google-api-client 0.40.1 → 0.40.2

data/generated/google/apis/groupsmigration_v1.rb

@@ -20,12 +20,13 @@ module Google
   module Apis
     # Groups Migration API
     #
-    # Groups Migration Api.
+    # The Groups Migration API allows domain administrators to archive
+    # emails into Google groups.
     #
     # @see https://developers.google.com/google-apps/groups-migration/
     module GroupsmigrationV1
       VERSION = 'V1'
-      REVISION = '20180803'
+      REVISION = '20200608'
 
       # Manage messages in groups on your domain
       AUTH_APPS_GROUPS_MIGRATION = 'https://www.googleapis.com/auth/apps.groups.migration'

data/generated/google/apis/groupsmigration_v1/service.rb

@@ -22,7 +22,8 @@ module Google
     module GroupsmigrationV1
       # Groups Migration API
       #
-      # Groups Migration Api.
+      # The Groups Migration API allows domain administrators to archive
+      #  emails into Google groups.
       #
       # @example
       #    require 'google/apis/groupsmigration_v1'
@@ -38,16 +39,12 @@ module Google
         attr_accessor :key
 
         # @return [String]
-        #  An opaque string that represents a user for quota purposes. Must not exceed 40
-        #  characters.
+        #  Available to use for quota purposes for server-side applications. Can be any
+        #  arbitrary string assigned to a user, but should not exceed 40 characters.
         attr_accessor :quota_user
 
-        # @return [String]
-        #  Deprecated. Please use quotaUser instead.
-        attr_accessor :user_ip
-
         def initialize
-          super('https://www.googleapis.com/', 'groups/v1/groups/')
+          super('https://www.googleapis.com/', '')
           @batch_path = 'batch/groupsmigration/v1'
         end
         
@@ -57,10 +54,8 @@ module Google
         # @param [String] fields
         #   Selector specifying which fields to include in a partial response.
         # @param [String] quota_user
-        #   An opaque string that represents a user for quota purposes. Must not exceed 40
-        #   characters.
-        # @param [String] user_ip
-        #   Deprecated. Please use quotaUser instead.
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
         # @param [IO, String] upload_source
         #   IO stream or filename containing content to upload
         # @param [String] content_type
@@ -77,11 +72,11 @@ module Google
         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
         # @raise [Google::Apis::AuthorizationError] Authorization is required
-        def insert_archive(group_id, fields: nil, quota_user: nil, user_ip: nil, upload_source: nil, content_type: nil, options: nil, &block)
+        def insert_archive(group_id, fields: nil, quota_user: nil, upload_source: nil, content_type: nil, options: nil, &block)
           if upload_source.nil?
-            command = make_simple_command(:post, '{groupId}/archive', options)
+            command = make_simple_command(:post, 'groups/v1/groups/{groupId}/archive', options)
           else
-            command = make_upload_command(:post, '{groupId}/archive', options)
+            command = make_upload_command(:post, 'groups/v1/groups/{groupId}/archive', options)
             command.upload_source = upload_source
             command.upload_content_type = content_type
           end
@@ -90,7 +85,6 @@ module Google
           command.params['groupId'] = group_id unless group_id.nil?
           command.query['fields'] = fields unless fields.nil?
           command.query['quotaUser'] = quota_user unless quota_user.nil?
-          command.query['userIp'] = user_ip unless user_ip.nil?
           execute_or_queue_command(command, &block)
         end
 
@@ -99,7 +93,6 @@ module Google
         def apply_command_defaults(command)
           command.query['key'] = key unless key.nil?
           command.query['quotaUser'] = quota_user unless quota_user.nil?
-          command.query['userIp'] = user_ip unless user_ip.nil?
         end
       end
     end

data/generated/google/apis/iam_v1.rb

@@ -27,7 +27,7 @@ module Google
     # @see https://cloud.google.com/iam/
     module IamV1
       VERSION = 'V1'
-      REVISION = '20200515'
+      REVISION = '20200605'
 
