google-apis-compute_v1 0.84.0 → 0.86.0

data/lib/google/apis/compute_v1/classes.rb

@@ -1203,6 +1203,91 @@ module Google
         end
       end
       
+      # This reservation type is specified by total resource amounts (e.g. total count
+      # of CPUs) and can account for multiple instance SKUs. In other words, one can
+      # create instances of varying shapes against this reservation.
+      class AllocationAggregateReservation
+        include Google::Apis::Core::Hashable
+      
+        # [Output only] List of resources currently in use.
+        # Corresponds to the JSON property `inUseResources`
+        # @return [Array<Google::Apis::ComputeV1::AllocationAggregateReservationReservedResourceInfo>]
+        attr_accessor :in_use_resources
+      
+        # List of reserved resources (CPUs, memory, accelerators).
+        # Corresponds to the JSON property `reservedResources`
+        # @return [Array<Google::Apis::ComputeV1::AllocationAggregateReservationReservedResourceInfo>]
+        attr_accessor :reserved_resources
+      
+        # The VM family that all instances scheduled against this reservation must
+        # belong to.
+        # Corresponds to the JSON property `vmFamily`
+        # @return [String]
+        attr_accessor :vm_family
+      
+        # The workload type of the instances that will target this reservation.
+        # Corresponds to the JSON property `workloadType`
+        # @return [String]
+        attr_accessor :workload_type
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @in_use_resources = args[:in_use_resources] if args.key?(:in_use_resources)
+          @reserved_resources = args[:reserved_resources] if args.key?(:reserved_resources)
+          @vm_family = args[:vm_family] if args.key?(:vm_family)
+          @workload_type = args[:workload_type] if args.key?(:workload_type)
+        end
+      end
+      
+      # 
+      class AllocationAggregateReservationReservedResourceInfo
+        include Google::Apis::Core::Hashable
+      
+        # Properties of accelerator resources in this reservation.
+        # Corresponds to the JSON property `accelerator`
+        # @return [Google::Apis::ComputeV1::AllocationAggregateReservationReservedResourceInfoAccelerator]
+        attr_accessor :accelerator
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @accelerator = args[:accelerator] if args.key?(:accelerator)
+        end
+      end
+      
+      # 
+      class AllocationAggregateReservationReservedResourceInfoAccelerator
+        include Google::Apis::Core::Hashable
+      
+        # Number of accelerators of specified type.
+        # Corresponds to the JSON property `acceleratorCount`
+        # @return [Fixnum]
+        attr_accessor :accelerator_count
+      
+        # Full or partial URL to accelerator type. e.g. "projects/`PROJECT`/zones/`ZONE`/
+        # acceleratorTypes/ct4l"
+        # Corresponds to the JSON property `acceleratorType`
+        # @return [String]
+        attr_accessor :accelerator_type
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @accelerator_count = args[:accelerator_count] if args.key?(:accelerator_count)
+          @accelerator_type = args[:accelerator_type] if args.key?(:accelerator_type)
+        end
+      end
+      
       # [Output Only] Contains output only fields.
       class AllocationResourceStatus
         include Google::Apis::Core::Hashable
@@ -1585,6 +1670,12 @@ module Google
         # @return [String]
         attr_accessor :disk_type
       
+        # Whether this disk is using confidential compute mode.
+        # Corresponds to the JSON property `enableConfidentialCompute`
+        # @return [Boolean]
+        attr_accessor :enable_confidential_compute
+        alias_method :enable_confidential_compute?, :enable_confidential_compute
+      
         # Labels to apply to this disk. These can be later modified by the disks.
         # setLabels method. This field is only applicable for persistent disks.
         # Corresponds to the JSON property `labels`
@@ -1690,6 +1781,7 @@ module Google
           @disk_name = args[:disk_name] if args.key?(:disk_name)
           @disk_size_gb = args[:disk_size_gb] if args.key?(:disk_size_gb)
           @disk_type = args[:disk_type] if args.key?(:disk_type)
+          @enable_confidential_compute = args[:enable_confidential_compute] if args.key?(:enable_confidential_compute)
           @labels = args[:labels] if args.key?(:labels)
           @licenses = args[:licenses] if args.key?(:licenses)
           @on_update_action = args[:on_update_action] if args.key?(:on_update_action)
@@ -3228,13 +3320,13 @@ module Google
       class BackendService
         include Google::Apis::Core::Hashable
       
-        # Lifetime of cookies in seconds. This setting is applicable to external and
-        # internal HTTP(S) load balancers and Traffic Director and requires
-        # GENERATED_COOKIE or HTTP_COOKIE session affinity. If set to 0, the cookie is
-        # non-persistent and lasts only until the end of the browser session (or
-        # equivalent). The maximum allowed value is two weeks (1,209,600). Not supported
-        # when the backend service is referenced by a URL map that is bound to target
-        # gRPC proxy that has validateForProxyless field set to true.
+        # Lifetime of cookies in seconds. This setting is applicable to Application Load
+        # Balancers and Traffic Director and requires GENERATED_COOKIE or HTTP_COOKIE
+        # session affinity. If set to 0, the cookie is non-persistent and lasts only
+        # until the end of the browser session (or equivalent). The maximum allowed
+        # value is two weeks (1,209,600). Not supported when the backend service is
+        # referenced by a URL map that is bound to target gRPC proxy that has
+        # validateForProxyless field set to true.
         # Corresponds to the JSON property `affinityCookieTtlSec`
         # @return [Fixnum]
         attr_accessor :affinity_cookie_ttl_sec
@@ -3305,23 +3397,23 @@ module Google
         # @return [String]
         attr_accessor :edge_security_policy
       
-        # If true, enables Cloud CDN for the backend service of an external HTTP(S) load
-        # balancer.
+        # If true, enables Cloud CDN for the backend service of a global external
+        # Application Load Balancer.
         # Corresponds to the JSON property `enableCDN`
         # @return [Boolean]
         attr_accessor :enable_cdn
         alias_method :enable_cdn?, :enable_cdn
       
-        # For load balancers that have configurable failover: [Internal TCP/UDP Load
-        # Balancing](https://cloud.google.com/load-balancing/docs/internal/failover-
-        # overview) and [external TCP/UDP Load Balancing](https://cloud.google.com/load-
-        # balancing/docs/network/networklb-failover-overview). On failover or failback,
-        # this field indicates whether connection draining will be honored. Google Cloud
-        # has a fixed connection draining timeout of 10 minutes. A setting of true
-        # terminates existing TCP connections to the active pool during failover and
-        # failback, immediately draining traffic. A setting of false allows existing TCP
-        # connections to persist, even on VMs no longer in the active pool, for up to
-        # the duration of the connection draining timeout (10 minutes).
+        # For load balancers that have configurable failover: [Internal passthrough
+        # Network Load Balancers](https://cloud.google.com/load-balancing/docs/internal/
+        # failover-overview) and [external passthrough Network Load Balancers](https://
+        # cloud.google.com/load-balancing/docs/network/networklb-failover-overview). On
+        # failover or failback, this field indicates whether connection draining will be
+        # honored. Google Cloud has a fixed connection draining timeout of 10 minutes. A
+        # setting of true terminates existing TCP connections to the active pool during
+        # failover and failback, immediately draining traffic. A setting of false allows
+        # existing TCP connections to persist, even on VMs no longer in the active pool,
+        # for up to the duration of the connection draining timeout (10 minutes).
         # Corresponds to the JSON property `failoverPolicy`
         # @return [Google::Apis::ComputeV1::BackendServiceFailoverPolicy]
         attr_accessor :failover_policy
@@ -3454,8 +3546,8 @@ module Google
         attr_accessor :outlier_detection
       
