b.mu.Unlock()
+	if b.closed {
+		return
+	}
 	if len(b.backlog) == 0 {
 		select {
 		case b.c <- t:
-			b.mu.Unlock()
 			return
 		default:
 		}
 	}
 	b.backlog = append(b.backlog, t)
-	b.mu.Unlock()
 }
 
 // Load sends the earliest buffered data, if any, onto the read channel
@@ -64,6 +67,10 @@ func (b *Unbounded) Put(t interface{}) {
 // value from the read channel.
 func (b *Unbounded) Load() {
 	b.mu.Lock()
+	defer b.mu.Unlock()
+	if b.closed {
+		return
+	}
 	if len(b.backlog) > 0 {
 		select {
 		case b.c <- b.backlog[0]:
@@ -72,7 +79,6 @@ func (b *Unbounded) Load() {
 		default:
 		}
 	}
-	b.mu.Unlock()
 }
 
 // Get returns a read channel on which values added to the buffer, via Put(),
@@ -80,6 +86,20 @@ func (b *Unbounded) Load() {
 //
 // Upon reading a value from this channel, users are expected to call Load() to
 // send the next buffered value onto the channel if there is any.
+//
+// If the unbounded buffer is closed, the read channel returned by this method
+// is closed.
 func (b *Unbounded) Get() <-chan interface{} {
 	return b.c
 }
+
+// Close closes the unbounded buffer.
+func (b *Unbounded) Close() {
+	b.mu.Lock()
+	defer b.mu.Unlock()
+	if b.closed {
+		return
+	}
+	b.closed = true
+	close(b.c)
+}
diff --git a/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go b/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go
index 5ba9d94d4..80fd5c7d2 100644
--- a/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go
+++ b/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go
@@ -36,6 +36,10 @@ var (
 	// "GRPC_RING_HASH_CAP".  This does not override the default bounds
 	// checking which NACKs configs specifying ring sizes > 8*1024*1024 (~8M).
 	RingHashCap = uint64FromEnv("GRPC_RING_HASH_CAP", 4096, 1, 8*1024*1024)
+	// PickFirstLBConfig is set if we should support configuration of the
+	// pick_first LB policy, which can be enabled by setting the environment
+	// variable "GRPC_EXPERIMENTAL_PICKFIRST_LB_CONFIG" to "true".
+	PickFirstLBConfig = boolFromEnv("GRPC_EXPERIMENTAL_PICKFIRST_LB_CONFIG", false)
 )
 
 func boolFromEnv(envVar string, def bool) bool {
diff --git a/vendor/google.golang.org/grpc/internal/envconfig/observability.go b/vendor/google.golang.org/grpc/internal/envconfig/observability.go
index 821dd0a7c..dd314cfb1 100644
--- a/vendor/google.golang.org/grpc/internal/envconfig/observability.go
+++ b/vendor/google.golang.org/grpc/internal/envconfig/observability.go
@@ -28,9 +28,15 @@ const (
 var (
 	// ObservabilityConfig is the json configuration for the gcp/observability
 	// package specified directly in the envObservabilityConfig env var.
+	//
+	// This is used in the 1.0 release of gcp/observability, and thus must not be
+	// deleted or changed.
 	ObservabilityConfig = os.Getenv(envObservabilityConfig)
 	// ObservabilityConfigFile is the json configuration for the
 	// gcp/observability specified in a file with the location specified in
 	// envObservabilityConfigFile env var.
+	//
+	// This is used in the 1.0 release of gcp/observability, and thus must not be
+	// deleted or changed.
 	ObservabilityConfigFile = os.Getenv(envObservabilityConfigFile)
 )
diff --git a/vendor/google.golang.org/grpc/internal/envconfig/xds.go b/vendor/google.golang.org/grpc/internal/envconfig/xds.go
index 04136882c..02b4b6a1c 100644
--- a/vendor/google.golang.org/grpc/internal/envconfig/xds.go
+++ b/vendor/google.golang.org/grpc/internal/envconfig/xds.go
@@ -61,11 +61,10 @@ var (
 	// have a brand new API on the server-side and users explicitly need to use
 	// the new API to get security integration on the server.
 	XDSClientSideSecurity = boolFromEnv("GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT", true)
-	// XDSAggregateAndDNS indicates whether processing of aggregated cluster
-	// and DNS cluster is enabled, which can be enabled by setting the
-	// environment variable
-	// "GRPC_XDS_EXPERIMENTAL_ENABLE_AGGREGATE_AND_LOGICAL_DNS_CLUSTER" to
-	// "true".
+	// XDSAggregateAndDNS indicates whether processing of aggregated cluster and
+	// DNS cluster is enabled, which can be disabled by setting the environment
+	// variable "GRPC_XDS_EXPERIMENTAL_ENABLE_AGGREGATE_AND_LOGICAL_DNS_CLUSTER"
+	// to "false".
 	XDSAggregateAndDNS = boolFromEnv("GRPC_XDS_EXPERIMENTAL_ENABLE_AGGREGATE_AND_LOGICAL_DNS_CLUSTER", true)
 
 	// XDSRBAC indicates whether xDS configured RBAC HTTP Filter is enabled,
@@ -79,14 +78,18 @@ var (
 	// XDSFederation indicates whether federation support is enabled, which can
 	// be enabled by setting the environment variable
 	// "GRPC_EXPERIMENTAL_XDS_FEDERATION" to "true".
-	XDSFederation = boolFromEnv("GRPC_EXPERIMENTAL_XDS_FEDERATION", false)
+	XDSFederation = boolFromEnv("GRPC_EXPERIMENTAL_XDS_FEDERATION", true)
 
 	// XDSRLS indicates whether processing of Cluster Specifier plugins and
-	// support for the RLS CLuster Specifier is enabled, which can be enabled by
+	// support for the RLS CLuster Specifier is enabled, which can be disabled by
 	// setting the environment variable "GRPC_EXPERIMENTAL_XDS_RLS_LB" to
-	// "true".
-	XDSRLS = boolFromEnv("GRPC_EXPERIMENTAL_XDS_RLS_LB", false)
+	// "false".
+	XDSRLS = boolFromEnv("GRPC_EXPERIMENTAL_XDS_RLS_LB", true)
 
 	// C2PResolverTestOnlyTrafficDirectorURI is the TD URI for testing.
 	C2PResolverTestOnlyTrafficDirectorURI = os.Getenv("GRPC_TEST_ONLY_GOOGLE_C2P_RESOLVER_TRAFFIC_DIRECTOR_URI")
+	// XDSCustomLBPolicy indicates whether Custom LB Policies are enabled, which
+	// can be disabled by setting the environment variable
+	// "GRPC_EXPERIMENTAL_XDS_CUSTOM_LB_CONFIG" to "false".
+	XDSCustomLBPolicy = boolFromEnv("GRPC_EXPERIMENTAL_XDS_CUSTOM_LB_CONFIG", true)
 )
diff --git a/vendor/google.golang.org/grpc/internal/grpclog/prefixLogger.go b/vendor/google.golang.org/grpc/internal/grpclog/prefixLogger.go
index 82af70e96..02224b42c 100644
--- a/vendor/google.golang.org/grpc/internal/grpclog/prefixLogger.go
+++ b/vendor/google.golang.org/grpc/internal/grpclog/prefixLogger.go
@@ -63,6 +63,9 @@ func (pl *PrefixLogger) Errorf(format string, args ...interface{}) {
 
 // Debugf does info logging at verbose level 2.
 func (pl *PrefixLogger) Debugf(format string, args ...interface{}) {
+	// TODO(6044): Refactor interfaces LoggerV2 and DepthLogger, and maybe
+	// rewrite PrefixLogger a little to ensure that we don't use the global
+	// `Logger` here, and instead use the `logger` field.
 	if !Logger.V(2) {
 		return
 	}
@@ -73,6 +76,15 @@ func (pl *PrefixLogger) Debugf(format string, args ...interface{}) {
 		return
 	}
 	InfoDepth(1, fmt.Sprintf(format, args...))
+
+}
+
+// V reports whether verbosity level l is at least the requested verbose level.
+func (pl *PrefixLogger) V(l int) bool {
+	// TODO(6044): Refactor interfaces LoggerV2 and DepthLogger, and maybe
+	// rewrite PrefixLogger a little to ensure that we don't use the global
+	// `Logger` here, and instead use the `logger` field.
+	return Logger.V(l)
 }
 
 // NewPrefixLogger creates a prefix logger with the given prefix.
diff --git a/vendor/google.golang.org/grpc/internal/grpcrand/grpcrand.go b/vendor/google.golang.org/grpc/internal/grpcrand/grpcrand.go
index 517ea7064..d08e3e907 100644
--- a/vendor/google.golang.org/grpc/internal/grpcrand/grpcrand.go
+++ b/vendor/google.golang.org/grpc/internal/grpcrand/grpcrand.go
@@ -72,3 +72,17 @@ func Uint64() uint64 {
 	defer mu.Unlock()
 	return r.Uint64()
 }
+
+// Uint32 implements rand.Uint32 on the grpcrand global source.
+func Uint32() uint32 {
+	mu.Lock()
+	defer mu.Unlock()
+	return r.Uint32()
+}
+
+// Shuffle implements rand.Shuffle on the grpcrand global source.
+var Shuffle = func(n int, f func(int, int)) {
+	mu.Lock()
+	defer mu.Unlock()
+	r.Shuffle(n, f)
+}
diff --git a/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go b/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go
new file mode 100644
index 000000000..37b8d4117
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go
@@ -0,0 +1,119 @@
+/*
+ *
+ * Copyright 2022 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package grpcsync
+
+import (
+	"context"
+	"sync"
+
+	"google.golang.org/grpc/internal/buffer"
+)
+
+// CallbackSerializer provides a mechanism to schedule callbacks in a
+// synchronized manner. It provides a FIFO guarantee on the order of execution
+// of scheduled callbacks. New callbacks can be scheduled by invoking the
+// Schedule() method.
+//
+// This type is safe for concurrent access.
+type CallbackSerializer struct {
+	// Done is closed once the serializer is shut down completely, i.e all
+	// scheduled callbacks are executed and the serializer has deallocated all
+	// its resources.
+	Done chan struct{}
+
+	callbacks *buffer.Unbounded
+	closedMu  sync.Mutex
+	closed    bool
+}
+
+// NewCallbackSerializer returns a new CallbackSerializer instance. The provided
+// context will be passed to the scheduled callbacks. Users should cancel the
+// provided context to shutdown the CallbackSerializer. It is guaranteed that no
+// callbacks will be added once this context is canceled, and any pending un-run
+// callbacks will be executed before the serializer is shut down.
+func NewCallbackSerializer(ctx context.Context) *CallbackSerializer {
+	t := &CallbackSerializer{
+		Done:      make(chan struct{}),
+		callbacks: buffer.NewUnbounded(),
+	}
+	go t.run(ctx)
+	return t
+}
+
+// Schedule adds a callback to be scheduled after existing callbacks are run.
+//
+// Callbacks are expected to honor the context when performing any blocking
+// operations, and should return early when the context is canceled.
+//
+// Return value indicates if the callback was successfully added to the list of
+// callbacks to be executed by the serializer. It is not possible to add
+// callbacks once the context passed to NewCallbackSerializer is cancelled.
+func (t *CallbackSerializer) Schedule(f func(ctx context.Context)) bool {
+	t.closedMu.Lock()
+	defer t.closedMu.Unlock()
+
+	if t.closed {
+		return false
+	}
+	t.callbacks.Put(f)
+	return true
+}
+
+func (t *CallbackSerializer) run(ctx context.Context) {
+	var backlog []func(context.Context)
+
+	defer close(t.Done)
+	for ctx.Err() == nil {
+		select {
+		case <-ctx.Done():
+			// Do nothing here. Next iteration of the for loop will not happen,
+			// since ctx.Err() would be non-nil.
+		case callback, ok := <-t.callbacks.Get():
+			if !ok {
+				return
+			}
+			t.callbacks.Load()
+			callback.(func(ctx context.Context))(ctx)
+		}
+	}
+
+	// Fetch pending callbacks if any, and execute them before returning from
+	// this method and closing t.Done.
+	t.closedMu.Lock()
+	t.closed = true
+	backlog = t.fetchPendingCallbacks()
+	t.callbacks.Close()
+	t.closedMu.Unlock()
+	for _, b := range backlog {
+		b(ctx)
+	}
+}
+
+func (t *CallbackSerializer) fetchPendingCallbacks() []func(context.Context) {
+	var backlog []func(context.Context)
+	for {
+		select {
+		case b := <-t.callbacks.Get():
+			backlog = append(backlog, b.(func(context.Context)))
+			t.callbacks.Load()
+		default:
+			return backlog
+		}
+	}
+}
diff --git a/vendor/google.golang.org/grpc/internal/internal.go b/vendor/google.golang.org/grpc/internal/internal.go
index 0a76d9de6..42ff39c84 100644
--- a/vendor/google.golang.org/grpc/internal/internal.go
+++ b/vendor/google.golang.org/grpc/internal/internal.go
@@ -58,6 +58,12 @@ var (
 	// gRPC server. An xDS-enabled server needs to know what type of credentials
 	// is configured on the underlying gRPC server. This is set by server.go.
 	GetServerCredentials interface{} // func (*grpc.Server) credentials.TransportCredentials
+	// CanonicalString returns the canonical string of the code defined here:
+	// https://github.com/grpc/grpc/blob/master/doc/statuscodes.md.
+	//
+	// This is used in the 1.0 release of gcp/observability, and thus must not be
+	// deleted or changed.
+	CanonicalString interface{} // func (codes.Code) string
 	// DrainServerTransports initiates a graceful close of existing connections
 	// on a gRPC server accepted on the provided listener address. An
 	// xDS-enabled server invokes this method on a grpc.Server when a particular
@@ -66,16 +72,35 @@ var (
 	// AddGlobalServerOptions adds an array of ServerOption that will be
 	// effective globally for newly created servers. The priority will be: 1.
 	// user-provided; 2. this method; 3. default values.
+	//
+	// This is used in the 1.0 release of gcp/observability, and thus must not be
+	// deleted or changed.
 	AddGlobalServerOptions interface{} // func(opt ...ServerOption)
 	// ClearGlobalServerOptions clears the array of extra ServerOption. This
 	// method is useful in testing and benchmarking.
+	//
+	// This is used in the 1.0 release of gcp/observability, and thus must not be
+	// deleted or changed.
 	ClearGlobalServerOptions func()
 	// AddGlobalDialOptions adds an array of DialOption that will be effective
 	// globally for newly created client channels. The priority will be: 1.
 	// user-provided; 2. this method; 3. default values.
+	//
+	// This is used in the 1.0 release of gcp/observability, and thus must not be
+	// deleted or changed.
 	AddGlobalDialOptions interface{} // func(opt ...DialOption)
+	// DisableGlobalDialOptions returns a DialOption that prevents the
+	// ClientConn from applying the global DialOptions (set via
+	// AddGlobalDialOptions).
+	//
+	// This is used in the 1.0 release of gcp/observability, and thus must not be
+	// deleted or changed.
+	DisableGlobalDialOptions interface{} // func() grpc.DialOption
 	// ClearGlobalDialOptions clears the array of extra DialOption. This
 	// method is useful in testing and benchmarking.
+	//
+	// This is used in the 1.0 release of gcp/observability, and thus must not be
+	// deleted or changed.
 	ClearGlobalDialOptions func()
 	// JoinDialOptions combines the dial options passed as arguments into a
 	// single dial option.
@@ -86,9 +111,15 @@ var (
 
 	// WithBinaryLogger returns a DialOption that specifies the binary logger
 	// for a ClientConn.
+	//
+	// This is used in the 1.0 release of gcp/observability, and thus must not be
+	// deleted or changed.
 	WithBinaryLogger interface{} // func(binarylog.Logger) grpc.DialOption
 	// BinaryLogger returns a ServerOption that can set the binary logger for a
 	// server.
+	//
+	// This is used in the 1.0 release of gcp/observability, and thus must not be
+	// deleted or changed.
 	BinaryLogger interface{} // func(binarylog.Logger) grpc.ServerOption
 
 	// NewXDSResolverWithConfigForTesting creates a new xds resolver builder using
@@ -130,6 +161,9 @@ var (
 	//
 	// TODO: Remove this function once the RBAC env var is removed.
 	UnregisterRBACHTTPFilterForTesting func()
+
+	// ORCAAllowAnyMinReportingInterval is for examples/orca use ONLY.
+	ORCAAllowAnyMinReportingInterval interface{} // func(so *orca.ServiceOptions)
 )
 
 // HealthChecker defines the signature of the client-side LB channel health checking function.
diff --git a/vendor/google.golang.org/grpc/internal/metadata/metadata.go b/vendor/google.golang.org/grpc/internal/metadata/metadata.go
index b2980f8ac..c82e608e0 100644
--- a/vendor/google.golang.org/grpc/internal/metadata/metadata.go
+++ b/vendor/google.golang.org/grpc/internal/metadata/metadata.go
@@ -76,33 +76,11 @@ func Set(addr resolver.Address, md metadata.MD) resolver.Address {
 	return addr
 }
 
-// Validate returns an error if the input md contains invalid keys or values.
-//
-// If the header is not a pseudo-header, the following items are checked:
-// - header names must contain one or more characters from this set [0-9 a-z _ - .].
-// - if the header-name ends with a "-bin" suffix, no validation of the header value is performed.
-// - otherwise, the header value must contain one or more characters from the set [%x20-%x7E].
+// Validate validates every pair in md with ValidatePair.
 func Validate(md metadata.MD) error {
 	for k, vals := range md {
-		// pseudo-header will be ignored
-		if k[0] == ':' {
-			continue
-		}
-		// check key, for i that saving a conversion if not using for range
-		for i := 0; i < len(k); i++ {
-			r := k[i]
-			if !(r >= 'a' && r <= 'z') && !(r >= '0' && r <= '9') && r != '.' && r != '-' && r != '_' {
-				return fmt.Errorf("header key %q contains illegal characters not in [0-9a-z-_.]", k)
-			}
-		}
-		if strings.HasSuffix(k, "-bin") {
-			continue
-		}
-		// check value
-		for _, val := range vals {
-			if hasNotPrintable(val) {
-				return fmt.Errorf("header key %q contains value with non-printable ASCII characters", k)
-			}
+		if err := ValidatePair(k, vals...); err != nil {
+			return err
 		}
 	}
 	return nil
@@ -118,3 +96,37 @@ func hasNotPrintable(msg string) bool {
 	}
 	return false
 }
+
+// ValidatePair validate a key-value pair with the following rules (the pseudo-header will be skipped) :
+//
+// - key must contain one or more characters.
+// - the characters in the key must be contained in [0-9 a-z _ - .].
+// - if the key ends with a "-bin" suffix, no validation of the corresponding value is performed.
+// - the characters in the every value must be printable (in [%x20-%x7E]).
+func ValidatePair(key string, vals ...string) error {
+	// key should not be empty
+	if key == "" {
+		return fmt.Errorf("there is an empty key in the header")
+	}
+	// pseudo-header will be ignored
+	if key[0] == ':' {
+		return nil
+	}
+	// check key, for i that saving a conversion if not using for range
+	for i := 0; i < len(key); i++ {
+		r := key[i]
+		if !(r >= 'a' && r <= 'z') && !(r >= '0' && r <= '9') && r != '.' && r != '-' && r != '_' {
+			return fmt.Errorf("header key %q contains illegal characters not in [0-9a-z-_.]", key)
+		}
+	}
+	if strings.HasSuffix(key, "-bin") {
+		return nil
+	}
+	// check value
+	for _, val := range vals {
+		if hasNotPrintable(val) {
+			return fmt.Errorf("header key %q contains value with non-printable ASCII characters", key)
+		}
+	}
+	return nil
+}
diff --git a/vendor/google.golang.org/grpc/internal/serviceconfig/duration.go b/vendor/google.golang.org/grpc/internal/serviceconfig/duration.go
new file mode 100644
index 000000000..11d82afcc
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/serviceconfig/duration.go
@@ -0,0 +1,130 @@
+/*
+ *
+ * Copyright 2023 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package serviceconfig
+
+import (
+	"encoding/json"
+	"fmt"
+	"math"
+	"strconv"
+	"strings"
+	"time"
+)
+
+// Duration defines JSON marshal and unmarshal methods to conform to the
+// protobuf JSON spec defined [here].
+//
+// [here]: https://protobuf.dev/reference/protobuf/google.protobuf/#duration
+type Duration time.Duration
+
+func (d Duration) String() string {
+	return fmt.Sprint(time.Duration(d))
+}
+
+// MarshalJSON converts from d to a JSON string output.
+func (d Duration) MarshalJSON() ([]byte, error) {
+	ns := time.Duration(d).Nanoseconds()
+	sec := ns / int64(time.Second)
+	ns = ns % int64(time.Second)
+
+	var sign string
+	if sec < 0 || ns < 0 {
+		sign, sec, ns = "-", -1*sec, -1*ns
+	}
+
+	// Generated output always contains 0, 3, 6, or 9 fractional digits,
+	// depending on required precision.
+	str := fmt.Sprintf("%s%d.%09d", sign, sec, ns)
+	str = strings.TrimSuffix(str, "000")
+	str = strings.TrimSuffix(str, "000")
+	str = strings.TrimSuffix(str, ".000")
+	return []byte(fmt.Sprintf("\"%ss\"", str)), nil
+}
+
+// UnmarshalJSON unmarshals b as a duration JSON string into d.
+func (d *Duration) UnmarshalJSON(b []byte) error {
+	var s string
+	if err := json.Unmarshal(b, &s); err != nil {
+		return err
+	}
+	if !strings.HasSuffix(s, "s") {
+		return fmt.Errorf("malformed duration %q: missing seconds unit", s)
+	}
+	neg := false
+	if s[0] == '-' {
+		neg = true
+		s = s[1:]
+	}
+	ss := strings.SplitN(s[:len(s)-1], ".", 3)
+	if len(ss) > 2 {
+		return fmt.Errorf("malformed duration %q: too many decimals", s)
+	}
+	// hasDigits is set if either the whole or fractional part of the number is
+	// present, since both are optional but one is required.
+	hasDigits := false
+	var sec, ns int64
+	if len(ss[0]) > 0 {
+		var err error
+		if sec, err = strconv.ParseInt(ss[0], 10, 64); err != nil {
+			return fmt.Errorf("malformed duration %q: %v", s, err)
+		}
+		// Maximum seconds value per the durationpb spec.
+		const maxProtoSeconds = 315_576_000_000
+		if sec > maxProtoSeconds {
+			return fmt.Errorf("out of range: %q", s)
+		}
+		hasDigits = true
+	}
+	if len(ss) == 2 && len(ss[1]) > 0 {
+		if len(ss[1]) > 9 {
+			return fmt.Errorf("malformed duration %q: too many digits after decimal", s)
+		}
+		var err error
+		if ns, err = strconv.ParseInt(ss[1], 10, 64); err != nil {
+			return fmt.Errorf("malformed duration %q: %v", s, err)
+		}
+		for i := 9; i > len(ss[1]); i-- {
+			ns *= 10
+		}
+		hasDigits = true
+	}
+	if !hasDigits {
+		return fmt.Errorf("malformed duration %q: contains no numbers", s)
+	}
+
+	if neg {
+		sec *= -1
+		ns *= -1
+	}
+
+	// Maximum/minimum seconds/nanoseconds representable by Go's time.Duration.
+	const maxSeconds = math.MaxInt64 / int64(time.Second)
+	const maxNanosAtMaxSeconds = math.MaxInt64 % int64(time.Second)
+	const minSeconds = math.MinInt64 / int64(time.Second)
+	const minNanosAtMinSeconds = math.MinInt64 % int64(time.Second)
+
+	if sec > maxSeconds || (sec == maxSeconds && ns >= maxNanosAtMaxSeconds) {
+		*d = Duration(math.MaxInt64)
+	} else if sec < minSeconds || (sec == minSeconds && ns <= minNanosAtMinSeconds) {
+		*d = Duration(math.MinInt64)
+	} else {
+		*d = Duration(sec*int64(time.Second) + ns)
+	}
+	return nil
+}
diff --git a/vendor/google.golang.org/grpc/internal/transport/controlbuf.go b/vendor/google.golang.org/grpc/internal/transport/controlbuf.go
index 9097385e1..be5a9c81e 100644
--- a/vendor/google.golang.org/grpc/internal/transport/controlbuf.go
+++ b/vendor/google.golang.org/grpc/internal/transport/controlbuf.go
@@ -22,6 +22,7 @@ import (
 	"bytes"
 	"errors"
 	"fmt"
+	"net"
 	"runtime"
 	"strconv"
 	"sync"
@@ -29,6 +30,7 @@ import (
 
 	"golang.org/x/net/http2"
 	"golang.org/x/net/http2/hpack"
+	"google.golang.org/grpc/internal/grpclog"
 	"google.golang.org/grpc/internal/grpcutil"
 	"google.golang.org/grpc/status"
 )
@@ -486,12 +488,14 @@ type loopyWriter struct {
 	hEnc          *hpack.Encoder // HPACK encoder.
 	bdpEst        *bdpEstimator
 	draining      bool
+	conn          net.Conn
+	logger        *grpclog.PrefixLogger
 
 	// Side-specific handlers
 	ssGoAwayHandler func(*goAway) (bool, error)
 }
 
-func newLoopyWriter(s side, fr *framer, cbuf *controlBuffer, bdpEst *bdpEstimator) *loopyWriter {
+func newLoopyWriter(s side, fr *framer, cbuf *controlBuffer, bdpEst *bdpEstimator, conn net.Conn, logger *grpclog.PrefixLogger) *loopyWriter {
 	var buf bytes.Buffer
 	l := &loopyWriter{
 		side:          s,
@@ -504,6 +508,8 @@ func newLoopyWriter(s side, fr *framer, cbuf *controlBuffer, bdpEst *bdpEstimato
 		hBuf:          &buf,
 		hEnc:          hpack.NewEncoder(&buf),
 		bdpEst:        bdpEst,
+		conn:          conn,
+		logger:        logger,
 	}
 	return l
 }
@@ -521,15 +527,27 @@ const minBatchSize = 1000
 // 2. Stream level flow control quota available.
 //
 // In each iteration of run loop, other than processing the incoming control
-// frame, loopy calls processData, which processes one node from the activeStreams linked-list.
-// This results in writing of HTTP2 frames into an underlying write buffer.
-// When there's no more control frames to read from controlBuf, loopy flushes the write buffer.
-// As an optimization, to increase the batch size for each flush, loopy yields the processor, once
-// if the batch size is too low to give stream goroutines a chance to fill it up.
+// frame, loopy calls processData, which processes one node from the
+// activeStreams linked-list.  This results in writing of HTTP2 frames into an
+// underlying write buffer.  When there's no more control frames to read from
+// controlBuf, loopy flushes the write buffer.  As an optimization, to increase
+// the batch size for each flush, loopy yields the processor, once if the batch
+// size is too low to give stream goroutines a chance to fill it up.
+//
+// Upon exiting, if the error causing the exit is not an I/O error, run()
+// flushes and closes the underlying connection.  Otherwise, the connection is
+// left open to allow the I/O error to be encountered by the reader instead.
 func (l *loopyWriter) run() (err error) {
-	// Always flush the writer before exiting in case there are pending frames
-	// to be sent.
-	defer l.framer.writer.Flush()
+	defer func() {
+		if l.logger.V(logLevel) {
+			l.logger.Infof("loopyWriter exiting with error: %v", err)
+		}
+		if !isIOError(err) {
+			l.framer.writer.Flush()
+			l.conn.Close()
+		}
+		l.cbuf.finish()
+	}()
 	for {
 		it, err := l.cbuf.get(true)
 		if err != nil {
@@ -581,11 +599,11 @@ func (l *loopyWriter) outgoingWindowUpdateHandler(w *outgoingWindowUpdate) error
 	return l.framer.fr.WriteWindowUpdate(w.streamID, w.increment)
 }
 
-func (l *loopyWriter) incomingWindowUpdateHandler(w *incomingWindowUpdate) error {
+func (l *loopyWriter) incomingWindowUpdateHandler(w *incomingWindowUpdate) {
 	// Otherwise update the quota.
 	if w.streamID == 0 {
 		l.sendQuota += w.increment
-		return nil
+		return
 	}
 	// Find the stream and update it.
 	if str, ok := l.estdStreams[w.streamID]; ok {
@@ -593,10 +611,9 @@ func (l *loopyWriter) incomingWindowUpdateHandler(w *incomingWindowUpdate) error
 		if strQuota := int(l.oiws) - str.bytesOutStanding; strQuota > 0 && str.state == waitingOnStreamQuota {
 			str.state = active
 			l.activeStreams.enqueue(str)
-			return nil
+			return
 		}
 	}
-	return nil
 }
 
 func (l *loopyWriter) outgoingSettingsHandler(s *outgoingSettings) error {
@@ -604,13 +621,11 @@ func (l *loopyWriter) outgoingSettingsHandler(s *outgoingSettings) error {
 }
 
 func (l *loopyWriter) incomingSettingsHandler(s *incomingSettings) error {
-	if err := l.applySettings(s.ss); err != nil {
-		return err
-	}
+	l.applySettings(s.ss)
 	return l.framer.fr.WriteSettingsAck()
 }
 
-func (l *loopyWriter) registerStreamHandler(h *registerStream) error {
+func (l *loopyWriter) registerStreamHandler(h *registerStream) {
 	str := &outStream{
 		id:    h.streamID,
 		state: empty,
@@ -618,15 +633,14 @@ func (l *loopyWriter) registerStreamHandler(h *registerStream) error {
 		wq:    h.wq,
 	}
 	l.estdStreams[h.streamID] = str
-	return nil
 }
 
 func (l *loopyWriter) headerHandler(h *headerFrame) error {
 	if l.side == serverSide {
 		str, ok := l.estdStreams[h.streamID]
 		if !ok {
-			if logger.V(logLevel) {
-				logger.Warningf("transport: loopy doesn't recognize the stream: %d", h.streamID)
+			if l.logger.V(logLevel) {
+				l.logger.Infof("Unrecognized streamID %d in loopyWriter", h.streamID)
 			}
 			return nil
 		}
@@ -681,8 +695,8 @@ func (l *loopyWriter) writeHeader(streamID uint32, endStream bool, hf []hpack.He
 	l.hBuf.Reset()
 	for _, f := range hf {
 		if err := l.hEnc.WriteField(f); err != nil {
-			if logger.V(logLevel) {
-				logger.Warningf("transport: loopyWriter.writeHeader encountered error while encoding headers: %v", err)
+			if l.logger.V(logLevel) {
+				l.logger.Warningf("Encountered error while encoding headers: %v", err)
 			}
 		}
 	}
@@ -720,10 +734,10 @@ func (l *loopyWriter) writeHeader(streamID uint32, endStream bool, hf []hpack.He
 	return nil
 }
 
-func (l *loopyWriter) preprocessData(df *dataFrame) error {
+func (l *loopyWriter) preprocessData(df *dataFrame) {
 	str, ok := l.estdStreams[df.streamID]
 	if !ok {
-		return nil
+		return
 	}
 	// If we got data for a stream it means that
 	// stream was originated and the headers were sent out.
@@ -732,7 +746,6 @@ func (l *loopyWriter) preprocessData(df *dataFrame) error {
 		str.state = active
 		l.activeStreams.enqueue(str)
 	}
-	return nil
 }
 
 func (l *loopyWriter) pingHandler(p *ping) error {
@@ -743,9 +756,8 @@ func (l *loopyWriter) pingHandler(p *ping) error {
 
 }
 
-func (l *loopyWriter) outFlowControlSizeRequestHandler(o *outFlowControlSizeRequest) error {
+func (l *loopyWriter) outFlowControlSizeRequestHandler(o *outFlowControlSizeRequest) {
 	o.resp <- l.sendQuota
-	return nil
 }
 
 func (l *loopyWriter) cleanupStreamHandler(c *cleanupStream) error {
@@ -763,6 +775,7 @@ func (l *loopyWriter) cleanupStreamHandler(c *cleanupStream) error {
 		}
 	}
 	if l.draining && len(l.estdStreams) == 0 {
+		// Flush and close the connection; we are done with it.
 		return errors.New("finished processing active streams while in draining mode")
 	}
 	return nil
@@ -798,6 +811,7 @@ func (l *loopyWriter) incomingGoAwayHandler(*incomingGoAway) error {
 	if l.side == clientSide {
 		l.draining = true
 		if len(l.estdStreams) == 0 {
+			// Flush and close the connection; we are done with it.
 			return errors.New("received GOAWAY with no active streams")
 		}
 	}
@@ -816,17 +830,10 @@ func (l *loopyWriter) goAwayHandler(g *goAway) error {
 	return nil
 }
 
-func (l *loopyWriter) closeConnectionHandler() error {
-	// Exit loopyWriter entirely by returning an error here.  This will lead to
-	// the transport closing the connection, and, ultimately, transport
-	// closure.
-	return ErrConnClosing
-}
-
 func (l *loopyWriter) handle(i interface{}) error {
 	switch i := i.(type) {
 	case *incomingWindowUpdate:
-		return l.incomingWindowUpdateHandler(i)
+		l.incomingWindowUpdateHandler(i)
 	case *outgoingWindowUpdate:
 		return l.outgoingWindowUpdateHandler(i)
 	case *incomingSettings:
@@ -836,7 +843,7 @@ func (l *loopyWriter) handle(i interface{}) error {
 	case *headerFrame:
 		return l.headerHandler(i)
 	case *registerStream:
-		return l.registerStreamHandler(i)
+		l.registerStreamHandler(i)
 	case *cleanupStream:
 		return l.cleanupStreamHandler(i)
 	case *earlyAbortStream:
@@ -844,21 +851,24 @@ func (l *loopyWriter) handle(i interface{}) error {
 	case *incomingGoAway:
 		return l.incomingGoAwayHandler(i)
 	case *dataFrame:
-		return l.preprocessData(i)
+		l.preprocessData(i)
 	case *ping:
 		return l.pingHandler(i)
 	case *goAway:
 		return l.goAwayHandler(i)
 	case *outFlowControlSizeRequest:
-		return l.outFlowControlSizeRequestHandler(i)
+		l.outFlowControlSizeRequestHandler(i)
 	case closeConnection:
-		return l.closeConnectionHandler()
+		// Just return a non-I/O error and run() will flush and close the
+		// connection.
+		return ErrConnClosing
 	default:
 		return fmt.Errorf("transport: unknown control message type %T", i)
 	}
+	return nil
 }
 
-func (l *loopyWriter) applySettings(ss []http2.Setting) error {
+func (l *loopyWriter) applySettings(ss []http2.Setting) {
 	for _, s := range ss {
 		switch s.ID {
 		case http2.SettingInitialWindowSize:
@@ -877,7 +887,6 @@ func (l *loopyWriter) applySettings(ss []http2.Setting) error {
 			updateHeaderTblSize(l.hEnc, s.Val)
 		}
 	}
-	return nil
 }
 
 // processData removes the first stream from active streams, writes out at most 16KB
@@ -911,7 +920,7 @@ func (l *loopyWriter) processData() (bool, error) {
 				return false, err
 			}
 			if err := l.cleanupStreamHandler(trailer.cleanup); err != nil {
-				return false, nil
+				return false, err
 			}
 		} else {
 			l.activeStreams.enqueue(str)
diff --git a/vendor/google.golang.org/grpc/internal/transport/handler_server.go b/vendor/google.golang.org/grpc/internal/transport/handler_server.go
index e6626bf96..98f80e3fa 100644
--- a/vendor/google.golang.org/grpc/internal/transport/handler_server.go
+++ b/vendor/google.golang.org/grpc/internal/transport/handler_server.go
@@ -39,6 +39,7 @@ import (
 	"golang.org/x/net/http2"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/internal/grpclog"
 	"google.golang.org/grpc/internal/grpcutil"
 	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/peer"
@@ -83,6 +84,7 @@ func NewServerHandlerTransport(w http.ResponseWriter, r *http.Request, stats []s
 		contentSubtype: contentSubtype,
 		stats:          stats,
 	}
+	st.logger = prefixLoggerForServerHandlerTransport(st)
 
 	if v := r.Header.Get("grpc-timeout"); v != "" {
 		to, err := decodeTimeout(v)
@@ -150,13 +152,14 @@ type serverHandlerTransport struct {
 	// TODO make sure this is consistent across handler_server and http2_server
 	contentSubtype string
 
-	stats []stats.Handler
+	stats  []stats.Handler
+	logger *grpclog.PrefixLogger
 }
 
 func (ht *serverHandlerTransport) Close(err error) {
 	ht.closeOnce.Do(func() {
-		if logger.V(logLevel) {
-			logger.Infof("Closing serverHandlerTransport: %v", err)
+		if ht.logger.V(logLevel) {
+			ht.logger.Infof("Closing: %v", err)
 		}
 		close(ht.closedCh)
 	})
@@ -450,7 +453,7 @@ func (ht *serverHandlerTransport) IncrMsgSent() {}
 
 func (ht *serverHandlerTransport) IncrMsgRecv() {}
 
-func (ht *serverHandlerTransport) Drain() {
+func (ht *serverHandlerTransport) Drain(debugData string) {
 	panic("Drain() is not implemented")
 }
 
diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_client.go b/vendor/google.golang.org/grpc/internal/transport/http2_client.go
index 79ee8aea0..326bf0848 100644
--- a/vendor/google.golang.org/grpc/internal/transport/http2_client.go
+++ b/vendor/google.golang.org/grpc/internal/transport/http2_client.go
@@ -38,6 +38,7 @@ import (
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/internal/channelz"
 	icredentials "google.golang.org/grpc/internal/credentials"
+	"google.golang.org/grpc/internal/grpclog"
 	"google.golang.org/grpc/internal/grpcsync"
 	"google.golang.org/grpc/internal/grpcutil"
 	imetadata "google.golang.org/grpc/internal/metadata"
@@ -145,6 +146,7 @@ type http2Client struct {
 	bufferPool *bufferPool
 
 	connectionID uint64
+	logger       *grpclog.PrefixLogger
 }
 
 func dial(ctx context.Context, fn func(context.Context, string) (net.Conn, error), addr resolver.Address, useProxy bool, grpcUA string) (net.Conn, error) {
@@ -244,7 +246,7 @@ func newHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts
 		if err := connectCtx.Err(); err != nil {
 			// connectCtx expired before exiting the function.  Hard close the connection.
 			if logger.V(logLevel) {
-				logger.Infof("newClientTransport: aborting due to connectCtx: %v", err)
+				logger.Infof("Aborting due to connect deadline expiring: %v", err)
 			}
 			conn.Close()
 		}
@@ -346,6 +348,7 @@ func newHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts
 		bufferPool:            newBufferPool(),
 		onClose:               onClose,
 	}
+	t.logger = prefixLoggerForClientTransport(t)
 	// Add peer information to the http2client context.
 	t.ctx = peer.NewContext(t.ctx, t.getPeer())
 
@@ -444,15 +447,8 @@ func newHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts
 		return nil, err
 	}
 	go func() {
-		t.loopy = newLoopyWriter(clientSide, t.framer, t.controlBuf, t.bdpEst)
-		err := t.loopy.run()
-		if logger.V(logLevel) {
-			logger.Infof("transport: loopyWriter exited. Closing connection. Err: %v", err)
-		}
-		// Do not close the transport.  Let reader goroutine handle it since
-		// there might be data in the buffers.
-		t.conn.Close()
-		t.controlBuf.finish()
+		t.loopy = newLoopyWriter(clientSide, t.framer, t.controlBuf, t.bdpEst, t.conn, t.logger)
+		t.loopy.run()
 		close(t.writerDone)
 	}()
 	return t, nil
@@ -789,7 +785,7 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*Stream,
 		s.id = h.streamID
 		s.fc = &inFlow{limit: uint32(t.initialWindowSize)}
 		t.mu.Lock()
-		if t.activeStreams == nil { // Can be niled from Close().
+		if t.state == draining || t.activeStreams == nil { // Can be niled from Close().
 			t.mu.Unlock()
 			return false // Don't create a stream if the transport is already closed.
 		}
@@ -866,8 +862,8 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*Stream,
 		}
 	}
 	if transportDrainRequired {
-		if logger.V(logLevel) {
-			logger.Infof("transport: t.nextID > MaxStreamID. Draining")
+		if t.logger.V(logLevel) {
+			t.logger.Infof("Draining transport: t.nextID > MaxStreamID")
 		}
 		t.GracefulClose()
 	}
@@ -959,8 +955,8 @@ func (t *http2Client) Close(err error) {
 		t.mu.Unlock()
 		return
 	}
-	if logger.V(logLevel) {
-		logger.Infof("transport: closing: %v", err)
+	if t.logger.V(logLevel) {
+		t.logger.Infof("Closing: %v", err)
 	}
 	// Call t.onClose ASAP to prevent the client from attempting to create new
 	// streams.
@@ -1016,8 +1012,8 @@ func (t *http2Client) GracefulClose() {
 		t.mu.Unlock()
 		return
 	}
-	if logger.V(logLevel) {
-		logger.Infof("transport: GracefulClose called")
+	if t.logger.V(logLevel) {
+		t.logger.Infof("GracefulClose called")
 	}
 	t.onClose(GoAwayInvalid)
 	t.state = draining
@@ -1181,8 +1177,8 @@ func (t *http2Client) handleRSTStream(f *http2.RSTStreamFrame) {
 	}
 	statusCode, ok := http2ErrConvTab[f.ErrCode]
 	if !ok {
-		if logger.V(logLevel) {
-			logger.Warningf("transport: http2Client.handleRSTStream found no mapped gRPC status for the received http2 error: %v", f.ErrCode)
+		if t.logger.V(logLevel) {
+			t.logger.Infof("Received a RST_STREAM frame with code %q, but found no mapped gRPC status", f.ErrCode)
 		}
 		statusCode = codes.Unknown
 	}
@@ -1264,10 +1260,12 @@ func (t *http2Client) handleGoAway(f *http2.GoAwayFrame) {
 		t.mu.Unlock()
 		return
 	}
-	if f.ErrCode == http2.ErrCodeEnhanceYourCalm {
-		if logger.V(logLevel) {
-			logger.Infof("Client received GoAway with http2.ErrCodeEnhanceYourCalm.")
-		}
+	if f.ErrCode == http2.ErrCodeEnhanceYourCalm && string(f.DebugData()) == "too_many_pings" {
+		// When a client receives a GOAWAY with error code ENHANCE_YOUR_CALM and debug
+		// data equal to ASCII "too_many_pings", it should log the occurrence at a log level that is
+		// enabled by default and double the configure KEEPALIVE_TIME used for new connections
+		// on that channel.
+		logger.Errorf("Client received GoAway with error code ENHANCE_YOUR_CALM and debug data equal to ASCII \"too_many_pings\".")
 	}
 	id := f.LastStreamID
 	if id > 0 && id%2 == 0 {
@@ -1339,7 +1337,7 @@ func (t *http2Client) handleGoAway(f *http2.GoAwayFrame) {
 
 // setGoAwayReason sets the value of t.goAwayReason based
 // on the GoAway frame received.
-// It expects a lock on transport's mutext to be held by
+// It expects a lock on transport's mutex to be held by
 // the caller.
 func (t *http2Client) setGoAwayReason(f *http2.GoAwayFrame) {
 	t.goAwayReason = GoAwayNoReason
diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_server.go b/vendor/google.golang.org/grpc/internal/transport/http2_server.go
index bc3da7067..ec4eef213 100644
--- a/vendor/google.golang.org/grpc/internal/transport/http2_server.go
+++ b/vendor/google.golang.org/grpc/internal/transport/http2_server.go
@@ -35,7 +35,9 @@ import (
 	"github.com/golang/protobuf/proto"
 	"golang.org/x/net/http2"
 	"golang.org/x/net/http2/hpack"
+	"google.golang.org/grpc/internal/grpclog"
 	"google.golang.org/grpc/internal/grpcutil"
+	"google.golang.org/grpc/internal/pretty"
 	"google.golang.org/grpc/internal/syscall"
 