       # View and manage your data across Google Cloud Platform services
       AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform'

data/generated/google/apis/iam_v1/classes.rb

@@ -56,7 +56,7 @@ module Google
       # `
       # "audit_configs": [
       # `
-      # "service": "allServices"
+      # "service": "allServices",
       # "audit_log_configs": [
       # `
       # "log_type": "DATA_READ",
@@ -65,18 +65,18 @@ module Google
       # ]
       # `,
       # `
-      # "log_type": "DATA_WRITE",
+      # "log_type": "DATA_WRITE"
       # `,
       # `
-      # "log_type": "ADMIN_READ",
+      # "log_type": "ADMIN_READ"
       # `
       # ]
       # `,
       # `
-      # "service": "sampleservice.googleapis.com"
+      # "service": "sampleservice.googleapis.com",
       # "audit_log_configs": [
       # `
-      # "log_type": "DATA_READ",
+      # "log_type": "DATA_READ"
       # `,
       # `
       # "log_type": "DATA_WRITE",
@@ -149,7 +149,7 @@ module Google
       # ]
       # `,
       # `
-      # "log_type": "DATA_WRITE",
+      # "log_type": "DATA_WRITE"
       # `
       # ]
       # `
@@ -414,19 +414,15 @@ module Google
         # @return [String]
         attr_accessor :account_id
       
-        # A service account in the Identity and Access Management API.
-        # To create a service account, specify the `project_id` and the `account_id`
-        # for the account.  The `account_id` is unique within the project, and is used
-        # to generate the service account email address and a stable
-        # `unique_id`.
-        # If the account already exists, the account's resource name is returned
-        # in the format of projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`. The caller
-        # can use the name in other methods to access the account.
-        # All other methods can identify the service account using the format
-        # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
-        # Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
-        # the account. The `ACCOUNT` value can be the `email` address or the
-        # `unique_id` of the service account.
+        # An IAM service account.
+        # A service account is an account for an application or a virtual machine (VM)
+        # instance, not a person. You can use a service account to call Google APIs. To
+        # learn more, read the [overview of service
+        # accounts](https://cloud.google.com/iam/help/service-accounts/overview).
+        # When you create a service account, you specify the project ID that owns the
+        # service account, as well as a name that must be unique within the project.
+        # IAM uses these values to create an email address that identifies the service
+        # account.
         # Corresponds to the JSON property `serviceAccount`
         # @return [Google::Apis::IamV1::ServiceAccount]
         attr_accessor :service_account
@@ -751,23 +747,24 @@ module Google
         end
       end
       
-      # The patch service account request.
+      # The request for
+      # PatchServiceAccount.
+      # You can patch only the `display_name` and `description` fields. You must use
+      # the `update_mask` field to specify which of these fields you want to patch.
+      # Only the fields specified in the request are guaranteed to be returned in
+      # the response. Other fields may be empty in the response.
       class PatchServiceAccountRequest
         include Google::Apis::Core::Hashable
       
-        # A service account in the Identity and Access Management API.
-        # To create a service account, specify the `project_id` and the `account_id`
-        # for the account.  The `account_id` is unique within the project, and is used
-        # to generate the service account email address and a stable
-        # `unique_id`.
-        # If the account already exists, the account's resource name is returned
-        # in the format of projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`. The caller
-        # can use the name in other methods to access the account.
-        # All other methods can identify the service account using the format
-        # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
-        # Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
-        # the account. The `ACCOUNT` value can be the `email` address or the
-        # `unique_id` of the service account.
+        # An IAM service account.
+        # A service account is an account for an application or a virtual machine (VM)
+        # instance, not a person. You can use a service account to call Google APIs. To
+        # learn more, read the [overview of service
+        # accounts](https://cloud.google.com/iam/help/service-accounts/overview).
+        # When you create a service account, you specify the project ID that owns the
+        # service account, as well as a name that must be unique within the project.
+        # IAM uses these values to create an email address that identifies the service
+        # account.
         # Corresponds to the JSON property `serviceAccount`
         # @return [Google::Apis::IamV1::ServiceAccount]
         attr_accessor :service_account
@@ -1262,77 +1259,82 @@ module Google
         end
       end
       
-      # A service account in the Identity and Access Management API.
-      # To create a service account, specify the `project_id` and the `account_id`
-      # for the account.  The `account_id` is unique within the project, and is used
-      # to generate the service account email address and a stable
-      # `unique_id`.
-      # If the account already exists, the account's resource name is returned
-      # in the format of projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`. The caller
-      # can use the name in other methods to access the account.
-      # All other methods can identify the service account using the format
-      # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
-      # Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
-      # the account. The `ACCOUNT` value can be the `email` address or the
-      # `unique_id` of the service account.
+      # An IAM service account.
+      # A service account is an account for an application or a virtual machine (VM)
+      # instance, not a person. You can use a service account to call Google APIs. To
+      # learn more, read the [overview of service
+      # accounts](https://cloud.google.com/iam/help/service-accounts/overview).
+      # When you create a service account, you specify the project ID that owns the
+      # service account, as well as a name that must be unique within the project.
+      # IAM uses these values to create an email address that identifies the service
+      # account.
       class ServiceAccount
         include Google::Apis::Core::Hashable
       