         # Deprecated in favor of portName. The TCP port to connect on the backend. The
-        # default value is 80. For Internal TCP/UDP Load Balancing and Network Load
-        # Balancing, omit port.
+        # default value is 80. For internal passthrough Network Load Balancers and
+        # external passthrough Network Load Balancers, omit port.
         # Corresponds to the JSON property `port`
         # @return [Fixnum]
         attr_accessor :port
@@ -3464,8 +3556,8 @@ module Google
         # communication to the backend VMs in that group. The named port must be [
         # defined on each backend instance group](https://cloud.google.com/load-
         # balancing/docs/backend-service#named_ports). This parameter has no meaning if
-        # the backends are NEGs. For Internal TCP/UDP Load Balancing and Network Load
-        # Balancing, omit port_name.
+        # the backends are NEGs. For internal passthrough Network Load Balancers and
+        # external passthrough Network Load Balancers, omit port_name.
         # Corresponds to the JSON property `portName`
         # @return [String]
         attr_accessor :port_name
@@ -3947,20 +4039,20 @@ module Google
         # @return [String]
         attr_accessor :connection_persistence_on_unhealthy_backends
       
-        # Enable Strong Session Affinity for Network Load Balancing. This option is not
-        # available publicly.
+        # Enable Strong Session Affinity for external passthrough Network Load Balancers.
+        # This option is not available publicly.
         # Corresponds to the JSON property `enableStrongAffinity`
         # @return [Boolean]
         attr_accessor :enable_strong_affinity
         alias_method :enable_strong_affinity?, :enable_strong_affinity
       
         # Specifies how long to keep a Connection Tracking entry while there is no
-        # matching traffic (in seconds). For Internal TCP/UDP Load Balancing: - The
-        # minimum (default) is 10 minutes and the maximum is 16 hours. - It can be set
-        # only if Connection Tracking is less than 5-tuple (i.e. Session Affinity is
-        # CLIENT_IP_NO_DESTINATION, CLIENT_IP or CLIENT_IP_PROTO, and Tracking Mode is
-        # PER_SESSION). For Network Load Balancer the default is 60 seconds. This option
-        # is not available publicly.
+        # matching traffic (in seconds). For internal passthrough Network Load Balancers:
+        # - The minimum (default) is 10 minutes and the maximum is 16 hours. - It can
+        # be set only if Connection Tracking is less than 5-tuple (i.e. Session Affinity
+        # is CLIENT_IP_NO_DESTINATION, CLIENT_IP or CLIENT_IP_PROTO, and Tracking Mode
+        # is PER_SESSION). For external passthrough Network Load Balancers the default
+        # is 60 seconds. This option is not available publicly.
         # Corresponds to the JSON property `idleTimeoutSec`
         # @return [Fixnum]
         attr_accessor :idle_timeout_sec
@@ -3991,16 +4083,16 @@ module Google
         end
       end
       
-      # For load balancers that have configurable failover: [Internal TCP/UDP Load
-      # Balancing](https://cloud.google.com/load-balancing/docs/internal/failover-
-      # overview) and [external TCP/UDP Load Balancing](https://cloud.google.com/load-
-      # balancing/docs/network/networklb-failover-overview). On failover or failback,
-      # this field indicates whether connection draining will be honored. Google Cloud
-      # has a fixed connection draining timeout of 10 minutes. A setting of true
-      # terminates existing TCP connections to the active pool during failover and
-      # failback, immediately draining traffic. A setting of false allows existing TCP
-      # connections to persist, even on VMs no longer in the active pool, for up to
-      # the duration of the connection draining timeout (10 minutes).
+      # For load balancers that have configurable failover: [Internal passthrough
+      # Network Load Balancers](https://cloud.google.com/load-balancing/docs/internal/
+      # failover-overview) and [external passthrough Network Load Balancers](https://
+      # cloud.google.com/load-balancing/docs/network/networklb-failover-overview). On
+      # failover or failback, this field indicates whether connection draining will be
+      # honored. Google Cloud has a fixed connection draining timeout of 10 minutes. A
+      # setting of true terminates existing TCP connections to the active pool during
+      # failover and failback, immediately draining traffic. A setting of false allows
+      # existing TCP connections to persist, even on VMs no longer in the active pool,
+      # for up to the duration of the connection draining timeout (10 minutes).
       class BackendServiceFailoverPolicy
         include Google::Apis::Core::Hashable
       
@@ -4014,10 +4106,10 @@ module Google
         # and all backup backend VMs are unhealthy.If set to false, connections are
         # distributed among all primary VMs when all primary and all backup backend VMs
         # are unhealthy. For load balancers that have configurable failover: [Internal
-        # TCP/UDP Load Balancing](https://cloud.google.com/load-balancing/docs/internal/
-        # failover-overview) and [external TCP/UDP Load Balancing](https://cloud.google.
-        # com/load-balancing/docs/network/networklb-failover-overview). The default is
-        # false.
+        # passthrough Network Load Balancers](https://cloud.google.com/load-balancing/
+        # docs/internal/failover-overview) and [external passthrough Network Load
+        # Balancers](https://cloud.google.com/load-balancing/docs/network/networklb-
+        # failover-overview). The default is false.
         # Corresponds to the JSON property `dropTrafficIfUnhealthy`
         # @return [Boolean]
         attr_accessor :drop_traffic_if_unhealthy
@@ -4911,21 +5003,43 @@ module Google
         # project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:`emailid``: An
         # email address that represents a Google group. For example, `admins@example.com`
         # . * `domain:`domain``: The G Suite domain (primary) that represents all the
-        # users of that domain. For example, `google.com` or `example.com`. * `deleted:
-        # user:`emailid`?uid=`uniqueid``: An email address (plus unique identifier)
-        # representing a user that has been recently deleted. For example, `alice@
-        # example.com?uid=123456789012345678901`. If the user is recovered, this value
-        # reverts to `user:`emailid`` and the recovered user retains the role in the
-        # binding. * `deleted:serviceAccount:`emailid`?uid=`uniqueid``: An email address
-        # (plus unique identifier) representing a service account that has been recently
-        # deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=
+        # users of that domain. For example, `google.com` or `example.com`. * `principal:
+        # //iam.googleapis.com/locations/global/workforcePools/`pool_id`/subject/`
+        # subject_attribute_value``: A single identity in a workforce identity pool. * `
+        # principalSet://iam.googleapis.com/locations/global/workforcePools/`pool_id`/
+        # group/`group_id``: All workforce identities in a group. * `principalSet://iam.
+        # googleapis.com/locations/global/workforcePools/`pool_id`/attribute.`
+        # attribute_name`/`attribute_value``: All workforce identities with a specific
+        # attribute value. * `principalSet://iam.googleapis.com/locations/global/
+        # workforcePools/`pool_id`/*`: All identities in a workforce identity pool. * `
+        # principal://iam.googleapis.com/projects/`project_number`/locations/global/
+        # workloadIdentityPools/`pool_id`/subject/`subject_attribute_value``: A single
+        # identity in a workload identity pool. * `principalSet://iam.googleapis.com/
+        # projects/`project_number`/locations/global/workloadIdentityPools/`pool_id`/
+        # group/`group_id``: A workload identity pool group. * `principalSet://iam.
+        # googleapis.com/projects/`project_number`/locations/global/
+        # workloadIdentityPools/`pool_id`/attribute.`attribute_name`/`attribute_value``:
+        # All identities in a workload identity pool with a certain attribute. * `
+        # principalSet://iam.googleapis.com/projects/`project_number`/locations/global/
+        # workloadIdentityPools/`pool_id`/*`: All identities in a workload identity pool.
+        # * `deleted:user:`emailid`?uid=`uniqueid``: An email address (plus unique
+        # identifier) representing a user that has been recently deleted. For example, `
+        # alice@example.com?uid=123456789012345678901`. If the user is recovered, this
+        # value reverts to `user:`emailid`` and the recovered user retains the role in
+        # the binding. * `deleted:serviceAccount:`emailid`?uid=`uniqueid``: An email
+        # address (plus unique identifier) representing a service account that has been
+        # recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=
         # 123456789012345678901`. If the service account is undeleted, this value
         # reverts to `serviceAccount:`emailid`` and the undeleted service account
         # retains the role in the binding. * `deleted:group:`emailid`?uid=`uniqueid``:
         # An email address (plus unique identifier) representing a Google group that has
         # been recently deleted. For example, `admins@example.com?uid=
         # 123456789012345678901`. If the group is recovered, this value reverts to `
-        # group:`emailid`` and the recovered group retains the role in the binding.
+        # group:`emailid`` and the recovered group retains the role in the binding. * `
+        # deleted:principal://iam.googleapis.com/locations/global/workforcePools/`
+        # pool_id`/subject/`subject_attribute_value``: Deleted single identity in a
+        # workforce identity pool. For example, `deleted:principal://iam.googleapis.com/
+        # locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
         # Corresponds to the JSON property `members`
         # @return [Array<String>]
         attr_accessor :members
@@ -5320,6 +5434,15 @@ module Google
         # @return [String]
         attr_accessor :end_timestamp
       