 	"google.golang.org/grpc/codes"
@@ -129,6 +131,8 @@ type http2Server struct {
 	// This lock may not be taken if mu is already held.
 	maxStreamMu sync.Mutex
 	maxStreamID uint32 // max stream ID ever seen
+
+	logger *grpclog.PrefixLogger
 }
 
 // NewServerTransport creates a http2 transport with conn and configuration
@@ -167,15 +171,10 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport,
 		ID:  http2.SettingMaxFrameSize,
 		Val: http2MaxFrameLen,
 	}}
-	// TODO(zhaoq): Have a better way to signal "no limit" because 0 is
-	// permitted in the HTTP2 spec.
-	maxStreams := config.MaxStreams
-	if maxStreams == 0 {
-		maxStreams = math.MaxUint32
-	} else {
+	if config.MaxStreams != math.MaxUint32 {
 		isettings = append(isettings, http2.Setting{
 			ID:  http2.SettingMaxConcurrentStreams,
-			Val: maxStreams,
+			Val: config.MaxStreams,
 		})
 	}
 	dynamicWindow := true
@@ -254,7 +253,7 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport,
 		framer:            framer,
 		readerDone:        make(chan struct{}),
 		writerDone:        make(chan struct{}),
-		maxStreams:        maxStreams,
+		maxStreams:        config.MaxStreams,
 		inTapHandle:       config.InTapHandle,
 		fc:                &trInFlow{limit: uint32(icwz)},
 		state:             reachable,
@@ -267,6 +266,7 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport,
 		czData:            new(channelzData),
 		bufferPool:        newBufferPool(),
 	}
+	t.logger = prefixLoggerForServerTransport(t)
 	// Add peer information to the http2server context.
 	t.ctx = peer.NewContext(t.ctx, t.getPeer())
 
@@ -331,14 +331,9 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport,
 	t.handleSettings(sf)
 
 	go func() {
-		t.loopy = newLoopyWriter(serverSide, t.framer, t.controlBuf, t.bdpEst)
+		t.loopy = newLoopyWriter(serverSide, t.framer, t.controlBuf, t.bdpEst, t.conn, t.logger)
 		t.loopy.ssGoAwayHandler = t.outgoingGoAwayHandler
-		err := t.loopy.run()
-		if logger.V(logLevel) {
-			logger.Infof("transport: loopyWriter exited. Closing connection. Err: %v", err)
-		}
-		t.conn.Close()
-		t.controlBuf.finish()
+		t.loopy.run()
 		close(t.writerDone)
 	}()
 	go t.keepalive()
@@ -383,7 +378,7 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(
 		// if false, content-type was missing or invalid
 		isGRPC      = false
 		contentType = ""
-		mdata       = make(map[string][]string)
+		mdata       = make(metadata.MD, len(frame.Fields))
 		httpMethod  string
 		// these are set if an error is encountered while parsing the headers
 		protocolError bool
@@ -404,6 +399,17 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(
 			mdata[hf.Name] = append(mdata[hf.Name], hf.Value)
 			s.contentSubtype = contentSubtype
 			isGRPC = true
+
+		case "grpc-accept-encoding":
+			mdata[hf.Name] = append(mdata[hf.Name], hf.Value)
+			if hf.Value == "" {
+				continue
+			}
+			compressors := hf.Value
+			if s.clientAdvertisedCompressors != "" {
+				compressors = s.clientAdvertisedCompressors + "," + compressors
+			}
+			s.clientAdvertisedCompressors = compressors
 		case "grpc-encoding":
 			s.recvCompress = hf.Value
 		case ":method":
@@ -419,8 +425,8 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(
 		// "Transports must consider requests containing the Connection header
 		// as malformed." - A41
 		case "connection":
-			if logger.V(logLevel) {
-				logger.Errorf("transport: http2Server.operateHeaders parsed a :connection header which makes a request malformed as per the HTTP/2 spec")
+			if t.logger.V(logLevel) {
+				t.logger.Infof("Received a HEADERS frame with a :connection header which makes the request malformed, as per the HTTP/2 spec")
 			}
 			protocolError = true
 		default:
@@ -430,7 +436,7 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(
 			v, err := decodeMetadataHeader(hf.Name, hf.Value)
 			if err != nil {
 				headerError = status.Newf(codes.Internal, "malformed binary metadata %q in header %q: %v", hf.Value, hf.Name, err)
-				logger.Warningf("Failed to decode metadata header (%q, %q): %v", hf.Name, hf.Value, err)
+				t.logger.Warningf("Failed to decode metadata header (%q, %q): %v", hf.Name, hf.Value, err)
 				break
 			}
 			mdata[hf.Name] = append(mdata[hf.Name], v)
@@ -444,8 +450,8 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(
 	// error, this takes precedence over a client not speaking gRPC.
 	if len(mdata[":authority"]) > 1 || len(mdata["host"]) > 1 {
 		errMsg := fmt.Sprintf("num values of :authority: %v, num values of host: %v, both must only have 1 value as per HTTP/2 spec", len(mdata[":authority"]), len(mdata["host"]))
-		if logger.V(logLevel) {
-			logger.Errorf("transport: %v", errMsg)
+		if t.logger.V(logLevel) {
+			t.logger.Infof("Aborting the stream early: %v", errMsg)
 		}
 		t.controlBuf.put(&earlyAbortStream{
 			httpStatus:     http.StatusBadRequest,
@@ -539,9 +545,9 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(
 	}
 	if httpMethod != http.MethodPost {
 		t.mu.Unlock()
-		errMsg := fmt.Sprintf("http2Server.operateHeaders parsed a :method field: %v which should be POST", httpMethod)
-		if logger.V(logLevel) {
-			logger.Infof("transport: %v", errMsg)
+		errMsg := fmt.Sprintf("Received a HEADERS frame with :method %q which should be POST", httpMethod)
+		if t.logger.V(logLevel) {
+			t.logger.Infof("Aborting the stream early: %v", errMsg)
 		}
 		t.controlBuf.put(&earlyAbortStream{
 			httpStatus:     405,
@@ -557,8 +563,8 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(
 		var err error
 		if s.ctx, err = t.inTapHandle(s.ctx, &tap.Info{FullMethodName: s.method}); err != nil {
 			t.mu.Unlock()
-			if logger.V(logLevel) {
-				logger.Infof("transport: http2Server.operateHeaders got an error from InTapHandle: %v", err)
+			if t.logger.V(logLevel) {
+				t.logger.Infof("Aborting the stream early due to InTapHandle failure: %v", err)
 			}
 			stat, ok := status.FromError(err)
 			if !ok {
@@ -595,7 +601,7 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(
 			LocalAddr:   t.localAddr,
 			Compression: s.recvCompress,
 			WireLength:  int(frame.Header().Length),
-			Header:      metadata.MD(mdata).Copy(),
+			Header:      mdata.Copy(),
 		}
 		sh.HandleRPC(s.ctx, inHeader)
 	}
@@ -632,8 +638,8 @@ func (t *http2Server) HandleStreams(handle func(*Stream), traceCtx func(context.
 		atomic.StoreInt64(&t.lastRead, time.Now().UnixNano())
 		if err != nil {
 			if se, ok := err.(http2.StreamError); ok {
-				if logger.V(logLevel) {
-					logger.Warningf("transport: http2Server.HandleStreams encountered http2.StreamError: %v", se)
+				if t.logger.V(logLevel) {
+					t.logger.Warningf("Encountered http2.StreamError: %v", se)
 				}
 				t.mu.Lock()
 				s := t.activeStreams[se.StreamID]
@@ -676,8 +682,8 @@ func (t *http2Server) HandleStreams(handle func(*Stream), traceCtx func(context.
 		case *http2.GoAwayFrame:
 			// TODO: Handle GoAway from the client appropriately.
 		default:
-			if logger.V(logLevel) {
-				logger.Errorf("transport: http2Server.HandleStreams found unhandled frame type %v.", frame)
+			if t.logger.V(logLevel) {
+				t.logger.Infof("Received unsupported frame type %T", frame)
 			}
 		}
 	}
@@ -936,8 +942,8 @@ func (t *http2Server) checkForHeaderListSize(it interface{}) bool {
 	var sz int64
 	for _, f := range hdrFrame.hf {
 		if sz += int64(f.Size()); sz > int64(*t.maxSendHeaderListSize) {
-			if logger.V(logLevel) {
-				logger.Errorf("header list size to send violates the maximum size (%d bytes) set by client", *t.maxSendHeaderListSize)
+			if t.logger.V(logLevel) {
+				t.logger.Infof("Header list size to send violates the maximum size (%d bytes) set by client", *t.maxSendHeaderListSize)
 			}
 			return false
 		}
@@ -1050,7 +1056,7 @@ func (t *http2Server) WriteStatus(s *Stream, st *status.Status) error {
 		stBytes, err := proto.Marshal(p)
 		if err != nil {
 			// TODO: return error instead, when callers are able to handle it.
-			logger.Errorf("transport: failed to marshal rpc status: %v, error: %v", p, err)
+			t.logger.Errorf("Failed to marshal rpc status: %s, error: %v", pretty.ToJSON(p), err)
 		} else {
 			headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-status-details-bin", Value: encodeBinHeader(stBytes)})
 		}
@@ -1155,18 +1161,18 @@ func (t *http2Server) keepalive() {
 			if val <= 0 {
 				// The connection has been idle for a duration of keepalive.MaxConnectionIdle or more.
 				// Gracefully close the connection.
-				t.Drain()
+				t.Drain("max_idle")
 				return
 			}
 			idleTimer.Reset(val)
 		case <-ageTimer.C:
-			t.Drain()
+			t.Drain("max_age")
 			ageTimer.Reset(t.kp.MaxConnectionAgeGrace)
 			select {
 			case <-ageTimer.C:
 				// Close the connection after grace period.
-				if logger.V(logLevel) {
-					logger.Infof("transport: closing server transport due to maximum connection age.")
+				if t.logger.V(logLevel) {
+					t.logger.Infof("Closing server transport due to maximum connection age")
 				}
 				t.controlBuf.put(closeConnection{})
 			case <-t.done:
@@ -1217,8 +1223,8 @@ func (t *http2Server) Close(err error) {
 		t.mu.Unlock()
 		return
 	}
-	if logger.V(logLevel) {
-		logger.Infof("transport: closing: %v", err)
+	if t.logger.V(logLevel) {
+		t.logger.Infof("Closing: %v", err)
 	}
 	t.state = closing
 	streams := t.activeStreams
@@ -1226,8 +1232,8 @@ func (t *http2Server) Close(err error) {
 	t.mu.Unlock()
 	t.controlBuf.finish()
 	close(t.done)
-	if err := t.conn.Close(); err != nil && logger.V(logLevel) {
-		logger.Infof("transport: error closing conn during Close: %v", err)
+	if err := t.conn.Close(); err != nil && t.logger.V(logLevel) {
+		t.logger.Infof("Error closing underlying net.Conn during Close: %v", err)
 	}
 	channelz.RemoveEntry(t.channelzID)
 	// Cancel all active streams.
@@ -1307,14 +1313,14 @@ func (t *http2Server) RemoteAddr() net.Addr {
 	return t.remoteAddr
 }
 
-func (t *http2Server) Drain() {
+func (t *http2Server) Drain(debugData string) {
 	t.mu.Lock()
 	defer t.mu.Unlock()
 	if t.drainEvent != nil {
 		return
 	}
 	t.drainEvent = grpcsync.NewEvent()
-	t.controlBuf.put(&goAway{code: http2.ErrCodeNo, debugData: []byte{}, headsUp: true})
+	t.controlBuf.put(&goAway{code: http2.ErrCodeNo, debugData: []byte(debugData), headsUp: true})
 }
 
 var goAwayPing = &ping{data: [8]byte{1, 6, 1, 8, 0, 3, 3, 9}}
@@ -1344,9 +1350,6 @@ func (t *http2Server) outgoingGoAwayHandler(g *goAway) (bool, error) {
 			return false, err
 		}
 		if retErr != nil {
-			// Abruptly close the connection following the GoAway (via
-			// loopywriter).  But flush out what's inside the buffer first.
-			t.framer.writer.Flush()
 			return false, retErr
 		}
 		return true, nil
@@ -1359,7 +1362,7 @@ func (t *http2Server) outgoingGoAwayHandler(g *goAway) (bool, error) {
 	// originated before the GoAway reaches the client.
 	// After getting the ack or timer expiration send out another GoAway this
 	// time with an ID of the max stream server intends to process.
-	if err := t.framer.fr.WriteGoAway(math.MaxUint32, http2.ErrCodeNo, []byte{}); err != nil {
+	if err := t.framer.fr.WriteGoAway(math.MaxUint32, http2.ErrCodeNo, g.debugData); err != nil {
 		return false, err
 	}
 	if err := t.framer.fr.WritePing(false, goAwayPing.data); err != nil {
diff --git a/vendor/google.golang.org/grpc/internal/transport/http_util.go b/vendor/google.golang.org/grpc/internal/transport/http_util.go
index 2c601a864..19cbb18f5 100644
--- a/vendor/google.golang.org/grpc/internal/transport/http_util.go
+++ b/vendor/google.golang.org/grpc/internal/transport/http_util.go
@@ -21,6 +21,7 @@ package transport
 import (
 	"bufio"
 	"encoding/base64"
+	"errors"
 	"fmt"
 	"io"
 	"math"
@@ -37,7 +38,6 @@ import (
 	"golang.org/x/net/http2/hpack"
 	spb "google.golang.org/genproto/googleapis/rpc/status"
 	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/grpclog"
 	"google.golang.org/grpc/status"
 )
 
@@ -85,7 +85,6 @@ var (
 		// 504 Gateway timeout - UNAVAILABLE.
 		http.StatusGatewayTimeout: codes.Unavailable,
 	}
-	logger = grpclog.Component("transport")
 )
 
 // isReservedHeader checks whether hdr belongs to HTTP2 headers
@@ -330,7 +329,8 @@ func (w *bufWriter) Write(b []byte) (n int, err error) {
 		return 0, w.err
 	}
 	if w.batchSize == 0 { // Buffer has been disabled.
-		return w.conn.Write(b)
+		n, err = w.conn.Write(b)
+		return n, toIOError(err)
 	}
 	for len(b) > 0 {
 		nn := copy(w.buf[w.offset:], b)
@@ -352,10 +352,30 @@ func (w *bufWriter) Flush() error {
 		return nil
 	}
 	_, w.err = w.conn.Write(w.buf[:w.offset])
+	w.err = toIOError(w.err)
 	w.offset = 0
 	return w.err
 }
 
+type ioError struct {
+	error
+}
+
+func (i ioError) Unwrap() error {
+	return i.error
+}
+
+func isIOError(err error) bool {
+	return errors.As(err, &ioError{})
+}
+
+func toIOError(err error) error {
+	if err == nil {
+		return nil
+	}
+	return ioError{error: err}
+}
+
 type framer struct {
 	writer *bufWriter
 	fr     *http2.Framer
diff --git a/vendor/google.golang.org/grpc/internal/transport/logging.go b/vendor/google.golang.org/grpc/internal/transport/logging.go
new file mode 100644
index 000000000..42ed2b07a
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/transport/logging.go
@@ -0,0 +1,40 @@
+/*
+ *
+ * Copyright 2023 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package transport
+
+import (
+	"fmt"
+
+	"google.golang.org/grpc/grpclog"
+	internalgrpclog "google.golang.org/grpc/internal/grpclog"
+)
+
+var logger = grpclog.Component("transport")
+
+func prefixLoggerForServerTransport(p *http2Server) *internalgrpclog.PrefixLogger {
+	return internalgrpclog.NewPrefixLogger(logger, fmt.Sprintf("[server-transport %p] ", p))
+}
+
+func prefixLoggerForServerHandlerTransport(p *serverHandlerTransport) *internalgrpclog.PrefixLogger {
+	return internalgrpclog.NewPrefixLogger(logger, fmt.Sprintf("[server-handler-transport %p] ", p))
+}
+
+func prefixLoggerForClientTransport(p *http2Client) *internalgrpclog.PrefixLogger {
+	return internalgrpclog.NewPrefixLogger(logger, fmt.Sprintf("[client-transport %p] ", p))
+}
diff --git a/vendor/google.golang.org/grpc/internal/transport/transport.go b/vendor/google.golang.org/grpc/internal/transport/transport.go
index 0ac77ea4f..aa1c89659 100644
--- a/vendor/google.golang.org/grpc/internal/transport/transport.go
+++ b/vendor/google.golang.org/grpc/internal/transport/transport.go
@@ -257,6 +257,9 @@ type Stream struct {
 	fc           *inFlow
 	wq           *writeQuota
 
+	// Holds compressor names passed in grpc-accept-encoding metadata from the
+	// client. This is empty for the client side stream.
+	clientAdvertisedCompressors string
 	// Callback to state application's intentions to read data. This
 	// is used to adjust flow control, if needed.
 	requestRead func(int)
@@ -345,8 +348,24 @@ func (s *Stream) RecvCompress() string {
 }
 
 // SetSendCompress sets the compression algorithm to the stream.
-func (s *Stream) SetSendCompress(str string) {
-	s.sendCompress = str
+func (s *Stream) SetSendCompress(name string) error {
+	if s.isHeaderSent() || s.getState() == streamDone {
+		return errors.New("transport: set send compressor called after headers sent or stream done")
+	}
+
+	s.sendCompress = name
+	return nil
+}
+
+// SendCompress returns the send compressor name.
+func (s *Stream) SendCompress() string {
+	return s.sendCompress
+}
+
+// ClientAdvertisedCompressors returns the compressor names advertised by the
+// client via grpc-accept-encoding header.
+func (s *Stream) ClientAdvertisedCompressors() string {
+	return s.clientAdvertisedCompressors
 }
 
 // Done returns a channel which is closed when it receives the final status
@@ -707,7 +726,7 @@ type ServerTransport interface {
 	RemoteAddr() net.Addr
 
 	// Drain notifies the client this ServerTransport stops accepting new RPCs.
-	Drain()
+	Drain(debugData string)
 
 	// IncrMsgSent increments the number of message sent through this transport.
 	IncrMsgSent()
diff --git a/vendor/google.golang.org/grpc/metadata/metadata.go b/vendor/google.golang.org/grpc/metadata/metadata.go
index fb4a88f59..a2cdcaf12 100644
--- a/vendor/google.golang.org/grpc/metadata/metadata.go
+++ b/vendor/google.golang.org/grpc/metadata/metadata.go
@@ -91,7 +91,11 @@ func (md MD) Len() int {
 
 // Copy returns a copy of md.
 func (md MD) Copy() MD {
-	return Join(md)
+	out := make(MD, len(md))
+	for k, v := range md {
+		out[k] = copyOf(v)
+	}
+	return out
 }
 
 // Get obtains the values for a given key.
@@ -171,8 +175,11 @@ func AppendToOutgoingContext(ctx context.Context, kv ...string) context.Context
 	md, _ := ctx.Value(mdOutgoingKey{}).(rawMD)
 	added := make([][]string, len(md.added)+1)
 	copy(added, md.added)
-	added[len(added)-1] = make([]string, len(kv))
-	copy(added[len(added)-1], kv)
+	kvCopy := make([]string, 0, len(kv))
+	for i := 0; i < len(kv); i += 2 {
+		kvCopy = append(kvCopy, strings.ToLower(kv[i]), kv[i+1])
+	}
+	added[len(added)-1] = kvCopy
 	return context.WithValue(ctx, mdOutgoingKey{}, rawMD{md: md.md, added: added})
 }
 
diff --git a/vendor/google.golang.org/grpc/picker_wrapper.go b/vendor/google.golang.org/grpc/picker_wrapper.go
index c525dc070..02f975951 100644
--- a/vendor/google.golang.org/grpc/picker_wrapper.go
+++ b/vendor/google.golang.org/grpc/picker_wrapper.go
@@ -36,6 +36,7 @@ import (
 type pickerWrapper struct {
 	mu         sync.Mutex
 	done       bool
+	idle       bool
 	blockingCh chan struct{}
 	picker     balancer.Picker
 }
@@ -47,7 +48,11 @@ func newPickerWrapper() *pickerWrapper {
 // updatePicker is called by UpdateBalancerState. It unblocks all blocked pick.
 func (pw *pickerWrapper) updatePicker(p balancer.Picker) {
 	pw.mu.Lock()
-	if pw.done {
+	if pw.done || pw.idle {
+		// There is a small window where a picker update from the LB policy can
+		// race with the channel going to idle mode. If the picker is idle here,
+		// it is because the channel asked it to do so, and therefore it is sage
+		// to ignore the update from the LB policy.
 		pw.mu.Unlock()
 		return
 	}
@@ -63,10 +68,8 @@ func (pw *pickerWrapper) updatePicker(p balancer.Picker) {
 //   - wraps the done function in the passed in result to increment the calls
 //     failed or calls succeeded channelz counter before invoking the actual
 //     done function.
-func doneChannelzWrapper(acw *acBalancerWrapper, result *balancer.PickResult) {
-	acw.mu.Lock()
-	ac := acw.ac
-	acw.mu.Unlock()
+func doneChannelzWrapper(acbw *acBalancerWrapper, result *balancer.PickResult) {
+	ac := acbw.ac
 	ac.incrCallsStarted()
 	done := result.Done
 	result.Done = func(b balancer.DoneInfo) {
@@ -152,14 +155,14 @@ func (pw *pickerWrapper) pick(ctx context.Context, failfast bool, info balancer.
 			return nil, balancer.PickResult{}, status.Error(codes.Unavailable, err.Error())
 		}
 
-		acw, ok := pickResult.SubConn.(*acBalancerWrapper)
+		acbw, ok := pickResult.SubConn.(*acBalancerWrapper)
 		if !ok {
 			logger.Errorf("subconn returned from pick is type %T, not *acBalancerWrapper", pickResult.SubConn)
 			continue
 		}
-		if t := acw.getAddrConn().getReadyTransport(); t != nil {
+		if t := acbw.ac.getReadyTransport(); t != nil {
 			if channelz.IsOn() {
-				doneChannelzWrapper(acw, &pickResult)
+				doneChannelzWrapper(acbw, &pickResult)
 				return t, pickResult, nil
 			}
 			return t, pickResult, nil
@@ -187,6 +190,25 @@ func (pw *pickerWrapper) close() {
 	close(pw.blockingCh)
 }
 
+func (pw *pickerWrapper) enterIdleMode() {
+	pw.mu.Lock()
+	defer pw.mu.Unlock()
+	if pw.done {
+		return
+	}
+	pw.idle = true
+}
+
+func (pw *pickerWrapper) exitIdleMode() {
+	pw.mu.Lock()
+	defer pw.mu.Unlock()
+	if pw.done {
+		return
+	}
+	pw.blockingCh = make(chan struct{})
+	pw.idle = false
+}
+
 // dropError is a wrapper error that indicates the LB policy wishes to drop the
 // RPC and not retry it.
 type dropError struct {
diff --git a/vendor/google.golang.org/grpc/pickfirst.go b/vendor/google.golang.org/grpc/pickfirst.go
index fc91b4d26..abe266b02 100644
--- a/vendor/google.golang.org/grpc/pickfirst.go
+++ b/vendor/google.golang.org/grpc/pickfirst.go
@@ -19,11 +19,15 @@
 package grpc
 
 import (
+	"encoding/json"
 	"errors"
 	"fmt"
 
 	"google.golang.org/grpc/balancer"
 	"google.golang.org/grpc/connectivity"
+	"google.golang.org/grpc/internal/envconfig"
+	"google.golang.org/grpc/internal/grpcrand"
+	"google.golang.org/grpc/serviceconfig"
 )
 
 // PickFirstBalancerName is the name of the pick_first balancer.
@@ -43,10 +47,28 @@ func (*pickfirstBuilder) Name() string {
 	return PickFirstBalancerName
 }
 
+type pfConfig struct {
+	serviceconfig.LoadBalancingConfig `json:"-"`
+
+	// If set to true, instructs the LB policy to shuffle the order of the list
+	// of addresses received from the name resolver before attempting to
+	// connect to them.
+	ShuffleAddressList bool `json:"shuffleAddressList"`
+}
+
+func (*pickfirstBuilder) ParseConfig(js json.RawMessage) (serviceconfig.LoadBalancingConfig, error) {
+	cfg := &pfConfig{}
+	if err := json.Unmarshal(js, cfg); err != nil {
+		return nil, fmt.Errorf("pickfirst: unable to unmarshal LB policy config: %s, error: %v", string(js), err)
+	}
+	return cfg, nil
+}
+
 type pickfirstBalancer struct {
 	state   connectivity.State
 	cc      balancer.ClientConn
 	subConn balancer.SubConn
+	cfg     *pfConfig
 }
 
 func (b *pickfirstBalancer) ResolverError(err error) {
@@ -69,7 +91,8 @@ func (b *pickfirstBalancer) ResolverError(err error) {
 }
 
 func (b *pickfirstBalancer) UpdateClientConnState(state balancer.ClientConnState) error {
-	if len(state.ResolverState.Addresses) == 0 {
+	addrs := state.ResolverState.Addresses
+	if len(addrs) == 0 {
 		// The resolver reported an empty address list. Treat it like an error by
 		// calling b.ResolverError.
 		if b.subConn != nil {
@@ -82,12 +105,23 @@ func (b *pickfirstBalancer) UpdateClientConnState(state balancer.ClientConnState
 		return balancer.ErrBadResolverState
 	}
 
+	if state.BalancerConfig != nil {
+		cfg, ok := state.BalancerConfig.(*pfConfig)
+		if !ok {
+			return fmt.Errorf("pickfirstBalancer: received nil or illegal BalancerConfig (type %T): %v", state.BalancerConfig, state.BalancerConfig)
+		}
+		b.cfg = cfg
+	}
+
+	if envconfig.PickFirstLBConfig && b.cfg != nil && b.cfg.ShuffleAddressList {
+		grpcrand.Shuffle(len(addrs), func(i, j int) { addrs[i], addrs[j] = addrs[j], addrs[i] })
+	}
 	if b.subConn != nil {
-		b.cc.UpdateAddresses(b.subConn, state.ResolverState.Addresses)
+		b.cc.UpdateAddresses(b.subConn, addrs)
 		return nil
 	}
 
-	subConn, err := b.cc.NewSubConn(state.ResolverState.Addresses, balancer.NewSubConnOptions{})
+	subConn, err := b.cc.NewSubConn(addrs, balancer.NewSubConnOptions{})
 	if err != nil {
 		if logger.V(2) {
 			logger.Errorf("pickfirstBalancer: failed to NewSubConn: %v", err)
@@ -119,7 +153,6 @@ func (b *pickfirstBalancer) UpdateSubConnState(subConn balancer.SubConn, state b
 		}
 		return
 	}
-	b.state = state.ConnectivityState
 	if state.ConnectivityState == connectivity.Shutdown {
 		b.subConn = nil
 		return
@@ -132,11 +165,21 @@ func (b *pickfirstBalancer) UpdateSubConnState(subConn balancer.SubConn, state b
 			Picker:            &picker{result: balancer.PickResult{SubConn: subConn}},
 		})
 	case connectivity.Connecting:
+		if b.state == connectivity.TransientFailure {
+			// We stay in TransientFailure until we are Ready. See A62.
+			return
+		}
 		b.cc.UpdateState(balancer.State{
 			ConnectivityState: state.ConnectivityState,
 			Picker:            &picker{err: balancer.ErrNoSubConnAvailable},
 		})
 	case connectivity.Idle:
+		if b.state == connectivity.TransientFailure {
+			// We stay in TransientFailure until we are Ready. Also kick the
+			// subConn out of Idle into Connecting. See A62.
+			b.subConn.Connect()
+			return
+		}
 		b.cc.UpdateState(balancer.State{
 			ConnectivityState: state.ConnectivityState,
 			Picker:            &idlePicker{subConn: subConn},
@@ -147,6 +190,7 @@ func (b *pickfirstBalancer) UpdateSubConnState(subConn balancer.SubConn, state b
 			Picker:            &picker{err: state.ConnectionError},
 		})
 	}
+	b.state = state.ConnectivityState
 }
 
 func (b *pickfirstBalancer) Close() {
diff --git a/vendor/google.golang.org/grpc/resolver/resolver.go b/vendor/google.golang.org/grpc/resolver/resolver.go
index 654e9ce69..353c10b69 100644
--- a/vendor/google.golang.org/grpc/resolver/resolver.go
+++ b/vendor/google.golang.org/grpc/resolver/resolver.go
@@ -22,13 +22,13 @@ package resolver
 
 import (
 	"context"
+	"fmt"
 	"net"
 	"net/url"
 	"strings"
 
 	"google.golang.org/grpc/attributes"
 	"google.golang.org/grpc/credentials"
-	"google.golang.org/grpc/internal/pretty"
 	"google.golang.org/grpc/serviceconfig"
 )
 
@@ -41,8 +41,9 @@ var (
 
 // TODO(bar) install dns resolver in init(){}.
 
-// Register registers the resolver builder to the resolver map. b.Scheme will be
-// used as the scheme registered with this builder.
+// Register registers the resolver builder to the resolver map. b.Scheme will
+// be used as the scheme registered with this builder. The registry is case
+// sensitive, and schemes should not contain any uppercase characters.
 //
 // NOTE: this function must only be called during initialization time (i.e. in
 // an init() function), and is not thread-safe. If multiple Resolvers are
@@ -123,7 +124,7 @@ type Address struct {
 	Attributes *attributes.Attributes
 
 	// BalancerAttributes contains arbitrary data about this address intended
-	// for consumption by the LB policy.  These attribes do not affect SubConn
+	// for consumption by the LB policy.  These attributes do not affect SubConn
 	// creation, connection establishment, handshaking, etc.
 	BalancerAttributes *attributes.Attributes
 
@@ -150,7 +151,17 @@ func (a Address) Equal(o Address) bool {
 
 // String returns JSON formatted string representation of the address.
 func (a Address) String() string {
-	return pretty.ToJSON(a)
+	var sb strings.Builder
+	sb.WriteString(fmt.Sprintf("{Addr: %q, ", a.Addr))
+	sb.WriteString(fmt.Sprintf("ServerName: %q, ", a.ServerName))
+	if a.Attributes != nil {
+		sb.WriteString(fmt.Sprintf("Attributes: %v, ", a.Attributes.String()))
+	}
+	if a.BalancerAttributes != nil {
+		sb.WriteString(fmt.Sprintf("BalancerAttributes: %v", a.BalancerAttributes.String()))
+	}
+	sb.WriteString("}")
+	return sb.String()
 }
 
 // BuildOptions includes additional information for the builder to create
@@ -203,6 +214,15 @@ type State struct {
 // gRPC to add new methods to this interface.
 type ClientConn interface {
 	// UpdateState updates the state of the ClientConn appropriately.
+	//
+	// If an error is returned, the resolver should try to resolve the
+	// target again. The resolver should use a backoff timer to prevent
+	// overloading the server with requests. If a resolver is certain that
+	// reresolving will not change the result, e.g. because it is
+	// a watch-based resolver, returned errors can be ignored.
+	//
+	// If the resolved State is the same as the last reported one, calling
+	// UpdateState can be omitted.
 	UpdateState(State) error
 	// ReportError notifies the ClientConn that the Resolver encountered an
 	// error.  The ClientConn will notify the load balancer and begin calling
@@ -280,8 +300,10 @@ type Builder interface {
 	// gRPC dial calls Build synchronously, and fails if the returned error is
 	// not nil.
 	Build(target Target, cc ClientConn, opts BuildOptions) (Resolver, error)
-	// Scheme returns the scheme supported by this resolver.
-	// Scheme is defined at https://github.com/grpc/grpc/blob/master/doc/naming.md.
+	// Scheme returns the scheme supported by this resolver.  Scheme is defined
+	// at https://github.com/grpc/grpc/blob/master/doc/naming.md.  The returned
+	// string should not contain uppercase characters, as they will not match
+	// the parsed target's scheme as defined in RFC 3986.
 	Scheme() string
 }
 
diff --git a/vendor/google.golang.org/grpc/resolver_conn_wrapper.go b/vendor/google.golang.org/grpc/resolver_conn_wrapper.go
index 05a9d4e0b..b408b3688 100644
--- a/vendor/google.golang.org/grpc/resolver_conn_wrapper.go
+++ b/vendor/google.golang.org/grpc/resolver_conn_wrapper.go
@@ -19,11 +19,11 @@
 package grpc
 
 import (
+	"context"
 	"strings"
 	"sync"
 
 	"google.golang.org/grpc/balancer"
-	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/internal/channelz"
 	"google.golang.org/grpc/internal/grpcsync"
 	"google.golang.org/grpc/internal/pretty"
@@ -31,129 +31,192 @@ import (
 	"google.golang.org/grpc/serviceconfig"
 )
 
+// resolverStateUpdater wraps the single method used by ccResolverWrapper to
+// report a state update from the actual resolver implementation.
+type resolverStateUpdater interface {
+	updateResolverState(s resolver.State, err error) error
+}
+
 // ccResolverWrapper is a wrapper on top of cc for resolvers.
 // It implements resolver.ClientConn interface.
 type ccResolverWrapper struct {
-	cc         *ClientConn
-	resolverMu sync.Mutex
-	resolver   resolver.Resolver
-	done       *grpcsync.Event
-	curState   resolver.State
+	// The following fields are initialized when the wrapper is created and are
+	// read-only afterwards, and therefore can be accessed without a mutex.
+	cc                  resolverStateUpdater
+	channelzID          *channelz.Identifier
+	ignoreServiceConfig bool
+	opts                ccResolverWrapperOpts
+	serializer          *grpcsync.CallbackSerializer // To serialize all incoming calls.
+	serializerCancel    context.CancelFunc           // To close the serializer, accessed only from close().
+
+	// All incoming (resolver --> gRPC) calls are guaranteed to execute in a
+	// mutually exclusive manner as they are scheduled on the serializer.
+	// Fields accessed *only* in these serializer callbacks, can therefore be
+	// accessed without a mutex.
+	curState resolver.State
+
+	// mu guards access to the below fields.
+	mu       sync.Mutex
+	closed   bool
+	resolver resolver.Resolver // Accessed only from outgoing calls.
+}
 
-	incomingMu sync.Mutex // Synchronizes all the incoming calls.
+// ccResolverWrapperOpts wraps the arguments to be passed when creating a new
+// ccResolverWrapper.
+type ccResolverWrapperOpts struct {
+	target     resolver.Target       // User specified dial target to resolve.
+	builder    resolver.Builder      // Resolver builder to use.
+	bOpts      resolver.BuildOptions // Resolver build options to use.
+	channelzID *channelz.Identifier  // Channelz identifier for the channel.
 }
 
 // newCCResolverWrapper uses the resolver.Builder to build a Resolver and
 // returns a ccResolverWrapper object which wraps the newly built resolver.
-func newCCResolverWrapper(cc *ClientConn, rb resolver.Builder) (*ccResolverWrapper, error) {
+func newCCResolverWrapper(cc resolverStateUpdater, opts ccResolverWrapperOpts) (*ccResolverWrapper, error) {
+	ctx, cancel := context.WithCancel(context.Background())
 	ccr := &ccResolverWrapper{
-		cc:   cc,
-		done: grpcsync.NewEvent(),
-	}
-
-	var credsClone credentials.TransportCredentials
-	if creds := cc.dopts.copts.TransportCredentials; creds != nil {
-		credsClone = creds.Clone()
-	}
-	rbo := resolver.BuildOptions{
-		DisableServiceConfig: cc.dopts.disableServiceConfig,
-		DialCreds:            credsClone,
-		CredsBundle:          cc.dopts.copts.CredsBundle,
-		Dialer:               cc.dopts.copts.Dialer,
-	}
-
-	var err error
-	// We need to hold the lock here while we assign to the ccr.resolver field
-	// to guard against a data race caused by the following code path,
-	// rb.Build-->ccr.ReportError-->ccr.poll-->ccr.resolveNow, would end up
-	// accessing ccr.resolver which is being assigned here.
-	ccr.resolverMu.Lock()
-	defer ccr.resolverMu.Unlock()
-	ccr.resolver, err = rb.Build(cc.parsedTarget, ccr, rbo)
+		cc:                  cc,
+		channelzID:          opts.channelzID,
+		ignoreServiceConfig: opts.bOpts.DisableServiceConfig,
+		opts:                opts,
+		serializer:          grpcsync.NewCallbackSerializer(ctx),
+		serializerCancel:    cancel,
+	}
+
+	// Cannot hold the lock at build time because the resolver can send an
+	// update or error inline and these incoming calls grab the lock to schedule
+	// a callback in the serializer.
+	r, err := opts.builder.Build(opts.target, ccr, opts.bOpts)
 	if err != nil {
+		cancel()
 		return nil, err
 	}
+
+	// Any error reported by the resolver at build time that leads to a
+	// re-resolution request from the balancer is dropped by grpc until we
+	// return from this function. So, we don't have to handle pending resolveNow
+	// requests here.
+	ccr.mu.Lock()
+	ccr.resolver = r
+	ccr.mu.Unlock()
+
 	return ccr, nil
 }
 
 func (ccr *ccResolverWrapper) resolveNow(o resolver.ResolveNowOptions) {
-	ccr.resolverMu.Lock()
-	if !ccr.done.HasFired() {
-		ccr.resolver.ResolveNow(o)
+	ccr.mu.Lock()
+	defer ccr.mu.Unlock()
+
+	// ccr.resolver field is set only after the call to Build() returns. But in
+	// the process of building, the resolver may send an error update which when
+	// propagated to the balancer may result in a re-resolution request.
+	if ccr.closed || ccr.resolver == nil {
+		return
 	}
-	ccr.resolverMu.Unlock()
+	ccr.resolver.ResolveNow(o)
 }
 
 func (ccr *ccResolverWrapper) close() {
-	ccr.resolverMu.Lock()
-	ccr.resolver.Close()
-	ccr.done.Fire()
-	ccr.resolverMu.Unlock()
+	ccr.mu.Lock()
+	if ccr.closed {
+		ccr.mu.Unlock()
+		return
+	}
+
+	channelz.Info(logger, ccr.channelzID, "Closing the name resolver")
+
+	// Close the serializer to ensure that no more calls from the resolver are
+	// handled, before actually closing the resolver.
+	ccr.serializerCancel()
+	ccr.closed = true
+	r := ccr.resolver
+	ccr.mu.Unlock()
+
+	// Give enqueued callbacks a chance to finish.
+	<-ccr.serializer.Done
+
+	// Spawn a goroutine to close the resolver (since it may block trying to
+	// cleanup all allocated resources) and return early.
+	go r.Close()
+}
+
+// serializerScheduleLocked is a convenience method to schedule a function to be
+// run on the serializer while holding ccr.mu.
+func (ccr *ccResolverWrapper) serializerScheduleLocked(f func(context.Context)) {
+	ccr.mu.Lock()
+	ccr.serializer.Schedule(f)
+	ccr.mu.Unlock()
 }
 
+// UpdateState is called by resolver implementations to report new state to gRPC
+// which includes addresses and service config.
 func (ccr *ccResolverWrapper) UpdateState(s resolver.State) error {
-	ccr.incomingMu.Lock()
-	defer ccr.incomingMu.Unlock()
-	if ccr.done.HasFired() {
+	errCh := make(chan error, 1)
+	ok := ccr.serializer.Schedule(func(context.Context) {
+		ccr.addChannelzTraceEvent(s)
+		ccr.curState = s
+		if err := ccr.cc.updateResolverState(ccr.curState, nil); err == balancer.ErrBadResolverState {
+			errCh <- balancer.ErrBadResolverState
+			return
+		}
+		errCh <- nil
+	})
+	if !ok {
+		// The only time when Schedule() fail to add the callback to the
+		// serializer is when the serializer is closed, and this happens only
+		// when the resolver wrapper is closed.
 		return nil
 	}
-	ccr.addChannelzTraceEvent(s)
-	ccr.curState = s
-	if err := ccr.cc.updateResolverState(ccr.curState, nil); err == balancer.ErrBadResolverState {
-		return balancer.ErrBadResolverState
-	}
-	return nil
+	return <-errCh
 }
 
+// ReportError is called by resolver implementations to report errors
+// encountered during name resolution to gRPC.
 func (ccr *ccResolverWrapper) ReportError(err error) {
-	ccr.incomingMu.Lock()
-	defer ccr.incomingMu.Unlock()
-	if ccr.done.HasFired() {
-		return
-	}
-	channelz.Warningf(logger, ccr.cc.channelzID, "ccResolverWrapper: reporting error to cc: %v", err)
-	ccr.cc.updateResolverState(resolver.State{}, err)
+	ccr.serializerScheduleLocked(func(_ context.Context) {
+		channelz.Warningf(logger, ccr.channelzID, "ccResolverWrapper: reporting error to cc: %v", err)
+		ccr.cc.updateResolverState(resolver.State{}, err)
+	})
 }
 
-// NewAddress is called by the resolver implementation to send addresses to gRPC.
+// NewAddress is called by the resolver implementation to send addresses to
+// gRPC.
 func (ccr *ccResolverWrapper) NewAddress(addrs []resolver.Address) {
-	ccr.incomingMu.Lock()
-	defer ccr.incomingMu.Unlock()
-	if ccr.done.HasFired() {
-		return
-	}
-	ccr.addChannelzTraceEvent(resolver.State{Addresses: addrs, ServiceConfig: ccr.curState.ServiceConfig})
-	ccr.curState.Addresses = addrs
-	ccr.cc.updateResolverState(ccr.curState, nil)
+	ccr.serializerScheduleLocked(func(_ context.Context) {
+		ccr.addChannelzTraceEvent(resolver.State{Addresses: addrs, ServiceConfig: ccr.curState.ServiceConfig})
+		ccr.curState.Addresses = addrs
+		ccr.cc.updateResolverState(ccr.curState, nil)
+	})
 }
 
 // NewServiceConfig is called by the resolver implementation to send service
 // configs to gRPC.
 func (ccr *ccResolverWrapper) NewServiceConfig(sc string) {
-	ccr.incomingMu.Lock()
-	defer ccr.incomingMu.Unlock()
-	if ccr.done.HasFired() {
-		return
-	}
-	channelz.Infof(logger, ccr.cc.channelzID, "ccResolverWrapper: got new service config: %s", sc)
-	if ccr.cc.dopts.disableServiceConfig {
-		channelz.Info(logger, ccr.cc.channelzID, "Service config lookups disabled; ignoring config")
-		return
-	}
-	scpr := parseServiceConfig(sc)
-	if scpr.Err != nil {
-		channelz.Warningf(logger, ccr.cc.channelzID, "ccResolverWrapper: error parsing service config: %v", scpr.Err)
-		return
-	}
-	ccr.addChannelzTraceEvent(resolver.State{Addresses: ccr.curState.Addresses, ServiceConfig: scpr})
-	ccr.curState.ServiceConfig = scpr
-	ccr.cc.updateResolverState(ccr.curState, nil)
+	ccr.serializerScheduleLocked(func(_ context.Context) {
+		channelz.Infof(logger, ccr.channelzID, "ccResolverWrapper: got new service config: %s", sc)
+		if ccr.ignoreServiceConfig {
+			channelz.Info(logger, ccr.channelzID, "Service config lookups disabled; ignoring config")
+			return
+		}
+		scpr := parseServiceConfig(sc)
+		if scpr.Err != nil {
+			channelz.Warningf(logger, ccr.channelzID, "ccResolverWrapper: error parsing service config: %v", scpr.Err)
+			return
+		}
+		ccr.addChannelzTraceEvent(resolver.State{Addresses: ccr.curState.Addresses, ServiceConfig: scpr})
+		ccr.curState.ServiceConfig = scpr
+		ccr.cc.updateResolverState(ccr.curState, nil)
+	})
 }
 
