google-apis-compute_beta 0.16.0 → 0.20.0

data/lib/google/apis/compute_beta/classes.rb

@@ -510,13 +510,17 @@ module Google
         attr_accessor :network_tier
       
         # The DNS domain name for the public PTR record. You can set this field only if
-        # the `setPublicPtr` field is enabled.
+        # the `setPublicPtr` field is enabled in accessConfig. If this field is
+        # unspecified in ipv6AccessConfig, a default PTR record will be createc for
+        # first IP in associated external IPv6 range.
         # Corresponds to the JSON property `publicPtrDomainName`
         # @return [String]
         attr_accessor :public_ptr_domain_name
       
         # Specifies whether a public DNS 'PTR' record should be created to map the
-        # external IP address of the instance to a DNS domain name.
+        # external IP address of the instance to a DNS domain name. This field is not
+        # used in ipv6AccessConfig. A default PTR record will be created if the VM has
+        # external IPv6 range associated.
         # Corresponds to the JSON property `setPublicPtr`
         # @return [Boolean]
         attr_accessor :set_public_ptr
@@ -2774,7 +2778,7 @@ module Google
         # specified), or else sets the response max-age directive to the lesser of the
         # client_ttl and default_ttl, and also ensures a "public" cache-control
         # directive is present. If a client TTL is not specified, a default value (1
-        # hour) will be used. The maximum allowed value is 86400s (1 day).
+        # hour) will be used. The maximum allowed value is 31,622,400s (1 year).
         # Corresponds to the JSON property `clientTtl`
         # @return [Fixnum]
         attr_accessor :client_ttl
@@ -3262,8 +3266,8 @@ module Google
         # INTERNAL_MANAGED. - A global backend service with the load_balancing_scheme
         # set to INTERNAL_SELF_MANAGED. If sessionAffinity is not NONE, and this field
         # is not set to MAGLEV or RING_HASH, session affinity settings will not take
-        # effect. Only the default ROUND_ROBIN policy is supported when the backend
-        # service is referenced by a URL map that is bound to target gRPC proxy that has
+        # effect. Only ROUND_ROBIN and RING_HASH are supported when the backend service
+        # is referenced by a URL map that is bound to target gRPC proxy that has
         # validateForProxyless field set to true.
         # Corresponds to the JSON property `localityLbPolicy`
         # @return [String]
@@ -3356,11 +3360,18 @@ module Google
         # @return [String]
         attr_accessor :self_link
       
-        # Type of session affinity to use. The default is NONE. For a detailed
-        # description of session affinity options, see: [Session affinity](https://cloud.
-        # google.com/load-balancing/docs/backend-service#session_affinity). Not
-        # supported when the backend service is referenced by a URL map that is bound to
-        # target gRPC proxy that has validateForProxyless field set to true.
+        # URLs of networkservices.ServiceBinding resources. Can only be set if load
+        # balancing scheme is INTERNAL_SELF_MANAGED. If set, lists of backends and
+        # health checks must be both empty.
+        # Corresponds to the JSON property `serviceBindings`
+        # @return [Array<String>]
+        attr_accessor :service_bindings
+      
+        # Type of session affinity to use. The default is NONE. Only NONE and
+        # HEADER_FIELD are supported when the backend service is referenced by a URL map
+        # that is bound to target gRPC proxy that has validateForProxyless field set to
+        # true. For more details, see: [Session Affinity](https://cloud.google.com/load-
+        # balancing/docs/backend-service#session_affinity).
         # Corresponds to the JSON property `sessionAffinity`
         # @return [String]
         attr_accessor :session_affinity
@@ -3419,6 +3430,7 @@ module Google
           @security_policy = args[:security_policy] if args.key?(:security_policy)
           @security_settings = args[:security_settings] if args.key?(:security_settings)
           @self_link = args[:self_link] if args.key?(:self_link)
+          @service_bindings = args[:service_bindings] if args.key?(:service_bindings)
           @session_affinity = args[:session_affinity] if args.key?(:session_affinity)
           @subsetting = args[:subsetting] if args.key?(:subsetting)
           @timeout_sec = args[:timeout_sec] if args.key?(:timeout_sec)
@@ -3589,7 +3601,7 @@ module Google
         # specified), or else sets the response max-age directive to the lesser of the
         # client_ttl and default_ttl, and also ensures a "public" cache-control
         # directive is present. If a client TTL is not specified, a default value (1
-        # hour) will be used. The maximum allowed value is 86400s (1 day).
+        # hour) will be used. The maximum allowed value is 31,622,400s (1 year).
         # Corresponds to the JSON property `clientTtl`
         # @return [Fixnum]
         attr_accessor :client_ttl
@@ -3769,32 +3781,42 @@ module Google
         # healthy backends (unless all backends are unhealthy). If set to ALWAYS_PERSIST,
         # existing connections always persist on unhealthy backends regardless of
         # protocol and session affinity. It is generally not recommended to use this
-        # mode overriding the default.
+        # mode overriding the default. For more details, see [Connection Persistence for
+        # Network Load Balancing](https://cloud.google.com/load-balancing/docs/network/
+        # networklb-backend-service#connection-persistence) and [Connection Persistence
+        # for Internal TCP/UDP Load Balancing](https://cloud.google.com/load-balancing/
+        # docs/internal#connection-persistence).
         # Corresponds to the JSON property `connectionPersistenceOnUnhealthyBackends`
         # @return [String]
         attr_accessor :connection_persistence_on_unhealthy_backends
       
-        # Enable Strong Session Affinity. This is only available in External TCP/UDP
-        # load balancer.
+        # Enable Strong Session Affinity for Network Load Balancing. This option is not
+        # available publicly.
         # Corresponds to the JSON property `enableStrongAffinity`
         # @return [Boolean]
         attr_accessor :enable_strong_affinity
         alias_method :enable_strong_affinity?, :enable_strong_affinity
       
         # Specifies how long to keep a Connection Tracking entry while there is no
-        # matching traffic (in seconds). For L4 ILB the minimum(default) is 10 minutes
-        # and maximum is 16 hours. For NLB the minimum(default) is 60 seconds and the
-        # maximum is 16 hours. This field will be supported only if the Connection
-        # Tracking key is less than 5-tuple.
+        # matching traffic (in seconds). For Internal TCP/UDP Load Balancing: - The
+        # minimum (default) is 10 minutes and the maximum is 16 hours. - It can be set
+        # only if Connection Tracking is less than 5-tuple (i.e. Session Affinity is
+        # CLIENT_IP_NO_DESTINATION, CLIENT_IP or CLIENT_IP_PROTO, and Tracking Mode is
+        # PER_SESSION). For Network Load Balancer the default is 60 seconds. This option
+        # is not available publicly.
         # Corresponds to the JSON property `idleTimeoutSec`
         # @return [Fixnum]
         attr_accessor :idle_timeout_sec
       
-        # Specifies the key used for connection tracking. There are two options:
+        # Specifies the key used for connection tracking. There are two options: -
         # PER_CONNECTION: This is the default mode. The Connection Tracking is performed
-        # as per the Connection Key (default Hash Method) for the specific protocol.
+        # as per the Connection Key (default Hash Method) for the specific protocol. -
         # PER_SESSION: The Connection Tracking is performed as per the configured
-        # Session Affinity. It matches the configured Session Affinity.
+        # Session Affinity. It matches the configured Session Affinity. For more details,
+        # see [Tracking Mode for Network Load Balancing](https://cloud.google.com/load-
+        # balancing/docs/network/networklb-backend-service#tracking-mode) and [Tracking
+        # Mode for Internal TCP/UDP Load Balancing](https://cloud.google.com/load-
+        # balancing/docs/internal#tracking-mode).
         # Corresponds to the JSON property `trackingMode`
         # @return [String]
         attr_accessor :tracking_mode
@@ -4450,7 +4472,7 @@ module Google
         end
       end
       
-      # Associates `members` with a `role`.
+      # Associates `members`, or principals, with a `role`.
       class Binding
         include Google::Apis::Core::Hashable
       
@@ -4478,7 +4500,7 @@ module Google
         # @return [Google::Apis::ComputeBeta::Expr]
         attr_accessor :condition
       
-        # Specifies the identities requesting access for a Cloud Platform resource. `
+        # Specifies the principals requesting access for a Cloud Platform resource. `
         # members` can have the following values: * `allUsers`: A special identifier
         # that represents anyone who is on the internet; with or without a Google
         # account. * `allAuthenticatedUsers`: A special identifier that represents
@@ -4508,8 +4530,8 @@ module Google
         # @return [Array<String>]
         attr_accessor :members
       
-        # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`
-        # , or `roles/owner`.
+        # Role that is assigned to the list of `members`, or principals. For example, `
+        # roles/viewer`, `roles/editor`, or `roles/owner`.
         # Corresponds to the JSON property `role`
         # @return [String]
         attr_accessor :role
@@ -5405,14 +5427,15 @@ module Google
         end
       end
       
-      # The specification for allowing client side cross-origin requests. Please see
-      # W3C Recommendation for Cross Origin Resource Sharing
+      # The specification for allowing client-side cross-origin requests. For more
+      # information about the W3C recommendation for cross-origin resource sharing (
+      # CORS), see Fetch API Living Standard.
       class CorsPolicy
         include Google::Apis::Core::Hashable
       
         # In response to a preflight request, setting this to true indicates that the
-        # actual request can include user credentials. This translates to the Access-
-        # Control-Allow-Credentials header. Default is false.
+        # actual request can include user credentials. This field translates to the
+        # Access-Control-Allow-Credentials header. Default is false.
         # Corresponds to the JSON property `allowCredentials`
         # @return [Boolean]
         attr_accessor :allow_credentials
@@ -5428,23 +5451,23 @@ module Google
         # @return [Array<String>]
         attr_accessor :allow_methods
       
-        # Specifies the regualar expression patterns that match allowed origins. For
-        # regular expression grammar please see github.com/google/re2/wiki/Syntax An
-        # origin is allowed if it matches either an item in allowOrigins or an item in
+        # Specifies a regular expression that matches allowed origins. For more
+        # information about the regular expression syntax, see Syntax. An origin is
+        # allowed if it matches either an item in allowOrigins or an item in
         # allowOriginRegexes.
         # Corresponds to the JSON property `allowOriginRegexes`
         # @return [Array<String>]
         attr_accessor :allow_origin_regexes
       
-        # Specifies the list of origins that will be allowed to do CORS requests. An
-        # origin is allowed if it matches either an item in allowOrigins or an item in
+        # Specifies the list of origins that is allowed to do CORS requests. An origin
+        # is allowed if it matches either an item in allowOrigins or an item in
         # allowOriginRegexes.
         # Corresponds to the JSON property `allowOrigins`
         # @return [Array<String>]
         attr_accessor :allow_origins
       
-        # If true, specifies the CORS policy is disabled. The default value of false,
-        # which indicates that the CORS policy is in effect.
+        # If true, the setting specifies the CORS policy is disabled. The default value
+        # of false, which indicates that the CORS policy is in effect.
         # Corresponds to the JSON property `disabled`
         # @return [Boolean]
         attr_accessor :disabled
@@ -5456,7 +5479,7 @@ module Google
         attr_accessor :expose_headers
       
         # Specifies how long results of a preflight request can be cached in seconds.
-        # This translates to the Access-Control-Max-Age header.
+        # This field translates to the Access-Control-Max-Age header.
         # Corresponds to the JSON property `maxAge`
         # @return [Fixnum]
         attr_accessor :max_age
@@ -5482,30 +5505,39 @@ module Google
       class CustomerEncryptionKey
         include Google::Apis::Core::Hashable
       
-        # The name of the encryption key that is stored in Google Cloud KMS.
+        # The name of the encryption key that is stored in Google Cloud KMS. For example:
+        # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ key_region/
+        # cryptoKeys/key
         # Corresponds to the JSON property `kmsKeyName`
         # @return [String]
         attr_accessor :kms_key_name
       
         # The service account being used for the encryption request for the given KMS
-        # key. If absent, the Compute Engine default service account is used.
+        # key. If absent, the Compute Engine default service account is used. For
+        # example: "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/
         # Corresponds to the JSON property `kmsKeyServiceAccount`
         # @return [String]
         attr_accessor :kms_key_service_account
       
         # Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648
-        # base64 to either encrypt or decrypt this resource.
+        # base64 to either encrypt or decrypt this resource. You can provide either the
+        # rawKey or the rsaEncryptedKey. For example: "rawKey": "
+        # SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="
         # Corresponds to the JSON property `rawKey`
         # @return [String]
         attr_accessor :raw_key
       
         # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied
-        # encryption key to either encrypt or decrypt this resource. The key must meet
-        # the following requirements before you can provide it to Compute Engine: 1. The
-        # key is wrapped using a RSA public key certificate provided by Google. 2. After
-        # being wrapped, the key must be encoded in RFC 4648 base64 encoding. Gets the
-        # RSA public key certificate provided by Google at: https://cloud-certs.storage.
-        # googleapis.com/google-cloud-csek-ingress.pem
+        # encryption key to either encrypt or decrypt this resource. You can provide
+        # either the rawKey or the rsaEncryptedKey. For example: "rsaEncryptedKey": "
+        # ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH
+        # z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD
+        # D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" The
+        # key must meet the following requirements before you can provide it to Compute
+        # Engine: 1. The key is wrapped using a RSA public key certificate provided by
+        # Google. 2. After being wrapped, the key must be encoded in RFC 4648 base64
+        # encoding. Gets the RSA public key certificate provided by Google at: https://
+        # cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem
         # Corresponds to the JSON property `rsaEncryptedKey`
         # @return [String]
         attr_accessor :rsa_encrypted_key
@@ -5540,7 +5572,8 @@ module Google
         attr_accessor :disk_encryption_key
       
         # Specifies a valid partial or full URL to an existing Persistent Disk resource.
-        # This field is only applicable for persistent disks.
+        # This field is only applicable for persistent disks. For example: "source": "/
+        # compute/v1/projects/project_id/zones/zone/disks/ disk_name
         # Corresponds to the JSON property `source`
         # @return [String]
         attr_accessor :source
@@ -7573,7 +7606,7 @@ module Google
         # Name of the resource; provided by the client when the resource is created. The
         # name must be 1-63 characters long, and comply with RFC1035. Specifically, the
         # name must be 1-63 characters long and match the regular expression `[a-z]([-a-
-        # z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all
+        # z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all
         # following characters (except for the last character) must be a dash, lowercase
         # letter, or digit. The last character must be a lowercase letter or digit.
         # Corresponds to the JSON property `name`
@@ -7948,7 +7981,7 @@ module Google
         attr_accessor :description
       
         # Deprecated, please use short name instead. User-provided name of the
-        # Organization firewall plicy. The name should be unique in the organization in
+        # Organization firewall policy. The name should be unique in the organization in
         # which the firewall policy is created. This name must be set on creation and
         # cannot be changed. The name must be 1-63 characters long, and comply with
         # RFC1035. Specifically, the name must be 1-63 characters long and match the
@@ -9234,31 +9267,31 @@ module Google
       