-        # Optional. A user-specified opaque description of the service account.
-        # Must be less than or equal to 256 UTF-8 bytes.
+        # Optional. A user-specified, human-readable description of the service account.
+        # The
+        # maximum length is 256 UTF-8 bytes.
         # Corresponds to the JSON property `description`
         # @return [String]
         attr_accessor :description
       
-        # @OutputOnly A bool indicate if the service account is disabled.
-        # The field is currently in alpha phase.
+        # Output only. Whether the service account is disabled.
         # Corresponds to the JSON property `disabled`
         # @return [Boolean]
         attr_accessor :disabled
         alias_method :disabled?, :disabled
       
-        # Optional. A user-specified name for the service account.
-        # Must be less than or equal to 100 UTF-8 bytes.
+        # Optional. A user-specified, human-readable name for the service account. The
+        # maximum
+        # length is 100 UTF-8 bytes.
         # Corresponds to the JSON property `displayName`
         # @return [String]
         attr_accessor :display_name
       
-        # @OutputOnly The email address of the service account.
+        # Output only. The email address of the service account.
         # Corresponds to the JSON property `email`
         # @return [String]
         attr_accessor :email
       
-        # Optional. Note: `etag` is an inoperable legacy field that is only returned
-        # for backwards compatibility.
+        # Deprecated. Do not use.
         # Corresponds to the JSON property `etag`
         # NOTE: Values are automatically base64 encoded/decoded in the client library.
         # @return [String]
         attr_accessor :etag
       
-        # The resource name of the service account in the following format:
-        # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
-        # Requests using `-` as a wildcard for the `PROJECT_ID` will infer the
-        # project from the `account` and the `ACCOUNT` value can be the `email`
-        # address or the `unique_id` of the service account.
-        # In responses the resource name will always be in the format
-        # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
+        # The resource name of the service account.
+        # Use one of the following formats:
+        # * `projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS``
+        # * `projects/`PROJECT_ID`/serviceAccounts/`UNIQUE_ID``
+        # As an alternative, you can use the `-` wildcard character instead of the
+        # project ID:
+        # * `projects/-/serviceAccounts/`EMAIL_ADDRESS``
+        # * `projects/-/serviceAccounts/`UNIQUE_ID``
+        # When possible, avoid using the `-` wildcard character, because it can cause
+        # response messages to contain misleading error codes. For example, if you
+        # try to get the service account
+        # `projects/-/serviceAccounts/fake@example.com`, which does not exist, the
+        # response contains an HTTP `403 Forbidden` error instead of a `404 Not
+        # Found` error.
         # Corresponds to the JSON property `name`
         # @return [String]
         attr_accessor :name
       
-        # @OutputOnly The OAuth2 client id for the service account.
-        # This is used in conjunction with the OAuth2 clientconfig API to make
-        # three legged OAuth2 (3LO) flows to access the data of Google users.
+        # Output only. The OAuth 2.0 client ID for the service account.
         # Corresponds to the JSON property `oauth2ClientId`
         # @return [String]
         attr_accessor :oauth2_client_id
       
-        # @OutputOnly The id of the project that owns the service account.
+        # Output only. The ID of the project that owns the service account.
         # Corresponds to the JSON property `projectId`
         # @return [String]
         attr_accessor :project_id
       
-        # @OutputOnly The unique and stable id of the service account.
+        # Output only. The unique, stable numeric ID for the service account.
+        # Each service account retains its unique ID even if you delete the service
+        # account. For example, if you delete a service account, then create a new
+        # service account with the same name, the new service account has a different
+        # unique ID than the deleted service account.
         # Corresponds to the JSON property `uniqueId`
         # @return [String]
         attr_accessor :unique_id
@@ -1589,7 +1591,15 @@ module Google
       class SignJwtRequest
         include Google::Apis::Core::Hashable
       
-        # Required. The JWT payload to sign, a JSON JWT Claim set.
+        # Required. The JWT payload to sign. Must be a serialized JSON object that
+        # contains a
+        # JWT Claims Set. For example: ``"sub": "user@example.com", "iat": 313435``
+        # If the JWT Claims Set contains an expiration time (`exp`) claim, it must be
+        # an integer timestamp that is not in the past and no more than 1 hour in the
+        # future.
+        # If the JWT Claims Set does not contain an expiration time (`exp`) claim,
+        # this claim is added automatically, with a timestamp that is 1 hour in the
+        # future.
         # Corresponds to the JSON property `payload`
         # @return [String]
         attr_accessor :payload
@@ -1708,19 +1718,15 @@ module Google
       class UndeleteServiceAccountResponse
         include Google::Apis::Core::Hashable
       