+        # Specifies the already existing reservations to attach to the Commitment. This
+        # field is optional, and it can be a full or partial URL. For example, the
+        # following are valid URLs to an reservation: - https://www.googleapis.com/
+        # compute/v1/projects/project/zones/zone /reservations/reservation - projects/
+        # project/zones/zone/reservations/reservation
+        # Corresponds to the JSON property `existingReservations`
+        # @return [Array<String>]
+        attr_accessor :existing_reservations
+      
         # [Output Only] The unique identifier for the resource. This identifier is
         # defined by the server.
         # Corresponds to the JSON property `id`
@@ -5363,7 +5486,7 @@ module Google
         # @return [String]
         attr_accessor :region
       
-        # List of create-on-create reseravtions for this commitment.
+        # List of create-on-create reservations for this commitment.
         # Corresponds to the JSON property `reservations`
         # @return [Array<Google::Apis::ComputeV1::Reservation>]
         attr_accessor :reservations
@@ -5420,6 +5543,7 @@ module Google
           @creation_timestamp = args[:creation_timestamp] if args.key?(:creation_timestamp)
           @description = args[:description] if args.key?(:description)
           @end_timestamp = args[:end_timestamp] if args.key?(:end_timestamp)
+          @existing_reservations = args[:existing_reservations] if args.key?(:existing_reservations)
           @id = args[:id] if args.key?(:id)
           @kind = args[:kind] if args.key?(:kind)
           @license_resource = args[:license_resource] if args.key?(:license_resource)
@@ -6203,6 +6327,12 @@ module Google
         # @return [Google::Apis::ComputeV1::CustomerEncryptionKey]
         attr_accessor :disk_encryption_key
       
+        # Whether this disk is using confidential compute mode.
+        # Corresponds to the JSON property `enableConfidentialCompute`
+        # @return [Boolean]
+        attr_accessor :enable_confidential_compute
+        alias_method :enable_confidential_compute?, :enable_confidential_compute
+      
         # A list of features to enable on the guest operating system. Applicable only
         # for bootable images. Read Enabling guest operating system features to see a
         # list of available options.
@@ -6330,6 +6460,12 @@ module Google
         # @return [Google::Apis::ComputeV1::DiskResourceStatus]
         attr_accessor :resource_status
       
+        # Output only. Reserved for future use.
+        # Corresponds to the JSON property `satisfiesPzi`
+        # @return [Boolean]
+        attr_accessor :satisfies_pzi
+        alias_method :satisfies_pzi?, :satisfies_pzi
+      
         # [Output Only] Reserved for future use.
         # Corresponds to the JSON property `satisfiesPzs`
         # @return [Boolean]
@@ -6484,6 +6620,7 @@ module Google
           @creation_timestamp = args[:creation_timestamp] if args.key?(:creation_timestamp)
           @description = args[:description] if args.key?(:description)
           @disk_encryption_key = args[:disk_encryption_key] if args.key?(:disk_encryption_key)
+          @enable_confidential_compute = args[:enable_confidential_compute] if args.key?(:enable_confidential_compute)
           @guest_os_features = args[:guest_os_features] if args.key?(:guest_os_features)
           @id = args[:id] if args.key?(:id)
           @kind = args[:kind] if args.key?(:kind)
@@ -6504,6 +6641,7 @@ module Google
           @replica_zones = args[:replica_zones] if args.key?(:replica_zones)
           @resource_policies = args[:resource_policies] if args.key?(:resource_policies)
           @resource_status = args[:resource_status] if args.key?(:resource_status)
+          @satisfies_pzi = args[:satisfies_pzi] if args.key?(:satisfies_pzi)
           @satisfies_pzs = args[:satisfies_pzs] if args.key?(:satisfies_pzs)
           @self_link = args[:self_link] if args.key?(:self_link)
           @size_gb = args[:size_gb] if args.key?(:size_gb)
@@ -9286,10 +9424,10 @@ module Google
       # google.com/compute/docs/reference/rest/v1/globalForwardingRules) * [Regional](
       # https://cloud.google.com/compute/docs/reference/rest/v1/forwardingRules) A
       # forwarding rule and its corresponding IP address represent the frontend
-      # configuration of a Google Cloud Platform load balancer. Forwarding rules can
-      # also reference target instances and Cloud VPN Classic gateways (
-      # targetVpnGateway). For more information, read Forwarding rule concepts and
-      # Using protocol forwarding.
+      # configuration of a Google Cloud load balancer. Forwarding rules can also
+      # reference target instances and Cloud VPN Classic gateways (targetVpnGateway).
+      # For more information, read Forwarding rule concepts and Using protocol
+      # forwarding.
       class ForwardingRule
         include Google::Apis::Core::Hashable
       
@@ -9345,11 +9483,12 @@ module Google
       
         # This field is used along with the backend_service field for internal load
         # balancing or with the target field for internal TargetInstance. If set to true,
-        # clients can access the Internal TCP/UDP Load Balancer, Internal HTTP(S) and
-        # TCP Proxy Load Balancer from all regions. If false, only allows access from
-        # the local region the load balancer is located at. Note that for
-        # INTERNAL_MANAGED forwarding rules, this field cannot be changed after the
-        # forwarding rule is created.
+        # clients can access the internal passthrough Network Load Balancers, the
+        # regional internal Application Load Balancer, and the regional internal proxy
+        # Network Load Balancer from all regions. If false, only allows access from the
+        # local region the load balancer is located at. Note that for INTERNAL_MANAGED
+        # forwarding rules, this field cannot be changed after the forwarding rule is
+        # created.
         # Corresponds to the JSON property `allowGlobalAccess`
         # @return [Boolean]
         attr_accessor :allow_global_access
@@ -9363,16 +9502,16 @@ module Google
         alias_method :allow_psc_global_access?, :allow_psc_global_access
       
         # Identifies the backend service to which the forwarding rule sends traffic.
-        # Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must
-        # be omitted for all other load balancer types.
+        # Required for internal and external passthrough Network Load Balancers; must be
+        # omitted for all other load balancer types.
         # Corresponds to the JSON property `backendService`
         # @return [String]
         attr_accessor :backend_service
       
-        # [Output Only] The URL for the corresponding base Forwarding Rule. By base
-        # Forwarding Rule, we mean the Forwarding Rule that has the same IP address,
-        # protocol, and port settings with the current Forwarding Rule, but without
-        # sourceIPRanges specified. Always empty if the current Forwarding Rule does not
+        # [Output Only] The URL for the corresponding base forwarding rule. By base
+        # forwarding rule, we mean the forwarding rule that has the same IP address,
+        # protocol, and port settings with the current forwarding rule, but without
+        # sourceIPRanges specified. Always empty if the current forwarding rule does not
         # have sourceIPRanges specified.
         # Corresponds to the JSON property `baseForwardingRule`
         # @return [String]
@@ -9423,7 +9562,7 @@ module Google
         alias_method :is_mirroring_collector?, :is_mirroring_collector
       
         # [Output Only] Type of the resource. Always compute#forwardingRule for
-        # Forwarding Rule resources.
+        # forwarding rule resources.
         # Corresponds to the JSON property `kind`
         # @return [String]
         attr_accessor :kind
@@ -9485,13 +9624,13 @@ module Google
         # @return [String]
         attr_accessor :name
       