         # An Identity and Access Management (IAM) policy, which specifies access
         # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
-        # A `binding` binds one or more `members` to a single `role`. Members can be
-        # user accounts, service accounts, Google groups, and domains (such as G Suite).
-        # A `role` is a named list of permissions; each `role` can be an IAM predefined
-        # role or a user-created custom role. For some types of Google Cloud resources,
-        # a `binding` can also specify a `condition`, which is a logical expression that
-        # allows access to a resource only if the expression evaluates to `true`. A
-        # condition can add constraints based on attributes of the request, the resource,
-        # or both. To learn which resources support conditions in their IAM policies,
-        # see the [IAM documentation](https://cloud.google.com/iam/help/conditions/
-        # resource-policies). **JSON example:** ` "bindings": [ ` "role": "roles/
-        # resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "
-        # group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@
-        # appspot.gserviceaccount.com" ] `, ` "role": "roles/resourcemanager.
-        # organizationViewer", "members": [ "user:eve@example.com" ], "condition": ` "
-        # title": "expirable access", "description": "Does not grant access after Sep
-        # 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", `
-        # ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:** bindings: -
-        # members: - user:mike@example.com - group:admins@example.com - domain:google.
-        # com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/
-        # resourcemanager.organizationAdmin - members: - user:eve@example.com role:
-        # roles/resourcemanager.organizationViewer condition: title: expirable access
-        # description: Does not grant access after Sep 2020 expression: request.time <
-        # timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a
-        # description of IAM and its features, see the [IAM documentation](https://cloud.
-        # google.com/iam/docs/).
+        # A `binding` binds one or more `members`, or principals, to a single `role`.
+        # Principals can be user accounts, service accounts, Google groups, and domains (
+        # such as G Suite). A `role` is a named list of permissions; each `role` can be
+        # an IAM predefined role or a user-created custom role. For some types of Google
+        # Cloud resources, a `binding` can also specify a `condition`, which is a
+        # logical expression that allows access to a resource only if the expression
+        # evaluates to `true`. A condition can add constraints based on attributes of
+        # the request, the resource, or both. To learn which resources support
+        # conditions in their IAM policies, see the [IAM documentation](https://cloud.
+        # google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
+        # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
+        # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
+        # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
+        # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
+        # ], "condition": ` "title": "expirable access", "description": "Does not grant
+        # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
+        # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
+        # bindings: - members: - user:mike@example.com - group:admins@example.com -
+        # domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
+        # role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
+        # com role: roles/resourcemanager.organizationViewer condition: title: expirable
+        # access description: Does not grant access after Sep 2020 expression: request.
+        # time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
+        # a description of IAM and its features, see the [IAM documentation](https://
+        # cloud.google.com/iam/docs/).
         # Corresponds to the JSON property `policy`
         # @return [Google::Apis::ComputeBeta::Policy]
         attr_accessor :policy
@@ -9331,31 +9364,31 @@ module Google
       
         # An Identity and Access Management (IAM) policy, which specifies access
         # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
-        # A `binding` binds one or more `members` to a single `role`. Members can be
-        # user accounts, service accounts, Google groups, and domains (such as G Suite).
-        # A `role` is a named list of permissions; each `role` can be an IAM predefined
-        # role or a user-created custom role. For some types of Google Cloud resources,
-        # a `binding` can also specify a `condition`, which is a logical expression that
-        # allows access to a resource only if the expression evaluates to `true`. A
-        # condition can add constraints based on attributes of the request, the resource,
-        # or both. To learn which resources support conditions in their IAM policies,
-        # see the [IAM documentation](https://cloud.google.com/iam/help/conditions/
-        # resource-policies). **JSON example:** ` "bindings": [ ` "role": "roles/
-        # resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "
-        # group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@
-        # appspot.gserviceaccount.com" ] `, ` "role": "roles/resourcemanager.
-        # organizationViewer", "members": [ "user:eve@example.com" ], "condition": ` "
-        # title": "expirable access", "description": "Does not grant access after Sep
-        # 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", `
-        # ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:** bindings: -
-        # members: - user:mike@example.com - group:admins@example.com - domain:google.
-        # com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/
-        # resourcemanager.organizationAdmin - members: - user:eve@example.com role:
-        # roles/resourcemanager.organizationViewer condition: title: expirable access
-        # description: Does not grant access after Sep 2020 expression: request.time <
-        # timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a
-        # description of IAM and its features, see the [IAM documentation](https://cloud.
-        # google.com/iam/docs/).
+        # A `binding` binds one or more `members`, or principals, to a single `role`.
+        # Principals can be user accounts, service accounts, Google groups, and domains (
+        # such as G Suite). A `role` is a named list of permissions; each `role` can be
+        # an IAM predefined role or a user-created custom role. For some types of Google
+        # Cloud resources, a `binding` can also specify a `condition`, which is a
+        # logical expression that allows access to a resource only if the expression
+        # evaluates to `true`. A condition can add constraints based on attributes of
+        # the request, the resource, or both. To learn which resources support
+        # conditions in their IAM policies, see the [IAM documentation](https://cloud.
+        # google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
+        # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
+        # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
+        # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
+        # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
+        # ], "condition": ` "title": "expirable access", "description": "Does not grant
+        # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
+        # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
+        # bindings: - members: - user:mike@example.com - group:admins@example.com -
+        # domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
+        # role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
+        # com role: roles/resourcemanager.organizationViewer condition: title: expirable
+        # access description: Does not grant access after Sep 2020 expression: request.
+        # time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
+        # a description of IAM and its features, see the [IAM documentation](https://
+        # cloud.google.com/iam/docs/).
         # Corresponds to the JSON property `policy`
         # @return [Google::Apis::ComputeBeta::Policy]
         attr_accessor :policy
@@ -9477,8 +9510,11 @@ module Google
       class GuestOsFeature
         include Google::Apis::Core::Hashable
       
-        # The ID of a supported feature. Read Enabling guest operating system features
-        # to see a list of available options.
+        # The ID of a supported feature. To add multiple values, use commas to separate
+        # values. Set to one or more of the following values: - VIRTIO_SCSI_MULTIQUEUE -
+        # WINDOWS - MULTI_IP_SUBNET - UEFI_COMPATIBLE - SECURE_BOOT - GVNIC -
+        # SEV_CAPABLE - SUSPEND_RESUME_COMPATIBLE For more information, see Enabling
+        # guest operating system features.
         # Corresponds to the JSON property `type`
         # @return [String]
         attr_accessor :type
@@ -10638,7 +10674,8 @@ module Google
         # port numbers in the format host:port. * matches any string of ([a-z0-9-.]*).
         # In that case, * must be the first character and must be followed in the
         # pattern by either - or .. * based matching is not supported when the URL map
-        # is bound to target gRPC proxy that has validateForProxyless field set to true.
+        # is bound to a target gRPC proxy that has the validateForProxyless field set to
+        # true.
         # Corresponds to the JSON property `hosts`
         # @return [Array<String>]
         attr_accessor :hosts
@@ -10665,8 +10702,8 @@ module Google
       class HttpFaultAbort
         include Google::Apis::Core::Hashable
       
-        # The HTTP status code used to abort the request. The value must be between 200
-        # and 599 inclusive. For gRPC protocol, the gRPC status code is mapped to HTTP
+        # The HTTP status code used to abort the request. The value must be from 200 to
+        # 599 inclusive. For gRPC protocol, the gRPC status code is mapped to HTTP
         # status code according to this mapping table. HTTP status 200 is mapped to gRPC
         # status UNKNOWN. Injecting an OK status is currently not supported by Traffic
         # Director.
@@ -10674,8 +10711,8 @@ module Google
         # @return [Fixnum]
         attr_accessor :http_status
       
-        # The percentage of traffic (connections/operations/requests) which will be
-        # aborted as part of fault injection. The value must be between 0.0 and 100.0
+        # The percentage of traffic for connections, operations, or requests that is
+        # aborted as part of fault injection. The value must be from 0.0 to 100.0
         # inclusive.
         # Corresponds to the JSON property `percentage`
         # @return [Float]
@@ -10692,8 +10729,8 @@ module Google
         end
       end
       
-      # Specifies the delay introduced by Loadbalancer before forwarding the request
-      # to the backend service as part of fault injection.
+      # Specifies the delay introduced by the load balancer before forwarding the
+      # request to the backend service as part of fault injection.
       class HttpFaultDelay
         include Google::Apis::Core::Hashable
       
@@ -10705,9 +10742,9 @@ module Google
         # @return [Google::Apis::ComputeBeta::Duration]
         attr_accessor :fixed_delay
       
-        # The percentage of traffic (connections/operations/requests) on which delay
-        # will be introduced as part of fault injection. The value must be between 0.0
-        # and 100.0 inclusive.
+        # The percentage of traffic for connections, operations, or requests for which a
+        # delay is introduced as part of fault injection. The value must be from 0.0 to
+        # 100.0 inclusive.
         # Corresponds to the JSON property `percentage`
         # @return [Float]
         attr_accessor :percentage
@@ -10726,9 +10763,9 @@ module Google
       # The specification for fault injection introduced into traffic to test the
       # resiliency of clients to backend service failure. As part of fault injection,
       # when clients send requests to a backend service, delays can be introduced by
-      # Loadbalancer on a percentage of requests before sending those request to the
-      # backend service. Similarly requests from clients can be aborted by the
-      # Loadbalancer for a percentage of requests.
+      # the load balancer on a percentage of requests before sending those request to
+      # the backend service. Similarly requests from clients can be aborted by the
+      # load balancer for a percentage of requests.
       class HttpFaultInjection
         include Google::Apis::Core::Hashable
       
@@ -10737,8 +10774,8 @@ module Google
         # @return [Google::Apis::ComputeBeta::HttpFaultAbort]
         attr_accessor :abort
       
-        # Specifies the delay introduced by Loadbalancer before forwarding the request
-        # to the backend service as part of fault injection.
+        # Specifies the delay introduced by the load balancer before forwarding the
+        # request to the backend service as part of fault injection.
         # Corresponds to the JSON property `delay`
         # @return [Google::Apis::ComputeBeta::HttpFaultDelay]
         attr_accessor :delay
@@ -10796,25 +10833,25 @@ module Google
       class HttpHeaderAction
         include Google::Apis::Core::Hashable
       
-        # Headers to add to a matching request prior to forwarding the request to the
+        # Headers to add to a matching request before forwarding the request to the
         # backendService.
         # Corresponds to the JSON property `requestHeadersToAdd`
         # @return [Array<Google::Apis::ComputeBeta::HttpHeaderOption>]
         attr_accessor :request_headers_to_add
       
         # A list of header names for headers that need to be removed from the request
-        # prior to forwarding the request to the backendService.
+        # before forwarding the request to the backendService.
         # Corresponds to the JSON property `requestHeadersToRemove`
         # @return [Array<String>]
         attr_accessor :request_headers_to_remove
       
-        # Headers to add the response prior to sending the response back to the client.
+        # Headers to add the response before sending the response back to the client.
         # Corresponds to the JSON property `responseHeadersToAdd`
         # @return [Array<Google::Apis::ComputeBeta::HttpHeaderOption>]
         attr_accessor :response_headers_to_add
       
         # A list of header names for headers that need to be removed from the response
-        # prior to sending the response back to the client.
+        # before sending the response back to the client.
         # Corresponds to the JSON property `responseHeadersToRemove`
         # @return [Array<String>]
         attr_accessor :response_headers_to_remove
@@ -10844,21 +10881,21 @@ module Google
       
         # The name of the HTTP header to match. For matching against the HTTP request's
         # authority, use a headerMatch with the header name ":authority". For matching a
-        # request's method, use the headerName ":method". When the URL map is bound to
-        # target gRPC proxy that has validateForProxyless field set to true, only non-
-        # binary user-specified custom metadata and the `content-type` header are
+        # request's method, use the headerName ":method". When the URL map is bound to a
+        # target gRPC proxy that has the validateForProxyless field set to true, only
+        # non-binary user-specified custom metadata and the `content-type` header are
         # supported. The following transport-level headers cannot be used in header
         # matching rules: `:authority`, `:method`, `:path`, `:scheme`, `user-agent`, `
         # accept-encoding`, `content-encoding`, `grpc-accept-encoding`, `grpc-encoding`,
         # `grpc-previous-rpc-attempts`, `grpc-tags-bin`, `grpc-timeout` and `grpc-trace-
-        # bin.
+        # bin`.
         # Corresponds to the JSON property `headerName`
         # @return [String]
         attr_accessor :header_name
       
-        # If set to false, the headerMatch is considered a match if the match criteria
-        # above are met. If set to true, the headerMatch is considered a match if the
-        # match criteria above are NOT met. The default setting is false.
+        # If set to false, the headerMatch is considered a match if the preceding match
+        # criteria are met. If set to true, the headerMatch is considered a match if the
+        # preceding match criteria are NOT met. The default setting is false.
         # Corresponds to the JSON property `invertMatch`
         # @return [Boolean]
         attr_accessor :invert_match
@@ -10886,13 +10923,13 @@ module Google
         attr_accessor :range_match
       
         # The value of the header must match the regular expression specified in
-        # regexMatch. For regular expression grammar, please see: github.com/google/re2/
-        # wiki/Syntax For matching against a port specified in the HTTP request, use a
-        # headerMatch with headerName set to PORT and a regular expression that
-        # satisfies the RFC2616 Host header's port specifier. Only one of exactMatch,
-        # prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.
-        # Note that regexMatch only applies to Loadbalancers that have their
-        # loadBalancingScheme set to INTERNAL_SELF_MANAGED.
+        # regexMatch. For more information about regular expression syntax, see Syntax.
+        # For matching against a port specified in the HTTP request, use a headerMatch
+        # with headerName set to PORT and a regular expression that satisfies the
+        # RFC2616 Host header's port specifier. Only one of exactMatch, prefixMatch,
+        # suffixMatch, regexMatch, presentMatch or rangeMatch must be set. regexMatch
+        # only applies to load balancers that have loadBalancingScheme set to
+        # INTERNAL_SELF_MANAGED.
         # Corresponds to the JSON property `regexMatch`
         # @return [String]
         attr_accessor :regex_match
@@ -11187,8 +11224,8 @@ module Google
         include Google::Apis::Core::Hashable
       
         # The queryParameterMatch matches if the value of the parameter exactly matches
-        # the contents of exactMatch. Only one of presentMatch, exactMatch or regexMatch
-        # must be set.
+        # the contents of exactMatch. Only one of presentMatch, exactMatch, or
+        # regexMatch must be set.
         # Corresponds to the JSON property `exactMatch`
         # @return [String]
         attr_accessor :exact_match
@@ -11201,17 +11238,17 @@ module Google
       
