RubyGems - google-apis-networksecurity_v1beta1 - Versions diffs - 0.37.0 → 0.39.0 - Mend

google-apis-networksecurity_v1beta1 0.37.0 → 0.39.0

Files changed (7) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +9 -0
data/lib/google/apis/networksecurity_v1beta1/classes.rb +2195 -710
data/lib/google/apis/networksecurity_v1beta1/gem_version.rb +3 -3
data/lib/google/apis/networksecurity_v1beta1/representations.rb +644 -0
data/lib/google/apis/networksecurity_v1beta1/service.rb +2288 -209
metadata +4 -4

data/lib/google/apis/networksecurity_v1beta1/classes.rb CHANGED Viewed

@@ -194,88 +194,68 @@ module Google
         end
       end
-      # The request message for Operations.CancelOperation.
-      class CancelOperationRequest
-        include Google::Apis::Core::Hashable
-        def initialize(**args)
-           update!(**args)
-        end
-        # Update properties of this object
-        def update!(**args)
-        end
-      end
-      # Specification of a TLS certificate provider instance. Workloads may have one
-      # or more CertificateProvider instances (plugins) and one of them is enabled and
-      # configured by specifying this message. Workloads use the values from this
-      # message to locate and load the CertificateProvider instance configuration.
-      class CertificateProviderInstance
+      # `AuthzPolicy` is a resource that allows to forward traffic to a callout
+      # backend designed to scan the traffic for security purposes.
+      class AuthzPolicy
         include Google::Apis::Core::Hashable
-        # Required. Plugin instance name, used to locate and load CertificateProvider
-        # instance configuration. Set to "google_cloud_private_spiffe" to use
-        # Certificate Authority Service certificate provider instance.
-        # Corresponds to the JSON property `pluginInstance`
+        # Required. Can be one of `ALLOW`, `DENY`, `CUSTOM`. When the action is `CUSTOM`,
+        # `customProvider` must be specified. When the action is `ALLOW`, only requests
+        # matching the policy will be allowed. When the action is `DENY`, only requests
+        # matching the policy will be denied. When a request arrives, the policies are
+        # evaluated in the following order: 1. If there is a `CUSTOM` policy that
+        # matches the request, the `CUSTOM` policy is evaluated using the custom
+        # authorization providers and the request is denied if the provider rejects the
+        # request. 2. If there are any `DENY` policies that match the request, the
+        # request is denied. 3. If there are no `ALLOW` policies for the resource or if
+        # any of the `ALLOW` policies match the request, the request is allowed. 4. Else
+        # the request is denied by default if none of the configured AuthzPolicies with `
+        # ALLOW` action match the request.
+        # Corresponds to the JSON property `action`
         # @return [String]
-        attr_accessor :plugin_instance
-        def initialize(**args)
-           update!(**args)
-        end
-        # Update properties of this object
-        def update!(**args)
-          @plugin_instance = args[:plugin_instance] if args.key?(:plugin_instance)
-        end
-      end
-      # ClientTlsPolicy is a resource that specifies how a client should authenticate
-      # connections to backends of a service. This resource itself does not affect
-      # configuration unless it is attached to a backend service resource.
-      class ClientTlsPolicy
-        include Google::Apis::Core::Hashable
-        # Specification of certificate provider. Defines the mechanism to obtain the
-        # certificate and private key for peer to peer authentication.
-        # Corresponds to the JSON property `clientCertificate`
-        # @return [Google::Apis::NetworksecurityV1beta1::GoogleCloudNetworksecurityV1beta1CertificateProvider]
-        attr_accessor :client_certificate
+        attr_accessor :action
         # Output only. The timestamp when the resource was created.
         # Corresponds to the JSON property `createTime`
         # @return [String]
         attr_accessor :create_time
-        # Optional. Free-text description of the resource.
+        # Allows delegating authorization decisions to Cloud IAP or to Service
+        # Extensions.
+        # Corresponds to the JSON property `customProvider`
+        # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyCustomProvider]
+        attr_accessor :custom_provider
+        # Optional. A human-readable description of the resource.
         # Corresponds to the JSON property `description`
         # @return [String]
         attr_accessor :description
-        # Optional. Set of label tags associated with the resource.
+        # Optional. A list of authorization HTTP rules to match against the incoming
+        # request. A policy match occurs when at least one HTTP rule matches the request
+        # or when no HTTP rules are specified in the policy. At least one HTTP Rule is
+        # required for Allow or Deny Action. Limited to 5 rules.
+        # Corresponds to the JSON property `httpRules`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRule>]
+        attr_accessor :http_rules
+        # Optional. Set of labels associated with the `AuthzPolicy` resource. The format
+        # must comply with [the following requirements](/compute/docs/labeling-resources#
+        # requirements).
         # Corresponds to the JSON property `labels`
         # @return [Hash<String,String>]
         attr_accessor :labels
-        # Required. Name of the ClientTlsPolicy resource. It matches the pattern `
-        # projects/*/locations/`location`/clientTlsPolicies/`client_tls_policy``
+        # Required. Identifier. Name of the `AuthzPolicy` resource in the following
+        # format: `projects/`project`/locations/`location`/authzPolicies/`authz_policy``.
         # Corresponds to the JSON property `name`
         # @return [String]
         attr_accessor :name
-        # Optional. Defines the mechanism to obtain the Certificate Authority
-        # certificate to validate the server certificate. If empty, client does not
-        # validate the server certificate.
-        # Corresponds to the JSON property `serverValidationCa`
-        # @return [Array<Google::Apis::NetworksecurityV1beta1::ValidationCa>]
-        attr_accessor :server_validation_ca
-        # Optional. Server Name Indication string to present to the server during TLS
-        # handshake. E.g: "secure.example.com".
-        # Corresponds to the JSON property `sni`
-        # @return [String]
-        attr_accessor :sni
+        # Specifies the set of targets to which this policy should be applied to.
+        # Corresponds to the JSON property `target`
+        # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyTarget]
+        attr_accessor :target
         # Output only. The timestamp when the resource was updated.
         # Corresponds to the JSON property `updateTime`
@@ -288,39 +268,38 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @client_certificate = args[:client_certificate] if args.key?(:client_certificate)
+          @action = args[:action] if args.key?(:action)
           @create_time = args[:create_time] if args.key?(:create_time)
+          @custom_provider = args[:custom_provider] if args.key?(:custom_provider)
           @description = args[:description] if args.key?(:description)
+          @http_rules = args[:http_rules] if args.key?(:http_rules)
           @labels = args[:labels] if args.key?(:labels)
           @name = args[:name] if args.key?(:name)
-          @server_validation_ca = args[:server_validation_ca] if args.key?(:server_validation_ca)
-          @sni = args[:sni] if args.key?(:sni)
+          @target = args[:target] if args.key?(:target)
           @update_time = args[:update_time] if args.key?(:update_time)
         end
       end
-      # Request used by the CloneAddressGroupItems method.
-      class CloneAddressGroupItemsRequest
+      # Conditions to match against the incoming request.
+      class AuthzPolicyAuthzRule
         include Google::Apis::Core::Hashable
-        # Optional. An optional request ID to identify requests. Specify a unique
-        # request ID so that if you must retry your request, the server will know to
-        # ignore the request if it has already been completed. The server will guarantee
-        # that for at least 60 minutes since the first request. For example, consider a
-        # situation where you make an initial request and the request times out. If you
-        # make the request again with the same request ID, the server can check if
-        # original operation with the same request ID was received, and if so, will
-        # ignore the second request. This prevents clients from accidentally creating
-        # duplicate commitments. The request ID must be a valid UUID with the exception
-        # that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
-        # Corresponds to the JSON property `requestId`
-        # @return [String]
-        attr_accessor :request_id
+        # Describes properties of one or more sources of a request.
+        # Corresponds to the JSON property `from`
+        # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleFrom]
+        attr_accessor :from
-        # Required. Source address group to clone items from.
-        # Corresponds to the JSON property `sourceAddressGroup`
+        # Describes properties of one or more targets of a request.
+        # Corresponds to the JSON property `to`
+        # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleTo]
+        attr_accessor :to
+        # Optional. CEL expression that describes the conditions to be satisfied for the
+        # action. The result of the CEL expression is ANDed with the from and to. Refer
+        # to the CEL language reference for a list of available attributes.
+        # Corresponds to the JSON property `when`
         # @return [String]
-        attr_accessor :source_address_group
+        attr_accessor :when
         def initialize(**args)
            update!(**args)
@@ -328,38 +307,32 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @request_id = args[:request_id] if args.key?(:request_id)
-          @source_address_group = args[:source_address_group] if args.key?(:source_address_group)
+          @from = args[:from] if args.key?(:from)
+          @to = args[:to] if args.key?(:to)
+          @when = args[:when] if args.key?(:when)
         end
       end
-      # Specification of traffic destination attributes.
-      class Destination
+      # Describes properties of one or more sources of a request.
+      class AuthzPolicyAuthzRuleFrom
         include Google::Apis::Core::Hashable
-        # Required. List of host names to match. Matched against the ":authority" header
-        # in http requests. At least one host should match. Each host can be an exact
-        # match, or a prefix match (example "mydomain.*") or a suffix match (example "*.
-        # myorg.com") or a presence (any) match "*".
-        # Corresponds to the JSON property `hosts`
-        # @return [Array<String>]
-        attr_accessor :hosts
-        # Specification of HTTP header match attributes.
-        # Corresponds to the JSON property `httpHeaderMatch`
-        # @return [Google::Apis::NetworksecurityV1beta1::HttpHeaderMatch]
-        attr_accessor :http_header_match
-        # Optional. A list of HTTP methods to match. At least one method should match.
-        # Should not be set for gRPC services.
-        # Corresponds to the JSON property `methods`
-        # @return [Array<String>]
-        attr_accessor :methods_prop
-        # Required. List of destination ports to match. At least one port should match.
-        # Corresponds to the JSON property `ports`
-        # @return [Array<Fixnum>]
-        attr_accessor :ports
+        # Optional. Describes the negated properties of request sources. Matches
+        # requests from sources that do not match the criteria specified in this field.
+        # At least one of sources or notSources must be specified.
+        # Corresponds to the JSON property `notSources`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleFromRequestSource>]
+        attr_accessor :not_sources
+        # Optional. Describes the properties of a request's sources. At least one of
+        # sources or notSources must be specified. Limited to 1 source. A match occurs
+        # when ANY source (in sources or notSources) matches the request. Within a
+        # single source, the match follows AND semantics across fields and OR semantics
+        # within a single field, i.e. a match occurs when ANY principal matches AND ANY
+        # ipBlocks match.
+        # Corresponds to the JSON property `sources`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleFromRequestSource>]
+        attr_accessor :sources
         def initialize(**args)
            update!(**args)
@@ -367,69 +340,83 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @hosts = args[:hosts] if args.key?(:hosts)
-          @http_header_match = args[:http_header_match] if args.key?(:http_header_match)
-          @methods_prop = args[:methods_prop] if args.key?(:methods_prop)
-          @ports = args[:ports] if args.key?(:ports)
+          @not_sources = args[:not_sources] if args.key?(:not_sources)
+          @sources = args[:sources] if args.key?(:sources)
         end
       end
-      # A generic empty message that you can re-use to avoid defining duplicated empty
-      # messages in your APIs. A typical example is to use it as the request or the
-      # response type of an API method. For instance: service Foo ` rpc Bar(google.
-      # protobuf.Empty) returns (google.protobuf.Empty); `
-      class Empty
+      # Describes the properties of a single source.
+      class AuthzPolicyAuthzRuleFromRequestSource
         include Google::Apis::Core::Hashable
+        # Optional. A list of identities derived from the client's certificate. This
+        # field will not match on a request unless mutual TLS is enabled for the
+        # Forwarding rule or Gateway. Each identity is a string whose value is matched
+        # against the URI SAN, or DNS SAN or the subject field in the client's
+        # certificate. The match can be exact, prefix, suffix or a substring match. One
+        # of exact, prefix, suffix or contains must be specified. Limited to 5
+        # principals.
+        # Corresponds to the JSON property `principals`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleStringMatch>]
+        attr_accessor :principals
+        # Optional. A list of resources to match against the resource of the source VM
+        # of a request. Limited to 5 resources.
+        # Corresponds to the JSON property `resources`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleRequestResource>]
+        attr_accessor :resources
         def initialize(**args)
            update!(**args)
         end
         # Update properties of this object
         def update!(**args)
+          @principals = args[:principals] if args.key?(:principals)
+          @resources = args[:resources] if args.key?(:resources)
         end
       end
-      # Represents a textual expression in the Common Expression Language (CEL) syntax.
-      # CEL is a C-like expression language. The syntax and semantics of CEL are
-      # documented at https://github.com/google/cel-spec. Example (Comparison): title:
-      # "Summary size limit" description: "Determines if a summary is less than 100
-      # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
-      # Requestor is owner" description: "Determines if requestor is the document
-      # owner" expression: "document.owner == request.auth.claims.email" Example (
-      # Logic): title: "Public documents" description: "Determine whether the document
-      # should be publicly visible" expression: "document.type != 'private' &&
-      # document.type != 'internal'" Example (Data Manipulation): title: "Notification
-      # string" description: "Create a notification string with a timestamp."
-      # expression: "'New message received at ' + string(document.create_time)" The
-      # exact variables and functions that may be referenced within an expression are
-      # determined by the service that evaluates it. See the service documentation for
-      # additional information.
-      class Expr
+      # Determines how a HTTP header should be matched.
+      class AuthzPolicyAuthzRuleHeaderMatch
         include Google::Apis::Core::Hashable
-        # Optional. Description of the expression. This is a longer text which describes
-        # the expression, e.g. when hovered over it in a UI.
-        # Corresponds to the JSON property `description`
+        # Optional. Specifies the name of the header in the request.
+        # Corresponds to the JSON property `name`
         # @return [String]
-        attr_accessor :description
+        attr_accessor :name
-        # Textual representation of an expression in Common Expression Language syntax.
-        # Corresponds to the JSON property `expression`
-        # @return [String]
-        attr_accessor :expression
+        # Determines how a string value should be matched.
+        # Corresponds to the JSON property `value`
+        # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleStringMatch]
+        attr_accessor :value
-        # Optional. String indicating the location of the expression for error reporting,
-        # e.g. a file name and a position in the file.
-        # Corresponds to the JSON property `location`
-        # @return [String]
-        attr_accessor :location
+        def initialize(**args)
+           update!(**args)
+        end
-        # Optional. Title for the expression, i.e. a short string describing its purpose.
-        # This can be used e.g. in UIs which allow to enter the expression.