-        # A service account in the Identity and Access Management API.
-        # To create a service account, specify the `project_id` and the `account_id`
-        # for the account.  The `account_id` is unique within the project, and is used
-        # to generate the service account email address and a stable
-        # `unique_id`.
-        # If the account already exists, the account's resource name is returned
-        # in the format of projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`. The caller
-        # can use the name in other methods to access the account.
-        # All other methods can identify the service account using the format
-        # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
-        # Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
-        # the account. The `ACCOUNT` value can be the `email` address or the
-        # `unique_id` of the service account.
+        # An IAM service account.
+        # A service account is an account for an application or a virtual machine (VM)
+        # instance, not a person. You can use a service account to call Google APIs. To
+        # learn more, read the [overview of service
+        # accounts](https://cloud.google.com/iam/help/service-accounts/overview).
+        # When you create a service account, you specify the project ID that owns the
+        # service account, as well as a name that must be unique within the project.
+        # IAM uses these values to create an email address that identifies the service
+        # account.
         # Corresponds to the JSON property `restoredAccount`
         # @return [Google::Apis::IamV1::ServiceAccount]
         attr_accessor :restored_account

data/generated/google/apis/iam_v1/service.rb

@@ -49,16 +49,11 @@ module Google
           @batch_path = 'batch'
         end
         
-        # Lints a Cloud IAM policy object or its sub fields. Currently supports
-        # google.iam.v1.Binding.condition.
-        # Each lint operation consists of multiple lint validation units.
-        # Each unit inspects the input object in regard to a particular linting
-        # aspect and issues a google.iam.admin.v1.LintResult disclosing the
-        # result.
-        # The set of applicable validation units is determined by the Cloud IAM
-        # server and is not configurable.
-        # Regardless of any lint issues or their severities, successful calls to
-        # `lintPolicy` return an HTTP 200 OK status code.
+        # Lints, or validates, an IAM policy. Currently checks the
+        # google.iam.v1.Binding.condition field, which contains a condition
+        # expression for a role binding.
+        # Successful calls to this method always return an HTTP `200 OK` status code,
+        # even if the linter detects an issue in the IAM policy.
         # @param [Google::Apis::IamV1::LintPolicyRequest] lint_policy_request_object
         # @param [String] fields
         #   Selector specifying which fields to include in a partial response.
@@ -88,8 +83,10 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Returns a list of services that support service level audit logging
-        # configuration for the given resource.
+        # Returns a list of services that allow you to opt into audit logs that are
+        # not generated by default.
+        # To learn more about audit logs, see the [Logging
+        # documentation](https://cloud.google.com/logging/docs/audit).
         # @param [Google::Apis::IamV1::QueryAuditableServicesRequest] query_auditable_services_request_object
         # @param [String] fields
         #   Selector specifying which fields to include in a partial response.
@@ -119,7 +116,7 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Creates a new Role.
+        # Creates a new custom Role.
         # @param [String] parent
         #   The `parent` parameter's value depends on the target resource for the
         #   request, namely
@@ -169,13 +166,19 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Soft deletes a role. The role is suspended and cannot be used to create new
-        # IAM Policy Bindings.
-        # The Role will not be included in `ListRoles()` unless `show_deleted` is set
-        # in the `ListRolesRequest`. The Role contains the deleted boolean set.
-        # Existing Bindings remains, but are inactive. The Role can be undeleted
-        # within 7 days. After 7 days the Role is deleted and all Bindings associated
-        # with the role are removed.
+        # Deletes a custom Role.
+        # When you delete a custom role, the following changes occur immediately:
+        # * You cannot bind a member to the custom role in an IAM
+        # Policy.
+        # * Existing bindings to the custom role are not changed, but they have no
+        # effect.
+        # * By default, the response from ListRoles does not include the custom
+        # role.
+        # You have 7 days to undelete the custom role. After 7 days, the following
+        # changes occur:
+        # * The custom role is permanently deleted and cannot be recovered.
+        # * If an IAM policy contains a binding to the custom role, the binding is
+        # permanently removed.
         # @param [String] name