         # Specifies that the queryParameterMatch matches if the request contains the
         # query parameter, irrespective of whether the parameter has a value or not.
-        # Only one of presentMatch, exactMatch or regexMatch must be set.
+        # Only one of presentMatch, exactMatch, or regexMatch must be set.
         # Corresponds to the JSON property `presentMatch`
         # @return [Boolean]
         attr_accessor :present_match
         alias_method :present_match?, :present_match
       
         # The queryParameterMatch matches if the value of the parameter matches the
-        # regular expression specified by regexMatch. For the regular expression grammar,
-        # please see github.com/google/re2/wiki/Syntax Only one of presentMatch,
-        # exactMatch or regexMatch must be set. Note that regexMatch only applies when
-        # the loadBalancingScheme is set to INTERNAL_SELF_MANAGED.
+        # regular expression specified by regexMatch. For more information about regular
+        # expression syntax, see Syntax. Only one of presentMatch, exactMatch, or
+        # regexMatch must be set. regexMatch only applies when the loadBalancingScheme
+        # is set to INTERNAL_SELF_MANAGED.
         # Corresponds to the JSON property `regexMatch`
         # @return [String]
         attr_accessor :regex_match
@@ -11233,15 +11270,15 @@ module Google
       class HttpRedirectAction
         include Google::Apis::Core::Hashable
       
-        # The host that will be used in the redirect response instead of the one that
-        # was supplied in the request. The value must be between 1 and 255 characters.
+        # The host that is used in the redirect response instead of the one that was
+        # supplied in the request. The value must be from 1 to 255 characters.
         # Corresponds to the JSON property `hostRedirect`
         # @return [String]
         attr_accessor :host_redirect
       
-        # If set to true, the URL scheme in the redirected request is set to https. If
-        # set to false, the URL scheme of the redirected request will remain the same as
-        # that of the request. This must only be set for UrlMaps used in
+        # If set to true, the URL scheme in the redirected request is set to HTTPS. If
+        # set to false, the URL scheme of the redirected request remains the same as
+        # that of the request. This must only be set for URL maps used in
         # TargetHttpProxys. Setting this true for TargetHttpsProxy is not permitted. The
         # default is set to false.
         # Corresponds to the JSON property `httpsRedirect`
@@ -11249,11 +11286,11 @@ module Google
         attr_accessor :https_redirect
         alias_method :https_redirect?, :https_redirect
       
-        # The path that will be used in the redirect response instead of the one that
-        # was supplied in the request. pathRedirect cannot be supplied together with
+        # The path that is used in the redirect response instead of the one that was
+        # supplied in the request. pathRedirect cannot be supplied together with
         # prefixRedirect. Supply one alone or neither. If neither is supplied, the path
-        # of the original request will be used for the redirect. The value must be
-        # between 1 and 1024 characters.
+        # of the original request is used for the redirect. The value must be from 1 to
+        # 1024 characters.
         # Corresponds to the JSON property `pathRedirect`
         # @return [String]
         attr_accessor :path_redirect
@@ -11261,8 +11298,8 @@ module Google
         # The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,
         # retaining the remaining portion of the URL before redirecting the request.
         # prefixRedirect cannot be supplied together with pathRedirect. Supply one alone
-        # or neither. If neither is supplied, the path of the original request will be
-        # used for the redirect. The value must be between 1 and 1024 characters.
+        # or neither. If neither is supplied, the path of the original request is used
+        # for the redirect. The value must be from 1 to 1024 characters.
         # Corresponds to the JSON property `prefixRedirect`
         # @return [String]
         attr_accessor :prefix_redirect
@@ -11271,14 +11308,14 @@ module Google
         # MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. -
         # FOUND, which corresponds to 302. - SEE_OTHER which corresponds to 303. -
         # TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method
-        # will be retained. - PERMANENT_REDIRECT, which corresponds to 308. In this case,
-        # the request method will be retained.
+        # is retained. - PERMANENT_REDIRECT, which corresponds to 308. In this case, the
+        # request method is retained.
         # Corresponds to the JSON property `redirectResponseCode`
         # @return [String]
         attr_accessor :redirect_response_code
       
         # If set to true, any accompanying query portion of the original URL is removed
-        # prior to redirecting the request. If set to false, the query portion of the
+        # before redirecting the request. If set to false, the query portion of the
         # original URL is retained. The default is set to false.
         # Corresponds to the JSON property `stripQuery`
         # @return [Boolean]
@@ -11319,25 +11356,27 @@ module Google
         attr_accessor :per_try_timeout
       
         # Specifies one or more conditions when this retry policy applies. Valid values
-        # are: - 5xx: Retry will be attempted if the instance or endpoint responds with
-        # any 5xx response code, or if the instance or endpoint does not respond at all,
-        # example: disconnects, reset, read timeout, connection failure, and refused
+        # are: - 5xx: retry is attempted if the instance or endpoint responds with any
+        # 5xx response code, or if the instance or endpoint does not respond at all. For
+        # example, disconnects, reset, read timeout, connection failure, and refused
         # streams. - gateway-error: Similar to 5xx, but only applies to response codes
-        # 502, 503 or 504. - - connect-failure: A retry will be attempted on failures
-        # connecting to the instance or endpoint, for example due to connection timeouts.
-        # - retriable-4xx: A retry will be attempted if the instance or endpoint
-        # responds with a retriable 4xx response code. Currently the only retriable
-        # error supported is 409. - refused-stream: A retry will be attempted if the
-        # instance or endpoint resets the stream with a REFUSED_STREAM error code. This
-        # reset type indicates that it is safe to retry. - cancelled: A retry will be
-        # attempted if the gRPC status code in the response header is set to cancelled. -
-        # deadline-exceeded: A retry will be attempted if the gRPC status code in the
-        # response header is set to deadline-exceeded. - internal: A retry will be
-        # attempted if the gRPC status code in the response header is set to internal. -
-        # resource-exhausted: A retry will be attempted if the gRPC status code in the
-        # response header is set to resource-exhausted. - unavailable: A retry will be
-        # attempted if the gRPC status code in the response header is set to unavailable.
-        # 
+        # 502, 503 or 504. - connect-failure: a retry is attempted on failures
+        # connecting to the instance or endpoint. For example, connection timeouts. -
+        # retriable-4xx: a retry is attempted if the instance or endpoint responds with
+        # a 4xx response code. The only error that you can retry is error code 409. -
+        # refused-stream: a retry is attempted if the instance or endpoint resets the
+        # stream with a REFUSED_STREAM error code. This reset type indicates that it is
+        # safe to retry. - cancelled: a retry is attempted if the gRPC status code in
+        # the response header is set to cancelled. - deadline-exceeded: a retry is
+        # attempted if the gRPC status code in the response header is set to deadline-
+        # exceeded. - internal: a retry is attempted if the gRPC status code in the
+        # response header is set to internal. - resource-exhausted: a retry is attempted
+        # if the gRPC status code in the response header is set to resource-exhausted. -
+        # unavailable: a retry is attempted if the gRPC status code in the response
+        # header is set to unavailable. Only the following codes are supported when the
+        # URL map is bound to target gRPC proxy that has validateForProxyless field set
+        # to true. - cancelled - deadline-exceeded - internal - resource-exhausted -
+        # unavailable
         # Corresponds to the JSON property `retryConditions`
         # @return [Array<String>]
         attr_accessor :retry_conditions
@@ -11358,8 +11397,9 @@ module Google
       class HttpRouteAction
         include Google::Apis::Core::Hashable
       
-        # The specification for allowing client side cross-origin requests. Please see
-        # W3C Recommendation for Cross Origin Resource Sharing
+        # The specification for allowing client-side cross-origin requests. For more
+        # information about the W3C recommendation for cross-origin resource sharing (
+        # CORS), see Fetch API Living Standard.
         # Corresponds to the JSON property `corsPolicy`
         # @return [Google::Apis::ComputeBeta::CorsPolicy]
         attr_accessor :cors_policy
@@ -11367,9 +11407,9 @@ module Google
         # The specification for fault injection introduced into traffic to test the
         # resiliency of clients to backend service failure. As part of fault injection,
         # when clients send requests to a backend service, delays can be introduced by
-        # Loadbalancer on a percentage of requests before sending those request to the
-        # backend service. Similarly requests from clients can be aborted by the
-        # Loadbalancer for a percentage of requests.
+        # the load balancer on a percentage of requests before sending those request to
+        # the backend service. Similarly requests from clients can be aborted by the
+        # load balancer for a percentage of requests.
         # Corresponds to the JSON property `faultInjectionPolicy`
         # @return [Google::Apis::ComputeBeta::HttpFaultInjection]
         attr_accessor :fault_injection_policy
@@ -11383,9 +11423,9 @@ module Google
         attr_accessor :max_stream_duration
       
         # A policy that specifies how requests intended for the route's backends are
-        # shadowed to a separate mirrored backend service. Loadbalancer does not wait
-        # for responses from the shadow service. Prior to sending traffic to the shadow
-        # service, the host / authority header is suffixed with -shadow.
+        # shadowed to a separate mirrored backend service. The load balancer doesn't
+        # wait for responses from the shadow service. Before sending traffic to the
+        # shadow service, the host or authority header is suffixed with -shadow.
         # Corresponds to the JSON property `requestMirrorPolicy`
         # @return [Google::Apis::ComputeBeta::RequestMirrorPolicy]
         attr_accessor :request_mirror_policy
@@ -11413,7 +11453,7 @@ module Google
         # occurs. The weights determine the fraction of traffic that flows to their
         # corresponding backend service. If all traffic needs to go to a single backend
         # service, there must be one weightedBackendService with weight set to a non-
-        # zero number. Once a backendService is identified and before forwarding the
+        # zero number. After a backend service is identified and before forwarding the
         # request to the backend service, advanced routing actions such as URL rewrites
         # and header transformations are applied depending on additional settings
         # specified in this HttpRouteAction.
@@ -11438,8 +11478,8 @@ module Google
         end
       end
       
-      # An HttpRouteRule specifies how to match an HTTP request and the corresponding
-      # routing action that load balancing proxies will perform.
+      # The HttpRouteRule setting specifies how to match an HTTP request and the
+      # corresponding routing action that load balancing proxies perform.
       class HttpRouteRule
         include Google::Apis::Core::Hashable
       
@@ -11456,9 +11496,9 @@ module Google
         attr_accessor :header_action
       
         # Outbound route specific configuration for networkservices.HttpFilter resources
-        # enabled by Traffic Director. httpFilterConfigs only applies for Loadbalancers
+        # enabled by Traffic Director. httpFilterConfigs only applies for load balancers
         # with loadBalancingScheme set to INTERNAL_SELF_MANAGED. See ForwardingRule for
-        # more details. Not supported when the URL map is bound to target gRPC proxy
+        # more details. Not supported when the URL map is bound to a target gRPC proxy
         # that has validateForProxyless field set to true.
         # Corresponds to the JSON property `httpFilterConfigs`
         # @return [Array<Google::Apis::ComputeBeta::HttpFilterConfig>]
@@ -11466,10 +11506,10 @@ module Google
       
         # Outbound route specific metadata supplied to networkservices.HttpFilter
         # resources enabled by Traffic Director. httpFilterMetadata only applies for
-        # Loadbalancers with loadBalancingScheme set to INTERNAL_SELF_MANAGED. See
+        # load balancers with loadBalancingScheme set to INTERNAL_SELF_MANAGED. See
         # ForwardingRule for more details. The only configTypeUrl supported is type.
         # googleapis.com/google.protobuf.Struct Not supported when the URL map is bound
-        # to target gRPC proxy that has validateForProxyless field set to true.
+        # to a target gRPC proxy that has validateForProxyless field set to true.
         # Corresponds to the JSON property `httpFilterMetadata`
         # @return [Array<Google::Apis::ComputeBeta::HttpFilterConfig>]
         attr_accessor :http_filter_metadata
@@ -11484,11 +11524,11 @@ module Google
         attr_accessor :match_rules
       
         # For routeRules within a given pathMatcher, priority determines the order in
-        # which load balancer will interpret routeRules. RouteRules are evaluated in
-        # order of priority, from the lowest to highest number. The priority of a rule
+        # which a load balancer interprets routeRules. RouteRules are evaluated in order
+        # of priority, from the lowest to highest number. The priority of a rule
         # decreases as its number increases (1, 2, 3, N+1). The first rule that matches
         # the request is applied. You cannot configure two or more routeRules with the
-        # same priority. Priority for each rule must be set to a number between 0 and
+        # same priority. Priority for each rule must be set to a number from 0 to
         # 2147483647 inclusive. Priority numbers can have gaps, which enable you to add
         # or remove rules in the future without affecting the rest of the rules. For
         # example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to
@@ -11499,24 +11539,24 @@ module Google
         attr_accessor :priority
       
         # In response to a matching matchRule, the load balancer performs advanced
-        # routing actions like URL rewrites, header transformations, etc. prior to
+        # routing actions, such as URL rewrites and header transformations, before
         # forwarding the request to the selected backend. If routeAction specifies any
         # weightedBackendServices, service must not be set. Conversely if service is set,
         # routeAction cannot contain any weightedBackendServices. Only one of
         # urlRedirect, service or routeAction.weightedBackendService must be set.
         # UrlMaps for external HTTP(S) load balancers support only the urlRewrite action
-        # within a routeRule's routeAction.
+        # within a route rule's routeAction.
         # Corresponds to the JSON property `routeAction`
         # @return [Google::Apis::ComputeBeta::HttpRouteAction]
         attr_accessor :route_action
       
         # The full or partial URL of the backend service resource to which traffic is
-        # directed if this rule is matched. If routeAction is additionally specified,
-        # advanced routing actions like URL Rewrites, etc. take effect prior to sending
-        # the request to the backend. However, if service is specified, routeAction
-        # cannot contain any weightedBackendService s. Conversely, if routeAction
-        # specifies any weightedBackendServices, service must not be specified. Only one
-        # of urlRedirect, service or routeAction.weightedBackendService must be set.
+        # directed if this rule is matched. If routeAction is also specified, advanced
+        # routing actions, such as URL rewrites, take effect before sending the request
+        # to the backend. However, if service is specified, routeAction cannot contain
+        # any weightedBackendServices. Conversely, if routeAction specifies any
+        # weightedBackendServices, service must not be specified. Only one of
+        # urlRedirect, service or routeAction.weightedBackendService must be set.
         # Corresponds to the JSON property `service`
         # @return [String]
         attr_accessor :service
@@ -11551,9 +11591,9 @@ module Google
       
         # For satisfying the matchRule condition, the path of the request must exactly
         # match the value specified in fullPathMatch after removing any query parameters
-        # and anchor that may be part of the original URL. fullPathMatch must be between
-        # 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch
-        # must be specified.
+        # and anchor that may be part of the original URL. fullPathMatch must be from 1
+        # to 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must
+        # be specified.
         # Corresponds to the JSON property `fullPathMatch`
         # @return [String]
         attr_accessor :full_path_match
@@ -11566,53 +11606,52 @@ module Google
       