-        # Corresponds to the JSON property `title`
-        # @return [String]
-        attr_accessor :title
+        # Update properties of this object
+        def update!(**args)
+          @name = args[:name] if args.key?(:name)
+          @value = args[:value] if args.key?(:value)
+        end
+      end
+      # Describes the properties of a client VM resource accessing the internal
+      # application load balancers.
+      class AuthzPolicyAuthzRuleRequestResource
+        include Google::Apis::Core::Hashable
+        # Determines how a string value should be matched.
+        # Corresponds to the JSON property `iamServiceAccount`
+        # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleStringMatch]
+        attr_accessor :iam_service_account
+        # Describes a set of resource tag value permanent IDs to match against the
+        # resource manager tags value associated with the source VM of a request.
+        # Corresponds to the JSON property `tagValueIdSet`
+        # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleRequestResourceTagValueIdSet]
+        attr_accessor :tag_value_id_set
         def initialize(**args)
            update!(**args)
@@ -437,73 +424,72 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @description = args[:description] if args.key?(:description)
-          @expression = args[:expression] if args.key?(:expression)
-          @location = args[:location] if args.key?(:location)
-          @title = args[:title] if args.key?(:title)
+          @iam_service_account = args[:iam_service_account] if args.key?(:iam_service_account)
+          @tag_value_id_set = args[:tag_value_id_set] if args.key?(:tag_value_id_set)
         end
       end
-      # Message describing Endpoint object
-      class FirewallEndpoint
+      # Describes a set of resource tag value permanent IDs to match against the
+      # resource manager tags value associated with the source VM of a request.
+      class AuthzPolicyAuthzRuleRequestResourceTagValueIdSet
         include Google::Apis::Core::Hashable
-        # Output only. List of networks that are associated with this endpoint in the
-        # local zone. This is a projection of the FirewallEndpointAssociations pointing
-        # at this endpoint. A network will only appear in this list after traffic
-        # routing is fully configured. Format: projects/`project`/global/networks/`name`.
-        # Corresponds to the JSON property `associatedNetworks`
-        # @return [Array<String>]
-        attr_accessor :associated_networks
+        # Required. A list of resource tag value permanent IDs to match against the
+        # resource manager tags value associated with the source VM of a request. The
+        # match follows AND semantics which means all the ids must match. Limited to 5
+        # matches.
+        # Corresponds to the JSON property `ids`
+        # @return [Array<Fixnum>]
+        attr_accessor :ids
-        # Output only. List of FirewallEndpointAssociations that are associated to this
-        # endpoint. An association will only appear in this list after traffic routing
-        # is fully configured.
-        # Corresponds to the JSON property `associations`
-        # @return [Array<Google::Apis::NetworksecurityV1beta1::FirewallEndpointAssociationReference>]
-        attr_accessor :associations
+        def initialize(**args)
+           update!(**args)
+        end
-        # Required. Project to bill on endpoint uptime usage.
-        # Corresponds to the JSON property `billingProjectId`
-        # @return [String]
-        attr_accessor :billing_project_id
+        # Update properties of this object
+        def update!(**args)
+          @ids = args[:ids] if args.key?(:ids)
+        end
+      end
-        # Output only. Create time stamp
-        # Corresponds to the JSON property `createTime`
-        # @return [String]
-        attr_accessor :create_time
+      # Determines how a string value should be matched.
+      class AuthzPolicyAuthzRuleStringMatch
+        include Google::Apis::Core::Hashable
-        # Optional. Description of the firewall endpoint. Max length 2048 characters.
-        # Corresponds to the JSON property `description`
+        # The input string must have the substring specified here. Note: empty contains
+        # match is not allowed, please use regex instead. Examples: * ``abc`` matches
+        # the value ``xyz.abc.def``
+        # Corresponds to the JSON property `contains`
         # @return [String]
-        attr_accessor :description
-        # Optional. Labels as key value pairs
-        # Corresponds to the JSON property `labels`
-        # @return [Hash<String,String>]
-        attr_accessor :labels
+        attr_accessor :contains
-        # Immutable. Identifier. name of resource
-        # Corresponds to the JSON property `name`
+        # The input string must match exactly the string specified here. Examples: * ``
+        # abc`` only matches the value ``abc``.
+        # Corresponds to the JSON property `exact`
         # @return [String]
-        attr_accessor :name
+        attr_accessor :exact
-        # Output only. Whether reconciling is in progress, recommended per https://
-        # google.aip.dev/128.
-        # Corresponds to the JSON property `reconciling`
+        # If true, indicates the exact/prefix/suffix/contains matching should be case
+        # insensitive. For example, the matcher ``data`` will match both input string ``
+        # Data`` and ``data`` if set to true.
+        # Corresponds to the JSON property `ignoreCase`
         # @return [Boolean]
-        attr_accessor :reconciling
-        alias_method :reconciling?, :reconciling
+        attr_accessor :ignore_case
+        alias_method :ignore_case?, :ignore_case
-        # Output only. Current state of the endpoint.
-        # Corresponds to the JSON property `state`
+        # The input string must have the prefix specified here. Note: empty prefix is
+        # not allowed, please use regex instead. Examples: * ``abc`` matches the value ``
+        # abc.xyz``
+        # Corresponds to the JSON property `prefix`
         # @return [String]
-        attr_accessor :state
+        attr_accessor :prefix
-        # Output only. Update time stamp
-        # Corresponds to the JSON property `updateTime`
+        # The input string must have the suffix specified here. Note: empty prefix is
+        # not allowed, please use regex instead. Examples: * ``abc`` matches the value ``
+        # xyz.abc``
+        # Corresponds to the JSON property `suffix`
         # @return [String]
-        attr_accessor :update_time
+        attr_accessor :suffix
         def initialize(**args)
            update!(**args)
@@ -511,76 +497,77 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @associated_networks = args[:associated_networks] if args.key?(:associated_networks)
-          @associations = args[:associations] if args.key?(:associations)
-          @billing_project_id = args[:billing_project_id] if args.key?(:billing_project_id)
-          @create_time = args[:create_time] if args.key?(:create_time)
-          @description = args[:description] if args.key?(:description)
-          @labels = args[:labels] if args.key?(:labels)
-          @name = args[:name] if args.key?(:name)
-          @reconciling = args[:reconciling] if args.key?(:reconciling)
-          @state = args[:state] if args.key?(:state)
-          @update_time = args[:update_time] if args.key?(:update_time)
+          @contains = args[:contains] if args.key?(:contains)
+          @exact = args[:exact] if args.key?(:exact)
+          @ignore_case = args[:ignore_case] if args.key?(:ignore_case)
+          @prefix = args[:prefix] if args.key?(:prefix)
+          @suffix = args[:suffix] if args.key?(:suffix)
         end
       end
-      # Message describing Association object
-      class FirewallEndpointAssociation
+      # Describes properties of one or more targets of a request.
+      class AuthzPolicyAuthzRuleTo
         include Google::Apis::Core::Hashable
-        # Output only. Create time stamp
-        # Corresponds to the JSON property `createTime`
-        # @return [String]
-        attr_accessor :create_time
-        # Optional. Whether the association is disabled. True indicates that traffic won'
-        # t be intercepted
-        # Corresponds to the JSON property `disabled`
-        # @return [Boolean]
-        attr_accessor :disabled
-        alias_method :disabled?, :disabled
-        # Required. The URL of the FirewallEndpoint that is being associated.
-        # Corresponds to the JSON property `firewallEndpoint`
-        # @return [String]
-        attr_accessor :firewall_endpoint
+        # Optional. Describes the negated properties of the targets of a request.
+        # Matches requests for operations that do not match the criteria specified in
+        # this field. At least one of operations or notOperations must be specified.
+        # Corresponds to the JSON property `notOperations`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleToRequestOperation>]
+        attr_accessor :not_operations
+        # Optional. Describes properties of one or more targets of a request. At least
+        # one of operations or notOperations must be specified. Limited to 1 operation.
+        # A match occurs when ANY operation (in operations or notOperations) matches.
+        # Within an operation, the match follows AND semantics across fields and OR
+        # semantics within a field, i.e. a match occurs when ANY path matches AND ANY
+        # header matches and ANY method matches.
+        # Corresponds to the JSON property `operations`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleToRequestOperation>]
+        attr_accessor :operations
-        # Optional. Labels as key value pairs
-        # Corresponds to the JSON property `labels`
-        # @return [Hash<String,String>]
-        attr_accessor :labels
+        def initialize(**args)
+           update!(**args)
+        end
-        # Immutable. Identifier. name of resource
-        # Corresponds to the JSON property `name`
-        # @return [String]
-        attr_accessor :name
+        # Update properties of this object
+        def update!(**args)
+          @not_operations = args[:not_operations] if args.key?(:not_operations)
+          @operations = args[:operations] if args.key?(:operations)
+        end
+      end
-        # Required. The URL of the network that is being associated.
-        # Corresponds to the JSON property `network`
-        # @return [String]
-        attr_accessor :network
+      # Describes properties of one or more targets of a request.
+      class AuthzPolicyAuthzRuleToRequestOperation
+        include Google::Apis::Core::Hashable
-        # Output only. Whether reconciling is in progress, recommended per https://
-        # google.aip.dev/128.
-        # Corresponds to the JSON property `reconciling`
-        # @return [Boolean]
-        attr_accessor :reconciling
-        alias_method :reconciling?, :reconciling
+        # Describes a set of HTTP headers to match against.
+        # Corresponds to the JSON property `headerSet`
+        # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleToRequestOperationHeaderSet]
+        attr_accessor :header_set
-        # Output only. Current state of the association.
-        # Corresponds to the JSON property `state`
-        # @return [String]
-        attr_accessor :state
+        # Optional. A list of HTTP Hosts to match against. The match can be one of exact,
+        # prefix, suffix, or contains (substring match). Matches are always case
+        # sensitive unless the ignoreCase is set. Limited to 5 matches.
+        # Corresponds to the JSON property `hosts`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleStringMatch>]
+        attr_accessor :hosts
-        # Optional. The URL of the TlsInspectionPolicy that is being associated.
-        # Corresponds to the JSON property `tlsInspectionPolicy`
-        # @return [String]
-        attr_accessor :tls_inspection_policy
+        # Optional. A list of HTTP methods to match against. Each entry must be a valid
+        # HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only
+        # allows exact match and is always case sensitive.
+        # Corresponds to the JSON property `methods`
+        # @return [Array<String>]
+        attr_accessor :methods_prop
-        # Output only. Update time stamp
-        # Corresponds to the JSON property `updateTime`
-        # @return [String]
-        attr_accessor :update_time
+        # Optional. A list of paths to match against. The match can be one of exact,
+        # prefix, suffix, or contains (substring match). Matches are always case
+        # sensitive unless the ignoreCase is set. Limited to 5 matches. Note that this
+        # path match includes the query parameters. For gRPC services, this should be a
+        # fully-qualified name of the form /package.service/method.
+        # Corresponds to the JSON property `paths`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleStringMatch>]
+        attr_accessor :paths
         def initialize(**args)
            update!(**args)
@@ -588,35 +575,24 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @create_time = args[:create_time] if args.key?(:create_time)
-          @disabled = args[:disabled] if args.key?(:disabled)
-          @firewall_endpoint = args[:firewall_endpoint] if args.key?(:firewall_endpoint)
-          @labels = args[:labels] if args.key?(:labels)
-          @name = args[:name] if args.key?(:name)
-          @network = args[:network] if args.key?(:network)
-          @reconciling = args[:reconciling] if args.key?(:reconciling)
-          @state = args[:state] if args.key?(:state)
-          @tls_inspection_policy = args[:tls_inspection_policy] if args.key?(:tls_inspection_policy)
-          @update_time = args[:update_time] if args.key?(:update_time)
+          @header_set = args[:header_set] if args.key?(:header_set)
+          @hosts = args[:hosts] if args.key?(:hosts)
+          @methods_prop = args[:methods_prop] if args.key?(:methods_prop)
+          @paths = args[:paths] if args.key?(:paths)
         end
       end
-      # This is a subset of the FirewallEndpointAssociation message, containing fields
-      # to be used by the consumer.
-      class FirewallEndpointAssociationReference
+      # Describes a set of HTTP headers to match against.
+      class AuthzPolicyAuthzRuleToRequestOperationHeaderSet
         include Google::Apis::Core::Hashable
-        # Output only. The resource name of the FirewallEndpointAssociation. Format:
-        # projects/`project`/locations/`location`/firewallEndpointAssociations/`id`
-        # Corresponds to the JSON property `name`
-        # @return [String]
-        attr_accessor :name
-        # Output only. The VPC network associated. Format: projects/`project`/global/
-        # networks/`name`.
-        # Corresponds to the JSON property `network`
-        # @return [String]
-        attr_accessor :network
+        # Required. A list of headers to match against in http header. The match can be
+        # one of exact, prefix, suffix, or contains (substring match). The match follows
+        # AND semantics which means all the headers must match. Matches are always case
+        # sensitive unless the ignoreCase is set. Limited to 5 matches.
+        # Corresponds to the JSON property `headers`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleHeaderMatch>]
+        attr_accessor :headers
         def initialize(**args)
            update!(**args)
@@ -624,44 +600,29 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @name = args[:name] if args.key?(:name)
-          @network = args[:network] if args.key?(:network)
+          @headers = args[:headers] if args.key?(:headers)
         end
       end
-      # The GatewaySecurityPolicy resource contains a collection of
-      # GatewaySecurityPolicyRules and associated metadata.
-      class GatewaySecurityPolicy
+      # Allows delegating authorization decisions to Cloud IAP or to Service
+      # Extensions.
+      class AuthzPolicyCustomProvider
         include Google::Apis::Core::Hashable
-        # Output only. The timestamp when the resource was created.
-        # Corresponds to the JSON property `createTime`
-        # @return [String]
-        attr_accessor :create_time
-        # Optional. Free-text description of the resource.
-        # Corresponds to the JSON property `description`
-        # @return [String]
-        attr_accessor :description
-        # Required. Name of the resource. Name is of the form projects/`project`/
-        # locations/`location`/gatewaySecurityPolicies/`gateway_security_policy`
-        # gateway_security_policy should match the pattern:(^[a-z]([a-z0-9-]`0,61`[a-z0-
-        # 9])?$).
-        # Corresponds to the JSON property `name`
-        # @return [String]
-        attr_accessor :name
-        # Optional. Name of a TLS Inspection Policy resource that defines how TLS
-        # inspection will be performed for any rule(s) which enables it.
-        # Corresponds to the JSON property `tlsInspectionPolicy`
-        # @return [String]
-        attr_accessor :tls_inspection_policy
-        # Output only. The timestamp when the resource was updated.
-        # Corresponds to the JSON property `updateTime`
-        # @return [String]
-        attr_accessor :update_time
+        # Optional. Delegate authorization decision to user authored extension. Only one
+        # of cloudIap or authzExtension can be specified.