+// ParseServiceConfig is called by resolver implementations to parse a JSON
+// representation of the service config.
 func (ccr *ccResolverWrapper) ParseServiceConfig(scJSON string) *serviceconfig.ParseResult {
 	return parseServiceConfig(scJSON)
 }
 
+// addChannelzTraceEvent adds a channelz trace event containing the new
+// state received from resolver implementations.
 func (ccr *ccResolverWrapper) addChannelzTraceEvent(s resolver.State) {
 	var updates []string
 	var oldSC, newSC *ServiceConfig
@@ -172,5 +235,5 @@ func (ccr *ccResolverWrapper) addChannelzTraceEvent(s resolver.State) {
 	} else if len(ccr.curState.Addresses) == 0 && len(s.Addresses) > 0 {
 		updates = append(updates, "resolver returned new addresses")
 	}
-	channelz.Infof(logger, ccr.cc.channelzID, "Resolver state updated: %s (%v)", pretty.ToJSON(s), strings.Join(updates, "; "))
+	channelz.Infof(logger, ccr.channelzID, "Resolver state updated: %s (%v)", pretty.ToJSON(s), strings.Join(updates, "; "))
 }
diff --git a/vendor/google.golang.org/grpc/rpc_util.go b/vendor/google.golang.org/grpc/rpc_util.go
index cb7020ebe..2030736a3 100644
--- a/vendor/google.golang.org/grpc/rpc_util.go
+++ b/vendor/google.golang.org/grpc/rpc_util.go
@@ -159,6 +159,7 @@ type callInfo struct {
 	contentSubtype        string
 	codec                 baseCodec
 	maxRetryRPCBufferSize int
+	onFinish              []func(err error)
 }
 
 func defaultCallInfo() *callInfo {
@@ -295,6 +296,41 @@ func (o FailFastCallOption) before(c *callInfo) error {
 }
 func (o FailFastCallOption) after(c *callInfo, attempt *csAttempt) {}
 
+// OnFinish returns a CallOption that configures a callback to be called when
+// the call completes. The error passed to the callback is the status of the
+// RPC, and may be nil. The onFinish callback provided will only be called once
+// by gRPC. This is mainly used to be used by streaming interceptors, to be
+// notified when the RPC completes along with information about the status of
+// the RPC.
+//
+// # Experimental
+//
+// Notice: This API is EXPERIMENTAL and may be changed or removed in a
+// later release.
+func OnFinish(onFinish func(err error)) CallOption {
+	return OnFinishCallOption{
+		OnFinish: onFinish,
+	}
+}
+
+// OnFinishCallOption is CallOption that indicates a callback to be called when
+// the call completes.
+//
+// # Experimental
+//
+// Notice: This type is EXPERIMENTAL and may be changed or removed in a
+// later release.
+type OnFinishCallOption struct {
+	OnFinish func(error)
+}
+
+func (o OnFinishCallOption) before(c *callInfo) error {
+	c.onFinish = append(c.onFinish, o.OnFinish)
+	return nil
+}
+
+func (o OnFinishCallOption) after(c *callInfo, attempt *csAttempt) {}
+
 // MaxCallRecvMsgSize returns a CallOption which sets the maximum message size
 // in bytes the client can receive. If this is not set, gRPC uses the default
 // 4MB.
@@ -658,12 +694,13 @@ func msgHeader(data, compData []byte) (hdr []byte, payload []byte) {
 
 func outPayload(client bool, msg interface{}, data, payload []byte, t time.Time) *stats.OutPayload {
 	return &stats.OutPayload{
-		Client:     client,
-		Payload:    msg,
-		Data:       data,
-		Length:     len(data),
-		WireLength: len(payload) + headerLen,
-		SentTime:   t,
+		Client:           client,
+		Payload:          msg,
+		Data:             data,
+		Length:           len(data),
+		WireLength:       len(payload) + headerLen,
+		CompressedLength: len(payload),
+		SentTime:         t,
 	}
 }
 
@@ -684,7 +721,7 @@ func checkRecvPayload(pf payloadFormat, recvCompress string, haveCompressor bool
 }
 
 type payloadInfo struct {
-	wireLength        int // The compressed length got from wire.
+	compressedLength  int // The compressed length got from wire.
 	uncompressedBytes []byte
 }
 
@@ -694,7 +731,7 @@ func recvAndDecompress(p *parser, s *transport.Stream, dc Decompressor, maxRecei
 		return nil, err
 	}
 	if payInfo != nil {
-		payInfo.wireLength = len(d)
+		payInfo.compressedLength = len(d)
 	}
 
 	if st := checkRecvPayload(pf, s.RecvCompress(), compressor != nil || dc != nil); st != nil {
diff --git a/vendor/google.golang.org/grpc/server.go b/vendor/google.golang.org/grpc/server.go
index d5a6e78be..8869cc906 100644
--- a/vendor/google.golang.org/grpc/server.go
+++ b/vendor/google.golang.org/grpc/server.go
@@ -43,8 +43,8 @@ import (
 	"google.golang.org/grpc/internal"
 	"google.golang.org/grpc/internal/binarylog"
 	"google.golang.org/grpc/internal/channelz"
-	"google.golang.org/grpc/internal/grpcrand"
 	"google.golang.org/grpc/internal/grpcsync"
+	"google.golang.org/grpc/internal/grpcutil"
 	"google.golang.org/grpc/internal/transport"
 	"google.golang.org/grpc/keepalive"
 	"google.golang.org/grpc/metadata"
@@ -74,10 +74,10 @@ func init() {
 		srv.drainServerTransports(addr)
 	}
 	internal.AddGlobalServerOptions = func(opt ...ServerOption) {
-		extraServerOptions = append(extraServerOptions, opt...)
+		globalServerOptions = append(globalServerOptions, opt...)
 	}
 	internal.ClearGlobalServerOptions = func() {
-		extraServerOptions = nil
+		globalServerOptions = nil
 	}
 	internal.BinaryLogger = binaryLogger
 	internal.JoinServerOptions = newJoinServerOption
@@ -115,12 +115,6 @@ type serviceInfo struct {
 	mdata       interface{}
 }
 
-type serverWorkerData struct {
-	st     transport.ServerTransport
-	wg     *sync.WaitGroup
-	stream *transport.Stream
-}
-
 // Server is a gRPC server to serve RPC requests.
 type Server struct {
 	opts serverOptions
@@ -145,7 +139,7 @@ type Server struct {
 	channelzID *channelz.Identifier
 	czData     *channelzData
 
-	serverWorkerChannels []chan *serverWorkerData
+	serverWorkerChannel chan func()
 }
 
 type serverOptions struct {
@@ -177,13 +171,14 @@ type serverOptions struct {
 }
 
 var defaultServerOptions = serverOptions{
+	maxConcurrentStreams:  math.MaxUint32,
 	maxReceiveMessageSize: defaultServerMaxReceiveMessageSize,
 	maxSendMessageSize:    defaultServerMaxSendMessageSize,
 	connectionTimeout:     120 * time.Second,
 	writeBufferSize:       defaultWriteBufSize,
 	readBufferSize:        defaultReadBufSize,
 }
-var extraServerOptions []ServerOption
+var globalServerOptions []ServerOption
 
 // A ServerOption sets options such as credentials, codec and keepalive parameters, etc.
 type ServerOption interface {
@@ -387,6 +382,9 @@ func MaxSendMsgSize(m int) ServerOption {
 // MaxConcurrentStreams returns a ServerOption that will apply a limit on the number
 // of concurrent streams to each ServerTransport.
 func MaxConcurrentStreams(n uint32) ServerOption {
+	if n == 0 {
+		n = math.MaxUint32
+	}
 	return newFuncServerOption(func(o *serverOptions) {
 		o.maxConcurrentStreams = n
 	})
@@ -560,47 +558,40 @@ func NumStreamWorkers(numServerWorkers uint32) ServerOption {
 const serverWorkerResetThreshold = 1 << 16
 
 // serverWorkers blocks on a *transport.Stream channel forever and waits for
-// data to be fed by serveStreams. This allows different requests to be
+// data to be fed by serveStreams. This allows multiple requests to be
 // processed by the same goroutine, removing the need for expensive stack
 // re-allocations (see the runtime.morestack problem [1]).
 //
 // [1] https://github.com/golang/go/issues/18138
-func (s *Server) serverWorker(ch chan *serverWorkerData) {
-	// To make sure all server workers don't reset at the same time, choose a
-	// random number of iterations before resetting.
-	threshold := serverWorkerResetThreshold + grpcrand.Intn(serverWorkerResetThreshold)
-	for completed := 0; completed < threshold; completed++ {
-		data, ok := <-ch
+func (s *Server) serverWorker() {
+	for completed := 0; completed < serverWorkerResetThreshold; completed++ {
+		f, ok := <-s.serverWorkerChannel
 		if !ok {
 			return
 		}
-		s.handleStream(data.st, data.stream, s.traceInfo(data.st, data.stream))
-		data.wg.Done()
+		f()
 	}
-	go s.serverWorker(ch)
+	go s.serverWorker()
 }
 
-// initServerWorkers creates worker goroutines and channels to process incoming
+// initServerWorkers creates worker goroutines and a channel to process incoming
 // connections to reduce the time spent overall on runtime.morestack.
 func (s *Server) initServerWorkers() {
-	s.serverWorkerChannels = make([]chan *serverWorkerData, s.opts.numServerWorkers)
+	s.serverWorkerChannel = make(chan func())
 	for i := uint32(0); i < s.opts.numServerWorkers; i++ {
-		s.serverWorkerChannels[i] = make(chan *serverWorkerData)
-		go s.serverWorker(s.serverWorkerChannels[i])
+		go s.serverWorker()
 	}
 }
 
 func (s *Server) stopServerWorkers() {
-	for i := uint32(0); i < s.opts.numServerWorkers; i++ {
-		close(s.serverWorkerChannels[i])
-	}
+	close(s.serverWorkerChannel)
 }
 
 // NewServer creates a gRPC server which has no service registered and has not
 // started to accept requests yet.
 func NewServer(opt ...ServerOption) *Server {
 	opts := defaultServerOptions
-	for _, o := range extraServerOptions {
+	for _, o := range globalServerOptions {
 		o.apply(&opts)
 	}
 	for _, o := range opt {
@@ -897,7 +888,7 @@ func (s *Server) drainServerTransports(addr string) {
 	s.mu.Lock()
 	conns := s.conns[addr]
 	for st := range conns {
-		st.Drain()
+		st.Drain("")
 	}
 	s.mu.Unlock()
 }
@@ -945,26 +936,26 @@ func (s *Server) serveStreams(st transport.ServerTransport) {
 	defer st.Close(errors.New("finished serving streams for the server transport"))
 	var wg sync.WaitGroup
 
-	var roundRobinCounter uint32
+	streamQuota := newHandlerQuota(s.opts.maxConcurrentStreams)
 	st.HandleStreams(func(stream *transport.Stream) {
 		wg.Add(1)
+
+		streamQuota.acquire()
+		f := func() {
+			defer streamQuota.release()
+			defer wg.Done()
+			s.handleStream(st, stream, s.traceInfo(st, stream))
+		}
+
 		if s.opts.numServerWorkers > 0 {
-			data := &serverWorkerData{st: st, wg: &wg, stream: stream}
 			select {
-			case s.serverWorkerChannels[atomic.AddUint32(&roundRobinCounter, 1)%s.opts.numServerWorkers] <- data:
+			case s.serverWorkerChannel <- f:
+				return
 			default:
 				// If all stream workers are busy, fallback to the default code path.
-				go func() {
-					s.handleStream(st, stream, s.traceInfo(st, stream))
-					wg.Done()
-				}()
 			}
-		} else {
-			go func() {
-				defer wg.Done()
-				s.handleStream(st, stream, s.traceInfo(st, stream))
-			}()
 		}
+		go f()
 	}, func(ctx context.Context, method string) context.Context {
 		if !EnableTracing {
 			return ctx
@@ -1053,7 +1044,7 @@ func (s *Server) addConn(addr string, st transport.ServerTransport) bool {
 	if s.drain {
 		// Transport added after we drained our existing conns: drain it
 		// immediately.
-		st.Drain()
+		st.Drain("")
 	}
 
 	if s.conns[addr] == nil {
@@ -1252,7 +1243,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 			logEntry.PeerAddr = peer.Addr
 		}
 		for _, binlog := range binlogs {
-			binlog.Log(logEntry)
+			binlog.Log(ctx, logEntry)
 		}
 	}
 
@@ -1263,6 +1254,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 	var comp, decomp encoding.Compressor
 	var cp Compressor
 	var dc Decompressor
+	var sendCompressorName string
 
 	// If dc is set and matches the stream's compression, use it.  Otherwise, try
 	// to find a matching registered compressor for decomp.
@@ -1283,12 +1275,18 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 	// NOTE: this needs to be ahead of all handling, https://github.com/grpc/grpc-go/issues/686.
 	if s.opts.cp != nil {
 		cp = s.opts.cp
-		stream.SetSendCompress(cp.Type())
+		sendCompressorName = cp.Type()
 	} else if rc := stream.RecvCompress(); rc != "" && rc != encoding.Identity {
 		// Legacy compressor not specified; attempt to respond with same encoding.
 		comp = encoding.GetCompressor(rc)
 		if comp != nil {
-			stream.SetSendCompress(rc)
+			sendCompressorName = comp.Name()
+		}
+	}
+
+	if sendCompressorName != "" {
+		if err := stream.SetSendCompress(sendCompressorName); err != nil {
+			return status.Errorf(codes.Internal, "grpc: failed to set send compressor: %v", err)
 		}
 	}
 
@@ -1312,11 +1310,12 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 		}
 		for _, sh := range shs {
 			sh.HandleRPC(stream.Context(), &stats.InPayload{
-				RecvTime:   time.Now(),
-				Payload:    v,
-				WireLength: payInfo.wireLength + headerLen,
-				Data:       d,
-				Length:     len(d),
+				RecvTime:         time.Now(),
+				Payload:          v,
+				Length:           len(d),
+				WireLength:       payInfo.compressedLength + headerLen,
+				CompressedLength: payInfo.compressedLength,
+				Data:             d,
 			})
 		}
 		if len(binlogs) != 0 {
@@ -1324,7 +1323,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 				Message: d,
 			}
 			for _, binlog := range binlogs {
-				binlog.Log(cm)
+				binlog.Log(stream.Context(), cm)
 			}
 		}
 		if trInfo != nil {
@@ -1357,7 +1356,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 					Header: h,
 				}
 				for _, binlog := range binlogs {
-					binlog.Log(sh)
+					binlog.Log(stream.Context(), sh)
 				}
 			}
 			st := &binarylog.ServerTrailer{
@@ -1365,7 +1364,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 				Err:     appErr,
 			}
 			for _, binlog := range binlogs {
-				binlog.Log(st)
+				binlog.Log(stream.Context(), st)
 			}
 		}
 		return appErr
@@ -1375,6 +1374,11 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 	}
 	opts := &transport.Options{Last: true}
 
+	// Server handler could have set new compressor by calling SetSendCompressor.
+	// In case it is set, we need to use it for compressing outbound message.
+	if stream.SendCompress() != sendCompressorName {
+		comp = encoding.GetCompressor(stream.SendCompress())
+	}
 	if err := s.sendResponse(t, stream, reply, cp, opts, comp); err != nil {
 		if err == io.EOF {
 			// The entire stream is done (for unary RPC only).
@@ -1402,8 +1406,8 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 				Err:     appErr,
 			}
 			for _, binlog := range binlogs {
-				binlog.Log(sh)
-				binlog.Log(st)
+				binlog.Log(stream.Context(), sh)
+				binlog.Log(stream.Context(), st)
 			}
 		}
 		return err
@@ -1417,8 +1421,8 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 			Message: reply,
 		}
 		for _, binlog := range binlogs {
-			binlog.Log(sh)
-			binlog.Log(sm)
+			binlog.Log(stream.Context(), sh)
+			binlog.Log(stream.Context(), sm)
 		}
 	}
 	if channelz.IsOn() {
@@ -1430,17 +1434,16 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 	// TODO: Should we be logging if writing status failed here, like above?
 	// Should the logging be in WriteStatus?  Should we ignore the WriteStatus
 	// error or allow the stats handler to see it?
-	err = t.WriteStatus(stream, statusOK)
 	if len(binlogs) != 0 {
 		st := &binarylog.ServerTrailer{
 			Trailer: stream.Trailer(),
 			Err:     appErr,
 		}
 		for _, binlog := range binlogs {
-			binlog.Log(st)
+			binlog.Log(stream.Context(), st)
 		}
 	}
-	return err
+	return t.WriteStatus(stream, statusOK)
 }
 
 // chainStreamServerInterceptors chains all stream server interceptors into one.
@@ -1574,7 +1577,7 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 			logEntry.PeerAddr = peer.Addr
 		}
 		for _, binlog := range ss.binlogs {
-			binlog.Log(logEntry)
+			binlog.Log(stream.Context(), logEntry)
 		}
 	}
 
@@ -1597,12 +1600,18 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 	// NOTE: this needs to be ahead of all handling, https://github.com/grpc/grpc-go/issues/686.
 	if s.opts.cp != nil {
 		ss.cp = s.opts.cp
-		stream.SetSendCompress(s.opts.cp.Type())
+		ss.sendCompressorName = s.opts.cp.Type()
 	} else if rc := stream.RecvCompress(); rc != "" && rc != encoding.Identity {
 		// Legacy compressor not specified; attempt to respond with same encoding.
 		ss.comp = encoding.GetCompressor(rc)
 		if ss.comp != nil {
-			stream.SetSendCompress(rc)
+			ss.sendCompressorName = rc
+		}
+	}
+
+	if ss.sendCompressorName != "" {
+		if err := stream.SetSendCompress(ss.sendCompressorName); err != nil {
+			return status.Errorf(codes.Internal, "grpc: failed to set send compressor: %v", err)
 		}
 	}
 
@@ -1640,16 +1649,16 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 			ss.trInfo.tr.SetError()
 			ss.mu.Unlock()
 		}
-		t.WriteStatus(ss.s, appStatus)
 		if len(ss.binlogs) != 0 {
 			st := &binarylog.ServerTrailer{
 				Trailer: ss.s.Trailer(),
 				Err:     appErr,
 			}
 			for _, binlog := range ss.binlogs {
-				binlog.Log(st)
+				binlog.Log(stream.Context(), st)
 			}
 		}
+		t.WriteStatus(ss.s, appStatus)
 		// TODO: Should we log an error from WriteStatus here and below?
 		return appErr
 	}
@@ -1658,17 +1667,16 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 		ss.trInfo.tr.LazyLog(stringer("OK"), false)
 		ss.mu.Unlock()
 	}
-	err = t.WriteStatus(ss.s, statusOK)
 	if len(ss.binlogs) != 0 {
 		st := &binarylog.ServerTrailer{
 			Trailer: ss.s.Trailer(),
 			Err:     appErr,
 		}
 		for _, binlog := range ss.binlogs {
-			binlog.Log(st)
+			binlog.Log(stream.Context(), st)
 		}
 	}
-	return err
+	return t.WriteStatus(ss.s, statusOK)
 }
 
 func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Stream, trInfo *traceInfo) {
@@ -1846,7 +1854,7 @@ func (s *Server) GracefulStop() {
 	if !s.drain {
 		for _, conns := range s.conns {
 			for st := range conns {
-				st.Drain()
+				st.Drain("graceful_stop")
 			}
 		}
 		s.drain = true
@@ -1935,6 +1943,60 @@ func SendHeader(ctx context.Context, md metadata.MD) error {
 	return nil
 }
 
+// SetSendCompressor sets a compressor for outbound messages from the server.
+// It must not be called after any event that causes headers to be sent
+// (see ServerStream.SetHeader for the complete list). Provided compressor is
+// used when below conditions are met:
+//
+//   - compressor is registered via encoding.RegisterCompressor
+//   - compressor name must exist in the client advertised compressor names
+//     sent in grpc-accept-encoding header. Use ClientSupportedCompressors to
+//     get client supported compressor names.
+//
+// The context provided must be the context passed to the server's handler.
+// It must be noted that compressor name encoding.Identity disables the
+// outbound compression.
+// By default, server messages will be sent using the same compressor with
+// which request messages were sent.
+//
+// It is not safe to call SetSendCompressor concurrently with SendHeader and
+// SendMsg.
+//
+// # Experimental
+//
+// Notice: This function is EXPERIMENTAL and may be changed or removed in a
+// later release.
+func SetSendCompressor(ctx context.Context, name string) error {
+	stream, ok := ServerTransportStreamFromContext(ctx).(*transport.Stream)
+	if !ok || stream == nil {
+		return fmt.Errorf("failed to fetch the stream from the given context")
+	}
+
+	if err := validateSendCompressor(name, stream.ClientAdvertisedCompressors()); err != nil {
+		return fmt.Errorf("unable to set send compressor: %w", err)
+	}
+
+	return stream.SetSendCompress(name)
+}
+
+// ClientSupportedCompressors returns compressor names advertised by the client
+// via grpc-accept-encoding header.
+//
+// The context provided must be the context passed to the server's handler.
+//
+// # Experimental
+//
+// Notice: This function is EXPERIMENTAL and may be changed or removed in a
+// later release.
+func ClientSupportedCompressors(ctx context.Context) ([]string, error) {
+	stream, ok := ServerTransportStreamFromContext(ctx).(*transport.Stream)
+	if !ok || stream == nil {
+		return nil, fmt.Errorf("failed to fetch the stream from the given context %v", ctx)
+	}
+
+	return strings.Split(stream.ClientAdvertisedCompressors(), ","), nil
+}
+
 // SetTrailer sets the trailer metadata that will be sent when an RPC returns.
 // When called more than once, all the provided metadata will be merged.
 //
@@ -1969,3 +2031,51 @@ type channelzServer struct {
 func (c *channelzServer) ChannelzMetric() *channelz.ServerInternalMetric {
 	return c.s.channelzMetric()
 }
+
+// validateSendCompressor returns an error when given compressor name cannot be
+// handled by the server or the client based on the advertised compressors.
+func validateSendCompressor(name, clientCompressors string) error {
+	if name == encoding.Identity {
+		return nil
+	}
+
+	if !grpcutil.IsCompressorNameRegistered(name) {
+		return fmt.Errorf("compressor not registered %q", name)
+	}
+
+	for _, c := range strings.Split(clientCompressors, ",") {
+		if c == name {
+			return nil // found match
+		}
+	}
+	return fmt.Errorf("client does not support compressor %q", name)
+}
+
+// atomicSemaphore implements a blocking, counting semaphore. acquire should be
+// called synchronously; release may be called asynchronously.
+type atomicSemaphore struct {
+	n    int64
+	wait chan struct{}
+}
+
+func (q *atomicSemaphore) acquire() {
+	if atomic.AddInt64(&q.n, -1) < 0 {
+		// We ran out of quota.  Block until a release happens.
+		<-q.wait
+	}
+}
+
+func (q *atomicSemaphore) release() {
+	// N.B. the "<= 0" check below should allow for this to work with multiple
+	// concurrent calls to acquire, but also note that with synchronous calls to
+	// acquire, as our system does, n will never be less than -1.  There are
+	// fairness issues (queuing) to consider if this was to be generalized.
+	if atomic.AddInt64(&q.n, 1) <= 0 {
+		// An acquire was waiting on us.  Unblock it.
+		q.wait <- struct{}{}
+	}
+}
+
+func newHandlerQuota(n uint32) *atomicSemaphore {
+	return &atomicSemaphore{n: int64(n), wait: make(chan struct{}, 1)}
+}
diff --git a/vendor/google.golang.org/grpc/service_config.go b/vendor/google.golang.org/grpc/service_config.go
index f22acace4..0df11fc09 100644
--- a/vendor/google.golang.org/grpc/service_config.go
+++ b/vendor/google.golang.org/grpc/service_config.go
@@ -23,8 +23,6 @@ import (
 	"errors"
 	"fmt"
 	"reflect"
-	"strconv"
-	"strings"
 	"time"
 
 	"google.golang.org/grpc/codes"
@@ -106,8 +104,8 @@ type healthCheckConfig struct {
 
 type jsonRetryPolicy struct {
 	MaxAttempts          int
-	InitialBackoff       string
-	MaxBackoff           string
+	InitialBackoff       internalserviceconfig.Duration
+	MaxBackoff           internalserviceconfig.Duration
 	BackoffMultiplier    float64
 	RetryableStatusCodes []codes.Code
 }
@@ -129,50 +127,6 @@ type retryThrottlingPolicy struct {
 	TokenRatio float64
 }
 
-func parseDuration(s *string) (*time.Duration, error) {
-	if s == nil {
-		return nil, nil
-	}
-	if !strings.HasSuffix(*s, "s") {
-		return nil, fmt.Errorf("malformed duration %q", *s)
-	}
-	ss := strings.SplitN((*s)[:len(*s)-1], ".", 3)
-	if len(ss) > 2 {
-		return nil, fmt.Errorf("malformed duration %q", *s)
-	}
-	// hasDigits is set if either the whole or fractional part of the number is
-	// present, since both are optional but one is required.
-	hasDigits := false
-	var d time.Duration
-	if len(ss[0]) > 0 {
-		i, err := strconv.ParseInt(ss[0], 10, 32)
-		if err != nil {
-			return nil, fmt.Errorf("malformed duration %q: %v", *s, err)
-		}
-		d = time.Duration(i) * time.Second
-		hasDigits = true
-	}
-	if len(ss) == 2 && len(ss[1]) > 0 {
-		if len(ss[1]) > 9 {
-			return nil, fmt.Errorf("malformed duration %q", *s)
-		}
-		f, err := strconv.ParseInt(ss[1], 10, 64)
-		if err != nil {
-			return nil, fmt.Errorf("malformed duration %q: %v", *s, err)
-		}
-		for i := 9; i > len(ss[1]); i-- {
-			f *= 10
-		}
-		d += time.Duration(f)
-		hasDigits = true
-	}
-	if !hasDigits {
-		return nil, fmt.Errorf("malformed duration %q", *s)
-	}
-
-	return &d, nil
-}
-
 type jsonName struct {
 	Service string
 	Method  string
@@ -201,7 +155,7 @@ func (j jsonName) generatePath() (string, error) {
 type jsonMC struct {
 	Name                    *[]jsonName
 	WaitForReady            *bool
-	Timeout                 *string
+	Timeout                 *internalserviceconfig.Duration
 	MaxRequestMessageBytes  *int64
 	MaxResponseMessageBytes *int64
 	RetryPolicy             *jsonRetryPolicy
@@ -252,15 +206,10 @@ func parseServiceConfig(js string) *serviceconfig.ParseResult {
 		if m.Name == nil {
 			continue
 		}
-		d, err := parseDuration(m.Timeout)
-		if err != nil {
-			logger.Warningf("grpc: unmarshaling service config %s: %v", js, err)
-			return &serviceconfig.ParseResult{Err: err}
-		}
 
 		mc := MethodConfig{
 			WaitForReady: m.WaitForReady,
-			Timeout:      d,
+			Timeout:      (*time.Duration)(m.Timeout),
 		}
 		if mc.RetryPolicy, err = convertRetryPolicy(m.RetryPolicy); err != nil {
 			logger.Warningf("grpc: unmarshaling service config %s: %v", js, err)
@@ -312,18 +261,10 @@ func convertRetryPolicy(jrp *jsonRetryPolicy) (p *internalserviceconfig.RetryPol
 	if jrp == nil {
 		return nil, nil
 	}
-	ib, err := parseDuration(&jrp.InitialBackoff)
-	if err != nil {
-		return nil, err
-	}
-	mb, err := parseDuration(&jrp.MaxBackoff)
-	if err != nil {
-		return nil, err
-	}
 
 	if jrp.MaxAttempts <= 1 ||
-		*ib <= 0 ||
-		*mb <= 0 ||
+		jrp.InitialBackoff <= 0 ||
+		jrp.MaxBackoff <= 0 ||
 		jrp.BackoffMultiplier <= 0 ||
 		len(jrp.RetryableStatusCodes) == 0 {
 		logger.Warningf("grpc: ignoring retry policy %v due to illegal configuration", jrp)
@@ -332,8 +273,8 @@ func convertRetryPolicy(jrp *jsonRetryPolicy) (p *internalserviceconfig.RetryPol
 
 	rp := &internalserviceconfig.RetryPolicy{
 		MaxAttempts:          jrp.MaxAttempts,
-		InitialBackoff:       *ib,
-		MaxBackoff:           *mb,
+		InitialBackoff:       time.Duration(jrp.InitialBackoff),
+		MaxBackoff:           time.Duration(jrp.MaxBackoff),
 		BackoffMultiplier:    jrp.BackoffMultiplier,
 		RetryableStatusCodes: make(map[codes.Code]bool),
 	}
diff --git a/vendor/google.golang.org/grpc/stats/stats.go b/vendor/google.golang.org/grpc/stats/stats.go
index 0285dcc6a..7a552a9b7 100644
--- a/vendor/google.golang.org/grpc/stats/stats.go
+++ b/vendor/google.golang.org/grpc/stats/stats.go
@@ -67,10 +67,18 @@ type InPayload struct {
 	Payload interface{}
 	// Data is the serialized message payload.
 	Data []byte
-	// Length is the length of uncompressed data.
+
+	// Length is the size of the uncompressed payload data. Does not include any
+	// framing (gRPC or HTTP/2).
 	Length int
-	// WireLength is the length of data on wire (compressed, signed, encrypted).
+	// CompressedLength is the size of the compressed payload data. Does not
+	// include any framing (gRPC or HTTP/2). Same as Length if compression not
+	// enabled.
+	CompressedLength int
+	// WireLength is the size of the compressed payload data plus gRPC framing.
+	// Does not include HTTP/2 framing.
 	WireLength int
+
 	// RecvTime is the time when the payload is received.
 	RecvTime time.Time
 }
@@ -129,9 +137,15 @@ type OutPayload struct {
 	Payload interface{}
 	// Data is the serialized message payload.
 	Data []byte
-	// Length is the length of uncompressed data.
+	// Length is the size of the uncompressed payload data. Does not include any
+	// framing (gRPC or HTTP/2).
 	Length int
-	// WireLength is the length of data on wire (compressed, signed, encrypted).
+	// CompressedLength is the size of the compressed payload data. Does not
+	// include any framing (gRPC or HTTP/2). Same as Length if compression not
+	// enabled.
+	CompressedLength int
+	// WireLength is the size of the compressed payload data plus gRPC framing.
+	// Does not include HTTP/2 framing.
 	WireLength int
 	// SentTime is the time when the payload is sent.
 	SentTime time.Time
diff --git a/vendor/google.golang.org/grpc/status/status.go b/vendor/google.golang.org/grpc/status/status.go
index 623be39f2..bcf2e4d81 100644
--- a/vendor/google.golang.org/grpc/status/status.go
+++ b/vendor/google.golang.org/grpc/status/status.go
@@ -77,9 +77,18 @@ func FromProto(s *spb.Status) *Status {
 // FromError returns a Status representation of err.
 //
 //   - If err was produced by this package or implements the method `GRPCStatus()
-//     *Status`, the appropriate Status is returned.
+//     *Status` and `GRPCStatus()` does not return nil, or if err wraps a type
+//     satisfying this, the Status from `GRPCStatus()` is returned.  For wrapped
+//     errors, the message returned contains the entire err.Error() text and not
+//     just the wrapped status. In that case, ok is true.
 //
-//   - If err is nil, a Status is returned with codes.OK and no message.
+//   - If err is nil, a Status is returned with codes.OK and no message, and ok
+//     is true.
+//
+//   - If err implements the method `GRPCStatus() *Status` and `GRPCStatus()`
+//     returns nil (which maps to Codes.OK), or if err wraps a type
+//     satisfying this, a Status is returned with codes.Unknown and err's
+//     Error() message, and ok is false.
 //
 //   - Otherwise, err is an error not compatible with this package.  In this
 //     case, a Status is returned with codes.Unknown and err's Error() message,
@@ -88,10 +97,29 @@ func FromError(err error) (s *Status, ok bool) {
 	if err == nil {
 		return nil, true
 	}
-	if se, ok := err.(interface {
-		GRPCStatus() *Status
-	}); ok {
-		return se.GRPCStatus(), true
+	type grpcstatus interface{ GRPCStatus() *Status }
+	if gs, ok := err.(grpcstatus); ok {
+		if gs.GRPCStatus() == nil {
+			// Error has status nil, which maps to codes.OK. There
+			// is no sensible behavior for this, so we turn it into
+			// an error with codes.Unknown and discard the existing
+			// status.
+			return New(codes.Unknown, err.Error()), false
+		}
+		return gs.GRPCStatus(), true
+	}
+	var gs grpcstatus
+	if errors.As(err, &gs) {
+		if gs.GRPCStatus() == nil {
+			// Error wraps an error that has status nil, which maps
+			// to codes.OK.  There is no sensible behavior for this,
+			// so we turn it into an error with codes.Unknown and
+			// discard the existing status.
+			return New(codes.Unknown, err.Error()), false
+		}
+		p := gs.GRPCStatus().Proto()
+		p.Message = err.Error()
+		return status.FromProto(p), true
 	}
 	return New(codes.Unknown, err.Error()), false
 }
@@ -103,19 +131,16 @@ func Convert(err error) *Status {
 	return s
 }
 
-// Code returns the Code of the error if it is a Status error, codes.OK if err
-// is nil, or codes.Unknown otherwise.
+// Code returns the Code of the error if it is a Status error or if it wraps a
+// Status error. If that is not the case, it returns codes.OK if err is nil, or
+// codes.Unknown otherwise.
 func Code(err error) codes.Code {
 	// Don't use FromError to avoid allocation of OK status.
 	if err == nil {
 		return codes.OK
 	}
-	if se, ok := err.(interface {
-		GRPCStatus() *Status
-	}); ok {
-		return se.GRPCStatus().Code()
-	}
-	return codes.Unknown
+
+	return Convert(err).Code()
 }
 
 // FromContextError converts a context error or wrapped context error into a
diff --git a/vendor/google.golang.org/grpc/stream.go b/vendor/google.golang.org/grpc/stream.go
index 93231af2a..10092685b 100644
--- a/vendor/google.golang.org/grpc/stream.go
+++ b/vendor/google.golang.org/grpc/stream.go
@@ -123,6 +123,9 @@ type ClientStream interface {
 	// calling RecvMsg on the same stream at the same time, but it is not safe
 	// to call SendMsg on the same stream in different goroutines. It is also
 	// not safe to call CloseSend concurrently with SendMsg.
+	//
+	// It is not safe to modify the message after calling SendMsg. Tracing
+	// libraries and stats handlers may use the message lazily.
 	SendMsg(m interface{}) error
 	// RecvMsg blocks until it receives a message into m or the stream is
 	// done. It returns io.EOF when the stream completes successfully. On
@@ -152,6 +155,11 @@ type ClientStream interface {
 // If none of the above happen, a goroutine and a context will be leaked, and grpc
 // will not call the optionally-configured stats handler with a stats.End message.
 func (cc *ClientConn) NewStream(ctx context.Context, desc *StreamDesc, method string, opts ...CallOption) (ClientStream, error) {
+	if err := cc.idlenessMgr.onCallBegin(); err != nil {
+		return nil, err
+	}
+	defer cc.idlenessMgr.onCallEnd()
+
 	// allow interceptor to see all applicable call options, which means those
 	// configured as defaults from dial option as well as per-call options
 	opts = combine(cc.dopts.callOptions, opts)
@@ -168,10 +176,19 @@ func NewClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth
 }
 
 func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, method string, opts ...CallOption) (_ ClientStream, err error) {
-	if md, _, ok := metadata.FromOutgoingContextRaw(ctx); ok {
+	if md, added, ok := metadata.FromOutgoingContextRaw(ctx); ok {
+		// validate md
 		if err := imetadata.Validate(md); err != nil {
 			return nil, status.Error(codes.Internal, err.Error())
 		}
+		// validate added
+		for _, kvs := range added {
+			for i := 0; i < len(kvs); i += 2 {
+				if err := imetadata.ValidatePair(kvs[i], kvs[i+1]); err != nil {
+					return nil, status.Error(codes.Internal, err.Error())
+				}
+			}
+		}
 	}
 	if channelz.IsOn() {
 		cc.incrCallsStarted()
@@ -352,7 +369,7 @@ func newClientStreamWithParams(ctx context.Context, desc *StreamDesc, cc *Client
 			}
 		}
 		for _, binlog := range cs.binlogs {
-			binlog.Log(logEntry)
+			binlog.Log(cs.ctx, logEntry)
 		}
 	}
 
@@ -460,7 +477,7 @@ func (a *csAttempt) newStream() error {
 	// It is safe to overwrite the csAttempt's context here, since all state
 	// maintained in it are local to the attempt. When the attempt has to be
 	// retried, a new instance of csAttempt will be created.
-	if a.pickResult.Metatada != nil {
+	if a.pickResult.Metadata != nil {
 		// We currently do not have a function it the metadata package which
 		// merges given metadata with existing metadata in a context. Existing
 		// function `AppendToOutgoingContext()` takes a variadic argument of key
@@ -470,7 +487,7 @@ func (a *csAttempt) newStream() error {
 		// in a form passable to AppendToOutgoingContext(), or create a version
 		// of AppendToOutgoingContext() that accepts a metadata.MD.
 		md, _ := metadata.FromOutgoingContext(a.ctx)
-		md = metadata.Join(md, a.pickResult.Metatada)
+		md = metadata.Join(md, a.pickResult.Metadata)
 		a.ctx = metadata.NewOutgoingContext(a.ctx, md)
 	}
 
@@ -800,7 +817,7 @@ func (cs *clientStream) Header() (metadata.MD, error) {
 		}
 		cs.serverHeaderBinlogged = true
 		for _, binlog := range cs.binlogs {
-			binlog.Log(logEntry)
+			binlog.Log(cs.ctx, logEntry)
 		}
 	}
 	return m, nil
@@ -881,7 +898,7 @@ func (cs *clientStream) SendMsg(m interface{}) (err error) {
 			Message:      data,
 		}
 		for _, binlog := range cs.binlogs {
-			binlog.Log(cm)
+			binlog.Log(cs.ctx, cm)
 		}
 	}
 	return err
@@ -905,7 +922,7 @@ func (cs *clientStream) RecvMsg(m interface{}) error {
 			Message:      recvInfo.uncompressedBytes,
 		}
 		for _, binlog := range cs.binlogs {
-			binlog.Log(sm)
+			binlog.Log(cs.ctx, sm)
 		}
 	}
 	if err != nil || !cs.desc.ServerStreams {
@@ -926,7 +943,7 @@ func (cs *clientStream) RecvMsg(m interface{}) error {
 				logEntry.PeerAddr = peer.Addr
 			}
 			for _, binlog := range cs.binlogs {
-				binlog.Log(logEntry)
+				binlog.Log(cs.ctx, logEntry)
 			}
 		}
 	}
@@ -953,7 +970,7 @@ func (cs *clientStream) CloseSend() error {
 			OnClientSide: true,
 		}
 		for _, binlog := range cs.binlogs {
-			binlog.Log(chc)
+			binlog.Log(cs.ctx, chc)
 		}
 	}
 	// We never returned an error here for reasons.
@@ -971,6 +988,9 @@ func (cs *clientStream) finish(err error) {
 		return
 	}
 	cs.finished = true
+	for _, onFinish := range cs.callInfo.onFinish {
+		onFinish(err)
+	}
 	cs.commitAttemptLocked()
 	if cs.attempt != nil {
 		cs.attempt.finish(err)
@@ -992,7 +1012,7 @@ func (cs *clientStream) finish(err error) {
 			OnClientSide: true,
 		}
 		for _, binlog := range cs.binlogs {
-			binlog.Log(c)
+			binlog.Log(cs.ctx, c)
 		}
 	}
 	if err == nil {
@@ -1081,9 +1101,10 @@ func (a *csAttempt) recvMsg(m interface{}, payInfo *payloadInfo) (err error) {
 			RecvTime: time.Now(),
 			Payload:  m,
 			// TODO truncate large payload.
-			Data:       payInfo.uncompressedBytes,
-			WireLength: payInfo.wireLength + headerLen,
-			Length:     len(payInfo.uncompressedBytes),
+			Data:             payInfo.uncompressedBytes,
+			WireLength:       payInfo.compressedLength + headerLen,
+			CompressedLength: payInfo.compressedLength,
+			Length:           len(payInfo.uncompressedBytes),
 		})
 	}
 	if channelz.IsOn() {
@@ -1252,14 +1273,19 @@ func newNonRetryClientStream(ctx context.Context, desc *StreamDesc, method strin
 	as.p = &parser{r: s}
 	ac.incrCallsStarted()
 	if desc != unaryStreamDesc {
-		// Listen on cc and stream contexts to cleanup when the user closes the
-		// ClientConn or cancels the stream context.  In all other cases, an error
-		// should already be injected into the recv buffer by the transport, which
-		// the client will eventually receive, and then we will cancel the stream's
-		// context in clientStream.finish.
+		// Listen on stream context to cleanup when the stream context is
+		// canceled.  Also listen for the addrConn's context in case the
+		// addrConn is closed or reconnects to a different address.  In all
+		// other cases, an error should already be injected into the recv
+		// buffer by the transport, which the client will eventually receive,
+		// and then we will cancel the stream's context in
+		// addrConnStream.finish.
 		go func() {
+			ac.mu.Lock()
+			acCtx := ac.ctx
+			ac.mu.Unlock()
 			select {
-			case <-ac.ctx.Done():
+			case <-acCtx.Done():
 				as.finish(status.Error(codes.Canceled, "grpc: the SubConn is closing"))
 			case <-ctx.Done():
 				as.finish(toRPCErr(ctx.Err()))
@@ -1511,6 +1537,8 @@ type serverStream struct {
 	comp   encoding.Compressor
 	decomp encoding.Compressor
 
+	sendCompressorName string
+
 	maxReceiveMessageSize int
 	maxSendMessageSize    int
 	trInfo                *traceInfo
@@ -1558,7 +1586,7 @@ func (ss *serverStream) SendHeader(md metadata.MD) error {
 		}
 		ss.serverHeaderBinlogged = true
 		for _, binlog := range ss.binlogs {
-			binlog.Log(sh)
+			binlog.Log(ss.ctx, sh)
 		}
 	}
 	return err
@@ -1603,6 +1631,13 @@ func (ss *serverStream) SendMsg(m interface{}) (err error) {
 		}
 	}()
 