-        # This field is not used for global external load balancing. For Internal TCP/
-        # UDP Load Balancing, this field identifies the network that the load balanced
-        # IP should belong to for this Forwarding Rule. If the subnetwork is specified,
-        # the network of the subnetwork will be used. If neither subnetwork nor this
-        # field is specified, the default network will be used. For Private Service
-        # Connect forwarding rules that forward traffic to Google APIs, a network must
-        # be provided.
+        # This field is not used for global external load balancing. For internal
+        # passthrough Network Load Balancers, this field identifies the network that the
+        # load balanced IP should belong to for this forwarding rule. If the subnetwork
+        # is specified, the network of the subnetwork will be used. If neither
+        # subnetwork nor this field is specified, the default network will be used. For
+        # Private Service Connect forwarding rules that forward traffic to Google APIs,
+        # a network must be provided.
         # Corresponds to the JSON property `network`
         # @return [String]
         attr_accessor :network
@@ -9550,7 +9689,7 @@ module Google
         # @return [Array<String>]
         attr_accessor :ports
       
-        # [Output Only] The PSC connection id of the PSC Forwarding Rule.
+        # [Output Only] The PSC connection id of the PSC forwarding rule.
         # Corresponds to the JSON property `pscConnectionId`
         # @return [Fixnum]
         attr_accessor :psc_connection_id
@@ -9579,7 +9718,7 @@ module Google
         # @return [Array<Google::Apis::ComputeV1::ForwardingRuleServiceDirectoryRegistration>]
         attr_accessor :service_directory_registrations
       
-        # An optional prefix to the service name for this Forwarding Rule. If specified,
+        # An optional prefix to the service name for this forwarding rule. If specified,
         # the prefix is the first label of the fully qualified service name. The label
         # must be 1-63 characters long, and comply with RFC1035. Specifically, the label
         # must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*
@@ -9591,16 +9730,16 @@ module Google
         # @return [String]
         attr_accessor :service_label
       
-        # [Output Only] The internal fully qualified service name for this Forwarding
-        # Rule. This field is only used for internal load balancing.
+        # [Output Only] The internal fully qualified service name for this forwarding
+        # rule. This field is only used for internal load balancing.
         # Corresponds to the JSON property `serviceName`
         # @return [String]
         attr_accessor :service_name
       
-        # If not empty, this Forwarding Rule will only forward the traffic when the
+        # If not empty, this forwarding rule will only forward the traffic when the
         # source IP address matches one of the IP addresses or CIDR ranges set here.
-        # Note that a Forwarding Rule can only have up to 64 source IP ranges, and this
-        # field can only be used with a regional Forwarding Rule whose scheme is
+        # Note that a forwarding rule can only have up to 64 source IP ranges, and this
+        # field can only be used with a regional forwarding rule whose scheme is
         # EXTERNAL. Each source_ip_range entry should be either an IP address (for
         # example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
         # Corresponds to the JSON property `sourceIpRanges`
@@ -9608,10 +9747,11 @@ module Google
         attr_accessor :source_ip_ranges
       
         # This field identifies the subnetwork that the load balanced IP should belong
-        # to for this Forwarding Rule, used in internal load balancing and network load
-        # balancing with IPv6. If the network specified is in auto subnet mode, this
-        # field is optional. However, a subnetwork must be specified if the network is
-        # in custom subnet mode or when creating external forwarding rule with IPv6.
+        # to for this forwarding rule, used with internal load balancers and external
+        # passthrough Network Load Balancers with IPv6. If the network specified is in
+        # auto subnet mode, this field is optional. However, a subnetwork must be
+        # specified if the network is in custom subnet mode or when creating external
+        # forwarding rule with IPv6.
         # Corresponds to the JSON property `subnetwork`
         # @return [String]
         attr_accessor :subnetwork
@@ -9935,9 +10075,9 @@ module Google
         end
       end
       
-      # Describes the auto-registration of the Forwarding Rule to Service Directory.
+      # Describes the auto-registration of the forwarding rule to Service Directory.
       # The region and project of the Service Directory resource generated from this
-      # registration will be the same as this Forwarding Rule.
+      # registration will be the same as this forwarding rule.
       class ForwardingRuleServiceDirectoryRegistration
         include Google::Apis::Core::Hashable
       
@@ -9953,7 +10093,7 @@ module Google
       
         # [Optional] Service Directory region to register this global forwarding rule
         # under. Default to "us-central1". Only used for PSC for Google APIs. All PSC
-        # for Google APIs Forwarding Rules on the same network should use the same
+        # for Google APIs forwarding rules on the same network should use the same
         # Service Directory region.
         # Corresponds to the JSON property `serviceDirectoryRegion`
         # @return [String]
@@ -10088,7 +10228,7 @@ module Google
       
         # Specifies how a port is selected for health checking. Can be one of the
         # following values: USE_FIXED_PORT: Specifies a port number explicitly using the
-        # port field in the health check. Supported by backend services for pass-through
+        # port field in the health check. Supported by backend services for passthrough
         # load balancers and backend services for proxy load balancers. Not supported by
         # target pools. The health check supports all backends supported by the backend
         # service provided the backend can be health checked. For example, GCE_VM_IP
@@ -10096,13 +10236,13 @@ module Google
         # group backends. USE_NAMED_PORT: Not supported. USE_SERVING_PORT: Provides an
         # indirect method of specifying the health check port by referring to the
         # backend service. Only supported by backend services for proxy load balancers.
-        # Not supported by target pools. Not supported by backend services for pass-
-        # through load balancers. Supports all backends that can be health checked; for
-        # example, GCE_VM_IP_PORT network endpoint groups and instance group backends.
-        # For GCE_VM_IP_PORT network endpoint group backends, the health check uses the
-        # port number specified for each endpoint in the network endpoint group. For
-        # instance group backends, the health check uses the port number determined by
-        # looking up the backend service's named port in the instance group's list of
+        # Not supported by target pools. Not supported by backend services for
+        # passthrough load balancers. Supports all backends that can be health checked;
+        # for example, GCE_VM_IP_PORT network endpoint groups and instance group
+        # backends. For GCE_VM_IP_PORT network endpoint group backends, the health check
+        # uses the port number specified for each endpoint in the network endpoint group.
+        # For instance group backends, the health check uses the port number determined
+        # by looking up the backend service's named port in the instance group's list of
         # named ports.
         # Corresponds to the JSON property `portSpecification`
         # @return [String]
@@ -10451,8 +10591,8 @@ module Google
         # The ID of a supported feature. To add multiple values, use commas to separate
         # values. Set to one or more of the following values: - VIRTIO_SCSI_MULTIQUEUE -
         # WINDOWS - MULTI_IP_SUBNET - UEFI_COMPATIBLE - GVNIC - SEV_CAPABLE -
-        # SUSPEND_RESUME_COMPATIBLE - SEV_LIVE_MIGRATABLE - SEV_SNP_CAPABLE For more
-        # information, see Enabling guest operating system features.
+        # SUSPEND_RESUME_COMPATIBLE - SEV_LIVE_MIGRATABLE - SEV_SNP_CAPABLE - IDPF For
+        # more information, see Enabling guest operating system features.
         # Corresponds to the JSON property `type`
         # @return [String]
         attr_accessor :type
@@ -10493,7 +10633,7 @@ module Google
       
         # Specifies how a port is selected for health checking. Can be one of the
         # following values: USE_FIXED_PORT: Specifies a port number explicitly using the
-        # port field in the health check. Supported by backend services for pass-through
+        # port field in the health check. Supported by backend services for passthrough
         # load balancers and backend services for proxy load balancers. Not supported by
         # target pools. The health check supports all backends supported by the backend
         # service provided the backend can be health checked. For example, GCE_VM_IP
@@ -10501,13 +10641,13 @@ module Google
         # group backends. USE_NAMED_PORT: Not supported. USE_SERVING_PORT: Provides an
         # indirect method of specifying the health check port by referring to the
         # backend service. Only supported by backend services for proxy load balancers.
-        # Not supported by target pools. Not supported by backend services for pass-
-        # through load balancers. Supports all backends that can be health checked; for
-        # example, GCE_VM_IP_PORT network endpoint groups and instance group backends.
-        # For GCE_VM_IP_PORT network endpoint group backends, the health check uses the
-        # port number specified for each endpoint in the network endpoint group. For
-        # instance group backends, the health check uses the port number determined by
-        # looking up the backend service's named port in the instance group's list of
+        # Not supported by target pools. Not supported by backend services for
+        # passthrough load balancers. Supports all backends that can be health checked;
+        # for example, GCE_VM_IP_PORT network endpoint groups and instance group
+        # backends. For GCE_VM_IP_PORT network endpoint group backends, the health check
+        # uses the port number specified for each endpoint in the network endpoint group.
+        # For instance group backends, the health check uses the port number determined
+        # by looking up the backend service's named port in the instance group's list of
         # named ports.
         # Corresponds to the JSON property `portSpecification`
         # @return [String]
@@ -10575,7 +10715,7 @@ module Google
       