+        # Corresponds to the JSON property `authzExtension`
+        # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyCustomProviderAuthzExtension]
+        attr_accessor :authz_extension
+        # Optional. Delegates authorization decisions to Cloud IAP. Applicable only for
+        # managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not
+        # compatible with Cloud IAP settings in the BackendService. Enabling IAP in both
+        # places will result in request failure. Ensure that IAP is enabled in either
+        # the AuthzPolicy or the BackendService but not in both places.
+        # Corresponds to the JSON property `cloudIap`
+        # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyCustomProviderCloudIap]
+        attr_accessor :cloud_iap
         def initialize(**args)
            update!(**args)
@@ -669,75 +630,21 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @create_time = args[:create_time] if args.key?(:create_time)
-          @description = args[:description] if args.key?(:description)
-          @name = args[:name] if args.key?(:name)
-          @tls_inspection_policy = args[:tls_inspection_policy] if args.key?(:tls_inspection_policy)
-          @update_time = args[:update_time] if args.key?(:update_time)
+          @authz_extension = args[:authz_extension] if args.key?(:authz_extension)
+          @cloud_iap = args[:cloud_iap] if args.key?(:cloud_iap)
         end
       end
-      # The GatewaySecurityPolicyRule resource is in a nested collection within a
-      # GatewaySecurityPolicy and represents a traffic matching condition and
-      # associated action to perform.
-      class GatewaySecurityPolicyRule
+      # Optional. Delegate authorization decision to user authored extension. Only one
+      # of cloudIap or authzExtension can be specified.
+      class AuthzPolicyCustomProviderAuthzExtension
         include Google::Apis::Core::Hashable
-        # Optional. CEL expression for matching on L7/application level criteria.
-        # Corresponds to the JSON property `applicationMatcher`
-        # @return [String]
-        attr_accessor :application_matcher
-        # Required. Profile which tells what the primitive action should be.
-        # Corresponds to the JSON property `basicProfile`
-        # @return [String]
-        attr_accessor :basic_profile
-        # Output only. Time when the rule was created.
-        # Corresponds to the JSON property `createTime`
-        # @return [String]
-        attr_accessor :create_time
-        # Optional. Free-text description of the resource.
-        # Corresponds to the JSON property `description`
-        # @return [String]
-        attr_accessor :description
-        # Required. Whether the rule is enforced.
-        # Corresponds to the JSON property `enabled`
-        # @return [Boolean]
-        attr_accessor :enabled
-        alias_method :enabled?, :enabled
-        # Required. Immutable. Name of the resource. ame is the full resource name so
-        # projects/`project`/locations/`location`/gatewaySecurityPolicies/`
-        # gateway_security_policy`/rules/`rule` rule should match the pattern: (^[a-z]([
-        # a-z0-9-]`0,61`[a-z0-9])?$).
-        # Corresponds to the JSON property `name`
-        # @return [String]
-        attr_accessor :name
-        # Required. Priority of the rule. Lower number corresponds to higher precedence.
-        # Corresponds to the JSON property `priority`
-        # @return [Fixnum]
-        attr_accessor :priority
-        # Required. CEL expression for matching on session criteria.
-        # Corresponds to the JSON property `sessionMatcher`
-        # @return [String]
-        attr_accessor :session_matcher
-        # Optional. Flag to enable TLS inspection of traffic matching on , can only be
-        # true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
-        # Corresponds to the JSON property `tlsInspectionEnabled`
-        # @return [Boolean]
-        attr_accessor :tls_inspection_enabled
-        alias_method :tls_inspection_enabled?, :tls_inspection_enabled
-        # Output only. Time when the rule was updated.
-        # Corresponds to the JSON property `updateTime`
-        # @return [String]
-        attr_accessor :update_time
+        # Required. A list of references to authorization extensions that will be
+        # invoked for requests matching this policy. Limited to 1 custom provider.
+        # Corresponds to the JSON property `resources`
+        # @return [Array<String>]
+        attr_accessor :resources
         def initialize(**args)
            update!(**args)
@@ -745,57 +652,45 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @application_matcher = args[:application_matcher] if args.key?(:application_matcher)
-          @basic_profile = args[:basic_profile] if args.key?(:basic_profile)
-          @create_time = args[:create_time] if args.key?(:create_time)
-          @description = args[:description] if args.key?(:description)
-          @enabled = args[:enabled] if args.key?(:enabled)
-          @name = args[:name] if args.key?(:name)
-          @priority = args[:priority] if args.key?(:priority)
-          @session_matcher = args[:session_matcher] if args.key?(:session_matcher)
-          @tls_inspection_enabled = args[:tls_inspection_enabled] if args.key?(:tls_inspection_enabled)
-          @update_time = args[:update_time] if args.key?(:update_time)
+          @resources = args[:resources] if args.key?(:resources)
         end
       end
-      # Specification of certificate provider. Defines the mechanism to obtain the
-      # certificate and private key for peer to peer authentication.
-      class GoogleCloudNetworksecurityV1beta1CertificateProvider
+      # Optional. Delegates authorization decisions to Cloud IAP. Applicable only for
+      # managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not
+      # compatible with Cloud IAP settings in the BackendService. Enabling IAP in both
+      # places will result in request failure. Ensure that IAP is enabled in either
+      # the AuthzPolicy or the BackendService but not in both places.
+      class AuthzPolicyCustomProviderCloudIap
         include Google::Apis::Core::Hashable
-        # Specification of a TLS certificate provider instance. Workloads may have one
-        # or more CertificateProvider instances (plugins) and one of them is enabled and
-        # configured by specifying this message. Workloads use the values from this
-        # message to locate and load the CertificateProvider instance configuration.
-        # Corresponds to the JSON property `certificateProviderInstance`
-        # @return [Google::Apis::NetworksecurityV1beta1::CertificateProviderInstance]
-        attr_accessor :certificate_provider_instance
-        # Specification of the GRPC Endpoint.
-        # Corresponds to the JSON property `grpcEndpoint`
-        # @return [Google::Apis::NetworksecurityV1beta1::GoogleCloudNetworksecurityV1beta1GrpcEndpoint]
-        attr_accessor :grpc_endpoint
         def initialize(**args)
            update!(**args)
         end
         # Update properties of this object
         def update!(**args)
-          @certificate_provider_instance = args[:certificate_provider_instance] if args.key?(:certificate_provider_instance)
-          @grpc_endpoint = args[:grpc_endpoint] if args.key?(:grpc_endpoint)
         end
       end
-      # Specification of the GRPC Endpoint.
-      class GoogleCloudNetworksecurityV1beta1GrpcEndpoint
+      # Specifies the set of targets to which this policy should be applied to.
+      class AuthzPolicyTarget
         include Google::Apis::Core::Hashable
-        # Required. The target URI of the gRPC endpoint. Only UDS path is supported, and
-        # should start with "unix:".
-        # Corresponds to the JSON property `targetUri`
+        # Required. All gateways and forwarding rules referenced by this policy and
+        # extensions must share the same load balancing scheme. Supported values: `
+        # INTERNAL_MANAGED` and `EXTERNAL_MANAGED`. For more information, refer to [
+        # Backend services overview](https://cloud.google.com/load-balancing/docs/
+        # backend-service).
+        # Corresponds to the JSON property `loadBalancingScheme`
         # @return [String]
-        attr_accessor :target_uri
+        attr_accessor :load_balancing_scheme
+        # Required. A list of references to the Forwarding Rules on which this policy
+        # will be applied.
+        # Corresponds to the JSON property `resources`
+        # @return [Array<String>]
+        attr_accessor :resources
         def initialize(**args)
            update!(**args)
@@ -803,69 +698,974 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @target_uri = args[:target_uri] if args.key?(:target_uri)
+          @load_balancing_scheme = args[:load_balancing_scheme] if args.key?(:load_balancing_scheme)
+          @resources = args[:resources] if args.key?(:resources)
         end
       end
-      # Specifies the audit configuration for a service. The configuration determines
-      # which permission types are logged, and what identities, if any, are exempted
-      # from logging. An AuditConfig must have one or more AuditLogConfigs. If there
-      # are AuditConfigs for both `allServices` and a specific service, the union of
-      # the two AuditConfigs is used for that service: the log_types specified in each
-      # AuditConfig are enabled, and the exempted_members in each AuditLogConfig are
-      # exempted. Example Policy with multiple AuditConfigs: ` "audit_configs": [ ` "
-      # service": "allServices", "audit_log_configs": [ ` "log_type": "DATA_READ", "
-      # exempted_members": [ "user:jose@example.com" ] `, ` "log_type": "DATA_WRITE" `,
-      # ` "log_type": "ADMIN_READ" ` ] `, ` "service": "sampleservice.googleapis.com",
-      # "audit_log_configs": [ ` "log_type": "DATA_READ" `, ` "log_type": "DATA_WRITE"
-      # , "exempted_members": [ "user:aliya@example.com" ] ` ] ` ] ` For sampleservice,
-      # this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also
-      # exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com`
-      # from DATA_WRITE logging.
-      class GoogleIamV1AuditConfig
+      # The request message for Operations.CancelOperation.
+      class CancelOperationRequest
         include Google::Apis::Core::Hashable
-        # The configuration for logging of each type of permission.
-        # Corresponds to the JSON property `auditLogConfigs`
-        # @return [Array<Google::Apis::NetworksecurityV1beta1::GoogleIamV1AuditLogConfig>]
-        attr_accessor :audit_log_configs
-        # Specifies a service that will be enabled for audit logging. For example, `
-        # storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special
-        # value that covers all services.
-        # Corresponds to the JSON property `service`
-        # @return [String]
-        attr_accessor :service
         def initialize(**args)
            update!(**args)
         end
         # Update properties of this object
         def update!(**args)
-          @audit_log_configs = args[:audit_log_configs] if args.key?(:audit_log_configs)
-          @service = args[:service] if args.key?(:service)
         end
       end
-      # Provides the configuration for logging a type of permissions. Example: ` "
-      # audit_log_configs": [ ` "log_type": "DATA_READ", "exempted_members": [ "user:
-      # jose@example.com" ] `, ` "log_type": "DATA_WRITE" ` ] ` This enables '
-      # DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from
-      # DATA_READ logging.
+      # Specification of a TLS certificate provider instance. Workloads may have one
+      # or more CertificateProvider instances (plugins) and one of them is enabled and
+      # configured by specifying this message. Workloads use the values from this
+      # message to locate and load the CertificateProvider instance configuration.
+      class CertificateProviderInstance
+        include Google::Apis::Core::Hashable
+        # Required. Plugin instance name, used to locate and load CertificateProvider
+        # instance configuration. Set to "google_cloud_private_spiffe" to use
+        # Certificate Authority Service certificate provider instance.
+        # Corresponds to the JSON property `pluginInstance`
+        # @return [String]
+        attr_accessor :plugin_instance
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @plugin_instance = args[:plugin_instance] if args.key?(:plugin_instance)
+        end
+      end
+      # ClientTlsPolicy is a resource that specifies how a client should authenticate
+      # connections to backends of a service. This resource itself does not affect
+      # configuration unless it is attached to a backend service resource.
+      class ClientTlsPolicy
+        include Google::Apis::Core::Hashable
+        # Specification of certificate provider. Defines the mechanism to obtain the
+        # certificate and private key for peer to peer authentication.
+        # Corresponds to the JSON property `clientCertificate`
+        # @return [Google::Apis::NetworksecurityV1beta1::GoogleCloudNetworksecurityV1beta1CertificateProvider]
+        attr_accessor :client_certificate
+        # Output only. The timestamp when the resource was created.
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+        # Optional. Free-text description of the resource.
+        # Corresponds to the JSON property `description`
+        # @return [String]
+        attr_accessor :description
+        # Optional. Set of label tags associated with the resource.
+        # Corresponds to the JSON property `labels`
+        # @return [Hash<String,String>]
+        attr_accessor :labels
+        # Required. Name of the ClientTlsPolicy resource. It matches the pattern `
+        # projects/*/locations/`location`/clientTlsPolicies/`client_tls_policy``
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Optional. Defines the mechanism to obtain the Certificate Authority
+        # certificate to validate the server certificate. If empty, client does not
+        # validate the server certificate.
+        # Corresponds to the JSON property `serverValidationCa`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::ValidationCa>]
+        attr_accessor :server_validation_ca
+        # Optional. Server Name Indication string to present to the server during TLS
+        # handshake. E.g: "secure.example.com".
+        # Corresponds to the JSON property `sni`
+        # @return [String]
+        attr_accessor :sni
+        # Output only. The timestamp when the resource was updated.
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @client_certificate = args[:client_certificate] if args.key?(:client_certificate)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @description = args[:description] if args.key?(:description)
+          @labels = args[:labels] if args.key?(:labels)
+          @name = args[:name] if args.key?(:name)
+          @server_validation_ca = args[:server_validation_ca] if args.key?(:server_validation_ca)
+          @sni = args[:sni] if args.key?(:sni)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      # Request used by the CloneAddressGroupItems method.
+      class CloneAddressGroupItemsRequest
+        include Google::Apis::Core::Hashable
+        # Optional. An optional request ID to identify requests. Specify a unique
+        # request ID so that if you must retry your request, the server will know to
+        # ignore the request if it has already been completed. The server will guarantee
+        # that for at least 60 minutes since the first request. For example, consider a
+        # situation where you make an initial request and the request times out. If you
+        # make the request again with the same request ID, the server can check if
+        # original operation with the same request ID was received, and if so, will
+        # ignore the second request. This prevents clients from accidentally creating
+        # duplicate commitments. The request ID must be a valid UUID with the exception
+        # that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+        # Corresponds to the JSON property `requestId`
+        # @return [String]
+        attr_accessor :request_id
+        # Required. Source address group to clone items from.
+        # Corresponds to the JSON property `sourceAddressGroup`
+        # @return [String]
+        attr_accessor :source_address_group
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @request_id = args[:request_id] if args.key?(:request_id)
+          @source_address_group = args[:source_address_group] if args.key?(:source_address_group)
+        end
+      end
+      # CustomInterceptProfile defines the Packet Intercept Endpoint Group used to
+      # intercept traffic to a third-party firewall in a Firewall rule.
+      class CustomInterceptProfile
+        include Google::Apis::Core::Hashable
+        # Required. The InterceptEndpointGroup to which traffic associated with the SP
+        # should be mirrored.
+        # Corresponds to the JSON property `interceptEndpointGroup`
+        # @return [String]
+        attr_accessor :intercept_endpoint_group
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @intercept_endpoint_group = args[:intercept_endpoint_group] if args.key?(:intercept_endpoint_group)
+        end
+      end
+      # CustomMirroringProfile defines an action for mirroring traffic to a collector'
+      # s EndpointGroup
+      class CustomMirroringProfile
+        include Google::Apis::Core::Hashable
+        # Required. The MirroringEndpointGroup to which traffic associated with the SP
+        # should be mirrored.