         # Specifies that prefixMatch and fullPathMatch matches are case sensitive. The
         # default value is false. ignoreCase must not be used with regexMatch. Not
-        # supported when the URL map is bound to target gRPC proxy.
+        # supported when the URL map is bound to a target gRPC proxy.
         # Corresponds to the JSON property `ignoreCase`
         # @return [Boolean]
         attr_accessor :ignore_case
         alias_method :ignore_case?, :ignore_case
       
-        # Opaque filter criteria used by Loadbalancer to restrict routing configuration
-        # to a limited set of xDS compliant clients. In their xDS requests to
-        # Loadbalancer, xDS clients present node metadata. When there is a match, the
-        # relevant routing configuration is made available to those proxies. For each
-        # metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY,
-        # at least one of the filterLabels must match the corresponding label provided
-        # in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of
-        # its filterLabels must match with corresponding labels provided in the metadata.
-        # If multiple metadataFilters are specified, all of them need to be satisfied
-        # in order to be considered a match. metadataFilters specified here will be
+        # Opaque filter criteria used by the load balancer to restrict routing
+        # configuration to a limited set of xDS compliant clients. In their xDS requests
+        # to the load balancer, xDS clients present node metadata. When there is a match,
+        # the relevant routing configuration is made available to those proxies. For
+        # each metadataFilter in this list, if its filterMatchCriteria is set to
+        # MATCH_ANY, at least one of the filterLabels must match the corresponding label
+        # provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then
+        # all of its filterLabels must match with corresponding labels provided in the
+        # metadata. If multiple metadata filters are specified, all of them need to be
+        # satisfied in order to be considered a match. metadataFilters specified here is
         # applied after those specified in ForwardingRule that refers to the UrlMap this
-        # HttpRouteRuleMatch belongs to. metadataFilters only applies to Loadbalancers
-        # that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Not
-        # supported when the URL map is bound to target gRPC proxy that has
-        # validateForProxyless field set to true.
+        # HttpRouteRuleMatch belongs to. metadataFilters only applies to load balancers
+        # that have loadBalancingScheme set to INTERNAL_SELF_MANAGED. Not supported when
+        # the URL map is bound to a target gRPC proxy that has validateForProxyless
+        # field set to true.
         # Corresponds to the JSON property `metadataFilters`
         # @return [Array<Google::Apis::ComputeBeta::MetadataFilter>]
         attr_accessor :metadata_filters
       
         # For satisfying the matchRule condition, the request's path must begin with the
-        # specified prefixMatch. prefixMatch must begin with a /. The value must be
-        # between 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or
-        # regexMatch must be specified.
+        # specified prefixMatch. prefixMatch must begin with a /. The value must be from
+        # 1 to 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch
+        # must be specified.
         # Corresponds to the JSON property `prefixMatch`
         # @return [String]
         attr_accessor :prefix_match
       
         # Specifies a list of query parameter match criteria, all of which must match
         # corresponding query parameters in the request. Not supported when the URL map
-        # is bound to target gRPC proxy.
+        # is bound to a target gRPC proxy.
         # Corresponds to the JSON property `queryParameterMatches`
         # @return [Array<Google::Apis::ComputeBeta::HttpQueryParameterMatch>]
         attr_accessor :query_parameter_matches
       
         # For satisfying the matchRule condition, the path of the request must satisfy
         # the regular expression specified in regexMatch after removing any query
-        # parameters and anchor supplied with the original URL. For regular expression
-        # grammar please see github.com/google/re2/wiki/Syntax Only one of prefixMatch,
-        # fullPathMatch or regexMatch must be specified. Note that regexMatch only
-        # applies to Loadbalancers that have their loadBalancingScheme set to
-        # INTERNAL_SELF_MANAGED.
+        # parameters and anchor supplied with the original URL. For more information
+        # about regular expression syntax, see Syntax. Only one of prefixMatch,
+        # fullPathMatch or regexMatch must be specified. regexMatch only applies to load
+        # balancers that have loadBalancingScheme set to INTERNAL_SELF_MANAGED.
         # Corresponds to the JSON property `regexMatch`
         # @return [String]
         attr_accessor :regex_match
@@ -11900,8 +11939,8 @@ module Google
         attr_accessor :family
       
         # A list of features to enable on the guest operating system. Applicable only
-        # for bootable images. Read Enabling guest operating system features to see a
-        # list of available options.
+        # for bootable images. To see a list of available options, see the
+        # guestOSfeatures[].type parameter.
         # Corresponds to the JSON property `guestOsFeatures`
         # @return [Array<Google::Apis::ComputeBeta::GuestOsFeature>]
         attr_accessor :guest_os_features
@@ -15318,7 +15357,7 @@ module Google
         # @return [Array<Google::Apis::ComputeBeta::NetworkInterface>]
         attr_accessor :network_interfaces
       
-        # 
+        # Note that for MachineImage, this is not supported yet.
         # Corresponds to the JSON property `networkPerformanceConfig`
         # @return [Google::Apis::ComputeBeta::NetworkPerformanceConfig]
         attr_accessor :network_performance_config
@@ -15329,7 +15368,8 @@ module Google
         attr_accessor :post_key_revocation_action_type
       
         # The private IPv6 google access type for VMs. If not specified, use
-        # INHERIT_FROM_SUBNETWORK as default.
+        # INHERIT_FROM_SUBNETWORK as default. Note that for MachineImage, this is not
+        # supported yet.
         # Corresponds to the JSON property `privateIpv6GoogleAccess`
         # @return [String]
         attr_accessor :private_ipv6_google_access
@@ -15340,7 +15380,7 @@ module Google
         attr_accessor :reservation_affinity
       
         # Resource policies (names, not ULRs) applied to instances created from these
-        # properties.
+        # properties. Note that for MachineImage, this is not supported yet.
         # Corresponds to the JSON property `resourcePolicies`
         # @return [Array<String>]
         attr_accessor :resource_policies
@@ -16264,6 +16304,14 @@ module Google
         # @return [Fixnum]
         attr_accessor :requested_link_count
       
+        # [Output Only] Set to true if the resource satisfies the zone separation
+        # organization policy constraints and false otherwise. Defaults to false if the
+        # field is not present.
+        # Corresponds to the JSON property `satisfiesPzs`
+        # @return [Boolean]
+        attr_accessor :satisfies_pzs
+        alias_method :satisfies_pzs?, :satisfies_pzs
+      
         # [Output Only] Server-defined URL for the resource.
         # Corresponds to the JSON property `selfLink`
         # @return [String]
@@ -16308,6 +16356,7 @@ module Google
           @peer_ip_address = args[:peer_ip_address] if args.key?(:peer_ip_address)
           @provisioned_link_count = args[:provisioned_link_count] if args.key?(:provisioned_link_count)
           @requested_link_count = args[:requested_link_count] if args.key?(:requested_link_count)
+          @satisfies_pzs = args[:satisfies_pzs] if args.key?(:satisfies_pzs)
           @self_link = args[:self_link] if args.key?(:self_link)
           @state = args[:state] if args.key?(:state)
         end
@@ -16533,6 +16582,14 @@ module Google
         # @return [String]
         attr_accessor :router
       
+        # [Output Only] Set to true if the resource satisfies the zone separation
+        # organization policy constraints and false otherwise. Defaults to false if the
+        # field is not present.
+        # Corresponds to the JSON property `satisfiesPzs`
+        # @return [Boolean]
+        attr_accessor :satisfies_pzs
+        alias_method :satisfies_pzs?, :satisfies_pzs
+      
         # [Output Only] Server-defined URL for the resource.
         # Corresponds to the JSON property `selfLink`
         # @return [String]
@@ -16604,6 +16661,7 @@ module Google
           @private_interconnect_info = args[:private_interconnect_info] if args.key?(:private_interconnect_info)
           @region = args[:region] if args.key?(:region)
           @router = args[:router] if args.key?(:router)
+          @satisfies_pzs = args[:satisfies_pzs] if args.key?(:satisfies_pzs)
           @self_link = args[:self_link] if args.key?(:self_link)
           @state = args[:state] if args.key?(:state)
           @type = args[:type] if args.key?(:type)
@@ -17431,6 +17489,13 @@ module Google
         # @return [String]
         attr_accessor :status
       
+        # [Output Only] Set to true for locations that support physical zone separation.
+        # Defaults to false if the field is not present.
+        # Corresponds to the JSON property `supportsPzs`
+        # @return [Boolean]
+        attr_accessor :supports_pzs
+        alias_method :supports_pzs?, :supports_pzs
+      
         def initialize(**args)
            update!(**args)
         end
@@ -17452,6 +17517,7 @@ module Google
           @region_infos = args[:region_infos] if args.key?(:region_infos)
           @self_link = args[:self_link] if args.key?(:self_link)
           @status = args[:status] if args.key?(:status)
+          @supports_pzs = args[:supports_pzs] if args.key?(:supports_pzs)
         end
       end
       
@@ -18098,6 +18164,11 @@ module Google
         # @return [Hash<String,Google::Apis::ComputeBeta::LocationPolicyLocation>]
         attr_accessor :locations
       
+        # Strategy for distributing VMs across zones in a region.
+        # Corresponds to the JSON property `targetShape`
+        # @return [String]
+        attr_accessor :target_shape
+      
         def initialize(**args)
            update!(**args)
         end
@@ -18105,6 +18176,7 @@ module Google
         # Update properties of this object
         def update!(**args)
           @locations = args[:locations] if args.key?(:locations)
+          @target_shape = args[:target_shape] if args.key?(:target_shape)
         end
       end
       
@@ -19256,18 +19328,18 @@ module Google
         end
       end
       
-      # Opaque filter criteria used by loadbalancers to restrict routing configuration
-      # to a limited set of loadbalancing proxies. Proxies and sidecars involved in
-      # loadbalancing would typically present metadata to the loadbalancers which need
-      # to match criteria specified here. If a match takes place, the relevant
-      # configuration is made available to those proxies. For each metadataFilter in
-      # this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the
-      # filterLabels must match the corresponding label provided in the metadata. If
-      # its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must
-      # match with corresponding labels provided in the metadata. An example for using
-      # metadataFilters would be: if loadbalancing involves Envoys, they will only
-      # receive routing configuration when values in metadataFilters match values
-      # supplied in of their XDS requests to loadbalancers.
+      # Opaque filter criteria used by load balancers to restrict routing
+      # configuration to a limited set of load balancing proxies. Proxies and sidecars
+      # involved in load balancing would typically present metadata to the load
+      # balancers that need to match criteria specified here. If a match takes place,
+      # the relevant configuration is made available to those proxies. For each
+      # metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY,
+      # at least one of the filterLabels must match the corresponding label provided
+      # in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of
+      # its filterLabels must match with corresponding labels provided in the metadata.
+      # An example for using metadataFilters would be: if load balancing involves
+      # Envoys, they receive routing configuration when values in metadataFilters
+      # match values supplied in of their XDS requests to loadbalancers.
       class MetadataFilter
         include Google::Apis::Core::Hashable
       
@@ -19278,11 +19350,11 @@ module Google
         # @return [Array<Google::Apis::ComputeBeta::MetadataFilterLabelMatch>]
         attr_accessor :filter_labels
       
-        # Specifies how individual filterLabel matches within the list of filterLabels
-        # contribute towards the overall metadataFilter match. Supported values are: -
-        # MATCH_ANY: At least one of the filterLabels must have a matching label in the
-        # provided metadata. - MATCH_ALL: All filterLabels must have matching labels in
-        # the provided metadata.
+        # Specifies how individual filter label matches within the list of filterLabels
+        # and contributes toward the overall metadataFilter match. Supported values are:
+        # - MATCH_ANY: at least one of the filterLabels must have a matching label in
+        # the provided metadata. - MATCH_ALL: all filterLabels must have matching labels
+        # in the provided metadata.
         # Corresponds to the JSON property `filterMatchCriteria`
         # @return [String]
         attr_accessor :filter_match_criteria
@@ -19299,7 +19371,7 @@ module Google
       end
       
       # MetadataFilter label name value pairs that are expected to match corresponding
-      # labels presented as metadata to the loadbalancer.
+      # labels presented as metadata to the load balancer.
       class MetadataFilterLabelMatch
         include Google::Apis::Core::Hashable
       
@@ -20510,14 +20582,15 @@ module Google
         # @return [String]
         attr_accessor :name
       
-        # URL of the network resource for this instance. When creating an instance, if
-        # neither the network nor the subnetwork is specified, the default network
-        # global/networks/default is used; if the network is not specified but the
-        # subnetwork is specified, the network is inferred. If you specify this property,
-        # you can specify the network as a full or partial URL. For example, the
-        # following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/
-        # project/global/networks/ network - projects/project/global/networks/network -
-        # global/networks/default
+        # URL of the VPC network resource for this instance. When creating an instance,
+        # if neither the network nor the subnetwork is specified, the default network
+        # global/networks/default is used. If the selected project doesn't have the
+        # default network, you must specify a network or subnet. If the network is not
+        # specified but the subnetwork is specified, the network is inferred. If you
+        # specify this property, you can specify the network as a full or partial URL.
+        # For example, the following are all valid URLs: - https://www.googleapis.com/
+        # compute/v1/projects/project/global/networks/ network - projects/project/global/
+        # networks/network - global/networks/default
         # Corresponds to the JSON property `network`
         # @return [String]
         attr_accessor :network
@@ -20726,7 +20799,8 @@ module Google
         attr_accessor :exchange_subnet_routes
         alias_method :exchange_subnet_routes?, :exchange_subnet_routes
       
-        # Whether to export the custom routes to peer network.
+        # Whether to export the custom routes to peer network. The default value is
+        # false.
         # Corresponds to the JSON property `exportCustomRoutes`
         # @return [Boolean]
         attr_accessor :export_custom_routes
@@ -20740,7 +20814,8 @@ module Google
         attr_accessor :export_subnet_routes_with_public_ip
         alias_method :export_subnet_routes_with_public_ip?, :export_subnet_routes_with_public_ip
       
-        # Whether to import the custom routes from peer network.
+        # Whether to import the custom routes from peer network. The default value is
+        # false.
         # Corresponds to the JSON property `importCustomRoutes`
         # @return [Boolean]
         attr_accessor :import_custom_routes
@@ -24426,37 +24501,37 @@ module Google
       
       # A matcher for the path portion of the URL. The BackendService from the longest-
       # matched rule will serve the URL. If no rule was matched, the default service
-      # will be used.
+      # is used.
       class PathMatcher
         include Google::Apis::Core::Hashable
       