+	// Server handler could have set new compressor by calling SetSendCompressor.
+	// In case it is set, we need to use it for compressing outbound message.
+	if sendCompressorsName := ss.s.SendCompress(); sendCompressorsName != ss.sendCompressorName {
+		ss.comp = encoding.GetCompressor(sendCompressorsName)
+		ss.sendCompressorName = sendCompressorsName
+	}
+
 	// load hdr, payload, data
 	hdr, payload, data, err := prepareMsg(m, ss.codec, ss.cp, ss.comp)
 	if err != nil {
@@ -1624,14 +1659,14 @@ func (ss *serverStream) SendMsg(m interface{}) (err error) {
 			}
 			ss.serverHeaderBinlogged = true
 			for _, binlog := range ss.binlogs {
-				binlog.Log(sh)
+				binlog.Log(ss.ctx, sh)
 			}
 		}
 		sm := &binarylog.ServerMessage{
 			Message: data,
 		}
 		for _, binlog := range ss.binlogs {
-			binlog.Log(sm)
+			binlog.Log(ss.ctx, sm)
 		}
 	}
 	if len(ss.statsHandler) != 0 {
@@ -1679,7 +1714,7 @@ func (ss *serverStream) RecvMsg(m interface{}) (err error) {
 			if len(ss.binlogs) != 0 {
 				chc := &binarylog.ClientHalfClose{}
 				for _, binlog := range ss.binlogs {
-					binlog.Log(chc)
+					binlog.Log(ss.ctx, chc)
 				}
 			}
 			return err
@@ -1695,9 +1730,10 @@ func (ss *serverStream) RecvMsg(m interface{}) (err error) {
 				RecvTime: time.Now(),
 				Payload:  m,
 				// TODO truncate large payload.
-				Data:       payInfo.uncompressedBytes,
-				WireLength: payInfo.wireLength + headerLen,
-				Length:     len(payInfo.uncompressedBytes),
+				Data:             payInfo.uncompressedBytes,
+				Length:           len(payInfo.uncompressedBytes),
+				WireLength:       payInfo.compressedLength + headerLen,
+				CompressedLength: payInfo.compressedLength,
 			})
 		}
 	}
@@ -1706,7 +1742,7 @@ func (ss *serverStream) RecvMsg(m interface{}) (err error) {
 			Message: payInfo.uncompressedBytes,
 		}
 		for _, binlog := range ss.binlogs {
-			binlog.Log(cm)
+			binlog.Log(ss.ctx, cm)
 		}
 	}
 	return nil
diff --git a/vendor/google.golang.org/grpc/version.go b/vendor/google.golang.org/grpc/version.go
index fe552c315..3cc754062 100644
--- a/vendor/google.golang.org/grpc/version.go
+++ b/vendor/google.golang.org/grpc/version.go
@@ -19,4 +19,4 @@
 package grpc
 
 // Version is the current grpc version.
-const Version = "1.53.0"
+const Version = "1.56.3"
diff --git a/vendor/google.golang.org/grpc/vet.sh b/vendor/google.golang.org/grpc/vet.sh
index 3728aed04..a8e4732b3 100644
--- a/vendor/google.golang.org/grpc/vet.sh
+++ b/vendor/google.golang.org/grpc/vet.sh
@@ -41,16 +41,8 @@ if [[ "$1" = "-install" ]]; then
     github.com/client9/misspell/cmd/misspell
   popd
   if [[ -z "${VET_SKIP_PROTO}" ]]; then
-    if [[ "${TRAVIS}" = "true" ]]; then
-      PROTOBUF_VERSION=3.14.0
-      PROTOC_FILENAME=protoc-${PROTOBUF_VERSION}-linux-x86_64.zip
-      pushd /home/travis
-      wget https://github.com/google/protobuf/releases/download/v${PROTOBUF_VERSION}/${PROTOC_FILENAME}
-      unzip ${PROTOC_FILENAME}
-      bin/protoc --version
-      popd
-    elif [[ "${GITHUB_ACTIONS}" = "true" ]]; then
-      PROTOBUF_VERSION=3.14.0
+    if [[ "${GITHUB_ACTIONS}" = "true" ]]; then
+      PROTOBUF_VERSION=22.0 # a.k.a v4.22.0 in pb.go files.
       PROTOC_FILENAME=protoc-${PROTOBUF_VERSION}-linux-x86_64.zip
       pushd /home/runner/go
       wget https://github.com/google/protobuf/releases/download/v${PROTOBUF_VERSION}/${PROTOC_FILENAME}
@@ -68,8 +60,7 @@ fi
 
 # - Check that generated proto files are up to date.
 if [[ -z "${VET_SKIP_PROTO}" ]]; then
-  PATH="/home/travis/bin:${PATH}" make proto && \
-    git status --porcelain 2>&1 | fail_on_output || \
+  make proto && git status --porcelain 2>&1 | fail_on_output || \
     (git status; git --no-pager diff; exit 1)
 fi
 
diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/doc.go b/vendor/google.golang.org/protobuf/encoding/protojson/doc.go
index 00ea2fecf..21d5d2cb1 100644
--- a/vendor/google.golang.org/protobuf/encoding/protojson/doc.go
+++ b/vendor/google.golang.org/protobuf/encoding/protojson/doc.go
@@ -4,7 +4,7 @@
 
 // Package protojson marshals and unmarshals protocol buffer messages as JSON
 // format. It follows the guide at
-// https://developers.google.com/protocol-buffers/docs/proto3#json.
+// https://protobuf.dev/programming-guides/proto3#json.
 //
 // This package produces a different output than the standard "encoding/json"
 // package, which does not operate correctly on protocol buffer messages.
diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/encode.go b/vendor/google.golang.org/protobuf/encoding/protojson/encode.go
index d09d22e13..66b95870e 100644
--- a/vendor/google.golang.org/protobuf/encoding/protojson/encode.go
+++ b/vendor/google.golang.org/protobuf/encoding/protojson/encode.go
@@ -106,13 +106,19 @@ func (o MarshalOptions) Format(m proto.Message) string {
 // MarshalOptions. Do not depend on the output being stable. It may change over
 // time across different versions of the program.
 func (o MarshalOptions) Marshal(m proto.Message) ([]byte, error) {
-	return o.marshal(m)
+	return o.marshal(nil, m)
+}
+
+// MarshalAppend appends the JSON format encoding of m to b,
+// returning the result.
+func (o MarshalOptions) MarshalAppend(b []byte, m proto.Message) ([]byte, error) {
+	return o.marshal(b, m)
 }
 
 // marshal is a centralized function that all marshal operations go through.
 // For profiling purposes, avoid changing the name of this function or
 // introducing other code paths for marshal that do not go through this.
-func (o MarshalOptions) marshal(m proto.Message) ([]byte, error) {
+func (o MarshalOptions) marshal(b []byte, m proto.Message) ([]byte, error) {
 	if o.Multiline && o.Indent == "" {
 		o.Indent = defaultIndent
 	}
@@ -120,7 +126,7 @@ func (o MarshalOptions) marshal(m proto.Message) ([]byte, error) {
 		o.Resolver = protoregistry.GlobalTypes
 	}
 
-	internalEnc, err := json.NewEncoder(o.Indent)
+	internalEnc, err := json.NewEncoder(b, o.Indent)
 	if err != nil {
 		return nil, err
 	}
@@ -128,7 +134,7 @@ func (o MarshalOptions) marshal(m proto.Message) ([]byte, error) {
 	// Treat nil message interface as an empty message,
 	// in which case the output in an empty JSON object.
 	if m == nil {
-		return []byte("{}"), nil
+		return append(b, '{', '}'), nil
 	}
 
 	enc := encoder{internalEnc, o}
diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go
index c85f84694..6c37d4174 100644
--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go
+++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go
@@ -814,16 +814,22 @@ func (d decoder) unmarshalTimestamp(m protoreflect.Message) error {
 		return d.unexpectedTokenError(tok)
 	}
 
-	t, err := time.Parse(time.RFC3339Nano, tok.ParsedString())
+	s := tok.ParsedString()
+	t, err := time.Parse(time.RFC3339Nano, s)
 	if err != nil {
 		return d.newError(tok.Pos(), "invalid %v value %v", genid.Timestamp_message_fullname, tok.RawString())
 	}
-	// Validate seconds. No need to validate nanos because time.Parse would have
-	// covered that already.
+	// Validate seconds.
 	secs := t.Unix()
 	if secs < minTimestampSeconds || secs > maxTimestampSeconds {
 		return d.newError(tok.Pos(), "%v value out of range: %v", genid.Timestamp_message_fullname, tok.RawString())
 	}
+	// Validate subseconds.
+	i := strings.LastIndexByte(s, '.')  // start of subsecond field
+	j := strings.LastIndexAny(s, "Z-+") // start of timezone field
+	if i >= 0 && j >= i && j-i > len(".999999999") {
+		return d.newError(tok.Pos(), "invalid %v value %v", genid.Timestamp_message_fullname, tok.RawString())
+	}
 
 	fds := m.Descriptor().Fields()
 	fdSeconds := fds.ByNumber(genid.Timestamp_Seconds_field_number)
diff --git a/vendor/google.golang.org/protobuf/encoding/prototext/encode.go b/vendor/google.golang.org/protobuf/encoding/prototext/encode.go
index ebf6c6528..722a7b41d 100644
--- a/vendor/google.golang.org/protobuf/encoding/prototext/encode.go
+++ b/vendor/google.golang.org/protobuf/encoding/prototext/encode.go
@@ -101,13 +101,19 @@ func (o MarshalOptions) Format(m proto.Message) string {
 // MarshalOptions object. Do not depend on the output being stable. It may
 // change over time across different versions of the program.
 func (o MarshalOptions) Marshal(m proto.Message) ([]byte, error) {
-	return o.marshal(m)
+	return o.marshal(nil, m)
+}
+
+// MarshalAppend appends the textproto format encoding of m to b,
+// returning the result.
+func (o MarshalOptions) MarshalAppend(b []byte, m proto.Message) ([]byte, error) {
+	return o.marshal(b, m)
 }
 
 // marshal is a centralized function that all marshal operations go through.
 // For profiling purposes, avoid changing the name of this function or
 // introducing other code paths for marshal that do not go through this.
-func (o MarshalOptions) marshal(m proto.Message) ([]byte, error) {
+func (o MarshalOptions) marshal(b []byte, m proto.Message) ([]byte, error) {
 	var delims = [2]byte{'{', '}'}
 
 	if o.Multiline && o.Indent == "" {
@@ -117,7 +123,7 @@ func (o MarshalOptions) marshal(m proto.Message) ([]byte, error) {
 		o.Resolver = protoregistry.GlobalTypes
 	}
 
-	internalEnc, err := text.NewEncoder(o.Indent, delims, o.EmitASCII)
+	internalEnc, err := text.NewEncoder(b, o.Indent, delims, o.EmitASCII)
 	if err != nil {
 		return nil, err
 	}
@@ -125,7 +131,7 @@ func (o MarshalOptions) marshal(m proto.Message) ([]byte, error) {
 	// Treat nil message interface as an empty message,
 	// in which case there is nothing to output.
 	if m == nil {
-		return []byte{}, nil
+		return b, nil
 	}
 
 	enc := encoder{internalEnc, o}
diff --git a/vendor/google.golang.org/protobuf/encoding/protowire/wire.go b/vendor/google.golang.org/protobuf/encoding/protowire/wire.go
index ce57f57eb..f4b4686cf 100644
--- a/vendor/google.golang.org/protobuf/encoding/protowire/wire.go
+++ b/vendor/google.golang.org/protobuf/encoding/protowire/wire.go
@@ -3,7 +3,7 @@
 // license that can be found in the LICENSE file.
 
 // Package protowire parses and formats the raw wire encoding.
-// See https://developers.google.com/protocol-buffers/docs/encoding.
+// See https://protobuf.dev/programming-guides/encoding.
 //
 // For marshaling and unmarshaling entire protobuf messages,
 // use the "google.golang.org/protobuf/proto" package instead.
@@ -29,12 +29,8 @@ const (
 )
 
 // IsValid reports whether the field number is semantically valid.
-//
-// Note that while numbers within the reserved range are semantically invalid,
-// they are syntactically valid in the wire format.
-// Implementations may treat records with reserved field numbers as unknown.
 func (n Number) IsValid() bool {
-	return MinValidNumber <= n && n < FirstReservedNumber || LastReservedNumber < n && n <= MaxValidNumber
+	return MinValidNumber <= n && n <= MaxValidNumber
 }
 
 // Type represents the wire type.
diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go
index b13fd29e8..d043a6ebe 100644
--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go
+++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go
@@ -294,7 +294,7 @@ func (d *Decoder) isValueNext() bool {
 }
 
 // consumeToken constructs a Token for given Kind with raw value derived from
-// current d.in and given size, and consumes the given size-lenght of it.
+// current d.in and given size, and consumes the given size-length of it.
 func (d *Decoder) consumeToken(kind Kind, size int) Token {
 	tok := Token{
 		kind: kind,
diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/encode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/encode.go
index fbdf34873..934f2dcb3 100644
--- a/vendor/google.golang.org/protobuf/internal/encoding/json/encode.go
+++ b/vendor/google.golang.org/protobuf/internal/encoding/json/encode.go
@@ -41,8 +41,10 @@ type Encoder struct {
 //
 // If indent is a non-empty string, it causes every entry for an Array or Object
 // to be preceded by the indent and trailed by a newline.
-func NewEncoder(indent string) (*Encoder, error) {
-	e := &Encoder{}
+func NewEncoder(buf []byte, indent string) (*Encoder, error) {
+	e := &Encoder{
+		out: buf,
+	}
 	if len(indent) > 0 {
 		if strings.Trim(indent, " \t") != "" {
 			return nil, errors.New("indent may only be composed of space or tab characters")
@@ -176,13 +178,13 @@ func appendFloat(out []byte, n float64, bitSize int) []byte {
 // WriteInt writes out the given signed integer in JSON number value.
 func (e *Encoder) WriteInt(n int64) {
 	e.prepareNext(scalar)
-	e.out = append(e.out, strconv.FormatInt(n, 10)...)
+	e.out = strconv.AppendInt(e.out, n, 10)
 }
 
 // WriteUint writes out the given unsigned integer in JSON number value.
 func (e *Encoder) WriteUint(n uint64) {
 	e.prepareNext(scalar)
-	e.out = append(e.out, strconv.FormatUint(n, 10)...)
+	e.out = strconv.AppendUint(e.out, n, 10)
 }
 
 // StartObject writes out the '{' symbol.
diff --git a/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go
index 427c62d03..87853e786 100644
--- a/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go
+++ b/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go
@@ -412,12 +412,13 @@ func (d *Decoder) parseFieldName() (tok Token, err error) {
 	// Field number. Identify if input is a valid number that is not negative
 	// and is decimal integer within 32-bit range.
 	if num := parseNumber(d.in); num.size > 0 {
+		str := num.string(d.in)
 		if !num.neg && num.kind == numDec {
-			if _, err := strconv.ParseInt(string(d.in[:num.size]), 10, 32); err == nil {
+			if _, err := strconv.ParseInt(str, 10, 32); err == nil {
 				return d.consumeToken(Name, num.size, uint8(FieldNumber)), nil
 			}
 		}
-		return Token{}, d.newSyntaxError("invalid field number: %s", d.in[:num.size])
+		return Token{}, d.newSyntaxError("invalid field number: %s", str)
 	}
 
 	return Token{}, d.newSyntaxError("invalid field name: %s", errId(d.in))
diff --git a/vendor/google.golang.org/protobuf/internal/encoding/text/decode_number.go b/vendor/google.golang.org/protobuf/internal/encoding/text/decode_number.go
index 81a5d8c86..45c81f029 100644
--- a/vendor/google.golang.org/protobuf/internal/encoding/text/decode_number.go
+++ b/vendor/google.golang.org/protobuf/internal/encoding/text/decode_number.go
@@ -15,17 +15,12 @@ func (d *Decoder) parseNumberValue() (Token, bool) {
 	if num.neg {
 		numAttrs |= isNegative
 	}
-	strSize := num.size
-	last := num.size - 1
-	if num.kind == numFloat && (d.in[last] == 'f' || d.in[last] == 'F') {
-		strSize = last
-	}
 	tok := Token{
 		kind:     Scalar,
 		attrs:    numberValue,
 		pos:      len(d.orig) - len(d.in),
 		raw:      d.in[:num.size],
-		str:      string(d.in[:strSize]),
+		str:      num.string(d.in),
 		numAttrs: numAttrs,
 	}
 	d.consume(num.size)
@@ -46,6 +41,27 @@ type number struct {
 	kind uint8
 	neg  bool
 	size int
+	// if neg, this is the length of whitespace and comments between
+	// the minus sign and the rest fo the number literal
+	sep int
+}
+
+func (num number) string(data []byte) string {
+	strSize := num.size
+	last := num.size - 1
+	if num.kind == numFloat && (data[last] == 'f' || data[last] == 'F') {
+		strSize = last
+	}
+	if num.neg && num.sep > 0 {
+		// strip whitespace/comments between negative sign and the rest
+		strLen := strSize - num.sep
+		str := make([]byte, strLen)
+		str[0] = data[0]
+		copy(str[1:], data[num.sep+1:strSize])
+		return string(str)
+	}
+	return string(data[:strSize])
+
 }
 
 // parseNumber constructs a number object from given input. It allows for the
@@ -67,19 +83,22 @@ func parseNumber(input []byte) number {
 	}
 
 	// Optional -
+	var sep int
 	if s[0] == '-' {
 		neg = true
 		s = s[1:]
 		size++
+		// Consume any whitespace or comments between the
+		// negative sign and the rest of the number
+		lenBefore := len(s)
+		s = consume(s, 0)
+		sep = lenBefore - len(s)
+		size += sep
 		if len(s) == 0 {
 			return number{}
 		}
 	}
 
-	// C++ allows for whitespace and comments in between the negative sign and
-	// the rest of the number. This logic currently does not but is consistent
-	// with v1.
-
 	switch {
 	case s[0] == '0':
 		if len(s) > 1 {
@@ -116,7 +135,7 @@ func parseNumber(input []byte) number {
 				if len(s) > 0 && !isDelim(s[0]) {
 					return number{}
 				}
-				return number{kind: kind, neg: neg, size: size}
+				return number{kind: kind, neg: neg, size: size, sep: sep}
 			}
 		}
 		s = s[1:]
@@ -188,5 +207,5 @@ func parseNumber(input []byte) number {
 		return number{}
 	}
 
-	return number{kind: kind, neg: neg, size: size}
+	return number{kind: kind, neg: neg, size: size, sep: sep}
 }
diff --git a/vendor/google.golang.org/protobuf/internal/encoding/text/encode.go b/vendor/google.golang.org/protobuf/internal/encoding/text/encode.go
index da289ccce..cf7aed77b 100644
--- a/vendor/google.golang.org/protobuf/internal/encoding/text/encode.go
+++ b/vendor/google.golang.org/protobuf/internal/encoding/text/encode.go
@@ -53,8 +53,10 @@ type encoderState struct {
 // If outputASCII is true, strings will be serialized in such a way that
 // multi-byte UTF-8 sequences are escaped. This property ensures that the
 // overall output is ASCII (as opposed to UTF-8).
-func NewEncoder(indent string, delims [2]byte, outputASCII bool) (*Encoder, error) {
-	e := &Encoder{}
+func NewEncoder(buf []byte, indent string, delims [2]byte, outputASCII bool) (*Encoder, error) {
+	e := &Encoder{
+		encoderState: encoderState{out: buf},
+	}
 	if len(indent) > 0 {
 		if strings.Trim(indent, " \t") != "" {
 			return nil, errors.New("indent may only be composed of space and tab characters")
@@ -195,13 +197,13 @@ func appendFloat(out []byte, n float64, bitSize int) []byte {
 // WriteInt writes out the given signed integer value.
 func (e *Encoder) WriteInt(n int64) {
 	e.prepareNext(scalar)
-	e.out = append(e.out, strconv.FormatInt(n, 10)...)
+	e.out = strconv.AppendInt(e.out, n, 10)
 }
 
 // WriteUint writes out the given unsigned integer value.
 func (e *Encoder) WriteUint(n uint64) {
 	e.prepareNext(scalar)
-	e.out = append(e.out, strconv.FormatUint(n, 10)...)
+	e.out = strconv.AppendUint(e.out, n, 10)
 }
 
 // WriteLiteral writes out the given string as a literal value without quotes.
diff --git a/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go b/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go
index e3cdf1c20..136f1b215 100644
--- a/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go
+++ b/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go
@@ -50,6 +50,7 @@ const (
 	FileDescriptorProto_Options_field_name          protoreflect.Name = "options"
 	FileDescriptorProto_SourceCodeInfo_field_name   protoreflect.Name = "source_code_info"
 	FileDescriptorProto_Syntax_field_name           protoreflect.Name = "syntax"
+	FileDescriptorProto_Edition_field_name          protoreflect.Name = "edition"
 
 	FileDescriptorProto_Name_field_fullname             protoreflect.FullName = "google.protobuf.FileDescriptorProto.name"
 	FileDescriptorProto_Package_field_fullname          protoreflect.FullName = "google.protobuf.FileDescriptorProto.package"
@@ -63,6 +64,7 @@ const (
 	FileDescriptorProto_Options_field_fullname          protoreflect.FullName = "google.protobuf.FileDescriptorProto.options"
 	FileDescriptorProto_SourceCodeInfo_field_fullname   protoreflect.FullName = "google.protobuf.FileDescriptorProto.source_code_info"
 	FileDescriptorProto_Syntax_field_fullname           protoreflect.FullName = "google.protobuf.FileDescriptorProto.syntax"
+	FileDescriptorProto_Edition_field_fullname          protoreflect.FullName = "google.protobuf.FileDescriptorProto.edition"
 )
 
 // Field numbers for google.protobuf.FileDescriptorProto.
@@ -79,6 +81,7 @@ const (
 	FileDescriptorProto_Options_field_number          protoreflect.FieldNumber = 8
 	FileDescriptorProto_SourceCodeInfo_field_number   protoreflect.FieldNumber = 9
 	FileDescriptorProto_Syntax_field_number           protoreflect.FieldNumber = 12
+	FileDescriptorProto_Edition_field_number          protoreflect.FieldNumber = 13
 )
 
 // Names for google.protobuf.DescriptorProto.
@@ -180,13 +183,58 @@ const (
 // Field names for google.protobuf.ExtensionRangeOptions.
 const (
 	ExtensionRangeOptions_UninterpretedOption_field_name protoreflect.Name = "uninterpreted_option"
+	ExtensionRangeOptions_Declaration_field_name         protoreflect.Name = "declaration"
+	ExtensionRangeOptions_Verification_field_name        protoreflect.Name = "verification"
 
 	ExtensionRangeOptions_UninterpretedOption_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.uninterpreted_option"
+	ExtensionRangeOptions_Declaration_field_fullname         protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.declaration"
+	ExtensionRangeOptions_Verification_field_fullname        protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.verification"
 )
 
 // Field numbers for google.protobuf.ExtensionRangeOptions.
 const (
 	ExtensionRangeOptions_UninterpretedOption_field_number protoreflect.FieldNumber = 999
+	ExtensionRangeOptions_Declaration_field_number         protoreflect.FieldNumber = 2
+	ExtensionRangeOptions_Verification_field_number        protoreflect.FieldNumber = 3
+)
+
+// Full and short names for google.protobuf.ExtensionRangeOptions.VerificationState.
+const (
+	ExtensionRangeOptions_VerificationState_enum_fullname = "google.protobuf.ExtensionRangeOptions.VerificationState"
+	ExtensionRangeOptions_VerificationState_enum_name     = "VerificationState"
+)
+
+// Names for google.protobuf.ExtensionRangeOptions.Declaration.
+const (
+	ExtensionRangeOptions_Declaration_message_name     protoreflect.Name     = "Declaration"
+	ExtensionRangeOptions_Declaration_message_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration"
+)
+
+// Field names for google.protobuf.ExtensionRangeOptions.Declaration.
+const (
+	ExtensionRangeOptions_Declaration_Number_field_name     protoreflect.Name = "number"
+	ExtensionRangeOptions_Declaration_FullName_field_name   protoreflect.Name = "full_name"
+	ExtensionRangeOptions_Declaration_Type_field_name       protoreflect.Name = "type"
+	ExtensionRangeOptions_Declaration_IsRepeated_field_name protoreflect.Name = "is_repeated"
+	ExtensionRangeOptions_Declaration_Reserved_field_name   protoreflect.Name = "reserved"
+	ExtensionRangeOptions_Declaration_Repeated_field_name   protoreflect.Name = "repeated"
+
+	ExtensionRangeOptions_Declaration_Number_field_fullname     protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.number"
+	ExtensionRangeOptions_Declaration_FullName_field_fullname   protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.full_name"
+	ExtensionRangeOptions_Declaration_Type_field_fullname       protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.type"
+	ExtensionRangeOptions_Declaration_IsRepeated_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.is_repeated"
+	ExtensionRangeOptions_Declaration_Reserved_field_fullname   protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.reserved"
+	ExtensionRangeOptions_Declaration_Repeated_field_fullname   protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.repeated"
+)
+
+// Field numbers for google.protobuf.ExtensionRangeOptions.Declaration.
+const (
+	ExtensionRangeOptions_Declaration_Number_field_number     protoreflect.FieldNumber = 1
+	ExtensionRangeOptions_Declaration_FullName_field_number   protoreflect.FieldNumber = 2
+	ExtensionRangeOptions_Declaration_Type_field_number       protoreflect.FieldNumber = 3
+	ExtensionRangeOptions_Declaration_IsRepeated_field_number protoreflect.FieldNumber = 4
+	ExtensionRangeOptions_Declaration_Reserved_field_number   protoreflect.FieldNumber = 5
+	ExtensionRangeOptions_Declaration_Repeated_field_number   protoreflect.FieldNumber = 6
 )
 
 // Names for google.protobuf.FieldDescriptorProto.
@@ -494,26 +542,29 @@ const (
 
 // Field names for google.protobuf.MessageOptions.
 const (
-	MessageOptions_MessageSetWireFormat_field_name         protoreflect.Name = "message_set_wire_format"
-	MessageOptions_NoStandardDescriptorAccessor_field_name protoreflect.Name = "no_standard_descriptor_accessor"
-	MessageOptions_Deprecated_field_name                   protoreflect.Name = "deprecated"
-	MessageOptions_MapEntry_field_name                     protoreflect.Name = "map_entry"
-	MessageOptions_UninterpretedOption_field_name          protoreflect.Name = "uninterpreted_option"
+	MessageOptions_MessageSetWireFormat_field_name               protoreflect.Name = "message_set_wire_format"
+	MessageOptions_NoStandardDescriptorAccessor_field_name       protoreflect.Name = "no_standard_descriptor_accessor"
+	MessageOptions_Deprecated_field_name                         protoreflect.Name = "deprecated"
+	MessageOptions_MapEntry_field_name                           protoreflect.Name = "map_entry"
+	MessageOptions_DeprecatedLegacyJsonFieldConflicts_field_name protoreflect.Name = "deprecated_legacy_json_field_conflicts"
+	MessageOptions_UninterpretedOption_field_name                protoreflect.Name = "uninterpreted_option"
 
-	MessageOptions_MessageSetWireFormat_field_fullname         protoreflect.FullName = "google.protobuf.MessageOptions.message_set_wire_format"
-	MessageOptions_NoStandardDescriptorAccessor_field_fullname protoreflect.FullName = "google.protobuf.MessageOptions.no_standard_descriptor_accessor"
-	MessageOptions_Deprecated_field_fullname                   protoreflect.FullName = "google.protobuf.MessageOptions.deprecated"
-	MessageOptions_MapEntry_field_fullname                     protoreflect.FullName = "google.protobuf.MessageOptions.map_entry"
-	MessageOptions_UninterpretedOption_field_fullname          protoreflect.FullName = "google.protobuf.MessageOptions.uninterpreted_option"
+	MessageOptions_MessageSetWireFormat_field_fullname               protoreflect.FullName = "google.protobuf.MessageOptions.message_set_wire_format"
+	MessageOptions_NoStandardDescriptorAccessor_field_fullname       protoreflect.FullName = "google.protobuf.MessageOptions.no_standard_descriptor_accessor"
+	MessageOptions_Deprecated_field_fullname                         protoreflect.FullName = "google.protobuf.MessageOptions.deprecated"
+	MessageOptions_MapEntry_field_fullname                           protoreflect.FullName = "google.protobuf.MessageOptions.map_entry"
+	MessageOptions_DeprecatedLegacyJsonFieldConflicts_field_fullname protoreflect.FullName = "google.protobuf.MessageOptions.deprecated_legacy_json_field_conflicts"
+	MessageOptions_UninterpretedOption_field_fullname                protoreflect.FullName = "google.protobuf.MessageOptions.uninterpreted_option"
 )
 
 // Field numbers for google.protobuf.MessageOptions.
 const (
-	MessageOptions_MessageSetWireFormat_field_number         protoreflect.FieldNumber = 1
-	MessageOptions_NoStandardDescriptorAccessor_field_number protoreflect.FieldNumber = 2
-	MessageOptions_Deprecated_field_number                   protoreflect.FieldNumber = 3
-	MessageOptions_MapEntry_field_number                     protoreflect.FieldNumber = 7
-	MessageOptions_UninterpretedOption_field_number          protoreflect.FieldNumber = 999
+	MessageOptions_MessageSetWireFormat_field_number               protoreflect.FieldNumber = 1
+	MessageOptions_NoStandardDescriptorAccessor_field_number       protoreflect.FieldNumber = 2
+	MessageOptions_Deprecated_field_number                         protoreflect.FieldNumber = 3
+	MessageOptions_MapEntry_field_number                           protoreflect.FieldNumber = 7
+	MessageOptions_DeprecatedLegacyJsonFieldConflicts_field_number protoreflect.FieldNumber = 11
+	MessageOptions_UninterpretedOption_field_number                protoreflect.FieldNumber = 999
 )
 
 // Names for google.protobuf.FieldOptions.
@@ -528,16 +579,26 @@ const (
 	FieldOptions_Packed_field_name              protoreflect.Name = "packed"
 	FieldOptions_Jstype_field_name              protoreflect.Name = "jstype"
 	FieldOptions_Lazy_field_name                protoreflect.Name = "lazy"
+	FieldOptions_UnverifiedLazy_field_name      protoreflect.Name = "unverified_lazy"
 	FieldOptions_Deprecated_field_name          protoreflect.Name = "deprecated"
 	FieldOptions_Weak_field_name                protoreflect.Name = "weak"
+	FieldOptions_DebugRedact_field_name         protoreflect.Name = "debug_redact"
+	FieldOptions_Retention_field_name           protoreflect.Name = "retention"
+	FieldOptions_Target_field_name              protoreflect.Name = "target"
+	FieldOptions_Targets_field_name             protoreflect.Name = "targets"
 	FieldOptions_UninterpretedOption_field_name protoreflect.Name = "uninterpreted_option"
 
 	FieldOptions_Ctype_field_fullname               protoreflect.FullName = "google.protobuf.FieldOptions.ctype"
 	FieldOptions_Packed_field_fullname              protoreflect.FullName = "google.protobuf.FieldOptions.packed"
 	FieldOptions_Jstype_field_fullname              protoreflect.FullName = "google.protobuf.FieldOptions.jstype"
 	FieldOptions_Lazy_field_fullname                protoreflect.FullName = "google.protobuf.FieldOptions.lazy"
+	FieldOptions_UnverifiedLazy_field_fullname      protoreflect.FullName = "google.protobuf.FieldOptions.unverified_lazy"
 	FieldOptions_Deprecated_field_fullname          protoreflect.FullName = "google.protobuf.FieldOptions.deprecated"
 	FieldOptions_Weak_field_fullname                protoreflect.FullName = "google.protobuf.FieldOptions.weak"
+	FieldOptions_DebugRedact_field_fullname         protoreflect.FullName = "google.protobuf.FieldOptions.debug_redact"
+	FieldOptions_Retention_field_fullname           protoreflect.FullName = "google.protobuf.FieldOptions.retention"
+	FieldOptions_Target_field_fullname              protoreflect.FullName = "google.protobuf.FieldOptions.target"
+	FieldOptions_Targets_field_fullname             protoreflect.FullName = "google.protobuf.FieldOptions.targets"
 	FieldOptions_UninterpretedOption_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.uninterpreted_option"
 )
 
@@ -547,8 +608,13 @@ const (
 	FieldOptions_Packed_field_number              protoreflect.FieldNumber = 2
 	FieldOptions_Jstype_field_number              protoreflect.FieldNumber = 6
 	FieldOptions_Lazy_field_number                protoreflect.FieldNumber = 5
+	FieldOptions_UnverifiedLazy_field_number      protoreflect.FieldNumber = 15
 	FieldOptions_Deprecated_field_number          protoreflect.FieldNumber = 3
 	FieldOptions_Weak_field_number                protoreflect.FieldNumber = 10
+	FieldOptions_DebugRedact_field_number         protoreflect.FieldNumber = 16
+	FieldOptions_Retention_field_number           protoreflect.FieldNumber = 17
+	FieldOptions_Target_field_number              protoreflect.FieldNumber = 18
+	FieldOptions_Targets_field_number             protoreflect.FieldNumber = 19
 	FieldOptions_UninterpretedOption_field_number protoreflect.FieldNumber = 999
 )
 
@@ -564,6 +630,18 @@ const (
 	FieldOptions_JSType_enum_name     = "JSType"
 )
 
+// Full and short names for google.protobuf.FieldOptions.OptionRetention.
+const (
+	FieldOptions_OptionRetention_enum_fullname = "google.protobuf.FieldOptions.OptionRetention"
+	FieldOptions_OptionRetention_enum_name     = "OptionRetention"
+)
+
+// Full and short names for google.protobuf.FieldOptions.OptionTargetType.
+const (
+	FieldOptions_OptionTargetType_enum_fullname = "google.protobuf.FieldOptions.OptionTargetType"
+	FieldOptions_OptionTargetType_enum_name     = "OptionTargetType"
+)
+
 // Names for google.protobuf.OneofOptions.
 const (
 	OneofOptions_message_name     protoreflect.Name     = "OneofOptions"
@@ -590,20 +668,23 @@ const (
 
 // Field names for google.protobuf.EnumOptions.
 const (
-	EnumOptions_AllowAlias_field_name          protoreflect.Name = "allow_alias"
-	EnumOptions_Deprecated_field_name          protoreflect.Name = "deprecated"
-	EnumOptions_UninterpretedOption_field_name protoreflect.Name = "uninterpreted_option"
+	EnumOptions_AllowAlias_field_name                         protoreflect.Name = "allow_alias"
+	EnumOptions_Deprecated_field_name                         protoreflect.Name = "deprecated"
+	EnumOptions_DeprecatedLegacyJsonFieldConflicts_field_name protoreflect.Name = "deprecated_legacy_json_field_conflicts"
+	EnumOptions_UninterpretedOption_field_name                protoreflect.Name = "uninterpreted_option"
 
-	EnumOptions_AllowAlias_field_fullname          protoreflect.FullName = "google.protobuf.EnumOptions.allow_alias"
-	EnumOptions_Deprecated_field_fullname          protoreflect.FullName = "google.protobuf.EnumOptions.deprecated"
-	EnumOptions_UninterpretedOption_field_fullname protoreflect.FullName = "google.protobuf.EnumOptions.uninterpreted_option"
+	EnumOptions_AllowAlias_field_fullname                         protoreflect.FullName = "google.protobuf.EnumOptions.allow_alias"
+	EnumOptions_Deprecated_field_fullname                         protoreflect.FullName = "google.protobuf.EnumOptions.deprecated"
+	EnumOptions_DeprecatedLegacyJsonFieldConflicts_field_fullname protoreflect.FullName = "google.protobuf.EnumOptions.deprecated_legacy_json_field_conflicts"
+	EnumOptions_UninterpretedOption_field_fullname                protoreflect.FullName = "google.protobuf.EnumOptions.uninterpreted_option"
 )
 
 // Field numbers for google.protobuf.EnumOptions.
 const (
-	EnumOptions_AllowAlias_field_number          protoreflect.FieldNumber = 2
-	EnumOptions_Deprecated_field_number          protoreflect.FieldNumber = 3
-	EnumOptions_UninterpretedOption_field_number protoreflect.FieldNumber = 999
+	EnumOptions_AllowAlias_field_number                         protoreflect.FieldNumber = 2
+	EnumOptions_Deprecated_field_number                         protoreflect.FieldNumber = 3
+	EnumOptions_DeprecatedLegacyJsonFieldConflicts_field_number protoreflect.FieldNumber = 6
+	EnumOptions_UninterpretedOption_field_number                protoreflect.FieldNumber = 999
 )
 
 // Names for google.protobuf.EnumValueOptions.
@@ -813,11 +894,13 @@ const (
 	GeneratedCodeInfo_Annotation_SourceFile_field_name protoreflect.Name = "source_file"
 	GeneratedCodeInfo_Annotation_Begin_field_name      protoreflect.Name = "begin"
 	GeneratedCodeInfo_Annotation_End_field_name        protoreflect.Name = "end"
+	GeneratedCodeInfo_Annotation_Semantic_field_name   protoreflect.Name = "semantic"
 
 	GeneratedCodeInfo_Annotation_Path_field_fullname       protoreflect.FullName = "google.protobuf.GeneratedCodeInfo.Annotation.path"
 	GeneratedCodeInfo_Annotation_SourceFile_field_fullname protoreflect.FullName = "google.protobuf.GeneratedCodeInfo.Annotation.source_file"
 	GeneratedCodeInfo_Annotation_Begin_field_fullname      protoreflect.FullName = "google.protobuf.GeneratedCodeInfo.Annotation.begin"
 	GeneratedCodeInfo_Annotation_End_field_fullname        protoreflect.FullName = "google.protobuf.GeneratedCodeInfo.Annotation.end"
+	GeneratedCodeInfo_Annotation_Semantic_field_fullname   protoreflect.FullName = "google.protobuf.GeneratedCodeInfo.Annotation.semantic"
 )
 
 // Field numbers for google.protobuf.GeneratedCodeInfo.Annotation.
@@ -826,4 +909,11 @@ const (
 	GeneratedCodeInfo_Annotation_SourceFile_field_number protoreflect.FieldNumber = 2
 	GeneratedCodeInfo_Annotation_Begin_field_number      protoreflect.FieldNumber = 3
 	GeneratedCodeInfo_Annotation_End_field_number        protoreflect.FieldNumber = 4
+	GeneratedCodeInfo_Annotation_Semantic_field_number   protoreflect.FieldNumber = 5
+)
+
+// Full and short names for google.protobuf.GeneratedCodeInfo.Annotation.Semantic.
+const (
+	GeneratedCodeInfo_Annotation_Semantic_enum_fullname = "google.protobuf.GeneratedCodeInfo.Annotation.Semantic"
+	GeneratedCodeInfo_Annotation_Semantic_enum_name     = "Semantic"
 )
diff --git a/vendor/google.golang.org/protobuf/internal/genid/type_gen.go b/vendor/google.golang.org/protobuf/internal/genid/type_gen.go
index 3bc710138..e0f75fea0 100644
--- a/vendor/google.golang.org/protobuf/internal/genid/type_gen.go
+++ b/vendor/google.golang.org/protobuf/internal/genid/type_gen.go
@@ -32,6 +32,7 @@ const (
 	Type_Options_field_name       protoreflect.Name = "options"
 	Type_SourceContext_field_name protoreflect.Name = "source_context"
 	Type_Syntax_field_name        protoreflect.Name = "syntax"
+	Type_Edition_field_name       protoreflect.Name = "edition"
 
 	Type_Name_field_fullname          protoreflect.FullName = "google.protobuf.Type.name"
 	Type_Fields_field_fullname        protoreflect.FullName = "google.protobuf.Type.fields"
@@ -39,6 +40,7 @@ const (
 	Type_Options_field_fullname       protoreflect.FullName = "google.protobuf.Type.options"
 	Type_SourceContext_field_fullname protoreflect.FullName = "google.protobuf.Type.source_context"
 	Type_Syntax_field_fullname        protoreflect.FullName = "google.protobuf.Type.syntax"
+	Type_Edition_field_fullname       protoreflect.FullName = "google.protobuf.Type.edition"
 )
 
 // Field numbers for google.protobuf.Type.
@@ -49,6 +51,7 @@ const (
 	Type_Options_field_number       protoreflect.FieldNumber = 4
 	Type_SourceContext_field_number protoreflect.FieldNumber = 5
 	Type_Syntax_field_number        protoreflect.FieldNumber = 6
+	Type_Edition_field_number       protoreflect.FieldNumber = 7
 )
 
 // Names for google.protobuf.Field.
@@ -121,12 +124,14 @@ const (
 	Enum_Options_field_name       protoreflect.Name = "options"
 	Enum_SourceContext_field_name protoreflect.Name = "source_context"
 	Enum_Syntax_field_name        protoreflect.Name = "syntax"
+	Enum_Edition_field_name       protoreflect.Name = "edition"
 
 	Enum_Name_field_fullname          protoreflect.FullName = "google.protobuf.Enum.name"
 	Enum_Enumvalue_field_fullname     protoreflect.FullName = "google.protobuf.Enum.enumvalue"
 	Enum_Options_field_fullname       protoreflect.FullName = "google.protobuf.Enum.options"
 	Enum_SourceContext_field_fullname protoreflect.FullName = "google.protobuf.Enum.source_context"
 	Enum_Syntax_field_fullname        protoreflect.FullName = "google.protobuf.Enum.syntax"
+	Enum_Edition_field_fullname       protoreflect.FullName = "google.protobuf.Enum.edition"
 )
 
 // Field numbers for google.protobuf.Enum.
@@ -136,6 +141,7 @@ const (
 	Enum_Options_field_number       protoreflect.FieldNumber = 3
 	Enum_SourceContext_field_number protoreflect.FieldNumber = 4
 	Enum_Syntax_field_number        protoreflect.FieldNumber = 5
+	Enum_Edition_field_number       protoreflect.FieldNumber = 6
 )
 
 // Names for google.protobuf.EnumValue.
diff --git a/vendor/google.golang.org/protobuf/internal/impl/convert.go b/vendor/google.golang.org/protobuf/internal/impl/convert.go
index 11a6128ba..185ef2efa 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/convert.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/convert.go
@@ -59,7 +59,6 @@ func NewConverter(t reflect.Type, fd protoreflect.FieldDescriptor) Converter {
 	default:
 		return newSingularConverter(t, fd)
 	}
-	panic(fmt.Sprintf("invalid Go type %v for field %v", t, fd.FullName()))
 }
 
 var (
diff --git a/vendor/google.golang.org/protobuf/internal/order/order.go b/vendor/google.golang.org/protobuf/internal/order/order.go
index 33745ed06..dea522e12 100644
--- a/vendor/google.golang.org/protobuf/internal/order/order.go
+++ b/vendor/google.golang.org/protobuf/internal/order/order.go
@@ -33,7 +33,7 @@ var (
 			return !inOneof(ox) && inOneof(oy)
 		}
 		// Fields in disjoint oneof sets are sorted by declaration index.
-		if ox != nil && oy != nil && ox != oy {
+		if inOneof(ox) && inOneof(oy) && ox != oy {
 			return ox.Index() < oy.Index()
 		}
 		// Fields sorted by field number.
diff --git a/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe.go b/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe.go
index fea589c45..61a84d341 100644
--- a/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe.go
+++ b/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe.go
@@ -87,7 +87,7 @@ func (sb *Builder) grow(n int) {
 	// Unlike strings.Builder, we do not need to copy over the contents
 	// of the old buffer since our builder provides no API for
 	// retrieving previously created strings.
-	sb.buf = make([]byte, 2*(cap(sb.buf)+n))
+	sb.buf = make([]byte, 0, 2*(cap(sb.buf)+n))
 }
 
 func (sb *Builder) last(n int) string {
diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go
index b480c5010..0999f29d5 100644
--- a/vendor/google.golang.org/protobuf/internal/version/version.go
+++ b/vendor/google.golang.org/protobuf/internal/version/version.go
@@ -51,8 +51,8 @@ import (
 //  10. Send out the CL for review and submit it.
 const (
 	Major      = 1
-	Minor      = 28
-	Patch      = 1
+	Minor      = 31
+	Patch      = 0
 	PreRelease = ""
 )
 
diff --git a/vendor/google.golang.org/protobuf/proto/doc.go b/vendor/google.golang.org/protobuf/proto/doc.go
index 08d2a46f5..ec71e717f 100644
--- a/vendor/google.golang.org/protobuf/proto/doc.go
+++ b/vendor/google.golang.org/protobuf/proto/doc.go
@@ -5,16 +5,13 @@
 // Package proto provides functions operating on protocol buffer messages.
 //
 // For documentation on protocol buffers in general, see:
-//
-//	https://developers.google.com/protocol-buffers
+// https://protobuf.dev.
 //
 // For a tutorial on using protocol buffers with Go, see:
-//
-//	https://developers.google.com/protocol-buffers/docs/gotutorial
+// https://protobuf.dev/getting-started/gotutorial.
 //
 // For a guide to generated Go protocol buffer code, see:
-//
-//	https://developers.google.com/protocol-buffers/docs/reference/go-generated
+// https://protobuf.dev/reference/go/go-generated.
 //
 // # Binary serialization
 //
diff --git a/vendor/google.golang.org/protobuf/proto/equal.go b/vendor/google.golang.org/protobuf/proto/equal.go
index 67948dd1d..1a0be1b03 100644
--- a/vendor/google.golang.org/protobuf/proto/equal.go
+++ b/vendor/google.golang.org/protobuf/proto/equal.go
@@ -5,30 +5,39 @@
 package proto
 
 import (
-	"bytes"
-	"math"
 	"reflect"
 