+        # Corresponds to the JSON property `mirroringEndpointGroup`
+        # @return [String]
+        attr_accessor :mirroring_endpoint_group
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @mirroring_endpoint_group = args[:mirroring_endpoint_group] if args.key?(:mirroring_endpoint_group)
+        end
+      end
+      # Specification of traffic destination attributes.
+      class Destination
+        include Google::Apis::Core::Hashable
+        # Required. List of host names to match. Matched against the ":authority" header
+        # in http requests. At least one host should match. Each host can be an exact
+        # match, or a prefix match (example "mydomain.*") or a suffix match (example "*.
+        # myorg.com") or a presence (any) match "*".
+        # Corresponds to the JSON property `hosts`
+        # @return [Array<String>]
+        attr_accessor :hosts
+        # Specification of HTTP header match attributes.
+        # Corresponds to the JSON property `httpHeaderMatch`
+        # @return [Google::Apis::NetworksecurityV1beta1::HttpHeaderMatch]
+        attr_accessor :http_header_match
+        # Optional. A list of HTTP methods to match. At least one method should match.
+        # Should not be set for gRPC services.
+        # Corresponds to the JSON property `methods`
+        # @return [Array<String>]
+        attr_accessor :methods_prop
+        # Required. List of destination ports to match. At least one port should match.
+        # Corresponds to the JSON property `ports`
+        # @return [Array<Fixnum>]
+        attr_accessor :ports
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @hosts = args[:hosts] if args.key?(:hosts)
+          @http_header_match = args[:http_header_match] if args.key?(:http_header_match)
+          @methods_prop = args[:methods_prop] if args.key?(:methods_prop)
+          @ports = args[:ports] if args.key?(:ports)
+        end
+      end
+      # A generic empty message that you can re-use to avoid defining duplicated empty
+      # messages in your APIs. A typical example is to use it as the request or the
+      # response type of an API method. For instance: service Foo ` rpc Bar(google.
+      # protobuf.Empty) returns (google.protobuf.Empty); `
+      class Empty
+        include Google::Apis::Core::Hashable
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+        end
+      end
+      # Represents a textual expression in the Common Expression Language (CEL) syntax.
+      # CEL is a C-like expression language. The syntax and semantics of CEL are
+      # documented at https://github.com/google/cel-spec. Example (Comparison): title:
+      # "Summary size limit" description: "Determines if a summary is less than 100
+      # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
+      # Requestor is owner" description: "Determines if requestor is the document
+      # owner" expression: "document.owner == request.auth.claims.email" Example (
+      # Logic): title: "Public documents" description: "Determine whether the document
+      # should be publicly visible" expression: "document.type != 'private' &&
+      # document.type != 'internal'" Example (Data Manipulation): title: "Notification
+      # string" description: "Create a notification string with a timestamp."
+      # expression: "'New message received at ' + string(document.create_time)" The
+      # exact variables and functions that may be referenced within an expression are
+      # determined by the service that evaluates it. See the service documentation for
+      # additional information.
+      class Expr
+        include Google::Apis::Core::Hashable
+        # Optional. Description of the expression. This is a longer text which describes
+        # the expression, e.g. when hovered over it in a UI.
+        # Corresponds to the JSON property `description`
+        # @return [String]
+        attr_accessor :description
+        # Textual representation of an expression in Common Expression Language syntax.
+        # Corresponds to the JSON property `expression`
+        # @return [String]
+        attr_accessor :expression
+        # Optional. String indicating the location of the expression for error reporting,
+        # e.g. a file name and a position in the file.
+        # Corresponds to the JSON property `location`
+        # @return [String]
+        attr_accessor :location
+        # Optional. Title for the expression, i.e. a short string describing its purpose.
+        # This can be used e.g. in UIs which allow to enter the expression.
+        # Corresponds to the JSON property `title`
+        # @return [String]
+        attr_accessor :title
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @description = args[:description] if args.key?(:description)
+          @expression = args[:expression] if args.key?(:expression)
+          @location = args[:location] if args.key?(:location)
+          @title = args[:title] if args.key?(:title)
+        end
+      end
+      # Message describing Endpoint object
+      class FirewallEndpoint
+        include Google::Apis::Core::Hashable
+        # Output only. List of networks that are associated with this endpoint in the
+        # local zone. This is a projection of the FirewallEndpointAssociations pointing
+        # at this endpoint. A network will only appear in this list after traffic
+        # routing is fully configured. Format: projects/`project`/global/networks/`name`.
+        # Corresponds to the JSON property `associatedNetworks`
+        # @return [Array<String>]
+        attr_accessor :associated_networks
+        # Output only. List of FirewallEndpointAssociations that are associated to this
+        # endpoint. An association will only appear in this list after traffic routing
+        # is fully configured.
+        # Corresponds to the JSON property `associations`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::FirewallEndpointAssociationReference>]
+        attr_accessor :associations
+        # Required. Project to bill on endpoint uptime usage.
+        # Corresponds to the JSON property `billingProjectId`
+        # @return [String]
+        attr_accessor :billing_project_id
+        # Output only. Create time stamp
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+        # Optional. Description of the firewall endpoint. Max length 2048 characters.
+        # Corresponds to the JSON property `description`
+        # @return [String]
+        attr_accessor :description
+        # Optional. Labels as key value pairs
+        # Corresponds to the JSON property `labels`
+        # @return [Hash<String,String>]
+        attr_accessor :labels
+        # Immutable. Identifier. name of resource
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Output only. Whether reconciling is in progress, recommended per https://
+        # google.aip.dev/128.
+        # Corresponds to the JSON property `reconciling`
+        # @return [Boolean]
+        attr_accessor :reconciling
+        alias_method :reconciling?, :reconciling
+        # Output only. Current state of the endpoint.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
+        # Output only. Update time stamp
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @associated_networks = args[:associated_networks] if args.key?(:associated_networks)
+          @associations = args[:associations] if args.key?(:associations)
+          @billing_project_id = args[:billing_project_id] if args.key?(:billing_project_id)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @description = args[:description] if args.key?(:description)
+          @labels = args[:labels] if args.key?(:labels)
+          @name = args[:name] if args.key?(:name)
+          @reconciling = args[:reconciling] if args.key?(:reconciling)
+          @state = args[:state] if args.key?(:state)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      # Message describing Association object
+      class FirewallEndpointAssociation
+        include Google::Apis::Core::Hashable
+        # Output only. Create time stamp
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+        # Optional. Whether the association is disabled. True indicates that traffic won'
+        # t be intercepted
+        # Corresponds to the JSON property `disabled`
+        # @return [Boolean]
+        attr_accessor :disabled
+        alias_method :disabled?, :disabled
+        # Required. The URL of the FirewallEndpoint that is being associated.
+        # Corresponds to the JSON property `firewallEndpoint`
+        # @return [String]
+        attr_accessor :firewall_endpoint
+        # Optional. Labels as key value pairs
+        # Corresponds to the JSON property `labels`
+        # @return [Hash<String,String>]
+        attr_accessor :labels
+        # Immutable. Identifier. name of resource
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Required. The URL of the network that is being associated.
+        # Corresponds to the JSON property `network`
+        # @return [String]
+        attr_accessor :network
+        # Output only. Whether reconciling is in progress, recommended per https://
+        # google.aip.dev/128.
+        # Corresponds to the JSON property `reconciling`
+        # @return [Boolean]
+        attr_accessor :reconciling
+        alias_method :reconciling?, :reconciling
+        # Output only. Current state of the association.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
+        # Optional. The URL of the TlsInspectionPolicy that is being associated.
+        # Corresponds to the JSON property `tlsInspectionPolicy`
+        # @return [String]
+        attr_accessor :tls_inspection_policy
+        # Output only. Update time stamp
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @disabled = args[:disabled] if args.key?(:disabled)
+          @firewall_endpoint = args[:firewall_endpoint] if args.key?(:firewall_endpoint)
+          @labels = args[:labels] if args.key?(:labels)
+          @name = args[:name] if args.key?(:name)
+          @network = args[:network] if args.key?(:network)
+          @reconciling = args[:reconciling] if args.key?(:reconciling)
+          @state = args[:state] if args.key?(:state)
+          @tls_inspection_policy = args[:tls_inspection_policy] if args.key?(:tls_inspection_policy)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      # This is a subset of the FirewallEndpointAssociation message, containing fields
+      # to be used by the consumer.
+      class FirewallEndpointAssociationReference
+        include Google::Apis::Core::Hashable
+        # Output only. The resource name of the FirewallEndpointAssociation. Format:
+        # projects/`project`/locations/`location`/firewallEndpointAssociations/`id`
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Output only. The VPC network associated. Format: projects/`project`/global/
+        # networks/`name`.
+        # Corresponds to the JSON property `network`
+        # @return [String]
+        attr_accessor :network
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @name = args[:name] if args.key?(:name)
+          @network = args[:network] if args.key?(:network)
+        end
+      end
+      # The GatewaySecurityPolicy resource contains a collection of
+      # GatewaySecurityPolicyRules and associated metadata.
+      class GatewaySecurityPolicy
+        include Google::Apis::Core::Hashable
+        # Output only. The timestamp when the resource was created.
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+        # Optional. Free-text description of the resource.
+        # Corresponds to the JSON property `description`
+        # @return [String]
+        attr_accessor :description
+        # Required. Name of the resource. Name is of the form projects/`project`/
+        # locations/`location`/gatewaySecurityPolicies/`gateway_security_policy`
+        # gateway_security_policy should match the pattern:(^[a-z]([a-z0-9-]`0,61`[a-z0-
+        # 9])?$).
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Optional. Name of a TLS Inspection Policy resource that defines how TLS
+        # inspection will be performed for any rule(s) which enables it.
+        # Corresponds to the JSON property `tlsInspectionPolicy`
+        # @return [String]
+        attr_accessor :tls_inspection_policy
+        # Output only. The timestamp when the resource was updated.
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @description = args[:description] if args.key?(:description)
+          @name = args[:name] if args.key?(:name)
+          @tls_inspection_policy = args[:tls_inspection_policy] if args.key?(:tls_inspection_policy)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      # The GatewaySecurityPolicyRule resource is in a nested collection within a
+      # GatewaySecurityPolicy and represents a traffic matching condition and
+      # associated action to perform.
+      class GatewaySecurityPolicyRule
+        include Google::Apis::Core::Hashable
+        # Optional. CEL expression for matching on L7/application level criteria.
+        # Corresponds to the JSON property `applicationMatcher`
+        # @return [String]
+        attr_accessor :application_matcher
+        # Required. Profile which tells what the primitive action should be.
+        # Corresponds to the JSON property `basicProfile`
+        # @return [String]
+        attr_accessor :basic_profile
+        # Output only. Time when the rule was created.
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+        # Optional. Free-text description of the resource.
+        # Corresponds to the JSON property `description`
+        # @return [String]
+        attr_accessor :description
+        # Required. Whether the rule is enforced.
+        # Corresponds to the JSON property `enabled`
+        # @return [Boolean]
+        attr_accessor :enabled
+        alias_method :enabled?, :enabled
+        # Required. Immutable. Name of the resource. ame is the full resource name so
+        # projects/`project`/locations/`location`/gatewaySecurityPolicies/`
+        # gateway_security_policy`/rules/`rule` rule should match the pattern: (^[a-z]([
+        # a-z0-9-]`0,61`[a-z0-9])?$).
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Required. Priority of the rule. Lower number corresponds to higher precedence.
+        # Corresponds to the JSON property `priority`
+        # @return [Fixnum]
+        attr_accessor :priority
+        # Required. CEL expression for matching on session criteria.
+        # Corresponds to the JSON property `sessionMatcher`
+        # @return [String]
+        attr_accessor :session_matcher
+        # Optional. Flag to enable TLS inspection of traffic matching on , can only be
+        # true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
+        # Corresponds to the JSON property `tlsInspectionEnabled`
+        # @return [Boolean]
+        attr_accessor :tls_inspection_enabled
+        alias_method :tls_inspection_enabled?, :tls_inspection_enabled
+        # Output only. Time when the rule was updated.
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @application_matcher = args[:application_matcher] if args.key?(:application_matcher)
+          @basic_profile = args[:basic_profile] if args.key?(:basic_profile)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @description = args[:description] if args.key?(:description)
+          @enabled = args[:enabled] if args.key?(:enabled)
+          @name = args[:name] if args.key?(:name)
+          @priority = args[:priority] if args.key?(:priority)
+          @session_matcher = args[:session_matcher] if args.key?(:session_matcher)
+          @tls_inspection_enabled = args[:tls_inspection_enabled] if args.key?(:tls_inspection_enabled)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      # Specification of certificate provider. Defines the mechanism to obtain the
+      # certificate and private key for peer to peer authentication.
+      class GoogleCloudNetworksecurityV1beta1CertificateProvider
+        include Google::Apis::Core::Hashable
+        # Specification of a TLS certificate provider instance. Workloads may have one
+        # or more CertificateProvider instances (plugins) and one of them is enabled and
+        # configured by specifying this message. Workloads use the values from this
+        # message to locate and load the CertificateProvider instance configuration.
+        # Corresponds to the JSON property `certificateProviderInstance`
+        # @return [Google::Apis::NetworksecurityV1beta1::CertificateProviderInstance]
+        attr_accessor :certificate_provider_instance
+        # Specification of the GRPC Endpoint.
+        # Corresponds to the JSON property `grpcEndpoint`
+        # @return [Google::Apis::NetworksecurityV1beta1::GoogleCloudNetworksecurityV1beta1GrpcEndpoint]
+        attr_accessor :grpc_endpoint
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @certificate_provider_instance = args[:certificate_provider_instance] if args.key?(:certificate_provider_instance)
+          @grpc_endpoint = args[:grpc_endpoint] if args.key?(:grpc_endpoint)
+        end
+      end
+      # Specification of the GRPC Endpoint.
+      class GoogleCloudNetworksecurityV1beta1GrpcEndpoint
+        include Google::Apis::Core::Hashable
+        # Required. The target URI of the gRPC endpoint. Only UDS path is supported, and
+        # should start with "unix:".