         # Specifies how a port is selected for health checking. Can be one of the
         # following values: USE_FIXED_PORT: Specifies a port number explicitly using the
-        # port field in the health check. Supported by backend services for pass-through
+        # port field in the health check. Supported by backend services for passthrough
         # load balancers and backend services for proxy load balancers. Also supported
         # in legacy HTTP health checks for target pools. The health check supports all
         # backends supported by the backend service provided the backend can be health
@@ -10657,7 +10797,7 @@ module Google
       
         # Specifies how a port is selected for health checking. Can be one of the
         # following values: USE_FIXED_PORT: Specifies a port number explicitly using the
-        # port field in the health check. Supported by backend services for pass-through
+        # port field in the health check. Supported by backend services for passthrough
         # load balancers and backend services for proxy load balancers. Not supported by
         # target pools. The health check supports all backends supported by the backend
         # service provided the backend can be health checked. For example, GCE_VM_IP
@@ -10665,13 +10805,13 @@ module Google
         # group backends. USE_NAMED_PORT: Not supported. USE_SERVING_PORT: Provides an
         # indirect method of specifying the health check port by referring to the
         # backend service. Only supported by backend services for proxy load balancers.
-        # Not supported by target pools. Not supported by backend services for pass-
-        # through load balancers. Supports all backends that can be health checked; for
-        # example, GCE_VM_IP_PORT network endpoint groups and instance group backends.
-        # For GCE_VM_IP_PORT network endpoint group backends, the health check uses the
-        # port number specified for each endpoint in the network endpoint group. For
-        # instance group backends, the health check uses the port number determined by
-        # looking up the backend service's named port in the instance group's list of
+        # Not supported by target pools. Not supported by backend services for
+        # passthrough load balancers. Supports all backends that can be health checked;
+        # for example, GCE_VM_IP_PORT network endpoint groups and instance group
+        # backends. For GCE_VM_IP_PORT network endpoint group backends, the health check
+        # uses the port number specified for each endpoint in the network endpoint group.
+        # For instance group backends, the health check uses the port number determined
+        # by looking up the backend service's named port in the instance group's list of
         # named ports.
         # Corresponds to the JSON property `portSpecification`
         # @return [String]
@@ -10717,18 +10857,13 @@ module Google
       # resources: * [Regional](/compute/docs/reference/rest/v1/regionHealthChecks) * [
       # Global](/compute/docs/reference/rest/v1/healthChecks) These health check
       # resources can be used for load balancing and for autohealing VMs in a managed
-      # instance group (MIG). **Load balancing** The following load balancer can use
-      # either regional or global health check: * Internal TCP/UDP load balancer The
-      # following load balancers require regional health check: * Internal HTTP(S)
-      # load balancer * Backend service-based network load balancer Traffic Director
-      # and the following load balancers require global health check: * External HTTP(
-      # S) load balancer * TCP proxy load balancer * SSL proxy load balancer The
-      # following load balancer require [legacy HTTP health checks](/compute/docs/
-      # reference/rest/v1/httpHealthChecks): * Target pool-based network load balancer
-      # **Autohealing in MIGs** The health checks that you use for autohealing VMs in
-      # a MIG can be either regional or global. For more information, see Set up an
-      # application health check and autohealing. For more information, see Health
-      # checks overview.
+      # instance group (MIG). **Load balancing** Health check requirements vary
+      # depending on the type of load balancer. For details about the type of health
+      # check supported for each load balancer and corresponding backend type, see
+      # Health checks overview: Load balancer guide. **Autohealing in MIGs** The
+      # health checks that you use for autohealing VMs in a MIG can be either regional
+      # or global. For more information, see Set up an application health check and
+      # autohealing. For more information, see Health checks overview.
       class HealthCheck
         include Google::Apis::Core::Hashable
       
@@ -12914,6 +13049,13 @@ module Google
         # @return [Fixnum]
         attr_accessor :disk_size_gb
       
+        # Whether this image is created from a confidential compute mode disk. [Output
+        # Only]: This field is not set by user, but from source disk.
+        # Corresponds to the JSON property `enableConfidentialCompute`
+        # @return [Boolean]
+        attr_accessor :enable_confidential_compute
+        alias_method :enable_confidential_compute?, :enable_confidential_compute
+      
         # The name of the image family to which this image belongs. The image family
         # name can be from a publicly managed image family provided by Compute Engine,
         # or from a custom image family you create. For example, centos-stream-9 is a
@@ -12997,6 +13139,12 @@ module Google
         # @return [Google::Apis::ComputeV1::Image::RawDisk]
         attr_accessor :raw_disk
       
+        # Output only. Reserved for future use.
+        # Corresponds to the JSON property `satisfiesPzi`
+        # @return [Boolean]
+        attr_accessor :satisfies_pzi
+        alias_method :satisfies_pzi?, :satisfies_pzi
+      
         # [Output Only] Reserved for future use.
         # Corresponds to the JSON property `satisfiesPzs`
         # @return [Boolean]
@@ -13115,6 +13263,7 @@ module Google
           @deprecated = args[:deprecated] if args.key?(:deprecated)
           @description = args[:description] if args.key?(:description)
           @disk_size_gb = args[:disk_size_gb] if args.key?(:disk_size_gb)
+          @enable_confidential_compute = args[:enable_confidential_compute] if args.key?(:enable_confidential_compute)
           @family = args[:family] if args.key?(:family)
           @guest_os_features = args[:guest_os_features] if args.key?(:guest_os_features)
           @id = args[:id] if args.key?(:id)
@@ -13126,6 +13275,7 @@ module Google
           @licenses = args[:licenses] if args.key?(:licenses)
           @name = args[:name] if args.key?(:name)
           @raw_disk = args[:raw_disk] if args.key?(:raw_disk)
+          @satisfies_pzi = args[:satisfies_pzi] if args.key?(:satisfies_pzi)
           @satisfies_pzs = args[:satisfies_pzs] if args.key?(:satisfies_pzs)
           @self_link = args[:self_link] if args.key?(:self_link)
           @shielded_instance_initial_state = args[:shielded_instance_initial_state] if args.key?(:shielded_instance_initial_state)
@@ -13580,6 +13730,12 @@ module Google
         # @return [Google::Apis::ComputeV1::ResourceStatus]
         attr_accessor :resource_status
       
+        # [Output Only] Reserved for future use.
+        # Corresponds to the JSON property `satisfiesPzi`
+        # @return [Boolean]
+        attr_accessor :satisfies_pzi
+        alias_method :satisfies_pzi?, :satisfies_pzi
+      
         # [Output Only] Reserved for future use.
         # Corresponds to the JSON property `satisfiesPzs`
         # @return [Boolean]
@@ -13697,6 +13853,7 @@ module Google
           @reservation_affinity = args[:reservation_affinity] if args.key?(:reservation_affinity)
           @resource_policies = args[:resource_policies] if args.key?(:resource_policies)
           @resource_status = args[:resource_status] if args.key?(:resource_status)
+          @satisfies_pzi = args[:satisfies_pzi] if args.key?(:satisfies_pzi)
           @satisfies_pzs = args[:satisfies_pzs] if args.key?(:satisfies_pzs)
           @scheduling = args[:scheduling] if args.key?(:scheduling)
           @self_link = args[:self_link] if args.key?(:self_link)
@@ -20439,6 +20596,12 @@ module Google
         # @return [String]
         attr_accessor :name
       