         # defaultRouteAction takes effect when none of the pathRules or routeRules match.
-        # The load balancer performs advanced routing actions like URL rewrites, header
-        # transformations, etc. prior to forwarding the request to the selected backend.
+        # The load balancer performs advanced routing actions, such as URL rewrites and
+        # header transformations, before forwarding the request to the selected backend.
         # If defaultRouteAction specifies any weightedBackendServices, defaultService
         # must not be set. Conversely if defaultService is set, defaultRouteAction
         # cannot contain any weightedBackendServices. Only one of defaultRouteAction or
         # defaultUrlRedirect must be set. UrlMaps for external HTTP(S) load balancers
-        # support only the urlRewrite action within a pathMatcher's defaultRouteAction.
+        # support only the urlRewrite action within a path matcher's defaultRouteAction.
         # Corresponds to the JSON property `defaultRouteAction`
         # @return [Google::Apis::ComputeBeta::HttpRouteAction]
         attr_accessor :default_route_action
       
-        # The full or partial URL to the BackendService resource. This will be used if
+        # The full or partial URL to the BackendService resource. This URL is used if
         # none of the pathRules or routeRules defined by this PathMatcher are matched.
         # For example, the following are all valid URLs to a BackendService resource: -
         # https://www.googleapis.com/compute/v1/projects/project /global/backendServices/
         # backendService - compute/v1/projects/project/global/backendServices/
         # backendService - global/backendServices/backendService If defaultRouteAction
-        # is additionally specified, advanced routing actions like URL Rewrites, etc.
-        # take effect prior to sending the request to the backend. However, if
-        # defaultService is specified, defaultRouteAction cannot contain any
-        # weightedBackendServices. Conversely, if defaultRouteAction specifies any
-        # weightedBackendServices, defaultService must not be specified. Only one of
-        # defaultService, defaultUrlRedirect or defaultRouteAction.
-        # weightedBackendService must be set. Authorization requires one or more of the
-        # following Google IAM permissions on the specified resource default_service: -
-        # compute.backendBuckets.use - compute.backendServices.use
+        # is also specified, advanced routing actions, such as URL rewrites, take effect
+        # before sending the request to the backend. However, if defaultService is
+        # specified, defaultRouteAction cannot contain any weightedBackendServices.
+        # Conversely, if defaultRouteAction specifies any weightedBackendServices,
+        # defaultService must not be specified. Only one of defaultService,
+        # defaultUrlRedirect , or defaultRouteAction.weightedBackendService must be set.
+        # Authorization requires one or more of the following Google IAM permissions on
+        # the specified resource default_service: - compute.backendBuckets.use - compute.
+        # backendServices.use
         # Corresponds to the JSON property `defaultService`
         # @return [String]
         attr_accessor :default_service
@@ -24532,23 +24607,23 @@ module Google
         attr_accessor :paths
       
         # In response to a matching path, the load balancer performs advanced routing
-        # actions like URL rewrites, header transformations, etc. prior to forwarding
+        # actions, such as URL rewrites and header transformations, before forwarding
         # the request to the selected backend. If routeAction specifies any
         # weightedBackendServices, service must not be set. Conversely if service is set,
         # routeAction cannot contain any weightedBackendServices. Only one of
-        # routeAction or urlRedirect must be set. UrlMaps for external HTTP(S) load
-        # balancers support only the urlRewrite action within a pathRule's routeAction.
+        # routeAction or urlRedirect must be set. URL maps for external HTTP(S) load
+        # balancers support only the urlRewrite action within a path rule's routeAction.
         # Corresponds to the JSON property `routeAction`
         # @return [Google::Apis::ComputeBeta::HttpRouteAction]
         attr_accessor :route_action
       
         # The full or partial URL of the backend service resource to which traffic is
-        # directed if this rule is matched. If routeAction is additionally specified,
-        # advanced routing actions like URL Rewrites, etc. take effect prior to sending
-        # the request to the backend. However, if service is specified, routeAction
-        # cannot contain any weightedBackendService s. Conversely, if routeAction
-        # specifies any weightedBackendServices, service must not be specified. Only one
-        # of urlRedirect, service or routeAction.weightedBackendService must be set.
+        # directed if this rule is matched. If routeAction is also specified, advanced
+        # routing actions, such as URL rewrites, take effect before sending the request
+        # to the backend. However, if service is specified, routeAction cannot contain
+        # any weightedBackendServices. Conversely, if routeAction specifies any
+        # weightedBackendServices, service must not be specified. Only one of
+        # urlRedirect, service or routeAction.weightedBackendService must be set.
         # Corresponds to the JSON property `service`
         # @return [String]
         attr_accessor :service
@@ -24620,31 +24695,31 @@ module Google
       
       # An Identity and Access Management (IAM) policy, which specifies access
       # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
-      # A `binding` binds one or more `members` to a single `role`. Members can be
-      # user accounts, service accounts, Google groups, and domains (such as G Suite).
-      # A `role` is a named list of permissions; each `role` can be an IAM predefined
-      # role or a user-created custom role. For some types of Google Cloud resources,
-      # a `binding` can also specify a `condition`, which is a logical expression that
-      # allows access to a resource only if the expression evaluates to `true`. A
-      # condition can add constraints based on attributes of the request, the resource,
-      # or both. To learn which resources support conditions in their IAM policies,
-      # see the [IAM documentation](https://cloud.google.com/iam/help/conditions/
-      # resource-policies). **JSON example:** ` "bindings": [ ` "role": "roles/
-      # resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "
-      # group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@
-      # appspot.gserviceaccount.com" ] `, ` "role": "roles/resourcemanager.
-      # organizationViewer", "members": [ "user:eve@example.com" ], "condition": ` "
-      # title": "expirable access", "description": "Does not grant access after Sep
-      # 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", `
-      # ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:** bindings: -
-      # members: - user:mike@example.com - group:admins@example.com - domain:google.
-      # com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/
-      # resourcemanager.organizationAdmin - members: - user:eve@example.com role:
-      # roles/resourcemanager.organizationViewer condition: title: expirable access
-      # description: Does not grant access after Sep 2020 expression: request.time <
-      # timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a
-      # description of IAM and its features, see the [IAM documentation](https://cloud.
-      # google.com/iam/docs/).
+      # A `binding` binds one or more `members`, or principals, to a single `role`.
+      # Principals can be user accounts, service accounts, Google groups, and domains (
+      # such as G Suite). A `role` is a named list of permissions; each `role` can be
+      # an IAM predefined role or a user-created custom role. For some types of Google
+      # Cloud resources, a `binding` can also specify a `condition`, which is a
+      # logical expression that allows access to a resource only if the expression
+      # evaluates to `true`. A condition can add constraints based on attributes of
+      # the request, the resource, or both. To learn which resources support
+      # conditions in their IAM policies, see the [IAM documentation](https://cloud.
+      # google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
+      # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
+      # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
+      # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
+      # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
+      # ], "condition": ` "title": "expirable access", "description": "Does not grant
+      # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
+      # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
+      # bindings: - members: - user:mike@example.com - group:admins@example.com -
+      # domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
+      # role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
+      # com role: roles/resourcemanager.organizationViewer condition: title: expirable
+      # access description: Does not grant access after Sep 2020 expression: request.
+      # time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
+      # a description of IAM and its features, see the [IAM documentation](https://
+      # cloud.google.com/iam/docs/).
       class Policy
         include Google::Apis::Core::Hashable
       
@@ -24653,9 +24728,14 @@ module Google
         # @return [Array<Google::Apis::ComputeBeta::AuditConfig>]
         attr_accessor :audit_configs
       
-        # Associates a list of `members` to a `role`. Optionally, may specify a `
-        # condition` that determines how and when the `bindings` are applied. Each of
-        # the `bindings` must contain at least one member.
+        # Associates a list of `members`, or principals, with a `role`. Optionally, may
+        # specify a `condition` that determines how and when the `bindings` are applied.
+        # Each of the `bindings` must contain at least one principal. The `bindings` in
+        # a `Policy` can refer to up to 1,500 principals; up to 250 of these principals
+        # can be Google groups. Each occurrence of a principal counts towards these
+        # limits. For example, if the `bindings` grant 50 different roles to `user:alice@
+        # example.com`, and not to any other principal, then you can add another 1,450
+        # principals to the `bindings` in the `Policy`.
         # Corresponds to the JSON property `bindings`
         # @return [Array<Google::Apis::ComputeBeta::Binding>]
         attr_accessor :bindings
@@ -24676,12 +24756,6 @@ module Google
         # @return [String]
         attr_accessor :etag
       
-        # This is deprecated and has no effect. Do not use.
-        # Corresponds to the JSON property `iamOwned`
-        # @return [Boolean]
-        attr_accessor :iam_owned
-        alias_method :iam_owned?, :iam_owned
-      
         # This is deprecated and has no effect. Do not use.
         # Corresponds to the JSON property `rules`
         # @return [Array<Google::Apis::ComputeBeta::Rule>]
@@ -24715,7 +24789,6 @@ module Google
           @audit_configs = args[:audit_configs] if args.key?(:audit_configs)
           @bindings = args[:bindings] if args.key?(:bindings)
           @etag = args[:etag] if args.key?(:etag)
-          @iam_owned = args[:iam_owned] if args.key?(:iam_owned)
           @rules = args[:rules] if args.key?(:rules)
           @version = args[:version] if args.key?(:version)
         end
@@ -25096,7 +25169,13 @@ module Google
         # @return [String]
         attr_accessor :shared_secret
       
-        # The status of the public advertised prefix.
+        # The status of the public advertised prefix. Possible values include: - `
+        # INITIAL`: RPKI validation is complete. - `PTR_CONFIGURED`: User has configured
+        # the PTR. - `VALIDATED`: Reverse DNS lookup is successful. - `
+        # REVERSE_DNS_LOOKUP_FAILED`: Reverse DNS lookup failed. - `
+        # PREFIX_CONFIGURATION_IN_PROGRESS`: The prefix is being configured. - `
+        # PREFIX_CONFIGURATION_COMPLETE`: The prefix is fully configured. - `
+        # PREFIX_REMOVAL_IN_PROGRESS`: The prefix is being removed.
         # Corresponds to the JSON property `status`
         # @return [String]
         attr_accessor :status
@@ -25375,7 +25454,12 @@ module Google
         # @return [String]
         attr_accessor :self_link
       
-        # [Output Only] The status of the public delegated prefix.
+        # [Output Only] The status of the public delegated prefix, which can be one of
+        # following values: - `INITIALIZING` The public delegated prefix is being
+        # initialized and addresses cannot be created yet. - `READY_TO_ANNOUNCE` The
+        # public delegated prefix is a live migration prefix and is active. - `ANNOUNCED`
+        # The public delegated prefix is active. - `DELETING` The public delegated
+        # prefix is being deprovsioned.
         # Corresponds to the JSON property `status`
         # @return [String]
         attr_accessor :status
@@ -26862,6 +26946,47 @@ module Google
         end
       end
       
+      # 
+      class RegionInstanceGroupManagersResizeAdvancedRequest
+        include Google::Apis::Core::Hashable
+      
+        # If this flag is true, the managed instance group attempts to create all
+        # instances initiated by this resize request only once. If there is an error
+        # during creation, the managed instance group does not retry create this
+        # instance, and we will decrease the targetSize of the request instead. If the
+        # flag is false, the group attempts to recreate each instance continuously until
+        # it succeeds. This flag matters only in the first attempt of creation of an
+        # instance. After an instance is successfully created while this flag is enabled,
+        # the instance behaves the same way as all the other instances created with a
+        # regular resize request. In particular, if a running instance dies unexpectedly
+        # at a later time and needs to be recreated, this mode does not affect the
+        # recreation behavior in that scenario. This flag is applicable only to the
+        # current resize request. It does not influence other resize requests in any way.
+        # You can see which instances ar being created in which mode by calling the get
+        # or listManagedInstances API.
+        # Corresponds to the JSON property `noCreationRetries`
+        # @return [Boolean]
+        attr_accessor :no_creation_retries
+        alias_method :no_creation_retries?, :no_creation_retries
+      
+        # The number of running instances that the managed instance group should
+        # maintain at any given time. The group automatically adds or removes instances
+        # to maintain the number of instances specified by this parameter.
+        # Corresponds to the JSON property `targetSize`
+        # @return [Fixnum]
+        attr_accessor :target_size
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @no_creation_retries = args[:no_creation_retries] if args.key?(:no_creation_retries)
+          @target_size = args[:target_size] if args.key?(:target_size)
+        end
+      end
+      
       # 
       class RegionInstanceGroupManagersSetAutoHealingRequest
         include Google::Apis::Core::Hashable
@@ -27273,31 +27398,31 @@ module Google
       
         # An Identity and Access Management (IAM) policy, which specifies access
         # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
-        # A `binding` binds one or more `members` to a single `role`. Members can be
-        # user accounts, service accounts, Google groups, and domains (such as G Suite).
-        # A `role` is a named list of permissions; each `role` can be an IAM predefined
-        # role or a user-created custom role. For some types of Google Cloud resources,
-        # a `binding` can also specify a `condition`, which is a logical expression that
-        # allows access to a resource only if the expression evaluates to `true`. A
-        # condition can add constraints based on attributes of the request, the resource,
-        # or both. To learn which resources support conditions in their IAM policies,
-        # see the [IAM documentation](https://cloud.google.com/iam/help/conditions/
-        # resource-policies). **JSON example:** ` "bindings": [ ` "role": "roles/
-        # resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "
-        # group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@
-        # appspot.gserviceaccount.com" ] `, ` "role": "roles/resourcemanager.
-        # organizationViewer", "members": [ "user:eve@example.com" ], "condition": ` "
-        # title": "expirable access", "description": "Does not grant access after Sep
-        # 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", `
-        # ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:** bindings: -
-        # members: - user:mike@example.com - group:admins@example.com - domain:google.
-        # com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/
-        # resourcemanager.organizationAdmin - members: - user:eve@example.com role:
-        # roles/resourcemanager.organizationViewer condition: title: expirable access
-        # description: Does not grant access after Sep 2020 expression: request.time <
-        # timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a
-        # description of IAM and its features, see the [IAM documentation](https://cloud.
-        # google.com/iam/docs/).
+        # A `binding` binds one or more `members`, or principals, to a single `role`.
+        # Principals can be user accounts, service accounts, Google groups, and domains (
+        # such as G Suite). A `role` is a named list of permissions; each `role` can be
+        # an IAM predefined role or a user-created custom role. For some types of Google
+        # Cloud resources, a `binding` can also specify a `condition`, which is a
+        # logical expression that allows access to a resource only if the expression
+        # evaluates to `true`. A condition can add constraints based on attributes of
+        # the request, the resource, or both. To learn which resources support
+        # conditions in their IAM policies, see the [IAM documentation](https://cloud.
+        # google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
+        # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
+        # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
+        # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
+        # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
+        # ], "condition": ` "title": "expirable access", "description": "Does not grant
+        # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
+        # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
+        # bindings: - members: - user:mike@example.com - group:admins@example.com -
+        # domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
+        # role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
+        # com role: roles/resourcemanager.organizationViewer condition: title: expirable
+        # access description: Does not grant access after Sep 2020 expression: request.
+        # time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
+        # a description of IAM and its features, see the [IAM documentation](https://
+        # cloud.google.com/iam/docs/).
         # Corresponds to the JSON property `policy`
         # @return [Google::Apis::ComputeBeta::Policy]
         attr_accessor :policy
@@ -27338,21 +27463,21 @@ module Google
       class RegionUrlMapsValidateRequest
         include Google::Apis::Core::Hashable
       