+        # Corresponds to the JSON property `targetUri`
+        # @return [String]
+        attr_accessor :target_uri
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @target_uri = args[:target_uri] if args.key?(:target_uri)
+        end
+      end
+      # Specifies the audit configuration for a service. The configuration determines
+      # which permission types are logged, and what identities, if any, are exempted
+      # from logging. An AuditConfig must have one or more AuditLogConfigs. If there
+      # are AuditConfigs for both `allServices` and a specific service, the union of
+      # the two AuditConfigs is used for that service: the log_types specified in each
+      # AuditConfig are enabled, and the exempted_members in each AuditLogConfig are
+      # exempted. Example Policy with multiple AuditConfigs: ` "audit_configs": [ ` "
+      # service": "allServices", "audit_log_configs": [ ` "log_type": "DATA_READ", "
+      # exempted_members": [ "user:jose@example.com" ] `, ` "log_type": "DATA_WRITE" `,
+      # ` "log_type": "ADMIN_READ" ` ] `, ` "service": "sampleservice.googleapis.com",
+      # "audit_log_configs": [ ` "log_type": "DATA_READ" `, ` "log_type": "DATA_WRITE"
+      # , "exempted_members": [ "user:aliya@example.com" ] ` ] ` ] ` For sampleservice,
+      # this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also
+      # exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com`
+      # from DATA_WRITE logging.
+      class GoogleIamV1AuditConfig
+        include Google::Apis::Core::Hashable
+        # The configuration for logging of each type of permission.
+        # Corresponds to the JSON property `auditLogConfigs`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::GoogleIamV1AuditLogConfig>]
+        attr_accessor :audit_log_configs
+        # Specifies a service that will be enabled for audit logging. For example, `
+        # storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special
+        # value that covers all services.
+        # Corresponds to the JSON property `service`
+        # @return [String]
+        attr_accessor :service
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @audit_log_configs = args[:audit_log_configs] if args.key?(:audit_log_configs)
+          @service = args[:service] if args.key?(:service)
+        end
+      end
+      # Provides the configuration for logging a type of permissions. Example: ` "
+      # audit_log_configs": [ ` "log_type": "DATA_READ", "exempted_members": [ "user:
+      # jose@example.com" ] `, ` "log_type": "DATA_WRITE" ` ] ` This enables '
+      # DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from
+      # DATA_READ logging.
       class GoogleIamV1AuditLogConfig
         include Google::Apis::Core::Hashable
-        # Specifies the identities that do not cause logging for this type of permission.
-        # Follows the same format of Binding.members.
-        # Corresponds to the JSON property `exemptedMembers`
-        # @return [Array<String>]
-        attr_accessor :exempted_members
+        # Specifies the identities that do not cause logging for this type of permission.
+        # Follows the same format of Binding.members.
+        # Corresponds to the JSON property `exemptedMembers`
+        # @return [Array<String>]
+        attr_accessor :exempted_members
+        # The log type that this config enables.
+        # Corresponds to the JSON property `logType`
+        # @return [String]
+        attr_accessor :log_type
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @exempted_members = args[:exempted_members] if args.key?(:exempted_members)
+          @log_type = args[:log_type] if args.key?(:log_type)
+        end
+      end
+      # Associates `members`, or principals, with a `role`.
+      class GoogleIamV1Binding
+        include Google::Apis::Core::Hashable
+        # Represents a textual expression in the Common Expression Language (CEL) syntax.
+        # CEL is a C-like expression language. The syntax and semantics of CEL are
+        # documented at https://github.com/google/cel-spec. Example (Comparison): title:
+        # "Summary size limit" description: "Determines if a summary is less than 100
+        # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
+        # Requestor is owner" description: "Determines if requestor is the document
+        # owner" expression: "document.owner == request.auth.claims.email" Example (
+        # Logic): title: "Public documents" description: "Determine whether the document
+        # should be publicly visible" expression: "document.type != 'private' &&
+        # document.type != 'internal'" Example (Data Manipulation): title: "Notification
+        # string" description: "Create a notification string with a timestamp."
+        # expression: "'New message received at ' + string(document.create_time)" The
+        # exact variables and functions that may be referenced within an expression are
+        # determined by the service that evaluates it. See the service documentation for
+        # additional information.
+        # Corresponds to the JSON property `condition`
+        # @return [Google::Apis::NetworksecurityV1beta1::Expr]
+        attr_accessor :condition
+        # Specifies the principals requesting access for a Google Cloud resource. `
+        # members` can have the following values: * `allUsers`: A special identifier
+        # that represents anyone who is on the internet; with or without a Google
+        # account. * `allAuthenticatedUsers`: A special identifier that represents
+        # anyone who is authenticated with a Google account or a service account. Does
+        # not include identities that come from external identity providers (IdPs)
+        # through identity federation. * `user:`emailid``: An email address that
+        # represents a specific Google account. For example, `alice@example.com` . * `
+        # serviceAccount:`emailid``: An email address that represents a Google service
+        # account. For example, `my-other-app@appspot.gserviceaccount.com`. * `
+        # serviceAccount:`projectid`.svc.id.goog[`namespace`/`kubernetes-sa`]`: An
+        # identifier for a [Kubernetes service account](https://cloud.google.com/
+        # kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-
+        # project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:`emailid``: An
+        # email address that represents a Google group. For example, `admins@example.com`
+        # . * `domain:`domain``: The G Suite domain (primary) that represents all the
+        # users of that domain. For example, `google.com` or `example.com`. * `principal:
+        # //iam.googleapis.com/locations/global/workforcePools/`pool_id`/subject/`
+        # subject_attribute_value``: A single identity in a workforce identity pool. * `
+        # principalSet://iam.googleapis.com/locations/global/workforcePools/`pool_id`/
+        # group/`group_id``: All workforce identities in a group. * `principalSet://iam.
+        # googleapis.com/locations/global/workforcePools/`pool_id`/attribute.`
+        # attribute_name`/`attribute_value``: All workforce identities with a specific
+        # attribute value. * `principalSet://iam.googleapis.com/locations/global/
+        # workforcePools/`pool_id`/*`: All identities in a workforce identity pool. * `
+        # principal://iam.googleapis.com/projects/`project_number`/locations/global/
+        # workloadIdentityPools/`pool_id`/subject/`subject_attribute_value``: A single
+        # identity in a workload identity pool. * `principalSet://iam.googleapis.com/
+        # projects/`project_number`/locations/global/workloadIdentityPools/`pool_id`/
+        # group/`group_id``: A workload identity pool group. * `principalSet://iam.
+        # googleapis.com/projects/`project_number`/locations/global/
+        # workloadIdentityPools/`pool_id`/attribute.`attribute_name`/`attribute_value``:
+        # All identities in a workload identity pool with a certain attribute. * `
+        # principalSet://iam.googleapis.com/projects/`project_number`/locations/global/
+        # workloadIdentityPools/`pool_id`/*`: All identities in a workload identity pool.
+        # * `deleted:user:`emailid`?uid=`uniqueid``: An email address (plus unique
+        # identifier) representing a user that has been recently deleted. For example, `
+        # alice@example.com?uid=123456789012345678901`. If the user is recovered, this
+        # value reverts to `user:`emailid`` and the recovered user retains the role in
+        # the binding. * `deleted:serviceAccount:`emailid`?uid=`uniqueid``: An email
+        # address (plus unique identifier) representing a service account that has been
+        # recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=
+        # 123456789012345678901`. If the service account is undeleted, this value
+        # reverts to `serviceAccount:`emailid`` and the undeleted service account
+        # retains the role in the binding. * `deleted:group:`emailid`?uid=`uniqueid``:
+        # An email address (plus unique identifier) representing a Google group that has
+        # been recently deleted. For example, `admins@example.com?uid=
+        # 123456789012345678901`. If the group is recovered, this value reverts to `
+        # group:`emailid`` and the recovered group retains the role in the binding. * `
+        # deleted:principal://iam.googleapis.com/locations/global/workforcePools/`
+        # pool_id`/subject/`subject_attribute_value``: Deleted single identity in a
+        # workforce identity pool. For example, `deleted:principal://iam.googleapis.com/
+        # locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
+        # Corresponds to the JSON property `members`
+        # @return [Array<String>]
+        attr_accessor :members
+        # Role that is assigned to the list of `members`, or principals. For example, `
+        # roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM
+        # roles and permissions, see the [IAM documentation](https://cloud.google.com/
+        # iam/docs/roles-overview). For a list of the available pre-defined roles, see [
+        # here](https://cloud.google.com/iam/docs/understanding-roles).
+        # Corresponds to the JSON property `role`
+        # @return [String]
+        attr_accessor :role
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @condition = args[:condition] if args.key?(:condition)
+          @members = args[:members] if args.key?(:members)
+          @role = args[:role] if args.key?(:role)
+        end
+      end
+      # An Identity and Access Management (IAM) policy, which specifies access
+      # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
+      # A `binding` binds one or more `members`, or principals, to a single `role`.
+      # Principals can be user accounts, service accounts, Google groups, and domains (
+      # such as G Suite). A `role` is a named list of permissions; each `role` can be
+      # an IAM predefined role or a user-created custom role. For some types of Google
+      # Cloud resources, a `binding` can also specify a `condition`, which is a
+      # logical expression that allows access to a resource only if the expression
+      # evaluates to `true`. A condition can add constraints based on attributes of
+      # the request, the resource, or both. To learn which resources support
+      # conditions in their IAM policies, see the [IAM documentation](https://cloud.
+      # google.com/iam/help/conditions/resource-policies). **JSON example:** ``` ` "
+      # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
+      # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
+      # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
+      # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
+      # ], "condition": ` "title": "expirable access", "description": "Does not grant
+      # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
+      # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` ``` **YAML
+      # example:** ``` bindings: - members: - user:mike@example.com - group:admins@
+      # example.com - domain:google.com - serviceAccount:my-project-id@appspot.
+      # gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: -
+      # user:eve@example.com role: roles/resourcemanager.organizationViewer condition:
+      # title: expirable access description: Does not grant access after Sep 2020
+      # expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag:
+      # BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the
+      # [IAM documentation](https://cloud.google.com/iam/docs/).
+      class GoogleIamV1Policy
+        include Google::Apis::Core::Hashable
+        # Specifies cloud audit logging configuration for this policy.
+        # Corresponds to the JSON property `auditConfigs`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::GoogleIamV1AuditConfig>]
+        attr_accessor :audit_configs
+        # Associates a list of `members`, or principals, with a `role`. Optionally, may
+        # specify a `condition` that determines how and when the `bindings` are applied.
+        # Each of the `bindings` must contain at least one principal. The `bindings` in
+        # a `Policy` can refer to up to 1,500 principals; up to 250 of these principals
+        # can be Google groups. Each occurrence of a principal counts towards these
+        # limits. For example, if the `bindings` grant 50 different roles to `user:alice@
+        # example.com`, and not to any other principal, then you can add another 1,450
+        # principals to the `bindings` in the `Policy`.
+        # Corresponds to the JSON property `bindings`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::GoogleIamV1Binding>]
+        attr_accessor :bindings
+        # `etag` is used for optimistic concurrency control as a way to help prevent
+        # simultaneous updates of a policy from overwriting each other. It is strongly
+        # suggested that systems make use of the `etag` in the read-modify-write cycle
+        # to perform policy updates in order to avoid race conditions: An `etag` is
+        # returned in the response to `getIamPolicy`, and systems are expected to put
+        # that etag in the request to `setIamPolicy` to ensure that their change will be
+        # applied to the same version of the policy. **Important:** If you use IAM
+        # Conditions, you must include the `etag` field whenever you call `setIamPolicy`.
+        # If you omit this field, then IAM allows you to overwrite a version `3` policy
+        # with a version `1` policy, and all of the conditions in the version `3` policy
+        # are lost.
+        # Corresponds to the JSON property `etag`
+        # NOTE: Values are automatically base64 encoded/decoded in the client library.
+        # @return [String]
+        attr_accessor :etag
+        # Specifies the format of the policy. Valid values are `0`, `1`, and `3`.
+        # Requests that specify an invalid value are rejected. Any operation that
+        # affects conditional role bindings must specify version `3`. This requirement
+        # applies to the following operations: * Getting a policy that includes a
+        # conditional role binding * Adding a conditional role binding to a policy *
+        # Changing a conditional role binding in a policy * Removing any role binding,
+        # with or without a condition, from a policy that includes conditions **
+        # Important:** If you use IAM Conditions, you must include the `etag` field
+        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
+        # to overwrite a version `3` policy with a version `1` policy, and all of the
+        # conditions in the version `3` policy are lost. If a policy does not include
+        # any conditions, operations on that policy may specify any valid version or
+        # leave the field unset. To learn which resources support conditions in their
+        # IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/
+        # conditions/resource-policies).
+        # Corresponds to the JSON property `version`
+        # @return [Fixnum]
+        attr_accessor :version
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @audit_configs = args[:audit_configs] if args.key?(:audit_configs)
+          @bindings = args[:bindings] if args.key?(:bindings)
+          @etag = args[:etag] if args.key?(:etag)
+          @version = args[:version] if args.key?(:version)
+        end
+      end
+      # Request message for `SetIamPolicy` method.
+      class GoogleIamV1SetIamPolicyRequest
+        include Google::Apis::Core::Hashable
+        # An Identity and Access Management (IAM) policy, which specifies access
+        # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
+        # A `binding` binds one or more `members`, or principals, to a single `role`.
+        # Principals can be user accounts, service accounts, Google groups, and domains (
+        # such as G Suite). A `role` is a named list of permissions; each `role` can be
+        # an IAM predefined role or a user-created custom role. For some types of Google
+        # Cloud resources, a `binding` can also specify a `condition`, which is a
+        # logical expression that allows access to a resource only if the expression
+        # evaluates to `true`. A condition can add constraints based on attributes of
+        # the request, the resource, or both. To learn which resources support
+        # conditions in their IAM policies, see the [IAM documentation](https://cloud.
+        # google.com/iam/help/conditions/resource-policies). **JSON example:** ``` ` "
+        # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
+        # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
+        # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
+        # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
+        # ], "condition": ` "title": "expirable access", "description": "Does not grant
+        # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
+        # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` ``` **YAML
+        # example:** ``` bindings: - members: - user:mike@example.com - group:admins@
+        # example.com - domain:google.com - serviceAccount:my-project-id@appspot.
+        # gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: -
+        # user:eve@example.com role: roles/resourcemanager.organizationViewer condition:
+        # title: expirable access description: Does not grant access after Sep 2020
+        # expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag:
+        # BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the
+        # [IAM documentation](https://cloud.google.com/iam/docs/).
+        # Corresponds to the JSON property `policy`
+        # @return [Google::Apis::NetworksecurityV1beta1::GoogleIamV1Policy]
+        attr_accessor :policy
-        # The log type that this config enables.
-        # Corresponds to the JSON property `logType`
+        # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
+        # the fields in the mask will be modified. If no mask is provided, the following
+        # default mask is used: `paths: "bindings, etag"`
+        # Corresponds to the JSON property `updateMask`
         # @return [String]
-        attr_accessor :log_type
+        attr_accessor :update_mask
         def initialize(**args)
            update!(**args)
@@ -873,99 +1673,131 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @exempted_members = args[:exempted_members] if args.key?(:exempted_members)
-          @log_type = args[:log_type] if args.key?(:log_type)
+          @policy = args[:policy] if args.key?(:policy)
+          @update_mask = args[:update_mask] if args.key?(:update_mask)
         end
       end
-      # Associates `members`, or principals, with a `role`.