-	"google.golang.org/protobuf/encoding/protowire"
 	"google.golang.org/protobuf/reflect/protoreflect"
 )
 
-// Equal reports whether two messages are equal.
-// If two messages marshal to the same bytes under deterministic serialization,
-// then Equal is guaranteed to report true.
+// Equal reports whether two messages are equal,
+// by recursively comparing the fields of the message.
 //
-// Two messages are equal if they belong to the same message descriptor,
-// have the same set of populated known and extension field values,
-// and the same set of unknown fields values. If either of the top-level
-// messages are invalid, then Equal reports true only if both are invalid.
+//   - Bytes fields are equal if they contain identical bytes.
+//     Empty bytes (regardless of nil-ness) are considered equal.
 //
-// Scalar values are compared with the equivalent of the == operator in Go,
-// except bytes values which are compared using bytes.Equal and
-// floating point values which specially treat NaNs as equal.
-// Message values are compared by recursively calling Equal.
-// Lists are equal if each element value is also equal.
-// Maps are equal if they have the same set of keys, where the pair of values
-// for each key is also equal.
+//   - Floating-point fields are equal if they contain the same value.
+//     Unlike the == operator, a NaN is equal to another NaN.
+//
+//   - Other scalar fields are equal if they contain the same value.
+//
+//   - Message fields are equal if they have
+//     the same set of populated known and extension field values, and
+//     the same set of unknown fields values.
+//
+//   - Lists are equal if they are the same length and
+//     each corresponding element is equal.
+//
+//   - Maps are equal if they have the same set of keys and
+//     the corresponding value for each key is equal.
+//
+// An invalid message is not equal to a valid message.
+// An invalid message is only equal to another invalid message of the
+// same type. An invalid message often corresponds to a nil pointer
+// of the concrete message type. For example, (*pb.M)(nil) is not equal
+// to &pb.M{}.
+// If two valid messages marshal to the same bytes under deterministic
+// serialization, then Equal is guaranteed to report true.
 func Equal(x, y Message) bool {
 	if x == nil || y == nil {
 		return x == nil && y == nil
@@ -42,130 +51,7 @@ func Equal(x, y Message) bool {
 	if mx.IsValid() != my.IsValid() {
 		return false
 	}
-	return equalMessage(mx, my)
-}
-
-// equalMessage compares two messages.
-func equalMessage(mx, my protoreflect.Message) bool {
-	if mx.Descriptor() != my.Descriptor() {
-		return false
-	}
-
-	nx := 0
-	equal := true
-	mx.Range(func(fd protoreflect.FieldDescriptor, vx protoreflect.Value) bool {
-		nx++
-		vy := my.Get(fd)
-		equal = my.Has(fd) && equalField(fd, vx, vy)
-		return equal
-	})
-	if !equal {
-		return false
-	}
-	ny := 0
-	my.Range(func(fd protoreflect.FieldDescriptor, vx protoreflect.Value) bool {
-		ny++
-		return true
-	})
-	if nx != ny {
-		return false
-	}
-
-	return equalUnknown(mx.GetUnknown(), my.GetUnknown())
-}
-
-// equalField compares two fields.
-func equalField(fd protoreflect.FieldDescriptor, x, y protoreflect.Value) bool {
-	switch {
-	case fd.IsList():
-		return equalList(fd, x.List(), y.List())
-	case fd.IsMap():
-		return equalMap(fd, x.Map(), y.Map())
-	default:
-		return equalValue(fd, x, y)
-	}
-}
-
-// equalMap compares two maps.
-func equalMap(fd protoreflect.FieldDescriptor, x, y protoreflect.Map) bool {
-	if x.Len() != y.Len() {
-		return false
-	}
-	equal := true
-	x.Range(func(k protoreflect.MapKey, vx protoreflect.Value) bool {
-		vy := y.Get(k)
-		equal = y.Has(k) && equalValue(fd.MapValue(), vx, vy)
-		return equal
-	})
-	return equal
-}
-
-// equalList compares two lists.
-func equalList(fd protoreflect.FieldDescriptor, x, y protoreflect.List) bool {
-	if x.Len() != y.Len() {
-		return false
-	}
-	for i := x.Len() - 1; i >= 0; i-- {
-		if !equalValue(fd, x.Get(i), y.Get(i)) {
-			return false
-		}
-	}
-	return true
-}
-
-// equalValue compares two singular values.
-func equalValue(fd protoreflect.FieldDescriptor, x, y protoreflect.Value) bool {
-	switch fd.Kind() {
-	case protoreflect.BoolKind:
-		return x.Bool() == y.Bool()
-	case protoreflect.EnumKind:
-		return x.Enum() == y.Enum()
-	case protoreflect.Int32Kind, protoreflect.Sint32Kind,
-		protoreflect.Int64Kind, protoreflect.Sint64Kind,
-		protoreflect.Sfixed32Kind, protoreflect.Sfixed64Kind:
-		return x.Int() == y.Int()
-	case protoreflect.Uint32Kind, protoreflect.Uint64Kind,
-		protoreflect.Fixed32Kind, protoreflect.Fixed64Kind:
-		return x.Uint() == y.Uint()
-	case protoreflect.FloatKind, protoreflect.DoubleKind:
-		fx := x.Float()
-		fy := y.Float()
-		if math.IsNaN(fx) || math.IsNaN(fy) {
-			return math.IsNaN(fx) && math.IsNaN(fy)
-		}
-		return fx == fy
-	case protoreflect.StringKind:
-		return x.String() == y.String()
-	case protoreflect.BytesKind:
-		return bytes.Equal(x.Bytes(), y.Bytes())
-	case protoreflect.MessageKind, protoreflect.GroupKind:
-		return equalMessage(x.Message(), y.Message())
-	default:
-		return x.Interface() == y.Interface()
-	}
-}
-
-// equalUnknown compares unknown fields by direct comparison on the raw bytes
-// of each individual field number.
-func equalUnknown(x, y protoreflect.RawFields) bool {
-	if len(x) != len(y) {
-		return false
-	}
-	if bytes.Equal([]byte(x), []byte(y)) {
-		return true
-	}
-
-	mx := make(map[protoreflect.FieldNumber]protoreflect.RawFields)
-	my := make(map[protoreflect.FieldNumber]protoreflect.RawFields)
-	for len(x) > 0 {
-		fnum, _, n := protowire.ConsumeField(x)
-		mx[fnum] = append(mx[fnum], x[:n]...)
-		x = x[n:]
-	}
-	for len(y) > 0 {
-		fnum, _, n := protowire.ConsumeField(y)
-		my[fnum] = append(my[fnum], y[:n]...)
-		y = y[n:]
-	}
-	return reflect.DeepEqual(mx, my)
+	vx := protoreflect.ValueOfMessage(mx)
+	vy := protoreflect.ValueOfMessage(my)
+	return vx.Equal(vy)
 }
diff --git a/vendor/google.golang.org/protobuf/proto/size.go b/vendor/google.golang.org/protobuf/proto/size.go
index 554b9c6c0..f1692b49b 100644
--- a/vendor/google.golang.org/protobuf/proto/size.go
+++ b/vendor/google.golang.org/protobuf/proto/size.go
@@ -73,23 +73,27 @@ func (o MarshalOptions) sizeField(fd protoreflect.FieldDescriptor, value protore
 }
 
 func (o MarshalOptions) sizeList(num protowire.Number, fd protoreflect.FieldDescriptor, list protoreflect.List) (size int) {
+	sizeTag := protowire.SizeTag(num)
+
 	if fd.IsPacked() && list.Len() > 0 {
 		content := 0
 		for i, llen := 0, list.Len(); i < llen; i++ {
 			content += o.sizeSingular(num, fd.Kind(), list.Get(i))
 		}
-		return protowire.SizeTag(num) + protowire.SizeBytes(content)
+		return sizeTag + protowire.SizeBytes(content)
 	}
 
 	for i, llen := 0, list.Len(); i < llen; i++ {
-		size += protowire.SizeTag(num) + o.sizeSingular(num, fd.Kind(), list.Get(i))
+		size += sizeTag + o.sizeSingular(num, fd.Kind(), list.Get(i))
 	}
 	return size
 }
 
 func (o MarshalOptions) sizeMap(num protowire.Number, fd protoreflect.FieldDescriptor, mapv protoreflect.Map) (size int) {
+	sizeTag := protowire.SizeTag(num)
+
 	mapv.Range(func(key protoreflect.MapKey, value protoreflect.Value) bool {
-		size += protowire.SizeTag(num)
+		size += sizeTag
 		size += protowire.SizeBytes(o.sizeField(fd.MapKey(), key.Value()) + o.sizeField(fd.MapValue(), value))
 		return true
 	})
diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go
index b03c1223c..717b106f3 100644
--- a/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go
+++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go
@@ -35,6 +35,8 @@ func (p *SourcePath) appendFileDescriptorProto(b []byte) []byte {
 		b = p.appendSingularField(b, "source_code_info", (*SourcePath).appendSourceCodeInfo)
 	case 12:
 		b = p.appendSingularField(b, "syntax", nil)
+	case 13:
+		b = p.appendSingularField(b, "edition", nil)
 	}
 	return b
 }
@@ -236,6 +238,8 @@ func (p *SourcePath) appendMessageOptions(b []byte) []byte {
 		b = p.appendSingularField(b, "deprecated", nil)
 	case 7:
 		b = p.appendSingularField(b, "map_entry", nil)
+	case 11:
+		b = p.appendSingularField(b, "deprecated_legacy_json_field_conflicts", nil)
 	case 999:
 		b = p.appendRepeatedField(b, "uninterpreted_option", (*SourcePath).appendUninterpretedOption)
 	}
@@ -279,6 +283,8 @@ func (p *SourcePath) appendEnumOptions(b []byte) []byte {
 		b = p.appendSingularField(b, "allow_alias", nil)
 	case 3:
 		b = p.appendSingularField(b, "deprecated", nil)
+	case 6:
+		b = p.appendSingularField(b, "deprecated_legacy_json_field_conflicts", nil)
 	case 999:
 		b = p.appendRepeatedField(b, "uninterpreted_option", (*SourcePath).appendUninterpretedOption)
 	}
@@ -345,10 +351,20 @@ func (p *SourcePath) appendFieldOptions(b []byte) []byte {
 		b = p.appendSingularField(b, "jstype", nil)
 	case 5:
 		b = p.appendSingularField(b, "lazy", nil)
+	case 15:
+		b = p.appendSingularField(b, "unverified_lazy", nil)
 	case 3:
 		b = p.appendSingularField(b, "deprecated", nil)
 	case 10:
 		b = p.appendSingularField(b, "weak", nil)
+	case 16:
+		b = p.appendSingularField(b, "debug_redact", nil)
+	case 17:
+		b = p.appendSingularField(b, "retention", nil)
+	case 18:
+		b = p.appendSingularField(b, "target", nil)
+	case 19:
+		b = p.appendRepeatedField(b, "targets", nil)
 	case 999:
 		b = p.appendRepeatedField(b, "uninterpreted_option", (*SourcePath).appendUninterpretedOption)
 	}
@@ -404,6 +420,10 @@ func (p *SourcePath) appendExtensionRangeOptions(b []byte) []byte {
 	switch (*p)[0] {
 	case 999:
 		b = p.appendRepeatedField(b, "uninterpreted_option", (*SourcePath).appendUninterpretedOption)
+	case 2:
+		b = p.appendRepeatedField(b, "declaration", (*SourcePath).appendExtensionRangeOptions_Declaration)
+	case 3:
+		b = p.appendSingularField(b, "verification", nil)
 	}
 	return b
 }
@@ -459,3 +479,24 @@ func (p *SourcePath) appendUninterpretedOption_NamePart(b []byte) []byte {
 	}
 	return b
 }
+
+func (p *SourcePath) appendExtensionRangeOptions_Declaration(b []byte) []byte {
+	if len(*p) == 0 {
+		return b
+	}
+	switch (*p)[0] {
+	case 1:
+		b = p.appendSingularField(b, "number", nil)
+	case 2:
+		b = p.appendSingularField(b, "full_name", nil)
+	case 3:
+		b = p.appendSingularField(b, "type", nil)
+	case 4:
+		b = p.appendSingularField(b, "is_repeated", nil)
+	case 5:
+		b = p.appendSingularField(b, "reserved", nil)
+	case 6:
+		b = p.appendSingularField(b, "repeated", nil)
+	}
+	return b
+}
diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/value.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/value.go
index f31981077..37601b781 100644
--- a/vendor/google.golang.org/protobuf/reflect/protoreflect/value.go
+++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/value.go
@@ -148,7 +148,7 @@ type Message interface {
 	// be preserved in marshaling or other operations.
 	IsValid() bool
 
-	// ProtoMethods returns optional fast-path implementions of various operations.
+	// ProtoMethods returns optional fast-path implementations of various operations.
 	// This method may return nil.
 	//
 	// The returned methods type is identical to
diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_equal.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_equal.go
new file mode 100644
index 000000000..591652541
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_equal.go
@@ -0,0 +1,168 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package protoreflect
+
+import (
+	"bytes"
+	"fmt"
+	"math"
+	"reflect"
+
+	"google.golang.org/protobuf/encoding/protowire"
+)
+
+// Equal reports whether v1 and v2 are recursively equal.
+//
+//   - Values of different types are always unequal.
+//
+//   - Bytes values are equal if they contain identical bytes.
+//     Empty bytes (regardless of nil-ness) are considered equal.
+//
+//   - Floating point values are equal if they contain the same value.
+//     Unlike the == operator, a NaN is equal to another NaN.
+//
+//   - Enums are equal if they contain the same number.
+//     Since Value does not contain an enum descriptor,
+//     enum values do not consider the type of the enum.
+//
+//   - Other scalar values are equal if they contain the same value.
+//
+//   - Message values are equal if they belong to the same message descriptor,
+//     have the same set of populated known and extension field values,
+//     and the same set of unknown fields values.
+//
+//   - Lists are equal if they are the same length and
+//     each corresponding element is equal.
+//
+//   - Maps are equal if they have the same set of keys and
+//     the corresponding value for each key is equal.
+func (v1 Value) Equal(v2 Value) bool {
+	return equalValue(v1, v2)
+}
+
+func equalValue(x, y Value) bool {
+	eqType := x.typ == y.typ
+	switch x.typ {
+	case nilType:
+		return eqType
+	case boolType:
+		return eqType && x.Bool() == y.Bool()
+	case int32Type, int64Type:
+		return eqType && x.Int() == y.Int()
+	case uint32Type, uint64Type:
+		return eqType && x.Uint() == y.Uint()
+	case float32Type, float64Type:
+		return eqType && equalFloat(x.Float(), y.Float())
+	case stringType:
+		return eqType && x.String() == y.String()
+	case bytesType:
+		return eqType && bytes.Equal(x.Bytes(), y.Bytes())
+	case enumType:
+		return eqType && x.Enum() == y.Enum()
+	default:
+		switch x := x.Interface().(type) {
+		case Message:
+			y, ok := y.Interface().(Message)
+			return ok && equalMessage(x, y)
+		case List:
+			y, ok := y.Interface().(List)
+			return ok && equalList(x, y)
+		case Map:
+			y, ok := y.Interface().(Map)
+			return ok && equalMap(x, y)
+		default:
+			panic(fmt.Sprintf("unknown type: %T", x))
+		}
+	}
+}
+
+// equalFloat compares two floats, where NaNs are treated as equal.
+func equalFloat(x, y float64) bool {
+	if math.IsNaN(x) || math.IsNaN(y) {
+		return math.IsNaN(x) && math.IsNaN(y)
+	}
+	return x == y
+}
+
+// equalMessage compares two messages.
+func equalMessage(mx, my Message) bool {
+	if mx.Descriptor() != my.Descriptor() {
+		return false
+	}
+
+	nx := 0
+	equal := true
+	mx.Range(func(fd FieldDescriptor, vx Value) bool {
+		nx++
+		vy := my.Get(fd)
+		equal = my.Has(fd) && equalValue(vx, vy)
+		return equal
+	})
+	if !equal {
+		return false
+	}
+	ny := 0
+	my.Range(func(fd FieldDescriptor, vx Value) bool {
+		ny++
+		return true
+	})
+	if nx != ny {
+		return false
+	}
+
+	return equalUnknown(mx.GetUnknown(), my.GetUnknown())
+}
+
+// equalList compares two lists.
+func equalList(x, y List) bool {
+	if x.Len() != y.Len() {
+		return false
+	}
+	for i := x.Len() - 1; i >= 0; i-- {
+		if !equalValue(x.Get(i), y.Get(i)) {
+			return false
+		}
+	}
+	return true
+}
+
+// equalMap compares two maps.
+func equalMap(x, y Map) bool {
+	if x.Len() != y.Len() {
+		return false
+	}
+	equal := true
+	x.Range(func(k MapKey, vx Value) bool {
+		vy := y.Get(k)
+		equal = y.Has(k) && equalValue(vx, vy)
+		return equal
+	})
+	return equal
+}
+
+// equalUnknown compares unknown fields by direct comparison on the raw bytes
+// of each individual field number.
+func equalUnknown(x, y RawFields) bool {
+	if len(x) != len(y) {
+		return false
+	}
+	if bytes.Equal([]byte(x), []byte(y)) {
+		return true
+	}
+
+	mx := make(map[FieldNumber]RawFields)
+	my := make(map[FieldNumber]RawFields)
+	for len(x) > 0 {
+		fnum, _, n := protowire.ConsumeField(x)
+		mx[fnum] = append(mx[fnum], x[:n]...)
+		x = x[n:]
+	}
+	for len(y) > 0 {
+		fnum, _, n := protowire.ConsumeField(y)
+		my[fnum] = append(my[fnum], y[:n]...)
+		y = y[n:]
+	}
+	return reflect.DeepEqual(mx, my)
+}
diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_union.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_union.go
index ca8e28c5b..08e5ef73f 100644
--- a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_union.go
+++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_union.go
@@ -54,11 +54,11 @@ import (
 //	// Append a 0 to a "repeated int32" field.
 //	// Since the Value returned by Mutable is guaranteed to alias
 //	// the source message, modifying the Value modifies the message.
-//	message.Mutable(fieldDesc).(List).Append(protoreflect.ValueOfInt32(0))
+//	message.Mutable(fieldDesc).List().Append(protoreflect.ValueOfInt32(0))
 //
 //	// Assign [0] to a "repeated int32" field by creating a new Value,
 //	// modifying it, and assigning it.
-//	list := message.NewField(fieldDesc).(List)
+//	list := message.NewField(fieldDesc).List()
 //	list.Append(protoreflect.ValueOfInt32(0))
 //	message.Set(fieldDesc, list)
 //	// ERROR: Since it is not defined whether Set aliases the source,
diff --git a/vendor/google.golang.org/protobuf/reflect/protoregistry/registry.go b/vendor/google.golang.org/protobuf/reflect/protoregistry/registry.go
index 58352a697..aeb559774 100644
--- a/vendor/google.golang.org/protobuf/reflect/protoregistry/registry.go
+++ b/vendor/google.golang.org/protobuf/reflect/protoregistry/registry.go
@@ -46,7 +46,7 @@ var conflictPolicy = "panic" // "panic" | "warn" | "ignore"
 // It is a variable so that the behavior is easily overridden in another file.
 var ignoreConflict = func(d protoreflect.Descriptor, err error) bool {
 	const env = "GOLANG_PROTOBUF_REGISTRATION_CONFLICT"
-	const faq = "https://developers.google.com/protocol-buffers/docs/reference/go/faq#namespace-conflict"
+	const faq = "https://protobuf.dev/reference/go/faq#namespace-conflict"
 	policy := conflictPolicy
 	if v := os.Getenv(env); v != "" {
 		policy = v
diff --git a/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go b/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go
index abe4ab511..04c00f737 100644
--- a/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go
+++ b/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go
@@ -48,6 +48,64 @@ import (
 	sync "sync"
 )
 
+// The verification state of the extension range.
+type ExtensionRangeOptions_VerificationState int32
+
+const (
+	// All the extensions of the range must be declared.
+	ExtensionRangeOptions_DECLARATION ExtensionRangeOptions_VerificationState = 0
+	ExtensionRangeOptions_UNVERIFIED  ExtensionRangeOptions_VerificationState = 1
+)
+
+// Enum value maps for ExtensionRangeOptions_VerificationState.
+var (
+	ExtensionRangeOptions_VerificationState_name = map[int32]string{
+		0: "DECLARATION",
+		1: "UNVERIFIED",
+	}
+	ExtensionRangeOptions_VerificationState_value = map[string]int32{
+		"DECLARATION": 0,
+		"UNVERIFIED":  1,
+	}
+)
+
+func (x ExtensionRangeOptions_VerificationState) Enum() *ExtensionRangeOptions_VerificationState {
+	p := new(ExtensionRangeOptions_VerificationState)
+	*p = x
+	return p
+}
+
+func (x ExtensionRangeOptions_VerificationState) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (ExtensionRangeOptions_VerificationState) Descriptor() protoreflect.EnumDescriptor {
+	return file_google_protobuf_descriptor_proto_enumTypes[0].Descriptor()
+}
+
+func (ExtensionRangeOptions_VerificationState) Type() protoreflect.EnumType {
+	return &file_google_protobuf_descriptor_proto_enumTypes[0]
+}
+
+func (x ExtensionRangeOptions_VerificationState) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Do not use.
+func (x *ExtensionRangeOptions_VerificationState) UnmarshalJSON(b []byte) error {
+	num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b)
+	if err != nil {
+		return err
+	}
+	*x = ExtensionRangeOptions_VerificationState(num)
+	return nil
+}
+
+// Deprecated: Use ExtensionRangeOptions_VerificationState.Descriptor instead.
+func (ExtensionRangeOptions_VerificationState) EnumDescriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{3, 0}
+}
+
 type FieldDescriptorProto_Type int32
 
 const (
@@ -137,11 +195,11 @@ func (x FieldDescriptorProto_Type) String() string {
 }
 
 func (FieldDescriptorProto_Type) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[0].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[1].Descriptor()
 }
 
 func (FieldDescriptorProto_Type) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[0]
+	return &file_google_protobuf_descriptor_proto_enumTypes[1]
 }
 
 func (x FieldDescriptorProto_Type) Number() protoreflect.EnumNumber {
@@ -197,11 +255,11 @@ func (x FieldDescriptorProto_Label) String() string {
 }
 
 func (FieldDescriptorProto_Label) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[1].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[2].Descriptor()
 }
 
 func (FieldDescriptorProto_Label) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[1]
+	return &file_google_protobuf_descriptor_proto_enumTypes[2]
 }
 
 func (x FieldDescriptorProto_Label) Number() protoreflect.EnumNumber {
@@ -258,11 +316,11 @@ func (x FileOptions_OptimizeMode) String() string {
 }
 
 func (FileOptions_OptimizeMode) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[2].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[3].Descriptor()
 }
 
 func (FileOptions_OptimizeMode) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[2]
+	return &file_google_protobuf_descriptor_proto_enumTypes[3]
 }
 
 func (x FileOptions_OptimizeMode) Number() protoreflect.EnumNumber {
@@ -288,7 +346,13 @@ type FieldOptions_CType int32
 
 const (
 	// Default mode.
-	FieldOptions_STRING       FieldOptions_CType = 0
+	FieldOptions_STRING FieldOptions_CType = 0
+	// The option [ctype=CORD] may be applied to a non-repeated field of type
+	// "bytes". It indicates that in C++, the data should be stored in a Cord
+	// instead of a string.  For very large strings, this may reduce memory
+	// fragmentation. It may also allow better performance when parsing from a
+	// Cord, or when parsing with aliasing enabled, as the parsed Cord may then
+	// alias the original buffer.
 	FieldOptions_CORD         FieldOptions_CType = 1
 	FieldOptions_STRING_PIECE FieldOptions_CType = 2
 )
@@ -318,11 +382,11 @@ func (x FieldOptions_CType) String() string {
 }
 
 func (FieldOptions_CType) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[3].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[4].Descriptor()
 }
 
 func (FieldOptions_CType) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[3]
+	return &file_google_protobuf_descriptor_proto_enumTypes[4]
 }
 
 func (x FieldOptions_CType) Number() protoreflect.EnumNumber {
@@ -380,11 +444,11 @@ func (x FieldOptions_JSType) String() string {
 }
 
 func (FieldOptions_JSType) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[4].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[5].Descriptor()
 }
 
 func (FieldOptions_JSType) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[4]
+	return &file_google_protobuf_descriptor_proto_enumTypes[5]
 }
 
 func (x FieldOptions_JSType) Number() protoreflect.EnumNumber {
@@ -406,6 +470,152 @@ func (FieldOptions_JSType) EnumDescriptor() ([]byte, []int) {
 	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{12, 1}
 }
 
+// If set to RETENTION_SOURCE, the option will be omitted from the binary.
+// Note: as of January 2023, support for this is in progress and does not yet
+// have an effect (b/264593489).
+type FieldOptions_OptionRetention int32
+
+const (
+	FieldOptions_RETENTION_UNKNOWN FieldOptions_OptionRetention = 0
+	FieldOptions_RETENTION_RUNTIME FieldOptions_OptionRetention = 1
+	FieldOptions_RETENTION_SOURCE  FieldOptions_OptionRetention = 2
+)
+
+// Enum value maps for FieldOptions_OptionRetention.
+var (
+	FieldOptions_OptionRetention_name = map[int32]string{
+		0: "RETENTION_UNKNOWN",
+		1: "RETENTION_RUNTIME",
+		2: "RETENTION_SOURCE",
+	}
+	FieldOptions_OptionRetention_value = map[string]int32{
+		"RETENTION_UNKNOWN": 0,
+		"RETENTION_RUNTIME": 1,
+		"RETENTION_SOURCE":  2,
+	}
+)
+
+func (x FieldOptions_OptionRetention) Enum() *FieldOptions_OptionRetention {
+	p := new(FieldOptions_OptionRetention)
+	*p = x
+	return p
+}
+
+func (x FieldOptions_OptionRetention) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (FieldOptions_OptionRetention) Descriptor() protoreflect.EnumDescriptor {
+	return file_google_protobuf_descriptor_proto_enumTypes[6].Descriptor()
+}
+
+func (FieldOptions_OptionRetention) Type() protoreflect.EnumType {
+	return &file_google_protobuf_descriptor_proto_enumTypes[6]
+}
+
+func (x FieldOptions_OptionRetention) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Do not use.
+func (x *FieldOptions_OptionRetention) UnmarshalJSON(b []byte) error {
+	num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b)
+	if err != nil {
+		return err
+	}
+	*x = FieldOptions_OptionRetention(num)
+	return nil
+}
+
+// Deprecated: Use FieldOptions_OptionRetention.Descriptor instead.
+func (FieldOptions_OptionRetention) EnumDescriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{12, 2}
+}
+
+// This indicates the types of entities that the field may apply to when used
+// as an option. If it is unset, then the field may be freely used as an
+// option on any kind of entity. Note: as of January 2023, support for this is
+// in progress and does not yet have an effect (b/264593489).
+type FieldOptions_OptionTargetType int32
+
+const (
+	FieldOptions_TARGET_TYPE_UNKNOWN         FieldOptions_OptionTargetType = 0
+	FieldOptions_TARGET_TYPE_FILE            FieldOptions_OptionTargetType = 1
+	FieldOptions_TARGET_TYPE_EXTENSION_RANGE FieldOptions_OptionTargetType = 2
+	FieldOptions_TARGET_TYPE_MESSAGE         FieldOptions_OptionTargetType = 3
+	FieldOptions_TARGET_TYPE_FIELD           FieldOptions_OptionTargetType = 4
+	FieldOptions_TARGET_TYPE_ONEOF           FieldOptions_OptionTargetType = 5
+	FieldOptions_TARGET_TYPE_ENUM            FieldOptions_OptionTargetType = 6
+	FieldOptions_TARGET_TYPE_ENUM_ENTRY      FieldOptions_OptionTargetType = 7
+	FieldOptions_TARGET_TYPE_SERVICE         FieldOptions_OptionTargetType = 8
+	FieldOptions_TARGET_TYPE_METHOD          FieldOptions_OptionTargetType = 9
+)
+
+// Enum value maps for FieldOptions_OptionTargetType.
+var (
+	FieldOptions_OptionTargetType_name = map[int32]string{
+		0: "TARGET_TYPE_UNKNOWN",
+		1: "TARGET_TYPE_FILE",
+		2: "TARGET_TYPE_EXTENSION_RANGE",
+		3: "TARGET_TYPE_MESSAGE",
+		4: "TARGET_TYPE_FIELD",
+		5: "TARGET_TYPE_ONEOF",
+		6: "TARGET_TYPE_ENUM",
+		7: "TARGET_TYPE_ENUM_ENTRY",
+		8: "TARGET_TYPE_SERVICE",
+		9: "TARGET_TYPE_METHOD",
+	}
+	FieldOptions_OptionTargetType_value = map[string]int32{
+		"TARGET_TYPE_UNKNOWN":         0,
+		"TARGET_TYPE_FILE":            1,
+		"TARGET_TYPE_EXTENSION_RANGE": 2,
+		"TARGET_TYPE_MESSAGE":         3,
+		"TARGET_TYPE_FIELD":           4,
+		"TARGET_TYPE_ONEOF":           5,
+		"TARGET_TYPE_ENUM":            6,
+		"TARGET_TYPE_ENUM_ENTRY":      7,
+		"TARGET_TYPE_SERVICE":         8,
+		"TARGET_TYPE_METHOD":          9,
+	}
+)
+
+func (x FieldOptions_OptionTargetType) Enum() *FieldOptions_OptionTargetType {
+	p := new(FieldOptions_OptionTargetType)
+	*p = x
+	return p
+}
+
+func (x FieldOptions_OptionTargetType) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (FieldOptions_OptionTargetType) Descriptor() protoreflect.EnumDescriptor {
+	return file_google_protobuf_descriptor_proto_enumTypes[7].Descriptor()
+}
+
+func (FieldOptions_OptionTargetType) Type() protoreflect.EnumType {
+	return &file_google_protobuf_descriptor_proto_enumTypes[7]
+}
+
+func (x FieldOptions_OptionTargetType) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Do not use.
+func (x *FieldOptions_OptionTargetType) UnmarshalJSON(b []byte) error {
+	num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b)
+	if err != nil {
+		return err
+	}
+	*x = FieldOptions_OptionTargetType(num)
+	return nil
+}
+
+// Deprecated: Use FieldOptions_OptionTargetType.Descriptor instead.
+func (FieldOptions_OptionTargetType) EnumDescriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{12, 3}
+}
+
 // Is this method side-effect-free (or safe in HTTP parlance), or idempotent,
 // or neither? HTTP based RPC implementation may choose GET verb for safe
 // methods, and PUT verb for idempotent methods instead of the default POST.
@@ -442,11 +652,11 @@ func (x MethodOptions_IdempotencyLevel) String() string {
 }
 
 func (MethodOptions_IdempotencyLevel) Descriptor() protoreflect.EnumDescriptor {
-	return file_google_protobuf_descriptor_proto_enumTypes[5].Descriptor()
+	return file_google_protobuf_descriptor_proto_enumTypes[8].Descriptor()
 }
 
 func (MethodOptions_IdempotencyLevel) Type() protoreflect.EnumType {
-	return &file_google_protobuf_descriptor_proto_enumTypes[5]
+	return &file_google_protobuf_descriptor_proto_enumTypes[8]
 }
 
 func (x MethodOptions_IdempotencyLevel) Number() protoreflect.EnumNumber {
@@ -468,6 +678,70 @@ func (MethodOptions_IdempotencyLevel) EnumDescriptor() ([]byte, []int) {
 	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{17, 0}
 }
 
+// Represents the identified object's effect on the element in the original
+// .proto file.
+type GeneratedCodeInfo_Annotation_Semantic int32
+
+const (
+	// There is no effect or the effect is indescribable.
+	GeneratedCodeInfo_Annotation_NONE GeneratedCodeInfo_Annotation_Semantic = 0
+	// The element is set or otherwise mutated.
+	GeneratedCodeInfo_Annotation_SET GeneratedCodeInfo_Annotation_Semantic = 1
+	// An alias to the element is returned.
+	GeneratedCodeInfo_Annotation_ALIAS GeneratedCodeInfo_Annotation_Semantic = 2
+)
+
+// Enum value maps for GeneratedCodeInfo_Annotation_Semantic.
+var (
+	GeneratedCodeInfo_Annotation_Semantic_name = map[int32]string{
+		0: "NONE",
+		1: "SET",
+		2: "ALIAS",
+	}
+	GeneratedCodeInfo_Annotation_Semantic_value = map[string]int32{
+		"NONE":  0,
+		"SET":   1,
+		"ALIAS": 2,
+	}
+)
+
+func (x GeneratedCodeInfo_Annotation_Semantic) Enum() *GeneratedCodeInfo_Annotation_Semantic {
+	p := new(GeneratedCodeInfo_Annotation_Semantic)
+	*p = x
+	return p
+}
+
+func (x GeneratedCodeInfo_Annotation_Semantic) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (GeneratedCodeInfo_Annotation_Semantic) Descriptor() protoreflect.EnumDescriptor {
+	return file_google_protobuf_descriptor_proto_enumTypes[9].Descriptor()
+}
+
+func (GeneratedCodeInfo_Annotation_Semantic) Type() protoreflect.EnumType {
+	return &file_google_protobuf_descriptor_proto_enumTypes[9]
+}
+
+func (x GeneratedCodeInfo_Annotation_Semantic) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Do not use.
+func (x *GeneratedCodeInfo_Annotation_Semantic) UnmarshalJSON(b []byte) error {
+	num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b)
+	if err != nil {
+		return err
+	}
+	*x = GeneratedCodeInfo_Annotation_Semantic(num)
+	return nil
+}
+
+// Deprecated: Use GeneratedCodeInfo_Annotation_Semantic.Descriptor instead.
+func (GeneratedCodeInfo_Annotation_Semantic) EnumDescriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{20, 0, 0}
+}
+
 // The protocol compiler can output a FileDescriptorSet containing the .proto
 // files it parses.
 type FileDescriptorSet struct {
@@ -544,8 +818,12 @@ type FileDescriptorProto struct {
 	// development tools.
 	SourceCodeInfo *SourceCodeInfo `protobuf:"bytes,9,opt,name=source_code_info,json=sourceCodeInfo" json:"source_code_info,omitempty"`
 	// The syntax of the proto file.
-	// The supported values are "proto2" and "proto3".
+	// The supported values are "proto2", "proto3", and "editions".
+	//
+	// If `edition` is present, this value must be "editions".
 	Syntax *string `protobuf:"bytes,12,opt,name=syntax" json:"syntax,omitempty"`
+	// The edition of the proto file, which is an opaque string.
+	Edition *string `protobuf:"bytes,13,opt,name=edition" json:"edition,omitempty"`
 }
 
 func (x *FileDescriptorProto) Reset() {
@@ -664,6 +942,13 @@ func (x *FileDescriptorProto) GetSyntax() string {
 	return ""
 }
 
+func (x *FileDescriptorProto) GetEdition() string {
+	if x != nil && x.Edition != nil {
+		return *x.Edition
+	}
+	return ""
+}
+
 // Describes a message type.
 type DescriptorProto struct {
 	state         protoimpl.MessageState
@@ -794,7 +1079,21 @@ type ExtensionRangeOptions struct {
 
 	// The parser stores options it doesn't recognize here. See above.
 	UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
-}
+	// go/protobuf-stripping-extension-declarations
+	// Like Metadata, but we use a repeated field to hold all extension
+	// declarations. This should avoid the size increases of transforming a large
+	// extension range into small ranges in generated binaries.
+	Declaration []*ExtensionRangeOptions_Declaration `protobuf:"bytes,2,rep,name=declaration" json:"declaration,omitempty"`
+	// The verification state of the range.
+	// TODO(b/278783756): flip the default to DECLARATION once all empty ranges
+	// are marked as UNVERIFIED.
+	Verification *ExtensionRangeOptions_VerificationState `protobuf:"varint,3,opt,name=verification,enum=google.protobuf.ExtensionRangeOptions_VerificationState,def=1" json:"verification,omitempty"`
+}
+
+// Default values for ExtensionRangeOptions fields.
+const (
+	Default_ExtensionRangeOptions_Verification = ExtensionRangeOptions_UNVERIFIED
+)
 
 func (x *ExtensionRangeOptions) Reset() {
 	*x = ExtensionRangeOptions{}
@@ -835,6 +1134,20 @@ func (x *ExtensionRangeOptions) GetUninterpretedOption() []*UninterpretedOption
 	return nil
 }
 
+func (x *ExtensionRangeOptions) GetDeclaration() []*ExtensionRangeOptions_Declaration {
+	if x != nil {
+		return x.Declaration
+	}
+	return nil
+}
+
+func (x *ExtensionRangeOptions) GetVerification() ExtensionRangeOptions_VerificationState {
+	if x != nil && x.Verification != nil {
+		return *x.Verification
+	}
+	return Default_ExtensionRangeOptions_Verification
+}
+
 // Describes a field within a message.
 type FieldDescriptorProto struct {
 	state         protoimpl.MessageState
@@ -860,7 +1173,6 @@ type FieldDescriptorProto struct {
 	// For booleans, "true" or "false".
 	// For strings, contains the default text contents (not escaped in any way).
 	// For bytes, contains the C escaped value.  All bytes >= 128 are escaped.
-	// TODO(kenton):  Base-64 encode?
 	DefaultValue *string `protobuf:"bytes,7,opt,name=default_value,json=defaultValue" json:"default_value,omitempty"`
 	// If set, gives the index of a oneof in the containing type's oneof_decl
 	// list.  This field is a member of that oneof.
@@ -1382,22 +1694,22 @@ type FileOptions struct {
 	// inappropriate because proto packages do not normally start with backwards
 	// domain names.
 	JavaPackage *string `protobuf:"bytes,1,opt,name=java_package,json=javaPackage" json:"java_package,omitempty"`
-	// If set, all the classes from the .proto file are wrapped in a single
-	// outer class with the given name.  This applies to both Proto1
-	// (equivalent to the old "--one_java_file" option) and Proto2 (where
-	// a .proto always translates to a single class, but you may want to
-	// explicitly choose the class name).
+	// Controls the name of the wrapper Java class generated for the .proto file.
+	// That class will always contain the .proto file's getDescriptor() method as
+	// well as any top-level extensions defined in the .proto file.
+	// If java_multiple_files is disabled, then all the other classes from the
+	// .proto file will be nested inside the single wrapper outer class.
 	JavaOuterClassname *string `protobuf:"bytes,8,opt,name=java_outer_classname,json=javaOuterClassname" json:"java_outer_classname,omitempty"`
-	// If set true, then the Java code generator will generate a separate .java
+	// If enabled, then the Java code generator will generate a separate .java
 	// file for each top-level message, enum, and service defined in the .proto
-	// file.  Thus, these types will *not* be nested inside the outer class
-	// named by java_outer_classname.  However, the outer class will still be
+	// file.  Thus, these types will *not* be nested inside the wrapper class
+	// named by java_outer_classname.  However, the wrapper class will still be
 	// generated to contain the file's getDescriptor() method as well as any
 	// top-level extensions defined in the file.
 	JavaMultipleFiles *bool `protobuf:"varint,10,opt,name=java_multiple_files,json=javaMultipleFiles,def=0" json:"java_multiple_files,omitempty"`
 	// This option does nothing.
 	//
-	// Deprecated: Do not use.
+	// Deprecated: Marked as deprecated in google/protobuf/descriptor.proto.
 	JavaGenerateEqualsAndHash *bool `protobuf:"varint,20,opt,name=java_generate_equals_and_hash,json=javaGenerateEqualsAndHash" json:"java_generate_equals_and_hash,omitempty"`
 	// If set true, then the Java2 code generator will generate code that
 	// throws an exception whenever an attempt is made to assign a non-UTF-8
@@ -1531,7 +1843,7 @@ func (x *FileOptions) GetJavaMultipleFiles() bool {
 	return Default_FileOptions_JavaMultipleFiles
 }
 
-// Deprecated: Do not use.
+// Deprecated: Marked as deprecated in google/protobuf/descriptor.proto.
 func (x *FileOptions) GetJavaGenerateEqualsAndHash() bool {
 	if x != nil && x.JavaGenerateEqualsAndHash != nil {
 		return *x.JavaGenerateEqualsAndHash
@@ -1670,10 +1982,12 @@ type MessageOptions struct {
 	// efficient, has fewer features, and is more complicated.
 	//
 	// The message must be defined exactly as follows:
-	//   message Foo {
-	//     option message_set_wire_format = true;
-	//     extensions 4 to max;
-	//   }
+	//
+	//	message Foo {
+	//	  option message_set_wire_format = true;
+	//	  extensions 4 to max;
+	//	}
+	//
 	// Note that the message cannot have any defined fields; MessageSets only
 	// have extensions.
 	//
@@ -1692,28 +2006,44 @@ type MessageOptions struct {
 	// for the message, or it will be completely ignored; in the very least,
 	// this is a formalization for deprecating messages.
 	Deprecated *bool `protobuf:"varint,3,opt,name=deprecated,def=0" json:"deprecated,omitempty"`
+	// NOTE: Do not set the option in .proto files. Always use the maps syntax
+	// instead. The option should only be implicitly set by the proto compiler
+	// parser.
+	//
 	// Whether the message is an automatically generated map entry type for the
 	// maps field.
 	//
 	// For maps fields:
-	//     map<KeyType, ValueType> map_field = 1;
+	//
+	//	map<KeyType, ValueType> map_field = 1;
+	//
 	// The parsed descriptor looks like:
-	//     message MapFieldEntry {
-	//         option map_entry = true;
-	//         optional KeyType key = 1;
-	//         optional ValueType value = 2;
-	//     }
-	//     repeated MapFieldEntry map_field = 1;
+	//
+	//	message MapFieldEntry {
+	//	    option map_entry = true;
+	//	    optional KeyType key = 1;
+	//	    optional ValueType value = 2;
+	//	}
+	//	repeated MapFieldEntry map_field = 1;
 	//
 	// Implementations may choose not to generate the map_entry=true message, but
 	// use a native map in the target language to hold the keys and values.
 	// The reflection APIs in such implementations still need to work as
 	// if the field is a repeated message field.
-	//
-	// NOTE: Do not set the option in .proto files. Always use the maps syntax
-	// instead. The option should only be implicitly set by the proto compiler
-	// parser.
 	MapEntry *bool `protobuf:"varint,7,opt,name=map_entry,json=mapEntry" json:"map_entry,omitempty"`
+	// Enable the legacy handling of JSON field name conflicts.  This lowercases
+	// and strips underscored from the fields before comparison in proto3 only.
+	// The new behavior takes `json_name` into account and applies to proto2 as
+	// well.
+	//
+	// This should only be used as a temporary measure against broken builds due
+	// to the change in behavior for JSON field name conflicts.
+	//
+	// TODO(b/261750190) This is legacy behavior we plan to remove once downstream
+	// teams have had time to migrate.
+	//
+	// Deprecated: Marked as deprecated in google/protobuf/descriptor.proto.
+	DeprecatedLegacyJsonFieldConflicts *bool `protobuf:"varint,11,opt,name=deprecated_legacy_json_field_conflicts,json=deprecatedLegacyJsonFieldConflicts" json:"deprecated_legacy_json_field_conflicts,omitempty"`
 	// The parser stores options it doesn't recognize here. See above.
 	UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
 }
@@ -1785,6 +2115,14 @@ func (x *MessageOptions) GetMapEntry() bool {
 	return false
 }
 