-        # Represents a URL Map resource. Google Compute Engine has two URL Map resources:
-        # * [Global](/compute/docs/reference/rest/beta/urlMaps) * [Regional](/compute/
-        # docs/reference/rest/beta/regionUrlMaps) A URL map resource is a component of
-        # certain types of GCP load balancers and Traffic Director. * urlMaps are used
+        # Represents a URL Map resource. Compute Engine has two URL Map resources: * [
+        # Global](/compute/docs/reference/rest/beta/urlMaps) * [Regional](/compute/docs/
+        # reference/rest/beta/regionUrlMaps) A URL map resource is a component of
+        # certain types of cloud load balancers and Traffic Director: * urlMaps are used
         # by external HTTP(S) load balancers and Traffic Director. * regionUrlMaps are
         # used by internal HTTP(S) load balancers. For a list of supported URL map
-        # features by load balancer type, see the Load balancing features: Routing and
-        # traffic management table. For a list of supported URL map features for Traffic
-        # Director, see the Traffic Director features: Routing and traffic management
-        # table. This resource defines mappings from host names and URL paths to either
-        # a backend service or a backend bucket. To use the global urlMaps resource, the
-        # backend service must have a loadBalancingScheme of either EXTERNAL or
-        # INTERNAL_SELF_MANAGED. To use the regionUrlMaps resource, the backend service
-        # must have a loadBalancingScheme of INTERNAL_MANAGED. For more information,
-        # read URL Map Concepts.
+        # features by the load balancer type, see the Load balancing features: Routing
+        # and traffic management table. For a list of supported URL map features for
+        # Traffic Director, see the Traffic Director features: Routing and traffic
+        # management table. This resource defines mappings from hostnames and URL paths
+        # to either a backend service or a backend bucket. To use the global urlMaps
+        # resource, the backend service must have a loadBalancingScheme of either
+        # EXTERNAL or INTERNAL_SELF_MANAGED. To use the regionUrlMaps resource, the
+        # backend service must have a loadBalancingScheme of INTERNAL_MANAGED. For more
+        # information, read URL Map Concepts.
         # Corresponds to the JSON property `resource`
         # @return [Google::Apis::ComputeBeta::UrlMap]
         attr_accessor :resource
@@ -27368,9 +27493,9 @@ module Google
       end
       
       # A policy that specifies how requests intended for the route's backends are
-      # shadowed to a separate mirrored backend service. Loadbalancer does not wait
-      # for responses from the shadow service. Prior to sending traffic to the shadow
-      # service, the host / authority header is suffixed with -shadow.
+      # shadowed to a separate mirrored backend service. The load balancer doesn't
+      # wait for responses from the shadow service. Before sending traffic to the
+      # shadow service, the host or authority header is suffixed with -shadow.
       class RequestMirrorPolicy
         include Google::Apis::Core::Hashable
       
@@ -28829,6 +28954,11 @@ module Google
       class Route
         include Google::Apis::Core::Hashable
       
+        # [Output Only] AS path.
+        # Corresponds to the JSON property `asPaths`
+        # @return [Array<Google::Apis::ComputeBeta::RouteAsPath>]
+        attr_accessor :as_paths
+      
         # [Output Only] Creation timestamp in RFC3339 text format.
         # Corresponds to the JSON property `creationTimestamp`
         # @return [String]
@@ -28933,6 +29063,15 @@ module Google
         # @return [Fixnum]
         attr_accessor :priority
       
+        # [Output Only] The type of this route, which can be one of the following values:
+        # - 'TRANSIT' for a transit route that this router learned from another Cloud
+        # Router and will readvertise to one of its BGP peers - 'SUBNET' for a route
+        # from a subnet of the VPC - 'BGP' for a route learned from a BGP peer of this
+        # router - 'STATIC' for a static route
+        # Corresponds to the JSON property `routeType`
+        # @return [String]
+        attr_accessor :route_type
+      
         # [Output Only] Server-defined fully-qualified URL for this resource.
         # Corresponds to the JSON property `selfLink`
         # @return [String]
@@ -28955,6 +29094,7 @@ module Google
       
         # Update properties of this object
         def update!(**args)
+          @as_paths = args[:as_paths] if args.key?(:as_paths)
           @creation_timestamp = args[:creation_timestamp] if args.key?(:creation_timestamp)
           @description = args[:description] if args.key?(:description)
           @dest_range = args[:dest_range] if args.key?(:dest_range)
@@ -28971,6 +29111,7 @@ module Google
           @next_hop_peering = args[:next_hop_peering] if args.key?(:next_hop_peering)
           @next_hop_vpn_tunnel = args[:next_hop_vpn_tunnel] if args.key?(:next_hop_vpn_tunnel)
           @priority = args[:priority] if args.key?(:priority)
+          @route_type = args[:route_type] if args.key?(:route_type)
           @self_link = args[:self_link] if args.key?(:self_link)
           @tags = args[:tags] if args.key?(:tags)
           @warnings = args[:warnings] if args.key?(:warnings)
@@ -29041,6 +29182,37 @@ module Google
         end
       end
       
+      # 
+      class RouteAsPath
+        include Google::Apis::Core::Hashable
+      
+        # [Output Only] The AS numbers of the AS Path.
+        # Corresponds to the JSON property `asLists`
+        # @return [Array<Fixnum>]
+        attr_accessor :as_lists
+      
+        # [Output Only] The type of the AS Path, which can be one of the following
+        # values: - 'AS_SET': unordered set of autonomous systems that the route in has
+        # traversed - 'AS_SEQUENCE': ordered set of autonomous systems that the route
+        # has traversed - 'AS_CONFED_SEQUENCE': ordered set of Member Autonomous Systems
+        # in the local confederation that the route has traversed - 'AS_CONFED_SET':
+        # unordered set of Member Autonomous Systems in the local confederation that the
+        # route has traversed
+        # Corresponds to the JSON property `pathSegmentType`
+        # @return [String]
+        attr_accessor :path_segment_type
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @as_lists = args[:as_lists] if args.key?(:as_lists)
+          @path_segment_type = args[:path_segment_type] if args.key?(:path_segment_type)
+        end
+      end
+      
       # Contains a list of Route resources.
       class RouteList
         include Google::Apis::Core::Hashable
@@ -29507,7 +29679,7 @@ module Google
         # @return [Fixnum]
         attr_accessor :advertised_route_priority
       
-        # BFD configuration for the BGP peering. Not currently available publicly.
+        # BFD configuration for the BGP peering.
         # Corresponds to the JSON property `bfd`
         # @return [Google::Apis::ComputeBeta::RouterBgpPeerBfd]
         attr_accessor :bfd
@@ -29600,8 +29772,8 @@ module Google
         # The minimum interval, in milliseconds, between BFD control packets received
         # from the peer router. The actual value is negotiated between the two routers
         # and is equal to the greater of this value and the transmit interval of the
-        # other router. Not currently available publicly. If set, this value must be
-        # between 1000 and 30000. The default is 1000.
+        # other router. If set, this value must be between 1000 and 30000. The default
+        # is 1000.
         # Corresponds to the JSON property `minReceiveInterval`
         # @return [Fixnum]
         attr_accessor :min_receive_interval
@@ -29609,24 +29781,24 @@ module Google
         # The minimum interval, in milliseconds, between BFD control packets transmitted
         # to the peer router. The actual value is negotiated between the two routers and
         # is equal to the greater of this value and the corresponding receive interval
-        # of the other router. Not currently available publicly. If set, this value must
-        # be between 1000 and 30000. The default is 1000.
+        # of the other router. If set, this value must be between 1000 and 30000. The
+        # default is 1000.
         # Corresponds to the JSON property `minTransmitInterval`
         # @return [Fixnum]
         attr_accessor :min_transmit_interval
       
         # The number of consecutive BFD packets that must be missed before BFD declares
-        # that a peer is unavailable. Not currently available publicly. If set, the
-        # value must be a value between 5 and 16. The default is 5.
+        # that a peer is unavailable. If set, the value must be a value between 5 and 16.
+        # The default is 5.
         # Corresponds to the JSON property `multiplier`
         # @return [Fixnum]
         attr_accessor :multiplier
       
-        # The BFD session initialization mode for this BGP peer. Not currently available
-        # publicly. If set to ACTIVE, the Cloud Router will initiate the BFD session for
-        # this BGP peer. If set to PASSIVE, the Cloud Router will wait for the peer
-        # router to initiate the BFD session for this BGP peer. If set to DISABLED, BFD
-        # is disabled for this BGP peer. The default is PASSIVE.
+        # The BFD session initialization mode for this BGP peer. If set to ACTIVE, the
+        # Cloud Router will initiate the BFD session for this BGP peer. If set to
+        # PASSIVE, the Cloud Router will wait for the peer router to initiate the BFD
+        # session for this BGP peer. If set to DISABLED, BFD is disabled for this BGP
+        # peer. The default is PASSIVE.
         # Corresponds to the JSON property `sessionInitializationMode`
         # @return [String]
         attr_accessor :session_initialization_mode
@@ -29868,6 +30040,17 @@ module Google
         # @return [Array<String>]
         attr_accessor :drain_nat_ips
       
+        # Enable Dynamic Port Allocation. If not specified, it is disabled by default.
+        # If set to true, - Dynamic Port Allocation will be enabled on this NAT config. -
+        # enableEndpointIndependentMapping cannot be set to true. - If minPorts is set,
+        # minPortsPerVm must be set to a power of two greater than or equal to 32. If
+        # minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from
+        # this NAT config.
+        # Corresponds to the JSON property `enableDynamicPortAllocation`
+        # @return [Boolean]
+        attr_accessor :enable_dynamic_port_allocation
+        alias_method :enable_dynamic_port_allocation?, :enable_dynamic_port_allocation
+      
         # 
         # Corresponds to the JSON property `enableEndpointIndependentMapping`
         # @return [Boolean]
@@ -29884,6 +30067,17 @@ module Google
         # @return [Google::Apis::ComputeBeta::RouterNatLogConfig]
         attr_accessor :log_config
       
+        # Maximum number of ports allocated to a VM from this NAT config when Dynamic
+        # Port Allocation is enabled. If Dynamic Port Allocation is not enabled, this
+        # field has no effect. If Dynamic Port Allocation is enabled, and this field is
+        # set, it must be set to a power of two greater than minPortsPerVm, or 64 if
+        # minPortsPerVm is not set. If Dynamic Port Allocation is enabled and this field
+        # is not set, a maximum of 65536 ports will be allocated to a VM from this NAT
+        # config.
+        # Corresponds to the JSON property `maxPortsPerVm`
+        # @return [Fixnum]
+        attr_accessor :max_ports_per_vm
+      
         # Minimum number of ports allocated to a VM from this NAT config. If not set, a
         # default number of ports is allocated to a VM. This is rounded up to the
         # nearest power of 2. For example, if the value of this field is 50, at least 64
@@ -29913,6 +30107,11 @@ module Google
         # @return [Array<String>]
         attr_accessor :nat_ips
       
+        # A list of rules associated with this NAT.
+        # Corresponds to the JSON property `rules`
+        # @return [Array<Google::Apis::ComputeBeta::RouterNatRule>]
+        attr_accessor :rules
+      
         # Specify the Nat option, which can take one of the following values: -
         # ALL_SUBNETWORKS_ALL_IP_RANGES: All of the IP ranges in every Subnetwork are
         # allowed to Nat. - ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES: All of the primary IP
@@ -29939,6 +30138,12 @@ module Google
         # @return [Fixnum]
         attr_accessor :tcp_established_idle_timeout_sec
       
+        # Timeout (in seconds) for TCP connections that are in TIME_WAIT state. Defaults
+        # to 120s if not set.
+        # Corresponds to the JSON property `tcpTimeWaitTimeoutSec`
+        # @return [Fixnum]
+        attr_accessor :tcp_time_wait_timeout_sec
+      
         # Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not
         # set.
         # Corresponds to the JSON property `tcpTransitoryIdleTimeoutSec`
@@ -29957,16 +30162,20 @@ module Google
         # Update properties of this object
         def update!(**args)
           @drain_nat_ips = args[:drain_nat_ips] if args.key?(:drain_nat_ips)
+          @enable_dynamic_port_allocation = args[:enable_dynamic_port_allocation] if args.key?(:enable_dynamic_port_allocation)
           @enable_endpoint_independent_mapping = args[:enable_endpoint_independent_mapping] if args.key?(:enable_endpoint_independent_mapping)
           @icmp_idle_timeout_sec = args[:icmp_idle_timeout_sec] if args.key?(:icmp_idle_timeout_sec)
           @log_config = args[:log_config] if args.key?(:log_config)
+          @max_ports_per_vm = args[:max_ports_per_vm] if args.key?(:max_ports_per_vm)
           @min_ports_per_vm = args[:min_ports_per_vm] if args.key?(:min_ports_per_vm)
           @name = args[:name] if args.key?(:name)
           @nat_ip_allocate_option = args[:nat_ip_allocate_option] if args.key?(:nat_ip_allocate_option)
           @nat_ips = args[:nat_ips] if args.key?(:nat_ips)
+          @rules = args[:rules] if args.key?(:rules)
           @source_subnetwork_ip_ranges_to_nat = args[:source_subnetwork_ip_ranges_to_nat] if args.key?(:source_subnetwork_ip_ranges_to_nat)
           @subnetworks = args[:subnetworks] if args.key?(:subnetworks)
           @tcp_established_idle_timeout_sec = args[:tcp_established_idle_timeout_sec] if args.key?(:tcp_established_idle_timeout_sec)
+          @tcp_time_wait_timeout_sec = args[:tcp_time_wait_timeout_sec] if args.key?(:tcp_time_wait_timeout_sec)
           @tcp_transitory_idle_timeout_sec = args[:tcp_transitory_idle_timeout_sec] if args.key?(:tcp_transitory_idle_timeout_sec)
           @udp_idle_timeout_sec = args[:udp_idle_timeout_sec] if args.key?(:udp_idle_timeout_sec)
         end
@@ -30002,6 +30211,81 @@ module Google
         end
       end
       