-      class GoogleIamV1Binding
+      # Request message for `TestIamPermissions` method.
+      class GoogleIamV1TestIamPermissionsRequest
         include Google::Apis::Core::Hashable
-        # Represents a textual expression in the Common Expression Language (CEL) syntax.
-        # CEL is a C-like expression language. The syntax and semantics of CEL are
-        # documented at https://github.com/google/cel-spec. Example (Comparison): title:
-        # "Summary size limit" description: "Determines if a summary is less than 100
-        # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
-        # Requestor is owner" description: "Determines if requestor is the document
-        # owner" expression: "document.owner == request.auth.claims.email" Example (
-        # Logic): title: "Public documents" description: "Determine whether the document
-        # should be publicly visible" expression: "document.type != 'private' &&
-        # document.type != 'internal'" Example (Data Manipulation): title: "Notification
-        # string" description: "Create a notification string with a timestamp."
-        # expression: "'New message received at ' + string(document.create_time)" The
-        # exact variables and functions that may be referenced within an expression are
-        # determined by the service that evaluates it. See the service documentation for
-        # additional information.
-        # Corresponds to the JSON property `condition`
-        # @return [Google::Apis::NetworksecurityV1beta1::Expr]
-        attr_accessor :condition
+        # The set of permissions to check for the `resource`. Permissions with wildcards
+        # (such as `*` or `storage.*`) are not allowed. For more information see [IAM
+        # Overview](https://cloud.google.com/iam/docs/overview#permissions).
+        # Corresponds to the JSON property `permissions`
+        # @return [Array<String>]
+        attr_accessor :permissions
-        # Specifies the principals requesting access for a Google Cloud resource. `
-        # members` can have the following values: * `allUsers`: A special identifier
-        # that represents anyone who is on the internet; with or without a Google
-        # account. * `allAuthenticatedUsers`: A special identifier that represents
-        # anyone who is authenticated with a Google account or a service account. Does
-        # not include identities that come from external identity providers (IdPs)
-        # through identity federation. * `user:`emailid``: An email address that
-        # represents a specific Google account. For example, `alice@example.com` . * `
-        # serviceAccount:`emailid``: An email address that represents a Google service
-        # account. For example, `my-other-app@appspot.gserviceaccount.com`. * `
-        # serviceAccount:`projectid`.svc.id.goog[`namespace`/`kubernetes-sa`]`: An
-        # identifier for a [Kubernetes service account](https://cloud.google.com/
-        # kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-
-        # project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:`emailid``: An
-        # email address that represents a Google group. For example, `admins@example.com`
-        # . * `domain:`domain``: The G Suite domain (primary) that represents all the
-        # users of that domain. For example, `google.com` or `example.com`. * `principal:
-        # //iam.googleapis.com/locations/global/workforcePools/`pool_id`/subject/`
-        # subject_attribute_value``: A single identity in a workforce identity pool. * `
-        # principalSet://iam.googleapis.com/locations/global/workforcePools/`pool_id`/
-        # group/`group_id``: All workforce identities in a group. * `principalSet://iam.
-        # googleapis.com/locations/global/workforcePools/`pool_id`/attribute.`
-        # attribute_name`/`attribute_value``: All workforce identities with a specific
-        # attribute value. * `principalSet://iam.googleapis.com/locations/global/
-        # workforcePools/`pool_id`/*`: All identities in a workforce identity pool. * `
-        # principal://iam.googleapis.com/projects/`project_number`/locations/global/
-        # workloadIdentityPools/`pool_id`/subject/`subject_attribute_value``: A single
-        # identity in a workload identity pool. * `principalSet://iam.googleapis.com/
-        # projects/`project_number`/locations/global/workloadIdentityPools/`pool_id`/
-        # group/`group_id``: A workload identity pool group. * `principalSet://iam.
-        # googleapis.com/projects/`project_number`/locations/global/
-        # workloadIdentityPools/`pool_id`/attribute.`attribute_name`/`attribute_value``:
-        # All identities in a workload identity pool with a certain attribute. * `
-        # principalSet://iam.googleapis.com/projects/`project_number`/locations/global/
-        # workloadIdentityPools/`pool_id`/*`: All identities in a workload identity pool.
-        # * `deleted:user:`emailid`?uid=`uniqueid``: An email address (plus unique
-        # identifier) representing a user that has been recently deleted. For example, `
-        # alice@example.com?uid=123456789012345678901`. If the user is recovered, this
-        # value reverts to `user:`emailid`` and the recovered user retains the role in
-        # the binding. * `deleted:serviceAccount:`emailid`?uid=`uniqueid``: An email
-        # address (plus unique identifier) representing a service account that has been
-        # recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=
-        # 123456789012345678901`. If the service account is undeleted, this value
-        # reverts to `serviceAccount:`emailid`` and the undeleted service account
-        # retains the role in the binding. * `deleted:group:`emailid`?uid=`uniqueid``:
-        # An email address (plus unique identifier) representing a Google group that has
-        # been recently deleted. For example, `admins@example.com?uid=
-        # 123456789012345678901`. If the group is recovered, this value reverts to `
-        # group:`emailid`` and the recovered group retains the role in the binding. * `
-        # deleted:principal://iam.googleapis.com/locations/global/workforcePools/`
-        # pool_id`/subject/`subject_attribute_value``: Deleted single identity in a
-        # workforce identity pool. For example, `deleted:principal://iam.googleapis.com/
-        # locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
-        # Corresponds to the JSON property `members`
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @permissions = args[:permissions] if args.key?(:permissions)
+        end
+      end
+      # Response message for `TestIamPermissions` method.
+      class GoogleIamV1TestIamPermissionsResponse
+        include Google::Apis::Core::Hashable
+        # A subset of `TestPermissionsRequest.permissions` that the caller is allowed.
+        # Corresponds to the JSON property `permissions`
         # @return [Array<String>]
-        attr_accessor :members
+        attr_accessor :permissions
-        # Role that is assigned to the list of `members`, or principals. For example, `
-        # roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM
-        # roles and permissions, see the [IAM documentation](https://cloud.google.com/
-        # iam/docs/roles-overview). For a list of the available pre-defined roles, see [
-        # here](https://cloud.google.com/iam/docs/understanding-roles).
-        # Corresponds to the JSON property `role`
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @permissions = args[:permissions] if args.key?(:permissions)
+        end
+      end
+      # Specification of HTTP header match attributes.
+      class HttpHeaderMatch
+        include Google::Apis::Core::Hashable
+        # Required. The name of the HTTP header to match. For matching against the HTTP
+        # request's authority, use a headerMatch with the header name ":authority". For
+        # matching a request's method, use the headerName ":method".
+        # Corresponds to the JSON property `headerName`
+        # @return [String]
+        attr_accessor :header_name
+        # Required. The value of the header must match the regular expression specified
+        # in regexMatch. For regular expression grammar, please see: en.cppreference.com/
+        # w/cpp/regex/ecmascript For matching against a port specified in the HTTP
+        # request, use a headerMatch with headerName set to Host and a regular
+        # expression that satisfies the RFC2616 Host header's port specifier.
+        # Corresponds to the JSON property `regexMatch`
+        # @return [String]
+        attr_accessor :regex_match
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @header_name = args[:header_name] if args.key?(:header_name)
+          @regex_match = args[:regex_match] if args.key?(:regex_match)
+        end
+      end
+      # Message describing InterceptDeployment object
+      class InterceptDeployment
+        include Google::Apis::Core::Hashable
+        # Output only. [Output only] Create time stamp
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+        # Required. Immutable. The regional load balancer which the intercepted traffic
+        # should be forwarded to. Format is: projects/`project`/regions/`region`/
+        # forwardingRules/`forwardingRule`
+        # Corresponds to the JSON property `forwardingRule`
+        # @return [String]
+        attr_accessor :forwarding_rule
+        # Required. Immutable. The Intercept Deployment Group that this resource is part
+        # of. Format is: `projects/`project`/locations/global/interceptDeploymentGroups/`
+        # interceptDeploymentGroup``
+        # Corresponds to the JSON property `interceptDeploymentGroup`
+        # @return [String]
+        attr_accessor :intercept_deployment_group
+        # Optional. Labels as key value pairs
+        # Corresponds to the JSON property `labels`
+        # @return [Hash<String,String>]
+        attr_accessor :labels
+        # Immutable. Identifier. The name of the InterceptDeployment.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Output only. Whether reconciling is in progress, recommended per https://
+        # google.aip.dev/128.
+        # Corresponds to the JSON property `reconciling`
+        # @return [Boolean]
+        attr_accessor :reconciling
+        alias_method :reconciling?, :reconciling
+        # Output only. Current state of the deployment.
+        # Corresponds to the JSON property `state`
         # @return [String]
-        attr_accessor :role
+        attr_accessor :state
+        # Output only. [Output only] Update time stamp
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
         def initialize(**args)
            update!(**args)
@@ -973,93 +1805,64 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @condition = args[:condition] if args.key?(:condition)
-          @members = args[:members] if args.key?(:members)
-          @role = args[:role] if args.key?(:role)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @forwarding_rule = args[:forwarding_rule] if args.key?(:forwarding_rule)
+          @intercept_deployment_group = args[:intercept_deployment_group] if args.key?(:intercept_deployment_group)
+          @labels = args[:labels] if args.key?(:labels)
+          @name = args[:name] if args.key?(:name)
+          @reconciling = args[:reconciling] if args.key?(:reconciling)
+          @state = args[:state] if args.key?(:state)
+          @update_time = args[:update_time] if args.key?(:update_time)
         end
       end
-      # An Identity and Access Management (IAM) policy, which specifies access
-      # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
-      # A `binding` binds one or more `members`, or principals, to a single `role`.
-      # Principals can be user accounts, service accounts, Google groups, and domains (
-      # such as G Suite). A `role` is a named list of permissions; each `role` can be
-      # an IAM predefined role or a user-created custom role. For some types of Google
-      # Cloud resources, a `binding` can also specify a `condition`, which is a
-      # logical expression that allows access to a resource only if the expression
-      # evaluates to `true`. A condition can add constraints based on attributes of
-      # the request, the resource, or both. To learn which resources support
-      # conditions in their IAM policies, see the [IAM documentation](https://cloud.
-      # google.com/iam/help/conditions/resource-policies). **JSON example:** ``` ` "
-      # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
-      # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
-      # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
-      # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
-      # ], "condition": ` "title": "expirable access", "description": "Does not grant
-      # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
-      # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` ``` **YAML
-      # example:** ``` bindings: - members: - user:mike@example.com - group:admins@
-      # example.com - domain:google.com - serviceAccount:my-project-id@appspot.
-      # gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: -
-      # user:eve@example.com role: roles/resourcemanager.organizationViewer condition:
-      # title: expirable access description: Does not grant access after Sep 2020
-      # expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag:
-      # BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the
-      # [IAM documentation](https://cloud.google.com/iam/docs/).
-      class GoogleIamV1Policy
+      # Message describing InterceptDeploymentGroup object
+      class InterceptDeploymentGroup
         include Google::Apis::Core::Hashable
-        # Specifies cloud audit logging configuration for this policy.
-        # Corresponds to the JSON property `auditConfigs`
-        # @return [Array<Google::Apis::NetworksecurityV1beta1::GoogleIamV1AuditConfig>]
-        attr_accessor :audit_configs
+        # Output only. The list of Intercept Endpoint Groups that are connected to this
+        # resource.
+        # Corresponds to the JSON property `connectedEndpointGroups`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptDeploymentGroupConnectedEndpointGroup>]
+        attr_accessor :connected_endpoint_groups
-        # Associates a list of `members`, or principals, with a `role`. Optionally, may
-        # specify a `condition` that determines how and when the `bindings` are applied.
-        # Each of the `bindings` must contain at least one principal. The `bindings` in
-        # a `Policy` can refer to up to 1,500 principals; up to 250 of these principals
-        # can be Google groups. Each occurrence of a principal counts towards these
-        # limits. For example, if the `bindings` grant 50 different roles to `user:alice@
-        # example.com`, and not to any other principal, then you can add another 1,450
-        # principals to the `bindings` in the `Policy`.
-        # Corresponds to the JSON property `bindings`
-        # @return [Array<Google::Apis::NetworksecurityV1beta1::GoogleIamV1Binding>]
-        attr_accessor :bindings
+        # Output only. [Output only] Create time stamp
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
-        # `etag` is used for optimistic concurrency control as a way to help prevent
-        # simultaneous updates of a policy from overwriting each other. It is strongly
-        # suggested that systems make use of the `etag` in the read-modify-write cycle
-        # to perform policy updates in order to avoid race conditions: An `etag` is
-        # returned in the response to `getIamPolicy`, and systems are expected to put
-        # that etag in the request to `setIamPolicy` to ensure that their change will be
-        # applied to the same version of the policy. **Important:** If you use IAM
-        # Conditions, you must include the `etag` field whenever you call `setIamPolicy`.
-        # If you omit this field, then IAM allows you to overwrite a version `3` policy
-        # with a version `1` policy, and all of the conditions in the version `3` policy
-        # are lost.
-        # Corresponds to the JSON property `etag`
-        # NOTE: Values are automatically base64 encoded/decoded in the client library.
+        # Optional. Labels as key value pairs
+        # Corresponds to the JSON property `labels`
+        # @return [Hash<String,String>]
+        attr_accessor :labels
+        # Immutable. Identifier. Then name of the InterceptDeploymentGroup.
+        # Corresponds to the JSON property `name`
         # @return [String]
-        attr_accessor :etag
+        attr_accessor :name
-        # Specifies the format of the policy. Valid values are `0`, `1`, and `3`.
-        # Requests that specify an invalid value are rejected. Any operation that
-        # affects conditional role bindings must specify version `3`. This requirement
-        # applies to the following operations: * Getting a policy that includes a
-        # conditional role binding * Adding a conditional role binding to a policy *
-        # Changing a conditional role binding in a policy * Removing any role binding,
-        # with or without a condition, from a policy that includes conditions **
-        # Important:** If you use IAM Conditions, you must include the `etag` field
-        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
-        # to overwrite a version `3` policy with a version `1` policy, and all of the
-        # conditions in the version `3` policy are lost. If a policy does not include
-        # any conditions, operations on that policy may specify any valid version or
-        # leave the field unset. To learn which resources support conditions in their
-        # IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/
-        # conditions/resource-policies).
-        # Corresponds to the JSON property `version`
-        # @return [Fixnum]
-        attr_accessor :version
+        # Required. Immutable. The network that is being used for the deployment. Format
+        # is: projects/`project`/global/networks/`network`.