+// Deprecated: Marked as deprecated in google/protobuf/descriptor.proto.
+func (x *MessageOptions) GetDeprecatedLegacyJsonFieldConflicts() bool {
+	if x != nil && x.DeprecatedLegacyJsonFieldConflicts != nil {
+		return *x.DeprecatedLegacyJsonFieldConflicts
+	}
+	return false
+}
+
 func (x *MessageOptions) GetUninterpretedOption() []*UninterpretedOption {
 	if x != nil {
 		return x.UninterpretedOption
@@ -1800,8 +2138,10 @@ type FieldOptions struct {
 
 	// The ctype option instructs the C++ code generator to use a different
 	// representation of the field than it normally would.  See the specific
-	// options below.  This option is not yet implemented in the open source
-	// release -- sorry, we'll try to include it in a future version!
+	// options below.  This option is only implemented to support use of
+	// [ctype=CORD] and [ctype=STRING] (the default) on non-repeated fields of
+	// type "bytes" in the open source release -- sorry, we'll try to include
+	// other types in a future version!
 	Ctype *FieldOptions_CType `protobuf:"varint,1,opt,name=ctype,enum=google.protobuf.FieldOptions_CType,def=0" json:"ctype,omitempty"`
 	// The packed option can be enabled for repeated primitive fields to enable
 	// a more efficient representation on the wire. Rather than repeatedly
@@ -1838,7 +2178,6 @@ type FieldOptions struct {
 	// call from multiple threads concurrently, while non-const methods continue
 	// to require exclusive access.
 	//
-	//
 	// Note that implementations may choose not to check required fields within
 	// a lazy sub-message.  That is, calling IsInitialized() on the outer message
 	// may return true even if the inner message has missing required fields.
@@ -1849,7 +2188,14 @@ type FieldOptions struct {
 	// implementation must either *always* check its required fields, or *never*
 	// check its required fields, regardless of whether or not the message has
 	// been parsed.
+	//
+	// As of May 2022, lazy verifies the contents of the byte stream during
+	// parsing.  An invalid byte stream will cause the overall parsing to fail.
 	Lazy *bool `protobuf:"varint,5,opt,name=lazy,def=0" json:"lazy,omitempty"`
+	// unverified_lazy does no correctness checks on the byte stream. This should
+	// only be used where lazy with verification is prohibitive for performance
+	// reasons.
+	UnverifiedLazy *bool `protobuf:"varint,15,opt,name=unverified_lazy,json=unverifiedLazy,def=0" json:"unverified_lazy,omitempty"`
 	// Is this field deprecated?
 	// Depending on the target platform, this can emit Deprecated annotations
 	// for accessors, or it will be completely ignored; in the very least, this
@@ -1857,17 +2203,26 @@ type FieldOptions struct {
 	Deprecated *bool `protobuf:"varint,3,opt,name=deprecated,def=0" json:"deprecated,omitempty"`
 	// For Google-internal migration only. Do not use.
 	Weak *bool `protobuf:"varint,10,opt,name=weak,def=0" json:"weak,omitempty"`
+	// Indicate that the field value should not be printed out when using debug
+	// formats, e.g. when the field contains sensitive credentials.
+	DebugRedact *bool                         `protobuf:"varint,16,opt,name=debug_redact,json=debugRedact,def=0" json:"debug_redact,omitempty"`
+	Retention   *FieldOptions_OptionRetention `protobuf:"varint,17,opt,name=retention,enum=google.protobuf.FieldOptions_OptionRetention" json:"retention,omitempty"`
+	// Deprecated: Marked as deprecated in google/protobuf/descriptor.proto.
+	Target  *FieldOptions_OptionTargetType  `protobuf:"varint,18,opt,name=target,enum=google.protobuf.FieldOptions_OptionTargetType" json:"target,omitempty"`
+	Targets []FieldOptions_OptionTargetType `protobuf:"varint,19,rep,name=targets,enum=google.protobuf.FieldOptions_OptionTargetType" json:"targets,omitempty"`
 	// The parser stores options it doesn't recognize here. See above.
 	UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
 }
 
 // Default values for FieldOptions fields.
 const (
-	Default_FieldOptions_Ctype      = FieldOptions_STRING
-	Default_FieldOptions_Jstype     = FieldOptions_JS_NORMAL
-	Default_FieldOptions_Lazy       = bool(false)
-	Default_FieldOptions_Deprecated = bool(false)
-	Default_FieldOptions_Weak       = bool(false)
+	Default_FieldOptions_Ctype          = FieldOptions_STRING
+	Default_FieldOptions_Jstype         = FieldOptions_JS_NORMAL
+	Default_FieldOptions_Lazy           = bool(false)
+	Default_FieldOptions_UnverifiedLazy = bool(false)
+	Default_FieldOptions_Deprecated     = bool(false)
+	Default_FieldOptions_Weak           = bool(false)
+	Default_FieldOptions_DebugRedact    = bool(false)
 )
 
 func (x *FieldOptions) Reset() {
@@ -1930,6 +2285,13 @@ func (x *FieldOptions) GetLazy() bool {
 	return Default_FieldOptions_Lazy
 }
 
+func (x *FieldOptions) GetUnverifiedLazy() bool {
+	if x != nil && x.UnverifiedLazy != nil {
+		return *x.UnverifiedLazy
+	}
+	return Default_FieldOptions_UnverifiedLazy
+}
+
 func (x *FieldOptions) GetDeprecated() bool {
 	if x != nil && x.Deprecated != nil {
 		return *x.Deprecated
@@ -1944,6 +2306,35 @@ func (x *FieldOptions) GetWeak() bool {
 	return Default_FieldOptions_Weak
 }
 
+func (x *FieldOptions) GetDebugRedact() bool {
+	if x != nil && x.DebugRedact != nil {
+		return *x.DebugRedact
+	}
+	return Default_FieldOptions_DebugRedact
+}
+
+func (x *FieldOptions) GetRetention() FieldOptions_OptionRetention {
+	if x != nil && x.Retention != nil {
+		return *x.Retention
+	}
+	return FieldOptions_RETENTION_UNKNOWN
+}
+
+// Deprecated: Marked as deprecated in google/protobuf/descriptor.proto.
+func (x *FieldOptions) GetTarget() FieldOptions_OptionTargetType {
+	if x != nil && x.Target != nil {
+		return *x.Target
+	}
+	return FieldOptions_TARGET_TYPE_UNKNOWN
+}
+
+func (x *FieldOptions) GetTargets() []FieldOptions_OptionTargetType {
+	if x != nil {
+		return x.Targets
+	}
+	return nil
+}
+
 func (x *FieldOptions) GetUninterpretedOption() []*UninterpretedOption {
 	if x != nil {
 		return x.UninterpretedOption
@@ -2014,6 +2405,15 @@ type EnumOptions struct {
 	// for the enum, or it will be completely ignored; in the very least, this
 	// is a formalization for deprecating enums.
 	Deprecated *bool `protobuf:"varint,3,opt,name=deprecated,def=0" json:"deprecated,omitempty"`
+	// Enable the legacy handling of JSON field name conflicts.  This lowercases
+	// and strips underscored from the fields before comparison in proto3 only.
+	// The new behavior takes `json_name` into account and applies to proto2 as
+	// well.
+	// TODO(b/261750190) Remove this legacy behavior once downstream teams have
+	// had time to migrate.
+	//
+	// Deprecated: Marked as deprecated in google/protobuf/descriptor.proto.
+	DeprecatedLegacyJsonFieldConflicts *bool `protobuf:"varint,6,opt,name=deprecated_legacy_json_field_conflicts,json=deprecatedLegacyJsonFieldConflicts" json:"deprecated_legacy_json_field_conflicts,omitempty"`
 	// The parser stores options it doesn't recognize here. See above.
 	UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
 }
@@ -2069,6 +2469,14 @@ func (x *EnumOptions) GetDeprecated() bool {
 	return Default_EnumOptions_Deprecated
 }
 
+// Deprecated: Marked as deprecated in google/protobuf/descriptor.proto.
+func (x *EnumOptions) GetDeprecatedLegacyJsonFieldConflicts() bool {
+	if x != nil && x.DeprecatedLegacyJsonFieldConflicts != nil {
+		return *x.DeprecatedLegacyJsonFieldConflicts
+	}
+	return false
+}
+
 func (x *EnumOptions) GetUninterpretedOption() []*UninterpretedOption {
 	if x != nil {
 		return x.UninterpretedOption
@@ -2399,43 +2807,48 @@ type SourceCodeInfo struct {
 	// tools.
 	//
 	// For example, say we have a file like:
-	//   message Foo {
-	//     optional string foo = 1;
-	//   }
+	//
+	//	message Foo {
+	//	  optional string foo = 1;
+	//	}
+	//
 	// Let's look at just the field definition:
-	//   optional string foo = 1;
-	//   ^       ^^     ^^  ^  ^^^
-	//   a       bc     de  f  ghi
+	//
+	//	optional string foo = 1;
+	//	^       ^^     ^^  ^  ^^^
+	//	a       bc     de  f  ghi
+	//
 	// We have the following locations:
-	//   span   path               represents
-	//   [a,i)  [ 4, 0, 2, 0 ]     The whole field definition.
-	//   [a,b)  [ 4, 0, 2, 0, 4 ]  The label (optional).
-	//   [c,d)  [ 4, 0, 2, 0, 5 ]  The type (string).
-	//   [e,f)  [ 4, 0, 2, 0, 1 ]  The name (foo).
-	//   [g,h)  [ 4, 0, 2, 0, 3 ]  The number (1).
+	//
+	//	span   path               represents
+	//	[a,i)  [ 4, 0, 2, 0 ]     The whole field definition.
+	//	[a,b)  [ 4, 0, 2, 0, 4 ]  The label (optional).
+	//	[c,d)  [ 4, 0, 2, 0, 5 ]  The type (string).
+	//	[e,f)  [ 4, 0, 2, 0, 1 ]  The name (foo).
+	//	[g,h)  [ 4, 0, 2, 0, 3 ]  The number (1).
 	//
 	// Notes:
-	// - A location may refer to a repeated field itself (i.e. not to any
-	//   particular index within it).  This is used whenever a set of elements are
-	//   logically enclosed in a single code segment.  For example, an entire
-	//   extend block (possibly containing multiple extension definitions) will
-	//   have an outer location whose path refers to the "extensions" repeated
-	//   field without an index.
-	// - Multiple locations may have the same path.  This happens when a single
-	//   logical declaration is spread out across multiple places.  The most
-	//   obvious example is the "extend" block again -- there may be multiple
-	//   extend blocks in the same scope, each of which will have the same path.
-	// - A location's span is not always a subset of its parent's span.  For
-	//   example, the "extendee" of an extension declaration appears at the
-	//   beginning of the "extend" block and is shared by all extensions within
-	//   the block.
-	// - Just because a location's span is a subset of some other location's span
-	//   does not mean that it is a descendant.  For example, a "group" defines
-	//   both a type and a field in a single declaration.  Thus, the locations
-	//   corresponding to the type and field and their components will overlap.
-	// - Code which tries to interpret locations should probably be designed to
-	//   ignore those that it doesn't understand, as more types of locations could
-	//   be recorded in the future.
+	//   - A location may refer to a repeated field itself (i.e. not to any
+	//     particular index within it).  This is used whenever a set of elements are
+	//     logically enclosed in a single code segment.  For example, an entire
+	//     extend block (possibly containing multiple extension definitions) will
+	//     have an outer location whose path refers to the "extensions" repeated
+	//     field without an index.
+	//   - Multiple locations may have the same path.  This happens when a single
+	//     logical declaration is spread out across multiple places.  The most
+	//     obvious example is the "extend" block again -- there may be multiple
+	//     extend blocks in the same scope, each of which will have the same path.
+	//   - A location's span is not always a subset of its parent's span.  For
+	//     example, the "extendee" of an extension declaration appears at the
+	//     beginning of the "extend" block and is shared by all extensions within
+	//     the block.
+	//   - Just because a location's span is a subset of some other location's span
+	//     does not mean that it is a descendant.  For example, a "group" defines
+	//     both a type and a field in a single declaration.  Thus, the locations
+	//     corresponding to the type and field and their components will overlap.
+	//   - Code which tries to interpret locations should probably be designed to
+	//     ignore those that it doesn't understand, as more types of locations could
+	//     be recorded in the future.
 	Location []*SourceCodeInfo_Location `protobuf:"bytes,1,rep,name=location" json:"location,omitempty"`
 }
 
@@ -2651,6 +3064,108 @@ func (x *DescriptorProto_ReservedRange) GetEnd() int32 {
 	return 0
 }
 
+type ExtensionRangeOptions_Declaration struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The extension number declared within the extension range.
+	Number *int32 `protobuf:"varint,1,opt,name=number" json:"number,omitempty"`
+	// The fully-qualified name of the extension field. There must be a leading
+	// dot in front of the full name.
+	FullName *string `protobuf:"bytes,2,opt,name=full_name,json=fullName" json:"full_name,omitempty"`
+	// The fully-qualified type name of the extension field. Unlike
+	// Metadata.type, Declaration.type must have a leading dot for messages
+	// and enums.
+	Type *string `protobuf:"bytes,3,opt,name=type" json:"type,omitempty"`
+	// Deprecated. Please use "repeated".
+	//
+	// Deprecated: Marked as deprecated in google/protobuf/descriptor.proto.
+	IsRepeated *bool `protobuf:"varint,4,opt,name=is_repeated,json=isRepeated" json:"is_repeated,omitempty"`
+	// If true, indicates that the number is reserved in the extension range,
+	// and any extension field with the number will fail to compile. Set this
+	// when a declared extension field is deleted.
+	Reserved *bool `protobuf:"varint,5,opt,name=reserved" json:"reserved,omitempty"`
+	// If true, indicates that the extension must be defined as repeated.
+	// Otherwise the extension must be defined as optional.
+	Repeated *bool `protobuf:"varint,6,opt,name=repeated" json:"repeated,omitempty"`
+}
+
+func (x *ExtensionRangeOptions_Declaration) Reset() {
+	*x = ExtensionRangeOptions_Declaration{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[23]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ExtensionRangeOptions_Declaration) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ExtensionRangeOptions_Declaration) ProtoMessage() {}
+
+func (x *ExtensionRangeOptions_Declaration) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[23]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ExtensionRangeOptions_Declaration.ProtoReflect.Descriptor instead.
+func (*ExtensionRangeOptions_Declaration) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{3, 0}
+}
+
+func (x *ExtensionRangeOptions_Declaration) GetNumber() int32 {
+	if x != nil && x.Number != nil {
+		return *x.Number
+	}
+	return 0
+}
+
+func (x *ExtensionRangeOptions_Declaration) GetFullName() string {
+	if x != nil && x.FullName != nil {
+		return *x.FullName
+	}
+	return ""
+}
+
+func (x *ExtensionRangeOptions_Declaration) GetType() string {
+	if x != nil && x.Type != nil {
+		return *x.Type
+	}
+	return ""
+}
+
+// Deprecated: Marked as deprecated in google/protobuf/descriptor.proto.
+func (x *ExtensionRangeOptions_Declaration) GetIsRepeated() bool {
+	if x != nil && x.IsRepeated != nil {
+		return *x.IsRepeated
+	}
+	return false
+}
+
+func (x *ExtensionRangeOptions_Declaration) GetReserved() bool {
+	if x != nil && x.Reserved != nil {
+		return *x.Reserved
+	}
+	return false
+}
+
+func (x *ExtensionRangeOptions_Declaration) GetRepeated() bool {
+	if x != nil && x.Repeated != nil {
+		return *x.Repeated
+	}
+	return false
+}
+
 // Range of reserved numeric values. Reserved values may not be used by
 // entries in the same enum. Reserved ranges may not overlap.
 //
@@ -2669,7 +3184,7 @@ type EnumDescriptorProto_EnumReservedRange struct {
 func (x *EnumDescriptorProto_EnumReservedRange) Reset() {
 	*x = EnumDescriptorProto_EnumReservedRange{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[23]
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[24]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2682,7 +3197,7 @@ func (x *EnumDescriptorProto_EnumReservedRange) String() string {
 func (*EnumDescriptorProto_EnumReservedRange) ProtoMessage() {}
 
 func (x *EnumDescriptorProto_EnumReservedRange) ProtoReflect() protoreflect.Message {
-	mi := &file_google_protobuf_descriptor_proto_msgTypes[23]
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[24]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2715,8 +3230,8 @@ func (x *EnumDescriptorProto_EnumReservedRange) GetEnd() int32 {
 // The name of the uninterpreted option.  Each string represents a segment in
 // a dot-separated name.  is_extension is true iff a segment represents an
 // extension (denoted with parentheses in options specs in .proto files).
-// E.g.,{ ["foo", false], ["bar.baz", true], ["qux", false] } represents
-// "foo.(bar.baz).qux".
+// E.g.,{ ["foo", false], ["bar.baz", true], ["moo", false] } represents
+// "foo.(bar.baz).moo".
 type UninterpretedOption_NamePart struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -2729,7 +3244,7 @@ type UninterpretedOption_NamePart struct {
 func (x *UninterpretedOption_NamePart) Reset() {
 	*x = UninterpretedOption_NamePart{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[24]
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[25]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2742,7 +3257,7 @@ func (x *UninterpretedOption_NamePart) String() string {
 func (*UninterpretedOption_NamePart) ProtoMessage() {}
 
 func (x *UninterpretedOption_NamePart) ProtoReflect() protoreflect.Message {
-	mi := &file_google_protobuf_descriptor_proto_msgTypes[24]
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[25]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2781,23 +3296,34 @@ type SourceCodeInfo_Location struct {
 	// location.
 	//
 	// Each element is a field number or an index.  They form a path from
-	// the root FileDescriptorProto to the place where the definition.  For
-	// example, this path:
-	//   [ 4, 3, 2, 7, 1 ]
+	// the root FileDescriptorProto to the place where the definition occurs.
+	// For example, this path:
+	//
+	//	[ 4, 3, 2, 7, 1 ]
+	//
 	// refers to:
-	//   file.message_type(3)  // 4, 3
-	//       .field(7)         // 2, 7
-	//       .name()           // 1
+	//
+	//	file.message_type(3)  // 4, 3
+	//	    .field(7)         // 2, 7
+	//	    .name()           // 1
+	//
 	// This is because FileDescriptorProto.message_type has field number 4:
-	//   repeated DescriptorProto message_type = 4;
+	//
+	//	repeated DescriptorProto message_type = 4;
+	//
 	// and DescriptorProto.field has field number 2:
-	//   repeated FieldDescriptorProto field = 2;
+	//
+	//	repeated FieldDescriptorProto field = 2;
+	//
 	// and FieldDescriptorProto.name has field number 1:
-	//   optional string name = 1;
+	//
+	//	optional string name = 1;
 	//
 	// Thus, the above path gives the location of a field name.  If we removed
 	// the last element:
-	//   [ 4, 3, 2, 7 ]
+	//
+	//	[ 4, 3, 2, 7 ]
+	//
 	// this path refers to the whole field declaration (from the beginning
 	// of the label to the terminating semicolon).
 	Path []int32 `protobuf:"varint,1,rep,packed,name=path" json:"path,omitempty"`
@@ -2826,34 +3352,34 @@ type SourceCodeInfo_Location struct {
 	//
 	// Examples:
 	//
-	//   optional int32 foo = 1;  // Comment attached to foo.
-	//   // Comment attached to bar.
-	//   optional int32 bar = 2;
+	//	optional int32 foo = 1;  // Comment attached to foo.
+	//	// Comment attached to bar.
+	//	optional int32 bar = 2;
 	//
-	//   optional string baz = 3;
-	//   // Comment attached to baz.
-	//   // Another line attached to baz.
+	//	optional string baz = 3;
+	//	// Comment attached to baz.
+	//	// Another line attached to baz.
 	//
-	//   // Comment attached to qux.
-	//   //
-	//   // Another line attached to qux.
-	//   optional double qux = 4;
+	//	// Comment attached to moo.
+	//	//
+	//	// Another line attached to moo.
+	//	optional double moo = 4;
 	//
-	//   // Detached comment for corge. This is not leading or trailing comments
-	//   // to qux or corge because there are blank lines separating it from
-	//   // both.
+	//	// Detached comment for corge. This is not leading or trailing comments
+	//	// to moo or corge because there are blank lines separating it from
+	//	// both.
 	//
-	//   // Detached comment for corge paragraph 2.
+	//	// Detached comment for corge paragraph 2.
 	//
-	//   optional string corge = 5;
-	//   /* Block comment attached
-	//    * to corge.  Leading asterisks
-	//    * will be removed. */
-	//   /* Block comment attached to
-	//    * grault. */
-	//   optional int32 grault = 6;
+	//	optional string corge = 5;
+	//	/* Block comment attached
+	//	 * to corge.  Leading asterisks
+	//	 * will be removed. */
+	//	/* Block comment attached to
+	//	 * grault. */
+	//	optional int32 grault = 6;
 	//
-	//   // ignored detached comments.
+	//	// ignored detached comments.
 	LeadingComments         *string  `protobuf:"bytes,3,opt,name=leading_comments,json=leadingComments" json:"leading_comments,omitempty"`
 	TrailingComments        *string  `protobuf:"bytes,4,opt,name=trailing_comments,json=trailingComments" json:"trailing_comments,omitempty"`
 	LeadingDetachedComments []string `protobuf:"bytes,6,rep,name=leading_detached_comments,json=leadingDetachedComments" json:"leading_detached_comments,omitempty"`
@@ -2862,7 +3388,7 @@ type SourceCodeInfo_Location struct {
 func (x *SourceCodeInfo_Location) Reset() {
 	*x = SourceCodeInfo_Location{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[25]
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[26]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2875,7 +3401,7 @@ func (x *SourceCodeInfo_Location) String() string {
 func (*SourceCodeInfo_Location) ProtoMessage() {}
 
 func (x *SourceCodeInfo_Location) ProtoReflect() protoreflect.Message {
-	mi := &file_google_protobuf_descriptor_proto_msgTypes[25]
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[26]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2940,15 +3466,16 @@ type GeneratedCodeInfo_Annotation struct {
 	// that relates to the identified object.
 	Begin *int32 `protobuf:"varint,3,opt,name=begin" json:"begin,omitempty"`
 	// Identifies the ending offset in bytes in the generated code that
-	// relates to the identified offset. The end offset should be one past
+	// relates to the identified object. The end offset should be one past
 	// the last relevant byte (so the length of the text = end - begin).
-	End *int32 `protobuf:"varint,4,opt,name=end" json:"end,omitempty"`
+	End      *int32                                 `protobuf:"varint,4,opt,name=end" json:"end,omitempty"`
+	Semantic *GeneratedCodeInfo_Annotation_Semantic `protobuf:"varint,5,opt,name=semantic,enum=google.protobuf.GeneratedCodeInfo_Annotation_Semantic" json:"semantic,omitempty"`
 }
 
 func (x *GeneratedCodeInfo_Annotation) Reset() {
 	*x = GeneratedCodeInfo_Annotation{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[26]
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[27]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2961,7 +3488,7 @@ func (x *GeneratedCodeInfo_Annotation) String() string {
 func (*GeneratedCodeInfo_Annotation) ProtoMessage() {}
 
 func (x *GeneratedCodeInfo_Annotation) ProtoReflect() protoreflect.Message {
-	mi := &file_google_protobuf_descriptor_proto_msgTypes[26]
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[27]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -3005,6 +3532,13 @@ func (x *GeneratedCodeInfo_Annotation) GetEnd() int32 {
 	return 0
 }
 
+func (x *GeneratedCodeInfo_Annotation) GetSemantic() GeneratedCodeInfo_Annotation_Semantic {
+	if x != nil && x.Semantic != nil {
+		return *x.Semantic
+	}
+	return GeneratedCodeInfo_Annotation_NONE
+}
+
 var File_google_protobuf_descriptor_proto protoreflect.FileDescriptor
 