         #   The `name` parameter's value depends on the target resource for the
         #   request, namely
@@ -226,7 +229,7 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Gets a Role definition.
+        # Gets the definition of a Role.
         # @param [String] name
         #   The `name` parameter's value depends on the target resource for the
         #   request, namely
@@ -280,7 +283,8 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Lists the Roles defined on a resource.
+        # Lists every predefined Role that IAM supports, or every custom role
+        # that is defined for an organization or project.
         # @param [String] parent
         #   The `parent` parameter's value depends on the target resource for the
         #   request, namely
@@ -348,7 +352,7 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Updates a Role definition.
+        # Updates the definition of a custom Role.
         # @param [String] name
         #   The `name` parameter's value depends on the target resource for the
         #   request, namely
@@ -402,7 +406,7 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Undelete a Role, bringing it back in its previous state.
+        # Undeletes a custom Role.
         # @param [String] name
         #   The `name` parameter's value depends on the target resource for the
         #   request, namely
@@ -454,8 +458,9 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Lists the permissions testable on a resource.
-        # A permission is testable if it can be tested for an identity on a resource.
+        # Lists every permission that you can test on a resource. A permission is
+        # testable if you can check whether a member has that permission on the
+        # resource.
         # @param [Google::Apis::IamV1::QueryTestablePermissionsRequest] query_testable_permissions_request_object
         # @param [String] fields
         #   Selector specifying which fields to include in a partial response.
@@ -485,7 +490,7 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Creates a new Role.
+        # Creates a new custom Role.
         # @param [String] parent
         #   The `parent` parameter's value depends on the target resource for the
         #   request, namely
@@ -535,13 +540,19 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Soft deletes a role. The role is suspended and cannot be used to create new
-        # IAM Policy Bindings.
-        # The Role will not be included in `ListRoles()` unless `show_deleted` is set
-        # in the `ListRolesRequest`. The Role contains the deleted boolean set.
-        # Existing Bindings remains, but are inactive. The Role can be undeleted
-        # within 7 days. After 7 days the Role is deleted and all Bindings associated
-        # with the role are removed.
+        # Deletes a custom Role.
+        # When you delete a custom role, the following changes occur immediately:
+        # * You cannot bind a member to the custom role in an IAM
+        # Policy.
+        # * Existing bindings to the custom role are not changed, but they have no
+        # effect.
+        # * By default, the response from ListRoles does not include the custom
+        # role.
+        # You have 7 days to undelete the custom role. After 7 days, the following
+        # changes occur:
+        # * The custom role is permanently deleted and cannot be recovered.
+        # * If an IAM policy contains a binding to the custom role, the binding is
+        # permanently removed.
         # @param [String] name
         #   The `name` parameter's value depends on the target resource for the
         #   request, namely
@@ -592,7 +603,7 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Gets a Role definition.
+        # Gets the definition of a Role.
         # @param [String] name
         #   The `name` parameter's value depends on the target resource for the
         #   request, namely
@@ -646,7 +657,8 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Lists the Roles defined on a resource.
+        # Lists every predefined Role that IAM supports, or every custom role
+        # that is defined for an organization or project.
         # @param [String] parent
         #   The `parent` parameter's value depends on the target resource for the
         #   request, namely
@@ -714,7 +726,7 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Updates a Role definition.
+        # Updates the definition of a custom Role.
         # @param [String] name
         #   The `name` parameter's value depends on the target resource for the
         #   request, namely
@@ -768,7 +780,7 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Undelete a Role, bringing it back in its previous state.
+        # Undeletes a custom Role.
         # @param [String] name
         #   The `name` parameter's value depends on the target resource for the
         #   request, namely
@@ -820,8 +832,7 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Creates a ServiceAccount
-        # and returns it.
+        # Creates a ServiceAccount.
         # @param [String] name
         #   Required. The resource name of the project associated with the service
         #   accounts, such as `projects/my-project-123`.
@@ -856,6 +867,17 @@ module Google
         end
         