+        # Output only. Reserved for future use.
+        # Corresponds to the JSON property `satisfiesPzi`
+        # @return [Boolean]
+        attr_accessor :satisfies_pzi
+        alias_method :satisfies_pzi?, :satisfies_pzi
+      
         # [Output Only] Reserved for future use.
         # Corresponds to the JSON property `satisfiesPzs`
         # @return [Boolean]
@@ -20508,6 +20671,7 @@ module Google
           @kind = args[:kind] if args.key?(:kind)
           @machine_image_encryption_key = args[:machine_image_encryption_key] if args.key?(:machine_image_encryption_key)
           @name = args[:name] if args.key?(:name)
+          @satisfies_pzi = args[:satisfies_pzi] if args.key?(:satisfies_pzi)
           @satisfies_pzs = args[:satisfies_pzs] if args.key?(:satisfies_pzs)
           @saved_disks = args[:saved_disks] if args.key?(:saved_disks)
           @self_link = args[:self_link] if args.key?(:self_link)
@@ -26086,7 +26250,8 @@ module Google
       # operations, use the `globalOperations` resource. - For regional operations,
       # use the `regionOperations` resource. - For zonal operations, use the `
       # zoneOperations` resource. For more information, read Global, Regional, and
-      # Zonal Resources.
+      # Zonal Resources. Note that completed Operation resources have a limited
+      # retention period.
       class Operation
         include Google::Apis::Core::Hashable
       
@@ -27196,15 +27361,17 @@ module Google
       
         # Protocols that apply as filter on mirrored traffic. If no protocols are
         # specified, all traffic that matches the specified CIDR ranges is mirrored. If
-        # neither cidrRanges nor IPProtocols is specified, all traffic is mirrored.
+        # neither cidrRanges nor IPProtocols is specified, all IPv4 traffic is mirrored.
         # Corresponds to the JSON property `IPProtocols`
         # @return [Array<String>]
         attr_accessor :ip_protocols
       
-        # IP CIDR ranges that apply as filter on the source (ingress) or destination (
-        # egress) IP in the IP header. Only IPv4 is supported. If no ranges are
-        # specified, all traffic that matches the specified IPProtocols is mirrored. If
-        # neither cidrRanges nor IPProtocols is specified, all traffic is mirrored.
+        # One or more IPv4 or IPv6 CIDR ranges that apply as filter on the source (
+        # ingress) or destination (egress) IP in the IP header. If no ranges are
+        # specified, all IPv4 traffic that matches the specified IPProtocols is mirrored.
+        # If neither cidrRanges nor IPProtocols is specified, all IPv4 traffic is
+        # mirrored. To mirror all IPv4 and IPv6 traffic, use "0.0.0.0/0,::/0". Note:
+        # Support for IPv6 traffic is in preview.
         # Corresponds to the JSON property `cidrRanges`
         # @return [Array<String>]
         attr_accessor :cidr_ranges
@@ -30831,6 +30998,13 @@ module Google
       class Reservation
         include Google::Apis::Core::Hashable
       
+        # This reservation type is specified by total resource amounts (e.g. total count
+        # of CPUs) and can account for multiple instance SKUs. In other words, one can
+        # create instances of varying shapes against this reservation.
+        # Corresponds to the JSON property `aggregateReservation`
+        # @return [Google::Apis::ComputeV1::AllocationAggregateReservation]
+        attr_accessor :aggregate_reservation
+      
         # [Output Only] Full or partial URL to a parent commitment. This field displays
         # for reservations that are tied to a commitment.
         # Corresponds to the JSON property `commitment`
@@ -30930,6 +31104,7 @@ module Google
       
         # Update properties of this object
         def update!(**args)
+          @aggregate_reservation = args[:aggregate_reservation] if args.key?(:aggregate_reservation)
           @commitment = args[:commitment] if args.key?(:commitment)
           @creation_timestamp = args[:creation_timestamp] if args.key?(:creation_timestamp)
           @description = args[:description] if args.key?(:description)
@@ -34306,7 +34481,7 @@ module Google
       
         # Specifies how a port is selected for health checking. Can be one of the
         # following values: USE_FIXED_PORT: Specifies a port number explicitly using the
-        # port field in the health check. Supported by backend services for pass-through
+        # port field in the health check. Supported by backend services for passthrough
         # load balancers and backend services for proxy load balancers. Not supported by
         # target pools. The health check supports all backends supported by the backend
         # service provided the backend can be health checked. For example, GCE_VM_IP
@@ -34314,13 +34489,13 @@ module Google
         # group backends. USE_NAMED_PORT: Not supported. USE_SERVING_PORT: Provides an
         # indirect method of specifying the health check port by referring to the
         # backend service. Only supported by backend services for proxy load balancers.
-        # Not supported by target pools. Not supported by backend services for pass-
-        # through load balancers. Supports all backends that can be health checked; for
-        # example, GCE_VM_IP_PORT network endpoint groups and instance group backends.
-        # For GCE_VM_IP_PORT network endpoint group backends, the health check uses the
-        # port number specified for each endpoint in the network endpoint group. For
-        # instance group backends, the health check uses the port number determined by
-        # looking up the backend service's named port in the instance group's list of
+        # Not supported by target pools. Not supported by backend services for
+        # passthrough load balancers. Supports all backends that can be health checked;
+        # for example, GCE_VM_IP_PORT network endpoint groups and instance group
+        # backends. For GCE_VM_IP_PORT network endpoint group backends, the health check
+        # uses the port number specified for each endpoint in the network endpoint group.
+        # For instance group backends, the health check uses the port number determined
+        # by looking up the backend service's named port in the instance group's list of
         # named ports.
         # Corresponds to the JSON property `portSpecification`
         # @return [String]
@@ -35654,6 +35829,12 @@ module Google
         # @return [Google::Apis::ComputeV1::Expr]
         attr_accessor :expr
       
+        # The configuration options available when specifying a user defined CEVAL
+        # expression (i.e., 'expr').
+        # Corresponds to the JSON property `exprOptions`
+        # @return [Google::Apis::ComputeV1::SecurityPolicyRuleMatcherExprOptions]
+        attr_accessor :expr_options
+      
         # Preconfigured versioned expression. If this field is specified, config must
         # also be specified. Available preconfigured expressions along with their
         # requirements are: SRC_IPS_V1 - must specify the corresponding src_ip_range
@@ -35670,6 +35851,7 @@ module Google
         def update!(**args)
           @config = args[:config] if args.key?(:config)
           @expr = args[:expr] if args.key?(:expr)
+          @expr_options = args[:expr_options] if args.key?(:expr_options)
           @versioned_expr = args[:versioned_expr] if args.key?(:versioned_expr)
         end
       end
@@ -35693,6 +35875,55 @@ module Google
         end
       end
       