+      # 
+      class RouterNatRule
+        include Google::Apis::Core::Hashable
+      
+        # The action to be enforced for traffic that matches this rule.
+        # Corresponds to the JSON property `action`
+        # @return [Google::Apis::ComputeBeta::RouterNatRuleAction]
+        attr_accessor :action
+      
+        # An optional description of this rule.
+        # Corresponds to the JSON property `description`
+        # @return [String]
+        attr_accessor :description
+      
+        # CEL expression that specifies the match condition that egress traffic from a
+        # VM is evaluated against. If it evaluates to true, the corresponding `action`
+        # is enforced. The following examples are valid match expressions for public NAT:
+        # "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.
+        # 0/16')" "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" The
+        # following example is a valid match expression for private NAT: "nexthop.hub ==
+        # 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/
+        # global/hub/hub-1'"
+        # Corresponds to the JSON property `match`
+        # @return [String]
+        attr_accessor :match
+      
+        # An integer uniquely identifying a rule in the list. The rule number must be a
+        # positive value between 0 and 65000, and must be unique among rules within a
+        # NAT.
+        # Corresponds to the JSON property `ruleNumber`
+        # @return [Fixnum]
+        attr_accessor :rule_number
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @action = args[:action] if args.key?(:action)
+          @description = args[:description] if args.key?(:description)
+          @match = args[:match] if args.key?(:match)
+          @rule_number = args[:rule_number] if args.key?(:rule_number)
+        end
+      end
+      
+      # 
+      class RouterNatRuleAction
+        include Google::Apis::Core::Hashable
+      
+        # A list of URLs of the IP resources used for this NAT rule. These IP addresses
+        # must be valid static external IP addresses assigned to the project. This field
+        # is used for public NAT.
+        # Corresponds to the JSON property `sourceNatActiveIps`
+        # @return [Array<String>]
+        attr_accessor :source_nat_active_ips
+      
+        # A list of URLs of the IP resources to be drained. These IPs must be valid
+        # static external IPs that have been assigned to the NAT. These IPs should be
+        # used for updating/patching a NAT rule only. This field is used for public NAT.
+        # Corresponds to the JSON property `sourceNatDrainIps`
+        # @return [Array<String>]
+        attr_accessor :source_nat_drain_ips
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @source_nat_active_ips = args[:source_nat_active_ips] if args.key?(:source_nat_active_ips)
+          @source_nat_drain_ips = args[:source_nat_drain_ips] if args.key?(:source_nat_drain_ips)
+        end
+      end
+      
       # Defines the IP ranges that want to use NAT for a subnetwork.
       class RouterNatSubnetworkToNat
         include Google::Apis::Core::Hashable
@@ -30207,6 +30491,11 @@ module Google
         # @return [Fixnum]
         attr_accessor :num_vm_endpoints_with_nat_mappings
       
+        # Status of rules in this NAT.
+        # Corresponds to the JSON property `ruleStatus`
+        # @return [Array<Google::Apis::ComputeBeta::RouterStatusNatStatusNatRuleStatus>]
+        attr_accessor :rule_status
+      
         # A list of fully qualified URLs of reserved IP address resources.
         # Corresponds to the JSON property `userAllocatedNatIpResources`
         # @return [Array<String>]
@@ -30230,11 +30519,58 @@ module Google
           @min_extra_nat_ips_needed = args[:min_extra_nat_ips_needed] if args.key?(:min_extra_nat_ips_needed)
           @name = args[:name] if args.key?(:name)
           @num_vm_endpoints_with_nat_mappings = args[:num_vm_endpoints_with_nat_mappings] if args.key?(:num_vm_endpoints_with_nat_mappings)
+          @rule_status = args[:rule_status] if args.key?(:rule_status)
           @user_allocated_nat_ip_resources = args[:user_allocated_nat_ip_resources] if args.key?(:user_allocated_nat_ip_resources)
           @user_allocated_nat_ips = args[:user_allocated_nat_ips] if args.key?(:user_allocated_nat_ips)
         end
       end
       
+      # Status of a NAT Rule contained in this NAT.
+      class RouterStatusNatStatusNatRuleStatus
+        include Google::Apis::Core::Hashable
+      
+        # A list of active IPs for NAT. Example: ["1.1.1.1", "179.12.26.133"].
+        # Corresponds to the JSON property `activeNatIps`
+        # @return [Array<String>]
+        attr_accessor :active_nat_ips
+      
+        # A list of IPs for NAT that are in drain mode. Example: ["1.1.1.1", "179.12.26.
+        # 133"].
+        # Corresponds to the JSON property `drainNatIps`
+        # @return [Array<String>]
+        attr_accessor :drain_nat_ips
+      
+        # The number of extra IPs to allocate. This will be greater than 0 only if the
+        # existing IPs in this NAT Rule are NOT enough to allow all configured VMs to
+        # use NAT.
+        # Corresponds to the JSON property `minExtraIpsNeeded`
+        # @return [Fixnum]
+        attr_accessor :min_extra_ips_needed
+      
+        # Number of VM endpoints (i.e., NICs) that have NAT Mappings from this NAT Rule.
+        # Corresponds to the JSON property `numVmEndpointsWithNatMappings`
+        # @return [Fixnum]
+        attr_accessor :num_vm_endpoints_with_nat_mappings
+      
+        # Rule number of the rule.
+        # Corresponds to the JSON property `ruleNumber`
+        # @return [Fixnum]
+        attr_accessor :rule_number
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @active_nat_ips = args[:active_nat_ips] if args.key?(:active_nat_ips)
+          @drain_nat_ips = args[:drain_nat_ips] if args.key?(:drain_nat_ips)
+          @min_extra_ips_needed = args[:min_extra_ips_needed] if args.key?(:min_extra_ips_needed)
+          @num_vm_endpoints_with_nat_mappings = args[:num_vm_endpoints_with_nat_mappings] if args.key?(:num_vm_endpoints_with_nat_mappings)
+          @rule_number = args[:rule_number] if args.key?(:rule_number)
+        end
+      end
+      
       # 
       class RouterStatusResponse
         include Google::Apis::Core::Hashable
@@ -32334,6 +32670,12 @@ module Google
       class ShareSettings
         include Google::Apis::Core::Hashable
       
+        # A map of project id and project config. This is only valid when share_type's
+        # value is SPECIFIC_PROJECTS.
+        # Corresponds to the JSON property `projectMap`
+        # @return [Hash<String,Google::Apis::ComputeBeta::ShareSettingsProjectConfig>]
+        attr_accessor :project_map
+      
         # A List of Project names to specify consumer projects for this shared-
         # reservation. This is only valid when share_type's value is SPECIFIC_PROJECTS.
         # Corresponds to the JSON property `projects`
@@ -32351,11 +32693,32 @@ module Google
       
         # Update properties of this object
         def update!(**args)
+          @project_map = args[:project_map] if args.key?(:project_map)
           @projects = args[:projects] if args.key?(:projects)
           @share_type = args[:share_type] if args.key?(:share_type)
         end
       end
       
+      # Config for each project in the share settings.
+      class ShareSettingsProjectConfig
+        include Google::Apis::Core::Hashable
+      
+        # The project ID, should be same as the key of this project config in the parent
+        # map.
+        # Corresponds to the JSON property `projectId`
+        # @return [String]
+        attr_accessor :project_id
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @project_id = args[:project_id] if args.key?(:project_id)
+        end
+      end
+      
       # A set of Shielded Instance options.
       class ShieldedInstanceConfig
         include Google::Apis::Core::Hashable
@@ -34063,8 +34426,9 @@ module Google
       
         # Whether to enable flow logging for this subnetwork. If this field is not
         # explicitly set, it will not appear in get listings. If not set the default
-        # behavior is to disable flow logging. This field isn't supported with the
-        # purpose field set to INTERNAL_HTTPS_LOAD_BALANCER.
+        # behavior is determined by the org policy, if there is no org policy specified,
+        # then it will default to disabled. This field isn't supported with the purpose
+        # field set to INTERNAL_HTTPS_LOAD_BALANCER.
         # Corresponds to the JSON property `enableFlowLogs`
         # @return [Boolean]
         attr_accessor :enable_flow_logs
@@ -34145,9 +34509,8 @@ module Google
         attr_accessor :name
       
         # The URL of the network to which this subnetwork belongs, provided by the
-        # client when initially creating the subnetwork. Only networks that are in the
-        # distributed mode can have subnetworks. This field can be set only at resource
-        # creation time.
+        # client when initially creating the subnetwork. This field can be set only at
+        # resource creation time.
         # Corresponds to the JSON property `network`
         # @return [String]
         attr_accessor :network
@@ -34513,7 +34876,8 @@ module Google
       
         # Whether to enable flow logging for this subnetwork. If this field is not
         # explicitly set, it will not appear in get listings. If not set the default
-        # behavior is to disable flow logging.
+        # behavior is determined by the org policy, if there is no org policy specified,
+        # then it will default to disabled.
         # Corresponds to the JSON property `enable`
         # @return [Boolean]
         attr_accessor :enable
@@ -34528,8 +34892,8 @@ module Google
         # Can only be specified if VPC flow logging for this subnetwork is enabled. The
         # value of the field must be in [0, 1]. Set the sampling rate of VPC flow logs
         # within the subnetwork where 1.0 means all collected logs are reported and 0.0
-        # means no logs are reported. Default is 0.5, which means half of all collected
-        # logs are reported.
+        # means no logs are reported. Default is 0.5 unless otherwise specified by the
+        # org policy, which means half of all collected logs are reported.
         # Corresponds to the JSON property `flowSampling`
         # @return [Float]
         attr_accessor :flow_sampling
@@ -34735,6 +35099,20 @@ module Google
         # @return [String]
         attr_accessor :policy
       
+        # The number of backends per backend group assigned to each proxy instance or
+        # each service mesh client. An input parameter to the `
+        # CONSISTENT_HASH_SUBSETTING` algorithm. Can only be set if `policy` is set to `
+        # CONSISTENT_HASH_SUBSETTING`. Can only be set if load balancing scheme is `
+        # INTERNAL_MANAGED` or `INTERNAL_SELF_MANAGED`. `subset_size` is optional for
+        # Internal HTTP(S) load balancing and required for Traffic Director. If you do
+        # not provide this value, Cloud Load Balancing will calculate it dynamically to
+        # optimize the number of proxies/clients visible to each backend and vice versa.
+        # Must be greater than 0. If `subset_size` is larger than the number of backends/
+        # endpoints, then subsetting is disabled.
+        # Corresponds to the JSON property `subsetSize`
+        # @return [Fixnum]
+        attr_accessor :subset_size
+      
         def initialize(**args)
            update!(**args)
         end
@@ -34742,6 +35120,7 @@ module Google
         # Update properties of this object
         def update!(**args)
           @policy = args[:policy] if args.key?(:policy)
+          @subset_size = args[:subset_size] if args.key?(:subset_size)
         end
       end
       
@@ -38100,7 +38479,7 @@ module Google
       class TestFailure
         include Google::Apis::Core::Hashable
       
-        # The actual output URL evaluated by load balancer containing the scheme, host,
+        # The actual output URL evaluated by a load balancer containing the scheme, host,
         # path and query parameters.
         # Corresponds to the JSON property `actualOutputUrl`
         # @return [String]
@@ -38117,8 +38496,8 @@ module Google
         # @return [String]
         attr_accessor :actual_service
       
-        # The expected output URL evaluated by load balancer containing the scheme, host,
-        # path and query parameters.
+        # The expected output URL evaluated by a load balancer containing the scheme,
+        # host, path and query parameters.
         # Corresponds to the JSON property `expectedOutputUrl`
         # @return [String]
         attr_accessor :expected_output_url
@@ -38232,21 +38611,21 @@ module Google
         end
       end
       
-      # Represents a URL Map resource. Google Compute Engine has two URL Map resources:
-      # * [Global](/compute/docs/reference/rest/beta/urlMaps) * [Regional](/compute/
-      # docs/reference/rest/beta/regionUrlMaps) A URL map resource is a component of
-      # certain types of GCP load balancers and Traffic Director. * urlMaps are used
+      # Represents a URL Map resource. Compute Engine has two URL Map resources: * [
+      # Global](/compute/docs/reference/rest/beta/urlMaps) * [Regional](/compute/docs/
+      # reference/rest/beta/regionUrlMaps) A URL map resource is a component of
+      # certain types of cloud load balancers and Traffic Director: * urlMaps are used
       # by external HTTP(S) load balancers and Traffic Director. * regionUrlMaps are
       # used by internal HTTP(S) load balancers. For a list of supported URL map
-      # features by load balancer type, see the Load balancing features: Routing and
-      # traffic management table. For a list of supported URL map features for Traffic
-      # Director, see the Traffic Director features: Routing and traffic management
-      # table. This resource defines mappings from host names and URL paths to either
-      # a backend service or a backend bucket. To use the global urlMaps resource, the
-      # backend service must have a loadBalancingScheme of either EXTERNAL or
-      # INTERNAL_SELF_MANAGED. To use the regionUrlMaps resource, the backend service
-      # must have a loadBalancingScheme of INTERNAL_MANAGED. For more information,
-      # read URL Map Concepts.
+      # features by the load balancer type, see the Load balancing features: Routing
+      # and traffic management table. For a list of supported URL map features for
+      # Traffic Director, see the Traffic Director features: Routing and traffic
+      # management table. This resource defines mappings from hostnames and URL paths
+      # to either a backend service or a backend bucket. To use the global urlMaps
+      # resource, the backend service must have a loadBalancingScheme of either
+      # EXTERNAL or INTERNAL_SELF_MANAGED. To use the regionUrlMaps resource, the
+      # backend service must have a loadBalancingScheme of INTERNAL_MANAGED. For more
+      # information, read URL Map Concepts.
       class UrlMap
         include Google::Apis::Core::Hashable
       
@@ -38256,28 +38635,28 @@ module Google
         attr_accessor :creation_timestamp
       
         # defaultRouteAction takes effect when none of the hostRules match. The load
-        # balancer performs advanced routing actions like URL rewrites, header
-        # transformations, etc. prior to forwarding the request to the selected backend.
-        # If defaultRouteAction specifies any weightedBackendServices, defaultService
-        # must not be set. Conversely if defaultService is set, defaultRouteAction
-        # cannot contain any weightedBackendServices. Only one of defaultRouteAction or
+        # balancer performs advanced routing actions, such as URL rewrites and header
+        # transformations, before forwarding the request to the selected backend. If
+        # defaultRouteAction specifies any weightedBackendServices, defaultService must
+        # not be set. Conversely if defaultService is set, defaultRouteAction cannot
+        # contain any weightedBackendServices. Only one of defaultRouteAction or
         # defaultUrlRedirect must be set. UrlMaps for external HTTP(S) load balancers
         # support only the urlRewrite action within defaultRouteAction.
-        # defaultRouteAction has no effect when the URL map is bound to target gRPC
-        # proxy that has validateForProxyless field set to true.
+        # defaultRouteAction has no effect when the URL map is bound to a target gRPC
+        # proxy that has the validateForProxyless field set to true.
         # Corresponds to the JSON property `defaultRouteAction`
         # @return [Google::Apis::ComputeBeta::HttpRouteAction]
         attr_accessor :default_route_action
       