         # Deletes a ServiceAccount.
+        # **Warning:** After you delete a service account, you might not be able to
+        # undelete it. If you know that you need to re-enable the service account in
+        # the future, use DisableServiceAccount instead.
+        # If you delete a service account, IAM permanently removes the service
+        # account 30 days later. Google Cloud cannot recover the service account
+        # after it is permanently removed, even if you file a support request.
+        # To help avoid unplanned outages, we recommend that you disable the service
+        # account before you delete it. Use DisableServiceAccount to disable the
+        # service account, then wait at least 24 hours and watch for unintended
+        # consequences. If there are no unintended consequences, you can delete the
+        # service account.
         # @param [String] name
         #   Required. The resource name of the service account in the following format:
         #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
@@ -889,24 +911,19 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # DisableServiceAccount is currently in the alpha launch stage.
-        # Disables a ServiceAccount,
-        # which immediately prevents the service account from authenticating and
-        # gaining access to APIs.
-        # Disabled service accounts can be safely restored by using
-        # EnableServiceAccount at any point. Deleted service accounts cannot be
-        # restored using this method.
-        # Disabling a service account that is bound to VMs, Apps, Functions, or
-        # other jobs will cause those jobs to lose access to resources if they are
-        # using the disabled service account.
-        # Previously issued Access tokens for a service account will be rejected
-        # while the service account is disabled but will start working again if the
-        # account is re-enabled. Issuance of new tokens will fail while the account
-        # is disabled.
-        # To improve reliability of your services and avoid unexpected outages, it
-        # is recommended to first disable a service account rather than delete it.
-        # After disabling the service account, wait at least 24 hours to verify there
-        # are no unintended consequences, and then delete the service account.
+        # Disables a ServiceAccount immediately.
+        # If an application uses the service account to authenticate, that
+        # application can no longer call Google APIs or access Google Cloud
+        # resources. Existing access tokens for the service account are rejected, and
+        # requests for new access tokens will fail.
+        # To re-enable the service account, use EnableServiceAccount. After you
+        # re-enable the service account, its existing access tokens will be accepted,
+        # and you can request new access tokens.
+        # To help avoid unplanned outages, we recommend that you disable the service
+        # account before you delete it. Use this method to disable the service
+        # account, then wait at least 24 hours and watch for unintended consequences.
+        # If there are no unintended consequences, you can delete the service account
+        # with DeleteServiceAccount.
         # @param [String] name
         #   The resource name of the service account in the following format:
         #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
@@ -943,14 +960,12 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # EnableServiceAccount is currently in the alpha launch stage.
-        # Restores a disabled ServiceAccount
-        # that has been manually disabled by using DisableServiceAccount. Service
-        # accounts that have been disabled by other means or for other reasons,
-        # such as abuse, cannot be restored using this method.
-        # EnableServiceAccount will have no effect on a service account that is
-        # not disabled.  Enabling an already enabled service account will have no
-        # effect.
+        # Enables a ServiceAccount that was disabled by
+        # DisableServiceAccount.
+        # If the service account is already enabled, then this method has no effect.
+        # If the service account was disabled by other means—for example, if Google
+        # disabled the service account because it was compromised—you cannot use this
+        # method to enable the service account.
         # @param [String] name
         #   The resource name of the service account in the following format:
         #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
@@ -1021,19 +1036,15 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Returns the Cloud IAM access control policy for a
-        # ServiceAccount.
-        # Note: Service accounts are both
-        # [resources and
-        # identities](/iam/docs/service-accounts#service_account_permissions). This
-        # method treats the service account as a resource. It returns the Cloud IAM
-        # policy that reflects what members have access to the service account.
-        # This method does not return what resources the service account has access
-        # to. To see if a service account has access to a resource, call the
-        # `getIamPolicy` method on the target resource. For example, to view grants
-        # for a project, call the
-        # [projects.getIamPolicy](/resource-manager/reference/rest/v1/projects/
-        # getIamPolicy)
+        # Gets the IAM policy that is attached to a ServiceAccount. This IAM
+        # policy specifies which members have access to the service account.
+        # This method does not tell you whether the service account has been granted
+        # any roles on other resources. To check whether a service account has role
+        # grants on a resource, use the `getIamPolicy` method for that resource. For
+        # example, to view the role grants for a project, call the Resource Manager
+        # API's
+        # [`projects.getIamPolicy`](https://cloud.google.com/resource-manager/reference/
+        # rest/v1/projects/getIamPolicy)
         # method.
         # @param [String] resource
         #   REQUIRED: The resource for which the policy is being requested.
@@ -1076,7 +1087,7 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Lists ServiceAccounts for a project.
+        # Lists every ServiceAccount that belongs to a specific project.
         # @param [String] name
         #   Required. The resource name of the project associated with the service
         #   accounts, such as `projects/my-project-123`.
@@ -1118,19 +1129,21 @@ module Google
         end
         