+      # 
+      class SecurityPolicyRuleMatcherExprOptions
+        include Google::Apis::Core::Hashable
+      
+        # reCAPTCHA configuration options to be applied for the rule. If the rule does
+        # not evaluate reCAPTCHA tokens, this field has no effect.
+        # Corresponds to the JSON property `recaptchaOptions`
+        # @return [Google::Apis::ComputeV1::SecurityPolicyRuleMatcherExprOptionsRecaptchaOptions]
+        attr_accessor :recaptcha_options
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @recaptcha_options = args[:recaptcha_options] if args.key?(:recaptcha_options)
+        end
+      end
+      
+      # 
+      class SecurityPolicyRuleMatcherExprOptionsRecaptchaOptions
+        include Google::Apis::Core::Hashable
+      
+        # A list of site keys to be used during the validation of reCAPTCHA action-
+        # tokens. The provided site keys need to be created from reCAPTCHA API under the
+        # same project where the security policy is created.
+        # Corresponds to the JSON property `actionTokenSiteKeys`
+        # @return [Array<String>]
+        attr_accessor :action_token_site_keys
+      
+        # A list of site keys to be used during the validation of reCAPTCHA session-
+        # tokens. The provided site keys need to be created from reCAPTCHA API under the
+        # same project where the security policy is created.
+        # Corresponds to the JSON property `sessionTokenSiteKeys`
+        # @return [Array<String>]
+        attr_accessor :session_token_site_keys
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @action_token_site_keys = args[:action_token_site_keys] if args.key?(:action_token_site_keys)
+          @session_token_site_keys = args[:session_token_site_keys] if args.key?(:session_token_site_keys)
+        end
+      end
+      
       # Represents a match condition that incoming network traffic is evaluated
       # against.
       class SecurityPolicyRuleNetworkMatcher
@@ -35933,7 +36164,13 @@ module Google
         # is truncated to the first 128 bytes. - SNI: Server name indication in the TLS
         # session of the HTTPS request. The key value is truncated to the first 128
         # bytes. The key type defaults to ALL on a HTTP session. - REGION_CODE: The
-        # country/region from which the request originates.
+        # country/region from which the request originates. - TLS_JA3_FINGERPRINT: JA3
+        # TLS/SSL fingerprint if the client connects using HTTPS, HTTP/2 or HTTP/3. If
+        # not available, the key type defaults to ALL. - USER_IP: The IP address of the
+        # originating client, which is resolved based on "userIpRequestHeaders"
+        # configured with the security policy. If there is no "userIpRequestHeaders"
+        # configuration or an IP address cannot be resolved from it, the key type
+        # defaults to IP.
         # Corresponds to the JSON property `enforceOnKey`
         # @return [String]
         attr_accessor :enforce_on_key
@@ -36022,7 +36259,13 @@ module Google
         # is truncated to the first 128 bytes. - SNI: Server name indication in the TLS
         # session of the HTTPS request. The key value is truncated to the first 128
         # bytes. The key type defaults to ALL on a HTTP session. - REGION_CODE: The
-        # country/region from which the request originates.
+        # country/region from which the request originates. - TLS_JA3_FINGERPRINT: JA3
+        # TLS/SSL fingerprint if the client connects using HTTPS, HTTP/2 or HTTP/3. If
+        # not available, the key type defaults to ALL. - USER_IP: The IP address of the
+        # originating client, which is resolved based on "userIpRequestHeaders"
+        # configured with the security policy. If there is no "userIpRequestHeaders"
+        # configuration or an IP address cannot be resolved from it, the key type
+        # defaults to IP.
         # Corresponds to the JSON property `enforceOnKeyType`
         # @return [String]
         attr_accessor :enforce_on_key_type
@@ -37156,6 +37399,13 @@ module Google
         # @return [Fixnum]
         attr_accessor :download_bytes
       
+        # Whether this snapshot is created from a confidential compute mode disk. [
+        # Output Only]: This field is not set by user, but from source disk.
+        # Corresponds to the JSON property `enableConfidentialCompute`
+        # @return [Boolean]
+        attr_accessor :enable_confidential_compute
+        alias_method :enable_confidential_compute?, :enable_confidential_compute
+      
         # [Output Only] A list of features to enable on the guest operating system.
         # Applicable only for bootable images. Read Enabling guest operating system
         # features to see a list of available options.
@@ -37222,6 +37472,12 @@ module Google
         # @return [String]
         attr_accessor :name
       
+        # Output only. Reserved for future use.
+        # Corresponds to the JSON property `satisfiesPzi`
+        # @return [Boolean]
+        attr_accessor :satisfies_pzi
+        alias_method :satisfies_pzi?, :satisfies_pzi
+      
         # [Output Only] Reserved for future use.
         # Corresponds to the JSON property `satisfiesPzs`
         # @return [Boolean]
@@ -37323,6 +37579,7 @@ module Google
           @description = args[:description] if args.key?(:description)
           @disk_size_gb = args[:disk_size_gb] if args.key?(:disk_size_gb)
           @download_bytes = args[:download_bytes] if args.key?(:download_bytes)
+          @enable_confidential_compute = args[:enable_confidential_compute] if args.key?(:enable_confidential_compute)
           @guest_os_features = args[:guest_os_features] if args.key?(:guest_os_features)
           @id = args[:id] if args.key?(:id)
           @kind = args[:kind] if args.key?(:kind)
@@ -37332,6 +37589,7 @@ module Google
           @licenses = args[:licenses] if args.key?(:licenses)
           @location_hint = args[:location_hint] if args.key?(:location_hint)
           @name = args[:name] if args.key?(:name)
+          @satisfies_pzi = args[:satisfies_pzi] if args.key?(:satisfies_pzi)
           @satisfies_pzs = args[:satisfies_pzs] if args.key?(:satisfies_pzs)
           @self_link = args[:self_link] if args.key?(:self_link)
           @snapshot_encryption_key = args[:snapshot_encryption_key] if args.key?(:snapshot_encryption_key)
@@ -38578,9 +38836,10 @@ module Google
         end
       end
       
-      # Represents an SSL Policy resource. Use SSL policies to control the SSL
-      # features, such as versions and cipher suites, offered by an HTTPS or SSL Proxy
-      # load balancer. For more information, read SSL Policy Concepts.
+      # Represents an SSL Policy resource. Use SSL policies to control SSL features,
+      # such as versions and cipher suites, that are offered by Application Load
+      # Balancers and proxy Network Load Balancers. For more information, read SSL
+      # policies overview.
       class SslPolicy
         include Google::Apis::Core::Hashable
       
@@ -39043,18 +39302,15 @@ module Google
         attr_accessor :private_ipv6_google_access
       
         # The purpose of the resource. This field can be either PRIVATE,
-        # REGIONAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT, or
-        # INTERNAL_HTTPS_LOAD_BALANCER. PRIVATE is the default purpose for user-created
-        # subnets or subnets that are automatically created in auto mode networks. A
-        # subnet with purpose set to REGIONAL_MANAGED_PROXY is a user-created subnetwork
-        # that is reserved for regional Envoy-based load balancers. A subnet with
-        # purpose set to PRIVATE_SERVICE_CONNECT is used to publish services using
-        # Private Service Connect. A subnet with purpose set to
-        # INTERNAL_HTTPS_LOAD_BALANCER is a proxy-only subnet that can be used only by
-        # regional internal HTTP(S) load balancers. Note that REGIONAL_MANAGED_PROXY is
-        # the preferred setting for all regional Envoy load balancers. If unspecified,
-        # the subnet purpose defaults to PRIVATE. The enableFlowLogs field isn't
-        # supported if the subnet purpose field is set to REGIONAL_MANAGED_PROXY.
+        # GLOBAL_MANAGED_PROXY, REGIONAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT, or
+        # PRIVATE is the default purpose for user-created subnets or subnets that are
+        # automatically created in auto mode networks. Subnets with purpose set to
+        # GLOBAL_MANAGED_PROXY or REGIONAL_MANAGED_PROXY are user-created subnetworks
+        # that are reserved for Envoy-based load balancers. A subnet with purpose set to
+        # PRIVATE_SERVICE_CONNECT is used to publish services using Private Service
+        # Connect. If unspecified, the subnet purpose defaults to PRIVATE. The
+        # enableFlowLogs field isn't supported if the subnet purpose field is set to
+        # GLOBAL_MANAGED_PROXY or REGIONAL_MANAGED_PROXY.
         # Corresponds to the JSON property `purpose`
         # @return [String]
         attr_accessor :purpose
@@ -39065,11 +39321,17 @@ module Google
         # @return [String]
         attr_accessor :region
       