 var file_google_protobuf_descriptor_proto_rawDesc = []byte{
@@ -3016,7 +3550,7 @@ var file_google_protobuf_descriptor_proto_rawDesc = []byte{
 	0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
 	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x44, 0x65, 0x73,
 	0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x04, 0x66, 0x69,
-	0x6c, 0x65, 0x22, 0xe4, 0x04, 0x0a, 0x13, 0x46, 0x69, 0x6c, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72,
+	0x6c, 0x65, 0x22, 0xfe, 0x04, 0x0a, 0x13, 0x46, 0x69, 0x6c, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72,
 	0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61,
 	0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x18,
 	0x0a, 0x07, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
@@ -3054,330 +3588,423 @@ var file_google_protobuf_descriptor_proto_rawDesc = []byte{
 	0x75, 0x66, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66,
 	0x6f, 0x52, 0x0e, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66,
 	0x6f, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x79, 0x6e, 0x74, 0x61, 0x78, 0x18, 0x0c, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x06, 0x73, 0x79, 0x6e, 0x74, 0x61, 0x78, 0x22, 0xb9, 0x06, 0x0a, 0x0f, 0x44, 0x65,
-	0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a,
-	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d,
-	0x65, 0x12, 0x3b, 0x0a, 0x05, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b,
-	0x32, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
-	0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74,
-	0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x05, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x12, 0x43,
-	0x0a, 0x09, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x03, 0x28,
-	0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
-	0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x09, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73,
-	0x69, 0x6f, 0x6e, 0x12, 0x41, 0x0a, 0x0b, 0x6e, 0x65, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x79,
-	0x70, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x65, 0x73, 0x63, 0x72,
-	0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x0a, 0x6e, 0x65, 0x73, 0x74,
-	0x65, 0x64, 0x54, 0x79, 0x70, 0x65, 0x12, 0x41, 0x0a, 0x09, 0x65, 0x6e, 0x75, 0x6d, 0x5f, 0x74,
-	0x79, 0x70, 0x65, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d,
-	0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52,
-	0x08, 0x65, 0x6e, 0x75, 0x6d, 0x54, 0x79, 0x70, 0x65, 0x12, 0x58, 0x0a, 0x0f, 0x65, 0x78, 0x74,
-	0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x05, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x09, 0x52, 0x06, 0x73, 0x79, 0x6e, 0x74, 0x61, 0x78, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x64, 0x69,
+	0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x65, 0x64, 0x69, 0x74,
+	0x69, 0x6f, 0x6e, 0x22, 0xb9, 0x06, 0x0a, 0x0f, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74,
+	0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3b, 0x0a, 0x05, 0x66,
+	0x69, 0x65, 0x6c, 0x64, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65,
+	0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74,
+	0x6f, 0x52, 0x05, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x12, 0x43, 0x0a, 0x09, 0x65, 0x78, 0x74, 0x65,
+	0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69,
+	0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f,
+	0x74, 0x6f, 0x52, 0x09, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x41, 0x0a,
+	0x0b, 0x6e, 0x65, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x20, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
 	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50,
-	0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61,
-	0x6e, 0x67, 0x65, 0x52, 0x0e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61,
-	0x6e, 0x67, 0x65, 0x12, 0x44, 0x0a, 0x0a, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x5f, 0x64, 0x65, 0x63,
-	0x6c, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x44,
-	0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x09,
-	0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x44, 0x65, 0x63, 0x6c, 0x12, 0x39, 0x0a, 0x07, 0x6f, 0x70, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x73,
-	0x73, 0x61, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x12, 0x55, 0x0a, 0x0e, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64,
-	0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x67,
+	0x72, 0x6f, 0x74, 0x6f, 0x52, 0x0a, 0x6e, 0x65, 0x73, 0x74, 0x65, 0x64, 0x54, 0x79, 0x70, 0x65,
+	0x12, 0x41, 0x0a, 0x09, 0x65, 0x6e, 0x75, 0x6d, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x04, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69,
+	0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x08, 0x65, 0x6e, 0x75, 0x6d, 0x54,
+	0x79, 0x70, 0x65, 0x12, 0x58, 0x0a, 0x0f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e,
+	0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x67,
 	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44,
-	0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x52,
-	0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x0d, 0x72, 0x65,
-	0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x72,
-	0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x03,
-	0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x4e, 0x61, 0x6d, 0x65,
-	0x1a, 0x7a, 0x0a, 0x0e, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, 0x6e,
-	0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x05, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x12, 0x40, 0x0a, 0x07, 0x6f, 0x70,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x78,
-	0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0x37, 0x0a, 0x0d,
-	0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x14, 0x0a,
-	0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x73, 0x74,
-	0x61, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05,
-	0x52, 0x03, 0x65, 0x6e, 0x64, 0x22, 0x7c, 0x0a, 0x15, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69,
-	0x6f, 0x6e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x58,
-	0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f,
-	0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
-	0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74,
-	0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74,
-	0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80,
-	0x80, 0x80, 0x02, 0x22, 0xc1, 0x06, 0x0a, 0x14, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73,
-	0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04,
-	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65,
-	0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05,
-	0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x41, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65,
-	0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44,
-	0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x4c,
-	0x61, 0x62, 0x65, 0x6c, 0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x3e, 0x0a, 0x04, 0x74,
-	0x79, 0x70, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c,
-	0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f,
-	0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x74,
-	0x79, 0x70, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08,
-	0x74, 0x79, 0x70, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x78, 0x74, 0x65,
-	0x6e, 0x64, 0x65, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x74, 0x65,
-	0x6e, 0x64, 0x65, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f,
-	0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x64, 0x65, 0x66,
-	0x61, 0x75, 0x6c, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6f, 0x6e, 0x65,
-	0x6f, 0x66, 0x5f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x09, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0a,
-	0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x1b, 0x0a, 0x09, 0x6a, 0x73,
-	0x6f, 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6a,
-	0x73, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x37, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64,
-	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x12, 0x27, 0x0a, 0x0f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x61, 0x6c, 0x18, 0x11, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x33, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x22, 0xb6, 0x02, 0x0a, 0x04, 0x54, 0x79,
-	0x70, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x4f, 0x55, 0x42, 0x4c,
-	0x45, 0x10, 0x01, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x4c, 0x4f, 0x41,
-	0x54, 0x10, 0x02, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54, 0x36,
-	0x34, 0x10, 0x03, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x49, 0x4e, 0x54,
-	0x36, 0x34, 0x10, 0x04, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54,
-	0x33, 0x32, 0x10, 0x05, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x58,
-	0x45, 0x44, 0x36, 0x34, 0x10, 0x06, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46,
-	0x49, 0x58, 0x45, 0x44, 0x33, 0x32, 0x10, 0x07, 0x12, 0x0d, 0x0a, 0x09, 0x54, 0x59, 0x50, 0x45,
-	0x5f, 0x42, 0x4f, 0x4f, 0x4c, 0x10, 0x08, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f,
-	0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x09, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45,
-	0x5f, 0x47, 0x52, 0x4f, 0x55, 0x50, 0x10, 0x0a, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45,
-	0x5f, 0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45, 0x10, 0x0b, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59,
-	0x50, 0x45, 0x5f, 0x42, 0x59, 0x54, 0x45, 0x53, 0x10, 0x0c, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59,
-	0x50, 0x45, 0x5f, 0x55, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, 0x0d, 0x12, 0x0d, 0x0a, 0x09, 0x54,
-	0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x10, 0x0e, 0x12, 0x11, 0x0a, 0x0d, 0x54, 0x59,
-	0x50, 0x45, 0x5f, 0x53, 0x46, 0x49, 0x58, 0x45, 0x44, 0x33, 0x32, 0x10, 0x0f, 0x12, 0x11, 0x0a,
-	0x0d, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x46, 0x49, 0x58, 0x45, 0x44, 0x36, 0x34, 0x10, 0x10,
-	0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10,
-	0x11, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x49, 0x4e, 0x54, 0x36, 0x34,
-	0x10, 0x12, 0x22, 0x43, 0x0a, 0x05, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x12, 0x0a, 0x0e, 0x4c,
-	0x41, 0x42, 0x45, 0x4c, 0x5f, 0x4f, 0x50, 0x54, 0x49, 0x4f, 0x4e, 0x41, 0x4c, 0x10, 0x01, 0x12,
-	0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x49, 0x52, 0x45,
-	0x44, 0x10, 0x02, 0x12, 0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x52, 0x45, 0x50,
-	0x45, 0x41, 0x54, 0x45, 0x44, 0x10, 0x03, 0x22, 0x63, 0x0a, 0x14, 0x4f, 0x6e, 0x65, 0x6f, 0x66,
-	0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12,
-	0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e,
-	0x61, 0x6d, 0x65, 0x12, 0x37, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02,
+	0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x45,
+	0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x0e, 0x65,
+	0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x44, 0x0a,
+	0x0a, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x5f, 0x64, 0x65, 0x63, 0x6c, 0x18, 0x08, 0x20, 0x03, 0x28,
+	0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x75, 0x66, 0x2e, 0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
+	0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x09, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x44,
+	0x65, 0x63, 0x6c, 0x12, 0x39, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x07,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x4f, 0x70,
+	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x55,
+	0x0a, 0x0e, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65,
+	0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
+	0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65,
+	0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x0d, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64,
+	0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65,
+	0x64, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65,
+	0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x4e, 0x61, 0x6d, 0x65, 0x1a, 0x7a, 0x0a, 0x0e, 0x45, 0x78,
+	0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05,
+	0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x73, 0x74, 0x61,
+	0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52,
+	0x03, 0x65, 0x6e, 0x64, 0x12, 0x40, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f,
+	0x6e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0x37, 0x0a, 0x0d, 0x52, 0x65, 0x73, 0x65, 0x72, 0x76,
+	0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x10, 0x0a,
+	0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x22,
+	0xad, 0x04, 0x0a, 0x15, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, 0x6e,
+	0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13,
+	0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x12, 0x59, 0x0a, 0x0b, 0x64, 0x65, 0x63, 0x6c, 0x61, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x6e,
+	0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x2e, 0x44, 0x65, 0x63, 0x6c, 0x61, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x03, 0x88, 0x01,
+	0x02, 0x52, 0x0b, 0x64, 0x65, 0x63, 0x6c, 0x61, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x68,
+	0x0a, 0x0c, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x0e, 0x32, 0x38, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e,
+	0x52, 0x61, 0x6e, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x56, 0x65, 0x72,
+	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x65, 0x3a, 0x0a,
+	0x55, 0x4e, 0x56, 0x45, 0x52, 0x49, 0x46, 0x49, 0x45, 0x44, 0x52, 0x0c, 0x76, 0x65, 0x72, 0x69,
+	0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0xb3, 0x01, 0x0a, 0x0b, 0x44, 0x65, 0x63,
+	0x6c, 0x61, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62,
+	0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72,
+	0x12, 0x1b, 0x0a, 0x09, 0x66, 0x75, 0x6c, 0x6c, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x08, 0x66, 0x75, 0x6c, 0x6c, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a,
+	0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70,
+	0x65, 0x12, 0x23, 0x0a, 0x0b, 0x69, 0x73, 0x5f, 0x72, 0x65, 0x70, 0x65, 0x61, 0x74, 0x65, 0x64,
+	0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0a, 0x69, 0x73, 0x52, 0x65,
+	0x70, 0x65, 0x61, 0x74, 0x65, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76,
+	0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76,
+	0x65, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x70, 0x65, 0x61, 0x74, 0x65, 0x64, 0x18, 0x06,
+	0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x70, 0x65, 0x61, 0x74, 0x65, 0x64, 0x22, 0x34,
+	0x0a, 0x11, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74,
+	0x61, 0x74, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x44, 0x45, 0x43, 0x4c, 0x41, 0x52, 0x41, 0x54, 0x49,
+	0x4f, 0x4e, 0x10, 0x00, 0x12, 0x0e, 0x0a, 0x0a, 0x55, 0x4e, 0x56, 0x45, 0x52, 0x49, 0x46, 0x49,
+	0x45, 0x44, 0x10, 0x01, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x22,
+	0xc1, 0x06, 0x0a, 0x14, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
+	0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06,
+	0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x6e, 0x75,
+	0x6d, 0x62, 0x65, 0x72, 0x12, 0x41, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x04, 0x20,
+	0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72,
+	0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c,
+	0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x3e, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18,
+	0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73,
+	0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x54, 0x79, 0x70,
+	0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x79, 0x70, 0x65, 0x5f,
+	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x74, 0x79, 0x70, 0x65,
+	0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x65,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x65,
+	0x12, 0x23, 0x0a, 0x0d, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74,
+	0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x5f, 0x69,
+	0x6e, 0x64, 0x65, 0x78, 0x18, 0x09, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0a, 0x6f, 0x6e, 0x65, 0x6f,
+	0x66, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x1b, 0x0a, 0x09, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x6e,
+	0x61, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6a, 0x73, 0x6f, 0x6e, 0x4e,
+	0x61, 0x6d, 0x65, 0x12, 0x37, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x08,
 	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x4f, 0x70, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xe3, 0x02, 0x0a,
-	0x13, 0x45, 0x6e, 0x75, 0x6d, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50,
-	0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3f, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75,
-	0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61,
-	0x6c, 0x75, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f,
-	0x74, 0x6f, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x36, 0x0a, 0x07, 0x6f, 0x70, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75,
-	0x6d, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x12, 0x5d, 0x0a, 0x0e, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x72, 0x61,
-	0x6e, 0x67, 0x65, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d,
-	0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
-	0x45, 0x6e, 0x75, 0x6d, 0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67,
-	0x65, 0x52, 0x0d, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65,
-	0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x6e, 0x61, 0x6d,
-	0x65, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65,
-	0x64, 0x4e, 0x61, 0x6d, 0x65, 0x1a, 0x3b, 0x0a, 0x11, 0x45, 0x6e, 0x75, 0x6d, 0x52, 0x65, 0x73,
-	0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74,
-	0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74,
-	0x12, 0x10, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65,
-	0x6e, 0x64, 0x22, 0x83, 0x01, 0x0a, 0x18, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x27, 0x0a, 0x0f,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x18,
+	0x11, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x22, 0xb6, 0x02, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0f,
+	0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x4f, 0x55, 0x42, 0x4c, 0x45, 0x10, 0x01, 0x12,
+	0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x4c, 0x4f, 0x41, 0x54, 0x10, 0x02, 0x12,
+	0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x03, 0x12,
+	0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x04,
+	0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, 0x05,
+	0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x58, 0x45, 0x44, 0x36, 0x34,
+	0x10, 0x06, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x58, 0x45, 0x44,
+	0x33, 0x32, 0x10, 0x07, 0x12, 0x0d, 0x0a, 0x09, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x42, 0x4f, 0x4f,
+	0x4c, 0x10, 0x08, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x52, 0x49,
+	0x4e, 0x47, 0x10, 0x09, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x47, 0x52, 0x4f,
+	0x55, 0x50, 0x10, 0x0a, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4d, 0x45, 0x53,
+	0x53, 0x41, 0x47, 0x45, 0x10, 0x0b, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x42,
+	0x59, 0x54, 0x45, 0x53, 0x10, 0x0c, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55,
+	0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, 0x0d, 0x12, 0x0d, 0x0a, 0x09, 0x54, 0x59, 0x50, 0x45, 0x5f,
+	0x45, 0x4e, 0x55, 0x4d, 0x10, 0x0e, 0x12, 0x11, 0x0a, 0x0d, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53,
+	0x46, 0x49, 0x58, 0x45, 0x44, 0x33, 0x32, 0x10, 0x0f, 0x12, 0x11, 0x0a, 0x0d, 0x54, 0x59, 0x50,
+	0x45, 0x5f, 0x53, 0x46, 0x49, 0x58, 0x45, 0x44, 0x36, 0x34, 0x10, 0x10, 0x12, 0x0f, 0x0a, 0x0b,
+	0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, 0x11, 0x12, 0x0f, 0x0a,
+	0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x49, 0x4e, 0x54, 0x36, 0x34, 0x10, 0x12, 0x22, 0x43,
+	0x0a, 0x05, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c,
+	0x5f, 0x4f, 0x50, 0x54, 0x49, 0x4f, 0x4e, 0x41, 0x4c, 0x10, 0x01, 0x12, 0x12, 0x0a, 0x0e, 0x4c,
+	0x41, 0x42, 0x45, 0x4c, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x49, 0x52, 0x45, 0x44, 0x10, 0x02, 0x12,
+	0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x52, 0x45, 0x50, 0x45, 0x41, 0x54, 0x45,
+	0x44, 0x10, 0x03, 0x22, 0x63, 0x0a, 0x14, 0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x44, 0x65, 0x73, 0x63,
+	0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e,
+	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12,
+	0x37, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2e, 0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52,
+	0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xe3, 0x02, 0x0a, 0x13, 0x45, 0x6e, 0x75,
+	0x6d, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f,
+	0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
+	0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3f, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x44,
+	0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x05,
+	0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x36, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5d, 0x0a,
+	0x0e, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18,
+	0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x44, 0x65, 0x73, 0x63,
+	0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x45, 0x6e, 0x75, 0x6d,
+	0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x0d, 0x72,
+	0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x23, 0x0a, 0x0d,
+	0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20,
+	0x03, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x4e, 0x61, 0x6d,
+	0x65, 0x1a, 0x3b, 0x0a, 0x11, 0x45, 0x6e, 0x75, 0x6d, 0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65,
+	0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03,
+	0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x22, 0x83,
+	0x01, 0x0a, 0x18, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x44, 0x65, 0x73, 0x63,
+	0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e,
+	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12,
+	0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52,
+	0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x3b, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x56,
+	0x61, 0x6c, 0x75, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x22, 0xa7, 0x01, 0x0a, 0x16, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
 	0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12,
 	0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e,
-	0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x05, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x3b, 0x0a, 0x07, 0x6f,
-	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45,
-	0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52,
-	0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xa7, 0x01, 0x0a, 0x16, 0x53, 0x65, 0x72,
-	0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72,
-	0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3e, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f,
-	0x64, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64,
-	0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52,
-	0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x39, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69,
-	0x63, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x22, 0x89, 0x02, 0x0a, 0x15, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x73,
-	0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04,
-	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65,
-	0x12, 0x1d, 0x0a, 0x0a, 0x69, 0x6e, 0x70, 0x75, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x69, 0x6e, 0x70, 0x75, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12,
-	0x1f, 0x0a, 0x0b, 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x54, 0x79, 0x70, 0x65,
-	0x12, 0x38, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x30, 0x0a, 0x10, 0x63, 0x6c,
-	0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x18, 0x05,
-	0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0f, 0x63, 0x6c, 0x69,
-	0x65, 0x6e, 0x74, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x12, 0x30, 0x0a, 0x10,
-	0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67,
-	0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0f, 0x73,
-	0x65, 0x72, 0x76, 0x65, 0x72, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x22, 0x91,
-	0x09, 0x0a, 0x0b, 0x46, 0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x21,
-	0x0a, 0x0c, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x6a, 0x61, 0x76, 0x61, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67,
-	0x65, 0x12, 0x30, 0x0a, 0x14, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x5f,
-	0x63, 0x6c, 0x61, 0x73, 0x73, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x12, 0x6a, 0x61, 0x76, 0x61, 0x4f, 0x75, 0x74, 0x65, 0x72, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x6e,
-	0x61, 0x6d, 0x65, 0x12, 0x35, 0x0a, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x6d, 0x75, 0x6c, 0x74,
-	0x69, 0x70, 0x6c, 0x65, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08,
-	0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x11, 0x6a, 0x61, 0x76, 0x61, 0x4d, 0x75, 0x6c,
-	0x74, 0x69, 0x70, 0x6c, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x44, 0x0a, 0x1d, 0x6a, 0x61,
-	0x76, 0x61, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x71, 0x75, 0x61,
-	0x6c, 0x73, 0x5f, 0x61, 0x6e, 0x64, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x14, 0x20, 0x01, 0x28,
-	0x08, 0x42, 0x02, 0x18, 0x01, 0x52, 0x19, 0x6a, 0x61, 0x76, 0x61, 0x47, 0x65, 0x6e, 0x65, 0x72,
-	0x61, 0x74, 0x65, 0x45, 0x71, 0x75, 0x61, 0x6c, 0x73, 0x41, 0x6e, 0x64, 0x48, 0x61, 0x73, 0x68,
-	0x12, 0x3a, 0x0a, 0x16, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x5f,
-	0x63, 0x68, 0x65, 0x63, 0x6b, 0x5f, 0x75, 0x74, 0x66, 0x38, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x08,
-	0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x53, 0x74, 0x72,
-	0x69, 0x6e, 0x67, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x55, 0x74, 0x66, 0x38, 0x12, 0x53, 0x0a, 0x0c,
-	0x6f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x5f, 0x66, 0x6f, 0x72, 0x18, 0x09, 0x20, 0x01,
-	0x28, 0x0e, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x3a, 0x05, 0x53,
-	0x50, 0x45, 0x45, 0x44, 0x52, 0x0b, 0x6f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x46, 0x6f,
-	0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x67, 0x6f, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18,
-	0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x67, 0x6f, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65,
-	0x12, 0x35, 0x0a, 0x13, 0x63, 0x63, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73,
-	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66,
-	0x61, 0x6c, 0x73, 0x65, 0x52, 0x11, 0x63, 0x63, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53,
-	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x39, 0x0a, 0x15, 0x6a, 0x61, 0x76, 0x61, 0x5f,
-	0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73,
-	0x18, 0x11, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x13, 0x6a,
-	0x61, 0x76, 0x61, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
-	0x65, 0x73, 0x12, 0x35, 0x0a, 0x13, 0x70, 0x79, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63,
-	0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x3a,
-	0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x11, 0x70, 0x79, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69,
-	0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x37, 0x0a, 0x14, 0x70, 0x68, 0x70,
-	0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
-	0x73, 0x18, 0x2a, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x12,
-	0x70, 0x68, 0x70, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
-	0x65, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64,
-	0x18, 0x17, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64,
-	0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x2e, 0x0a, 0x10, 0x63, 0x63, 0x5f,
-	0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x61, 0x72, 0x65, 0x6e, 0x61, 0x73, 0x18, 0x1f, 0x20,
-	0x01, 0x28, 0x08, 0x3a, 0x04, 0x74, 0x72, 0x75, 0x65, 0x52, 0x0e, 0x63, 0x63, 0x45, 0x6e, 0x61,
-	0x62, 0x6c, 0x65, 0x41, 0x72, 0x65, 0x6e, 0x61, 0x73, 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x62, 0x6a,
-	0x63, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x24,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6f, 0x62, 0x6a, 0x63, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x50,
-	0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x73, 0x68, 0x61, 0x72, 0x70, 0x5f,
-	0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x25, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x0f, 0x63, 0x73, 0x68, 0x61, 0x72, 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65,
-	0x12, 0x21, 0x0a, 0x0c, 0x73, 0x77, 0x69, 0x66, 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78,
-	0x18, 0x27, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x73, 0x77, 0x69, 0x66, 0x74, 0x50, 0x72, 0x65,
-	0x66, 0x69, 0x78, 0x12, 0x28, 0x0a, 0x10, 0x70, 0x68, 0x70, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73,
-	0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x28, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x70,
-	0x68, 0x70, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x23, 0x0a,
-	0x0d, 0x70, 0x68, 0x70, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x29,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x70, 0x68, 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61,
-	0x63, 0x65, 0x12, 0x34, 0x0a, 0x16, 0x70, 0x68, 0x70, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61,
-	0x74, 0x61, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x2c, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x14, 0x70, 0x68, 0x70, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4e,
-	0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x72, 0x75, 0x62, 0x79,
-	0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x2d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b,
-	0x72, 0x75, 0x62, 0x79, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x58, 0x0a, 0x14, 0x75,
-	0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74,
-	0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69,
-	0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
-	0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f,
-	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x3a, 0x0a, 0x0c, 0x4f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a,
-	0x65, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x09, 0x0a, 0x05, 0x53, 0x50, 0x45, 0x45, 0x44, 0x10, 0x01,
-	0x12, 0x0d, 0x0a, 0x09, 0x43, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x49, 0x5a, 0x45, 0x10, 0x02, 0x12,
-	0x10, 0x0a, 0x0c, 0x4c, 0x49, 0x54, 0x45, 0x5f, 0x52, 0x55, 0x4e, 0x54, 0x49, 0x4d, 0x45, 0x10,
-	0x03, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x26,
-	0x10, 0x27, 0x22, 0xd1, 0x02, 0x0a, 0x0e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x4f, 0x70,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x3c, 0x0a, 0x17, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65,
-	0x5f, 0x73, 0x65, 0x74, 0x5f, 0x77, 0x69, 0x72, 0x65, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x14, 0x6d,
-	0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x57, 0x69, 0x72, 0x65, 0x46, 0x6f, 0x72,
-	0x6d, 0x61, 0x74, 0x12, 0x4c, 0x0a, 0x1f, 0x6e, 0x6f, 0x5f, 0x73, 0x74, 0x61, 0x6e, 0x64, 0x61,
-	0x72, 0x64, 0x5f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x5f, 0x61, 0x63,
-	0x63, 0x65, 0x73, 0x73, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61,
-	0x6c, 0x73, 0x65, 0x52, 0x1c, 0x6e, 0x6f, 0x53, 0x74, 0x61, 0x6e, 0x64, 0x61, 0x72, 0x64, 0x44,
-	0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6f,
-	0x72, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18,
-	0x03, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65,
-	0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61, 0x70, 0x5f,
-	0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6d, 0x61, 0x70,
-	0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72,
-	0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72,
-	0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e,
-	0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a,
-	0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x08, 0x10, 0x09,
-	0x4a, 0x04, 0x08, 0x09, 0x10, 0x0a, 0x22, 0xe2, 0x03, 0x0a, 0x0c, 0x46, 0x69, 0x65, 0x6c, 0x64,
-	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x41, 0x0a, 0x05, 0x63, 0x74, 0x79, 0x70, 0x65,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x23, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x43, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x06, 0x53, 0x54, 0x52,
-	0x49, 0x4e, 0x47, 0x52, 0x05, 0x63, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x61,
-	0x63, 0x6b, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x70, 0x61, 0x63, 0x6b,
-	0x65, 0x64, 0x12, 0x47, 0x0a, 0x06, 0x6a, 0x73, 0x74, 0x79, 0x70, 0x65, 0x18, 0x06, 0x20, 0x01,
-	0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x61, 0x6d, 0x65, 0x12, 0x3e, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x02, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x73, 0x63,
+	0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x06, 0x6d, 0x65, 0x74,
+	0x68, 0x6f, 0x64, 0x12, 0x39, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x70,
+	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x89,
+	0x02, 0x0a, 0x15, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
+	0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1d, 0x0a, 0x0a,
+	0x69, 0x6e, 0x70, 0x75, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x09, 0x69, 0x6e, 0x70, 0x75, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6f,
+	0x75, 0x74, 0x70, 0x75, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0a, 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x38, 0x0a, 0x07,
+	0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x30, 0x0a, 0x10, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
+	0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08,
+	0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53,
+	0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x12, 0x30, 0x0a, 0x10, 0x73, 0x65, 0x72, 0x76,
+	0x65, 0x72, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x18, 0x06, 0x20, 0x01,
+	0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0f, 0x73, 0x65, 0x72, 0x76, 0x65,
+	0x72, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x22, 0x91, 0x09, 0x0a, 0x0b, 0x46,
+	0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x6a, 0x61,
+	0x76, 0x61, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0b, 0x6a, 0x61, 0x76, 0x61, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x30, 0x0a,
+	0x14, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x5f, 0x63, 0x6c, 0x61, 0x73,
+	0x73, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x6a, 0x61, 0x76,
+	0x61, 0x4f, 0x75, 0x74, 0x65, 0x72, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x6e, 0x61, 0x6d, 0x65, 0x12,
+	0x35, 0x0a, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x65,
+	0x5f, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61,
+	0x6c, 0x73, 0x65, 0x52, 0x11, 0x6a, 0x61, 0x76, 0x61, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c,
+	0x65, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x44, 0x0a, 0x1d, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x67,
+	0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x71, 0x75, 0x61, 0x6c, 0x73, 0x5f, 0x61,
+	0x6e, 0x64, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x14, 0x20, 0x01, 0x28, 0x08, 0x42, 0x02, 0x18,
+	0x01, 0x52, 0x19, 0x6a, 0x61, 0x76, 0x61, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x45,
+	0x71, 0x75, 0x61, 0x6c, 0x73, 0x41, 0x6e, 0x64, 0x48, 0x61, 0x73, 0x68, 0x12, 0x3a, 0x0a, 0x16,
+	0x6a, 0x61, 0x76, 0x61, 0x5f, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x68, 0x65, 0x63,
+	0x6b, 0x5f, 0x75, 0x74, 0x66, 0x38, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61,
+	0x6c, 0x73, 0x65, 0x52, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x43,
+	0x68, 0x65, 0x63, 0x6b, 0x55, 0x74, 0x66, 0x38, 0x12, 0x53, 0x0a, 0x0c, 0x6f, 0x70, 0x74, 0x69,
+	0x6d, 0x69, 0x7a, 0x65, 0x5f, 0x66, 0x6f, 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x29,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2e, 0x46, 0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74,
+	0x69, 0x6d, 0x69, 0x7a, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x3a, 0x05, 0x53, 0x50, 0x45, 0x45, 0x44,
+	0x52, 0x0b, 0x6f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x46, 0x6f, 0x72, 0x12, 0x1d, 0x0a,
+	0x0a, 0x67, 0x6f, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x09, 0x67, 0x6f, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x35, 0x0a, 0x13,
+	0x63, 0x63, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69,
+	0x63, 0x65, 0x73, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65,
+	0x52, 0x11, 0x63, 0x63, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69,
+	0x63, 0x65, 0x73, 0x12, 0x39, 0x0a, 0x15, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x67, 0x65, 0x6e, 0x65,
+	0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x11, 0x20, 0x01,
+	0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x47,
+	0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x35,
+	0x0a, 0x13, 0x70, 0x79, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72,
+	0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c,
+	0x73, 0x65, 0x52, 0x11, 0x70, 0x79, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72,
+	0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x37, 0x0a, 0x14, 0x70, 0x68, 0x70, 0x5f, 0x67, 0x65, 0x6e,
+	0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x2a, 0x20,
+	0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x12, 0x70, 0x68, 0x70, 0x47,
+	0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x25,
+	0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x17, 0x20, 0x01,
+	0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65,
+	0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x2e, 0x0a, 0x10, 0x63, 0x63, 0x5f, 0x65, 0x6e, 0x61, 0x62,
+	0x6c, 0x65, 0x5f, 0x61, 0x72, 0x65, 0x6e, 0x61, 0x73, 0x18, 0x1f, 0x20, 0x01, 0x28, 0x08, 0x3a,
+	0x04, 0x74, 0x72, 0x75, 0x65, 0x52, 0x0e, 0x63, 0x63, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x41,
+	0x72, 0x65, 0x6e, 0x61, 0x73, 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x62, 0x6a, 0x63, 0x5f, 0x63, 0x6c,
+	0x61, 0x73, 0x73, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x24, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0f, 0x6f, 0x62, 0x6a, 0x63, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69,
+	0x78, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x73, 0x68, 0x61, 0x72, 0x70, 0x5f, 0x6e, 0x61, 0x6d, 0x65,
+	0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x25, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x63, 0x73, 0x68,
+	0x61, 0x72, 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c,
+	0x73, 0x77, 0x69, 0x66, 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x27, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x0b, 0x73, 0x77, 0x69, 0x66, 0x74, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12,
+	0x28, 0x0a, 0x10, 0x70, 0x68, 0x70, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x5f, 0x70, 0x72, 0x65,
+	0x66, 0x69, 0x78, 0x18, 0x28, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x70, 0x68, 0x70, 0x43, 0x6c,
+	0x61, 0x73, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x23, 0x0a, 0x0d, 0x70, 0x68, 0x70,
+	0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x29, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0c, 0x70, 0x68, 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x34,
+	0x0a, 0x16, 0x70, 0x68, 0x70, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x6e,
+	0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x2c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14,
+	0x70, 0x68, 0x70, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4e, 0x61, 0x6d, 0x65, 0x73,
+	0x70, 0x61, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x72, 0x75, 0x62, 0x79, 0x5f, 0x70, 0x61, 0x63,
+	0x6b, 0x61, 0x67, 0x65, 0x18, 0x2d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x72, 0x75, 0x62, 0x79,
+	0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18,
+	0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e,
+	0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x22, 0x3a, 0x0a, 0x0c, 0x4f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x4d, 0x6f, 0x64,
+	0x65, 0x12, 0x09, 0x0a, 0x05, 0x53, 0x50, 0x45, 0x45, 0x44, 0x10, 0x01, 0x12, 0x0d, 0x0a, 0x09,
+	0x43, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x49, 0x5a, 0x45, 0x10, 0x02, 0x12, 0x10, 0x0a, 0x0c, 0x4c,
+	0x49, 0x54, 0x45, 0x5f, 0x52, 0x55, 0x4e, 0x54, 0x49, 0x4d, 0x45, 0x10, 0x03, 0x2a, 0x09, 0x08,
+	0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x26, 0x10, 0x27, 0x22, 0xbb,
+	0x03, 0x0a, 0x0e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x12, 0x3c, 0x0a, 0x17, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x65, 0x74,
+	0x5f, 0x77, 0x69, 0x72, 0x65, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x14, 0x6d, 0x65, 0x73, 0x73, 0x61,
+	0x67, 0x65, 0x53, 0x65, 0x74, 0x57, 0x69, 0x72, 0x65, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12,
+	0x4c, 0x0a, 0x1f, 0x6e, 0x6f, 0x5f, 0x73, 0x74, 0x61, 0x6e, 0x64, 0x61, 0x72, 0x64, 0x5f, 0x64,
+	0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73,
+	0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52,
+	0x1c, 0x6e, 0x6f, 0x53, 0x74, 0x61, 0x6e, 0x64, 0x61, 0x72, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72,
+	0x69, 0x70, 0x74, 0x6f, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6f, 0x72, 0x12, 0x25, 0x0a,
+	0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63,
+	0x61, 0x74, 0x65, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61, 0x70, 0x5f, 0x65, 0x6e, 0x74, 0x72,
+	0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6d, 0x61, 0x70, 0x45, 0x6e, 0x74, 0x72,
+	0x79, 0x12, 0x56, 0x0a, 0x26, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f,
+	0x6c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x66, 0x69, 0x65, 0x6c,
+	0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x6c, 0x69, 0x63, 0x74, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28,
+	0x08, 0x42, 0x02, 0x18, 0x01, 0x52, 0x22, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65,
+	0x64, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x4a, 0x73, 0x6f, 0x6e, 0x46, 0x69, 0x65, 0x6c, 0x64,
+	0x43, 0x6f, 0x6e, 0x66, 0x6c, 0x69, 0x63, 0x74, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13,
+	0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04,
+	0x08, 0x04, 0x10, 0x05, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07,
+	0x4a, 0x04, 0x08, 0x08, 0x10, 0x09, 0x4a, 0x04, 0x08, 0x09, 0x10, 0x0a, 0x22, 0x85, 0x09, 0x0a,
+	0x0c, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x41, 0x0a,
+	0x05, 0x63, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x23, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46,
+	0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x43, 0x54, 0x79, 0x70,
+	0x65, 0x3a, 0x06, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x52, 0x05, 0x63, 0x74, 0x79, 0x70, 0x65,
+	0x12, 0x16, 0x0a, 0x06, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08,
+	0x52, 0x06, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x64, 0x12, 0x47, 0x0a, 0x06, 0x6a, 0x73, 0x74, 0x79,
+	0x70, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64,
+	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4a, 0x53, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x09,
+	0x4a, 0x53, 0x5f, 0x4e, 0x4f, 0x52, 0x4d, 0x41, 0x4c, 0x52, 0x06, 0x6a, 0x73, 0x74, 0x79, 0x70,
+	0x65, 0x12, 0x19, 0x0a, 0x04, 0x6c, 0x61, 0x7a, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x3a,
+	0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x04, 0x6c, 0x61, 0x7a, 0x79, 0x12, 0x2e, 0x0a, 0x0f,
+	0x75, 0x6e, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x6c, 0x61, 0x7a, 0x79, 0x18,
+	0x0f, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0e, 0x75, 0x6e,
+	0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x4c, 0x61, 0x7a, 0x79, 0x12, 0x25, 0x0a, 0x0a,
+	0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08,
+	0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61,
+	0x74, 0x65, 0x64, 0x12, 0x19, 0x0a, 0x04, 0x77, 0x65, 0x61, 0x6b, 0x18, 0x0a, 0x20, 0x01, 0x28,
+	0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x04, 0x77, 0x65, 0x61, 0x6b, 0x12, 0x28,
+	0x0a, 0x0c, 0x64, 0x65, 0x62, 0x75, 0x67, 0x5f, 0x72, 0x65, 0x64, 0x61, 0x63, 0x74, 0x18, 0x10,
+	0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0b, 0x64, 0x65, 0x62,
+	0x75, 0x67, 0x52, 0x65, 0x64, 0x61, 0x63, 0x74, 0x12, 0x4b, 0x0a, 0x09, 0x72, 0x65, 0x74, 0x65,
+	0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2d, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69,
+	0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x52, 0x65, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x72, 0x65, 0x74, 0x65,
+	0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4a, 0x0a, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x18,
+	0x12, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x61, 0x72, 0x67, 0x65,
+	0x74, 0x54, 0x79, 0x70, 0x65, 0x42, 0x02, 0x18, 0x01, 0x52, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65,
+	0x74, 0x12, 0x48, 0x0a, 0x07, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x18, 0x13, 0x20, 0x03,
+	0x28, 0x0e, 0x32, 0x2e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
 	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x2e, 0x4a, 0x53, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x09, 0x4a, 0x53, 0x5f, 0x4e, 0x4f, 0x52,
-	0x4d, 0x41, 0x4c, 0x52, 0x06, 0x6a, 0x73, 0x74, 0x79, 0x70, 0x65, 0x12, 0x19, 0x0a, 0x04, 0x6c,
-	0x61, 0x7a, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65,
-	0x52, 0x04, 0x6c, 0x61, 0x7a, 0x79, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63,
-	0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73,
-	0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x19, 0x0a,
-	0x04, 0x77, 0x65, 0x61, 0x6b, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c,
-	0x73, 0x65, 0x52, 0x04, 0x77, 0x65, 0x61, 0x6b, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e,
-	0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
-	0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65,
-	0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75,
-	0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69,
-	0x6f, 0x6e, 0x22, 0x2f, 0x0a, 0x05, 0x43, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x53,
-	0x54, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x43, 0x4f, 0x52, 0x44, 0x10,
-	0x01, 0x12, 0x10, 0x0a, 0x0c, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x5f, 0x50, 0x49, 0x45, 0x43,
-	0x45, 0x10, 0x02, 0x22, 0x35, 0x0a, 0x06, 0x4a, 0x53, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0d, 0x0a,
-	0x09, 0x4a, 0x53, 0x5f, 0x4e, 0x4f, 0x52, 0x4d, 0x41, 0x4c, 0x10, 0x00, 0x12, 0x0d, 0x0a, 0x09,
-	0x4a, 0x53, 0x5f, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x0d, 0x0a, 0x09, 0x4a,
-	0x53, 0x5f, 0x4e, 0x55, 0x4d, 0x42, 0x45, 0x52, 0x10, 0x02, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10,
-	0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x22, 0x73, 0x0a, 0x0c, 0x4f,
-	0x6e, 0x65, 0x6f, 0x66, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75,
+	0x73, 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x54, 0x79,
+	0x70, 0x65, 0x52, 0x07, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75,
 	0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74,
 	0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f,
 	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69,
 	0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
 	0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f,
-	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02,
-	0x22, 0xc0, 0x01, 0x0a, 0x0b, 0x45, 0x6e, 0x75, 0x6d, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x61, 0x6c, 0x69, 0x61, 0x73, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x41, 0x6c, 0x69, 0x61,
-	0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18,
-	0x03, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65,
-	0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e,
-	0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
-	0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65,
-	0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75,
-	0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69,
-	0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08,
-	0x05, 0x10, 0x06, 0x22, 0x9e, 0x01, 0x0a, 0x10, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x2f, 0x0a, 0x05, 0x43, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0a,
+	0x0a, 0x06, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x43, 0x4f,
+	0x52, 0x44, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x5f, 0x50,
+	0x49, 0x45, 0x43, 0x45, 0x10, 0x02, 0x22, 0x35, 0x0a, 0x06, 0x4a, 0x53, 0x54, 0x79, 0x70, 0x65,
+	0x12, 0x0d, 0x0a, 0x09, 0x4a, 0x53, 0x5f, 0x4e, 0x4f, 0x52, 0x4d, 0x41, 0x4c, 0x10, 0x00, 0x12,
+	0x0d, 0x0a, 0x09, 0x4a, 0x53, 0x5f, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x0d,
+	0x0a, 0x09, 0x4a, 0x53, 0x5f, 0x4e, 0x55, 0x4d, 0x42, 0x45, 0x52, 0x10, 0x02, 0x22, 0x55, 0x0a,
+	0x0f, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e,
+	0x12, 0x15, 0x0a, 0x11, 0x52, 0x45, 0x54, 0x45, 0x4e, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e,
+	0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, 0x52, 0x45, 0x54, 0x45, 0x4e,
+	0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x52, 0x55, 0x4e, 0x54, 0x49, 0x4d, 0x45, 0x10, 0x01, 0x12, 0x14,
+	0x0a, 0x10, 0x52, 0x45, 0x54, 0x45, 0x4e, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x4f, 0x55, 0x52,
+	0x43, 0x45, 0x10, 0x02, 0x22, 0x8c, 0x02, 0x0a, 0x10, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x54,
+	0x61, 0x72, 0x67, 0x65, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x17, 0x0a, 0x13, 0x54, 0x41, 0x52,
+	0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e,
+	0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 0x54, 0x41, 0x52, 0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50,
+	0x45, 0x5f, 0x46, 0x49, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x1f, 0x0a, 0x1b, 0x54, 0x41, 0x52, 0x47,
+	0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x58, 0x54, 0x45, 0x4e, 0x53, 0x49, 0x4f,
+	0x4e, 0x5f, 0x52, 0x41, 0x4e, 0x47, 0x45, 0x10, 0x02, 0x12, 0x17, 0x0a, 0x13, 0x54, 0x41, 0x52,
+	0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45,
+	0x10, 0x03, 0x12, 0x15, 0x0a, 0x11, 0x54, 0x41, 0x52, 0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50,
+	0x45, 0x5f, 0x46, 0x49, 0x45, 0x4c, 0x44, 0x10, 0x04, 0x12, 0x15, 0x0a, 0x11, 0x54, 0x41, 0x52,
+	0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4f, 0x4e, 0x45, 0x4f, 0x46, 0x10, 0x05,
+	0x12, 0x14, 0x0a, 0x10, 0x54, 0x41, 0x52, 0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f,
+	0x45, 0x4e, 0x55, 0x4d, 0x10, 0x06, 0x12, 0x1a, 0x0a, 0x16, 0x54, 0x41, 0x52, 0x47, 0x45, 0x54,
+	0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x45, 0x4e, 0x54, 0x52, 0x59,
+	0x10, 0x07, 0x12, 0x17, 0x0a, 0x13, 0x54, 0x41, 0x52, 0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50,
+	0x45, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, 0x10, 0x08, 0x12, 0x16, 0x0a, 0x12, 0x54,
+	0x41, 0x52, 0x47, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4d, 0x45, 0x54, 0x48, 0x4f,
+	0x44, 0x10, 0x09, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04,
+	0x08, 0x04, 0x10, 0x05, 0x22, 0x73, 0x0a, 0x0c, 0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70,
+	0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65,
+	0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09,
+	0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x22, 0x98, 0x02, 0x0a, 0x0b, 0x45, 0x6e,
+	0x75, 0x6d, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x6c, 0x6c,
+	0x6f, 0x77, 0x5f, 0x61, 0x6c, 0x69, 0x61, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a,
+	0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65,
+	0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05,
+	0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65,
+	0x64, 0x12, 0x56, 0x0a, 0x26, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f,
+	0x6c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x5f, 0x6a, 0x73, 0x6f, 0x6e, 0x5f, 0x66, 0x69, 0x65, 0x6c,
+	0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x6c, 0x69, 0x63, 0x74, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28,
+	0x08, 0x42, 0x02, 0x18, 0x01, 0x52, 0x22, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65,
+	0x64, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x4a, 0x73, 0x6f, 0x6e, 0x46, 0x69, 0x65, 0x6c, 0x64,
+	0x43, 0x6f, 0x6e, 0x66, 0x6c, 0x69, 0x63, 0x74, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13,
+	0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04,
+	0x08, 0x05, 0x10, 0x06, 0x22, 0x9e, 0x01, 0x0a, 0x10, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c,
+	0x75, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70,
+	0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66,
+	0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64,
+	0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65,
+	0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72,
+	0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10,
+	0x80, 0x80, 0x80, 0x80, 0x02, 0x22, 0x9c, 0x01, 0x0a, 0x0e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
 	0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72,
-	0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61,
+	0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x21, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61,
 	0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12,
 	0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64,
 	0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24,
@@ -3385,97 +4012,95 @@ var file_google_protobuf_descriptor_proto_rawDesc = []byte{
 	0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70,
 	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65,
 	0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80,
-	0x80, 0x80, 0x80, 0x02, 0x22, 0x9c, 0x01, 0x0a, 0x0e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
-	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65,
-	0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x21, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c,
-	0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x58,
-	0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f,
-	0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e,
+	0x80, 0x80, 0x80, 0x02, 0x22, 0xe0, 0x02, 0x0a, 0x0d, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63,
+	0x61, 0x74, 0x65, 0x64, 0x18, 0x21, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73,
+	0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x71, 0x0a,
+	0x11, 0x69, 0x64, 0x65, 0x6d, 0x70, 0x6f, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x5f, 0x6c, 0x65, 0x76,
+	0x65, 0x6c, 0x18, 0x22, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f,
+	0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x49, 0x64, 0x65, 0x6d, 0x70, 0x6f, 0x74,
+	0x65, 0x6e, 0x63, 0x79, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x3a, 0x13, 0x49, 0x44, 0x45, 0x4d, 0x50,
+	0x4f, 0x54, 0x45, 0x4e, 0x43, 0x59, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x52, 0x10,
+	0x69, 0x64, 0x65, 0x6d, 0x70, 0x6f, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x65, 0x76, 0x65, 0x6c,
+	0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65,
+	0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72,
+	0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x50, 0x0a, 0x10, 0x49, 0x64,
+	0x65, 0x6d, 0x70, 0x6f, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x17,
+	0x0a, 0x13, 0x49, 0x44, 0x45, 0x4d, 0x50, 0x4f, 0x54, 0x45, 0x4e, 0x43, 0x59, 0x5f, 0x55, 0x4e,
+	0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, 0x4e, 0x4f, 0x5f, 0x53, 0x49,
+	0x44, 0x45, 0x5f, 0x45, 0x46, 0x46, 0x45, 0x43, 0x54, 0x53, 0x10, 0x01, 0x12, 0x0e, 0x0a, 0x0a,
+	0x49, 0x44, 0x45, 0x4d, 0x50, 0x4f, 0x54, 0x45, 0x4e, 0x54, 0x10, 0x02, 0x2a, 0x09, 0x08, 0xe8,
+	0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x22, 0x9a, 0x03, 0x0a, 0x13, 0x55, 0x6e, 0x69, 0x6e,
+	0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12,
+	0x41, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e,
 	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
 	0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74,
-	0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74,
-	0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80,
-	0x80, 0x80, 0x02, 0x22, 0xe0, 0x02, 0x0a, 0x0d, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61,
-	0x74, 0x65, 0x64, 0x18, 0x21, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65,
-	0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x71, 0x0a, 0x11,
-	0x69, 0x64, 0x65, 0x6d, 0x70, 0x6f, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x5f, 0x6c, 0x65, 0x76, 0x65,
-	0x6c, 0x18, 0x22, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64,
-	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x49, 0x64, 0x65, 0x6d, 0x70, 0x6f, 0x74, 0x65,
-	0x6e, 0x63, 0x79, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x3a, 0x13, 0x49, 0x44, 0x45, 0x4d, 0x50, 0x4f,
-	0x54, 0x45, 0x4e, 0x43, 0x59, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x52, 0x10, 0x69,
-	0x64, 0x65, 0x6d, 0x70, 0x6f, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12,
-	0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64,
-	0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70,
-	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65,
-	0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x50, 0x0a, 0x10, 0x49, 0x64, 0x65,
-	0x6d, 0x70, 0x6f, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x17, 0x0a,
-	0x13, 0x49, 0x44, 0x45, 0x4d, 0x50, 0x4f, 0x54, 0x45, 0x4e, 0x43, 0x59, 0x5f, 0x55, 0x4e, 0x4b,
-	0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, 0x4e, 0x4f, 0x5f, 0x53, 0x49, 0x44,
-	0x45, 0x5f, 0x45, 0x46, 0x46, 0x45, 0x43, 0x54, 0x53, 0x10, 0x01, 0x12, 0x0e, 0x0a, 0x0a, 0x49,
-	0x44, 0x45, 0x4d, 0x50, 0x4f, 0x54, 0x45, 0x4e, 0x54, 0x10, 0x02, 0x2a, 0x09, 0x08, 0xe8, 0x07,
-	0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x22, 0x9a, 0x03, 0x0a, 0x13, 0x55, 0x6e, 0x69, 0x6e, 0x74,
-	0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x41,
-	0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55,
-	0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69,
-	0x6f, 0x6e, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x50, 0x61, 0x72, 0x74, 0x52, 0x04, 0x6e, 0x61, 0x6d,
-	0x65, 0x12, 0x29, 0x0a, 0x10, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x5f,
-	0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x69, 0x64, 0x65,
-	0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x2c, 0x0a, 0x12,
-	0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x69, 0x6e, 0x74, 0x5f, 0x76, 0x61, 0x6c,
-	0x75, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x10, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69,
-	0x76, 0x65, 0x49, 0x6e, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x2c, 0x0a, 0x12, 0x6e, 0x65,
-	0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x69, 0x6e, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65,
-	0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x10, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65,
-	0x49, 0x6e, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x64, 0x6f, 0x75, 0x62,
-	0x6c, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0b,
-	0x64, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x73,
-	0x74, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28,
-	0x0c, 0x52, 0x0b, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x27,
-	0x0a, 0x0f, 0x61, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75,
-	0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x61, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61,
-	0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x1a, 0x4a, 0x0a, 0x08, 0x4e, 0x61, 0x6d, 0x65, 0x50,
-	0x61, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x70, 0x61, 0x72, 0x74,
-	0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x08, 0x6e, 0x61, 0x6d, 0x65, 0x50, 0x61, 0x72, 0x74,
-	0x12, 0x21, 0x0a, 0x0c, 0x69, 0x73, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e,
-	0x18, 0x02, 0x20, 0x02, 0x28, 0x08, 0x52, 0x0b, 0x69, 0x73, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73,
-	0x69, 0x6f, 0x6e, 0x22, 0xa7, 0x02, 0x0a, 0x0e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x6f,
-	0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x44, 0x0a, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63,
-	0x65, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x52, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0xce, 0x01, 0x0a,
-	0x08, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x04, 0x70, 0x61, 0x74,
-	0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x05, 0x42, 0x02, 0x10, 0x01, 0x52, 0x04, 0x70, 0x61, 0x74,
-	0x68, 0x12, 0x16, 0x0a, 0x04, 0x73, 0x70, 0x61, 0x6e, 0x18, 0x02, 0x20, 0x03, 0x28, 0x05, 0x42,
-	0x02, 0x10, 0x01, 0x52, 0x04, 0x73, 0x70, 0x61, 0x6e, 0x12, 0x29, 0x0a, 0x10, 0x6c, 0x65, 0x61,
-	0x64, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x03, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x0f, 0x6c, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6d, 0x6d,
-	0x65, 0x6e, 0x74, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x74, 0x72, 0x61, 0x69, 0x6c, 0x69, 0x6e, 0x67,
-	0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x10, 0x74, 0x72, 0x61, 0x69, 0x6c, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74,
-	0x73, 0x12, 0x3a, 0x0a, 0x19, 0x6c, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x64, 0x65, 0x74,
-	0x61, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x06,
-	0x20, 0x03, 0x28, 0x09, 0x52, 0x17, 0x6c, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x74,
-	0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x22, 0xd1, 0x01,
-	0x0a, 0x11, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x64, 0x65, 0x49,
-	0x6e, 0x66, 0x6f, 0x12, 0x4d, 0x0a, 0x0a, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61,
-	0x74, 0x65, 0x64, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x2e, 0x41, 0x6e, 0x6e, 0x6f,
-	0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x1a, 0x6d, 0x0a, 0x0a, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x12, 0x16, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x05, 0x42, 0x02,
-	0x10, 0x01, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x6f, 0x75, 0x72,
-	0x63, 0x65, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73,
-	0x6f, 0x75, 0x72, 0x63, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x62, 0x65, 0x67,
-	0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x62, 0x65, 0x67, 0x69, 0x6e, 0x12,
-	0x10, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65, 0x6e,
-	0x64, 0x42, 0x7e, 0x0a, 0x13, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x69, 0x6f, 0x6e, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x50, 0x61, 0x72, 0x74, 0x52, 0x04, 0x6e, 0x61,
+	0x6d, 0x65, 0x12, 0x29, 0x0a, 0x10, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72,
+	0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x69, 0x64,
+	0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x2c, 0x0a,
+	0x12, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x69, 0x6e, 0x74, 0x5f, 0x76, 0x61,
+	0x6c, 0x75, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x10, 0x70, 0x6f, 0x73, 0x69, 0x74,
+	0x69, 0x76, 0x65, 0x49, 0x6e, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x2c, 0x0a, 0x12, 0x6e,
+	0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x69, 0x6e, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x10, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76,
+	0x65, 0x49, 0x6e, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x64, 0x6f, 0x75,
+	0x62, 0x6c, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x01, 0x52,
+	0x0b, 0x64, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x21, 0x0a, 0x0c,
+	0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x07, 0x20, 0x01,
+	0x28, 0x0c, 0x52, 0x0b, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12,
+	0x27, 0x0a, 0x0f, 0x61, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x65, 0x5f, 0x76, 0x61, 0x6c,
+	0x75, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x61, 0x67, 0x67, 0x72, 0x65, 0x67,
+	0x61, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x1a, 0x4a, 0x0a, 0x08, 0x4e, 0x61, 0x6d, 0x65,
+	0x50, 0x61, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x70, 0x61, 0x72,
+	0x74, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x08, 0x6e, 0x61, 0x6d, 0x65, 0x50, 0x61, 0x72,
+	0x74, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x73, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f,
+	0x6e, 0x18, 0x02, 0x20, 0x02, 0x28, 0x08, 0x52, 0x0b, 0x69, 0x73, 0x45, 0x78, 0x74, 0x65, 0x6e,
+	0x73, 0x69, 0x6f, 0x6e, 0x22, 0xa7, 0x02, 0x0a, 0x0e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43,
+	0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x44, 0x0a, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x6f, 0x75, 0x72,
+	0x63, 0x65, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x52, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0xce, 0x01,
+	0x0a, 0x08, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x04, 0x70, 0x61,
+	0x74, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x05, 0x42, 0x02, 0x10, 0x01, 0x52, 0x04, 0x70, 0x61,
+	0x74, 0x68, 0x12, 0x16, 0x0a, 0x04, 0x73, 0x70, 0x61, 0x6e, 0x18, 0x02, 0x20, 0x03, 0x28, 0x05,
+	0x42, 0x02, 0x10, 0x01, 0x52, 0x04, 0x73, 0x70, 0x61, 0x6e, 0x12, 0x29, 0x0a, 0x10, 0x6c, 0x65,
+	0x61, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6c, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6d,
+	0x6d, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x74, 0x72, 0x61, 0x69, 0x6c, 0x69, 0x6e,
+	0x67, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x10, 0x74, 0x72, 0x61, 0x69, 0x6c, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6d, 0x6d, 0x65, 0x6e,
+	0x74, 0x73, 0x12, 0x3a, 0x0a, 0x19, 0x6c, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x64, 0x65,
+	0x74, 0x61, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18,
+	0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x17, 0x6c, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x44, 0x65,
+	0x74, 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x22, 0xd0,
+	0x02, 0x0a, 0x11, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x64, 0x65,
+	0x49, 0x6e, 0x66, 0x6f, 0x12, 0x4d, 0x0a, 0x0a, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72,
+	0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x2e, 0x41, 0x6e, 0x6e,
+	0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x1a, 0xeb, 0x01, 0x0a, 0x0a, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x05,
+	0x42, 0x02, 0x10, 0x01, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x6f,
+	0x75, 0x72, 0x63, 0x65, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x0a, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x62,
+	0x65, 0x67, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x62, 0x65, 0x67, 0x69,
+	0x6e, 0x12, 0x10, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03,
+	0x65, 0x6e, 0x64, 0x12, 0x52, 0x0a, 0x08, 0x73, 0x65, 0x6d, 0x61, 0x6e, 0x74, 0x69, 0x63, 0x18,
+	0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x36, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65,
+	0x64, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x2e, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x53, 0x65, 0x6d, 0x61, 0x6e, 0x74, 0x69, 0x63, 0x52, 0x08, 0x73,
+	0x65, 0x6d, 0x61, 0x6e, 0x74, 0x69, 0x63, 0x22, 0x28, 0x0a, 0x08, 0x53, 0x65, 0x6d, 0x61, 0x6e,
+	0x74, 0x69, 0x63, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x07, 0x0a,
+	0x03, 0x53, 0x45, 0x54, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x4c, 0x49, 0x41, 0x53, 0x10,
+	0x02, 0x42, 0x7e, 0x0a, 0x13, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
 	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x42, 0x10, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69,
 	0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x73, 0x48, 0x01, 0x5a, 0x2d, 0x67, 0x6f,
 	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f,
@@ -3498,92 +4123,103 @@ func file_google_protobuf_descriptor_proto_rawDescGZIP() []byte {
 	return file_google_protobuf_descriptor_proto_rawDescData
 }
 