         # Patches a ServiceAccount.
-        # Currently, only the following fields are updatable:
-        # `display_name` and `description`.
-        # Only fields specified in the request are guaranteed to be returned in
-        # the response. Other fields in the response may be empty.
-        # Note: The field mask is required.
         # @param [String] name
-        #   The resource name of the service account in the following format:
-        #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
-        #   Requests using `-` as a wildcard for the `PROJECT_ID` will infer the
-        #   project from the `account` and the `ACCOUNT` value can be the `email`
-        #   address or the `unique_id` of the service account.
-        #   In responses the resource name will always be in the format
-        #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
+        #   The resource name of the service account.
+        #   Use one of the following formats:
+        #   * `projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS``
+        #   * `projects/`PROJECT_ID`/serviceAccounts/`UNIQUE_ID``
+        #   As an alternative, you can use the `-` wildcard character instead of the
+        #   project ID:
+        #   * `projects/-/serviceAccounts/`EMAIL_ADDRESS``
+        #   * `projects/-/serviceAccounts/`UNIQUE_ID``
+        #   When possible, avoid using the `-` wildcard character, because it can cause
+        #   response messages to contain misleading error codes. For example, if you
+        #   try to get the service account
+        #   `projects/-/serviceAccounts/fake@example.com`, which does not exist, the
+        #   response contains an HTTP `403 Forbidden` error instead of a `404 Not
+        #   Found` error.
         # @param [Google::Apis::IamV1::PatchServiceAccountRequest] patch_service_account_request_object
         # @param [String] fields
         #   Selector specifying which fields to include in a partial response.
@@ -1161,21 +1174,20 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Sets the Cloud IAM access control policy for a
-        # ServiceAccount.
-        # Note: Service accounts are both
-        # [resources and
-        # identities](/iam/docs/service-accounts#service_account_permissions). This
-        # method treats the service account as a resource. Use it to grant members
-        # access to the service account, such as when they need to impersonate it.
-        # This method does not grant the service account access to other resources,
-        # such as projects. To grant a service account access to resources, include
-        # the service account in the Cloud IAM policy for the desired resource, then
-        # call the appropriate `setIamPolicy` method on the target resource. For
-        # example, to grant a service account access to a project, call the
-        # [projects.setIamPolicy](/resource-manager/reference/rest/v1/projects/
-        # setIamPolicy)
-        # method.
+        # Sets the IAM policy that is attached to a ServiceAccount.
+        # Use this method to grant or revoke access to the service account. For
+        # example, you could grant a member the ability to impersonate the service
+        # account.
+        # This method does not enable the service account to access other resources.
+        # To grant roles to a service account on a resource, follow these steps:
+        # 1. Call the resource's `getIamPolicy` method to get its current IAM policy.
+        # 2. Edit the policy so that it binds the service account to an IAM role for
+        # the resource.
+        # 3. Call the resource's `setIamPolicy` method to update its IAM policy.
+        # For detailed instructions, see
+        # [Granting roles to a service account for specific
+        # resources](https://cloud.google.com/iam/help/service-accounts/granting-access-
+        # to-service-accounts).
         # @param [String] resource
         #   REQUIRED: The resource for which the policy is being specified.
         #   See the operation documentation for the appropriate value for this field.
@@ -1209,11 +1221,11 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # **Note**: This method is in the process of being deprecated. Call the
-        # [`signBlob()`](/iam/credentials/reference/rest/v1/projects.serviceAccounts/
-        # signBlob)
-        # method of the Cloud IAM Service Account Credentials API instead.
-        # Signs a blob using a service account's system-managed private key.
+        # **Note:** We are in the process of deprecating this method. Use the
+        # [`signBlob`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.
+        # serviceAccounts/signBlob)
+        # method in the IAM Service Account Credentials API instead.
+        # Signs a blob using the system-managed private key for a ServiceAccount.
         # @param [String] name
         #   Required. The resource name of the service account in the following format:
         #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
@@ -1250,14 +1262,12 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # **Note**: This method is in the process of being deprecated. Call the
-        # [`signJwt()`](/iam/credentials/reference/rest/v1/projects.serviceAccounts/
-        # signJwt)
-        # method of the Cloud IAM Service Account Credentials API instead.
-        # Signs a JWT using a service account's system-managed private key.
-        # If no expiry time (`exp`) is provided in the `SignJwtRequest`, IAM sets an
-        # an expiry time of one hour by default. If you request an expiry time of
-        # more than one hour, the request will fail.
+        # **Note:** We are in the process of deprecating this method. Use the
+        # [`signJwt`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.
+        # serviceAccounts/signJwt)
+        # method in the IAM Service Account Credentials API instead.
+        # Signs a JSON Web Token (JWT) using the system-managed private key for a
+        # ServiceAccount.
         # @param [String] name
         #   Required. The resource name of the service account in the following format:
         #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
@@ -1294,8 +1304,8 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Tests the specified permissions against the IAM access control policy
-        # for a ServiceAccount.
+        # Tests whether the caller has the specified permissions on a
+        # ServiceAccount.
         # @param [String] resource
         #   REQUIRED: The resource for which the policy detail is being requested.
         #   See the operation documentation for the appropriate value for this field.
@@ -1330,8 +1340,11 @@ module Google
         end
         