-        # The role of subnetwork. Currently, this field is only used when purpose =
-        # REGIONAL_MANAGED_PROXY. The value can be set to ACTIVE or BACKUP. An ACTIVE
-        # subnetwork is one that is currently being used for Envoy-based load balancers
-        # in a region. A BACKUP subnetwork is one that is ready to be promoted to ACTIVE
-        # or is currently draining. This field can be updated with a patch request.
+        # The URL of the reserved internal range.
+        # Corresponds to the JSON property `reservedInternalRange`
+        # @return [String]
+        attr_accessor :reserved_internal_range
+      
+        # The role of subnetwork. Currently, this field is only used when purpose is set
+        # to GLOBAL_MANAGED_PROXY or REGIONAL_MANAGED_PROXY. The value can be set to
+        # ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently being used for
+        # Envoy-based load balancers in a region. A BACKUP subnetwork is one that is
+        # ready to be promoted to ACTIVE or is currently draining. This field can be
+        # updated with a patch request.
         # Corresponds to the JSON property `role`
         # @return [String]
         attr_accessor :role
@@ -39130,6 +39392,7 @@ module Google
           @private_ipv6_google_access = args[:private_ipv6_google_access] if args.key?(:private_ipv6_google_access)
           @purpose = args[:purpose] if args.key?(:purpose)
           @region = args[:region] if args.key?(:region)
+          @reserved_internal_range = args[:reserved_internal_range] if args.key?(:reserved_internal_range)
           @role = args[:role] if args.key?(:role)
           @secondary_ip_ranges = args[:secondary_ip_ranges] if args.key?(:secondary_ip_ranges)
           @self_link = args[:self_link] if args.key?(:self_link)
@@ -39466,6 +39729,11 @@ module Google
         # @return [String]
         attr_accessor :range_name
       
+        # The URL of the reserved internal range.
+        # Corresponds to the JSON property `reservedInternalRange`
+        # @return [String]
+        attr_accessor :reserved_internal_range
+      
         def initialize(**args)
            update!(**args)
         end
@@ -39474,6 +39742,7 @@ module Google
         def update!(**args)
           @ip_cidr_range = args[:ip_cidr_range] if args.key?(:ip_cidr_range)
           @range_name = args[:range_name] if args.key?(:range_name)
+          @reserved_internal_range = args[:reserved_internal_range] if args.key?(:reserved_internal_range)
         end
       end
       
@@ -39646,7 +39915,7 @@ module Google
       
         # Specifies how a port is selected for health checking. Can be one of the
         # following values: USE_FIXED_PORT: Specifies a port number explicitly using the
-        # port field in the health check. Supported by backend services for pass-through
+        # port field in the health check. Supported by backend services for passthrough
         # load balancers and backend services for proxy load balancers. Not supported by
         # target pools. The health check supports all backends supported by the backend
         # service provided the backend can be health checked. For example, GCE_VM_IP
@@ -39654,13 +39923,13 @@ module Google
         # group backends. USE_NAMED_PORT: Not supported. USE_SERVING_PORT: Provides an
         # indirect method of specifying the health check port by referring to the
         # backend service. Only supported by backend services for proxy load balancers.
-        # Not supported by target pools. Not supported by backend services for pass-
-        # through load balancers. Supports all backends that can be health checked; for
-        # example, GCE_VM_IP_PORT network endpoint groups and instance group backends.
-        # For GCE_VM_IP_PORT network endpoint group backends, the health check uses the
-        # port number specified for each endpoint in the network endpoint group. For
-        # instance group backends, the health check uses the port number determined by
-        # looking up the backend service's named port in the instance group's list of
+        # Not supported by target pools. Not supported by backend services for
+        # passthrough load balancers. Supports all backends that can be health checked;
+        # for example, GCE_VM_IP_PORT network endpoint groups and instance group
+        # backends. For GCE_VM_IP_PORT network endpoint group backends, the health check
+        # uses the port number specified for each endpoint in the network endpoint group.
+        # For instance group backends, the health check uses the port number determined
+        # by looking up the backend service's named port in the instance group's list of
         # named ports.
         # Corresponds to the JSON property `portSpecification`
         # @return [String]
@@ -41346,10 +41615,10 @@ module Google
         end
       end
       
-      # Represents a Target Pool resource. Target pools are used for network TCP/UDP
-      # load balancing. A target pool references member instances, an associated
-      # legacy HttpHealthCheck resource, and, optionally, a backup target pool. For
-      # more information, read Using target pools.
+      # Represents a Target Pool resource. Target pools are used with external
+      # passthrough Network Load Balancers. A target pool references member instances,
+      # an associated legacy HttpHealthCheck resource, and, optionally, a backup
+      # target pool. For more information, read Using target pools.
       class TargetPool
         include Google::Apis::Core::Hashable
       
@@ -42019,9 +42288,9 @@ module Google
       end
       
       # Represents a Target SSL Proxy resource. A target SSL proxy is a component of a
-      # SSL Proxy load balancer. Global forwarding rules reference a target SSL proxy,
-      # and the target proxy then references an external backend service. For more
-      # information, read Using Target Proxies.
+      # Proxy Network Load Balancer. The forwarding rule references the target SSL
+      # proxy, and the target proxy then references a backend service. For more
+      # information, read Proxy Network Load Balancer overview.
       class TargetSslProxy
         include Google::Apis::Core::Hashable
       
@@ -42366,9 +42635,9 @@ module Google
       end
       
       # Represents a Target TCP Proxy resource. A target TCP proxy is a component of a
-      # TCP Proxy load balancer. Global forwarding rules reference target TCP proxy,
-      # and the target proxy then references an external backend service. For more
-      # information, read TCP Proxy Load Balancing overview.
+      # Proxy Network Load Balancer. The forwarding rule references the target TCP
+      # proxy, and the target proxy then references a backend service. For more
+      # information, read Proxy Network Load Balancer overview.
       class TargetTcpProxy
         include Google::Apis::Core::Hashable
       
@@ -44134,27 +44403,25 @@ module Google
         attr_accessor :network
       
         # The purpose of the resource. This field can be either PRIVATE,
-        # REGIONAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT, or
-        # INTERNAL_HTTPS_LOAD_BALANCER. PRIVATE is the default purpose for user-created
-        # subnets or subnets that are automatically created in auto mode networks. A
-        # subnet with purpose set to REGIONAL_MANAGED_PROXY is a user-created subnetwork
-        # that is reserved for regional Envoy-based load balancers. A subnet with
-        # purpose set to PRIVATE_SERVICE_CONNECT is used to publish services using
-        # Private Service Connect. A subnet with purpose set to
-        # INTERNAL_HTTPS_LOAD_BALANCER is a proxy-only subnet that can be used only by
-        # regional internal HTTP(S) load balancers. Note that REGIONAL_MANAGED_PROXY is
-        # the preferred setting for all regional Envoy load balancers. If unspecified,
-        # the subnet purpose defaults to PRIVATE. The enableFlowLogs field isn't
-        # supported if the subnet purpose field is set to REGIONAL_MANAGED_PROXY.
+        # GLOBAL_MANAGED_PROXY, REGIONAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT, or
+        # PRIVATE is the default purpose for user-created subnets or subnets that are
+        # automatically created in auto mode networks. Subnets with purpose set to
+        # GLOBAL_MANAGED_PROXY or REGIONAL_MANAGED_PROXY are user-created subnetworks
+        # that are reserved for Envoy-based load balancers. A subnet with purpose set to
+        # PRIVATE_SERVICE_CONNECT is used to publish services using Private Service
+        # Connect. If unspecified, the subnet purpose defaults to PRIVATE. The
+        # enableFlowLogs field isn't supported if the subnet purpose field is set to
+        # GLOBAL_MANAGED_PROXY or REGIONAL_MANAGED_PROXY.
         # Corresponds to the JSON property `purpose`
         # @return [String]
         attr_accessor :purpose
       
-        # The role of subnetwork. Currently, this field is only used when purpose =
-        # REGIONAL_MANAGED_PROXY. The value can be set to ACTIVE or BACKUP. An ACTIVE
-        # subnetwork is one that is currently being used for Envoy-based load balancers
-        # in a region. A BACKUP subnetwork is one that is ready to be promoted to ACTIVE
-        # or is currently draining. This field can be updated with a patch request.
+        # The role of subnetwork. Currently, this field is only used when purpose is set
+        # to GLOBAL_MANAGED_PROXY or REGIONAL_MANAGED_PROXY. The value can be set to
+        # ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently being used for
+        # Envoy-based load balancers in a region. A BACKUP subnetwork is one that is
+        # ready to be promoted to ACTIVE or is currently draining. This field can be
+        # updated with a patch request.
         # Corresponds to the JSON property `role`
         # @return [String]
         attr_accessor :role