-var file_google_protobuf_descriptor_proto_enumTypes = make([]protoimpl.EnumInfo, 6)
-var file_google_protobuf_descriptor_proto_msgTypes = make([]protoimpl.MessageInfo, 27)
+var file_google_protobuf_descriptor_proto_enumTypes = make([]protoimpl.EnumInfo, 10)
+var file_google_protobuf_descriptor_proto_msgTypes = make([]protoimpl.MessageInfo, 28)
 var file_google_protobuf_descriptor_proto_goTypes = []interface{}{
-	(FieldDescriptorProto_Type)(0),                // 0: google.protobuf.FieldDescriptorProto.Type
-	(FieldDescriptorProto_Label)(0),               // 1: google.protobuf.FieldDescriptorProto.Label
-	(FileOptions_OptimizeMode)(0),                 // 2: google.protobuf.FileOptions.OptimizeMode
-	(FieldOptions_CType)(0),                       // 3: google.protobuf.FieldOptions.CType
-	(FieldOptions_JSType)(0),                      // 4: google.protobuf.FieldOptions.JSType
-	(MethodOptions_IdempotencyLevel)(0),           // 5: google.protobuf.MethodOptions.IdempotencyLevel
-	(*FileDescriptorSet)(nil),                     // 6: google.protobuf.FileDescriptorSet
-	(*FileDescriptorProto)(nil),                   // 7: google.protobuf.FileDescriptorProto
-	(*DescriptorProto)(nil),                       // 8: google.protobuf.DescriptorProto
-	(*ExtensionRangeOptions)(nil),                 // 9: google.protobuf.ExtensionRangeOptions
-	(*FieldDescriptorProto)(nil),                  // 10: google.protobuf.FieldDescriptorProto
-	(*OneofDescriptorProto)(nil),                  // 11: google.protobuf.OneofDescriptorProto
-	(*EnumDescriptorProto)(nil),                   // 12: google.protobuf.EnumDescriptorProto
-	(*EnumValueDescriptorProto)(nil),              // 13: google.protobuf.EnumValueDescriptorProto
-	(*ServiceDescriptorProto)(nil),                // 14: google.protobuf.ServiceDescriptorProto
-	(*MethodDescriptorProto)(nil),                 // 15: google.protobuf.MethodDescriptorProto
-	(*FileOptions)(nil),                           // 16: google.protobuf.FileOptions
-	(*MessageOptions)(nil),                        // 17: google.protobuf.MessageOptions
-	(*FieldOptions)(nil),                          // 18: google.protobuf.FieldOptions
-	(*OneofOptions)(nil),                          // 19: google.protobuf.OneofOptions
-	(*EnumOptions)(nil),                           // 20: google.protobuf.EnumOptions
-	(*EnumValueOptions)(nil),                      // 21: google.protobuf.EnumValueOptions
-	(*ServiceOptions)(nil),                        // 22: google.protobuf.ServiceOptions
-	(*MethodOptions)(nil),                         // 23: google.protobuf.MethodOptions
-	(*UninterpretedOption)(nil),                   // 24: google.protobuf.UninterpretedOption
-	(*SourceCodeInfo)(nil),                        // 25: google.protobuf.SourceCodeInfo
-	(*GeneratedCodeInfo)(nil),                     // 26: google.protobuf.GeneratedCodeInfo
-	(*DescriptorProto_ExtensionRange)(nil),        // 27: google.protobuf.DescriptorProto.ExtensionRange
-	(*DescriptorProto_ReservedRange)(nil),         // 28: google.protobuf.DescriptorProto.ReservedRange
-	(*EnumDescriptorProto_EnumReservedRange)(nil), // 29: google.protobuf.EnumDescriptorProto.EnumReservedRange
-	(*UninterpretedOption_NamePart)(nil),          // 30: google.protobuf.UninterpretedOption.NamePart
-	(*SourceCodeInfo_Location)(nil),               // 31: google.protobuf.SourceCodeInfo.Location
-	(*GeneratedCodeInfo_Annotation)(nil),          // 32: google.protobuf.GeneratedCodeInfo.Annotation
+	(ExtensionRangeOptions_VerificationState)(0),  // 0: google.protobuf.ExtensionRangeOptions.VerificationState
+	(FieldDescriptorProto_Type)(0),                // 1: google.protobuf.FieldDescriptorProto.Type
+	(FieldDescriptorProto_Label)(0),               // 2: google.protobuf.FieldDescriptorProto.Label
+	(FileOptions_OptimizeMode)(0),                 // 3: google.protobuf.FileOptions.OptimizeMode
+	(FieldOptions_CType)(0),                       // 4: google.protobuf.FieldOptions.CType
+	(FieldOptions_JSType)(0),                      // 5: google.protobuf.FieldOptions.JSType
+	(FieldOptions_OptionRetention)(0),             // 6: google.protobuf.FieldOptions.OptionRetention
+	(FieldOptions_OptionTargetType)(0),            // 7: google.protobuf.FieldOptions.OptionTargetType
+	(MethodOptions_IdempotencyLevel)(0),           // 8: google.protobuf.MethodOptions.IdempotencyLevel
+	(GeneratedCodeInfo_Annotation_Semantic)(0),    // 9: google.protobuf.GeneratedCodeInfo.Annotation.Semantic
+	(*FileDescriptorSet)(nil),                     // 10: google.protobuf.FileDescriptorSet
+	(*FileDescriptorProto)(nil),                   // 11: google.protobuf.FileDescriptorProto
+	(*DescriptorProto)(nil),                       // 12: google.protobuf.DescriptorProto
+	(*ExtensionRangeOptions)(nil),                 // 13: google.protobuf.ExtensionRangeOptions
+	(*FieldDescriptorProto)(nil),                  // 14: google.protobuf.FieldDescriptorProto
+	(*OneofDescriptorProto)(nil),                  // 15: google.protobuf.OneofDescriptorProto
+	(*EnumDescriptorProto)(nil),                   // 16: google.protobuf.EnumDescriptorProto
+	(*EnumValueDescriptorProto)(nil),              // 17: google.protobuf.EnumValueDescriptorProto
+	(*ServiceDescriptorProto)(nil),                // 18: google.protobuf.ServiceDescriptorProto
+	(*MethodDescriptorProto)(nil),                 // 19: google.protobuf.MethodDescriptorProto
+	(*FileOptions)(nil),                           // 20: google.protobuf.FileOptions
+	(*MessageOptions)(nil),                        // 21: google.protobuf.MessageOptions
+	(*FieldOptions)(nil),                          // 22: google.protobuf.FieldOptions
+	(*OneofOptions)(nil),                          // 23: google.protobuf.OneofOptions
+	(*EnumOptions)(nil),                           // 24: google.protobuf.EnumOptions
+	(*EnumValueOptions)(nil),                      // 25: google.protobuf.EnumValueOptions
+	(*ServiceOptions)(nil),                        // 26: google.protobuf.ServiceOptions
+	(*MethodOptions)(nil),                         // 27: google.protobuf.MethodOptions
+	(*UninterpretedOption)(nil),                   // 28: google.protobuf.UninterpretedOption
+	(*SourceCodeInfo)(nil),                        // 29: google.protobuf.SourceCodeInfo
+	(*GeneratedCodeInfo)(nil),                     // 30: google.protobuf.GeneratedCodeInfo
+	(*DescriptorProto_ExtensionRange)(nil),        // 31: google.protobuf.DescriptorProto.ExtensionRange
+	(*DescriptorProto_ReservedRange)(nil),         // 32: google.protobuf.DescriptorProto.ReservedRange
+	(*ExtensionRangeOptions_Declaration)(nil),     // 33: google.protobuf.ExtensionRangeOptions.Declaration
+	(*EnumDescriptorProto_EnumReservedRange)(nil), // 34: google.protobuf.EnumDescriptorProto.EnumReservedRange
+	(*UninterpretedOption_NamePart)(nil),          // 35: google.protobuf.UninterpretedOption.NamePart
+	(*SourceCodeInfo_Location)(nil),               // 36: google.protobuf.SourceCodeInfo.Location
+	(*GeneratedCodeInfo_Annotation)(nil),          // 37: google.protobuf.GeneratedCodeInfo.Annotation
 }
 var file_google_protobuf_descriptor_proto_depIdxs = []int32{
-	7,  // 0: google.protobuf.FileDescriptorSet.file:type_name -> google.protobuf.FileDescriptorProto
-	8,  // 1: google.protobuf.FileDescriptorProto.message_type:type_name -> google.protobuf.DescriptorProto
-	12, // 2: google.protobuf.FileDescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto
-	14, // 3: google.protobuf.FileDescriptorProto.service:type_name -> google.protobuf.ServiceDescriptorProto
-	10, // 4: google.protobuf.FileDescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto
-	16, // 5: google.protobuf.FileDescriptorProto.options:type_name -> google.protobuf.FileOptions
-	25, // 6: google.protobuf.FileDescriptorProto.source_code_info:type_name -> google.protobuf.SourceCodeInfo
-	10, // 7: google.protobuf.DescriptorProto.field:type_name -> google.protobuf.FieldDescriptorProto
-	10, // 8: google.protobuf.DescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto
-	8,  // 9: google.protobuf.DescriptorProto.nested_type:type_name -> google.protobuf.DescriptorProto
-	12, // 10: google.protobuf.DescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto
-	27, // 11: google.protobuf.DescriptorProto.extension_range:type_name -> google.protobuf.DescriptorProto.ExtensionRange
-	11, // 12: google.protobuf.DescriptorProto.oneof_decl:type_name -> google.protobuf.OneofDescriptorProto
-	17, // 13: google.protobuf.DescriptorProto.options:type_name -> google.protobuf.MessageOptions
-	28, // 14: google.protobuf.DescriptorProto.reserved_range:type_name -> google.protobuf.DescriptorProto.ReservedRange
-	24, // 15: google.protobuf.ExtensionRangeOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	1,  // 16: google.protobuf.FieldDescriptorProto.label:type_name -> google.protobuf.FieldDescriptorProto.Label
-	0,  // 17: google.protobuf.FieldDescriptorProto.type:type_name -> google.protobuf.FieldDescriptorProto.Type
-	18, // 18: google.protobuf.FieldDescriptorProto.options:type_name -> google.protobuf.FieldOptions
-	19, // 19: google.protobuf.OneofDescriptorProto.options:type_name -> google.protobuf.OneofOptions
-	13, // 20: google.protobuf.EnumDescriptorProto.value:type_name -> google.protobuf.EnumValueDescriptorProto
-	20, // 21: google.protobuf.EnumDescriptorProto.options:type_name -> google.protobuf.EnumOptions
-	29, // 22: google.protobuf.EnumDescriptorProto.reserved_range:type_name -> google.protobuf.EnumDescriptorProto.EnumReservedRange
-	21, // 23: google.protobuf.EnumValueDescriptorProto.options:type_name -> google.protobuf.EnumValueOptions
-	15, // 24: google.protobuf.ServiceDescriptorProto.method:type_name -> google.protobuf.MethodDescriptorProto
-	22, // 25: google.protobuf.ServiceDescriptorProto.options:type_name -> google.protobuf.ServiceOptions
-	23, // 26: google.protobuf.MethodDescriptorProto.options:type_name -> google.protobuf.MethodOptions
-	2,  // 27: google.protobuf.FileOptions.optimize_for:type_name -> google.protobuf.FileOptions.OptimizeMode
-	24, // 28: google.protobuf.FileOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	24, // 29: google.protobuf.MessageOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	3,  // 30: google.protobuf.FieldOptions.ctype:type_name -> google.protobuf.FieldOptions.CType
-	4,  // 31: google.protobuf.FieldOptions.jstype:type_name -> google.protobuf.FieldOptions.JSType
-	24, // 32: google.protobuf.FieldOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	24, // 33: google.protobuf.OneofOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	24, // 34: google.protobuf.EnumOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	24, // 35: google.protobuf.EnumValueOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	24, // 36: google.protobuf.ServiceOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	5,  // 37: google.protobuf.MethodOptions.idempotency_level:type_name -> google.protobuf.MethodOptions.IdempotencyLevel
-	24, // 38: google.protobuf.MethodOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
-	30, // 39: google.protobuf.UninterpretedOption.name:type_name -> google.protobuf.UninterpretedOption.NamePart
-	31, // 40: google.protobuf.SourceCodeInfo.location:type_name -> google.protobuf.SourceCodeInfo.Location
-	32, // 41: google.protobuf.GeneratedCodeInfo.annotation:type_name -> google.protobuf.GeneratedCodeInfo.Annotation
-	9,  // 42: google.protobuf.DescriptorProto.ExtensionRange.options:type_name -> google.protobuf.ExtensionRangeOptions
-	43, // [43:43] is the sub-list for method output_type
-	43, // [43:43] is the sub-list for method input_type
-	43, // [43:43] is the sub-list for extension type_name
-	43, // [43:43] is the sub-list for extension extendee
-	0,  // [0:43] is the sub-list for field type_name
+	11, // 0: google.protobuf.FileDescriptorSet.file:type_name -> google.protobuf.FileDescriptorProto
+	12, // 1: google.protobuf.FileDescriptorProto.message_type:type_name -> google.protobuf.DescriptorProto
+	16, // 2: google.protobuf.FileDescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto
+	18, // 3: google.protobuf.FileDescriptorProto.service:type_name -> google.protobuf.ServiceDescriptorProto
+	14, // 4: google.protobuf.FileDescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto
+	20, // 5: google.protobuf.FileDescriptorProto.options:type_name -> google.protobuf.FileOptions
+	29, // 6: google.protobuf.FileDescriptorProto.source_code_info:type_name -> google.protobuf.SourceCodeInfo
+	14, // 7: google.protobuf.DescriptorProto.field:type_name -> google.protobuf.FieldDescriptorProto
+	14, // 8: google.protobuf.DescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto
+	12, // 9: google.protobuf.DescriptorProto.nested_type:type_name -> google.protobuf.DescriptorProto
+	16, // 10: google.protobuf.DescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto
+	31, // 11: google.protobuf.DescriptorProto.extension_range:type_name -> google.protobuf.DescriptorProto.ExtensionRange
+	15, // 12: google.protobuf.DescriptorProto.oneof_decl:type_name -> google.protobuf.OneofDescriptorProto
+	21, // 13: google.protobuf.DescriptorProto.options:type_name -> google.protobuf.MessageOptions
+	32, // 14: google.protobuf.DescriptorProto.reserved_range:type_name -> google.protobuf.DescriptorProto.ReservedRange
+	28, // 15: google.protobuf.ExtensionRangeOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	33, // 16: google.protobuf.ExtensionRangeOptions.declaration:type_name -> google.protobuf.ExtensionRangeOptions.Declaration
+	0,  // 17: google.protobuf.ExtensionRangeOptions.verification:type_name -> google.protobuf.ExtensionRangeOptions.VerificationState
+	2,  // 18: google.protobuf.FieldDescriptorProto.label:type_name -> google.protobuf.FieldDescriptorProto.Label
+	1,  // 19: google.protobuf.FieldDescriptorProto.type:type_name -> google.protobuf.FieldDescriptorProto.Type
+	22, // 20: google.protobuf.FieldDescriptorProto.options:type_name -> google.protobuf.FieldOptions
+	23, // 21: google.protobuf.OneofDescriptorProto.options:type_name -> google.protobuf.OneofOptions
+	17, // 22: google.protobuf.EnumDescriptorProto.value:type_name -> google.protobuf.EnumValueDescriptorProto
+	24, // 23: google.protobuf.EnumDescriptorProto.options:type_name -> google.protobuf.EnumOptions
+	34, // 24: google.protobuf.EnumDescriptorProto.reserved_range:type_name -> google.protobuf.EnumDescriptorProto.EnumReservedRange
+	25, // 25: google.protobuf.EnumValueDescriptorProto.options:type_name -> google.protobuf.EnumValueOptions
+	19, // 26: google.protobuf.ServiceDescriptorProto.method:type_name -> google.protobuf.MethodDescriptorProto
+	26, // 27: google.protobuf.ServiceDescriptorProto.options:type_name -> google.protobuf.ServiceOptions
+	27, // 28: google.protobuf.MethodDescriptorProto.options:type_name -> google.protobuf.MethodOptions
+	3,  // 29: google.protobuf.FileOptions.optimize_for:type_name -> google.protobuf.FileOptions.OptimizeMode
+	28, // 30: google.protobuf.FileOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	28, // 31: google.protobuf.MessageOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	4,  // 32: google.protobuf.FieldOptions.ctype:type_name -> google.protobuf.FieldOptions.CType
+	5,  // 33: google.protobuf.FieldOptions.jstype:type_name -> google.protobuf.FieldOptions.JSType
+	6,  // 34: google.protobuf.FieldOptions.retention:type_name -> google.protobuf.FieldOptions.OptionRetention
+	7,  // 35: google.protobuf.FieldOptions.target:type_name -> google.protobuf.FieldOptions.OptionTargetType
+	7,  // 36: google.protobuf.FieldOptions.targets:type_name -> google.protobuf.FieldOptions.OptionTargetType
+	28, // 37: google.protobuf.FieldOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	28, // 38: google.protobuf.OneofOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	28, // 39: google.protobuf.EnumOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	28, // 40: google.protobuf.EnumValueOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	28, // 41: google.protobuf.ServiceOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	8,  // 42: google.protobuf.MethodOptions.idempotency_level:type_name -> google.protobuf.MethodOptions.IdempotencyLevel
+	28, // 43: google.protobuf.MethodOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	35, // 44: google.protobuf.UninterpretedOption.name:type_name -> google.protobuf.UninterpretedOption.NamePart
+	36, // 45: google.protobuf.SourceCodeInfo.location:type_name -> google.protobuf.SourceCodeInfo.Location
+	37, // 46: google.protobuf.GeneratedCodeInfo.annotation:type_name -> google.protobuf.GeneratedCodeInfo.Annotation
+	13, // 47: google.protobuf.DescriptorProto.ExtensionRange.options:type_name -> google.protobuf.ExtensionRangeOptions
+	9,  // 48: google.protobuf.GeneratedCodeInfo.Annotation.semantic:type_name -> google.protobuf.GeneratedCodeInfo.Annotation.Semantic
+	49, // [49:49] is the sub-list for method output_type
+	49, // [49:49] is the sub-list for method input_type
+	49, // [49:49] is the sub-list for extension type_name
+	49, // [49:49] is the sub-list for extension extendee
+	0,  // [0:49] is the sub-list for field type_name
 }
 
 func init() { file_google_protobuf_descriptor_proto_init() }
@@ -3887,7 +4523,7 @@ func file_google_protobuf_descriptor_proto_init() {
 			}
 		}
 		file_google_protobuf_descriptor_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*EnumDescriptorProto_EnumReservedRange); i {
+			switch v := v.(*ExtensionRangeOptions_Declaration); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3899,7 +4535,7 @@ func file_google_protobuf_descriptor_proto_init() {
 			}
 		}
 		file_google_protobuf_descriptor_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*UninterpretedOption_NamePart); i {
+			switch v := v.(*EnumDescriptorProto_EnumReservedRange); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3911,7 +4547,7 @@ func file_google_protobuf_descriptor_proto_init() {
 			}
 		}
 		file_google_protobuf_descriptor_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SourceCodeInfo_Location); i {
+			switch v := v.(*UninterpretedOption_NamePart); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3923,6 +4559,18 @@ func file_google_protobuf_descriptor_proto_init() {
 			}
 		}
 		file_google_protobuf_descriptor_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SourceCodeInfo_Location); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[27].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*GeneratedCodeInfo_Annotation); i {
 			case 0:
 				return &v.state
@@ -3940,8 +4588,8 @@ func file_google_protobuf_descriptor_proto_init() {
 		File: protoimpl.DescBuilder{
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_google_protobuf_descriptor_proto_rawDesc,
-			NumEnums:      6,
-			NumMessages:   27,
+			NumEnums:      10,
+			NumMessages:   28,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
diff --git a/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go b/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go
index 8c10797b9..580b232f4 100644
--- a/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go
+++ b/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go
@@ -37,8 +37,7 @@
 // It is functionally a tuple of the full name of the remote message type and
 // the serialized bytes of the remote message value.
 //
-//
-// Constructing an Any
+// # Constructing an Any
 //
 // An Any message containing another message value is constructed using New:
 //
@@ -48,8 +47,7 @@
 //	}
 //	... // make use of any
 //
-//
-// Unmarshaling an Any
+// # Unmarshaling an Any
 //
 // With a populated Any message, the underlying message can be serialized into
 // a remote concrete message value in a few ways.
@@ -95,8 +93,7 @@
 // listed in the case clauses are linked into the Go binary and therefore also
 // registered in the global registry.
 //
-//
-// Type checking an Any
+// # Type checking an Any
 //
 // In order to type check whether an Any message represents some other message,
 // then use the MessageIs method:
@@ -115,7 +112,6 @@
 //		}
 //		... // make use of m
 //	}
-//
 package anypb
 
 import (
@@ -136,45 +132,49 @@ import (
 //
 // Example 1: Pack and unpack a message in C++.
 //
-//     Foo foo = ...;
-//     Any any;
-//     any.PackFrom(foo);
-//     ...
-//     if (any.UnpackTo(&foo)) {
-//       ...
-//     }
+//	Foo foo = ...;
+//	Any any;
+//	any.PackFrom(foo);
+//	...
+//	if (any.UnpackTo(&foo)) {
+//	  ...
+//	}
 //
 // Example 2: Pack and unpack a message in Java.
 //
-//     Foo foo = ...;
-//     Any any = Any.pack(foo);
-//     ...
-//     if (any.is(Foo.class)) {
-//       foo = any.unpack(Foo.class);
-//     }
-//
-//  Example 3: Pack and unpack a message in Python.
-//
-//     foo = Foo(...)
-//     any = Any()
-//     any.Pack(foo)
-//     ...
-//     if any.Is(Foo.DESCRIPTOR):
-//       any.Unpack(foo)
-//       ...
-//
-//  Example 4: Pack and unpack a message in Go
-//
-//      foo := &pb.Foo{...}
-//      any, err := anypb.New(foo)
-//      if err != nil {
-//        ...
-//      }
-//      ...
-//      foo := &pb.Foo{}
-//      if err := any.UnmarshalTo(foo); err != nil {
-//        ...
-//      }
+//	   Foo foo = ...;
+//	   Any any = Any.pack(foo);
+//	   ...
+//	   if (any.is(Foo.class)) {
+//	     foo = any.unpack(Foo.class);
+//	   }
+//	   // or ...
+//	   if (any.isSameTypeAs(Foo.getDefaultInstance())) {
+//	     foo = any.unpack(Foo.getDefaultInstance());
+//	   }
+//
+//	Example 3: Pack and unpack a message in Python.
+//
+//	   foo = Foo(...)
+//	   any = Any()
+//	   any.Pack(foo)
+//	   ...
+//	   if any.Is(Foo.DESCRIPTOR):
+//	     any.Unpack(foo)
+//	     ...
+//
+//	Example 4: Pack and unpack a message in Go
+//
+//	    foo := &pb.Foo{...}
+//	    any, err := anypb.New(foo)
+//	    if err != nil {
+//	      ...
+//	    }
+//	    ...
+//	    foo := &pb.Foo{}
+//	    if err := any.UnmarshalTo(foo); err != nil {
+//	      ...
+//	    }
 //
 // The pack methods provided by protobuf library will by default use
 // 'type.googleapis.com/full.type.name' as the type URL and the unpack
@@ -182,35 +182,33 @@ import (
 // in the type URL, for example "foo.bar.com/x/y.z" will yield type
 // name "y.z".
 //
-//
 // JSON
 // ====
 // The JSON representation of an `Any` value uses the regular
 // representation of the deserialized, embedded message, with an
 // additional field `@type` which contains the type URL. Example:
 //
-//     package google.profile;
-//     message Person {
-//       string first_name = 1;
-//       string last_name = 2;
-//     }
+//	package google.profile;
+//	message Person {
+//	  string first_name = 1;
+//	  string last_name = 2;
+//	}
 //
-//     {
-//       "@type": "type.googleapis.com/google.profile.Person",
-//       "firstName": <string>,
-//       "lastName": <string>
-//     }
+//	{
+//	  "@type": "type.googleapis.com/google.profile.Person",
+//	  "firstName": <string>,
+//	  "lastName": <string>
+//	}
 //
 // If the embedded message type is well-known and has a custom JSON
 // representation, that representation will be embedded adding a field
 // `value` which holds the custom JSON in addition to the `@type`
 // field. Example (for message [google.protobuf.Duration][]):
 //
-//     {
-//       "@type": "type.googleapis.com/google.protobuf.Duration",
-//       "value": "1.212s"
-//     }
-//
+//	{
+//	  "@type": "type.googleapis.com/google.protobuf.Duration",
+//	  "value": "1.212s"
+//	}
 type Any struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -228,14 +226,14 @@ type Any struct {
 	// scheme `http`, `https`, or no scheme, one can optionally set up a type
 	// server that maps type URLs to message definitions as follows:
 	//
-	// * If no scheme is provided, `https` is assumed.
-	// * An HTTP GET on the URL must yield a [google.protobuf.Type][]
-	//   value in binary format, or produce an error.
-	// * Applications are allowed to cache lookup results based on the
-	//   URL, or have them precompiled into a binary to avoid any
-	//   lookup. Therefore, binary compatibility needs to be preserved
-	//   on changes to types. (Use versioned type names to manage
-	//   breaking changes.)
+	//   - If no scheme is provided, `https` is assumed.
+	//   - An HTTP GET on the URL must yield a [google.protobuf.Type][]
+	//     value in binary format, or produce an error.
+	//   - Applications are allowed to cache lookup results based on the
+	//     URL, or have them precompiled into a binary to avoid any
+	//     lookup. Therefore, binary compatibility needs to be preserved
+	//     on changes to types. (Use versioned type names to manage
+	//     breaking changes.)
 	//
 	// Note: this functionality is not currently available in the official
 	// protobuf release, and it is not used for type URLs beginning with
@@ -243,7 +241,6 @@ type Any struct {
 	//
 	// Schemes other than `http`, `https` (or the empty scheme) might be
 	// used with implementation specific semantics.
-	//
 	TypeUrl string `protobuf:"bytes,1,opt,name=type_url,json=typeUrl,proto3" json:"type_url,omitempty"`
 	// Must be a valid serialized protocol buffer of the above specified type.
 	Value []byte `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
diff --git a/vendor/google.golang.org/protobuf/types/known/durationpb/duration.pb.go b/vendor/google.golang.org/protobuf/types/known/durationpb/duration.pb.go
index a583ca2f6..df709a8dd 100644
--- a/vendor/google.golang.org/protobuf/types/known/durationpb/duration.pb.go
+++ b/vendor/google.golang.org/protobuf/types/known/durationpb/duration.pb.go
@@ -35,8 +35,7 @@
 //
 // The Duration message represents a signed span of time.
 //
-//
-// Conversion to a Go Duration
+// # Conversion to a Go Duration
 //
 // The AsDuration method can be used to convert a Duration message to a
 // standard Go time.Duration value:
@@ -65,15 +64,13 @@
 // the resulting value to the closest representable value (e.g., math.MaxInt64
 // for positive overflow and math.MinInt64 for negative overflow).
 //
-//
-// Conversion from a Go Duration
+// # Conversion from a Go Duration
 //
 // The durationpb.New function can be used to construct a Duration message
 // from a standard Go time.Duration value:
 //
 //	dur := durationpb.New(d)
 //	... // make use of d as a *durationpb.Duration
-//
 package durationpb
 
 import (
@@ -96,43 +93,43 @@ import (
 //
 // Example 1: Compute Duration from two Timestamps in pseudo code.
 //
-//     Timestamp start = ...;
-//     Timestamp end = ...;
-//     Duration duration = ...;
+//	Timestamp start = ...;
+//	Timestamp end = ...;
+//	Duration duration = ...;
 //
-//     duration.seconds = end.seconds - start.seconds;
-//     duration.nanos = end.nanos - start.nanos;
+//	duration.seconds = end.seconds - start.seconds;
+//	duration.nanos = end.nanos - start.nanos;
 //
-//     if (duration.seconds < 0 && duration.nanos > 0) {
-//       duration.seconds += 1;
-//       duration.nanos -= 1000000000;
-//     } else if (duration.seconds > 0 && duration.nanos < 0) {
-//       duration.seconds -= 1;
-//       duration.nanos += 1000000000;
-//     }
+//	if (duration.seconds < 0 && duration.nanos > 0) {
+//	  duration.seconds += 1;
+//	  duration.nanos -= 1000000000;
+//	} else if (duration.seconds > 0 && duration.nanos < 0) {
+//	  duration.seconds -= 1;
+//	  duration.nanos += 1000000000;
+//	}
 //
 // Example 2: Compute Timestamp from Timestamp + Duration in pseudo code.
 //
-//     Timestamp start = ...;
-//     Duration duration = ...;
-//     Timestamp end = ...;
+//	Timestamp start = ...;
+//	Duration duration = ...;
+//	Timestamp end = ...;
 //
-//     end.seconds = start.seconds + duration.seconds;
-//     end.nanos = start.nanos + duration.nanos;
+//	end.seconds = start.seconds + duration.seconds;
+//	end.nanos = start.nanos + duration.nanos;
 //
-//     if (end.nanos < 0) {
-//       end.seconds -= 1;
-//       end.nanos += 1000000000;
-//     } else if (end.nanos >= 1000000000) {
-//       end.seconds += 1;
-//       end.nanos -= 1000000000;
-//     }
+//	if (end.nanos < 0) {
+//	  end.seconds -= 1;
+//	  end.nanos += 1000000000;
+//	} else if (end.nanos >= 1000000000) {
+//	  end.seconds += 1;
+//	  end.nanos -= 1000000000;
+//	}
 //
 // Example 3: Compute Duration from datetime.timedelta in Python.
 //
-//     td = datetime.timedelta(days=3, minutes=10)
-//     duration = Duration()
-//     duration.FromTimedelta(td)
+//	td = datetime.timedelta(days=3, minutes=10)
+//	duration = Duration()
+//	duration.FromTimedelta(td)
 //
 // # JSON Mapping
 //
@@ -143,8 +140,6 @@ import (
 // encoded in JSON format as "3s", while 3 seconds and 1 nanosecond should
 // be expressed in JSON format as "3.000000001s", and 3 seconds and 1
 // microsecond should be expressed in JSON format as "3.000001s".
-//
-//
 type Duration struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
diff --git a/vendor/google.golang.org/protobuf/types/known/fieldmaskpb/field_mask.pb.go b/vendor/google.golang.org/protobuf/types/known/fieldmaskpb/field_mask.pb.go
index 1b2085d46..e8789cb33 100644
--- a/vendor/google.golang.org/protobuf/types/known/fieldmaskpb/field_mask.pb.go
+++ b/vendor/google.golang.org/protobuf/types/known/fieldmaskpb/field_mask.pb.go
@@ -37,8 +37,7 @@
 // The paths are specific to some target message type,
 // which is not stored within the FieldMask message itself.
 //
-//
-// Constructing a FieldMask
+// # Constructing a FieldMask
 //
 // The New function is used construct a FieldMask:
 //
@@ -61,8 +60,7 @@
 //		... // handle error
 //	}
 //
-//
-// Type checking a FieldMask
+// # Type checking a FieldMask
 //
 // In order to verify that a FieldMask represents a set of fields that are
 // reachable from some target message type, use the IsValid method:
@@ -89,8 +87,8 @@ import (
 
 // `FieldMask` represents a set of symbolic field paths, for example:
 //
-//     paths: "f.a"
-//     paths: "f.b.d"
+//	paths: "f.a"
+//	paths: "f.b.d"
 //
 // Here `f` represents a field in some root message, `a` and `b`
 // fields in the message found in `f`, and `d` a field found in the
@@ -107,27 +105,26 @@ import (
 // specified in the mask. For example, if the mask in the previous
 // example is applied to a response message as follows:
 //
-//     f {
-//       a : 22
-//       b {
-//         d : 1
-//         x : 2
-//       }
-//       y : 13
-//     }
-//     z: 8
+//	f {
+//	  a : 22
+//	  b {
+//	    d : 1
+//	    x : 2
+//	  }
+//	  y : 13
+//	}
+//	z: 8
 //
 // The result will not contain specific values for fields x,y and z
 // (their value will be set to the default, and omitted in proto text
 // output):
 //
-//
-//     f {
-//       a : 22
-//       b {
-//         d : 1
-//       }
-//     }
+//	f {
+//	  a : 22
+//	  b {
+//	    d : 1
+//	  }
+//	}
 //
 // A repeated field is not allowed except at the last position of a
 // paths string.
@@ -165,36 +162,36 @@ import (
 //
 // For example, given the target message:
 //
-//     f {
-//       b {
-//         d: 1
-//         x: 2
-//       }
-//       c: [1]
-//     }
+//	f {
+//	  b {
+//	    d: 1
+//	    x: 2
+//	  }
+//	  c: [1]
+//	}
 //
 // And an update message:
 //
-//     f {
-//       b {
-//         d: 10
-//       }
-//       c: [2]
-//     }
+//	f {
+//	  b {
+//	    d: 10
+//	  }
+//	  c: [2]
+//	}
 //
 // then if the field mask is:
 //
-//  paths: ["f.b", "f.c"]
+//	paths: ["f.b", "f.c"]
 //
 // then the result will be:
 //
-//     f {
-//       b {
-//         d: 10
-//         x: 2
-//       }
-//       c: [1, 2]
-//     }
+//	f {
+//	  b {
+//	    d: 10
+//	    x: 2
+//	  }
+//	  c: [1, 2]
+//	}
 //
 // An implementation may provide options to override this default behavior for
 // repeated and message fields.
@@ -232,51 +229,51 @@ import (
 //
 // As an example, consider the following message declarations:
 //
-//     message Profile {
-//       User user = 1;
-//       Photo photo = 2;
-//     }
-//     message User {
-//       string display_name = 1;
-//       string address = 2;
-//     }
+//	message Profile {
+//	  User user = 1;
+//	  Photo photo = 2;
+//	}
+//	message User {
+//	  string display_name = 1;
+//	  string address = 2;
+//	}
 //
 // In proto a field mask for `Profile` may look as such:
 //
-//     mask {
-//       paths: "user.display_name"
-//       paths: "photo"
-//     }
+//	mask {
+//	  paths: "user.display_name"
+//	  paths: "photo"
+//	}
 //
 // In JSON, the same mask is represented as below:
 //
-//     {
-//       mask: "user.displayName,photo"
-//     }
+//	{
+//	  mask: "user.displayName,photo"
+//	}
 //
 // # Field Masks and Oneof Fields
 //
 // Field masks treat fields in oneofs just as regular fields. Consider the
 // following message:
 //
-//     message SampleMessage {
-//       oneof test_oneof {
-//         string name = 4;
-//         SubMessage sub_message = 9;
-//       }
-//     }
+//	message SampleMessage {
+//	  oneof test_oneof {
+//	    string name = 4;
+//	    SubMessage sub_message = 9;
+//	  }
+//	}
 //
 // The field mask can be:
 //
-//     mask {
-//       paths: "name"
-//     }
+//	mask {
+//	  paths: "name"
+//	}
 //
 // Or:
 //
-//     mask {
-//       paths: "sub_message"
-//     }
+//	mask {
+//	  paths: "sub_message"
+//	}
 //
 // Note that oneof type names ("test_oneof" in this case) cannot be used in
 // paths.
diff --git a/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go b/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go
index c9ae92132..81511a336 100644
--- a/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go
+++ b/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go
@@ -36,8 +36,7 @@
 // The Timestamp message represents a timestamp,
 // an instant in time since the Unix epoch (January 1st, 1970).
 //
-//
-// Conversion to a Go Time
+// # Conversion to a Go Time
 //
 // The AsTime method can be used to convert a Timestamp message to a
 // standard Go time.Time value in UTC:
@@ -59,8 +58,7 @@
 //		... // handle error
 //	}
 //
-//
-// Conversion from a Go Time
+// # Conversion from a Go Time
 //
 // The timestamppb.New function can be used to construct a Timestamp message
 // from a standard Go time.Time value:
@@ -72,7 +70,6 @@
 //
 //	ts := timestamppb.Now()
 //	... // make use of ts as a *timestamppb.Timestamp
-//
 package timestamppb
 
 import (
@@ -101,52 +98,50 @@ import (
 //
 // Example 1: Compute Timestamp from POSIX `time()`.
 //
-//     Timestamp timestamp;
-//     timestamp.set_seconds(time(NULL));
-//     timestamp.set_nanos(0);
+//	Timestamp timestamp;
+//	timestamp.set_seconds(time(NULL));
+//	timestamp.set_nanos(0);
 //
 // Example 2: Compute Timestamp from POSIX `gettimeofday()`.
 //
-//     struct timeval tv;
-//     gettimeofday(&tv, NULL);
+//	struct timeval tv;
+//	gettimeofday(&tv, NULL);
 //
-//     Timestamp timestamp;
-//     timestamp.set_seconds(tv.tv_sec);
-//     timestamp.set_nanos(tv.tv_usec * 1000);
+//	Timestamp timestamp;
+//	timestamp.set_seconds(tv.tv_sec);
+//	timestamp.set_nanos(tv.tv_usec * 1000);
 //
 // Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`.
 //
-//     FILETIME ft;
-//     GetSystemTimeAsFileTime(&ft);
-//     UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime;
+//	FILETIME ft;
+//	GetSystemTimeAsFileTime(&ft);
+//	UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime;
 //
-//     // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z
-//     // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z.
-//     Timestamp timestamp;
-//     timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL));
-//     timestamp.set_nanos((INT32) ((ticks % 10000000) * 100));
+//	// A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z
+//	// is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z.
+//	Timestamp timestamp;
+//	timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL));
+//	timestamp.set_nanos((INT32) ((ticks % 10000000) * 100));
 //
 // Example 4: Compute Timestamp from Java `System.currentTimeMillis()`.
 //
-//     long millis = System.currentTimeMillis();
-//
-//     Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000)
-//         .setNanos((int) ((millis % 1000) * 1000000)).build();
+//	long millis = System.currentTimeMillis();
 //
+//	Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000)
+//	    .setNanos((int) ((millis % 1000) * 1000000)).build();
 //
 // Example 5: Compute Timestamp from Java `Instant.now()`.
 //
-//     Instant now = Instant.now();
-//
-//     Timestamp timestamp =
-//         Timestamp.newBuilder().setSeconds(now.getEpochSecond())
-//             .setNanos(now.getNano()).build();
+//	Instant now = Instant.now();
 //
+//	Timestamp timestamp =
+//	    Timestamp.newBuilder().setSeconds(now.getEpochSecond())
+//	        .setNanos(now.getNano()).build();
 //
 // Example 6: Compute Timestamp from current time in Python.
 //
-//     timestamp = Timestamp()
-//     timestamp.GetCurrentTime()
+//	timestamp = Timestamp()
+//	timestamp.GetCurrentTime()
 //
 // # JSON Mapping
 //
@@ -172,10 +167,8 @@ import (
 // [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with
 // the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use
 // the Joda Time's [`ISODateTimeFormat.dateTime()`](
-// http://www.joda.org/joda-time/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime%2D%2D
+// http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime()
 // ) to obtain a formatter capable of generating timestamps in this format.
-//
-//
 type Timestamp struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
diff --git a/vendor/google.golang.org/protobuf/types/known/wrapperspb/wrappers.pb.go b/vendor/google.golang.org/protobuf/types/known/wrapperspb/wrappers.pb.go
index 895a8049e..762a87130 100644
--- a/vendor/google.golang.org/protobuf/types/known/wrapperspb/wrappers.pb.go
+++ b/vendor/google.golang.org/protobuf/types/known/wrapperspb/wrappers.pb.go
@@ -27,7 +27,7 @@
 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
+//
 // Wrappers for primitive (non-message) types. These types are useful
 // for embedding primitives in the `google.protobuf.Any` type and for places
 // where we need to distinguish between the absence of a primitive
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 09fb035cf..cf2ae623b 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1,14 +1,14 @@
-# cloud.google.com/go/compute v1.18.0
+# cloud.google.com/go/compute v1.20.1
 ## explicit; go 1.19
 cloud.google.com/go/compute/internal
 # cloud.google.com/go/compute/metadata v0.2.3
 ## explicit; go 1.19
 cloud.google.com/go/compute/metadata
-# cloud.google.com/go/iam v0.11.0
+# cloud.google.com/go/iam v1.1.0
 ## explicit; go 1.19
 cloud.google.com/go/iam
 cloud.google.com/go/iam/apiv1/iampb
-# cloud.google.com/go/kms v1.6.0
+# cloud.google.com/go/kms v1.12.1
 ## explicit; go 1.19
 cloud.google.com/go/kms/apiv1
 cloud.google.com/go/kms/apiv1/kmspb
@@ -68,7 +68,7 @@ github.com/gogo/protobuf/sortkeys
 # github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
 ## explicit
 github.com/golang/groupcache/lru
-# github.com/golang/protobuf v1.5.2
+# github.com/golang/protobuf v1.5.3
 ## explicit; go 1.9
 github.com/golang/protobuf/jsonpb
 github.com/golang/protobuf/proto
@@ -96,18 +96,41 @@ github.com/google/go-cmp/cmp/internal/value
 ## explicit; go 1.12
 github.com/google/gofuzz
 github.com/google/gofuzz/bytesource
+# github.com/google/s2a-go v0.1.4
+## explicit; go 1.16
+github.com/google/s2a-go
+github.com/google/s2a-go/fallback
+github.com/google/s2a-go/internal/authinfo
+github.com/google/s2a-go/internal/handshaker
+github.com/google/s2a-go/internal/handshaker/service
+github.com/google/s2a-go/internal/proto/common_go_proto
+github.com/google/s2a-go/internal/proto/s2a_context_go_proto
+github.com/google/s2a-go/internal/proto/s2a_go_proto
+github.com/google/s2a-go/internal/proto/v2/common_go_proto
+github.com/google/s2a-go/internal/proto/v2/s2a_context_go_proto
+github.com/google/s2a-go/internal/proto/v2/s2a_go_proto
+github.com/google/s2a-go/internal/record
+github.com/google/s2a-go/internal/record/internal/aeadcrypter
+github.com/google/s2a-go/internal/record/internal/halfconn
+github.com/google/s2a-go/internal/tokenmanager
+github.com/google/s2a-go/internal/v2
+github.com/google/s2a-go/internal/v2/certverifier
+github.com/google/s2a-go/internal/v2/remotesigner
+github.com/google/s2a-go/internal/v2/tlsconfigstore
+github.com/google/s2a-go/stream
 # github.com/google/uuid v1.3.0
 ## explicit
 github.com/google/uuid
-# github.com/googleapis/enterprise-certificate-proxy v0.2.3
+# github.com/googleapis/enterprise-certificate-proxy v0.2.5
 ## explicit; go 1.19
 github.com/googleapis/enterprise-certificate-proxy/client
 github.com/googleapis/enterprise-certificate-proxy/client/util
-# github.com/googleapis/gax-go/v2 v2.7.0
+# github.com/googleapis/gax-go/v2 v2.12.0
 ## explicit; go 1.19
 github.com/googleapis/gax-go/v2
 github.com/googleapis/gax-go/v2/apierror
 github.com/googleapis/gax-go/v2/apierror/internal/proto
+github.com/googleapis/gax-go/v2/callctx
 github.com/googleapis/gax-go/v2/internal
 # github.com/hashicorp/errwrap v1.0.0
 ## explicit
@@ -263,6 +286,15 @@ go.opencensus.io/trace/tracestate
 # go4.org v0.0.0-20201209231011-d4a079459e60
 ## explicit; go 1.13
 go4.org/bytereplacer
+# golang.org/x/crypto v0.14.0
+## explicit; go 1.17
+golang.org/x/crypto/chacha20
+golang.org/x/crypto/chacha20poly1305
+golang.org/x/crypto/cryptobyte
+golang.org/x/crypto/cryptobyte/asn1
+golang.org/x/crypto/hkdf
+golang.org/x/crypto/internal/alias
+golang.org/x/crypto/internal/poly1305
 # golang.org/x/net v0.17.0
 ## explicit; go 1.17
 golang.org/x/net/context
@@ -275,7 +307,7 @@ golang.org/x/net/http2/hpack
 golang.org/x/net/idna
 golang.org/x/net/internal/timeseries
 golang.org/x/net/trace
-# golang.org/x/oauth2 v0.5.0
+# golang.org/x/oauth2 v0.10.0
 ## explicit; go 1.17
 golang.org/x/oauth2
 golang.org/x/oauth2/authhandler
@@ -286,6 +318,7 @@ golang.org/x/oauth2/jws
 golang.org/x/oauth2/jwt
 # golang.org/x/sys v0.13.0
 ## explicit; go 1.17
+golang.org/x/sys/cpu
 golang.org/x/sys/plan9
 golang.org/x/sys/unix
 golang.org/x/sys/windows
@@ -318,7 +351,7 @@ golang.org/x/text/width
 # golang.org/x/time v0.0.0-20220210224613-90d013bbcef8
 ## explicit
 golang.org/x/time/rate
-# google.golang.org/api v0.111.0
+# google.golang.org/api v0.134.0
 ## explicit; go 1.19
 google.golang.org/api/cloudresourcemanager/v1
 google.golang.org/api/compute/v0.alpha
@@ -327,17 +360,16 @@ google.golang.org/api/compute/v1
 google.golang.org/api/googleapi
 google.golang.org/api/googleapi/transport
 google.golang.org/api/internal
+google.golang.org/api/internal/cert
 google.golang.org/api/internal/gensupport
 google.golang.org/api/internal/impersonate
 google.golang.org/api/internal/third_party/uritemplates
 google.golang.org/api/iterator
 google.golang.org/api/option
 google.golang.org/api/option/internaloption
-google.golang.org/api/transport/cert
 google.golang.org/api/transport/grpc
 google.golang.org/api/transport/http
 google.golang.org/api/transport/http/internal/propagation
-google.golang.org/api/transport/internal/dca
 # google.golang.org/appengine v1.6.7
 ## explicit; go 1.11
 google.golang.org/appengine
@@ -352,19 +384,23 @@ google.golang.org/appengine/internal/socket
 google.golang.org/appengine/internal/urlfetch
 google.golang.org/appengine/socket
 google.golang.org/appengine/urlfetch
-# google.golang.org/genproto v0.0.0-20230223222841-637eb2293923
+# google.golang.org/genproto v0.0.0-20230706204954-ccb25ca9f130
 ## explicit; go 1.19
-google.golang.org/genproto/googleapis/api
-google.golang.org/genproto/googleapis/api/annotations
 google.golang.org/genproto/googleapis/cloud/kms/v1
 google.golang.org/genproto/googleapis/cloud/location
-google.golang.org/genproto/googleapis/iam/v1
+google.golang.org/genproto/googleapis/type/expr
+google.golang.org/genproto/internal
+google.golang.org/genproto/protobuf/field_mask
+# google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130
+## explicit; go 1.19
+google.golang.org/genproto/googleapis/api
+google.golang.org/genproto/googleapis/api/annotations
+# google.golang.org/genproto/googleapis/rpc v0.0.0-20230720185612-659f7aaaa771
+## explicit; go 1.19
 google.golang.org/genproto/googleapis/rpc/code
 google.golang.org/genproto/googleapis/rpc/errdetails
 google.golang.org/genproto/googleapis/rpc/status
-google.golang.org/genproto/googleapis/type/expr
-google.golang.org/genproto/protobuf/field_mask
-# google.golang.org/grpc v1.53.0
+# google.golang.org/grpc v1.56.3
 ## explicit; go 1.17
 google.golang.org/grpc
 google.golang.org/grpc/attributes
@@ -426,7 +462,7 @@ google.golang.org/grpc/serviceconfig
 google.golang.org/grpc/stats
 google.golang.org/grpc/status
 google.golang.org/grpc/tap
-# google.golang.org/protobuf v1.28.1
+# google.golang.org/protobuf v1.31.0
 ## explicit; go 1.11
 google.golang.org/protobuf/encoding/protojson
 google.golang.org/protobuf/encoding/prototext