+        # Corresponds to the JSON property `network`
+        # @return [String]
+        attr_accessor :network
+        # Output only. Whether reconciling is in progress, recommended per https://
+        # google.aip.dev/128.
+        # Corresponds to the JSON property `reconciling`
+        # @return [Boolean]
+        attr_accessor :reconciling
+        alias_method :reconciling?, :reconciling
+        # Output only. Current state of the deployment group.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
+        # Output only. [Output only] Update time stamp
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
         def initialize(**args)
            update!(**args)
@@ -1067,54 +1870,90 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @audit_configs = args[:audit_configs] if args.key?(:audit_configs)
-          @bindings = args[:bindings] if args.key?(:bindings)
-          @etag = args[:etag] if args.key?(:etag)
-          @version = args[:version] if args.key?(:version)
+          @connected_endpoint_groups = args[:connected_endpoint_groups] if args.key?(:connected_endpoint_groups)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @labels = args[:labels] if args.key?(:labels)
+          @name = args[:name] if args.key?(:name)
+          @network = args[:network] if args.key?(:network)
+          @reconciling = args[:reconciling] if args.key?(:reconciling)
+          @state = args[:state] if args.key?(:state)
+          @update_time = args[:update_time] if args.key?(:update_time)
         end
       end
-      # Request message for `SetIamPolicy` method.
-      class GoogleIamV1SetIamPolicyRequest
+      # An endpoint group connected to this deployment group.
+      class InterceptDeploymentGroupConnectedEndpointGroup
         include Google::Apis::Core::Hashable
-        # An Identity and Access Management (IAM) policy, which specifies access
-        # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
-        # A `binding` binds one or more `members`, or principals, to a single `role`.
-        # Principals can be user accounts, service accounts, Google groups, and domains (
-        # such as G Suite). A `role` is a named list of permissions; each `role` can be
-        # an IAM predefined role or a user-created custom role. For some types of Google
-        # Cloud resources, a `binding` can also specify a `condition`, which is a
-        # logical expression that allows access to a resource only if the expression
-        # evaluates to `true`. A condition can add constraints based on attributes of
-        # the request, the resource, or both. To learn which resources support
-        # conditions in their IAM policies, see the [IAM documentation](https://cloud.
-        # google.com/iam/help/conditions/resource-policies). **JSON example:** ``` ` "
-        # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
-        # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
-        # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
-        # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
-        # ], "condition": ` "title": "expirable access", "description": "Does not grant
-        # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
-        # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` ``` **YAML
-        # example:** ``` bindings: - members: - user:mike@example.com - group:admins@
-        # example.com - domain:google.com - serviceAccount:my-project-id@appspot.
-        # gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: -
-        # user:eve@example.com role: roles/resourcemanager.organizationViewer condition:
-        # title: expirable access description: Does not grant access after Sep 2020
-        # expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag:
-        # BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the
-        # [IAM documentation](https://cloud.google.com/iam/docs/).
-        # Corresponds to the JSON property `policy`
-        # @return [Google::Apis::NetworksecurityV1beta1::GoogleIamV1Policy]
-        attr_accessor :policy
+        # Output only. A connected intercept endpoint group.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
-        # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
-        # the fields in the mask will be modified. If no mask is provided, the following
-        # default mask is used: `paths: "bindings, etag"`
-        # Corresponds to the JSON property `updateMask`
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @name = args[:name] if args.key?(:name)
+        end
+      end
+      # Message describing InterceptEndpointGroup object.
+      class InterceptEndpointGroup
+        include Google::Apis::Core::Hashable
+        # Output only. List of Intercept Endpoint Group Associations that are associated
+        # to this endpoint group.
+        # Corresponds to the JSON property `associations`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptEndpointGroupAssociationDetails>]
+        attr_accessor :associations
+        # Output only. [Output only] Create time stamp
+        # Corresponds to the JSON property `createTime`
         # @return [String]
-        attr_accessor :update_mask
+        attr_accessor :create_time
+        # Optional. User-provided description of the endpoint group. Used as additional
+        # context for the endpoint group.
+        # Corresponds to the JSON property `description`
+        # @return [String]
+        attr_accessor :description
+        # Required. Immutable. The Intercept Deployment Group that this resource is
+        # connected to. Format is: `projects/`project`/locations/global/
+        # interceptDeploymentGroups/`interceptDeploymentGroup``
+        # Corresponds to the JSON property `interceptDeploymentGroup`
+        # @return [String]
+        attr_accessor :intercept_deployment_group
+        # Optional. Labels as key value pairs
+        # Corresponds to the JSON property `labels`
+        # @return [Hash<String,String>]
+        attr_accessor :labels
+        # Immutable. Identifier. The name of the InterceptEndpointGroup.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Output only. Whether reconciling is in progress, recommended per https://
+        # google.aip.dev/128.
+        # Corresponds to the JSON property `reconciling`
+        # @return [Boolean]
+        attr_accessor :reconciling
+        alias_method :reconciling?, :reconciling
+        # Output only. Current state of the endpoint group.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
+        # Output only. [Output only] Update time stamp
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
         def initialize(**args)
            update!(**args)
@@ -1122,21 +1961,71 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @policy = args[:policy] if args.key?(:policy)
-          @update_mask = args[:update_mask] if args.key?(:update_mask)
+          @associations = args[:associations] if args.key?(:associations)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @description = args[:description] if args.key?(:description)
+          @intercept_deployment_group = args[:intercept_deployment_group] if args.key?(:intercept_deployment_group)
+          @labels = args[:labels] if args.key?(:labels)
+          @name = args[:name] if args.key?(:name)
+          @reconciling = args[:reconciling] if args.key?(:reconciling)
+          @state = args[:state] if args.key?(:state)
+          @update_time = args[:update_time] if args.key?(:update_time)
         end
       end
-      # Request message for `TestIamPermissions` method.
-      class GoogleIamV1TestIamPermissionsRequest
-        include Google::Apis::Core::Hashable
+      # Message describing InterceptEndpointGroupAssociation object
+      class InterceptEndpointGroupAssociation
+        include Google::Apis::Core::Hashable
+        # Output only. [Output only] Create time stamp
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+        # Required. Immutable. The Intercept Endpoint Group that this resource is
+        # connected to. Format is: `projects/`project`/locations/global/
+        # interceptEndpointGroups/`interceptEndpointGroup``
+        # Corresponds to the JSON property `interceptEndpointGroup`
+        # @return [String]
+        attr_accessor :intercept_endpoint_group
+        # Optional. Labels as key value pairs
+        # Corresponds to the JSON property `labels`
+        # @return [Hash<String,String>]
+        attr_accessor :labels
+        # Output only. The list of locations that this association is in and its details.
+        # Corresponds to the JSON property `locationsDetails`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptEndpointGroupAssociationLocationDetails>]
+        attr_accessor :locations_details
+        # Immutable. Identifier. The name of the InterceptEndpointGroupAssociation.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Required. Immutable. The VPC network associated. Format: projects/`project`/
+        # global/networks/`network`.
+        # Corresponds to the JSON property `network`
+        # @return [String]
+        attr_accessor :network
+        # Output only. Whether reconciling is in progress, recommended per https://
+        # google.aip.dev/128.
+        # Corresponds to the JSON property `reconciling`
+        # @return [Boolean]
+        attr_accessor :reconciling
+        alias_method :reconciling?, :reconciling
+        # Output only. Current state of the endpoint group association.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
-        # The set of permissions to check for the `resource`. Permissions with wildcards
-        # (such as `*` or `storage.*`) are not allowed. For more information see [IAM
-        # Overview](https://cloud.google.com/iam/docs/overview#permissions).
-        # Corresponds to the JSON property `permissions`
-        # @return [Array<String>]
-        attr_accessor :permissions
+        # Output only. [Output only] Update time stamp
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
         def initialize(**args)
            update!(**args)
@@ -1144,18 +2033,40 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @permissions = args[:permissions] if args.key?(:permissions)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @intercept_endpoint_group = args[:intercept_endpoint_group] if args.key?(:intercept_endpoint_group)
+          @labels = args[:labels] if args.key?(:labels)
+          @locations_details = args[:locations_details] if args.key?(:locations_details)
+          @name = args[:name] if args.key?(:name)
+          @network = args[:network] if args.key?(:network)
+          @reconciling = args[:reconciling] if args.key?(:reconciling)
+          @state = args[:state] if args.key?(:state)
+          @update_time = args[:update_time] if args.key?(:update_time)
         end
       end
-      # Response message for `TestIamPermissions` method.
-      class GoogleIamV1TestIamPermissionsResponse
+      # This is a subset of the InterceptEndpointGroupAssociation message, containing
+      # fields to be used by the consumer.
+      class InterceptEndpointGroupAssociationDetails
         include Google::Apis::Core::Hashable
-        # A subset of `TestPermissionsRequest.permissions` that the caller is allowed.
-        # Corresponds to the JSON property `permissions`
-        # @return [Array<String>]
-        attr_accessor :permissions
+        # Output only. The resource name of the InterceptEndpointGroupAssociation.
+        # Format: projects/`project`/locations/`location`/
+        # interceptEndpointGroupAssociations/`interceptEndpointGroupAssociation`
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Output only. The VPC network associated. Format: projects/`project`/global/
+        # networks/`name`.
+        # Corresponds to the JSON property `network`
+        # @return [String]
+        attr_accessor :network
+        # Output only. Current state of the association.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
         def initialize(**args)
            update!(**args)
@@ -1163,29 +2074,25 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @permissions = args[:permissions] if args.key?(:permissions)
+          @name = args[:name] if args.key?(:name)
+          @network = args[:network] if args.key?(:network)
+          @state = args[:state] if args.key?(:state)
         end
       end
-      # Specification of HTTP header match attributes.
-      class HttpHeaderMatch
+      # Details about the association status in a specific cloud location.
+      class InterceptEndpointGroupAssociationLocationDetails
         include Google::Apis::Core::Hashable
-        # Required. The name of the HTTP header to match. For matching against the HTTP
-        # request's authority, use a headerMatch with the header name ":authority". For
-        # matching a request's method, use the headerName ":method".
-        # Corresponds to the JSON property `headerName`
+        # Output only. The cloud location.
+        # Corresponds to the JSON property `location`
         # @return [String]
-        attr_accessor :header_name
+        attr_accessor :location
-        # Required. The value of the header must match the regular expression specified
-        # in regexMatch. For regular expression grammar, please see: en.cppreference.com/
-        # w/cpp/regex/ecmascript For matching against a port specified in the HTTP
-        # request, use a headerMatch with headerName set to Host and a regular
-        # expression that satisfies the RFC2616 Host header's port specifier.
-        # Corresponds to the JSON property `regexMatch`
+        # Output only. The association state in this location.
+        # Corresponds to the JSON property `state`
         # @return [String]
-        attr_accessor :regex_match
+        attr_accessor :state
         def initialize(**args)
            update!(**args)
@@ -1193,8 +2100,8 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @header_name = args[:header_name] if args.key?(:header_name)
-          @regex_match = args[:regex_match] if args.key?(:regex_match)
+          @location = args[:location] if args.key?(:location)
+          @state = args[:state] if args.key?(:state)
         end
       end
@@ -1310,6 +2217,37 @@ module Google
         end
       end
+      # Message for response to listing `AuthzPolicy` resources.
+      class ListAuthzPoliciesResponse
+        include Google::Apis::Core::Hashable
+        # The list of `AuthzPolicy` resources.
+        # Corresponds to the JSON property `authzPolicies`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicy>]
+        attr_accessor :authz_policies
+        # A token identifying a page of results that the server returns.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+        # Locations that could not be reached.
+        # Corresponds to the JSON property `unreachable`
+        # @return [Array<String>]
+        attr_accessor :unreachable
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @authz_policies = args[:authz_policies] if args.key?(:authz_policies)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+          @unreachable = args[:unreachable] if args.key?(:unreachable)
+        end
+      end
       # Response returned by the ListClientTlsPolicies method.
       class ListClientTlsPoliciesResponse
         include Google::Apis::Core::Hashable
@@ -1459,22 +2397,234 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @gateway_security_policy_rules = args[:gateway_security_policy_rules] if args.key?(:gateway_security_policy_rules)
+          @gateway_security_policy_rules = args[:gateway_security_policy_rules] if args.key?(:gateway_security_policy_rules)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+          @unreachable = args[:unreachable] if args.key?(:unreachable)
+        end
+      end
+      # Message for response to listing InterceptDeploymentGroups
+      class ListInterceptDeploymentGroupsResponse
+        include Google::Apis::Core::Hashable
+        # The list of InterceptDeploymentGroup
+        # Corresponds to the JSON property `interceptDeploymentGroups`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptDeploymentGroup>]
+        attr_accessor :intercept_deployment_groups
+        # A token identifying a page of results the server should return.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @intercept_deployment_groups = args[:intercept_deployment_groups] if args.key?(:intercept_deployment_groups)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+        end
+      end
+      # Message for response to listing InterceptDeployments
+      class ListInterceptDeploymentsResponse
+        include Google::Apis::Core::Hashable
+        # The list of InterceptDeployment
+        # Corresponds to the JSON property `interceptDeployments`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptDeployment>]
+        attr_accessor :intercept_deployments
+        # A token identifying a page of results the server should return.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+        # Locations that could not be reached.
+        # Corresponds to the JSON property `unreachable`
+        # @return [Array<String>]
+        attr_accessor :unreachable
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @intercept_deployments = args[:intercept_deployments] if args.key?(:intercept_deployments)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+          @unreachable = args[:unreachable] if args.key?(:unreachable)
+        end
+      end
+      # Message for response to listing InterceptEndpointGroupAssociations
+      class ListInterceptEndpointGroupAssociationsResponse
+        include Google::Apis::Core::Hashable
+        # The list of InterceptEndpointGroupAssociation
+        # Corresponds to the JSON property `interceptEndpointGroupAssociations`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptEndpointGroupAssociation>]
+        attr_accessor :intercept_endpoint_group_associations
+        # A token identifying a page of results the server should return.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @intercept_endpoint_group_associations = args[:intercept_endpoint_group_associations] if args.key?(:intercept_endpoint_group_associations)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+        end
+      end
+      # Message for response to listing InterceptEndpointGroups
+      class ListInterceptEndpointGroupsResponse
+        include Google::Apis::Core::Hashable
+        # The list of InterceptEndpointGroup
+        # Corresponds to the JSON property `interceptEndpointGroups`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptEndpointGroup>]
+        attr_accessor :intercept_endpoint_groups
+        # A token identifying a page of results the server should return.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @intercept_endpoint_groups = args[:intercept_endpoint_groups] if args.key?(:intercept_endpoint_groups)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+        end
+      end
+      # The response message for Locations.ListLocations.