         # Restores a deleted ServiceAccount.
-        # This is to be used as an action of last resort.  A service account may
-        # not always be restorable.
+        # **Important:** It is not always possible to restore a deleted service
+        # account. Use this method only as a last resort.
+        # After you delete a service account, IAM permanently removes the service
+        # account 30 days later. There is no way to restore a deleted service account
+        # that has been permanently removed.
         # @param [String] name
         #   The resource name of the service account in the following format:
         #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT_UNIQUE_ID``.
@@ -1367,19 +1380,25 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Note: This method is in the process of being deprecated. Use
+        # **Note:** We are in the process of deprecating this method. Use
         # PatchServiceAccount instead.
         # Updates a ServiceAccount.
-        # Currently, only the following fields are updatable:
-        # `display_name` and `description`.
+        # You can update only the `display_name` and `description` fields.
         # @param [String] name
-        #   The resource name of the service account in the following format:
-        #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
-        #   Requests using `-` as a wildcard for the `PROJECT_ID` will infer the
-        #   project from the `account` and the `ACCOUNT` value can be the `email`
-        #   address or the `unique_id` of the service account.
-        #   In responses the resource name will always be in the format
-        #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
+        #   The resource name of the service account.
+        #   Use one of the following formats:
+        #   * `projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS``
+        #   * `projects/`PROJECT_ID`/serviceAccounts/`UNIQUE_ID``
+        #   As an alternative, you can use the `-` wildcard character instead of the
+        #   project ID:
+        #   * `projects/-/serviceAccounts/`EMAIL_ADDRESS``
+        #   * `projects/-/serviceAccounts/`UNIQUE_ID``
+        #   When possible, avoid using the `-` wildcard character, because it can cause
+        #   response messages to contain misleading error codes. For example, if you
+        #   try to get the service account
+        #   `projects/-/serviceAccounts/fake@example.com`, which does not exist, the
+        #   response contains an HTTP `403 Forbidden` error instead of a `404 Not
+        #   Found` error.
         # @param [Google::Apis::IamV1::ServiceAccount] service_account_object
         # @param [String] fields
         #   Selector specifying which fields to include in a partial response.
@@ -1410,8 +1429,7 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Creates a ServiceAccountKey
-        # and returns it.
+        # Creates a ServiceAccountKey.
         # @param [String] name
         #   Required. The resource name of the service account in the following format:
         #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
@@ -1482,8 +1500,7 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Gets the ServiceAccountKey
-        # by key id.
+        # Gets a ServiceAccountKey.
         # @param [String] name
         #   Required. The resource name of the service account key in the following format:
         #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``.
@@ -1521,7 +1538,7 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Lists ServiceAccountKeys.
+        # Lists every ServiceAccountKey for a service account.
         # @param [String] name
         #   Required. The resource name of the service account in the following format:
         #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
@@ -1560,10 +1577,7 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Upload public key for a given service account.
-        # This rpc will create a
-        # ServiceAccountKey that has the
-        # provided public key and returns it.
+        # Creates a ServiceAccountKey, using a public key that you provide.
         # @param [String] name
         #   The resource name of the service account in the following format:
         #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
@@ -1600,7 +1614,7 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Gets a Role definition.
+        # Gets the definition of a Role.
         # @param [String] name
         #   The `name` parameter's value depends on the target resource for the
         #   request, namely
@@ -1654,7 +1668,8 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Lists the Roles defined on a resource.
+        # Lists every predefined Role that IAM supports, or every custom role
+        # that is defined for an organization or project.
         # @param [Fixnum] page_size
         #   Optional limit on the number of roles to include in the response.
         # @param [String] page_token
@@ -1722,9 +1737,9 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Queries roles that can be granted on a particular resource.
-        # A role is grantable if it can be used as the role in a binding for a policy
-        # for that resource.
+        # Lists roles that can be granted on a Google Cloud resource. A role is
+        # grantable if the IAM policy for the resource can contain bindings to the
+        # role.
         # @param [Google::Apis::IamV1::QueryGrantableRolesRequest] query_grantable_roles_request_object
         # @param [String] fields
         #   Selector specifying which fields to include in a partial response.