         # The full or partial URL of the defaultService resource to which traffic is
-        # directed if none of the hostRules match. If defaultRouteAction is additionally
-        # specified, advanced routing actions like URL Rewrites, etc. take effect prior
-        # to sending the request to the backend. However, if defaultService is specified,
+        # directed if none of the hostRules match. If defaultRouteAction is also
+        # specified, advanced routing actions, such as URL rewrites, take effect before
+        # sending the request to the backend. However, if defaultService is specified,
         # defaultRouteAction cannot contain any weightedBackendServices. Conversely, if
         # routeAction specifies any weightedBackendServices, service must not be
-        # specified. Only one of defaultService, defaultUrlRedirect or
+        # specified. Only one of defaultService, defaultUrlRedirect , or
         # defaultRouteAction.weightedBackendService must be set. defaultService has no
-        # effect when the URL map is bound to target gRPC proxy that has
+        # effect when the URL map is bound to a target gRPC proxy that has the
         # validateForProxyless field set to true.
         # Corresponds to the JSON property `defaultService`
         # @return [String]
@@ -38295,11 +38674,10 @@ module Google
         attr_accessor :description
       
         # Fingerprint of this resource. A hash of the contents stored in this object.
-        # This field is used in optimistic locking. This field will be ignored when
-        # inserting a UrlMap. An up-to-date fingerprint must be provided in order to
-        # update the UrlMap, otherwise the request will fail with error 412
-        # conditionNotMet. To see the latest fingerprint, make a get() request to
-        # retrieve a UrlMap.
+        # This field is used in optimistic locking. This field is ignored when inserting
+        # a UrlMap. An up-to-date fingerprint must be provided in order to update the
+        # UrlMap, otherwise the request will fail with error 412 conditionNotMet. To see
+        # the latest fingerprint, make a get() request to retrieve a UrlMap.
         # Corresponds to the JSON property `fingerprint`
         # NOTE: Values are automatically base64 encoded/decoded in the client library.
         # @return [String]
@@ -38311,7 +38689,7 @@ module Google
         # @return [Google::Apis::ComputeBeta::HttpHeaderAction]
         attr_accessor :header_action
       
-        # The list of HostRules to use against the URL.
+        # The list of host rules to use against the URL.
         # Corresponds to the JSON property `hostRules`
         # @return [Array<Google::Apis::ComputeBeta::HostRule>]
         attr_accessor :host_rules
@@ -38354,10 +38732,10 @@ module Google
         # @return [String]
         attr_accessor :self_link
       
-        # The list of expected URL mapping tests. Request to update this UrlMap will
-        # succeed only if all of the test cases pass. You can specify a maximum of 100
-        # tests per UrlMap. Not supported when the URL map is bound to target gRPC proxy
-        # that has validateForProxyless field set to true.
+        # The list of expected URL mapping tests. Request to update the UrlMap succeeds
+        # only if all test cases pass. You can specify a maximum of 100 tests per UrlMap.
+        # Not supported when the URL map is bound to a target gRPC proxy that has
+        # validateForProxyless field set to true.
         # Corresponds to the JSON property `tests`
         # @return [Array<Google::Apis::ComputeBeta::UrlMapTest>]
         attr_accessor :tests
@@ -38531,18 +38909,18 @@ module Google
         # @return [String]
         attr_accessor :description
       
-        # The expected output URL evaluated by load balancer containing the scheme, host,
-        # path and query parameters. For rules that forward requests to backends, the
-        # test passes only when expectedOutputUrl matches the request forwarded by load
-        # balancer to backends. For rules with urlRewrite, the test verifies that the
-        # forwarded request matches hostRewrite and pathPrefixRewrite in the urlRewrite
-        # action. When service is specified, expectedOutputUrl`s scheme is ignored. For
-        # rules with urlRedirect, the test passes only if expectedOutputUrl matches the
-        # URL in the load balancer's redirect response. If urlRedirect specifies
-        # https_redirect, the test passes only if the scheme in expectedOutputUrl is
-        # also set to https. If urlRedirect specifies strip_query, the test passes only
-        # if expectedOutputUrl does not contain any query parameters. expectedOutputUrl
-        # is optional when service is specified.
+        # The expected output URL evaluated by the load balancer containing the scheme,
+        # host, path and query parameters. For rules that forward requests to backends,
+        # the test passes only when expectedOutputUrl matches the request forwarded by
+        # the load balancer to backends. For rules with urlRewrite, the test verifies
+        # that the forwarded request matches hostRewrite and pathPrefixRewrite in the
+        # urlRewrite action. When service is specified, expectedOutputUrl`s scheme is
+        # ignored. For rules with urlRedirect, the test passes only if expectedOutputUrl
+        # matches the URL in the load balancer's redirect response. If urlRedirect
+        # specifies https_redirect, the test passes only if the scheme in
+        # expectedOutputUrl is also set to HTTPS. If urlRedirect specifies strip_query,
+        # the test passes only if expectedOutputUrl does not contain any query
+        # parameters. expectedOutputUrl is optional when service is specified.
         # Corresponds to the JSON property `expectedOutputUrl`
         # @return [String]
         attr_accessor :expected_output_url
@@ -38573,7 +38951,8 @@ module Google
         attr_accessor :path
       
         # Expected BackendService or BackendBucket resource the given URL should be
-        # mapped to. service cannot be set if expectedRedirectResponseCode is set.
+        # mapped to. The service field cannot be set if expectedRedirectResponseCode is
+        # set.
         # Corresponds to the JSON property `service`
         # @return [String]
         attr_accessor :service
@@ -38878,21 +39257,36 @@ module Google
       class ValidateUrlMapsRequest
         include Google::Apis::Core::Hashable
       
-        # Represents a URL Map resource. Google Compute Engine has two URL Map resources:
-        # * [Global](/compute/docs/reference/rest/beta/urlMaps) * [Regional](/compute/
-        # docs/reference/rest/beta/regionUrlMaps) A URL map resource is a component of
-        # certain types of GCP load balancers and Traffic Director. * urlMaps are used
+        # Specifies the load balancer type(s) this validation request is for. Use
+        # EXTERNAL_MANAGED for HTTP/HTTPS External Global Load Balancer with Advanced
+        # Traffic Management. Use EXTERNAL for Classic HTTP/HTTPS External Global Load
+        # Balancer. Other load balancer types are not supported. For more information,
+        # refer to Choosing a load balancer. If unspecified, the load balancing scheme
+        # will be inferred from the backend service resources this URL map references.
+        # If that can not be inferred (for example, this URL map only references backend
+        # buckets, or this Url map is for rewrites and redirects only and doesn't
+        # reference any backends), EXTERNAL will be used as the default type. If
+        # specified, the scheme(s) must not conflict with the load balancing scheme of
+        # the backend service resources this Url map references.
+        # Corresponds to the JSON property `loadBalancingSchemes`
+        # @return [Array<String>]
+        attr_accessor :load_balancing_schemes
+      
+        # Represents a URL Map resource. Compute Engine has two URL Map resources: * [
+        # Global](/compute/docs/reference/rest/beta/urlMaps) * [Regional](/compute/docs/
+        # reference/rest/beta/regionUrlMaps) A URL map resource is a component of
+        # certain types of cloud load balancers and Traffic Director: * urlMaps are used
         # by external HTTP(S) load balancers and Traffic Director. * regionUrlMaps are
         # used by internal HTTP(S) load balancers. For a list of supported URL map
-        # features by load balancer type, see the Load balancing features: Routing and
-        # traffic management table. For a list of supported URL map features for Traffic
-        # Director, see the Traffic Director features: Routing and traffic management
-        # table. This resource defines mappings from host names and URL paths to either
-        # a backend service or a backend bucket. To use the global urlMaps resource, the
-        # backend service must have a loadBalancingScheme of either EXTERNAL or
-        # INTERNAL_SELF_MANAGED. To use the regionUrlMaps resource, the backend service
-        # must have a loadBalancingScheme of INTERNAL_MANAGED. For more information,
-        # read URL Map Concepts.
+        # features by the load balancer type, see the Load balancing features: Routing
+        # and traffic management table. For a list of supported URL map features for
+        # Traffic Director, see the Traffic Director features: Routing and traffic
+        # management table. This resource defines mappings from hostnames and URL paths
+        # to either a backend service or a backend bucket. To use the global urlMaps
+        # resource, the backend service must have a loadBalancingScheme of either
+        # EXTERNAL or INTERNAL_SELF_MANAGED. To use the regionUrlMaps resource, the
+        # backend service must have a loadBalancingScheme of INTERNAL_MANAGED. For more
+        # information, read URL Map Concepts.
         # Corresponds to the JSON property `resource`
         # @return [Google::Apis::ComputeBeta::UrlMap]
         attr_accessor :resource
@@ -38903,6 +39297,7 @@ module Google
       
         # Update properties of this object
         def update!(**args)
+          @load_balancing_schemes = args[:load_balancing_schemes] if args.key?(:load_balancing_schemes)
           @resource = args[:resource] if args.key?(:resource)
         end
       end
@@ -38931,16 +39326,16 @@ module Google
       class UrlRewrite
         include Google::Apis::Core::Hashable
       
-        # Prior to forwarding the request to the selected service, the request's host
-        # header is replaced with contents of hostRewrite. The value must be between 1
-        # and 255 characters.
+        # Before forwarding the request to the selected service, the request's host
+        # header is replaced with contents of hostRewrite. The value must be from 1 to
+        # 255 characters.
         # Corresponds to the JSON property `hostRewrite`
         # @return [String]
         attr_accessor :host_rewrite
       
-        # Prior to forwarding the request to the selected backend service, the matching
+        # Before forwarding the request to the selected backend service, the matching
         # portion of the request's path is replaced by pathPrefixRewrite. The value must
-        # be between 1 and 1024 characters.
+        # be from 1 to 1024 characters.
         # Corresponds to the JSON property `pathPrefixRewrite`
         # @return [String]
         attr_accessor :path_prefix_rewrite
@@ -40594,14 +40989,13 @@ module Google
       
       # In contrast to a single BackendService in HttpRouteAction to which all
       # matching traffic is directed to, WeightedBackendService allows traffic to be
-      # split across multiple BackendServices. The volume of traffic for each
-      # BackendService is proportional to the weight specified in each
-      # WeightedBackendService
+      # split across multiple backend services. The volume of traffic for each backend
+      # service is proportional to the weight specified in each WeightedBackendService
       class WeightedBackendService
         include Google::Apis::Core::Hashable
       
         # The full or partial URL to the default BackendService resource. Before
-        # forwarding the request to backendService, the loadbalancer applies any
+        # forwarding the request to backendService, the load balancer applies any
         # relevant headerActions specified as part of this backendServiceWeight.
         # Corresponds to the JSON property `backendService`
         # @return [String]
@@ -40613,12 +41007,12 @@ module Google
         # @return [Google::Apis::ComputeBeta::HttpHeaderAction]
         attr_accessor :header_action
       
-        # Specifies the fraction of traffic sent to backendService, computed as weight /
-        # (sum of all weightedBackendService weights in routeAction) . The selection of
-        # a backend service is determined only for new traffic. Once a user's request
-        # has been directed to a backendService, subsequent requests will be sent to the
-        # same backendService as determined by the BackendService's session affinity
-        # policy. The value must be between 0 and 1000
+        # Specifies the fraction of traffic sent to a backend service, computed as
+        # weight / (sum of all weightedBackendService weights in routeAction) . The
+        # selection of a backend service is determined only for new traffic. Once a user'
+        # s request has been directed to a backend service, subsequent requests are sent
+        # to the same backend service as determined by the backend service's session
+        # affinity policy. The value must be from 0 to 1000.
         # Corresponds to the JSON property `weight`
         # @return [Fixnum]
         attr_accessor :weight
@@ -41028,31 +41422,31 @@ module Google
       
         # An Identity and Access Management (IAM) policy, which specifies access
         # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
-        # A `binding` binds one or more `members` to a single `role`. Members can be
-        # user accounts, service accounts, Google groups, and domains (such as G Suite).
-        # A `role` is a named list of permissions; each `role` can be an IAM predefined
-        # role or a user-created custom role. For some types of Google Cloud resources,
-        # a `binding` can also specify a `condition`, which is a logical expression that
-        # allows access to a resource only if the expression evaluates to `true`. A
-        # condition can add constraints based on attributes of the request, the resource,
-        # or both. To learn which resources support conditions in their IAM policies,
-        # see the [IAM documentation](https://cloud.google.com/iam/help/conditions/
-        # resource-policies). **JSON example:** ` "bindings": [ ` "role": "roles/
-        # resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "
-        # group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@
-        # appspot.gserviceaccount.com" ] `, ` "role": "roles/resourcemanager.
-        # organizationViewer", "members": [ "user:eve@example.com" ], "condition": ` "
-        # title": "expirable access", "description": "Does not grant access after Sep
-        # 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", `
-        # ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:** bindings: -
-        # members: - user:mike@example.com - group:admins@example.com - domain:google.
-        # com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/
-        # resourcemanager.organizationAdmin - members: - user:eve@example.com role:
-        # roles/resourcemanager.organizationViewer condition: title: expirable access
-        # description: Does not grant access after Sep 2020 expression: request.time <
-        # timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a
-        # description of IAM and its features, see the [IAM documentation](https://cloud.
-        # google.com/iam/docs/).
+        # A `binding` binds one or more `members`, or principals, to a single `role`.
+        # Principals can be user accounts, service accounts, Google groups, and domains (
+        # such as G Suite). A `role` is a named list of permissions; each `role` can be
+        # an IAM predefined role or a user-created custom role. For some types of Google
+        # Cloud resources, a `binding` can also specify a `condition`, which is a
+        # logical expression that allows access to a resource only if the expression
+        # evaluates to `true`. A condition can add constraints based on attributes of
+        # the request, the resource, or both. To learn which resources support
+        # conditions in their IAM policies, see the [IAM documentation](https://cloud.
+        # google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
+        # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
+        # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
+        # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
+        # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
+        # ], "condition": ` "title": "expirable access", "description": "Does not grant
+        # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
+        # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
+        # bindings: - members: - user:mike@example.com - group:admins@example.com -
+        # domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
+        # role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
+        # com role: roles/resourcemanager.organizationViewer condition: title: expirable
+        # access description: Does not grant access after Sep 2020 expression: request.
+        # time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
+        # a description of IAM and its features, see the [IAM documentation](https://
+        # cloud.google.com/iam/docs/).
         # Corresponds to the JSON property `policy`
         # @return [Google::Apis::ComputeBeta::Policy]
         attr_accessor :policy