+      class ListLocationsResponse
+        include Google::Apis::Core::Hashable
+        # A list of locations that matches the specified filter in the request.
+        # Corresponds to the JSON property `locations`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::Location>]
+        attr_accessor :locations
+        # The standard List next-page token.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @locations = args[:locations] if args.key?(:locations)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+        end
+      end
+      # Message for response to listing MirroringDeploymentGroups
+      class ListMirroringDeploymentGroupsResponse
+        include Google::Apis::Core::Hashable
+        # The list of MirroringDeploymentGroup
+        # Corresponds to the JSON property `mirroringDeploymentGroups`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::MirroringDeploymentGroup>]
+        attr_accessor :mirroring_deployment_groups
+        # A token identifying a page of results the server should return.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @mirroring_deployment_groups = args[:mirroring_deployment_groups] if args.key?(:mirroring_deployment_groups)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+        end
+      end
+      # Message for response to listing MirroringDeployments
+      class ListMirroringDeploymentsResponse
+        include Google::Apis::Core::Hashable
+        # The list of MirroringDeployment
+        # Corresponds to the JSON property `mirroringDeployments`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::MirroringDeployment>]
+        attr_accessor :mirroring_deployments
+        # A token identifying a page of results the server should return.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+        # Locations that could not be reached.
+        # Corresponds to the JSON property `unreachable`
+        # @return [Array<String>]
+        attr_accessor :unreachable
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @mirroring_deployments = args[:mirroring_deployments] if args.key?(:mirroring_deployments)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+          @unreachable = args[:unreachable] if args.key?(:unreachable)
+        end
+      end
+      # Message for response to listing MirroringEndpointGroupAssociations
+      class ListMirroringEndpointGroupAssociationsResponse
+        include Google::Apis::Core::Hashable
+        # The list of MirroringEndpointGroupAssociation
+        # Corresponds to the JSON property `mirroringEndpointGroupAssociations`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::MirroringEndpointGroupAssociation>]
+        attr_accessor :mirroring_endpoint_group_associations
+        # A token identifying a page of results the server should return.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @mirroring_endpoint_group_associations = args[:mirroring_endpoint_group_associations] if args.key?(:mirroring_endpoint_group_associations)
           @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
-          @unreachable = args[:unreachable] if args.key?(:unreachable)
         end
       end
-      # The response message for Locations.ListLocations.
-      class ListLocationsResponse
+      # Message for response to listing MirroringEndpointGroups
+      class ListMirroringEndpointGroupsResponse
         include Google::Apis::Core::Hashable
-        # A list of locations that matches the specified filter in the request.
-        # Corresponds to the JSON property `locations`
-        # @return [Array<Google::Apis::NetworksecurityV1beta1::Location>]
-        attr_accessor :locations
+        # The list of MirroringEndpointGroup
+        # Corresponds to the JSON property `mirroringEndpointGroups`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::MirroringEndpointGroup>]
+        attr_accessor :mirroring_endpoint_groups
-        # The standard List next-page token.
+        # A token identifying a page of results the server should return.
         # Corresponds to the JSON property `nextPageToken`
         # @return [String]
         attr_accessor :next_page_token
@@ -1485,7 +2635,7 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @locations = args[:locations] if args.key?(:locations)
+          @mirroring_endpoint_groups = args[:mirroring_endpoint_groups] if args.key?(:mirroring_endpoint_groups)
           @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
         end
       end
@@ -1748,6 +2898,313 @@ module Google
         end
       end
+      # Message describing MirroringDeployment object
+      class MirroringDeployment
+        include Google::Apis::Core::Hashable
+        # Output only. [Output only] Create time stamp
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+        # Required. Immutable. The regional load balancer which the mirrored traffic
+        # should be forwarded to. Format is: projects/`project`/regions/`region`/
+        # forwardingRules/`forwardingRule`
+        # Corresponds to the JSON property `forwardingRule`
+        # @return [String]
+        attr_accessor :forwarding_rule
+        # Optional. Labels as key value pairs
+        # Corresponds to the JSON property `labels`
+        # @return [Hash<String,String>]
+        attr_accessor :labels
+        # Required. Immutable. The Mirroring Deployment Group that this resource is part
+        # of. Format is: `projects/`project`/locations/global/mirroringDeploymentGroups/`
+        # mirroringDeploymentGroup``
+        # Corresponds to the JSON property `mirroringDeploymentGroup`
+        # @return [String]
+        attr_accessor :mirroring_deployment_group
+        # Immutable. Identifier. The name of the MirroringDeployment.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Output only. Whether reconciling is in progress, recommended per https://
+        # google.aip.dev/128.
+        # Corresponds to the JSON property `reconciling`
+        # @return [Boolean]
+        attr_accessor :reconciling
+        alias_method :reconciling?, :reconciling
+        # Output only. Current state of the deployment.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
+        # Output only. [Output only] Update time stamp
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @forwarding_rule = args[:forwarding_rule] if args.key?(:forwarding_rule)
+          @labels = args[:labels] if args.key?(:labels)
+          @mirroring_deployment_group = args[:mirroring_deployment_group] if args.key?(:mirroring_deployment_group)
+          @name = args[:name] if args.key?(:name)
+          @reconciling = args[:reconciling] if args.key?(:reconciling)
+          @state = args[:state] if args.key?(:state)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      # Message describing MirroringDeploymentGroup object NEXT ID: 10
+      class MirroringDeploymentGroup
+        include Google::Apis::Core::Hashable
+        # Output only. The list of Mirroring Endpoint Groups that are connected to this
+        # resource.
+        # Corresponds to the JSON property `connectedEndpointGroups`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::MirroringDeploymentGroupConnectedEndpointGroup>]
+        attr_accessor :connected_endpoint_groups
+        # Output only. [Output only] Create time stamp
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+        # Optional. Labels as key value pairs
+        # Corresponds to the JSON property `labels`
+        # @return [Hash<String,String>]
+        attr_accessor :labels
+        # Immutable. Identifier. Then name of the MirroringDeploymentGroup.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Required. Immutable. The network that is being used for the deployment. Format
+        # is: projects/`project`/global/networks/`network`.
+        # Corresponds to the JSON property `network`
+        # @return [String]
+        attr_accessor :network
+        # Output only. Whether reconciling is in progress, recommended per https://
+        # google.aip.dev/128.
+        # Corresponds to the JSON property `reconciling`
+        # @return [Boolean]
+        attr_accessor :reconciling
+        alias_method :reconciling?, :reconciling
+        # Output only. Current state of the deployment group.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
+        # Output only. [Output only] Update time stamp
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @connected_endpoint_groups = args[:connected_endpoint_groups] if args.key?(:connected_endpoint_groups)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @labels = args[:labels] if args.key?(:labels)
+          @name = args[:name] if args.key?(:name)
+          @network = args[:network] if args.key?(:network)
+          @reconciling = args[:reconciling] if args.key?(:reconciling)
+          @state = args[:state] if args.key?(:state)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      # An endpoint group connected to this deployment group.
+      class MirroringDeploymentGroupConnectedEndpointGroup
+        include Google::Apis::Core::Hashable
+        # Output only. A connected mirroring endpoint group.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @name = args[:name] if args.key?(:name)
+        end
+      end
+      # Message describing MirroringEndpointGroup object.
+      class MirroringEndpointGroup
+        include Google::Apis::Core::Hashable
+        # Output only. [Output only] Create time stamp
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+        # Optional. Labels as key value pairs
+        # Corresponds to the JSON property `labels`
+        # @return [Hash<String,String>]
+        attr_accessor :labels
+        # Required. Immutable. The Mirroring Deployment Group that this resource is
+        # connected to. Format is: `projects/`project`/locations/global/
+        # mirroringDeploymentGroups/`mirroringDeploymentGroup``
+        # Corresponds to the JSON property `mirroringDeploymentGroup`
+        # @return [String]
+        attr_accessor :mirroring_deployment_group
+        # Immutable. Identifier. Next ID: 11 The name of the MirroringEndpointGroup.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Output only. Whether reconciling is in progress, recommended per https://
+        # google.aip.dev/128.
+        # Corresponds to the JSON property `reconciling`
+        # @return [Boolean]
+        attr_accessor :reconciling
+        alias_method :reconciling?, :reconciling
+        # Output only. Current state of the endpoint group.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
+        # Output only. [Output only] Update time stamp
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @labels = args[:labels] if args.key?(:labels)
+          @mirroring_deployment_group = args[:mirroring_deployment_group] if args.key?(:mirroring_deployment_group)
+          @name = args[:name] if args.key?(:name)
+          @reconciling = args[:reconciling] if args.key?(:reconciling)
+          @state = args[:state] if args.key?(:state)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      # Message describing MirroringEndpointGroupAssociation object
+      class MirroringEndpointGroupAssociation
+        include Google::Apis::Core::Hashable
+        # Output only. [Output only] Create time stamp
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+        # Optional. Labels as key value pairs
+        # Corresponds to the JSON property `labels`
+        # @return [Hash<String,String>]
+        attr_accessor :labels
+        # Output only. The list of locations that this association is in and its details.
+        # Corresponds to the JSON property `locationsDetails`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::MirroringEndpointGroupAssociationLocationDetails>]
+        attr_accessor :locations_details
+        # Required. Immutable. The Mirroring Endpoint Group that this resource is
+        # connected to. Format is: `projects/`project`/locations/global/
+        # mirroringEndpointGroups/`mirroringEndpointGroup``
+        # Corresponds to the JSON property `mirroringEndpointGroup`
+        # @return [String]
+        attr_accessor :mirroring_endpoint_group
+        # Immutable. Identifier. The name of the MirroringEndpointGroupAssociation.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Required. Immutable. The VPC network associated. Format: projects/`project`/
+        # global/networks/`network`.
+        # Corresponds to the JSON property `network`
+        # @return [String]
+        attr_accessor :network
+        # Output only. Whether reconciling is in progress, recommended per https://
+        # google.aip.dev/128.
+        # Corresponds to the JSON property `reconciling`
+        # @return [Boolean]
+        attr_accessor :reconciling
+        alias_method :reconciling?, :reconciling
+        # Output only. Current state of the endpoint group association.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
+        # Output only. [Output only] Update time stamp
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @labels = args[:labels] if args.key?(:labels)
+          @locations_details = args[:locations_details] if args.key?(:locations_details)
+          @mirroring_endpoint_group = args[:mirroring_endpoint_group] if args.key?(:mirroring_endpoint_group)
+          @name = args[:name] if args.key?(:name)
+          @network = args[:network] if args.key?(:network)
+          @reconciling = args[:reconciling] if args.key?(:reconciling)
+          @state = args[:state] if args.key?(:state)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      # Details about the association status in a specific cloud location.
+      class MirroringEndpointGroupAssociationLocationDetails
+        include Google::Apis::Core::Hashable
+        # Output only. The cloud location.
+        # Corresponds to the JSON property `location`
+        # @return [String]
+        attr_accessor :location
+        # Output only. The association state in this location.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @location = args[:location] if args.key?(:location)
+          @state = args[:state] if args.key?(:state)
+        end
+      end
       # This resource represents a long-running operation that is the result of a
       # network API call.
       class Operation
@@ -1936,7 +3393,7 @@ module Google
       end
       # SecurityProfile is a resource that defines the behavior for one of many
-      # ProfileTypes. Next ID: 11
+      # ProfileTypes.
       class SecurityProfile
         include Google::Apis::Core::Hashable
@@ -1945,6 +3402,18 @@ module Google
         # @return [String]
         attr_accessor :create_time
+        # CustomInterceptProfile defines the Packet Intercept Endpoint Group used to
+        # intercept traffic to a third-party firewall in a Firewall rule.
+        # Corresponds to the JSON property `customInterceptProfile`
+        # @return [Google::Apis::NetworksecurityV1beta1::CustomInterceptProfile]
+        attr_accessor :custom_intercept_profile
+        # CustomMirroringProfile defines an action for mirroring traffic to a collector'
+        # s EndpointGroup
+        # Corresponds to the JSON property `customMirroringProfile`
+        # @return [Google::Apis::NetworksecurityV1beta1::CustomMirroringProfile]
+        attr_accessor :custom_mirroring_profile
         # Optional. An optional description of the profile. Max length 512 characters.
         # Corresponds to the JSON property `description`
         # @return [String]
@@ -1992,6 +3461,8 @@ module Google
         # Update properties of this object
         def update!(**args)
           @create_time = args[:create_time] if args.key?(:create_time)
+          @custom_intercept_profile = args[:custom_intercept_profile] if args.key?(:custom_intercept_profile)
+          @custom_mirroring_profile = args[:custom_mirroring_profile] if args.key?(:custom_mirroring_profile)
           @description = args[:description] if args.key?(:description)
           @etag = args[:etag] if args.key?(:etag)
           @labels = args[:labels] if args.key?(:labels)
@@ -2003,7 +3474,7 @@ module Google
       end
       # SecurityProfileGroup is a resource that defines the behavior for various
-      # ProfileTypes. Next ID: 10
+      # ProfileTypes.
       class SecurityProfileGroup
         include Google::Apis::Core::Hashable
@@ -2012,6 +3483,18 @@ module Google
         # @return [String]
         attr_accessor :create_time
+        # Optional. Reference to a SecurityProfile with the CustomIntercept
+        # configuration.
+        # Corresponds to the JSON property `customInterceptProfile`
+        # @return [String]
+        attr_accessor :custom_intercept_profile
+        # Optional. Reference to a SecurityProfile with the CustomMirroring
+        # configuration.
+        # Corresponds to the JSON property `customMirroringProfile`
+        # @return [String]
+        attr_accessor :custom_mirroring_profile
         # Optional. An optional description of the profile group. Max length 2048
         # characters.
         # Corresponds to the JSON property `description`
@@ -2037,8 +3520,8 @@ module Google
         # @return [String]
         attr_accessor :name
-        # Optional. Reference to a SecurityProfile with the threat prevention
-        # configuration for the SecurityProfileGroup.
+        # Optional. Reference to a SecurityProfile with the ThreatPrevention
+        # configuration.
         # Corresponds to the JSON property `threatPreventionProfile`
         # @return [String]
         attr_accessor :threat_prevention_profile
@@ -2055,6 +3538,8 @@ module Google
         # Update properties of this object
         def update!(**args)
           @create_time = args[:create_time] if args.key?(:create_time)
+          @custom_intercept_profile = args[:custom_intercept_profile] if args.key?(:custom_intercept_profile)
+          @custom_mirroring_profile = args[:custom_mirroring_profile] if args.key?(:custom_mirroring_profile)
           @description = args[:description] if args.key?(:description)
           @etag = args[:etag] if args.key?(:etag)
           @labels = args[:labels] if args.key?(:labels)